.text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 77, 00, 50, C3, ...] {MOV EAX, 0x775d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 77, 00, 50, C3, ...] {MOV EAX, 0x7718b7; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 77, 00, 50, C3, ...] {MOV EAX, 0x7718dd; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 77, 00, 50, C3, ...] {MOV EAX, 0x771dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 77, 00, 50, C3, ...] {MOV EAX, 0x771e20; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 77, 00, 50, C3, ...] {MOV EAX, 0x77793c; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 77, 00, 50, C3, ...] {MOV EAX, 0x775bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 77, 00, 50, C3, ...] {MOV EAX, 0x7777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 77, 00, 50, C3, ...] {MOV EAX, 0x777741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 77, 00, 50, C3, ...] {MOV EAX, 0x771d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 77, 00, 50, C3, ...] {MOV EAX, 0x771d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 77, 00, 50, C3, ...] {MOV EAX, 0x775904; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 77, 00, 50, C3, ...] {MOV EAX, 0x7773da; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 77] .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 77] {WAIT ; JS 0x7a} .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 77, 00, 50, C3, ...] {MOV EAX, 0x77194f; PUSH EAX; RET ; NOP } .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[2968] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 77, 00, 50, C3, ...] {MOV EAX, 0x77569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 36, 00, 50, C3, ...] {MOV EAX, 0x368442; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 36, 00, 50, C3, ...] {MOV EAX, 0x36770d; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 36, 00, 50, C3, ...] {MOV EAX, 0x365d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 36, 00, 50, C3, ...] {MOV EAX, 0x3618b7; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 36, 00, 50, C3, ...] {MOV EAX, 0x3618dd; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 36, 00, 50, C3, ...] {MOV EAX, 0x361dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 36, 00, 50, C3, ...] {MOV EAX, 0x361e20; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 36, 00, 50, C3, ...] {MOV EAX, 0x36793c; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 36, 00, 50, C3, ...] {MOV EAX, 0x365bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 36, 00, 50, C3, ...] {MOV EAX, 0x3677ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 36, 00, 50, C3, ...] {MOV EAX, 0x367741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 36, 00, 50, C3, ...] {MOV EAX, 0x361d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 36, 00, 50, C3, ...] {MOV EAX, 0x361d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 36, 00, 50, C3, ...] {MOV EAX, 0x365904; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 36, 00, 50, C3, ...] {MOV EAX, 0x3673da; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 36] .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 36] {WAIT ; JS 0x39} .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 36, 00, 50, C3, ...] {MOV EAX, 0x36194f; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[3064] user32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 36, 00, 50, C3, ...] {MOV EAX, 0x36569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca8442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca18b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca18dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca1e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca5904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca73da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetRawInputData + 1 74B792E1 9 Bytes [FD, 55, CA, 03, 50, C3, 90, ...] {STD ; PUSH EBP; RETF 0x5003; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetKeyboardState + 1 74B79481 9 Bytes [9B, 78, CA, 03, 50, C3, 90, ...] {WAIT ; JS 0xffffffcd; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\sihost.exe[3080] user32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, CA, 03, 50, C3, ...] {MOV EAX, 0x3ca569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, C3, 03, 50, C3, ...] {MOV EAX, 0x3c38442; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, C3, 03, 50, C3, ...] {MOV EAX, 0x3c3770d; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, C3, 03, 50, C3, ...] {MOV EAX, 0x3c35d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, C3, 03, 50, C3, ...] {MOV EAX, 0x3c318b7; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, C3, 03, 50, C3, ...] {MOV EAX, 0x3c318dd; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, C3, 03, 50, C3, ...] {MOV EAX, 0x3c31dd5; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, C3, 03, 50, C3, ...] {MOV EAX, 0x3c31e20; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, C3, 03, 50, C3, ...] {MOV EAX, 0x3c3793c; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, C3, 03, 50, C3, ...] {MOV EAX, 0x3c35bb6; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, C3, 03, 50, C3, ...] {MOV EAX, 0x3c377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, C3, 03, 50, C3, ...] {MOV EAX, 0x3c37741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, C3, 03, 50, C3, ...] {MOV EAX, 0x3c31d8d; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, C3, 03, 50, C3, ...] {MOV EAX, 0x3c31d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, C3, 03, 50, C3, ...] {MOV EAX, 0x3c35904; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, C3, 03, 50, C3, ...] {MOV EAX, 0x3c373da; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetRawInputData + 1 74B792E1 9 Bytes [FD, 55, C3, 03, 50, C3, 90, ...] {STD ; PUSH EBP; RET ; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetKeyboardState + 1 74B79481 9 Bytes [9B, 78, C3, 03, 50, C3, 90, ...] {WAIT ; JS 0xffffffc6; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, C3, 03, 50, C3, ...] {MOV EAX, 0x3c3194f; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[3652] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, C3, 03, 50, C3, ...] {MOV EAX, 0x3c3569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, FE, 00, 50, C3, ...] {MOV EAX, 0xfe8442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, FE, 00, 50, C3, ...] {MOV EAX, 0xfe770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, FE, 00, 50, C3, ...] {MOV EAX, 0xfe18b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, FE, 00, 50, C3, ...] {MOV EAX, 0xfe18dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, FE, 00, 50, C3, ...] {MOV EAX, 0xfe793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, FE, 00, 50, C3, ...] {MOV EAX, 0xfe5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, FE, 00, 50, C3, ...] {MOV EAX, 0xfe77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, FE, 00, 50, C3, ...] {MOV EAX, 0xfe7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, FE, 00, 50, C3, ...] {MOV EAX, 0xfe1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, FE, 00, 50, C3, ...] {MOV EAX, 0xfe5904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, FE, 00, 50, C3, ...] {MOV EAX, 0xfe73da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, FE] .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, FE] {WAIT ; JS 0x1} .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, FE, 00, 50, C3, ...] {MOV EAX, 0xfe194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhostw.exe[3684] user32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, FE, 00, 50, C3, ...] {MOV EAX, 0xfe569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e8442; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e770d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e18b7; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e18dd; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e1e20; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e793c; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e5904; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e73da; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 9E] {STD ; PUSH EBP; SAHF } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 9E] {WAIT ; JS 0xffffffa1} .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e194f; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[3696] user32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 9E, 00, 50, C3, ...] {MOV EAX, 0x9e569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 32, 00, 50, C3, ...] {MOV EAX, 0x328442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 32, 00, 50, C3, ...] {MOV EAX, 0x32770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 32, 00, 50, C3, ...] {MOV EAX, 0x325d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 32, 00, 50, C3, ...] {MOV EAX, 0x3218b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 32, 00, 50, C3, ...] {MOV EAX, 0x3218dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 32, 00, 50, C3, ...] {MOV EAX, 0x321dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 32, 00, 50, C3, ...] {MOV EAX, 0x321e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 32, 00, 50, C3, ...] {MOV EAX, 0x32793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 32, 00, 50, C3, ...] {MOV EAX, 0x325bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 32, 00, 50, C3, ...] {MOV EAX, 0x3277ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 32, 00, 50, C3, ...] {MOV EAX, 0x327741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 32, 00, 50, C3, ...] {MOV EAX, 0x321d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 32, 00, 50, C3, ...] {MOV EAX, 0x321d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 32, 00, 50, C3, ...] {MOV EAX, 0x325904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 32, 00, 50, C3, ...] {MOV EAX, 0x3273da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 32] .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 32] {WAIT ; JS 0x35} .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 32, 00, 50, C3, ...] {MOV EAX, 0x32194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\SettingSyncHost.exe[4256] user32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 32, 00, 50, C3, ...] {MOV EAX, 0x32569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, B0, 00, 50, C3, ...] {MOV EAX, 0xb08442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, B0, 00, 50, C3, ...] {MOV EAX, 0xb0770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, B0, 00, 50, C3, ...] {MOV EAX, 0xb011e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, B0, 00, 50, C3, ...] {MOV EAX, 0xb01229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, B0, 00, 50, C3, ...] {MOV EAX, 0xb05d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, B0, 00, 50, C3, ...] {MOV EAX, 0xb018b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, B0, 00, 50, C3, ...] {MOV EAX, 0xb018dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, B0, 00, 50, C3, ...] {MOV EAX, 0xb01dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, B0, 00, 50, C3, ...] {MOV EAX, 0xb01e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, B0, 00, 50, C3, ...] {MOV EAX, 0xb0793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, B0, 00, 50, C3, ...] {MOV EAX, 0xb05bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, B0, 00, 50, C3, ...] {MOV EAX, 0xb077ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, B0, 00, 50, C3, ...] {MOV EAX, 0xb07741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, B0, 00, 50, C3, ...] {MOV EAX, 0xb01d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, B0, 00, 50, C3, ...] {MOV EAX, 0xb01d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, B0, 00, 50, C3, ...] {MOV EAX, 0xb05904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, B0, 00, 50, C3, ...] {MOV EAX, 0xb073da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, B0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, B0] {WAIT ; JS 0xffffffb3} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, B0, 00, 50, C3, ...] {MOV EAX, 0xb0194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4484] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, B0, 00, 50, C3, ...] {MOV EAX, 0xb0569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 51, 00, 50, C3, ...] {MOV EAX, 0x518442; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 51, 00, 50, C3, ...] {MOV EAX, 0x51770d; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 51, 00, 50, C3, ...] {MOV EAX, 0x515d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 51, 00, 50, C3, ...] {MOV EAX, 0x5118b7; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 51, 00, 50, C3, ...] {MOV EAX, 0x5118dd; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 51, 00, 50, C3, ...] {MOV EAX, 0x511dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 51, 00, 50, C3, ...] {MOV EAX, 0x511e20; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 51, 00, 50, C3, ...] {MOV EAX, 0x51793c; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 51, 00, 50, C3, ...] {MOV EAX, 0x515bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 51, 00, 50, C3, ...] {MOV EAX, 0x5177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 51, 00, 50, C3, ...] {MOV EAX, 0x517741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 51, 00, 50, C3, ...] {MOV EAX, 0x511d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 51, 00, 50, C3, ...] {MOV EAX, 0x511d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 51, 00, 50, C3, ...] {MOV EAX, 0x515904; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 51, 00, 50, C3, ...] {MOV EAX, 0x5173da; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 51] {STD ; PUSH EBP; PUSH ECX} .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 51] {WAIT ; JS 0x54} .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 51, 00, 50, C3, ...] {MOV EAX, 0x51194f; PUSH EAX; RET ; NOP } .text C:\Program Files\TinyWall\TinyWall.exe[4516] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 51, 00, 50, C3, ...] {MOV EAX, 0x51569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 97, 00, 50, C3, ...] {MOV EAX, 0x978442; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 97, 00, 50, C3, ...] {MOV EAX, 0x97770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 97, 00, 50, C3, ...] {MOV EAX, 0x975d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 97, 00, 50, C3, ...] {MOV EAX, 0x9718b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 97, 00, 50, C3, ...] {MOV EAX, 0x9718dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 97, 00, 50, C3, ...] {MOV EAX, 0x971dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 97, 00, 50, C3, ...] {MOV EAX, 0x971e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 97, 00, 50, C3, ...] {MOV EAX, 0x97793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 97, 00, 50, C3, ...] {MOV EAX, 0x975bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 97, 00, 50, C3, ...] {MOV EAX, 0x9777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 97, 00, 50, C3, ...] {MOV EAX, 0x977741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 97, 00, 50, C3, ...] {MOV EAX, 0x971d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 97, 00, 50, C3, ...] {MOV EAX, 0x971d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 97, 00, 50, C3, ...] {MOV EAX, 0x975904; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 97, 00, 50, C3, ...] {MOV EAX, 0x9773da; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 97] {STD ; PUSH EBP; XCHG EDI, EAX} .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 97] {WAIT ; JS 0xffffff9a} .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 97, 00, 50, C3, ...] {MOV EAX, 0x97194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[4560] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 97, 00, 50, C3, ...] {MOV EAX, 0x97569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 97, 00, 50, C3, ...] {MOV EAX, 0x978442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 97, 00, 50, C3, ...] {MOV EAX, 0x97770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, 97, 00, 50, C3, ...] {MOV EAX, 0x9711e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, 97, 00, 50, C3, ...] {MOV EAX, 0x971229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 97, 00, 50, C3, ...] {MOV EAX, 0x975d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 97, 00, 50, C3, ...] {MOV EAX, 0x9718b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 97, 00, 50, C3, ...] {MOV EAX, 0x9718dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 97, 00, 50, C3, ...] {MOV EAX, 0x971dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 97, 00, 50, C3, ...] {MOV EAX, 0x971e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 97, 00, 50, C3, ...] {MOV EAX, 0x97793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 97, 00, 50, C3, ...] {MOV EAX, 0x975bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 97, 00, 50, C3, ...] {MOV EAX, 0x9777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 97, 00, 50, C3, ...] {MOV EAX, 0x977741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 97, 00, 50, C3, ...] {MOV EAX, 0x971d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 97, 00, 50, C3, ...] {MOV EAX, 0x971d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 97, 00, 50, C3, ...] {MOV EAX, 0x975904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 97, 00, 50, C3, ...] {MOV EAX, 0x9773da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 97] {STD ; PUSH EBP; XCHG EDI, EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 97] {WAIT ; JS 0xffffff9a} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 97, 00, 50, C3, ...] {MOV EAX, 0x97194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4568] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 97, 00, 50, C3, ...] {MOV EAX, 0x97569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, A2, 00, 50, C3, ...] {MOV EAX, 0xa28442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, A2, 00, 50, C3, ...] {MOV EAX, 0xa2770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, 67, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, 66, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, 65, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 76118EEE C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, 64, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 76119290 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, 66, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, 65, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, 66, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 761193CF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, 65, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, 64, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, 67, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, 64, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, A2, 00, 50, C3, ...] {MOV EAX, 0xa211e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, A2, 00, 50, C3, ...] {MOV EAX, 0xa21229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, A2, 00, 50, C3, ...] {MOV EAX, 0xa25d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, A2, 00, 50, C3, ...] {MOV EAX, 0xa218b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, A2, 00, 50, C3, ...] {MOV EAX, 0xa218dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, A2, 00, 50, C3, ...] {MOV EAX, 0xa21dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, A2, 00, 50, C3, ...] {MOV EAX, 0xa21e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, A2, 00, 50, C3, ...] {MOV EAX, 0xa2793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, A2, 00, 50, C3, ...] {MOV EAX, 0xa25bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, A2, 00, 50, C3, ...] {MOV EAX, 0xa277ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, A2, 00, 50, C3, ...] {MOV EAX, 0xa27741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, A2, 00, 50, C3, ...] {MOV EAX, 0xa21d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, A2, 00, 50, C3, ...] {MOV EAX, 0xa21d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, A2, 00, 50, C3, ...] {MOV EAX, 0xa25904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, A2, 00, 50, C3, ...] {MOV EAX, 0xa273da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, A2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP }