| lostz2010 | 05.05.2013 18:49 |
hier noch er scan
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-05 19:44:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ExcelStor_Technology_J9250S rev.GM2OA52A 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Farzad\AppData\Local\Temp\uwdiipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 57]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 58, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 6 bytes [68, CE, 7D, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 6 bytes [68, 94, DD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 6 bytes [68, D3, DD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 6 bytes [68, F9, DC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 6 bytes [68, 89, DC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 6 bytes [68, 39, DD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 6 bytes [68, 29, D6, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 6 bytes [68, AD, BB, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 5E, 02, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 38]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!send 0000000076a56f01 6 bytes [68, 75, 2D, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2564] entry point in ".rdata" section 00000000745871e6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 9F]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, A0, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 37]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 38, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 2E]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 2F, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077cbf991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077cbf99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077cbfa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077cbfa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077cbfb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077cbfb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077cbfbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077cbfbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077cbfc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077cbfc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077cbfc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077cbfc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077cbfc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077cbfc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077cbfc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077cbfc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077cbfce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077cbfcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077cbfcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077cbfd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077cbfd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077cbfd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077cbfdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077cbfdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077cbfe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077cbfe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077cbff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077cbff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077cc0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077cc00a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077cc0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077cc078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077cc0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077cc1007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077cc105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077cc1067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077cc10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077cc10af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077cc111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077cc1127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077cc1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077cc132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075f8103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075f81072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 00000000764f0793 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000764f07c3 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076244de0 5 bytes JMP 00000001000f03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076244f70 5 bytes JMP 00000001000f05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000762451a2 5 bytes JMP 00000001000f08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007624522d 5 bytes JMP 00000001000f0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076245689 5 bytes JMP 00000001000f01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000762458b3 5 bytes JMP 00000001000f0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076246bad 5 bytes JMP 00000001000f0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076246e05 5 bytes JMP 00000001000f0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076246ead 5 bytes JMP 00000001000f0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076247180 5 bytes JMP 00000001000f06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076247435 5 bytes JMP 00000001000f0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076247bcc 5 bytes JMP 00000001000f00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076247dc4 5 bytes JMP 00000001000f03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076247fd5 5 bytes JMP 00000001000f0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000762482b2 5 bytes JMP 00000001000f0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076248401 5 bytes JMP 00000001000f09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007624879f 5 bytes JMP 00000001000f02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076248916 5 bytes JMP 00000001000f05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076248b7a 5 bytes JMP 00000001000f0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076248ee6 5 bytes JMP 00000001000f0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076249875 5 bytes JMP 00000001000f0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076249936 5 bytes JMP 00000001000f0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007624a53a 5 bytes JMP 00000001000f09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007624af9f 5 bytes JMP 00000001000f0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!LineTo 000000007624b9e5 5 bytes JMP 00000001000f0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007624bd55 5 bytes JMP 00000001000f0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007624c040 5 bytes JMP 00000001000f0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007624c107 5 bytes JMP 00000001000f0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007624c269 5 bytes JMP 00000001000f06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007624d1f1 5 bytes JMP 00000001000f0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007624d349 5 bytes JMP 00000001000f0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007624dce4 5 bytes JMP 00000001000f0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007624e743 5 bytes JMP 00000001000f00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000762503b7 5 bytes JMP 00000001000f02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!Escape 0000000076251bda 5 bytes JMP 00000001000f0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076251e89 5 bytes JMP 00000001000f0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076254843 5 bytes JMP 00000001000f0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076255690 5 bytes JMP 00000001000f0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076256bde 5 bytes JMP 00000001000f0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ResetDCW 000000007625e2db 5 bytes JMP 00000001000f0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007626940d 5 bytes JMP 00000001000f0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007626c621 5 bytes JMP 00000001000f0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007626d2b2 5 bytes JMP 00000001000f0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007626d919 5 bytes JMP 00000001000f0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076273adc 5 bytes JMP 00000001000f0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076273f29 5 bytes JMP 00000001000f01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StartPage 000000007627401a 5 bytes JMP 00000001000f0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076274c51 5 bytes JMP 00000001000f07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000762753fd 5 bytes JMP 00000001000f0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076275454 5 bytes JMP 00000001000f0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000762754af 5 bytes JMP 00000001000f0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076275506 5 bytes JMP 00000001000f0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007627573f 5 bytes JMP 00000001000f07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!FillPath 00000000762757d2 5 bytes JMP 00000001000f0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076275c44 5 bytes JMP 00000001000f04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076275cd5 5 bytes JMP 00000001000f04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076275d87 5 bytes JMP 00000001000f08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076118c40 5 bytes JMP 0000000100180570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076119ebd 5 bytes JMP 00000001001802b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076120afa 5 bytes JMP 00000001001802f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076120c62 7 bytes JMP 00000001001805b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetParent 0000000076120f68 7 bytes JMP 00000001001806f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!IsWindowVisible 000000007612112d 7 bytes JMP 00000001001806b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000761212a5 5 bytes JMP 00000001001805f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007612227d 7 bytes JMP 0000000100180670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000076123150 7 bytes JMP 0000000100180630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetCursor 00000000761241f6 5 bytes JMP 0000000100180530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000761268ef 5 bytes JMP 0000000100180270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000761277fa 5 bytes JMP 0000000100180230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076127887 7 bytes JMP 0000000100180730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076128676 5 bytes JMP 00000001001800f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000076128696 5 bytes JMP 0000000100180330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000076128e8d 5 bytes JMP 00000001001800b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076128ecb 5 bytes JMP 0000000100180070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007612c17b 5 bytes JMP 0000000100180430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007612c449 5 bytes JMP 00000001001801b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007612c468 5 bytes JMP 00000001001803f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007612c486 5 bytes JMP 00000001001801f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007612c4b6 5 bytes JMP 00000001001804b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 000000007612d6c0 5 bytes JMP 00000001001804f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007612e360 5 bytes JMP 0000000100180370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076158e57 5 bytes JMP 0000000100180170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 5 bytes JMP 0000000100180770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 5 bytes JMP 0000000100180030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000076177cb9 3 bytes JMP 0000000100180130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!EmptyClipboard + 4 0000000076177cbd 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000076178111 3 bytes JMP 0000000100180470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardViewer + 4 0000000076178115 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007617832f 3 bytes JMP 00000001001803b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat + 4 0000000076178333 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000075819606 5 bytes JMP 00000001001900f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000075820581 5 bytes JMP 0000000100190130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000075820bb9 5 bytes JMP 0000000100190270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000075820c2e 5 bytes JMP 00000001001901b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000075820f2e 5 bytes JMP 0000000100190070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000075821096 5 bytes JMP 00000001001900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007582124e 5 bytes JMP 00000001001901f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007582129d 5 bytes JMP 0000000100190230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000075821527 5 bytes JMP 0000000100190030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000075821590 5 bytes JMP 0000000100190170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000777a0045 5 bytes JMP 0000000100250030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000777a36b2 5 bytes JMP 0000000100250070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000777cfdcd 5 bytes JMP 00000001002500b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
--- --- --- |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Lesestoff: