Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop has massive problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Laptop has massive problems

Unread postby dan12 » February 11th, 2009, 4:41 am

Start > Run, type appwiz.cpl and click OK.

Uninstall the following:

BitLord

Now close Control Panel.

---------------------------



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
c:\documents and settings\Sheets Family\Application Data\LimeWire
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot
Folder::
c:\program files\MalwareRemovalBot
c:\program files\BitLord
c:\program files\LimeWire
FileLook::
c:\windows\system32\72BDA401AB.sys
DirLook::
c:\windows\SxsCaPendDel



    


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe In your case the renamed file!

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

----------------------------

I may need to look deeper as I believe something is hiding from us.



  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

------------------------

Download and Run Gmer

Download Gmer to your Desktop and unzip it to your Desktop.
http://www.gmer.net/gmer.zip

Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe.
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click the Rootkit/Malware tab
To the right of the program you will see a bunch of boxes that have been checked... leave everything checked. Then click the Scan button. Wait for the scan to finish.
Once done click the Copy button.
Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop please.

Click the >>> tab. This will open up all available tabs for you.
Click the Autostart tab then the scan button. Once its done click the Copy button and paste it into a new notepad document. Save that document to your desktop please.

post reports
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 11th, 2009, 1:10 pm

Ok, BitLord was not in my add/remove programs list as I uninstalled that forever ago. Apparently files were left over. So I began with the second step you gave me of creating CFScript.txt and dragging to ComboFix.

I've attached that log as: ComboFix Log (Feb 11)

log.txt and info.txt from Random's System Information Tool are both attached
You do not have the required permissions to view the files attached to this post.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 11th, 2009, 1:13 pm

Attached is the second log from Gmer after clicking the >>> tab.

Here is a copy and paste of the first log (the scan), because for whatever reason it was being stubborn and wouldn't attach. I did however save to my desktop as instructed.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-11 11:06:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF106D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF106D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF106DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF106D14C]
SSDT sptd.sys ZwEnumerateKey [0xF735DA92]
SSDT sptd.sys ZwEnumerateValueKey [0xF735DE20]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF106D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF106D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF106D0F0]
SSDT sptd.sys ZwQueryKey [0xF735DEF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF106D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF106D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF106D8AE]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F65C98AC 5 Bytes JMP 861E41C8
? System32\Drivers\apaua7i9.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\thesheets\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + FFE25751 7C9C217D 272 Bytes [ C0, F1, 77, DB, A8, F1, 77, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + FFE25862 7C9C228E 1 Byte [ 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + FFE25864 7C9C2290 89 Bytes [ FF, 30, 83, 7C, 17, F8, 82, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + FFE258BE 7C9C22EA 121 Bytes [ 91, 7C, F9, BC, 80, 7C, 0D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + FFE25938 7C9C2364 3 Bytes [ 18, AD, 80 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceExW + 8C 7C9EA5DD 267 Bytes [ 53, 48, 47, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceExW + 198 7C9EA6E9 25 Bytes [ 72, 6C, 61, 79, 49, 6E, 64, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceExW + 1B2 7C9EA703 40 Bytes [ 53, 48, 47, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceExW + 1DB 7C9EA72C 181 Bytes [ 77, 4C, 69, 6E, 6B, 49, 6E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceExW + 291 7C9EA7E2 818 Bytes [ 53, 48, 47, 65, 74, 53, 68, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFree + 29 7C9EAB15 151 Bytes [ 6E, 72, 65, 61, 64, 4D, 61, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFree + C1 7C9EABAD 231 Bytes [ 65, 49, 6D, 61, 67, 65, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadOLE + 54 7C9EAC95 140 Bytes [ 53, 68, 65, 52, 65, 6D, 6F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadOLE + E1 7C9EAD22 122 Bytes [ 53, 68, 65, 6C, 6C, 45, 78, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetSize + D 7C9EAD9D 34 Bytes [ 53, 68, 65, 6C, 6C, 5F, 47, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetSize + 30 7C9EADC0 334 Bytes [ 49, 6D, 61, 67, 65, 4C, 69, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILClone + 11A 7C9EAF0F 103 Bytes [ 53, 74, 72, 53, 74, 72, 49, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILClone + 182 7C9EAF77 224 Bytes [ 68, 61, 72, 65, 64, 00, 73, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILClone + 263 7C9EB058 95 Bytes [ 00, 50, FF, 15, 60, 15, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCloneFirst + 54 7C9EB0B8 36 Bytes [ 00, 00, 8B, F8, 39, 1D, C4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCloneFirst + 7A 7C9EB0DE 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCloneFirst + 7E 7C9EB0E2 96 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCombine + 2E 7C9EB143 7 Bytes [ 74, 1D, 8B, 07, 8B, CF, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCombine + 36 7C9EB14B 26 Bytes [ CC, 00, 00, 00, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCombine + 51 7C9EB166 86 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCombine + A8 7C9EB1BD 17 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCombine + BA 7C9EB1CF 37 Bytes [ 81, C1, 40, 02, 00, 00, 51, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDesktopFolder + 13 7C9EB77B 44 Bytes [ 3B, D7, 72, 1A, 77, 04, 3B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDesktopFolder + 40 7C9EB7A8 25 Bytes [ 5E, 5B, C9, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDesktopFolder + 5A 7C9EB7C2 24 Bytes [ 15, 60, 15, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDesktopFolder + 73 7C9EB7DB 44 Bytes [ C7, 5F, 5E, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDesktopFolder + A0 7C9EB808 233 Bytes [ 90, 90, 90, 90, 90, C7, 01, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRestricted + 38 7C9EC091 38 Bytes [ 85, C0, 74, 1E, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRestricted + 5F 7C9EC0B8 2 Bytes [ 90, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRestricted + 63 7C9EC0BC 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRestricted + 6F 7C9EC0C8 41 Bytes [ 83, C0, 04, 50, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRestricted + 99 7C9EC0F2 35 Bytes [ 4D, 08, 56, 8B, F1, 57, C1, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILRemoveLastID + 1 7C9EC1B8 4 Bytes [ EC, 83, EC, 10 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILRemoveLastID + 8 7C9EC1BF 28 Bytes [ 85, C9, 0F, 85, 06, 07, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILRemoveLastID + 25 7C9EC1DC 93 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILRemoveLastID + 83 7C9EC23A 104 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILRemoveLastID + EC 7C9EC2A3 6 Bytes [ 80, 0F, 8D, C6, 74, 00 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetSettings + 63 7C9EC413 75 Bytes [ 50, A5, 89, 45, C8, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetSettings + AF 7C9EC45F 42 Bytes [ 74, 17, FF, 75, CC, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetSettings + DA 7C9EC48A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetSettings + F6 7C9EC4A6 78 Bytes [ 0F, 8C, E4, 01, 00, 00, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetSettings + 145 7C9EC4F5 5 Bytes [ 56, 57, 68, D0, 00 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCLSIDFromString + 26 7C9EC7D9 28 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCLSIDFromString + 43 7C9EC7F6 96 Bytes CALL CA29C801
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCLSIDFromString + A4 7C9EC857 39 Bytes [ 47, 85, C0, 74, 49, 8B, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCLSIDFromString + CC 7C9EC87F 71 Bytes [ 11, 85, C0, 7C, 18, 56, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCLSIDFromString + 114 7C9EC8C7 5 Bytes [ FF, FF, 5D, C2, 10 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindLastID + 2A 7C9EC9A6 80 Bytes [ 53, FF, 75, 10, 8D, 4F, F0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindLastID + 7B 7C9EC9F7 53 Bytes [ CE, 2B, C8, D1, F9, 51, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindLastID + B1 7C9ECA2D 94 Bytes [ 75, 10, 53, FF, 37, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindLastID + 110 7C9ECA8C 19 Bytes [ 73, 00, 00, 00, 41, 00, 6C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindLastID + 124 7C9ECAA0 55 Bytes [ 49, 00, 44, 00, 50, 00, 52, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHParseDisplayName + 3E 7C9EDBAE 133 Bytes [ 0F, 84, 78, 1A, 01, 00, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHParseDisplayName + C4 7C9EDC34 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHParseDisplayName + FF 7C9EDC6F 51 Bytes CALL 7C9EDB13 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHParseDisplayName + 133 7C9EDCA3 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHParseDisplayName + 13F 7C9EDCAF 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHILCreateFromPath + 8C 7C9EE1CC 27 Bytes CALL 7C9EE171 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHILCreateFromPath + A8 7C9EE1E8 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHILCreateFromPath + D8 7C9EE218 33 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHILCreateFromPath + FA 7C9EE23A 89 Bytes [ 8D, BD, E4, FB, FF, FF, F3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHILCreateFromPath + 154 7C9EE294 19 Bytes [ 53, FF, 75, 14, 57, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPath + 1 7C9EE2E0 8 Bytes [ EC, FF, 75, 10, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPath + A 7C9EE2E9 13 Bytes [ 68, 90, 44, 9C, 7C, 6A, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPath + 18 7C9EE2F7 7 Bytes [ FF, 5D, C2, 0C, 00, 90, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPath + 22 7C9EE301 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPath + 29 7C9EE308 52 Bytes [ 30, 02, 00, 00, A1, 48, F5, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathW + 1 7C9EED77 38 Bytes [ D8, 85, DB, 7C, 6B, 83, C6, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathW + 28 7C9EED9E 150 Bytes [ 51, 14, 8B, D8, 85, DB, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathW + BF 7C9EEE35 27 Bytes [ 8B, 75, 08, 89, 45, F8, 89, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathW + DC 7C9EEE52 13 Bytes [ 85, C0, 0F, 84, 92, 0B, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathW + EA 7C9EEE60 4 Bytes [ 85, 86, 1B, 00 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderLocation + 19 7C9EF27A 16 Bytes [ 8D, 43, 03, 50, FF, 15, 24, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderLocation + 2A 7C9EF28B 33 Bytes [ FF, 85, C0, 0F, 85, 26, 17, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderLocation + 4C 7C9EF2AD 49 Bytes [ 00, 00, 85, C0, 0F, 8D, 68, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderLocation + 7E 7C9EF2DF 16 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderLocation + E 7C9EF2F1 73 Bytes CALL 7C9EF13F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderLocation + 58 7C9EF33B 1 Byte [ FB ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderLocation + 5B 7C9EF33E 3 Bytes [ 84, DC, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderLocation + 60 7C9EF343 3 Bytes [ 66, 83, 22 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderLocation + 64 7C9EF347 14 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCoCreateInstance 7C9EF5E2 65 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCoCreateInstance + 42 7C9EF624 40 Bytes [ 15, A8, F2, BB, 7C, 3B, C7, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCoCreateInstance + 6B 7C9EF64D 32 Bytes [ 08, 50, FF, 51, 18, 8B, 06, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCoCreateInstance + 8C 7C9EF66E 1 Byte [ 08 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCoCreateInstance + 8E 7C9EF670 27 Bytes [ 33, DB, EB, 93, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderPathW + 1A 7C9EF792 5 Bytes [ 45, 39, B5, A4, FD ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderPathW + 20 7C9EF798 33 Bytes [ FF, 74, 52, C7, 85, AC, FD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderPathW + 42 7C9EF7BA 22 Bytes CALL 7C9EE7B4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderPathW + 59 7C9EF7D1 58 Bytes [ FF, 8B, F8, 3B, FE, 7D, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSpecialFolderPathW + 94 7C9EF80C 41 Bytes [ FF, 50, F3, A5, FF, 15, 3C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsNetDrive + 2 7C9F063E 8 Bytes [ 15, 60, F5, 9E, 7C, 5D, C2, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsNetDrive + B 7C9F0647 98 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsNetDrive + 71 7C9F06AD 113 Bytes [ 8B, FF, 55, 8B, EC, 83, 3D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsNetDrive + E3 7C9F071F 7 Bytes CALL 7C9F01D6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsNetDrive + EB 7C9F0727 18 Bytes [ DB, 75, 21, F6, 45, 15, 40, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealDriveType + 15 7C9F0EAB 80 Bytes [ 18, 3B, C3, 74, 02, 89, 30, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DriveType + 2E 7C9F0EFC 29 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DriveType + 4C 7C9F0F1A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DriveType + 68 7C9F0F36 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DriveType + 85 7C9F0F53 50 Bytes CALL 7C9F0D0E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DriveType + B8 7C9F0F86 21 Bytes [ 75, 0C, 53, FF, 15, 30, 1C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDListW + 3B 7C9F105F 17 Bytes JMP 7C9EB1B7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDListW + 4D 7C9F1071 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDListW + 60 7C9F1084 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDListW + 7A 7C9F109E 47 Bytes [ 00, 49, 0F, 85, 55, 4F, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDListW + AA 7C9F10CE 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsEqual + 20 7C9F122F 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsEqual + 28 7C9F1237 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsEqual + 43 7C9F1252 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsEqual + 46 7C9F1255 48 Bytes [ EC, 81, EC, 54, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsEqual + 77 7C9F1286 85 Bytes [ FF, 8D, 8D, D4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowW + 27 7C9F12DC 23 Bytes [ 3B, F3, 0F, 9F, C0, 8B, 4D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowW + 41 7C9F12F6 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowW + 47 7C9F12FC 144 Bytes [ EC, 51, 51, 53, 56, 57, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowW + D8 7C9F138D 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowW + 122 7C9F13D7 7 Bytes [ C0, 75, AD, B8, FF, FF, 00 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsParent + 14 7C9F1440 77 Bytes [ 00, B9, FF, FF, 00, 00, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsParent + 62 7C9F148E 79 Bytes [ FF, 50, FF, B5, 98, FE, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILIsParent + B2 7C9F14DE 90 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindChild + 4D 7C9F1539 95 Bytes CALL 7CA23B92 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindChild + AD 7C9F1599 37 Bytes [ DB, 7C, 41, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindChild + D3 7C9F15BF 42 Bytes [ 45, 14, 8B, 4D, 0C, 8B, 11, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindChild + FE 7C9F15EA 133 Bytes [ 1B, C0, 83, D8, FF, E9, C5, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILFindChild + 184 7C9F1670 13 Bytes [ EC, FD, FF, FF, 50, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetClassObject + A6 7C9F295F 85 Bytes [ A1, AC, FA, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetClassObject + FC 7C9F29B5 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetClassObject + 102 7C9F29BB 15 Bytes [ FF, 55, 8B, EC, 53, 56, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetClassObject + 112 7C9F29CB 9 Bytes [ 85, FF, BB, 02, 40, 00, 80, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetClassObject + 11C 7C9F29D5 62 Bytes [ 07, 8D, 4D, 0C, 51, 68, 38, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetImageLists + 26 7C9F3D2F 51 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetImageLists + 5A 7C9F3D63 4 Bytes [ FF, 75, 20, 8B ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetImageLists + 5F 7C9F3D68 42 Bytes [ 08, FF, 75, 18, 83, C1, F0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetImageLists + 8A 7C9F3D93 63 Bytes [ 42, EB, 05, 00, FF, 75, 20, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetImageLists + CB 7C9F3DD4 15 Bytes [ FE, 34, 9F, 7C, AA, DF, 9F, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBindToParent + 72 7C9F3F02 32 Bytes [ F1, FF, 75, 08, FF, 76, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBindToParent + 93 7C9F3F23 9 Bytes [ 55, 8B, EC, 83, 3D, 78, FA, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBindToParent + 9D 7C9F3F2D 35 Bytes [ 0F, 84, 1F, E3, 00, 00, A1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBindToParent + C1 7C9F3F51 4 Bytes [ 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBindToParent + C6 7C9F3F56 32 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetCachedImageIndex + 1A 7C9F3FFA 45 Bytes CALL 7C9F4016 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetCachedImageIndex + 48 7C9F4028 348 Bytes [ 75, 08, 8B, F9, 8D, 5F, 20, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetCachedImageIndex + 1A5 7C9F4185 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetCachedImageIndex + 1AA 7C9F418A 14 Bytes [ 00, 00, 3C, 7E, 87, 3B, DE, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_GetCachedImageIndex + 1B9 7C9F4199 14 Bytes [ 52, 1C, 6A, 90, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyDeregister + 2D 7C9F5457 30 Bytes [ 00, 83, F8, 34, 0F, 86, F3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyDeregister + 4C 7C9F5476 64 Bytes [ 4E, 0F, 85, 9B, 3D, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyDeregister + 8D 7C9F54B7 10 Bytes [ 89, 7D, E0, 89, 7D, E4, 81, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyDeregister + 9A 7C9F54C4 35 Bytes [ 0F, 84, C8, 5D, 00, 00, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyDeregister + BE 7C9F54E8 50 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2 7C9F659A 39 Bytes [ 75, 10, FF, 75, 08, E8, C4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2B 7C9F65C3 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2F 7C9F65C7 26 Bytes [ EC, 51, 51, 56, 57, 8B, F1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 4A 7C9F65E2 55 Bytes [ 00, 8B, D8, 3B, DF, 74, 6F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 82 7C9F661A 93 Bytes [ C6, 0C, 89, 75, F8, 89, 7D, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyRegister + 1E 7C9F88F5 92 Bytes [ 8B, 4D, FC, 8B, C7, 5F, 5E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyRegister + 7D 7C9F8954 30 Bytes [ 14, 8B, 06, FF, 75, 10, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyRegister + 9C 7C9F8973 9 Bytes [ FF, 39, 46, 1C, 0F, 8C, B7, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyRegister + A6 7C9F897D 55 Bytes [ EB, A3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifyRegister + DE 7C9F89B5 10 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_MergeMenus + 15 7C9F8FE9 37 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_MergeMenus + 3B 7C9F900F 14 Bytes [ 46, 24, 3B, C1, 8D, 50, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_MergeMenus + 4A 7C9F901E 66 Bytes [ 00, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_MergeMenus + 8D 7C9F9061 2 Bytes [ 96, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_MergeMenus + 91 7C9F9065 15 Bytes [ EB, E1, FF, 75, 08, E8, B2, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderView + 2 7C9FA63C 88 Bytes [ 75, 08, 8D, 8E, 40, 02, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderView + 5B 7C9FA695 62 Bytes [ 00, 00, 85, C0, 0F, 84, 02, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderView + 9A 7C9FA6D4 130 Bytes [ 00, FF, 75, 08, 8B, 00, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderView + 11D 7C9FA757 5 Bytes [ 80, A6, 12, 02, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderView + 123 7C9FA75D 129 Bytes [ FE, F6, 86, 14, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7C9FCB7C 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7C9FCB98 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7C9FCB9F 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7C9FCBF3 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7C9FCBFB 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconExW + 4D 7C9FE204 78 Bytes [ CF, FF, 75, 08, 56, E8, B8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconExW + 9C 7C9FE253 31 Bytes [ 00, 68, 68, D2, 9F, 7C, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconExW + BC 7C9FE273 5 Bytes [ 00, 81, 32, 9F, 7C ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconExW + C2 7C9FE279 34 Bytes [ 00, 00, 00, 7A, DF, 66, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconExW + E9 7C9FE2A0 35 Bytes CALL 7C9E8417 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCloneSpecialIDList + 3A 7C9FE585 34 Bytes [ 89, 45, DC, 8B, 45, 14, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCloneSpecialIDList + 5D 7C9FE5A8 2 Bytes [ D9, A5 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCloneSpecialIDList + 60 7C9FE5AB 37 Bytes [ 15, 94, 1A, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCloneSpecialIDList + 86 7C9FE5D1 20 Bytes [ 03, 00, 00, 8B, 45, E8, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCloneSpecialIDList + 9B 7C9FE5E6 25 Bytes [ 56, 0C, 8B, F8, 33, F6, 3B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconW + 48 7C9FECE1 26 Bytes [ 7D, 10, 33, DB, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconW + 63 7C9FECFC 57 Bytes [ 20, 85, C0, 74, 0C, FF, 46, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconW + 9D 7C9FED36 73 Bytes [ 75, 08, 8B, 46, 08, FF, 76, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHExtractIconsW + 36 7C9FED80 27 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHExtractIconsW + 52 7C9FED9C 24 Bytes [ 08, 50, FF, 51, 08, C7, 06, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHExtractIconsW + 6B 7C9FEDB5 54 Bytes [ 75, 0C, 57, 8B, 7D, 08, 23, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHExtractIconsW + A2 7C9FEDEC 23 Bytes [ 33, C0, EB, E3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHExtractIconsW + BA 7C9FEE04 159 Bytes [ 89, 46, 0C, 8B, 45, 08, C7, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetVersion + 5 7C9FFA08 74 Bytes [ 81, EC, 28, 02, 00, 00, A1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetVersion + 51 7C9FFA54 51 Bytes [ 00, 57, 68, 70, F5, BC, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetVersion + 85 7C9FFA88 6 Bytes [ 00, 00, 75, 15, 56, 53 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetVersion + 8C 7C9FFA8F 88 Bytes [ B5, EC, FD, FF, FF, E8, 65, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllGetVersion + E5 7C9FFAE8 14 Bytes [ 85, E4, FD, FF, FF, 89, B5, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetImageList + C 7C9FFF35 39 Bytes [ F0, FF, FF, 75, 03, 09, 46, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetImageList + 34 7C9FFF5D 13 Bytes JMP 7C9F3AFF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetImageList + 43 7C9FFF6C 26 Bytes [ 88, F1, 9F, 7C, 6C, F1, 9F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetImageList + 5F 7C9FFF88 15 Bytes [ DC, F0, 9F, 7C, B8, F0, 9F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetImageList + 6F 7C9FFF98 11 Bytes [ 54, F0, 9F, 7C, 30, F0, 9F, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathResolve + 5B 7CA02AF5 338 Bytes [ B9, F1, 7E, AD, 7C, 89, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathResolve + 1AE 7CA02C48 2 Bytes [ E1, 69 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathResolve + 1B2 7CA02C4C 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathResolve + 1C4 7CA02C5E 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathResolve + 1DA 7CA02C74 19 Bytes [ 83, 25, A0, 00, BD, 7C, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteExW + 96 7CA02F99 61 Bytes [ 83, FF, 08, 0F, 8E, 51, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteExW + D4 7CA02FD7 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteExW + F6 7CA02FF9 92 Bytes [ 10, 89, 91, AC, 00, BD, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteExW + 153 7CA03056 62 Bytes [ 00, 56, FF, 35, 84, 05, BD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteExW + 192 7CA03095 30 Bytes [ 1D, 9C, 7C, 99, 2B, C2, D1, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHTestTokenMembership + 54 7CA055B3 32 Bytes [ 00, 57, FF, B6, 04, 60, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHTestTokenMembership + 75 7CA055D4 179 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHTestTokenMembership + 129 7CA05688 5 Bytes [ FF, 55, 8B, EC, 56 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHTestTokenMembership + 12F 7CA0568E 19 Bytes CALL 7CA056F6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHTestTokenMembership + 144 7CA056A3 50 Bytes [ 0F, 85, 97, 8E, 04, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenRegStream + 1 7CA05ABF 25 Bytes [ EC, 81, EC, 60, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenRegStream + 1B 7CA05AD9 24 Bytes [ 89, BD, A8, FD, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenRegStream + 34 7CA05AF2 12 Bytes [ 8D, 70, 04, 56, FF, 15, F4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenRegStream + 41 7CA05AFF 52 Bytes [ 75, 8D, 85, A0, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenRegStream + 76 7CA05B34 32 Bytes CALL 7CA05B8C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILLoadFromStream + 4 7CA0693A 58 Bytes [ D8, 85, DB, 0F, 8C, 57, C1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILLoadFromStream + 3F 7CA06975 3 Bytes [ C3, 5B, E8 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILLoadFromStream + 43 7CA06979 27 Bytes [ 1A, FE, FF, C9, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILLoadFromStream + 5F 7CA06995 25 Bytes [ 5D, C2, 04, 00, 48, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILLoadFromStream + 79 7CA069AF 224 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_ShowDragImage + 1 7CA08C9D 114 Bytes [ 47, 30, 85, C0, 0F, 85, 7A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_ShowDragImage + 74 7CA08D10 2 Bytes [ 50, 53 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_ShowDragImage + 77 7CA08D13 3 Bytes [ CE, F9, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_ShowDragImage + 7B 7CA08D17 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_ShowDragImage + A7 7CA08D43 190 Bytes [ FF, 15, EC, 14, 9C, 7C, 85, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA0B1D7 5 Bytes [ FF, 01, 00, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA0B1DD 131 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExW + 17 7CA0B261 99 Bytes [ 16, 9C, 7C, 5F, 5E, 5B, C3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA0B2C5 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExW + 93 7CA0B2DD 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExW + E8 7CA0B332 4 Bytes [ 84, 1E, E8, 04 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExW + ED 7CA0B337 3 Bytes [ 6A, 43, FF ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateRecycleBinIcon + 5 7CA0BCE5 39 Bytes [ 8B, C6, 5E, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateRecycleBinIcon + 2D 7CA0BD0D 49 Bytes [ BD, 7C, 3B, 18, 75, E0, 33, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateRecycleBinIcon + 5F 7CA0BD3F 93 Bytes JMP 7C9F9149 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateRecycleBinIcon + BD 7CA0BD9D 49 Bytes [ FF, 8B, F0, 3B, F7, 0F, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateRecycleBinIcon + EF 7CA0BDCF 69 Bytes [ FF, 75, FC, FF, 56, 18, E9, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsUserAnAdmin + 35 7CA0DB90 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsUserAnAdmin + 46 7CA0DBA1 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsUserAnAdmin + 5A 7CA0DBB5 5 Bytes [ 0F, 85, EA, C1, 03 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsUserAnAdmin + 60 7CA0DBBB 42 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsUserAnAdmin + 8B 7CA0DBE6 16 Bytes [ C5, C1, 03, 00, 8B, 45, 10, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathProcessCommand + 41 7CA0E4CC 1 Byte [ 53 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathProcessCommand + 43 7CA0E4CE 38 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathProcessCommand + 6A 7CA0E4F5 9 Bytes [ FF, 83, FE, FF, 0F, 84, AE, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathProcessCommand + 74 7CA0E4FF 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathProcessCommand + 8B 7CA0E516 5 Bytes [ 89, 9D, B0, FB, FF ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFileAorW + 3D 7CA1192E 48 Bytes [ C1, FD, FF, FF, 08, 0F, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFileAorW + 6E 7CA1195F 41 Bytes [ 76, 28, 33, DB, 8D, 85, B8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFileAorW + 98 7CA11989 30 Bytes [ 40, 89, 85, F8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFileAorW + B7 7CA119A8 50 Bytes [ FF, FF, 8D, 4E, FC, E8, 46, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFileAorW + EB 7CA119DC 51 Bytes [ FF, 8B, 85, 58, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListA + 15 7CA1B936 5 Bytes [ 33, C8, 89, 8B, A4 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListA + 1C 7CA1B93D 46 Bytes JMP 7CA1BDD3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListA + 4B 7CA1B96C 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListA + 73 7CA1B994 5 Bytes [ 89, 83, A4, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListA + 79 7CA1B99A 58 Bytes JMP 7CA1BDD4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetFolderCustomSettingsW + 53 7CA1DC20 68 Bytes [ 76, 08, FF, D7, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetFolderCustomSettingsW + 98 7CA1DC65 25 Bytes [ 00, FF, 45, E4, 8B, 45, E4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetFolderCustomSettingsW + B2 7CA1DC7F 34 Bytes [ F6, D9, 1B, C9, 23, 4D, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetFolderCustomSettingsW + D5 7CA1DCA2 14 Bytes CALL 7CA197C3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSetFolderCustomSettingsW + E5 7CA1DCB2 43 Bytes [ F6, 46, 44, 01, 0F, 85, C4, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetLocalizedName + 6 7CA21652 8 Bytes [ 6C, 24, 04, 08, E9, D2, F5, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetLocalizedName + F 7CA2165B 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetLocalizedName + 2D 7CA21679 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetLocalizedName + 4B 7CA21697 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetLocalizedName + 85 7CA216D1 14 Bytes JMP 7CA0F4F3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushSFCache + 32 7CA217B0 59 Bytes [ 85, C0, 0F, 84, 86, 18, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushSFCache + 6E 7CA217EC 52 Bytes [ 75, 10, 0F, 84, 0D, 37, 03, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushSFCache + A3 7CA21821 86 Bytes [ 00, 90, 90, 90, 90, 90, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushSFCache + FA 7CA21878 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushSFCache + 161 7CA218DF 4 Bytes [ FD, FF, FF, 8D ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIcon + B 7CA221E1 45 Bytes [ 83, BD, 3C, F5, FF, FF, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIcon + 39 7CA2220F 7 Bytes [ FF, 00, 09, 8D, 28, F5, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIcon + 41 7CA22217 18 Bytes [ 89, 85, 58, F5, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIcon + 54 7CA2222A 8 Bytes [ FF, 8B, F8, 85, FF, 7C, 23, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIcon + 5D 7CA22233 2 Bytes [ 24, F5 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Lock + 6 7CA228EB 9 Bytes [ FF, 8B, CB, 50, 0F, 84, F9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Lock + 10 7CA228F5 66 Bytes [ FF, B5, BC, F9, FF, FF, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Lock + 53 7CA22938 144 Bytes [ 8B, 4D, FC, 8B, 85, C0, F9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Lock + E4 7CA229C9 2 Bytes [ EC, 56 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Lock + E7 7CA229CC 47 Bytes [ 75, 08, FF, 71, 3C, E8, 3F, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractVersionResource16W + 11 7CA22C52 5 Bytes [ FC, FF, C9, C2, 04 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractVersionResource16W + 17 7CA22C58 9 Bytes [ 83, 0E, 18, EB, D5, C7, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractVersionResource16W + 22 7CA22C63 114 Bytes [ A1, 60, FA, BC, 7C, 33, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractVersionResource16W + 96 7CA22CD7 36 Bytes [ 00, FF, 15, 7C, 1A, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractVersionResource16W + BB 7CA22CFC 1 Byte [ 52 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllCanUnloadNow + 27 7CA238B4 15 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllCanUnloadNow + 37 7CA238C4 46 Bytes [ 57, 8B, 7D, 08, F7, 47, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllCanUnloadNow + 66 7CA238F3 31 Bytes [ 00, 00, 85, C0, 74, 16, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllCanUnloadNow + 86 7CA23913 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllCanUnloadNow + 129 7CA239B6 4 Bytes [ 55, 8B, EC, 56 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsExe + 2 7CA23A9F 3 Bytes JMP 7CA2397C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsExe + 6 7CA23AA3 108 Bytes [ FF, 39, 7D, F4, 0F, 85, F1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsExe + 73 7CA23B10 30 Bytes JMP 7CA23893 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsExe + 92 7CA23B2F 8 Bytes JMP 7CA26B44 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsExe + 9B 7CA23B38 24 Bytes [ 40, 04, 8B, 34, 98, 3B, FE, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDrive + 3B 7CA23DCC 54 Bytes [ 69, 00, 6E, 00, 69, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDrive + 72 7CA23E03 96 Bytes [ 83, C6, 04, 81, FE, 2C, 59, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDrive + D3 7CA23E64 20 Bytes [ 9E, 7C, 0F, 85, 72, 01, 02, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDrive + E8 7CA23E79 77 Bytes [ 5E, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDrive + 136 7CA23EC7 28 Bytes [ 0F, 85, 1A, 1A, 02, 00, C3, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Unlock + 5 7CA24415 89 Bytes [ A1, 54, FA, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Unlock + 5F 7CA2446F 19 Bytes [ FF, 8B, 45, 08, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Unlock + 73 7CA24483 3 Bytes [ CE, FF, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Unlock + 77 7CA24487 17 Bytes [ 8B, F8, 3B, FB, 74, 23, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotification_Unlock + 8B 7CA2449B 2 Bytes [ FF, 15 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotify + B 7CA24914 3 Bytes [ 68, 64, FA ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotify + 10 7CA24919 50 Bytes CALL 7CA00BA3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotify + 43 7CA2494C 118 Bytes [ 68, A4, FA, BC, 7C, E8, 4D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotify + BA 7CA249C3 16 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotify + CB 7CA249D4 26 Bytes [ 00, F6, 45, 08, 01, 74, 07, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIconW + 41 7CA2A570 7 Bytes [ 64, 00, 52, 00, 75, 00, 6E ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIconW + 49 7CA2A578 1 Byte [ 44 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIconW + 4B 7CA2A57A 41 Bytes [ 6C, 00, 6C, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIconW + 75 7CA2A5A4 115 Bytes [ 63, 00, 64, 00, 6C, 00, 67, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Shell_NotifyIconW + E9 7CA2A618 74 Bytes [ 75, 00, 63, 00, 74, 00, 69, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListW + 17 7CA2AAD0 122 Bytes [ A2, 7C, C3, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListW + 92 7CA2AB4B 8 Bytes [ 07, BD, 7C, C0, A0, A2, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListW + 9B 7CA2AB54 58 Bytes [ 90, 90, 90, 90, C7, 05, F0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListW + D6 7CA2AB8F 1 Byte [ A0 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListW + D8 7CA2AB91 94 Bytes [ 7C, C3, 90, 90, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathA + FB 7CA2AD0C 5 Bytes [ BD, 7C, C0, A0, A2 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathA + 101 7CA2AD12 43 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathA + 12D 7CA2AD3E 19 Bytes [ C0, A0, A2, 7C, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathA + 141 7CA2AD52 17 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathA + 154 7CA2AD65 77 Bytes [ 90, 90, 90, C7, 05, 14, 09, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfoW + 4D 7CA2B040 89 Bytes [ 3D, D0, F5, BC, 7C, 74, 0D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfoW + A7 7CA2B09A 72 Bytes [ 94, AB, 01, 00, A1, 2C, 09, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfoW + F0 7CA2B0E3 106 Bytes [ A1, 58, F5, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfoW + 15B 7CA2B14E 5 Bytes [ 00, E8, 0B, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfoW + 161 7CA2B154 64 Bytes [ 33, C0, 5D, C2, 0C, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragAcceptFiles + 14 7CA2B1BD 19 Bytes [ D8, 0D, 00, A2, A2, 7C, 89, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragAcceptFiles + 28 7CA2B1D1 155 Bytes [ 8B, 38, 4F, 78, 1C, 56, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragAcceptFiles + C4 7CA2B26D 49 Bytes [ 55, 8B, EC, 53, 56, 57, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragAcceptFiles + F6 7CA2B29F 16 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragAcceptFiles + 107 7CA2B2B0 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetMalloc + 43 7CA2B3D8 16 Bytes [ 80, FF, 15, 30, 10, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetMalloc + 54 7CA2B3E9 9 Bytes [ 10, 9C, 7C, 8B, C6, 5E, 5D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetMalloc + 5E 7CA2B3F3 8 Bytes [ 33, F6, 46, EB, F4, B8, 17, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetMalloc + 67 7CA2B3FC 14 Bytes [ 00, 3B, F8, 0F, 86, 80, 87, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetMalloc + 76 7CA2B40B 13 Bytes [ 72, 40, 81, FF, 12, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILSaveToStream + 54 7CA2F480 28 Bytes [ 03, 56, 56, FF, 75, CC, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILSaveToStream + 73 7CA2F49F 82 Bytes [ 85, FF, C7, 45, FC, 01, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILSaveToStream + C6 7CA2F4F2 52 Bytes [ 00, C7, 45, D4, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILSaveToStream + FB 7CA2F527 50 Bytes [ 75, F4, 8B, 46, 18, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILSaveToStream + 12F 7CA2F55B 26 Bytes [ 8D, B7, B4, 01, 00, 00, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAddToRecentDocs + 7 7CA2FD29 42 Bytes [ FF, 15, E0, 15, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAddToRecentDocs + 32 7CA2FD54 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAddToRecentDocs + 47 7CA2FD69 76 Bytes [ C0, 74, 12, 8B, CF, 8B, D1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAddToRecentDocs + 94 7CA2FDB6 45 Bytes [ 55, 8B, EC, 81, EC, 98, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAddToRecentDocs + C2 7CA2FDE4 2 Bytes [ 9D, 70 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Win32DeleteFile + 4B 7CA30510 4 Bytes [ 84, 4C, 48, 02 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Win32DeleteFile + 50 7CA30515 54 Bytes [ 56, 57, 6A, 60, 6A, 40, BF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Win32DeleteFile + 87 7CA3054C 36 Bytes CALL 7CA304A2 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Win32DeleteFile + AC 7CA30571 16 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Win32DeleteFile + BD 7CA30582 13 Bytes [ 15, 58, 18, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathYetAnotherMakeUniqueName + 6B 7CA308F4 12 Bytes [ 0A, 00, 89, B5, C6, FB, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathYetAnotherMakeUniqueName + 78 7CA30901 78 Bytes [ FF, 8D, BD, C4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathYetAnotherMakeUniqueName + C7 7CA30950 56 Bytes [ FF, 55, 8B, EC, 51, 56, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathYetAnotherMakeUniqueName + 100 7CA30989 14 Bytes [ 5E, C9, C2, 08, 00, 8D, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathYetAnotherMakeUniqueName + 10F 7CA30998 1 Byte [ FF ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathCleanupSpec + 33 7CA30A9F 63 Bytes [ FF, 6A, 00, 50, 6A, 00, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathCleanupSpec + 73 7CA30ADF 12 Bytes [ F3, 33, C0, F3, A7, 0F, 84, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathCleanupSpec + 80 7CA30AEC 4 Bytes [ B5, D0, FD, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathCleanupSpec + 85 7CA30AF1 18 Bytes CALL 7C9EEF16 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathCleanupSpec + 98 7CA30B04 37 Bytes [ 8D, 95, DC, FB, FF, FF, 52, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfoW + 20 7CA30B2A 16 Bytes [ 08, 50, FF, 51, 10, 8B, F0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfoW + 31 7CA30B3B 39 Bytes [ 51, 08, 81, FE, 01, 40, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfoW + 59 7CA30B63 53 Bytes [ 8D, 44, 43, 02, 51, 50, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfoW + 8F 7CA30B99 12 Bytes [ FF, A5, A5, A5, A5, C7, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfoW + 9C 7CA30BA6 26 Bytes [ 00, 00, 8B, 85, D4, F5, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrIW + 58 7CA311BF 106 Bytes JMP 7C9FF007 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrIW + C4 7CA3122B 5 Bytes [ 53, 8D, 45, FC, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrIW + CA 7CA31231 45 Bytes [ 75, 0C, 8B, CE, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrIW + F8 7CA3125F 33 Bytes [ 75, 08, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrIW + 11A 7CA31281 31 Bytes [ 75, 10, FF, 15, 34, 16, 9C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfo + 1 7CA31552 47 Bytes [ 4D, 10, 56, 8B, 75, 0C, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfo + 31 7CA31582 16 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfo + 42 7CA31593 4 Bytes [ 8C, 9C, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfo + 47 7CA31598 30 Bytes [ 83, BD, F0, FD, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFileInfo + 66 7CA315B7 14 Bytes CALL 7C9EBD8F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconW + 63 7CA318A1 17 Bytes [ 5D, 14, 89, 85, C0, F7, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconW + 75 7CA318B3 11 Bytes [ B5, D0, F7, FF, FF, 89, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconW + 81 7CA318BF 1 Byte [ 9D ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconW + 83 7CA318C1 78 Bytes [ F7, FF, FF, 0F, 84, BF, 2F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconW + D2 7CA31910 1 Byte [ D7 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetNext + 2B 7CA3449A 10 Bytes [ 50, FF, 75, 10, FF, B5, E0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetNext + 36 7CA344A5 2 Bytes [ CE, B0 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetNext + 3A 7CA344A9 21 Bytes [ FF, B5, E0, F9, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetNext + 50 7CA344BF 15 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILGetNext + 60 7CA344CF 15 Bytes [ 4D, FC, 5F, 8B, C6, 5E, 5B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ReadCabinetState + 2C 7CA346FD 54 Bytes [ C2, 10, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ReadCabinetState + 63 7CA34734 71 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ReadCabinetState + AB 7CA3477C 3 Bytes [ B6, 68, FB ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ReadCabinetState + AF 7CA34780 27 Bytes [ 85, C0, 59, 74, 35, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ReadCabinetState + CB 7CA3479C 84 Bytes [ 8B, 06, 57, FF, 75, 10, 68, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDList + 21 7CA34C52 94 Bytes [ 66, 00, 00, FF, 76, 28, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDList + 80 7CA34CB1 4 Bytes [ 75, 0C, 8B, D9 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDList + 85 7CA34CB6 53 Bytes CALL 7CA34BEF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDList + BB 7CA34CEC 215 Bytes [ F9, FF, 15, D4, 15, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetPathFromIDList + 193 7CA34DC4 61 Bytes [ 00, 0F, 85, 58, 4A, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgReadMultiple + 1 7CA37A62 30 Bytes [ C7, 5F, 5E, 5D, C2, 0C, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgReadMultiple + 20 7CA37A81 95 Bytes CALL 7CA3796E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgReadMultiple + 80 7CA37AE1 94 Bytes [ FF, 75, 10, 8B, 06, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgReadMultiple + DF 7CA37B40 82 Bytes [ FF, FF, 90, 90, 4D, 6B, A3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgReadMultiple + 132 7CA37B93 19 Bytes [ F2, 33, DB, F3, A7, 74, 05, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetRealIDL + 17 7CA38DC8 46 Bytes [ EC, 81, EC, 10, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetRealIDL + 46 7CA38DF7 18 Bytes [ 80, 00, 00, 3B, F8, 0F, 8F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetRealIDL + 59 7CA38E0A 35 Bytes [ 00, 02, 00, 00, 0F, 84, 6B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetRealIDL + 7D 7CA38E2E 2 Bytes [ 00, 20 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetRealIDL + 81 7CA38E32 50 Bytes [ 0F, 84, 47, 10, 00, 00, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableA + B 7CA3FA07 28 Bytes [ 00, 6A, 06, FF, B0, B0, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableA + 28 7CA3FA24 101 Bytes [ 51, 14, 85, DB, 0F, 8C, DC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableW + 5 7CA3FA93 57 Bytes [ 56, 57, 6A, 00, 8B, F1, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableW + 40 7CA3FACE 17 Bytes [ 8B, 45, 24, 8D, BE, 38, 02, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableW + 52 7CA3FAE0 48 Bytes [ 00, FF, 75, 18, 89, 86, 3C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableW + 83 7CA3FB11 14 Bytes [ 55, 8B, EC, 56, 57, 68, 40, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExecutableW + 92 7CA3FB20 5 Bytes [ 85, C0, 59, 74, 55 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSettings + 14 7CA3FBC1 32 Bytes [ 00, 8B, C7, 5F, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSettings + 35 7CA3FBE2 17 Bytes [ 43, 3B, C3, B9, 05, 40, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSettings + 47 7CA3FBF4 8 Bytes [ F8, 03, 0F, 84, 43, 84, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSettings + 50 7CA3FBFD 19 Bytes [ C0, 75, 50, 53, 56, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetSettings + 64 7CA3FC11 13 Bytes [ 39, 1E, 75, 18, 8B, 47, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteW + 26 7CA409C0 5 Bytes [ 04, 31, D1, EA, 52 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteW + 2C 7CA409C6 5 Bytes [ 6A, FF, 89, 04, BE ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteW + 32 7CA409CC 26 Bytes [ 45, FC, FF, 30, 6A, 00, 6A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteW + 4D 7CA409E7 58 Bytes [ 8B, 45, FC, 47, 3B, 7D, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteW + 88 7CA40A22 82 Bytes [ FF, FF, 33, DB, 8B, F8, 83, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstW + 37 7CA40D96 7 Bytes JMP 7CA4DF23 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstW + 3F 7CA40D9E 85 Bytes [ 83, 7D, FC, 02, 5F, 5E, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstW + 95 7CA40DF4 26 Bytes [ 8B, F0, 8D, 84, 3E, 09, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstW + B0 7CA40E0F 25 Bytes [ 15, 28, 16, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteEx + 4 7CA40E29 38 Bytes [ 7D, 08, 83, C0, F6, 89, 43, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteEx + 2B 7CA40E50 48 Bytes [ 5E, 25, 0E, 00, 07, 80, 5B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteEx + 5C 7CA40E81 68 Bytes [ 15, 80, 14, 9C, 7C, 57, 68, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteEx + A1 7CA40EC6 88 Bytes [ 2B, 45, 0C, 1B, 55, 10, 89, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteEx + FA 7CA40F1F 7 Bytes [ 55, 8B, EC, 51, 56, 8B, F1 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteA + 4B 7CA4119B 1 Byte [ 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteA + 4D 7CA4119D 12 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteA + 5A 7CA411AA 64 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteA + 9B 7CA411EB 50 Bytes [ 08, FF, 15, B8, 1D, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteA + CE 7CA4121E 19 Bytes [ F8, 50, 68, C0, 51, 9C, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CommandLineToArgvW + 1 7CA41349 9 Bytes CALL 7C9E8480 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CommandLineToArgvW + B 7CA41353 150 Bytes [ 90, 90, 90, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CommandLineToArgvW + A2 7CA413EA 9 Bytes [ 83, 7E, 20, 00, 57, 0F, 84, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CommandLineToArgvW + AD 7CA413F5 78 Bytes [ FF, 15, 08, 1E, 9C, 7C, 68, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CommandLineToArgvW + FC 7CA41444 77 Bytes [ 5D, 08, 56, 57, 8B, F1, 56, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A 7CA41F80 84 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 5F 7CA41FD5 1 Byte [ 39 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 6F 7CA41FE5 53 Bytes [ 8B, F0, 8D, 7D, EC, A5, A5, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A5 7CA4201B 80 Bytes CALL 7C9F7D79 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + F6 7CA4206C 70 Bytes [ 61, 00, 6D, 00, 65, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellAboutW + 3F 7CA62EAE 118 Bytes [ 6C, 00, 2C, 00, 2D, 00, 36, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellAboutA + 67 7CA62F25 70 Bytes [ 00, 90, 90, 78, 00, 70, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellAboutA + AE 7CA62F6C 31 Bytes [ 00, 00, 90, 90, 70, 00, 6F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellAboutA + CE 7CA62F8C 27 Bytes [ 32, 00, 30, 00, 32, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellAboutA + EA 7CA62FA8 3 Bytes [ 6C, 00, 6C ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellAboutA + EE 7CA62FAC 107 Bytes [ 2C, 00, 30, 00, 00, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHQueryRecycleBinW + 55 7CA66925 62 Bytes [ FF, FF, 15, B0, 1C, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHQueryRecycleBinA + 2 7CA66964 33 Bytes [ 15, AC, 15, 9C, 7C, 8D, 86, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHQueryRecycleBinA + 24 7CA66986 21 Bytes [ 15, 44, 19, 9F, 7C, 83, F8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHQueryRecycleBinA + 3A 7CA6699C 19 Bytes [ FF, 50, FF, 75, 14, E8, 7B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHQueryRecycleBinA + 4E 7CA669B0 2 Bytes [ 8D, 85 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHQueryRecycleBinA + 51 7CA669B3 66 Bytes [ FB, FF, FF, FF, 75, 10, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinW + 2 7CA66C63 6 Bytes [ FF, 53, E8, 3C, EE, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinW + 9 7CA66C6A 30 Bytes [ 39, B5, DC, F9, FF, FF, 74, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinW + 29 7CA66C8A 31 Bytes [ 18, 01, 00, 00, 74, 08, 39, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinW + 4A 7CA66CAB 14 Bytes CALL 7CA640C7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinW + 59 7CA66CBA 62 Bytes [ 8D, 1C, 9D, C0, 58, BD, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinA + 2E 7CA66CF9 89 Bytes [ 35, A4, F5, BC, 7C, E8, 6E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinA + 88 7CA66D53 110 Bytes [ 56, 0F, 94, C1, 56, 56, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinA + F7 7CA66DC2 55 Bytes [ FF, 0F, 94, C0, 89, 41, 18, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinA + 12F 7CA66DFA 9 Bytes [ 56, 57, 8B, 7D, 08, 89, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEmptyRecycleBinA + 139 7CA66E04 5 Bytes [ FF, 8D, 85, DC, F7 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateStdEnumFmtEtc + 18 7CA66E42 112 Bytes [ 85, C0, 0F, 84, 4A, 02, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateStdEnumFmtEtc + 89 7CA66EB3 183 Bytes [ 8D, 85, DC, F7, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateStdEnumFmtEtc + 141 7CA66F6B 24 Bytes [ D8, BE, 04, 01, 00, 00, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateStdEnumFmtEtc + 15A 7CA66F84 13 Bytes [ 08, FE, FF, FF, 50, 57, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateStdEnumFmtEtc + 168 7CA66F92 3 Bytes [ 32, 68, AC ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WriteCabinetState + 7E 7CA6718D 54 Bytes [ 15, 88, 1C, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WriteCabinetState + B5 7CA671C4 15 Bytes [ FF, 00, EB, 0C, FF, 15, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WriteCabinetState + C5 7CA671D4 135 Bytes [ 83, BD, BC, F7, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WriteCabinetState + 14D 7CA6725C 7 Bytes [ 15, 60, 1C, 9C, 7C, 57, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WriteCabinetState + 155 7CA67264 39 Bytes [ B5, D8, F7, FF, FF, 89, 85, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFreeNameMappings + 2E 7CA690F7 59 Bytes [ FF, 89, 9E, 18, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFreeNameMappings + 6A 7CA69133 22 Bytes [ 07, 3B, C3, 74, 09, 50, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFreeNameMappings + 81 7CA6914A 19 Bytes [ 15, F4, 15, 9C, 7C, 89, 5E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFreeNameMappings + 95 7CA6915E 19 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFreeNameMappings + A9 7CA69172 20 Bytes [ 76, 04, 33, DB, 89, 5D, FC, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectory + 7 7CA6A8D4 1 Byte [ 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectory + 9 7CA6A8D6 18 Bytes [ 41, 56, 8B, 75, 08, 57, 6A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExA + 1 7CA6A8E9 15 Bytes CALL 7CA6A787 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExA + 11 7CA6A8F9 23 Bytes [ FF, 15, 64, 1D, 9C, 7C, 6A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExA + 29 7CA6A911 50 Bytes [ 15, DC, 1D, 9C, 7C, 5F, 5E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExA + 5D 7CA6A945 22 Bytes [ 00, 8B, 51, 34, 85, D2, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateDirectoryExA + 74 7CA6A95C 96 Bytes [ D7, FF, B6, EC, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperationW + 24 7CA70860 27 Bytes [ 00, 8B, 86, A4, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperationW + 41 7CA7087D 225 Bytes [ 00, C7, 46, 3C, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperationW + 123 7CA7095F 11 Bytes [ A1, 48, F5, BC, 7C, 53, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperationW + 12F 7CA7096B 8 Bytes [ FC, 8B, 45, 0C, 57, 8B, D8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperationW + 138 7CA70974 56 Bytes [ 40, 85, C0, BF, 00, 01, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperation + 4B 7CA70B6F 41 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperation + 75 7CA70B99 67 Bytes [ 85, F4, FD, FF, FF, 50, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperation + B9 7CA70BDD 56 Bytes [ FF, EB, 2B, 8B, 3D, AC, 1C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperation + F2 7CA70C16 16 Bytes [ FF, 8B, 46, 40, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFileOperation + 103 7CA70C27 36 Bytes [ FF, 00, 01, 00, 00, 75, 19, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLL + 3D 7CA716A5 27 Bytes JMP 7CA71315 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLL + 59 7CA716C1 88 Bytes [ 00, 50, 8D, 86, F4, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA7171A 5 Bytes [ 50, 8D, 86, F4, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLL + B9 7CA71721 91 Bytes CALL 7CA6BA0F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLLW + 20 7CA7177D 38 Bytes [ B5, 04, F9, FF, FF, E8, AD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLLW + 47 7CA717A4 29 Bytes [ 83, F8, FF, 74, 11, 8D, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA717C2 11 Bytes [ FF, 68, 04, 01, 00, 00, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA717CE 7 Bytes [ 8D, 85, B4, FD, FF, FF, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_FillCache_RunDLLW + 79 7CA717D6 108 Bytes [ 15, AC, 1C, 9C, 7C, 56, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRunControlPanel + 11 7CA72336 5 Bytes [ 5D, C2, 1C, 00, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHRunControlPanel + 1A 7CA7233F 40 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLL + 28 7CA72368 99 Bytes [ 5D, C2, 1C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLLW + 33 7CA723CC 72 Bytes [ 75, 34, 0F, B7, C0, 50, 53, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLLAsUserW + 23 7CA72415 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLLAsUserW + 41 7CA72433 67 Bytes [ 0C, 53, 8B, 5D, 08, 89, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLLAsUserW + 85 7CA72477 45 Bytes [ 85, DB, 74, 0D, 6A, 20, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLLAsUserW + B3 7CA724A5 62 Bytes [ 9C, 7C, 8B, 45, B4, 8B, 4D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Control_RunDLLAsUserW + F2 7CA724E4 25 Bytes [ D7, 66, 85, C0, 66, 89, 06, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconEx + 7 7CA72A4D 25 Bytes CALL 7CA72A4F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DuplicateIcon + 10 7CA72A67 32 Bytes [ FF, 7C, AE, 3B, 9D, F0, FD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DuplicateIcon + 31 7CA72A88 6 Bytes [ FF, 83, 20, 00, EB, 4D ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DuplicateIcon + 38 7CA72A8F 85 Bytes [ B5, E0, FD, FF, FF, 85, F6, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DuplicateIcon + 8E 7CA72AE5 25 Bytes [ 59, F7, FF, C9, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DuplicateIcon + A8 7CA72AFF 24 Bytes [ 04, 56, 89, 75, FC, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FreeIconList + C 7CA72B19 22 Bytes [ 89, 75, 08, FF, B6, 88, CC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FreeIconList + 23 7CA72B30 88 Bytes [ 86, 8C, CC, 9D, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoW + 1B 7CA72B89 53 Bytes [ B6, 94, CC, 9D, 7C, 57, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoW + 51 7CA72BBF 28 Bytes [ 6A, 00, FF, 75, FC, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoW + 6E 7CA72BDC 40 Bytes [ A1, 48, F5, BC, 7C, 53, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoW + 97 7CA72C05 15 Bytes CALL 7C9ED058 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoW + A7 7CA72C15 38 Bytes [ 00, 68, 01, 26, 00, 00, 53, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoA + 11 7CA73088 24 Bytes [ F3, AB, 68, 08, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoA + 2A 7CA730A1 6 Bytes [ FF, 50, 8D, 85, D4, F7 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoA + 32 7CA730A9 29 Bytes CALL 7CA728BC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconResInfoA + 50 7CA730C7 49 Bytes [ FF, 50, 68, 19, 00, 02, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExW + 17 7CA730FA 23 Bytes [ FF, 15, 30, 1C, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExW + 2F 7CA73112 3 Bytes [ 4D, FC, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExW + 33 7CA73116 6 Bytes [ C6, 5E, E8, D3, 52, F7 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExW + 3A 7CA7311D 42 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExW + 65 7CA73148 3 Bytes [ 85, F4, FD ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExA + 20 7CA732CE 10 Bytes [ 75, 0C, FF, 75, 10, 53, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExA + 2D 7CA732DB 24 Bytes [ F8, 56, FF, 15, 34, 16, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExA + 48 7CA732F6 57 Bytes [ 00, 74, 16, FF, B5, EC, FD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExA + 82 7CA73330 5 Bytes [ 75, 08, E8, 1C, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconExA + 89 7CA73337 121 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconW + 10 7CA733B1 115 Bytes [ 68, 08, 02, 00, 00, 89, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconA + 26 7CA73425 8 Bytes [ 53, 8B, 5D, 10, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractIconA + 2F 7CA7342E 63 Bytes [ 8B, 7D, 0C, 89, 45, FC, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListW + C 7CA7346F 10 Bytes [ 33, C0, 40, EB, 05, 83, 26, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListW + 17 7CA7347A 36 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 6C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListW + 3C 7CA7349F 36 Bytes [ 33, C0, F3, A7, 74, 1E, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!InternalExtractIconListW + 61 7CA734C4 211 Bytes [ 75, 08, 8D, 46, 04, 50, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconA + 2B 7CA73598 14 Bytes [ 40, 04, 89, 48, 10, 8B, 4D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconA + 3A 7CA735A7 26 Bytes [ 48, 0C, 89, 03, 33, C0, EB, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconA + 55 7CA735C2 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconA + 60 7CA735CD 51 Bytes [ 6A, 10, 33, C0, 33, C9, 5E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ExtractAssociatedIconA + 94 7CA73601 31 Bytes [ 55, 8B, EC, 83, EC, 34, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstA + 4 7CA736B6 53 Bytes [ D1, 0F, AF, D1, 03, D0, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstA + 3A 7CA736EC 114 Bytes [ FF, 89, 45, FC, EB, 40, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstA + AD 7CA7375F 50 Bytes [ 8D, 45, CC, 50, FF, 15, 28, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DoEnvironmentSubstA + E0 7CA73792 174 Bytes CALL CCF7F7CA
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceA + 99 7CA73841 38 Bytes [ 15, 14, 11, 9C, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceA + C1 7CA73869 2 Bytes [ 48, 11 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceA + C6 7CA7386E 37 Bytes [ 3D, 4C, 12, 9C, 7C, 50, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceA + EC 7CA73894 43 Bytes [ D3, 8B, D8, 53, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDiskFreeSpaceA + 118 7CA738C0 37 Bytes [ 38, 8B, 45, 1C, FF, 30, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHHelpShortcuts_RunDLLW + B 7CA739DD 36 Bytes [ 75, F4, 48, 50, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHObjectProperties + 20 7CA73A02 26 Bytes [ FF, 75, FC, FF, 75, F8, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHObjectProperties + 3B 7CA73A1D 13 Bytes [ 15, 40, 12, 9C, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHObjectProperties + 83 7CA73A65 25 Bytes [ 0C, FF, 15, 48, 1E, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHObjectProperties + 9D 7CA73A7F 10 Bytes [ 8B, 35, 54, 12, 9C, 7C, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHObjectProperties + AA 7CA73A8C 39 Bytes [ FF, D6, 8B, C7, 5F, 5E, C9, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellMessageBoxA + 2 7CA73E03 17 Bytes [ FF, 66, 89, 01, C7, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellMessageBoxA + 15 7CA73E16 24 Bytes [ 66, 39, 5D, 10, 0F, 85, 1C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellMessageBoxA + 2E 7CA73E2F 37 Bytes [ FF, D7, 83, F8, 04, 0F, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellMessageBoxA + 54 7CA73E55 56 Bytes [ FF, 6B, C0, 0E, 83, C0, 06, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellMessageBoxA + 8E 7CA73E8F 1 Byte [ 66 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushClipboard + D 7CA73EDC 21 Bytes [ FF, FF, 15, F0, 14, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushClipboard + 23 7CA73EF2 10 Bytes [ 8B, BD, D8, FD, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushClipboard + 2E 7CA73EFD 11 Bytes [ FF, 8B, 95, D8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushClipboard + 3A 7CA73F09 36 Bytes [ FF, 0E, 8D, B5, E4, FD, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFlushClipboard + 5F 7CA73F2E 13 Bytes [ 89, 85, DC, FD, FF, FF, 72, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowA + 38 7CA74BB9 7 Bytes [ 75, 08, 89, 5D, D8, FF, D6 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowA + 40 7CA74BC1 42 Bytes [ 75, 08, FF, 15, 54, 1E, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowA + 6B 7CA74BEC 118 Bytes [ 75, 08, FF, 15, B8, 1D, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowA + E2 7CA74C63 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathIsSlowA + E9 7CA74C6A 58 Bytes [ 55, 8B, EC, FF, 75, 0C, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathGetShortPath + 2 7CA74F80 33 Bytes [ 8B, 45, 08, 8B, 00, 3B, C3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathGetShortPath + 24 7CA74FA2 38 Bytes [ 75, 10, 8B, 7D, 0C, 68, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathGetShortPath + 4B 7CA74FC9 55 Bytes [ DE, 1B, F6, 46, 5F, 8B, C6, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathGetShortPath + 83 7CA75001 31 Bytes [ 85, C0, 74, 16, FF, 75, 18, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathGetShortPath + A3 7CA75021 56 Bytes [ F6, 7D, 07, 57, FF, 15, 20, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDriveA + 24 7CA7511E 28 Bytes [ 8D, 45, EC, 50, FF, 15, 38, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!IsLFNDriveA + 41 7CA7513B 18 Bytes [ 55, 8B, EC, 81, EC, 14, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathQualify + B 7CA7514F 40 Bytes [ 10, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathQualify + 34 7CA75178 44 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathQualify + 61 7CA751A5 50 Bytes [ FF, A1, A4, 5D, BD, 7C, 3B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathQualify + 95 7CA751D9 10 Bytes [ 04, 00, 00, 00, 89, 9D, 54, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathQualify + A0 7CA751E4 22 Bytes [ D7, 85, C0, 75, 14, 83, BD, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathMakeUniqueName + 12 7CA7553E 19 Bytes [ 08, 68, 98, 45, A7, 7C, 68, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathMakeUniqueName + 26 7CA75552 7 Bytes [ FF, 85, C0, 75, 29, 68, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathMakeUniqueName + 2E 7CA7555A 29 Bytes CALL 7C9ED057 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathMakeUniqueName + 4C 7CA75578 2 Bytes [ E2, F9 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PathMakeUniqueName + 4F 7CA7557B 42 Bytes [ FF, 85, C0, 75, 04, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PickIconDlg + 19 7CA763E0 29 Bytes [ 7D, 08, 89, 95, E0, FB, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PickIconDlg + 37 7CA763FE 7 Bytes [ 45, 0C, 8B, BD, D4, FB, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PickIconDlg + 3F 7CA76406 4 Bytes [ 8B, 9D, D0, FB ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PickIconDlg + 44 7CA7640B 10 Bytes [ FF, 03, C0, 89, 85, C8, FB, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PickIconDlg + 4F 7CA76416 17 Bytes [ B5, DC, FB, FF, FF, 2B, C7, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHInvokePrinterCommandA + 5B 7CA77241 10 Bytes [ 15, 98, 1D, 9C, 7C, E9, E1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHInvokePrinterCommandA + 66 7CA7724C 58 Bytes [ 35, 50, 1D, 9C, 7C, 6A, 0B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHInvokePrinterCommandA + A1 7CA77287 18 Bytes [ 15, 30, 11, 9C, 7C, 33, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHInvokePrinterCommandA + B4 7CA7729A 8 Bytes [ 76, 18, FF, 15, 2C, 11, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHInvokePrinterCommandA + BD 7CA772A3 247 Bytes CALL 7CA1BEDE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PrintersGetCommand_RunDLL + 28 7CA7739B 168 Bytes [ 56, 89, 07, FF, 15, 34, 16, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA77444 2 Bytes [ 75, 10 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PrintersGetCommand_RunDLLW + 4F 7CA77447 3 Bytes [ 45, F4, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PrintersGetCommand_RunDLLW + 53 7CA7744B 8 Bytes [ 75, F8, FF, 75, FC, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PrintersGetCommand_RunDLLW + 5C 7CA77454 8 Bytes [ 75, 08, FF, 75, 18, FF, 55, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PrintersGetCommand_RunDLLW + 66 7CA7745E 64 Bytes [ 75, 2E, FF, D3, 83, F8, 7A, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAddFromPropSheetExtArray + 2 7CA77818 109 Bytes [ 3C, 00, 00, 00, C7, 85, 54, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHReplaceFromPropSheetExtArray + 18 7CA77886 74 Bytes [ F8, FF, 15, 00, 10, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHReplaceFromPropSheetExtArray + 63 7CA778D1 78 Bytes [ 80, 00, 00, 56, 89, 85, E4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHReplaceFromPropSheetExtArray + B2 7CA77920 7 Bytes [ C7, 74, 38, 66, 39, 38, 74 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHReplaceFromPropSheetExtArray + BA 7CA77928 79 Bytes CALL 7CA349D3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHReplaceFromPropSheetExtArray + 10B 7CA77979 5 Bytes [ 50, E8, D0, 73, 04 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreatePropSheetExtArray + 20 7CA77A66 95 Bytes [ D6, 8D, 44, 00, 02, 01, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreatePropSheetExtArray + 80 7CA77AC6 14 Bytes [ C6, 5B, 5F, 5E, C9, C2, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreatePropSheetExtArray + 8F 7CA77AD5 104 Bytes [ 55, 8B, EC, 6A, 00, 68, 4F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreatePropSheetExtArray + F8 7CA77B3E 70 Bytes [ 55, 8B, EC, 81, EC, 3C, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreatePropSheetExtArray + 13F 7CA77B85 21 Bytes [ FF, FF, D7, 8D, 85, EC, FB, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryPoint + 1E 7CA77BD9 69 Bytes [ 34, 16, 9C, 7C, EB, 0C, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragFinish + 7 7CA77C1F 56 Bytes [ 50, 8D, 85, EC, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFile + 2F 7CA77C58 43 Bytes [ 50, 56, 8D, 85, DC, F7, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFile + 5B 7CA77C84 17 Bytes [ B5, C8, F7, FF, FF, E8, 14, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFile + 6D 7CA77C96 18 Bytes [ 8D, 85, D4, F7, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFile + 80 7CA77CA9 52 Bytes [ 8B, 85, D4, F7, FF, FF, 3B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DragQueryFile + B5 7CA77CDE 9 Bytes [ 74, 31, FF, 75, 10, 8D, 85, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialogEx + 2D 7CA783C5 17 Bytes [ 7E, 11, FF, 75, 14, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialogEx + 3F 7CA783D7 44 Bytes [ FF, FF, 75, FC, FF, 15, 34, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialogEx + 6D 7CA78405 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialogEx + 93 7CA7842B 11 Bytes [ 59, 89, 85, A4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialogEx + 9F 7CA78437 28 Bytes CALL 06A78437
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialog + 7 7CA78C8C 13 Bytes [ 75, 11, 53, C7, 05, 58, 59, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialog + 15 7CA78C9A 29 Bytes [ 15, 48, 14, 9C, 7C, 57, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialog + 33 7CA78CB8 21 Bytes [ 15, 08, 16, 9C, 7C, C3, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialog + 49 7CA78CCE 8 Bytes [ A1, 48, F5, BC, 7C, 89, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RestartDialog + 52 7CA78CD7 22 Bytes [ 45, 08, 89, 85, 34, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHOpenPropSheetW + A 7CA7964B 123 Bytes [ FF, 15, 78, 1D, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHOpenPropSheetW + 86 7CA796C7 18 Bytes [ 6A, 01, 68, 10, F0, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHOpenPropSheetW + 9B 7CA796DC 50 Bytes [ 8B, 75, 10, 83, E6, F0, 81, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHOpenPropSheetW + CE 7CA7970F 59 Bytes [ 35, A4, F5, BC, 7C, 89, 35, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHOpenPropSheetW + 10A 7CA7974B 74 Bytes [ 14, 56, FF, 75, 08, C7, 05, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesW + 85 7CA7B32D 9 Bytes [ 75, 10, 74, 11, 56, 68, 58, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesW + 8F 7CA7B337 8 Bytes [ 8D, 8D, 44, F9, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesW + 98 7CA7B340 66 Bytes [ 50, 10, 53, FF, 15, 08, 16, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesA + 32 7CA7B383 30 Bytes [ FF, 15, 40, 1C, 9C, 7C, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesA + 51 7CA7B3A2 57 Bytes [ 55, 8B, EC, 51, 51, E8, 24, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesA + 8B 7CA7B3DC 100 Bytes [ 15, 04, 16, 9C, 7C, 8D, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CheckEscapesA + F0 7CA7B441 92 Bytes [ 8D, B7, BC, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrCpyNA + 17 7CA7B49E 89 Bytes [ D6, 85, C0, 5E, 74, 0F, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpW + 36 7CA7B4F9 27 Bytes [ F7, D8, 1B, C0, 23, 45, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpW + 52 7CA7B515 53 Bytes [ 65, FC, 00, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpA + 2 7CA7B54B 105 Bytes CALL 7CB9E284 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpA + 6C 7CA7B5B5 4 Bytes [ 35, A4, F5, BC ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpA + 71 7CA7B5BA 163 Bytes [ FF, 15, 54, 1D, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpIA + 30 7CA7B65E 26 Bytes [ 85, C0, 0F, 85, 6E, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpIA + 4B 7CA7B679 26 Bytes [ FF, 36, FF, 15, 34, 16, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCmpIA + 66 7CA7B694 145 Bytes [ 55, 8B, EC, 81, EC, CC, 05, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrNCpyA + 35 7CA7B726 30 Bytes [ 50, 68, A4, 52, 9C, 7C, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrRStrW + 4 7CA7B745 54 Bytes [ 85, 4C, FA, FF, FF, 0F, B7, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrRStrW + 3B 7CA7B77C 360 Bytes [ FF, 50, 68, 53, 33, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetPathOffsetW + 75 7CA7B8E5 6 Bytes [ 00, 8D, 85, 50, FA, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirW + 2 7CA7B8EC 35 Bytes [ 50, 53, 68, 80, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirW + 26 7CA7B910 15 Bytes [ 83, A5, 4C, FA, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirW + 36 7CA7B920 49 Bytes [ 00, 0F, 8E, 9A, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirW + 68 7CA7B952 5 Bytes [ 00, E8, 1D, 32, F9 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirW + 6E 7CA7B958 30 Bytes [ 8B, 9D, 34, FA, FF, FF, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirA + 29 7CA7B9B5 150 Bytes [ 3B, 86, B8, 00, 00, 00, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirW + 56 7CA7BA4C 84 Bytes [ 40, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirW + AB 7CA7BAA1 5 Bytes [ 56, E8, C2, F9, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirW + B1 7CA7BAA7 34 Bytes [ EB, 53, 57, 8B, 7D, 14, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirW + D4 7CA7BACA 19 Bytes [ 15, 70, 1E, 9C, 7C, EB, 2B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirW + E8 7CA7BADE 11 Bytes [ 70, 0C, EB, E7, 8B, 4D, 14, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirA + A 7CA7BBE4 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirA + 2D 7CA7BC07 11 Bytes [ 00, 00, 04, 89, 45, FC, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirA + 39 7CA7BC13 45 Bytes [ C0, 0F, 85, CF, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetCurDrive + E 7CA7BC41 82 Bytes [ BC, FE, FF, FF, 89, 85, C4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheSetCurDrive + 3B 7CA7BC94 12 Bytes [ 15, B0, 1C, 9C, 7C, EB, 06, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheSetCurDrive + 48 7CA7BCA1 74 Bytes [ 80, 8D, B9, FE, FF, FF, 40, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathA + 42 7CA7BCEC 2 Bytes [ 07, 80 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathA + 45 7CA7BCEF 59 Bytes [ 4D, FC, 5F, 5E, 5B, E8, F7, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathA + 81 7CA7BD2B 43 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathA + AD 7CA7BD57 81 Bytes [ 00, 00, 48, C7, 85, A0, FD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathW + 4D 7CA7BDA9 38 Bytes [ 35, A4, F5, BC, 7C, FF, 15, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathW + 74 7CA7BDD0 32 Bytes [ 8B, D8, 85, DB, 74, 15, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathW + 95 7CA7BDF1 10 Bytes CALL 7C9EBAEC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheFullPathW + A0 7CA7BDFC 114 Bytes [ 8B, 4D, FC, 5E, 5B, E8, EA, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirExW + 5B 7CA7BE6F 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirExW + 62 7CA7BE76 48 Bytes [ 55, 8B, EC, 81, EC, 1C, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirExW + 93 7CA7BEA7 4 Bytes [ C7, 85, E8, FB ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirExW + 98 7CA7BEAC 23 Bytes [ FF, 02, 00, 00, 00, 50, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheGetDirExW + B0 7CA7BEC4 9 Bytes [ 68, 08, 02, 00, 00, 50, E8, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExW + 33 7CA7BF44 41 Bytes [ 8B, 4D, FC, 8B, 85, E8, FB, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExW + 5D 7CA7BF6E 21 Bytes [ 4D, 14, 53, 8B, 5D, 08, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExW + 73 7CA7BF84 52 Bytes [ FF, 89, 85, 40, F7, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExW + A8 7CA7BFB9 7 Bytes [ 00, 00, 8D, 85, 38, F7, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExW + B0 7CA7BFC1 55 Bytes [ 50, 8D, 85, 44, F7, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExA + 1F 7CA7C1B4 196 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExA + E5 7CA7C27A 17 Bytes [ 0C, 8B, 45, 08, 83, C0, 10, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExA + FA 7CA7C28F 25 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExA + 114 7CA7C2A9 36 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheChangeDirExA + 139 7CA7C2CE 59 Bytes CALL BDB436F6
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RegenerateUserEnvironment + 1B 7CA7D301 3 Bytes [ 85, F0, EF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RegenerateUserEnvironment + 20 7CA7D306 5 Bytes [ 50, 8D, 85, E8, EF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RegenerateUserEnvironment + 26 7CA7D30C 9 Bytes [ FF, 50, FF, 36, 66, 89, BD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RegenerateUserEnvironment + 30 7CA7D316 10 Bytes [ FF, 66, C7, 85, F2, EF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RegenerateUserEnvironment + 3B 7CA7D321 5 Bytes [ 15, 10, 17, 9C, 7C ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_CloseProperties + 11 7CA82AE5 1 Byte [ C0 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_CloseProperties + 13 7CA82AE7 77 Bytes [ 07, 66, 83, 4E, 02, FF, EB, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_CloseProperties + 61 7CA82B35 50 Bytes [ 50, 6A, 40, 8D, 85, 64, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_CloseProperties + 94 7CA82B68 71 Bytes [ 85, 54, FF, FF, FF, FF, 48, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_CloseProperties + DC 7CA82BB0 100 Bytes [ A8, FD, FF, FF, 8B, 45, 18, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_GetProperties + 18 7CA83208 11 Bytes CALL 7C9E83ED C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_GetProperties + 24 7CA83214 22 Bytes [ 90, 90, 90, 90, 90, E8, BB, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_GetProperties + 3B 7CA8322B 15 Bytes [ FF, 55, 8B, EC, 68, 00, 20, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_GetProperties + 4B 7CA8323B 71 Bytes CALL 7CA2BFF1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_GetProperties + 93 7CA83283 78 Bytes [ 00, 74, 04, 33, C0, EB, 2C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_SetProperties + 43 7CA83AB2 46 Bytes [ 00, 75, 07, A1, 44, B1, BD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_SetProperties + 72 7CA83AE1 11 Bytes [ FF, 8B, F0, 85, F6, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_SetProperties + 7E 7CA83AED 10 Bytes [ 00, 00, 00, 8B, 4D, 0C, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_SetProperties + 8C 7CA83AFB 62 Bytes [ 40, 8B, 46, 10, A8, 01, 74, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_SetProperties + CB 7CA83B3A 22 Bytes [ 8B, 46, 40, 83, F8, FF, 74, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_OpenProperties + FB 7CA84068 31 Bytes [ DD, 9D, 7C, FF, 15, 2C, 14, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_OpenProperties + 11B 7CA84088 38 Bytes [ 15, 14, 1C, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_OpenProperties + 143 7CA840B0 34 Bytes [ C9, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_OpenProperties + 166 7CA840D3 11 Bytes [ 51, 8D, 8D, EC, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!PifMgr_OpenProperties + 172 7CA840DF 18 Bytes [ 00, 53, 33, FF, 89, 45, FC, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheRemoveQuotesW + 6 7CA8BF81 81 Bytes [ 4D, B8, 8B, 40, 04, C1, E9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheRemoveQuotesA + 1C 7CA8BFD3 9 Bytes [ 75, B0, 89, 75, B4, FF, D3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheRemoveQuotesA + 26 7CA8BFDD 84 Bytes [ 21, 8B, 45, AC, 8B, 48, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheRemoveQuotesA + 7B 7CA8C032 96 Bytes [ 89, 48, 22, 8D, 45, B4, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathW + 25 7CA8C093 35 Bytes [ 75, B0, C7, 45, B4, 40, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathW + 49 7CA8C0B7 27 Bytes [ 83, 60, 02, 00, 6A, 04, 5E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathW + 65 7CA8C0D3 7 Bytes [ 75, B4, FF, D3, 85, C0, 75 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathW + 6D 7CA8C0DB 28 Bytes [ 8B, 45, AC, 8B, 40, 04, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathW + 8A 7CA8C0F8 143 Bytes [ B0, 89, 75, B4, FF, D3, 85, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathA + 3B 7CA8C25C 61 Bytes [ 75, B4, FF, D6, 83, 65, AC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathA + 79 7CA8C29A 135 Bytes [ 75, B4, FF, D6, 01, 5D, A8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathA + 101 7CA8C322 7 Bytes [ D6, 8B, 47, 04, 0F, B7, 48 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathA + 109 7CA8C32A 22 Bytes [ 0F, B7, 40, 10, 53, C1, E1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheShortenPathA + 120 7CA8C341 2 Bytes [ 75, B4 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheConvertPathW + 16 7CA8C5EC 17 Bytes [ 00, 80, 80, 80, 00, 8B, 42, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheConvertPathW + 28 7CA8C5FE 128 Bytes [ 8B, 42, 04, C7, 80, B4, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheConvertPathW + A9 7CA8C67F 9 Bytes [ EC, 20, FF, 75, 0C, 8D, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheConvertPathW + B4 7CA8C68A 2 Bytes [ 14, 17 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SheConvertPathW + B9 7CA8C68F 61 Bytes [ 45, 08, 83, 65, F0, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLL 7CA8E029 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLL + 4 7CA8E02D 28 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLL + 21 7CA8E04A 9 Bytes [ 74, 6C, 83, F8, FC, 74, 0E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLL + 2B 7CA8E054 20 Bytes [ 74, 37, 83, F8, FE, 0F, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLL + 40 7CA8E069 28 Bytes [ 15, 9C, 1A, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLLW + 2 7CA8E0E5 70 Bytes [ 15, E0, 1D, 9C, 7C, EB, 0E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLLW + 49 7CA8E12C 20 Bytes [ 76, 10, FF, 15, 68, 1D, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLLW + 5E 7CA8E141 93 Bytes [ BB, 09, 35, 00, 00, 74, 1C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLLW + BC 7CA8E19F 1 Byte [ 55 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!OpenAs_RunDLLW + BE 7CA8E1A1 46 Bytes [ EC, 83, EC, 30, 53, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Activate_RunDLL + 1B 7CA8F0AF 29 Bytes [ FF, 07, 00, 00, 00, E8, 21, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Activate_RunDLL + 39 7CA8F0CD 39 Bytes [ 15, 28, F2, BB, 7C, 8B, 4D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Activate_RunDLL + 61 7CA8F0F5 6 Bytes [ 5D, 08, 56, 8B, 75, 10 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Activate_RunDLL + 68 7CA8F0FC 2 Bytes [ 89, 45 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Activate_RunDLL + 6B 7CA8F0FF 10 Bytes CALL 7C9F07DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CA9217E 75 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHIsFileAvailableOffline + 9A 7CA921CA 32 Bytes CALL 7C9EB8E6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHIsFileAvailableOffline + BB 7CA921EB 26 Bytes [ FC, FF, FF, 6A, 00, 56, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHIsFileAvailableOffline + D6 7CA92206 16 Bytes CALL 7CA91E32 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHIsFileAvailableOffline + E7 7CA92217 147 Bytes [ 15, 34, 16, 9C, 7C, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 2F 7CA92549 83 Bytes CALL 7CA92486 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 83 7CA9259D 62 Bytes [ 00, 00, 00, B6, 63, A9, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C3 7CA925DD 6 Bytes [ 75, 08, E8, A4, 06, F8 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEnumerateUnreadMailAccountsW + CA 7CA925E4 49 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEnumerateUnreadMailAccountsW + FC 7CA92616 41 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetAttributesFromDataObject + C8 7CA92A59 63 Bytes [ 74, 0C, FF, B5, B0, FB, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetAttributesFromDataObject + 109 7CA92A9A 24 Bytes [ 18, FF, 75, 14, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetAttributesFromDataObject + 122 7CA92AB3 23 Bytes [ 74, 07, 6A, 00, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetAttributesFromDataObject + 13A 7CA92ACB 52 Bytes [ 55, 8B, EC, 56, FF, 75, 1C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetAttributesFromDataObject + 16F 7CA92B00 61 Bytes [ 8B, D8, 0F, B7, 05, C0, F9, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteA + B4 7CA94AA0 17 Bytes CALL 7C9F9E2C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteA + C8 7CA94AB4 40 Bytes [ 05, BF, 00, 00, 40, 00, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteA + F1 7CA94ADD 11 Bytes [ 3B, C6, 8B, 5D, 10, 89, 03, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteA + FD 7CA94AE9 89 Bytes [ 00, 6A, 13, 56, 56, 56, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPathPrepareForWriteA + 157 7CA94B43 49 Bytes [ FF, D6, 85, C0, 74, 4F, 68, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetUnreadMailCountW + 2 7CA94D0A 56 Bytes CALL 7CA2D8CA C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetUnreadMailCountW + 3B 7CA94D43 4 Bytes [ FF, BE, 00, 04 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetUnreadMailCountW + 41 7CA94D49 2 Bytes [ 0F, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetUnreadMailCountW + 44 7CA94D4C 82 Bytes [ 01, 00, 00, 85, C0, 75, 03, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetUnreadMailCountW + 97 7CA94D9F 6 Bytes [ 45, BC, 50, 6A, 12, 56 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetUnreadMailCountW + 2C 7CA94F48 32 Bytes [ 8B, 0F, 80, E1, 01, F6, D9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetUnreadMailCountW + 4D 7CA94F69 6 Bytes [ 68, 74, 96, 9C, 7C, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetUnreadMailCountW + 54 7CA94F70 53 Bytes [ D6, 8B, 07, 83, E0, 10, C1, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetUnreadMailCountW + 8B 7CA94FA7 93 Bytes [ FF, 75, FC, FF, D6, 8B, 07, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHSetUnreadMailCountW + E9 7CA95005 99 Bytes [ 75, FC, FF, D6, 8B, 07, 25, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetShellStyleHInstance + 1 7CA953A5 49 Bytes [ 85, F0, FD, FF, FF, 5F, 5E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetShellStyleHInstance + 33 7CA953D7 42 Bytes [ 8B, 45, 14, 53, 8B, 5D, 10, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetShellStyleHInstance + 5E 7CA95402 2 Bytes [ FF, 15 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetShellStyleHInstance + 61 7CA95405 15 Bytes [ 1C, 9C, 7C, 33, FF, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetShellStyleHInstance + 71 7CA95415 21 Bytes [ 85, EC, FD, FF, FF, 89, BD, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFormatDrive + 27 7CA982DC 2 Bytes [ 76, 30 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFormatDrive + 2A 7CA982DF 24 Bytes [ D7, 50, FF, D3, 6A, 01, 6A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFormatDrive + 43 7CA982F8 23 Bytes [ 00, FF, 76, 30, FF, D7, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFormatDrive + 5B 7CA98310 20 Bytes [ 5E, 5B, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFormatDrive + 70 7CA98325 3 Bytes [ 00, A1, 48 ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!AppCompat_RunDLLW + 2 7CA98A01 7 Bytes [ FF, 50, 53, 68, 43, 01, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!AppCompat_RunDLLW + A 7CA98A09 35 Bytes [ FF, B5, DC, FD, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!AppCompat_RunDLLW + 2F 7CA98A2E 1 Byte [ FC ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!AppCompat_RunDLLW + 34 7CA98A33 11 Bytes [ 7C, 13, FF, B5, D4, FD, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!AppCompat_RunDLLW + 42 7CA98A41 7 Bytes CALL 7CA919D7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CDefFolderMenu_Create2 + 37 7CA9A228 23 Bytes [ 55, 8B, EC, 51, 51, 53, 56, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CDefFolderMenu_Create2 + 4F 7CA9A240 5 Bytes [ 1D, 94, 1D, 9C, 7C ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CDefFolderMenu_Create2 + 55 7CA9A246 86 Bytes [ FF, D3, 8B, CE, 89, 45, F8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CDefFolderMenu_Create2 + AC 7CA9A29D 79 Bytes CALL 7CA92AC7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CDefFolderMenu_Create2 + FC 7CA9A2ED 33 Bytes [ F0, 85, F6, 7C, 14, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_AutoScroll + 17 7CAA54DD 29 Bytes [ 85, C0, 74, 14, 81, 78, 04, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_AutoScroll + 35 7CAA54FB 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_AutoScroll + 3C 7CAA5502 30 Bytes [ 55, 8B, EC, 53, 56, 8B, 35, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_AutoScroll + 5B 7CAA5521 142 Bytes [ 00, 57, FF, D6, 53, 68, 2E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_AutoScroll + EA 7CAA55B0 66 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_DragEnterEx + 3 7CAAE9AB 122 Bytes [ F8, D1, F8, 03, D1, 3B, D3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_DragMove + 25 7CAAEA26 68 Bytes [ 03, 57, 57, 57, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_SetDragImage + 2A 7CAAEA6B 52 Bytes [ 75, F8, FF, 75, 0C, FF, D3, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_SetDragImage + 5F 7CAAEAA0 24 Bytes CALL 7CA760A4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_SetDragImage + 78 7CAAEAB9 11 Bytes [ 75, F4, FF, 15, 58, 12, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_SetDragImage + 84 7CAAEAC5 64 Bytes [ 15, 54, 12, 9C, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_DragLeave + 2A 7CAAEB06 21 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_DragLeave + 40 7CAAEB1C 13 Bytes CALL 7CAAE92A C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DAD_DragLeave + 4E 7CAAEB2A 146 Bytes [ FF, 75, 10, FF, 76, 50, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDoDragDrop + 80 7CAAEBBD 77 Bytes [ EB, 4B, 39, 44, BB, 58, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDoDragDrop + CE 7CAAEC0B 20 Bytes [ 44, BB, 58, 5F, 5B, 5D, C2, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDoDragDrop + E3 7CAAEC20 85 Bytes [ 14, 83, 65, EC, 00, 56, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDoDragDrop + 139 7CAAEC76 53 Bytes [ D6, 8B, C7, 5F, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDoDragDrop + 16F 7CAAECAC 10 Bytes [ 89, 5D, FC, 75, 6A, 57, E8, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllInstall + 46 7CAB1B72 48 Bytes [ 50, FF, D6, 83, C4, 10, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllInstall + 77 7CAB1BA3 13 Bytes [ 15, 10, 10, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllInstall + 86 7CAB1BB2 47 Bytes [ FF, FF, B5, B8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllInstall + B6 7CAB1BE2 27 Bytes [ 90, 90, 40, 00, 78, 00, 70, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!DllInstall + D2 7CAB1BFE 97 Bytes [ 2C, 00, 2D, 00, 25, 00, 64, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconA + 1D 7CAB4BF3 27 Bytes [ 00, 50, 8D, 46, 38, 50, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconA + 39 7CAB4C0F 28 Bytes [ 85, C0, 74, 07, 8B, CF, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconA + 56 7CAB4C2C 43 Bytes [ 5F, 83, 7D, 0C, 05, 75, 0B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconA + 82 7CAB4C58 18 Bytes CALL 7C9EB04B C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHDefExtractIconA + 95 7CAB4C6B 118 Bytes [ 75, 1A, FF, 75, 14, C7, 46, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHValidateUNC + 3C 7CAB51DC 6 Bytes [ FF, 74, 0D, 81, F9, 38 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHValidateUNC + 43 7CAB51E3 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHValidateUNC + 45 7CAB51E5 12 Bytes JMP 7CAB52E3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHValidateUNC + 52 7CAB51F2 21 Bytes [ 85, C0, 0F, 85, EB, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHValidateUNC + 69 7CAB5209 63 Bytes CALL 7CAB3974 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SignalFileOpen + C 7CAB595C 30 Bytes [ 55, 8B, EC, 81, EC, AC, 03, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SignalFileOpen + 2B 7CAB597B 74 Bytes [ 15, 5C, 1C, 9C, 7C, 8B, F0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SignalFileOpen + 76 7CAB59C6 3 Bytes [ 50, FC, 9D ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SignalFileOpen + 7A 7CAB59CA 37 Bytes [ 8D, 85, 5C, FC, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SignalFileOpen + A0 7CAB59F0 11 Bytes [ 10, 9C, 7C, 89, 9D, 58, FC, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteExW + 75 7CAB5B56 10 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteExW + 80 7CAB5B61 15 Bytes [ C0, 7C, 4F, 8D, 85, 54, FC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteExW + 90 7CAB5B71 11 Bytes [ 50, 6A, 00, 6A, 02, 6A, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteExW + 9C 7CAB5B7D 23 Bytes [ FF, 50, 53, FF, 15, 70, 1B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteA + B 7CAB5B95 11 Bytes [ 50, FF, 15, 28, 1C, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteA + 17 7CAB5BA1 17 Bytes [ B6, 4C, FB, 9D, 7C, 8D, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteA + 29 7CAB5BB3 11 Bytes [ 83, C6, 08, 83, FE, 50, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!RealShellExecuteW + 2 7CAB5BBF 145 Bytes CALL 7CA03717 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteW + 61 7CAB5C51 115 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteW + D5 7CAB5CC5 205 Bytes [ 89, 45, 10, 75, 61, 6A, 20, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteW + 1A3 7CAB5D93 28 Bytes [ 75, 0C, FF, 15, 3C, 1C, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteW + 1C0 7CAB5DB0 26 Bytes [ A1, 48, F5, BC, 7C, 56, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExecuteW + 1DB 7CAB5DCB 18 Bytes CALL 7CA04965 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!GetFileNameFromBrowse + 18 7CAB72BB 5 Bytes [ 89, 9D, 0C, F1, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!GetFileNameFromBrowse + 1E 7CAB72C1 5 Bytes [ 89, B5, D8, F0, FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!GetFileNameFromBrowse + 24 7CAB72C7 86 Bytes [ 89, 9D, DC, F0, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!GetFileNameFromBrowse + 7C 7CAB731F 26 Bytes [ 8B, 08, 50, FF, 51, 0C, 68, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!GetFileNameFromBrowse + 97 7CAB733A 22 Bytes [ 5A, 17, 00, 00, 50, FF, 35, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILAppendID + 12 7CAB7693 35 Bytes [ FF, FF, 15, 40, 19, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILAppendID + 37 7CAB76B8 100 Bytes [ 0F, 84, 78, 04, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILAppendID + 9C 7CAB771D 10 Bytes CALL 7CAB6E74 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILAppendID + A7 7CAB7728 91 Bytes [ FF, 50, 8D, 85, EC, FB, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILAppendID + 103 7CAB7784 4 Bytes [ 15, 54, 1D, 9C ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPathA + 2 7CAB78E2 29 Bytes [ FF, C7, 04, 07, 80, 75, 5F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPathA + 20 7CAB7900 3 Bytes [ B5, 58, F1 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPathA + 24 7CAB7904 24 Bytes [ FF, 01, 85, 4C, F1, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPathA + 3D 7CAB791D 12 Bytes [ 8B, 01, FF, B5, 4C, F1, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ILCreateFromPathA + 4A 7CAB792A 55 Bytes [ 85, 44, F1, FF, FF, 8B, 08, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirA + 6B 7CAB9A8F 26 Bytes [ 8B, 45, E4, 2B, 45, EC, 33, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirA + 86 7CAB9AAA 78 Bytes [ 08, 8B, 45, D8, 33, D2, 39, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirA + D5 7CAB9AF9 4 Bytes [ 00, FF, 76, 18 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirA + DA 7CAB9AFE 60 Bytes [ 15, 34, 1E, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetFolderPathAndSubDirA + 117 7CAB9B3B 27 Bytes [ D3, 8B, 3D, A4, 1D, 9C, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHHandleUpdateImage + 2 7CABAD48 27 Bytes CALL 7CABAD48 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHHandleUpdateImage + 1E 7CABAD64 2 Bytes [ FF, 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHHandleUpdateImage + 22 7CABAD68 2 Bytes [ 30, 16 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHHandleUpdateImage + 26 7CABAD6C 32 Bytes [ 8D, 44, 00, 02, 50, 8D, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHHandleUpdateImage + 47 7CABAD8D 35 Bytes [ B5, E4, FB, FF, FF, FF, 15, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifySuspendResume + 2 7CABB30F 61 Bytes CALL 7CABA7E1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifySuspendResume + 40 7CABB34D 24 Bytes [ 39, 8D, 85, EC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifySuspendResume + 59 7CABB366 12 Bytes [ B5, EC, FD, FF, FF, E8, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHChangeNotifySuspendResume + 66 7CABB373 164 Bytes [ 76, 08, FF, B5, F0, FD, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageW + 2A 7CABB418 19 Bytes [ 8D, 47, F0, 50, 6A, 00, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageW + 3E 7CABB42C 18 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageW + 51 7CABB43F 14 Bytes [ 75, 10, 68, 7C, 01, 9E, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageW + 60 7CABB44E 63 Bytes [ 75, 10, FF, 77, F8, 53, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageW + A0 7CABB48E 28 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageA + 3F 7CABB56C 112 Bytes [ 3D, 68, 1C, 9C, 7C, BE, 98, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageA + B0 7CABB5DD 110 Bytes [ 00, 00, FF, B5, EC, FD, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageA + 11F 7CABB64C 83 Bytes [ FF, 85, C0, 75, 13, FF, B5, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageA + 174 7CABB6A1 21 Bytes [ 00, 00, 83, C6, 1C, 83, BD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHUpdateImageA + 18A 7CABB6B7 2 Bytes [ 4D, FC ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListA + 2 7CAC23E2 18 Bytes [ 36, FF, 15, A4, F6, 9E, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListA + 16 7CAC23F6 85 Bytes [ EB, C4, C7, 45, FC, 0E, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListA + 6C 7CAC244C 148 Bytes [ 75, 08, FF, 75, FC, E8, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListA + 101 7CAC24E1 6 Bytes [ 00, 00, 8B, C3, 83, E8 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetDataFromIDListA + 108 7CAC24E8 62 Bytes [ 74, 08, 2B, C1, 0F, 85, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfo + 79 7CAC26D8 23 Bytes [ 51, 0C, 8B, D8, 3B, DE, 0F, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfo + 91 7CAC26F0 107 Bytes [ 75, 0C, FF, 15, 3C, 1A, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfo + FD 7CAC275C 6 Bytes JMP 7CAC2852 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfo + 104 7CAC2763 61 Bytes [ 34, 8D, 60, F0, A5, 7C, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetNewLinkInfo + 142 7CAC27A1 8 Bytes [ F9, 0A, 0F, 8C, A9, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHOpenFolderAndSelectItems + 7B 7CAC2A99 28 Bytes [ 7C, 0E, 8B, 4D, FC, F7, D9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellItem 7CAC2AB6 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellItem + 8 7CAC2ABE 29 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellItem + 26 7CAC2ADC 2 Bytes [ 4D, FC ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellItem + 29 7CAC2ADF 44 Bytes [ D9, 1B, C9, 83, E1, FE, 41, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellItem + 56 7CAC2B0C 47 Bytes [ 75, 08, 6A, 77, 6A, 06, E8, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateFileExtractIconW + 9 7CAC2C2B 18 Bytes [ 59, 8B, 55, 14, 89, 0A, C9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateFileExtractIconW + 1C 7CAC2C3E 74 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateFileExtractIconW + 67 7CAC2C89 66 Bytes [ 75, 0C, FF, 75, 08, 6A, 02, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateFileExtractIconW + AA 7CAC2CCC 79 Bytes [ 75, 08, 6A, 02, 6A, 0A, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateFileExtractIconW + FA 7CAC2D1C 63 Bytes [ 4D, FC, F7, D9, 1B, C9, 83, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAppBarMessage + 87 7CAC3EE6 4 Bytes [ 8D, 85, 4C, FB ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAppBarMessage + 8C 7CAC3EEB 36 Bytes [ FF, 50, FF, 15, 78, 15, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAppBarMessage + B1 7CAC3F10 82 Bytes [ FF, 5F, 5E, 8B, 4D, FC, 5B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAppBarMessage + 104 7CAC3F63 42 Bytes [ FF, 89, B5, C4, F9, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHAppBarMessage + 12F 7CAC3F8E 31 Bytes [ 50, FF, 15, 4C, 1A, 9C, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHEnableServiceObject + 2 7CAC3FD1 100 Bytes [ D6, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetInstanceExplorer + 30 7CAC4036 16 Bytes [ FF, 50, FF, 15, 14, 1B, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetInstanceExplorer + 41 7CAC4047 24 Bytes [ 0F, 84, 33, 01, 00, 00, 66, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetInstanceExplorer + 5A 7CAC4060 12 Bytes [ FF, 50, FF, B5, CC, F9, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetInstanceExplorer + 67 7CAC406D 50 Bytes [ FF, 50, FF, D3, FF, B5, D0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetInstanceExplorer + 9B 7CAC40A1 15 Bytes CALL 7CA0431E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolderW + 17 7CAC6FB8 94 Bytes [ C1, C7, 00, D4, 67, 9D, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolderW + 76 7CAC7017 12 Bytes [ 50, 68, 00, 80, 00, 00, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolderW + 83 7CAC7024 78 Bytes [ B5, F0, FD, FF, FF, E8, 23, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolderW + D3 7CAC7074 4 Bytes [ 08, 50, FF, 51 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolderW + D8 7CAC7079 142 Bytes [ 8B, 4D, FC, 33, C0, 85, F6, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolder + 6D 7CAC7108 11 Bytes CALL 7C9FF573 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolder + 79 7CAC7114 18 Bytes [ 1D, 5C, 1D, 9C, 7C, 89, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolder + 8C 7CAC7127 12 Bytes [ 50, 68, 44, 37, 00, 00, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolder + 99 7CAC7134 25 Bytes [ 15, 6C, 1D, 9C, 7C, 83, 66, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHBrowseForFolder + B3 7CAC714E 143 Bytes [ 15, E0, 1D, 9C, 7C, FF, 37, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WOWShellExecute + 29 7CAC8601 66 Bytes [ 8B, F0, EB, 02, 33, F6, 3B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WOWShellExecute + 6C 7CAC8644 89 Bytes [ 8D, 55, EC, 52, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WOWShellExecute + C7 7CAC869F 60 Bytes [ 68, 28, B2, 9D, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WOWShellExecute + 104 7CAC86DC 17 Bytes [ 75, 14, 6A, 00, 57, 50, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!WOWShellExecute + 116 7CAC86EE 51 Bytes [ 75, 05, BE, 05, 40, 00, 80, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExec_RunDLLW + 2 7CAC87D6 19 Bytes CALL 7CA9B2AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExec_RunDLLW + 16 7CAC87EA 28 Bytes [ EC, 56, 8D, 45, 08, 50, 6A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExec_RunDLLW + 33 7CAC8807 9 Bytes [ 75, 10, 8B, 08, 6A, 01, 6A, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExec_RunDLLW + 3D 7CAC8811 10 Bytes [ 51, 20, 8B, F0, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellExec_RunDLLW + 48 7CAC881C 26 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateProcessAsUserW + C 7CAC93A0 26 Bytes [ 19, 9C, 7C, F7, D8, 1B, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateProcessAsUserW + 28 7CAC93BC 18 Bytes [ 68, E0, 03, 00, 00, 6A, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateProcessAsUserW + 3B 7CAC93CF 71 Bytes [ 75, 08, FF, 15, EC, 1D, 9C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateProcessAsUserW + 83 7CAC9417 5 Bytes [ 15, 68, 1C, 9C, 7C ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateProcessAsUserW + 89 7CAC941D 16 Bytes [ F8, 3B, FE, 74, 4F, 66, 39, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHShellFolderView_Message + 2 7CACAA6E 5 Bytes [ FF, 04, 00, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHShellFolderView_Message + 8 7CACAA74 18 Bytes [ 15, 30, 1C, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHShellFolderView_Message + 1B 7CACAA87 7 Bytes [ FF, 6A, 01, FF, B5, F4, F7 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHShellFolderView_Message + 23 7CACAA8F 84 Bytes CALL 7CA13719 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHShellFolderView_Message + 78 7CACAAE4 68 Bytes [ FF, 15, 00, 10, 9C, 7C, 5F, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderViewEx + 2 7CACAF07 1 Byte [ 50 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderViewEx + 4 7CACAF09 102 Bytes CALL 7C9EBEF9 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderViewEx + 6B 7CACAF70 35 Bytes [ 50, 8D, 85, FC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderViewEx + 8F 7CACAF94 18 Bytes CALL 7CA136AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateShellFolderViewEx + A2 7CACAFA7 24 Bytes [ 50, FF, 35, A4, F5, BC, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFind_InitMenuPopup + 55 7CACCCA3 32 Bytes [ 50, 30, 5F, 2B, D8, 5E, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFind_InitMenuPopup + 76 7CACCCC4 14 Bytes [ 08, 33, F6, 51, FF, 50, 64, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFind_InitMenuPopup + 86 7CACCCD4 30 Bytes CALL 7C9EC114 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFind_InitMenuPopup + A5 7CACCCF3 14 Bytes [ 8B, EC, 53, 56, 57, 6A, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFind_InitMenuPopup + B4 7CACCD02 16 Bytes [ 15, 70, 19, 9F, 7C, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFindFiles + 2 7CACE248 46 Bytes [ 75, 10, 83, C0, 0C, 50, E8, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFindFiles + 31 7CACE277 168 Bytes [ 55, 8B, EC, 51, 51, 83, 7D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFindFiles + DE 7CACE324 31 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFindFiles + FE 7CACE344 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHFindFiles + 100 7CACE346 23 Bytes [ 46, 10, 57, 8B, 7E, 0C, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHStartNetConnectionDialogW + 2 7CAD197F 48 Bytes [ 7C, 6B, 8B, 46, 14, 8B, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHStartNetConnectionDialogW + 33 7CAD19B0 94 Bytes [ B6, 34, 02, 00, 00, FF, 33, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHStartNetConnectionDialogW + 92 7CAD1A0F 10 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHStartNetConnectionDialogW + 9D 7CAD1A1A 29 Bytes [ 55, 8B, EC, 81, EC, B8, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHStartNetConnectionDialogW + BB 7CAD1A38 125 Bytes [ FF, FF, 89, 45, FC, 8B, 43, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexW + 2A 7CAD3909 60 Bytes [ 55, 8B, EC, 8B, 4D, 08, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexW + 69 7CAD3948 76 Bytes [ 0D, 66, 83, 38, 00, 74, 07, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexW + B6 7CAD3995 24 Bytes [ 39, 5D, 14, 74, 0B, 6A, 02, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexW + CF 7CAD39AE 43 Bytes CALL 7C9EBDF3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexA + 23 7CAD39DA 54 Bytes [ 89, 1F, 89, 1E, B8, 05, 40, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexA + 5A 7CAD3A11 65 Bytes [ F0, 85, F6, 7C, 1A, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexA + 9C 7CAD3A53 96 Bytes [ 7D, 0C, 89, 45, FC, 8D, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexA + FD 7CAD3AB4 38 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHGetIconOverlayIndexA + 125 7CAD3ADC 106 Bytes [ 8B, 4D, 18, A1, 48, F5, BC, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgCreate + 14 7CAD4522 31 Bytes [ 08, FF, 75, FC, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgCreate + 34 7CAD4542 102 Bytes [ FF, 55, 8B, EC, 8B, 45, 18, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgCreate + 9C 7CAD45AA 24 Bytes [ 00, A1, 48, F5, BC, 7C, 53, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgCreate + B5 7CAD45C3 12 Bytes [ FF, 05, 40, 00, 80, 33, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgCreate + C2 7CAD45D0 44 Bytes [ 55, 0C, 39, 11, 74, 0B, 40, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgWriteMultiple + 2 7CAD5170 53 Bytes [ FF, 50, FF, D6, 53, 8D, 85, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgWriteMultiple + 38 7CAD51A6 54 Bytes CALL 7CA25909 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgWriteMultiple + 6F 7CAD51DD 11 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgWriteMultiple + 7B 7CAD51E9 38 Bytes CALL 7CA0C0B3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHPropStgWriteMultiple + A2 7CAD5210 15 Bytes [ FF, FF, D6, 85, C0, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLimitInputEdit + 3B 7CAD5E7D 27 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLimitInputEdit + 57 7CAD5E99 51 Bytes [ 85, C0, 74, 21, 33, F6, F6, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLimitInputEdit + 8B 7CAD5ECD 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 14, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLimitInputEdit + 96 7CAD5ED8 43 Bytes [ 57, FF, 75, 10, BF, 05, 40, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLimitInputEdit + C2 7CAD5F04 31 Bytes [ EC, 56, 8B, 75, 14, 83, 26, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMultiFileProperties + B 7CAD62F3 30 Bytes [ 15, 30, 13, 9C, 7C, 33, C0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMultiFileProperties + 2A 7CAD6312 33 Bytes [ 8B, 46, 10, A9, 00, 00, 01, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMultiFileProperties + 4C 7CAD6334 14 Bytes [ F9, 30, 72, 06, 66, 83, F9, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMultiFileProperties + 5B 7CAD6343 112 Bytes [ 74, 0C, 66, 83, F9, 41, 72, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHMultiFileProperties + CC 7CAD63B4 10 Bytes [ 8B, F1, FF, 15, BC, 14, 9C, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2E 7CAD6ABD 1 Byte [ 55 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 30 7CAD6ABF 2 Bytes [ EC, 56 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 33 7CAD6AC2 94 Bytes [ 8B, 7D, 08, 57, 8B, F1, FF, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 92 7CAD6B21 174 Bytes [ 75, 09, 09, 46, 10, 83, 4E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 141 7CAD6BD0 149 Bytes [ 00, FF, FF, 75, 0F, 83, 7E, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExeDlgProc + 10 7CAF5D63 49 Bytes [ 14, 8B, F8, 85, FF, 7C, 11, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExeDlgProc + 42 7CAF5D95 4 Bytes [ EC, 51, 53, 57 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExeDlgProc + 47 7CAF5D9A 76 Bytes [ 7D, 08, 8D, 4F, DC, E8, FE, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExeDlgProc + 94 7CAF5DE7 21 Bytes [ 11, 8B, 35, D4, 19, 9C, 7C, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!FindExeDlgProc + AA 7CAF5DFD 19 Bytes [ D6, 85, C0, 7C, 06, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CallCPLEntry16 + 16 7CB26310 2 Bytes [ 45, 18 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CallCPLEntry16 + 19 7CB26313 111 Bytes [ 08, 6A, FF, 50, FF, 91, A4, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CallCPLEntry16 + 89 7CB26383 9 Bytes [ 15, F4, 1F, 9C, 7C, 39, 5D, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CallCPLEntry16 + 93 7CB2638D 36 Bytes CALL 7CB26916 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!CallCPLEntry16 + B8 7CB263B2 39 Bytes [ 45, FC, 8B, C1, 6A, 08, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Options_RunDLL + 8 7CB5C586 302 Bytes [ FF, AB, AB, AB, 8D, 85, D0, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Options_RunDLLW + 10B 7CB5C6B5 2 Bytes [ 0F, D8 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Options_RunDLLW + 10F 7CB5C6B9 30 Bytes [ 8B, F0, 85, F6, 75, 31, 57, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Options_RunDLLW + 12E 7CB5C6D8 2 Bytes CALL E6B5C6E0
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Options_RunDLLW + 132 7CB5C6DC 62 Bytes [ 6A, 0A, 56, FF, 15, 18, 1E, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!Options_RunDLLW + 171 7CB5C71B 64 Bytes [ 75, D8, FF, 75, 08, FF, 15, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateLocalServerRunDll + 1 7CB5E4F6 374 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateLocalServerRunDll + 178 7CB5E66D 39 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateLocalServerRunDll + 1A0 7CB5E695 59 Bytes [ FF, 85, C0, 8B, 75, 1C, 74, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateLocalServerRunDll + 1DC 7CB5E6D1 8 Bytes [ 83, 65, 08, 00, F6, 06, 03, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!SHCreateLocalServerRunDll + 1E5 7CB5E6DA 88 Bytes [ 5B, 66, 89, 45, D4, 89, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!ShellMessageBoxW + 1 7CB9C972 10 Bytes [ 75, FC, 68, 31, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrChrA + 1 7CB9C97D 10 Bytes [ D6, 50, FF, 75, FC, 68, 30, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrChrIA + 1 7CB9C988 32 Bytes [ 77, 08, FF, D6, 53, FF, 75, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrCmpNA + 1 7CB9C9A9 10 Bytes [ 45, FC, 8B, 45, FC, 3B, 45, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrCmpNIA + 1 7CB9C9B4 25 Bytes [ 77, 08, 8D, 4F, 48, E8, 83, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrCmpNW + 6 7CB9C9CF 5 Bytes [ 50, 50, FF, 77, 08 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrRChrA + 1 7CB9C9D5 4 Bytes [ 15, A8, F4, BB ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrRChrA + 6 7CB9C9DA 47 Bytes [ FF, 75, 08, 8B, CF, E8, 19, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrRStrIW 7CB9CA0B 61 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + 1F 7CB9CA4B 52 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + 56 7CB9CA82 57 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + 90 7CB9CABC 4 Bytes [ 76, 50, FF, 15 ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + 95 7CB9CAC1 27 Bytes [ 1D, 9C, 7C, 39, BD, DC, FD, ... ]
.text C:\WINDOWS\system32\ctfmon.exe[224] SHELL32.dll!StrStrW + B1 7CB9CADD 21 Bytes CALL 7CB819DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4004] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7358AB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7358BFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7358B7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7359728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73595FE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F736BC5A] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[1004] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1004] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 863461E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 86244980
Device \Driver\usbohci \Device\USBPDO-1 86244980
Device \Driver\usbehci \Device\USBPDO-2 861E51E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 863D01E8
Device \Driver\Cdrom \Device\CdRom0 86253980
Device \Driver\PCI_NTPNP8704 \Device\00000072 sptd.sys
Device \Driver\Cdrom \Device\CdRom1 86253980
Device \Driver\NetBT \Device\NetBt_Wins_Export 85CF0980
Device \Driver\NetBT \Device\NetbiosSmb 85CF0980

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{42A2ECA1-6BE5-4F0B-B262-CC100A5311B5} 85CF0980
Device \Driver\usbohci \Device\USBFDO-0 86244980
Device \Driver\usbohci \Device\USBFDO-1 86244980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85CCF1E8
Device \Driver\usbehci \Device\USBFDO-2 861E51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85CCF1E8
Device \Driver\Ftdisk \Device\FtControl 863D01E8
Device \Driver\apaua7i9 \Device\Scsi\apaua7i91Port2Path0Target0Lun0 86185548
Device \Driver\apaua7i9 \Device\Scsi\apaua7i91 86185548
Device \FileSystem\Cdfs \Cdfs 860DE980
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1040692639
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -53917814
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x46 0xF8 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCF 0x87 0x4F 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x22 0x58 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x46 0xF8 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCF 0x87 0x4F 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x22 0x58 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x46 0xF8 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCF 0x87 0x4F 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x22 0x58 0x72 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6BB7CC6C-E167-4C95-D992-6261CCCC5FE5}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{6BB7CC6C-E167-4C95-D992-6261CCCC5FE5}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{6BB7CC6C-E167-4C95-D992-6261CCCC5FE5}\ProgID@ ADODB.Recordset.2.8
Reg HKLM\SOFTWARE\Classes\CLSID\{6BB7CC6C-E167-4C95-D992-6261CCCC5FE5}\VersionIndependentProgID@ ADODB.Recordset

---- EOF - GMER 1.0.14 ----
You do not have the required permissions to view the files attached to this post.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 11th, 2009, 2:40 pm

Are you able t get net access?
Have we any improvement, let me know.


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
c:\windows\system32\uacinit.dll
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
c:\windows\system32\72BDA401AB.sys

If Jotti is too busy please try Virustotal

-------------------------------


Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:files 
c:\documents and settings\Sheets Family\Application Data\LimeWire
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot
c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\\StubInstaller.exe

    

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Post reports
Jotti's
otmoveit3
malwarebytes
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 12th, 2009, 11:35 am

I apologize for the delay in response, but I've run into a bit of a problem.

First, the two files you asked me to scan using Jotti, with both it said "Found Nothing".

I completed the OTMoveIt3 procedure. Here's where the problem starts.

I didn't save the log. I simply copy and pasted it here like you asked me to, and then began the Malware scan. I had this window open waiting for Malware to complete. Well...last night before I went to bed Malware was at 9 hours...and still scanning. I decided to let it finish overnight.

Well...overnight my laptop decided to update and reboot. :x So now, I've lost the OTMoveIt3 scan, and I have to begin to the Malware scan over. I've disabled automatic updates, and any hibernating or standby modes...and am going to start it again right after I post this.

I apologize for the delay and for this little problem.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 12th, 2009, 1:15 pm

No Problem, if you open up malwarebytes and click the tab logs any logs finished will be in there,just highlight and click open :)
Same goes for otmoveit3 you will find it on your c:\ drive in a folder called otmoveit3 :)
Only in there there will be logs and a file res don't worry about res (restore)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 12th, 2009, 1:34 pm

Oh! YAY!! Well, I looked for the Malware log and it appears it never finished running fully. Grrr!! So, I will run it overnight again and post it in the morning. Unless a quick scan is ok, because it'll finish faster. Otherwise, I'll try a full scan overnight again.

I did find the OTMoveIt3 log, and here it is:

========== FILES ==========
c:\documents and settings\Sheets Family\Application Data\LimeWire\xml\data moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire\xml moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire\themes\windows_theme moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire\themes moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire\promotion moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire\certificate moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire\.AppSpecialShare moved successfully.
c:\documents and settings\Sheets Family\Application Data\LimeWire moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Settings moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-20-34-38 moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16\9.qit moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16\64.qit moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16\12.qit moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16\11.qit moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16\10.qit moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16 moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Log moved successfully.
c:\documents and settings\Sheets Family\Application Data\MalwareRemovalBot moved successfully.
File/Folder c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job not found.
c:\documents and settings\All Users\Application Data\NortonInstaller\Settings moved successfully.
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\2-10-2009-18h25m02s moved successfully.
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs moved successfully.
c:\documents and settings\All Users\Application Data\NortonInstaller moved successfully.
c:\\StubInstaller.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_134248
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 12th, 2009, 3:30 pm

Let's see if we can get rid of some unwanted files first before the scan.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Yes, I would like a full scan please given the problems you are having. When you scan make sure only the scanner is active. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 13th, 2009, 1:01 am

Just to give you a quick update, I ran the ATF cleaner as instructed this afternoon. Right after that, I disabled anti-virus, disabled firewall, shut down all programs, turned off screen saver, and hibernate mode.

I started Malware scan again, and it has been running for 8 hours. It's now 11:00pm where I am, so I'm going to let it attempt to finish overnight, and I'll get back to you in the morning.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 13th, 2009, 4:12 am

Thanks for letting me know. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 13th, 2009, 10:12 am

16 hours later, here finally are the Malware scan results: :)

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

2/13/2009 8:05:13 AM
mbam-log-2009-02-13 (08-05-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 278897
Time elapsed: 16 hour(s), 32 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmlxgaokt.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnmetltft.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACprmjxbrq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtkdliquw.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0161860.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0161861.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0161862.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0161863.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\02112009_134248\documents and settings\Sheets Family\Application Data\MalwareRemovalBot\Quarantine\09-02-2009-17-52-16\37.qit (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 13th, 2009, 1:04 pm

Have things improved any? :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 13th, 2009, 1:15 pm

Oh yes!! Its running MUCH better!
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: Laptop has massive problems

Unread postby dan12 » February 13th, 2009, 1:27 pm

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 11.



Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

post the reports incuding java report and a fresh HJT log
Thanks
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Laptop has massive problems

Unread postby thesheetsfamily » February 14th, 2009, 9:42 am

Ok...I guess I forgot to shut down something or disable my regular virus-scan. I started Kaspersky yesterday evening and woke up this morning to it being froze at only 12%. So I will try again either throughout the day today, or overnight again. Grrr!!

In the meantime, here is the JavaRa log:

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Feb 13 17:37:10 2009

Found and removed: C:\Program Files\Java\jre1.5.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware