GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-19 22:45:15 Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\00000028 SAMSUNG_HM160HI rev.HH100-14 149,05GB Running: 203y8t9j.exe; Driver: C:\Users\katar\AppData\Local\Temp\pxldypog.sys ---- System - GMER 2.2 ---- SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwWriteVirtualMemory [0x909DCD78] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwTerminateThread [0x909D1023] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwTerminateProcess [0x909D1000] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSystemDebugControl [0x909DA4E2] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwShutdownSystem [0x909DA8AC] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetSystemInformation [0x909DBC42] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetInformationFile [0x909DAFF8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetContextThread [0x909DA470] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetBootOptions [0x909DA996] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSecureConnectPort [0x909DC1FA] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwRestoreKey [0x909DA9CC] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwRequestWaitReplyPort [0x909DD14C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwReplaceKey [0x909DAA82] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwQueueApcThread [0x909DA40C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwProtectVirtualMemory [0x909DB9B2] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenThread [0x909DC004] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenSection [0x909DB810] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenProcess [0x909DCE8E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwModifyBootEntry [0x909DA92A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwMapViewOfSection [0x909DCB22] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwLoadDriver [0x909DCCBE] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwImpersonateThread [0x909DAEB8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwImpersonateClientOfPort [0x909DAEFA] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwFsControlFile [0x909DAF34] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDuplicateObject [0x909DA5B2] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeviceIoControlFile [0x909DA34E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeleteFile [0x909DAF94] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeleteBootEntry [0x909DA960] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateThreadEx [0x909DB1CE] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateThread [0x909DB8D4] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateSection [0x909DBD6A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwConnectPort [0x909DC110] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcSendWaitReceivePort [0x909DD280] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcConnectPort [0x909DADBC] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcConnectPortEx [0x909DB5E6] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAddBootEntry [0x909DA8F4] ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ExfUnblockPushLock + 1547 819888DD 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 622 8198D082 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .vmp1 C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys entry point in ".vmp1" section [0x90B7228C] .ewrere1˙˙˙˙Spysheltentry point in ".ewrere1˙˙˙˙Spysheltentry point in "" section [0x91E89614] C:\Program Files\SpyShelter Free Anti-keylogger\SpyshelterKb.sys entry point in ".ewrere1˙˙˙˙Spysheltentry point in "" section [0x91E89614] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 34, 00, 50, C3, ...] {MOV EAX, 0x348442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 34, 00, 50, C3, ...] {MOV EAX, 0x34770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] ntdll.dll!NtMapViewOfSection + 5 77BDF665 7 Bytes [BA, 18, F0, FF, 6E, FF, E2] {MOV EDX, 0x6efff018; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 34, 00, 50, C3, ...] {MOV EAX, 0x3411e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 34, 00, 50, C3, ...] {MOV EAX, 0x341229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 34, 00, 50, C3, ...] {MOV EAX, 0x345d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 34, 00, 50, C3, ...] {MOV EAX, 0x3418b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 34, 00, 50, C3, ...] {MOV EAX, 0x3418dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 34, 00, 50, C3, ...] {MOV EAX, 0x341dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 34, 00, 50, C3, ...] {MOV EAX, 0x341e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 34, 00, 50, C3, ...] {MOV EAX, 0x34793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 34, 00, 50, C3, ...] {MOV EAX, 0x345bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 34, 00, 50, C3, ...] {MOV EAX, 0x3477ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 34, 00, 50, C3, ...] {MOV EAX, 0x347741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 34, 00, 50, C3, ...] {MOV EAX, 0x341d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 34, 00, 50, C3, ...] {MOV EAX, 0x341d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 34, 00, 50, C3, ...] {MOV EAX, 0x345904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 34, 00, 50, C3, ...] {MOV EAX, 0x3473da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 34] .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 34] {WAIT ; JS 0x37} .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 34, 00, 50, C3, ...] {MOV EAX, 0x34194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[160] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 34, 00, 50, C3, ...] {MOV EAX, 0x34569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, E0, 00, 50, C3, ...] {MOV EAX, 0xe08442; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, E0, 00, 50, C3, ...] {MOV EAX, 0xe0770d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, E0, 00, 50, C3, ...] {MOV EAX, 0xe05d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, E0, 00, 50, C3, ...] {MOV EAX, 0xe018b7; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, E0, 00, 50, C3, ...] {MOV EAX, 0xe018dd; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, E0, 00, 50, C3, ...] {MOV EAX, 0xe01dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, E0, 00, 50, C3, ...] {MOV EAX, 0xe01e20; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, E0, 00, 50, C3, ...] {MOV EAX, 0xe0793c; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, E0, 00, 50, C3, ...] {MOV EAX, 0xe05bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, E0, 00, 50, C3, ...] {MOV EAX, 0xe077ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, E0, 00, 50, C3, ...] {MOV EAX, 0xe07741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, E0, 00, 50, C3, ...] {MOV EAX, 0xe01d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, E0, 00, 50, C3, ...] {MOV EAX, 0xe01d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, E0, 00, 50, C3, ...] {MOV EAX, 0xe05904; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, E0, 00, 50, C3, ...] {MOV EAX, 0xe073da; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, E0] .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, E0] {WAIT ; JS 0xffffffe3} .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, E0, 00, 50, C3, ...] {MOV EAX, 0xe0194f; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe[1084] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, E0, 00, 50, C3, ...] {MOV EAX, 0xe0569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, B4, 00, 50, C3, ...] {MOV EAX, 0xb48442; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, B4, 00, 50, C3, ...] {MOV EAX, 0xb4770d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, B4, 00, 50, C3, ...] {MOV EAX, 0xb45d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, B4, 00, 50, C3, ...] {MOV EAX, 0xb418b7; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, B4, 00, 50, C3, ...] {MOV EAX, 0xb418dd; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, B4, 00, 50, C3, ...] {MOV EAX, 0xb41dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, B4, 00, 50, C3, ...] {MOV EAX, 0xb41e20; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, B4, 00, 50, C3, ...] {MOV EAX, 0xb4793c; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, B4, 00, 50, C3, ...] {MOV EAX, 0xb45bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, B4, 00, 50, C3, ...] {MOV EAX, 0xb477ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, B4, 00, 50, C3, ...] {MOV EAX, 0xb47741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, B4, 00, 50, C3, ...] {MOV EAX, 0xb41d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, B4, 00, 50, C3, ...] {MOV EAX, 0xb41d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, B4, 00, 50, C3, ...] {MOV EAX, 0xb45904; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, B4, 00, 50, C3, ...] {MOV EAX, 0xb473da; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, B4] .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, B4] {WAIT ; JS 0xffffffb7} .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, B4, 00, 50, C3, ...] {MOV EAX, 0xb4194f; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingNews_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe[1252] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, B4, 00, 50, C3, ...] {MOV EAX, 0xb4569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 39, 00, 50, C3, ...] {MOV EAX, 0x398442; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 39, 00, 50, C3, ...] {MOV EAX, 0x39770d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 39, 00, 50, C3, ...] {MOV EAX, 0x395d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 39, 00, 50, C3, ...] {MOV EAX, 0x3918b7; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 39, 00, 50, C3, ...] {MOV EAX, 0x3918dd; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 39, 00, 50, C3, ...] {MOV EAX, 0x391dd5; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 39, 00, 50, C3, ...] {MOV EAX, 0x391e20; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 39, 00, 50, C3, ...] {MOV EAX, 0x39793c; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 39, 00, 50, C3, ...] {MOV EAX, 0x395bb6; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 39, 00, 50, C3, ...] {MOV EAX, 0x3977ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 39, 00, 50, C3, ...] {MOV EAX, 0x397741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 39, 00, 50, C3, ...] {MOV EAX, 0x391d8d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 39, 00, 50, C3, ...] {MOV EAX, 0x391d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 39, 00, 50, C3, ...] {MOV EAX, 0x395904; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 39, 00, 50, C3, ...] {MOV EAX, 0x3973da; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 39] .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 39] {WAIT ; JS 0x3c} .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 39, 00, 50, C3, ...] {MOV EAX, 0x39194f; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe[1416] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 39, 00, 50, C3, ...] {MOV EAX, 0x39569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, FE, 00, 50, C3, ...] {MOV EAX, 0xfe8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, FE, 00, 50, C3, ...] {MOV EAX, 0xfe770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, 3F, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, 3E, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, 3D, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, 3C, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, 3E, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, 3D, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, 3E, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, 3D, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, 3C, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, 3F, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, 3C, FC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, FE, 00, 50, C3, ...] {MOV EAX, 0xfe11e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, FE, 00, 50, C3, ...] {MOV EAX, 0xfe18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, FE, 00, 50, C3, ...] {MOV EAX, 0xfe18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, FE, 00, 50, C3, ...] {MOV EAX, 0xfe793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, FE, 00, 50, C3, ...] {MOV EAX, 0xfe5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, FE, 00, 50, C3, ...] {MOV EAX, 0xfe77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, FE, 00, 50, C3, ...] {MOV EAX, 0xfe7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, FE, 00, 50, C3, ...] {MOV EAX, 0xfe5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, FE, 00, 50, C3, ...] {MOV EAX, 0xfe73da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, FE] {WAIT ; JS 0x1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, FE, 00, 50, C3, ...] {MOV EAX, 0xfe194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1504] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, FE, 00, 50, C3, ...] {MOV EAX, 0xfe569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 26, 01, 50, C3, ...] {MOV EAX, 0x1268442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 26, 01, 50, C3, ...] {MOV EAX, 0x126770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 7 Bytes [BA, 68, EF, 24, 01, FF, E2] {MOV EDX, 0x124ef68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 7 Bytes [BA, 28, EE, 24, 01, FF, E2] {MOV EDX, 0x124ee28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtSetInformationFile + 5 77BDE195 7 Bytes [BA, 28, ED, 24, 01, FF, E2] {MOV EDX, 0x124ed28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 7 Bytes [BA, A8, EC, 24, 01, FF, E2] {MOV EDX, 0x124eca8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThreadToken + 5 77BDF245 7 Bytes [BA, 68, EE, 24, 01, FF, E2] {MOV EDX, 0x124ee68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThread + 5 77BDF265 7 Bytes [BA, 68, ED, 24, 01, FF, E2] {MOV EDX, 0x124ed68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 7 Bytes [BA, A8, EE, 24, 01, FF, E2] {MOV EDX, 0x124eea8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcess + 5 77BDF385 7 Bytes [BA, A8, ED, 24, 01, FF, E2] {MOV EDX, 0x124eda8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenFile + 5 77BDF4E5 7 Bytes [BA, 68, EC, 24, 01, FF, E2] {MOV EDX, 0x124ec68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtMapViewOfSection + 5 77BDF665 7 Bytes [BA, 28, EF, 24, 01, FF, E2] {MOV EDX, 0x124ef28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtCreateFile + 5 77BE04B5 7 Bytes [BA, 28, EC, 24, 01, FF, E2] {MOV EDX, 0x124ec28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 26, 01, 50, C3, ...] {MOV EAX, 0x12611e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 26, 01, 50, C3, ...] {MOV EAX, 0x1261229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 26, 01, 50, C3, ...] {MOV EAX, 0x1265d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 26, 01, 50, C3, ...] {MOV EAX, 0x12618b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 26, 01, 50, C3, ...] {MOV EAX, 0x12618dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 26, 01, 50, C3, ...] {MOV EAX, 0x1261dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 26, 01, 50, C3, ...] {MOV EAX, 0x1261e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 26, 01, 50, C3, ...] {MOV EAX, 0x126793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 26, 01, 50, C3, ...] {MOV EAX, 0x1265bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 26, 01, 50, C3, ...] {MOV EAX, 0x12677ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 26, 01, 50, C3, ...] {MOV EAX, 0x1267741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 26, 01, 50, C3, ...] {MOV EAX, 0x1261d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 26, 01, 50, C3, ...] {MOV EAX, 0x1261d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 26, 01, 50, C3, ...] {MOV EAX, 0x1265904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 26, 01, 50, C3, ...] {MOV EAX, 0x12673da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 26, 01, 50, C3, 90, ...] {STD ; PUSH EBP; ADD [ES:EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 26, 01, 50, C3, 90, ...] {WAIT ; JS 0x29; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 26, 01, 50, C3, ...] {MOV EAX, 0x126194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1552] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 26, 01, 50, C3, ...] {MOV EAX, 0x126569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPSvc.exe[1852] ntdll.dll!DbgBreakPoint 77BE1250 1 Byte [C3] .text C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPSvc.exe[1852] ntdll.dll!DbgUiRemoteBreakin 77C11D90 5 Bytes JMP 77BA5250 C:\Windows\SYSTEM32\ntdll.dll .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, BC, 00, 50, C3, ...] {MOV EAX, 0xbc8442; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc770d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, BC, 00, 50, C3, ...] {MOV EAX, 0xbc18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, BC, 00, 50, C3, ...] {MOV EAX, 0xbc18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, BC, 00, 50, C3, ...] {MOV EAX, 0xbc793c; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5904; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, BC, 00, 50, C3, ...] {MOV EAX, 0xbc73da; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, BC] .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, BC] {WAIT ; JS 0xffffffbf} .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, BC, 00, 50, C3, ...] {MOV EAX, 0xbc194f; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Redefine.ipla_3.5.3.0_x86__wezn46m95z9ge\ipla 10.exe[2104] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, BC, 00, 50, C3, ...] {MOV EAX, 0xbc569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 39, 00, 50, C3, ...] {MOV EAX, 0x398442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 39, 00, 50, C3, ...] {MOV EAX, 0x39770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, F3, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, F2, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, F1, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, F0, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, F2, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, F1, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, F2, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, F1, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, F0, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, F3, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, F0, 38] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 39, 00, 50, C3, ...] {MOV EAX, 0x3911e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 39, 00, 50, C3, ...] {MOV EAX, 0x391229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 39, 00, 50, C3, ...] {MOV EAX, 0x395d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 39, 00, 50, C3, ...] {MOV EAX, 0x3918b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 39, 00, 50, C3, ...] {MOV EAX, 0x3918dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 39, 00, 50, C3, ...] {MOV EAX, 0x391dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 39, 00, 50, C3, ...] {MOV EAX, 0x391e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 39, 00, 50, C3, ...] {MOV EAX, 0x39793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 39, 00, 50, C3, ...] {MOV EAX, 0x395bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 39, 00, 50, C3, ...] {MOV EAX, 0x3977ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 39, 00, 50, C3, ...] {MOV EAX, 0x397741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 39, 00, 50, C3, ...] {MOV EAX, 0x391d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 39, 00, 50, C3, ...] {MOV EAX, 0x391d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 39, 00, 50, C3, ...] {MOV EAX, 0x395904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 39, 00, 50, C3, ...] {MOV EAX, 0x3973da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 39] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 39] {WAIT ; JS 0x3c} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 39, 00, 50, C3, ...] {MOV EAX, 0x39194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2144] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 39, 00, 50, C3, ...] {MOV EAX, 0x39569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 79, 00, 50, C3, ...] {MOV EAX, 0x798442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 79, 00, 50, C3, ...] {MOV EAX, 0x79770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, 2B, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, 2A, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, 29, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, 28, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, 2A, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, 29, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, 2A, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, 29, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, 28, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, 2B, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, 28, 77] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 79, 00, 50, C3, ...] {MOV EAX, 0x7911e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 79, 00, 50, C3, ...] {MOV EAX, 0x791229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 79, 00, 50, C3, ...] {MOV EAX, 0x795d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 79, 00, 50, C3, ...] {MOV EAX, 0x7918b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 79, 00, 50, C3, ...] {MOV EAX, 0x7918dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 79, 00, 50, C3, ...] {MOV EAX, 0x791dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 79, 00, 50, C3, ...] {MOV EAX, 0x791e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 79, 00, 50, C3, ...] {MOV EAX, 0x79793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 79, 00, 50, C3, ...] {MOV EAX, 0x795bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 79, 00, 50, C3, ...] {MOV EAX, 0x7977ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 79, 00, 50, C3, ...] {MOV EAX, 0x797741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 79, 00, 50, C3, ...] {MOV EAX, 0x791d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 79, 00, 50, C3, ...] {MOV EAX, 0x791d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 79, 00, 50, C3, ...] {MOV EAX, 0x795904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 79, 00, 50, C3, ...] {MOV EAX, 0x7973da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 79] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 79] {WAIT ; JS 0x7c} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 79, 00, 50, C3, ...] {MOV EAX, 0x79194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2228] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 79, 00, 50, C3, ...] {MOV EAX, 0x79569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, DD, 00, 50, C3, ...] {MOV EAX, 0xdd8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, DD, 00, 50, C3, ...] {MOV EAX, 0xdd770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, 6F, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, 6E, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, 6D, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, 6C, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, 6E, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, 6D, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, 6E, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, 6D, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, 6C, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, 6F, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, 6C, DB] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, DD, 00, 50, C3, ...] {MOV EAX, 0xdd11e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, DD, 00, 50, C3, ...] {MOV EAX, 0xdd1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, DD, 00, 50, C3, ...] {MOV EAX, 0xdd5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, DD, 00, 50, C3, ...] {MOV EAX, 0xdd18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, DD, 00, 50, C3, ...] {MOV EAX, 0xdd18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, DD, 00, 50, C3, ...] {MOV EAX, 0xdd1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, DD, 00, 50, C3, ...] {MOV EAX, 0xdd1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, DD, 00, 50, C3, ...] {MOV EAX, 0xdd793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, DD, 00, 50, C3, ...] {MOV EAX, 0xdd5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, DD, 00, 50, C3, ...] {MOV EAX, 0xdd77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, DD, 00, 50, C3, ...] {MOV EAX, 0xdd7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, DD, 00, 50, C3, ...] {MOV EAX, 0xdd1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, DD, 00, 50, C3, ...] {MOV EAX, 0xdd1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, DD, 00, 50, C3, ...] {MOV EAX, 0xdd5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, DD, 00, 50, C3, ...] {MOV EAX, 0xdd73da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, DD] {WAIT ; JS 0xffffffe0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, DD, 00, 50, C3, ...] {MOV EAX, 0xdd194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2716] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, DD, 00, 50, C3, ...] {MOV EAX, 0xdd569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, E2, 00, 50, C3, ...] {MOV EAX, 0xe28442; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, E2, 00, 50, C3, ...] {MOV EAX, 0xe2770d; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, E2, 00, 50, C3, ...] {MOV EAX, 0xe25d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, E2, 00, 50, C3, ...] {MOV EAX, 0xe218b7; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, E2, 00, 50, C3, ...] {MOV EAX, 0xe218dd; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, E2, 00, 50, C3, ...] {MOV EAX, 0xe21dd5; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, E2, 00, 50, C3, ...] {MOV EAX, 0xe21e20; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, E2, 00, 50, C3, ...] {MOV EAX, 0xe2793c; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, E2, 00, 50, C3, ...] {MOV EAX, 0xe25bb6; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, E2, 00, 50, C3, ...] {MOV EAX, 0xe277ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, E2, 00, 50, C3, ...] {MOV EAX, 0xe27741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, E2, 00, 50, C3, ...] {MOV EAX, 0xe21d8d; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, E2, 00, 50, C3, ...] {MOV EAX, 0xe21d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, E2, 00, 50, C3, ...] {MOV EAX, 0xe25904; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, E2, 00, 50, C3, ...] {MOV EAX, 0xe273da; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, E2] .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, E2] {WAIT ; JS 0xffffffe5} .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, E2, 00, 50, C3, ...] {MOV EAX, 0xe2194f; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[2916] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, E2, 00, 50, C3, ...] {MOV EAX, 0xe2569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c8442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c18b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c18dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c1e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c5904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c73da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 4C] {STD ; PUSH EBP; DEC ESP} .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 4C] {WAIT ; JS 0x4f} .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[3012] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 4C, 00, 50, C3, ...] {MOV EAX, 0x4c569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, A0, 00, 50, C3, ...] {MOV EAX, 0xa08442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, A0, 00, 50, C3, ...] {MOV EAX, 0xa0770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, 4F, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, 4E, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, 4D, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, 4C, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, 4E, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, 4D, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, 4E, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, 4D, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, 4C, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, 4F, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, 4C, 9E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, A0, 00, 50, C3, ...] {MOV EAX, 0xa011e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, A0, 00, 50, C3, ...] {MOV EAX, 0xa01229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, A0, 00, 50, C3, ...] {MOV EAX, 0xa05d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, A0, 00, 50, C3, ...] {MOV EAX, 0xa018b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, A0, 00, 50, C3, ...] {MOV EAX, 0xa018dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, A0, 00, 50, C3, ...] {MOV EAX, 0xa01dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, A0, 00, 50, C3, ...] {MOV EAX, 0xa01e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, A0, 00, 50, C3, ...] {MOV EAX, 0xa0793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, A0, 00, 50, C3, ...] {MOV EAX, 0xa05bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, A0, 00, 50, C3, ...] {MOV EAX, 0xa077ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, A0, 00, 50, C3, ...] {MOV EAX, 0xa07741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, A0, 00, 50, C3, ...] {MOV EAX, 0xa01d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, A0, 00, 50, C3, ...] {MOV EAX, 0xa01d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, A0, 00, 50, C3, ...] {MOV EAX, 0xa05904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, A0, 00, 50, C3, ...] {MOV EAX, 0xa073da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, A0] {WAIT ; JS 0xffffffa3} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, A0, 00, 50, C3, ...] {MOV EAX, 0xa0194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3556] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, A0, 00, 50, C3, ...] {MOV EAX, 0xa0569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 37, 01, 50, C3, ...] {MOV EAX, 0x1378442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 37, 01, 50, C3, ...] {MOV EAX, 0x137770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 7 Bytes [BA, 68, 1B, 35, 01, FF, E2] {MOV EDX, 0x1351b68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 7 Bytes [BA, 28, 1A, 35, 01, FF, E2] {MOV EDX, 0x1351a28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationFile + 5 77BDE195 7 Bytes [BA, 28, 19, 35, 01, FF, E2] {MOV EDX, 0x1351928; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 7 Bytes [BA, A8, 18, 35, 01, FF, E2] {MOV EDX, 0x13518a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadToken + 5 77BDF245 7 Bytes [BA, 68, 1A, 35, 01, FF, E2] {MOV EDX, 0x1351a68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThread + 5 77BDF265 7 Bytes [BA, 68, 19, 35, 01, FF, E2] {MOV EDX, 0x1351968; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 7 Bytes [BA, A8, 1A, 35, 01, FF, E2] {MOV EDX, 0x1351aa8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcess + 5 77BDF385 7 Bytes [BA, A8, 19, 35, 01, FF, E2] {MOV EDX, 0x13519a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenFile + 5 77BDF4E5 7 Bytes [BA, 68, 18, 35, 01, FF, E2] {MOV EDX, 0x1351868; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtMapViewOfSection + 5 77BDF665 7 Bytes [BA, 28, 1B, 35, 01, FF, E2] {MOV EDX, 0x1351b28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtCreateFile + 5 77BE04B5 7 Bytes [BA, 28, 18, 35, 01, FF, E2] {MOV EDX, 0x1351828; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 37, 01, 50, C3, ...] {MOV EAX, 0x13711e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 37, 01, 50, C3, ...] {MOV EAX, 0x1371229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 37, 01, 50, C3, ...] {MOV EAX, 0x1375d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 37, 01, 50, C3, ...] {MOV EAX, 0x13718b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 37, 01, 50, C3, ...] {MOV EAX, 0x13718dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 37, 01, 50, C3, ...] {MOV EAX, 0x1371dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 37, 01, 50, C3, ...] {MOV EAX, 0x1371e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 37, 01, 50, C3, ...] {MOV EAX, 0x137793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 37, 01, 50, C3, ...] {MOV EAX, 0x1375bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 37, 01, 50, C3, ...] {MOV EAX, 0x13777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 37, 01, 50, C3, ...] {MOV EAX, 0x1377741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 37, 01, 50, C3, ...] {MOV EAX, 0x1371d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 37, 01, 50, C3, ...] {MOV EAX, 0x1371d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 37, 01, 50, C3, ...] {MOV EAX, 0x1375904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 37, 01, 50, C3, ...] {MOV EAX, 0x13773da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 37, 01, 50, C3, 90, ...] {STD ; PUSH EBP; AAA ; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 37, 01, 50, C3, 90, ...] {WAIT ; JS 0x3a; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 37, 01, 50, C3, ...] {MOV EAX, 0x137194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[3568] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 37, 01, 50, C3, ...] {MOV EAX, 0x137569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 81, 00, 50, C3, ...] {MOV EAX, 0x818442; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 81, 00, 50, C3, ...] {MOV EAX, 0x81770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 81, 00, 50, C3, ...] {MOV EAX, 0x815d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 81, 00, 50, C3, ...] {MOV EAX, 0x8118b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 81, 00, 50, C3, ...] {MOV EAX, 0x8118dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 81, 00, 50, C3, ...] {MOV EAX, 0x811dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 81, 00, 50, C3, ...] {MOV EAX, 0x811e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 81, 00, 50, C3, ...] {MOV EAX, 0x81793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 81, 00, 50, C3, ...] {MOV EAX, 0x815bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 81, 00, 50, C3, ...] {MOV EAX, 0x8177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 81, 00, 50, C3, ...] {MOV EAX, 0x817741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 81, 00, 50, C3, ...] {MOV EAX, 0x811d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 81, 00, 50, C3, ...] {MOV EAX, 0x811d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 81, 00, 50, C3, ...] {MOV EAX, 0x815904; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 81, 00, 50, C3, ...] {MOV EAX, 0x8173da; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 81] .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 81] {WAIT ; JS 0xffffff84} .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 81, 00, 50, C3, ...] {MOV EAX, 0x81194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3644] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 81, 00, 50, C3, ...] {MOV EAX, 0x81569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 92, 03, 50, C3, ...] {MOV EAX, 0x3928442; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 92, 03, 50, C3, ...] {MOV EAX, 0x392770d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 92, 03, 50, C3, ...] {MOV EAX, 0x3925d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 92, 03, 50, C3, ...] {MOV EAX, 0x39218b7; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 92, 03, 50, C3, ...] {MOV EAX, 0x39218dd; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 92, 03, 50, C3, ...] {MOV EAX, 0x3921dd5; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 92, 03, 50, C3, ...] {MOV EAX, 0x3921e20; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 92, 03, 50, C3, ...] {MOV EAX, 0x392793c; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 92, 03, 50, C3, ...] {MOV EAX, 0x3925bb6; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 92, 03, 50, C3, ...] {MOV EAX, 0x39277ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 92, 03, 50, C3, ...] {MOV EAX, 0x3927741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 92, 03, 50, C3, ...] {MOV EAX, 0x3921d8d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 92, 03, 50, C3, ...] {MOV EAX, 0x3921d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 92, 03, 50, C3, ...] {MOV EAX, 0x3925904; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 92, 03, 50, C3, ...] {MOV EAX, 0x39273da; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 92, 03, 50, C3, 90, ...] {STD ; PUSH EBP; XCHG EDX, EAX; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 92, 03, 50, C3, 90, ...] {WAIT ; JS 0xffffff95; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 92, 03, 50, C3, ...] {MOV EAX, 0x392194f; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[3656] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 92, 03, 50, C3, ...] {MOV EAX, 0x392569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, E2, 00, 50, C3, ...] {MOV EAX, 0xe28442; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, E2, 00, 50, C3, ...] {MOV EAX, 0xe2770d; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] ntdll.dll!DbgBreakPoint 77BE1250 1 Byte [C3] .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] ntdll.dll!DbgUiRemoteBreakin 77C11D90 5 Bytes JMP 77BA5250 C:\Windows\SYSTEM32\ntdll.dll .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, E2, 00, 50, C3, ...] {MOV EAX, 0xe25d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, E2, 00, 50, C3, ...] {MOV EAX, 0xe218b7; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, E2, 00, 50, C3, ...] {MOV EAX, 0xe218dd; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, E2, 00, 50, C3, ...] {MOV EAX, 0xe21dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, E2, 00, 50, C3, ...] {MOV EAX, 0xe21e20; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, E2, 00, 50, C3, ...] {MOV EAX, 0xe2793c; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, E2, 00, 50, C3, ...] {MOV EAX, 0xe25bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, E2, 00, 50, C3, ...] {MOV EAX, 0xe277ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, E2, 00, 50, C3, ...] {MOV EAX, 0xe27741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, E2, 00, 50, C3, ...] {MOV EAX, 0xe21d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, E2, 00, 50, C3, ...] {MOV EAX, 0xe21d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, E2, 00, 50, C3, ...] {MOV EAX, 0xe25904; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, E2, 00, 50, C3, ...] {MOV EAX, 0xe273da; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, E2] .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, E2] {WAIT ; JS 0xffffffe5} .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, E2, 00, 50, C3, ...] {MOV EAX, 0xe2194f; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[3668] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, E2, 00, 50, C3, ...] {MOV EAX, 0xe2569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f8442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f18b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f18dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f1e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f5904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f73da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 7F] .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 7F] {WAIT ; JS 0x82} .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3700] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 7F, 00, 50, C3, ...] {MOV EAX, 0x7f569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, BC, 00, 50, C3, ...] {MOV EAX, 0xbc8442; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc770d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, BC, 00, 50, C3, ...] {MOV EAX, 0xbc18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, BC, 00, 50, C3, ...] {MOV EAX, 0xbc18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, BC, 00, 50, C3, ...] {MOV EAX, 0xbc793c; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5904; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, BC, 00, 50, C3, ...] {MOV EAX, 0xbc73da; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, BC] .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, BC] {WAIT ; JS 0xffffffbf} .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, BC, 00, 50, C3, ...] {MOV EAX, 0xbc194f; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.76.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe[3772] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, BC, 00, 50, C3, ...] {MOV EAX, 0xbc569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 18, 00, 50, C3, ...] {MOV EAX, 0x188442; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x18770d; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 18, 00, 50, C3, ...] {MOV EAX, 0x185d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818b7; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818dd; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 18, 00, 50, C3, ...] {MOV EAX, 0x181e20; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 18, 00, 50, C3, ...] {MOV EAX, 0x18793c; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 18, 00, 50, C3, ...] {MOV EAX, 0x185bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x1877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x187741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 18, 00, 50, C3, ...] {MOV EAX, 0x185904; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 18, 00, 50, C3, ...] {MOV EAX, 0x1873da; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 18] .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 18] {WAIT ; JS 0x1b} .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 18, 00, 50, C3, ...] {MOV EAX, 0x18194f; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3804] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 18, 00, 50, C3, ...] {MOV EAX, 0x18569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd8442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd18b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd18dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd1e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd5904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd73da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, CD, 03, 50, C3, 90, ...] {STD ; PUSH EBP; INT 0x3; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, CD, 03, 50, C3, 90, ...] {WAIT ; JS 0xffffffd0; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3816] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, CD, 03, 50, C3, ...] {MOV EAX, 0x3cd569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, BA, 00, 50, C3, ...] {MOV EAX, 0xba8442; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, BA, 00, 50, C3, ...] {MOV EAX, 0xba770d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, BA, 00, 50, C3, ...] {MOV EAX, 0xba5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, BA, 00, 50, C3, ...] {MOV EAX, 0xba18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, BA, 00, 50, C3, ...] {MOV EAX, 0xba18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, BA, 00, 50, C3, ...] {MOV EAX, 0xba1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, BA, 00, 50, C3, ...] {MOV EAX, 0xba1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, BA, 00, 50, C3, ...] {MOV EAX, 0xba793c; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, BA, 00, 50, C3, ...] {MOV EAX, 0xba5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, BA, 00, 50, C3, ...] {MOV EAX, 0xba77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, BA, 00, 50, C3, ...] {MOV EAX, 0xba7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, BA, 00, 50, C3, ...] {MOV EAX, 0xba1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, BA, 00, 50, C3, ...] {MOV EAX, 0xba1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, BA, 00, 50, C3, ...] {MOV EAX, 0xba5904; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, BA, 00, 50, C3, ...] {MOV EAX, 0xba73da; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, BA] .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, BA] {WAIT ; JS 0xffffffbd} .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, BA, 00, 50, C3, ...] {MOV EAX, 0xba194f; PUSH EAX; RET ; NOP } .text C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe[4060] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, BA, 00, 50, C3, ...] {MOV EAX, 0xba569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 03, 04, 50, C3, ...] {MOV EAX, 0x4038442; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 03, 04, 50, C3, ...] {MOV EAX, 0x403770d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 03, 04, 50, C3, ...] {MOV EAX, 0x4035d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 03, 04, 50, C3, ...] {MOV EAX, 0x40318b7; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 03, 04, 50, C3, ...] {MOV EAX, 0x40318dd; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 03, 04, 50, C3, ...] {MOV EAX, 0x4031dd5; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 03, 04, 50, C3, ...] {MOV EAX, 0x4031e20; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 03, 04, 50, C3, ...] {MOV EAX, 0x403793c; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 03, 04, 50, C3, ...] {MOV EAX, 0x4035bb6; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 03, 04, 50, C3, ...] {MOV EAX, 0x40377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 03, 04, 50, C3, ...] {MOV EAX, 0x4037741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 03, 04, 50, C3, ...] {MOV EAX, 0x4031d8d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 03, 04, 50, C3, ...] {MOV EAX, 0x4031d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 03, 04, 50, C3, ...] {MOV EAX, 0x4035904; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 03, 04, 50, C3, ...] {MOV EAX, 0x40373da; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 03, 04, 50, C3, 90, ...] {STD ; PUSH EBP; ADD EAX, [EAX+EDX*2]; RET ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 03, 04, 50, C3, 90, ...] {WAIT ; JS 0x6; ADD AL, 0x50; RET ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 03, 04, 50, C3, ...] {MOV EAX, 0x403194f; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[4136] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 03, 04, 50, C3, ...] {MOV EAX, 0x403569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 81, 00, 50, C3, ...] {MOV EAX, 0x818442; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 81, 00, 50, C3, ...] {MOV EAX, 0x81770d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 81, 00, 50, C3, ...] {MOV EAX, 0x815d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 81, 00, 50, C3, ...] {MOV EAX, 0x8118b7; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 81, 00, 50, C3, ...] {MOV EAX, 0x8118dd; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 81, 00, 50, C3, ...] {MOV EAX, 0x811dd5; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 81, 00, 50, C3, ...] {MOV EAX, 0x811e20; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 81, 00, 50, C3, ...] {MOV EAX, 0x81793c; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 81, 00, 50, C3, ...] {MOV EAX, 0x815bb6; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 81, 00, 50, C3, ...] {MOV EAX, 0x8177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 81, 00, 50, C3, ...] {MOV EAX, 0x817741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 81, 00, 50, C3, ...] {MOV EAX, 0x811d8d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 81, 00, 50, C3, ...] {MOV EAX, 0x811d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 81, 00, 50, C3, ...] {MOV EAX, 0x815904; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 81, 00, 50, C3, ...] {MOV EAX, 0x8173da; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 81] .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 81] {WAIT ; JS 0xffffff84} .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 81, 00, 50, C3, ...] {MOV EAX, 0x81194f; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[4272] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 81, 00, 50, C3, ...] {MOV EAX, 0x81569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e8442; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e770d; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e18b7; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e18dd; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e1e20; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e793c; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e5904; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e73da; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 3E] .text C:\Windows\explorer.exe[4456] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 3E] {WAIT ; JS 0x41} .text C:\Windows\explorer.exe[4456] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e194f; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4456] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 3E, 00, 50, C3, ...] {MOV EAX, 0x3e569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, F9, 03, 50, C3, ...] {MOV EAX, 0x3f98442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, F9, 03, 50, C3, ...] {MOV EAX, 0x3f9770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, F9, 03, 50, C3, ...] {MOV EAX, 0x3f95d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, F9, 03, 50, C3, ...] {MOV EAX, 0x3f918b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, F9, 03, 50, C3, ...] {MOV EAX, 0x3f918dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, F9, 03, 50, C3, ...] {MOV EAX, 0x3f91dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, F9, 03, 50, C3, ...] {MOV EAX, 0x3f91e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, F9, 03, 50, C3, ...] {MOV EAX, 0x3f9793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, F9, 03, 50, C3, ...] {MOV EAX, 0x3f95bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, F9, 03, 50, C3, ...] {MOV EAX, 0x3f977ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, F9, 03, 50, C3, ...] {MOV EAX, 0x3f97741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, F9, 03, 50, C3, ...] {MOV EAX, 0x3f91d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, F9, 03, 50, C3, ...] {MOV EAX, 0x3f91d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, F9, 03, 50, C3, ...] {MOV EAX, 0x3f95904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, F9, 03, 50, C3, ...] {MOV EAX, 0x3f973da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, F9, 03, 50, C3, 90, ...] {STD ; PUSH EBP; STC ; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, F9, 03, 50, C3, 90, ...] {WAIT ; JS 0xfffffffc; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, F9, 03, 50, C3, ...] {MOV EAX, 0x3f9194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5096] user32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, F9, 03, 50, C3, ...] {MOV EAX, 0x3f9569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 01, 01, 50, C3, ...] {MOV EAX, 0x1018442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 01, 01, 50, C3, ...] {MOV EAX, 0x101770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, BB, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, BA, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, B9, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, B8, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, BA, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, B9, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, BA, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, B9, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, B8, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, BB, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, B8, FF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 01, 01, 50, C3, ...] {MOV EAX, 0x10111e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 01, 01, 50, C3, ...] {MOV EAX, 0x1011229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 01, 01, 50, C3, ...] {MOV EAX, 0x1015d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 01, 01, 50, C3, ...] {MOV EAX, 0x10118b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 01, 01, 50, C3, ...] {MOV EAX, 0x10118dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 01, 01, 50, C3, ...] {MOV EAX, 0x1011dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 01, 01, 50, C3, ...] {MOV EAX, 0x1011e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 01, 01, 50, C3, ...] {MOV EAX, 0x101793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 01, 01, 50, C3, ...] {MOV EAX, 0x1015bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 01, 01, 50, C3, ...] {MOV EAX, 0x10177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 01, 01, 50, C3, ...] {MOV EAX, 0x1017741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 01, 01, 50, C3, ...] {MOV EAX, 0x1011d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 01, 01, 50, C3, ...] {MOV EAX, 0x1011d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 01, 01, 50, C3, ...] {MOV EAX, 0x1015904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 01, 01, 50, C3, ...] {MOV EAX, 0x10173da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 01, 01, 50, C3, 90, ...] {STD ; PUSH EBP; ADD [ECX], EAX; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 01, 01, 50, C3, 90, ...] {WAIT ; JS 0x4; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 01, 01, 50, C3, ...] {MOV EAX, 0x101194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 01, 01, 50, C3, ...] {MOV EAX, 0x101569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 18, 00, 50, C3, ...] {MOV EAX, 0x188442; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x18770d; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 18, 00, 50, C3, ...] {MOV EAX, 0x185d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818b7; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818dd; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 18, 00, 50, C3, ...] {MOV EAX, 0x181e20; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 18, 00, 50, C3, ...] {MOV EAX, 0x18793c; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 18, 00, 50, C3, ...] {MOV EAX, 0x185bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x1877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x187741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 18, 00, 50, C3, ...] {MOV EAX, 0x185904; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 18, 00, 50, C3, ...] {MOV EAX, 0x1873da; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 18] .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 18] {WAIT ; JS 0x1b} .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 18, 00, 50, C3, ...] {MOV EAX, 0x18194f; PUSH EAX; RET ; NOP } .text C:\Program Files\IDT\WDM\sttray.exe[5204] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 18, 00, 50, C3, ...] {MOV EAX, 0x18569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 30, 01, 50, C3, ...] {MOV EAX, 0x1308442; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 30, 01, 50, C3, ...] {MOV EAX, 0x130770d; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 30, 01, 50, C3, ...] {MOV EAX, 0x1305d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 30, 01, 50, C3, ...] {MOV EAX, 0x13018b7; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 30, 01, 50, C3, ...] {MOV EAX, 0x13018dd; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 30, 01, 50, C3, ...] {MOV EAX, 0x1301dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 30, 01, 50, C3, ...] {MOV EAX, 0x1301e20; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 30, 01, 50, C3, ...] {MOV EAX, 0x130793c; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 30, 01, 50, C3, ...] {MOV EAX, 0x1305bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 30, 01, 50, C3, ...] {MOV EAX, 0x13077ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 30, 01, 50, C3, ...] {MOV EAX, 0x1307741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 30, 01, 50, C3, ...] {MOV EAX, 0x1301d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 30, 01, 50, C3, ...] {MOV EAX, 0x1301d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 30, 01, 50, C3, ...] {MOV EAX, 0x1305904; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 30, 01, 50, C3, ...] {MOV EAX, 0x13073da; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 30, 01, 50, C3, 90, ...] {STD ; PUSH EBP; XOR [ECX], AL; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 30, 01, 50, C3, 90, ...] {WAIT ; JS 0x33; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 30, 01, 50, C3, ...] {MOV EAX, 0x130194f; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[5264] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 30, 01, 50, C3, ...] {MOV EAX, 0x130569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d73da; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 7D] .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 7D] {WAIT ; JS 0x80} .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[5420] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 7D, 00, 50, C3, ...] {MOV EAX, 0x7d569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 35, 00, 50, C3, ...] {MOV EAX, 0x358442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 35, 00, 50, C3, ...] {MOV EAX, 0x35770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 35, 00, 50, C3, ...] {MOV EAX, 0x355d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 35, 00, 50, C3, ...] {MOV EAX, 0x3518b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 35, 00, 50, C3, ...] {MOV EAX, 0x3518dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 35, 00, 50, C3, ...] {MOV EAX, 0x351dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 35, 00, 50, C3, ...] {MOV EAX, 0x351e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 35, 00, 50, C3, ...] {MOV EAX, 0x35793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 35, 00, 50, C3, ...] {MOV EAX, 0x355bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 35, 00, 50, C3, ...] {MOV EAX, 0x3577ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 35, 00, 50, C3, ...] {MOV EAX, 0x357741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 35, 00, 50, C3, ...] {MOV EAX, 0x351d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 35, 00, 50, C3, ...] {MOV EAX, 0x351d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 35, 00, 50, C3, ...] {MOV EAX, 0x355904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 35, 00, 50, C3, ...] {MOV EAX, 0x3573da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 35] .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 35] {WAIT ; JS 0x38} .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 35, 00, 50, C3, ...] {MOV EAX, 0x35194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\ApplicationFrameHost.exe[5472] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 35, 00, 50, C3, ...] {MOV EAX, 0x35569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 0D, 00, 50, C3, ...] {MOV EAX, 0xd8442; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 0D, 00, 50, C3, ...] {MOV EAX, 0xd770d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 0D, 00, 50, C3, ...] {MOV EAX, 0xd5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 0D, 00, 50, C3, ...] {MOV EAX, 0xd18b7; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 0D, 00, 50, C3, ...] {MOV EAX, 0xd18dd; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 0D, 00, 50, C3, ...] {MOV EAX, 0xd1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 0D, 00, 50, C3, ...] {MOV EAX, 0xd1e20; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 0D, 00, 50, C3, ...] {MOV EAX, 0xd793c; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 0D, 00, 50, C3, ...] {MOV EAX, 0xd5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 0D, 00, 50, C3, ...] {MOV EAX, 0xd77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 0D, 00, 50, C3, ...] {MOV EAX, 0xd7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 0D, 00, 50, C3, ...] {MOV EAX, 0xd1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 0D, 00, 50, C3, ...] {MOV EAX, 0xd1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 0D, 00, 50, C3, ...] {MOV EAX, 0xd5904; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 0D, 00, 50, C3, ...] {MOV EAX, 0xd73da; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 0D] .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 0D] {WAIT ; JS 0x10} .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 0D, 00, 50, C3, ...] {MOV EAX, 0xd194f; PUSH EAX; RET ; NOP } .text C:\Windows\System32\NetworkUXBroker.exe[6720] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 0D, 00, 50, C3, ...] {MOV EAX, 0xd569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, F7, 03, 50, C3, ...] {MOV EAX, 0x3f78442; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, F7, 03, 50, C3, ...] {MOV EAX, 0x3f7770d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, F7, 03, 50, C3, ...] {MOV EAX, 0x3f75d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, F7, 03, 50, C3, ...] {MOV EAX, 0x3f718b7; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, F7, 03, 50, C3, ...] {MOV EAX, 0x3f718dd; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, F7, 03, 50, C3, ...] {MOV EAX, 0x3f71dd5; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, F7, 03, 50, C3, ...] {MOV EAX, 0x3f71e20; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, F7, 03, 50, C3, ...] {MOV EAX, 0x3f7793c; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, F7, 03, 50, C3, ...] {MOV EAX, 0x3f75bb6; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, F7, 03, 50, C3, ...] {MOV EAX, 0x3f777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, F7, 03, 50, C3, ...] {MOV EAX, 0x3f77741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, F7, 03, 50, C3, ...] {MOV EAX, 0x3f71d8d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, F7, 03, 50, C3, ...] {MOV EAX, 0x3f71d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, F7, 03, 50, C3, ...] {MOV EAX, 0x3f75904; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, F7, 03, 50, C3, ...] {MOV EAX, 0x3f773da; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, F7, 03, 50, C3, 90, ...] {STD ; PUSH EBP; TEST DWORD [EBX], 0x9090c350; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, F7, 03, 50, C3, 90, ...] {WAIT ; JS 0xfffffffa; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, F7, 03, 50, C3, ...] {MOV EAX, 0x3f7194f; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6856] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, F7, 03, 50, C3, ...] {MOV EAX, 0x3f7569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 61, 00, 50, C3, ...] {MOV EAX, 0x618442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 61, 00, 50, C3, ...] {MOV EAX, 0x61770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 61, 00, 50, C3, ...] {MOV EAX, 0x6111e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 61, 00, 50, C3, ...] {MOV EAX, 0x611229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 61, 00, 50, C3, ...] {MOV EAX, 0x615d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 61, 00, 50, C3, ...] {MOV EAX, 0x6118b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 61, 00, 50, C3, ...] {MOV EAX, 0x6118dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 61, 00, 50, C3, ...] {MOV EAX, 0x611dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 61, 00, 50, C3, ...] {MOV EAX, 0x611e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 61, 00, 50, C3, ...] {MOV EAX, 0x61793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 61, 00, 50, C3, ...] {MOV EAX, 0x615bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 61, 00, 50, C3, ...] {MOV EAX, 0x6177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 61, 00, 50, C3, ...] {MOV EAX, 0x617741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 61, 00, 50, C3, ...] {MOV EAX, 0x611d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 61, 00, 50, C3, ...] {MOV EAX, 0x611d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 61, 00, 50, C3, ...] {MOV EAX, 0x615904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 61, 00, 50, C3, ...] {MOV EAX, 0x6173da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 61] {STD ; PUSH EBP; POPA } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 61] {WAIT ; JS 0x64} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 61, 00, 50, C3, ...] {MOV EAX, 0x61194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6860] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 61, 00, 50, C3, ...] {MOV EAX, 0x61569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 53, 00, 50, C3, ...] {MOV EAX, 0x538442; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 53, 00, 50, C3, ...] {MOV EAX, 0x53770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 53, 00, 50, C3, ...] {MOV EAX, 0x535d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 53, 00, 50, C3, ...] {MOV EAX, 0x5318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 53, 00, 50, C3, ...] {MOV EAX, 0x5318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 53, 00, 50, C3, ...] {MOV EAX, 0x531dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 53, 00, 50, C3, ...] {MOV EAX, 0x531e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 53, 00, 50, C3, ...] {MOV EAX, 0x53793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 53, 00, 50, C3, ...] {MOV EAX, 0x535bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 53, 00, 50, C3, ...] {MOV EAX, 0x5377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 53, 00, 50, C3, ...] {MOV EAX, 0x537741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 53, 00, 50, C3, ...] {MOV EAX, 0x531d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 53, 00, 50, C3, ...] {MOV EAX, 0x531d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 53, 00, 50, C3, ...] {MOV EAX, 0x535904; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 53, 00, 50, C3, ...] {MOV EAX, 0x5373da; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 53] {STD ; PUSH EBP; PUSH EBX} .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 53] {WAIT ; JS 0x56} .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 53, 00, 50, C3, ...] {MOV EAX, 0x53194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCui.exe[6868] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 53, 00, 50, C3, ...] {MOV EAX, 0x53569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 85, 00, 50, C3, ...] {MOV EAX, 0x858442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 85, 00, 50, C3, ...] {MOV EAX, 0x85770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, DF, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, DE, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, DD, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, DC, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, DE, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, DD, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, DE, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, DD, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, DC, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, DF, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, DC, 83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 85, 00, 50, C3, ...] {MOV EAX, 0x8511e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 85, 00, 50, C3, ...] {MOV EAX, 0x851229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 85, 00, 50, C3, ...] {MOV EAX, 0x855d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 85, 00, 50, C3, ...] {MOV EAX, 0x8518b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 85, 00, 50, C3, ...] {MOV EAX, 0x8518dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 85, 00, 50, C3, ...] {MOV EAX, 0x851dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 85, 00, 50, C3, ...] {MOV EAX, 0x851e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 85, 00, 50, C3, ...] {MOV EAX, 0x85793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 85, 00, 50, C3, ...] {MOV EAX, 0x855bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 85, 00, 50, C3, ...] {MOV EAX, 0x8577ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 85, 00, 50, C3, ...] {MOV EAX, 0x857741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 85, 00, 50, C3, ...] {MOV EAX, 0x851d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 85, 00, 50, C3, ...] {MOV EAX, 0x851d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 85, 00, 50, C3, ...] {MOV EAX, 0x855904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 85, 00, 50, C3, ...] {MOV EAX, 0x8573da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 85] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 85] {WAIT ; JS 0xffffff88} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 85, 00, 50, C3, ...] {MOV EAX, 0x85194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7036] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 85, 00, 50, C3, ...] {MOV EAX, 0x85569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 13, 01, 50, C3, ...] {MOV EAX, 0x1138442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 13, 01, 50, C3, ...] {MOV EAX, 0x113770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 7 Bytes [BA, 68, 07, 11, 01, FF, E2] {MOV EDX, 0x1110768; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 7 Bytes [BA, 28, 06, 11, 01, FF, E2] {MOV EDX, 0x1110628; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtSetInformationFile + 5 77BDE195 7 Bytes [BA, 28, 05, 11, 01, FF, E2] {MOV EDX, 0x1110528; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 7 Bytes [BA, A8, 04, 11, 01, FF, E2] {MOV EDX, 0x11104a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtOpenThreadToken + 5 77BDF245 7 Bytes [BA, 68, 06, 11, 01, FF, E2] {MOV EDX, 0x1110668; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtOpenThread + 5 77BDF265 7 Bytes [BA, 68, 05, 11, 01, FF, E2] {MOV EDX, 0x1110568; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 7 Bytes [BA, A8, 06, 11, 01, FF, E2] {MOV EDX, 0x11106a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtOpenProcess + 5 77BDF385 7 Bytes [BA, A8, 05, 11, 01, FF, E2] {MOV EDX, 0x11105a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtOpenFile + 5 77BDF4E5 7 Bytes [BA, 68, 04, 11, 01, FF, E2] {MOV EDX, 0x1110468; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtMapViewOfSection + 5 77BDF665 7 Bytes [BA, 28, 07, 11, 01, FF, E2] {MOV EDX, 0x1110728; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] ntdll.dll!NtCreateFile + 5 77BE04B5 7 Bytes [BA, 28, 04, 11, 01, FF, E2] {MOV EDX, 0x1110428; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, 13, 01, 50, C3, ...] {MOV EAX, 0x11311e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, 13, 01, 50, C3, ...] {MOV EAX, 0x1131229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 13, 01, 50, C3, ...] {MOV EAX, 0x1135d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 13, 01, 50, C3, ...] {MOV EAX, 0x11318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 13, 01, 50, C3, ...] {MOV EAX, 0x11318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 13, 01, 50, C3, ...] {MOV EAX, 0x1131dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 13, 01, 50, C3, ...] {MOV EAX, 0x1131e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 13, 01, 50, C3, ...] {MOV EAX, 0x113793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 13, 01, 50, C3, ...] {MOV EAX, 0x1135bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 13, 01, 50, C3, ...] {MOV EAX, 0x11377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 13, 01, 50, C3, ...] {MOV EAX, 0x1137741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 13, 01, 50, C3, ...] {MOV EAX, 0x1131d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 13, 01, 50, C3, ...] {MOV EAX, 0x1131d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 13, 01, 50, C3, ...] {MOV EAX, 0x1135904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 13, 01, 50, C3, ...] {MOV EAX, 0x11373da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetRawInputData + 1 776E92E1 9 Bytes [FD, 55, 13, 01, 50, C3, 90, ...] {STD ; PUSH EBP; ADC EAX, [ECX]; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetKeyboardState + 1 776E9481 9 Bytes [9B, 78, 13, 01, 50, C3, 90, ...] {WAIT ; JS 0x16; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 13, 01, 50, C3, ...] {MOV EAX, 0x113194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7196] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 13, 01, 50, C3, ...] {MOV EAX, 0x113569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, C3, 00, 50, C3, ...] {MOV EAX, 0xc38442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, C3, 00, 50, C3, ...] {MOV EAX, 0xc3770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtUnmapViewOfSection + 5 77BDDA05 4 Bytes [BA, 68, D7, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtUnmapViewOfSection + A 77BDDA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationThread + 5 77BDE0D5 4 Bytes [BA, 28, D6, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationThread + A 77BDE0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationFile + 5 77BDE195 4 Bytes [BA, 28, D5, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtSetInformationFile + A 77BDE19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryFullAttributesFile + A 77BDEE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryAttributesFile + 5 77BDEFE5 4 Bytes [BA, A8, D4, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtQueryAttributesFile + A 77BDEFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadTokenEx + A 77BDF22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadToken + 5 77BDF245 4 Bytes [BA, 68, D6, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThreadToken + A 77BDF24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThread + 5 77BDF265 4 Bytes [BA, 68, D5, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenThread + A 77BDF26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessTokenEx + 5 77BDF345 4 Bytes [BA, A8, D6, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessTokenEx + A 77BDF34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcessToken + A 77BDF36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcess + 5 77BDF385 4 Bytes [BA, A8, D5, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenProcess + A 77BDF38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenFile + 5 77BDF4E5 4 Bytes [BA, 68, D4, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtOpenFile + A 77BDF4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtMapViewOfSection + 5 77BDF665 4 Bytes [BA, 28, D7, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtMapViewOfSection + A 77BDF66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtCreateFile + 5 77BE04B5 4 Bytes [BA, 28, D4, C1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] ntdll.dll!NtCreateFile + A 77BE04BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] KERNEL32.DLL!VirtualProtect 75DEC9A0 12 Bytes [B8, E5, 11, C3, 00, 50, C3, ...] {MOV EAX, 0xc311e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] KERNEL32.DLL!VirtualProtectEx 75E0E2F0 12 Bytes [B8, 29, 12, C3, 00, 50, C3, ...] {MOV EAX, 0xc31229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, C3, 00, 50, C3, ...] {MOV EAX, 0xc35d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, C3, 00, 50, C3, ...] {MOV EAX, 0xc318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, C3, 00, 50, C3, ...] {MOV EAX, 0xc318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, C3, 00, 50, C3, ...] {MOV EAX, 0xc31dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, C3, 00, 50, C3, ...] {MOV EAX, 0xc31e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, C3, 00, 50, C3, ...] {MOV EAX, 0xc3793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, C3, 00, 50, C3, ...] {MOV EAX, 0xc35bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, C3, 00, 50, C3, ...] {MOV EAX, 0xc377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, C3, 00, 50, C3, ...] {MOV EAX, 0xc37741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, C3, 00, 50, C3, ...] {MOV EAX, 0xc31d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, C3, 00, 50, C3, ...] {MOV EAX, 0xc31d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, C3, 00, 50, C3, ...] {MOV EAX, 0xc35904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, C3, 00, 50, C3, ...] {MOV EAX, 0xc373da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, C3] {STD ; PUSH EBP; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, C3] {WAIT ; JS 0xffffffc6} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, C3, 00, 50, C3, ...] {MOV EAX, 0xc3194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7324] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, C3, 00, 50, C3, ...] {MOV EAX, 0xc3569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, D4, 00, 50, C3, ...] {MOV EAX, 0xd48442; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, D4, 00, 50, C3, ...] {MOV EAX, 0xd4770d; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, D4, 00, 50, C3, ...] {MOV EAX, 0xd45d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, D4, 00, 50, C3, ...] {MOV EAX, 0xd418b7; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, D4, 00, 50, C3, ...] {MOV EAX, 0xd418dd; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, D4, 00, 50, C3, ...] {MOV EAX, 0xd41dd5; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, D4, 00, 50, C3, ...] {MOV EAX, 0xd41e20; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, D4, 00, 50, C3, ...] {MOV EAX, 0xd4793c; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, D4, 00, 50, C3, ...] {MOV EAX, 0xd45bb6; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, D4, 00, 50, C3, ...] {MOV EAX, 0xd477ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, D4, 00, 50, C3, ...] {MOV EAX, 0xd47741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, D4, 00, 50, C3, ...] {MOV EAX, 0xd41d8d; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, D4, 00, 50, C3, ...] {MOV EAX, 0xd41d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, D4, 00, 50, C3, ...] {MOV EAX, 0xd45904; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, D4, 00, 50, C3, ...] {MOV EAX, 0xd473da; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, D4] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, D4] {WAIT ; JS 0xffffffd7} .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, D4, 00, 50, C3, ...] {MOV EAX, 0xd4194f; PUSH EAX; RET ; NOP } .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[7344] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, D4, 00, 50, C3, ...] {MOV EAX, 0xd4569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] ntdll.dll!LdrLoadDll 77B9E230 8 Bytes [B8, 42, 84, 18, 00, 50, C3, ...] {MOV EAX, 0x188442; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] ntdll.dll!LdrUnloadDll 77BA3FB0 8 Bytes [B8, 0D, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x18770d; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!CreateWindowInBandEx + 3E0 776BBFB0 11 Bytes [B8, 81, 5D, 18, 00, 50, C3, ...] {MOV EAX, 0x185d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!SetWindowLongA 776C4CA0 8 Bytes [B8, B7, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818b7; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!SetWindowLongW 776C4CC0 8 Bytes [B8, DD, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818dd; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!PeekMessageA 776CD5A0 8 Bytes [B8, D5, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181dd5; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!PeekMessageW 776CD700 8 Bytes [B8, 20, 1E, 18, 00, 50, C3, ...] {MOV EAX, 0x181e20; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!CallNextHookEx 776D13A0 8 Bytes [B8, 3C, 79, 18, 00, 50, C3, ...] {MOV EAX, 0x18793c; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!SystemParametersInfoW + 480 776D2AF0 8 Bytes [B8, B6, 5B, 18, 00, 50, C3, ...] {MOV EAX, 0x185bb6; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetKeyState 776D5170 11 Bytes [B8, EE, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x1877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetAsyncKeyState 776D5B10 11 Bytes [B8, 41, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x187741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetMessageW 776D5EB0 8 Bytes [B8, 8D, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d8d; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetMessageA 776D6ED0 9 Bytes [B8, 45, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetCursorPos + 20 776D8A40 8 Bytes [B8, 04, 59, 18, 00, 50, C3, ...] {MOV EAX, 0x185904; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetCursorPos + 80 776D8AA0 8 Bytes [B8, DA, 73, 18, 00, 50, C3, ...] {MOV EAX, 0x1873da; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetRawInputData + 1 776E92E1 3 Bytes [FD, 55, 18] .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetRawInputData + 5 776E92E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetKeyboardState + 1 776E9481 3 Bytes [9B, 78, 18] {WAIT ; JS 0x1b} .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetKeyboardState + 5 776E9485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!EndTask 77712F90 8 Bytes [B8, 4F, 19, 18, 00, 50, C3, ...] {MOV EAX, 0x18194f; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\203y8t9j.exe[7604] USER32.dll!GetRawInputBuffer 7771BF60 11 Bytes [B8, 9A, 56, 18, 00, 50, C3, ...] {MOV EAX, 0x18569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 SpyshelterKb.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 EUBKMON.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 EUBKMON.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 EUBKMON.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1638078137 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 185 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x0E 0x17 0xFF 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x0E 0x7F 0xC3 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x0E 0xAF 0x3A 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x9F 0xAB 0x4A 0x02 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\SystemProtected@DisableCAD 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@2B422F42 27 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2128185018-83059525-1353127512-1001@RefCount 6 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E3641CF3-0000-0000-0000-501F00000000} 507046952 ---- Files - GMER 2.2 ---- File C:\Users\katar\AppData\Local\Temp\etilqs_hJT4vIqjpg8EY9X 4 bytes ---- EOF - GMER 2.2 ----