Question Some command got executed on its own - possibly a virus?

[bigfriendly]

Word is about this:

I gave my laptop to a family member for a few minutes to book a residence over a local site listing such offers. Then they alarmed me that suddenly this happened. Screen resolution got switched from normal to what you see. A simple restart fixed it for the time being, the desktop is back on track, yet I'm concerned that this happened.

Does anyone know what this command translates to and is a known effect of some malware? I'm super cautious about anything I install, every file I have to download is scanned over virustotal before being opened. Please don't ask me to install any shady freeware that allegedly scans the system, I run only apps from legitimate sources /basically major companies/.

I just need to know what this is.

 

[Eximo]

user32.dll is a pretty core file. Not sure why an import would be happening for it. Any recently installed Windows updates?

sfc /scannow
(system file checker) will verify all important system files.

I am a bit worried that something has replaced the user32.dll that, while it does work to run the Windows GUI, also contains additional nefarious code.

 

[USAFRet]

At bottom right, is that asking you to Activate Windows?

Was it properly activated before?

 

[johnbl]

SendMessage handle to window is -1 which means
to broadcast the message to all top level windows on the system.
you will need to decode the message sent to other windows message queues.

SendMessage
hwnd= -1,
hMsg=0x112,
wParam=0xf170
lParam= 0x2

looks like it is trying to send a message to all the window frames on the local machine to tell them that some change has happened. To notify drivers of a change. (read the below section on broadcast messages)
ie maybe tell other window frames to refresh its listings of devices.

looks pretty normal, easy way of telling your local machine to refresh each window app

see this:
https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-sendmessage

you would have to look in the sdk header files to find out what the what each parameter value actually means.

header file will have lines like this:
#define WM_APPCOMMAND 0x0319

you would have to grep thru the files for the various values to get the name of the command then look up what the command does.