Trojan:WIN32/BublikB Email vom Casa-Mina (blub-blub@freenet.de) Habe heute eine Email von o.g. Absender bekommen mit einer Rechnung als ZIP-Datei. War über den Rechnungsbetrag so entsetzt, dass ich den Anhang ohne zu überlegen geöffnet habe. Datei ließ sich aber nicht öffnen. Microsoft Security Essentials zeigt jetzt dauernd an, dass die Bedrohung entfernt wurde und keine weiteren Aktionen notwendig sind. Fundort file:C:\Users\Ralph\AppData\Local\Temp\{11377-4BF4E8-4BF8E8}. Ist mein Computer jetzt wieder in Ordnung? |
Hallo und :hallo: Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
|
OTL Logfile: Code: OTL logfile created on: 22.02.2013 18:06:55 - Run 1 OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1 OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 22.02.2013 18:48:55 - Run 1 |
OTL Logfile: Code: OTL logfile created on: 22.02.2013 18:48:55 - Run 1 Sorry, falls ich etwas doppelt gemacht habe, bin leider nur Buchhalterin und computertechnisch nicht so bewandert. Ist keine böse Absicht |
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
Vielen Dankk für deine schnelle Antwort. Es handelt sich um meinen privaten Computer zu Hause. Habe im Moment Probleme mit Modzilla Firefox. Kann nur im abgesicherten Modus arbeiten. Beim Starten des Computers erscheint jetzt immer eine Fehlermeldung: fezqkunnu.exe Anwendungsfehler: Die Anwendung konnte nicht korrekt gestartet werden (0xc0000018). Klicken Sie auf "OK", um die Anwendung zu schließen: |
Zitat:
|
---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 17] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 17] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 16] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 17, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1012] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 16, 00, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 35, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 34, 05, C3] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2904] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 34, 05, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 1B, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1A, 02, C3] .text C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe[956] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1A, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\wininet.DLL!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\syswow64\crypt32.DLL!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 1F, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000072072d12 6 bytes [68, E2, 60, 20, 02, C3] .text C:\Windows\SysWOW64\svchost.exe[3020] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000072093dad 6 bytes [68, BB, 60, 20, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 89, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 88, 02, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2368] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 88, 02, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, 33] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, 33] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, 32] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 32, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 33, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2612] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 32, 00, C3] .text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 42, 00, C3] .text C:\Users\Ralph\AppData\Roaming\Kuev\hyemo.exe[3116] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 42, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 4 bytes [68, 93, 5C, B3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000770208b1 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074bfc664 6 bytes [68, 76, 72, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000074bfe13a 6 bytes [68, 16, 74, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074bff8d8 6 bytes [68, E3, 72, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074c03184 6 bytes [68, EA, 73, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074c25761 6 bytes [68, B8, 6F, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000074c3f639 6 bytes [68, E0, 71, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074c5525a 6 bytes [68, 51, 70, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000074c9ece5 6 bytes [68, 43, 71, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 4 bytes [68, FA, B0, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007617724b 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 4 bytes [68, 39, B1, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000761779dd 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 4 bytes [68, 5F, B0, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076180e9f 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 4 bytes [68, EF, AF, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076180ebf 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 4 bytes [68, EE, 59, B3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076182ed6 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 4 bytes [68, 9F, B0, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076183006 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 6 bytes [68, B1, 59, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 6 bytes [68, DB, B9, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 4 bytes [68, 68, FC, B2] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761d8960 1 byte [C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, B2, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1540] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, B3, 00, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007701f941 8 bytes {MOV EDX, 0xd03e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007701f94b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007701f9bd 8 bytes {MOV EDX, 0xd01a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007701f9c7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007701fad5 8 bytes {MOV EDX, 0xd0168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007701fadf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007701fb85 8 bytes {MOV EDX, 0xd0428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007701fb8f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007701fbb5 8 bytes {MOV EDX, 0xd0368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007701fbbf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007701fbcd 8 bytes {MOV EDX, 0xd0128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007701fbd7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007701fbe5 8 bytes {MOV EDX, 0xd04e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007701fbef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007701fc15 8 bytes {MOV EDX, 0xd0528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007701fc1f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007701fc95 8 bytes {MOV EDX, 0xd04a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007701fc9f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007701fcad 8 bytes {MOV EDX, 0xd0468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007701fcb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007701fcf9 8 bytes {MOV EDX, 0xd0068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007701fd03 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007701fd5d 8 bytes {MOV EDX, 0xd02e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007701fd67 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007701fdf1 8 bytes {MOV EDX, 0xd00a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007701fdfb 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007701ff39 8 bytes {MOV EDX, 0xd02a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007701ff43 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020049 8 bytes {MOV EDX, 0xd0028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077020053 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077020731 8 bytes {MOV EDX, 0xd0268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007702073b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000770208ac 6 bytes [68, 93, 5C, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077020fad 8 bytes {MOV EDX, 0xd01e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077020fb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007702100d 8 bytes {MOV EDX, 0xd0228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077021017 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021055 8 bytes {MOV EDX, 0xd03a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007702105f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000770210cd 8 bytes {MOV EDX, 0xd0328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000770210d7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000770212d1 8 bytes {MOV EDX, 0xd00e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000770212db 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007703260d 6 bytes [68, D6, FC, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007703c4aa 6 bytes [68, BE, 5D, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077042a93 6 bytes [68, 1C, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077064170 6 bytes [68, 62, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007706e6b5 6 bytes [68, A8, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074e8102d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074e81062 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000074e832f2 6 bytes [68, 27, 60, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e8734e 6 bytes [68, E6, 5F, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007533119f 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000753311cf 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074c25fef 6 bytes [68, 74, 6F, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074c2632d 6 bytes [68, FC, 6F, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074c2fa49 6 bytes [68, 11, 73, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000074c3f564 6 bytes [68, A6, 70, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000074c54f2f 6 bytes [68, 90, 73, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000074c9edb7 6 bytes [68, 2B, 72, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000753d4df0 5 bytes JMP 00000001000f03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000753d4eb0 5 bytes JMP 00000001000f05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000753d50eb 5 bytes JMP 00000001000f08f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000753d5176 5 bytes JMP 00000001000f0a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000753d5689 5 bytes JMP 00000001000f01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753d5876 5 bytes JMP 00000001000f0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000753d6abf 5 bytes JMP 00000001000f0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000753d6e3b 5 bytes JMP 00000001000f0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000753d6ee3 5 bytes JMP 00000001000f0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000753d6fb9 5 bytes JMP 00000001000f06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000753d726e 5 bytes JMP 00000001000f0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000753d7a94 5 bytes JMP 00000001000f03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000753d7ca5 5 bytes JMP 00000001000f0d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000753d7e47 5 bytes JMP 00000001000f0e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000753d8080 5 bytes JMP 00000001000f09f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000753d834a 5 bytes JMP 00000001000f0970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000753d86b6 5 bytes JMP 00000001000f0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000753d89e9 5 bytes JMP 00000001000f02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000753d8c0d 5 bytes JMP 00000001000f05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000753d95f4 5 bytes JMP 00000001000f00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000753d988e 5 bytes JMP 00000001000f0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000753dac0a 5 bytes JMP 00000001000f0d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000753daf37 5 bytes JMP 00000001000f0c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000753db7c5 5 bytes JMP 00000001000f09b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!LineTo 00000000753dbba5 5 bytes JMP 00000001000f0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000753dbf60 5 bytes JMP 00000001000f0db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000753dc208 5 bytes JMP 00000001000f0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000753dc4db 5 bytes JMP 00000001000f0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000753dc6f6 5 bytes JMP 00000001000f06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000753dcfb9 5 bytes JMP 00000001000f0df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000753dd0d5 5 bytes JMP 00000001000f0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000753dd8bf 5 bytes JMP 00000001000f0930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000753de45d 5 bytes JMP 00000001000f00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000753dfd24 5 bytes JMP 00000001000f02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!Escape 00000000753e13bd 5 bytes JMP 00000001000f0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000753e18d0 5 bytes JMP 00000001000f0cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000753e4bd0 5 bytes JMP 00000001000f0b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000753e4d07 5 bytes JMP 00000001000f0b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPage 00000000753e6665 5 bytes JMP 00000001000f0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000753ee135 5 bytes JMP 00000001000f0ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000753f93cd 5 bytes JMP 00000001000f0cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000753fc5d9 5 bytes JMP 00000001000f0bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000753fd26a 5 bytes JMP 00000001000f0bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000753fd8d1 5 bytes JMP 00000001000f0c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075403acc 5 bytes JMP 00000001000f0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075403f19 5 bytes JMP 00000001000f01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartPage 000000007540400a 5 bytes JMP 00000001000f0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075404c41 5 bytes JMP 00000001000f07f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000754053ed 5 bytes JMP 00000001000f0830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075405444 5 bytes JMP 00000001000f0af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!CloseFigure 000000007540549f 5 bytes JMP 00000001000f0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!EndPath 00000000754054f6 5 bytes JMP 00000001000f0a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007540572f 5 bytes JMP 00000001000f07b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!FillPath 00000000754057c2 5 bytes JMP 00000001000f0870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075405c34 5 bytes JMP 00000001000f04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075405cc5 5 bytes JMP 00000001000f04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075405d77 5 bytes JMP 00000001000f08b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDC 0000000076177246 6 bytes [68, FA, B0, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007617730e 6 bytes [68, 78, B1, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000761779d8 6 bytes [68, 39, B1, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076177d79 6 bytes [68, 2C, B8, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076177e92 6 bytes [68, 37, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007617811b 6 bytes [68, 5F, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007617819d 5 bytes JMP 0000000100100570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076178bd6 6 bytes [68, DA, FF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076179ed3 6 bytes [68, 74, 00, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007617c55d 5 bytes JMP 00000001001002b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007617dd6d 6 bytes [68, C6, 00, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076180112 6 bytes [68, 87, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000761805ff 5 bytes JMP 00000001001002f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000761808e5 7 bytes JMP 00000001001005b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076180abb 6 bytes [68, 0C, FF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetParent 0000000076180b0e 7 bytes JMP 00000001001006f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076180cd5 7 bytes JMP 00000001001006b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076180e0d 6 bytes [68, 6A, 59, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076180e9a 6 bytes [68, 5F, B0, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076180eba 6 bytes [68, EF, AF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076180f14 5 bytes JMP 00000001001005f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000761827db 7 bytes JMP 0000000100100630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076182bc7 6 bytes [68, 38, 59, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076182dbd 6 bytes [68, 98, 5A, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076182ec4 6 bytes [68, 48, 5A, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076182ed1 6 bytes [68, EE, 59, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076183001 6 bytes [68, 9F, B0, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007618361b 7 bytes JMP 0000000100100670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076184076 5 bytes JMP 0000000100100530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076184b80 6 bytes [68, 27, 00, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076187a54 7 bytes JMP 0000000100100730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076187af4 6 bytes [68, 55, FF, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007618808f 6 bytes [68, 37, FE, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000761881e0 6 bytes [68, C6, FE, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076188632 6 bytes [68, EE, FD, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000761887c9 5 bytes JMP 00000001001000f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000761887e9 5 bytes JMP 0000000100100330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076188807 6 bytes [68, 80, FE, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] |
C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000761891f4 5 bytes JMP 00000001001000b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076189232 5 bytes JMP 0000000100100070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076189485 5 bytes JMP 00000001001004f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007618b779 5 bytes JMP 00000001001001b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007618b798 5 bytes JMP 00000001001003f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007618b7b6 5 bytes JMP 00000001001001f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007618b7e6 5 bytes JMP 00000001001004b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007618cee9 5 bytes JMP 0000000100100370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076190880 5 bytes JMP 0000000100100230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007619ec67 5 bytes JMP 0000000100100430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007619ed58 6 bytes [68, B2, 5B, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007619f1fe 6 bytes [68, 4B, B2, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007619f66f 5 bytes JMP 0000000100100270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000761a011b 6 bytes [68, B8, B1, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000761b8de7 5 bytes JMP 0000000100100170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000761b97e4 6 bytes [68, B8, FC, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000761b9c8d 5 bytes JMP 00000001037859b1 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000761b9f3b 5 bytes JMP 000000010377b9db .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000761d7e49 5 bytes JMP 0000000100100130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000761d82a1 5 bytes JMP 0000000100100470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000761d84bf 5 bytes JMP 00000001001003b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761d895b 6 bytes [68, 68, FC, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 00000000764fbbdb 6 bytes [68, A4, 60, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000765314fd 6 bytes [68, 8D, 60, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000746f9556 5 bytes JMP 00000001002100f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000747004d3 5 bytes JMP 0000000100210130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074700b0b 5 bytes JMP 0000000100210270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074700b80 5 bytes JMP 00000001002101b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074700e80 5 bytes JMP 0000000100210070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074700fe8 5 bytes JMP 00000001002100b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000747011a0 5 bytes JMP 00000001002101f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000747011ef 5 bytes JMP 0000000100210230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074701479 5 bytes JMP 0000000100210030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000747014e2 5 bytes JMP 0000000100210170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000074d6f2fe 5 bytes JMP 0000000100220030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000074d72489 5 bytes JMP 0000000100220070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000074d9f825 5 bytes JMP 00000001002200b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000747e12b0 6 bytes [68, 51, 5C, 77, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074b53bed 6 bytes [68, D4, 06, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074b56737 6 bytes [68, E5, 02, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074b568a7 6 bytes [68, 2D, 07, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!send 0000000074b5c4c8 6 bytes [68, 0C, 07, 78, 03, C3] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[1764] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074b67133 6 bytes [68, 75, 02, 78, 03, C3] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1492:2764] 000007fef6f72888 Thread C:\Windows\SysWOW64\svchost.exe [3020:2792] 000000007ef90000 Thread C:\Windows\SysWOW64\svchost.exe [3020:2788] 000000007ef93177 Thread C:\Windows\SysWOW64\svchost.exe [3020:3112] 000000007ef96b9b Thread C:\Windows\SysWOW64\svchost.exe [3020:4064] 000000007efa1486 Thread C:\Windows\SysWOW64\svchost.exe [3020:4068] 000000007ef95538 Thread C:\Windows\SysWOW64\svchost.exe [3020:3924] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:3896] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:236] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:3488] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:616] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4076] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:3304] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:2292] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4184] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4208] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4216] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4240] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4252] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4268] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4288] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4300] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4320] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4412] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4448] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4488] 000000007ef95ab0 Thread C:\Windows\SysWOW64\svchost.exe [3020:4508] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4516] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4532] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4548] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4572] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4648] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4652] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4656] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4756] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4780] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4824] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4844] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4852] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4856] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4936] 000000007ef95beb Thread C:\Windows\SysWOW64\svchost.exe [3020:4912] 000000007ef98a3d Thread C:\Windows\SysWOW64\svchost.exe [3020:2536] 000000007ef98a3d Thread C:\Windows\SysWOW64\svchost.exe [3020:4616] 000000007ef98a3d ---- EOF - GMER 2.1 ---- |
Die Logs sollten in CODE-Tags gepostet werden! Wenn zu groß dann nur das zu große Log zippen und hier anhängen außerdem fehlt das Log von MBAR Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.22.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Acer :: ACER-PC [administrator] 23.02.2013 03:30:24 mbar-log-2013-02-23 (03-30-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28297 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free anti-malware download Database version: v2013.02.22.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Acer :: ACER-PC [administrator] 23.02.2013 03:30:24 mbar-log-2013-02-23 (03-30-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28297 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Users\Ralph\Downloads\7 zip.exe (PUP.Offerware) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free anti-malware download Database version: v2013.02.23.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Acer :: ACER-PC [administrator] 23.02.2013 03:47:31 mbar-log-2013-02-23 (03-47-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28292 Time elapsed: 10 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Es tut mir wirklich sehr leid, wenn ich dir Umstände bereite, aber als unerfahrene 50jährige Frau habe ich mein Bestes gegeben und bin jetzt auch vollkommen mit durch. Ich hoffe, du kannst trotzdem etwas damit anfangen und übst etwas Nachsicht. Habe auch versucht, Codes-Tags hinzubekommen, ist mir leider nicht geglückt, da fehlt dann doch einiges an Fachwissen. Wusste bis gestern nicht mal was Log-files sind und wie sie erstellt werden. Habe mich da auch durch das Forum gewurschtelt. Aber jetzt sehe ich auch nicht mehr durch und hoffe, du hilfst mir trotzdem weiter. Dafür schon mal vielen Dank im Voraus. |
aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
Hallo, habe jetzt ein Riesenproblem. Mein Computer ist jetzt angeblich vom Bundesamt für Sicherheit gesperrt worden und ich soll 100 € sofort bezahlen. Kann an meinem Rechner nichts mehr machen. Empfänge meine Emails übers IPhone. Ist noch was zu retten?? Code: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Code: 16:31:52.0920 4584 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 Hoffe, das ich jetzt alles richtig gemacht habe und du mir weiterhelfen kannst und ich den Computer nicht platt machen muss. Noch mal ich, jetzt ist mein Konto wieder total lahm gelegt und es erscheint nur das Bild vom BKA Virus. |
Mit dem anderen Benutzerkonto kannst du aber noch arbeiten? Wenn ja: Dann bitte jetzt CF ausführen: Scan mit Combofix
|
Code: ComboFix 13-02-24.01 - Acer 24.02.2013 23:28:55.2.4 - x64 |
Alle Zeitangaben in WEZ +1. Es ist jetzt 10:04 Uhr. |
Copyright ©2000-2024, Trojaner-Board