GMER 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2007-01-26 20:11:52
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Documents and Settings\1984\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT sptd.sys ZwCreateKey
SSDT \??\C:\Documents and Settings\1984\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\1984\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Documents and Settings\1984\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\1984\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\1984\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
---- Kernel code sections - GMER 1.0.12 ----
.text USBPORT.SYS!DllUnload F853062C 5 Bytes JMP 829931B8
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2
.text C:\WINDOWS\system32\hldrrr.exe[160] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EE89430
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EE88CEB
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EE88AAE
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EE8F4A7
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EE88C1E
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 6 Bytes [ 37, 37, 91, 40, E9, EE ]
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindFirstFileExW + 9 7C80EC86 2 Bytes [ 68, C2 ]
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EE8F148
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EE8E15E
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EE8C788
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EE8DDD7
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EE8EB6D
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EE8F856
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EE8F819
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EE881E8
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EE8B816
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EE8D6CC
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EE8EC8B
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EE8D522
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EE8F879
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EE8BFD9
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EE8B424
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EE8BEDF
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EE89D1C
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EE8DC00
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EE8EBA3
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EE8DAAC
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EE8D03C
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EE8955F
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EE8F958
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EE8A114
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EE8B40E
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EE8E598
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EE8D8D7
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EE8AF57
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Module32FirstW + 2 7C863E21 3 Bytes JMP 3EE8C17E
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Module32FirstW + 6 7C863E25 2 Bytes [ 62, C2 ]
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EE8F2C5
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EE8DDAD
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EE8B2AB
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EE8EC64
.text C:\WINDOWS\system32\hldrrr.exe[160] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EE8BDA1
.text C:\WINDOWS\system32\hldrrr.exe[160] user32.dll!ExitWindowsEx + 2 77D59E6F 6 Bytes JMP 3EE8848C
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegOpenKeyExW + 2 77F46A7A 6 Bytes JMP 3EE8C527
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegCloseKey + 2 77F46BF2 2 Bytes [ 41, E9 ]
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegCloseKey + 5 77F46BF5 3 Bytes [ 87, F4, C6 ]
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryValueExW + 2 77F46FCA 6 Bytes JMP 3EE8B3AE
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegCreateKeyExW + 2 77F47537 6 Bytes JMP 3EE8F37C
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegOpenKeyExA + 2 77F4761D 6 Bytes JMP 3EE8EB4B
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryValueExA + 2 77F47885 6 Bytes JMP 3EE8BF44
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegEnumValueW + 2 77F48083 6 Bytes JMP 3EE8B931
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegSetValueExW 77F4D7CC 7 Bytes JMP 3EE8B6D6
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryValueW + 2 77F4D8E4 6 Bytes JMP 3EE8CE31
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegCreateKeyExA + 2 77F4EAF6 6 Bytes JMP 3EE8F4CB
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegSetValueExA 77F4EBE7 7 Bytes JMP 3EE8C8CD
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegDeleteValueA + 2 77F4EDE7 6 Bytes JMP 3EE8F931
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegDeleteValueW + 2 77F4EEF3 6 Bytes JMP 3EE8AB59
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegSetValueA + 2 77F56F4B 5 Bytes JMP 3EE8B1B8
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!SetFileSecurityW + 2 77F5AA6B 6 Bytes JMP 3EE8B984
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegEnumValueA + 2 77F5CF4C 6 Bytes JMP 3EE8AE48
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77F61287 6 Bytes JMP 3EE8CD2A
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!CreateProcessAsUserW + 2 77F67777 6 Bytes JMP 3EE88F4B
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegDeleteKeyW + 2 77F69886 6 Bytes JMP 3EE8A048
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!GetFileSecurityW + 2 77F6BCE0 6 Bytes JMP 3EE8A450
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegDeleteKeyA + 2 77F6C125 6 Bytes JMP 3EE8B010
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryInfoKeyA + 2 77F6C1B7 6 Bytes JMP 3EE8CE16
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegOpenKeyA + 2 77F6C41D 6 Bytes JMP 3EE8C2F7
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryValueA + 2 77F6CC12 6 Bytes JMP 3EE8C914
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryInfoKeyW + 2 77F6CCF1 6 Bytes JMP 3EE8A9EF
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77F6D07A 7 Bytes JMP 3EE8B510
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegCreateKeyA + 2 77F6D5BD 6 Bytes JMP 3EE8B600
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!SetFileSecurityA + 2 77F7D2FF 5 Bytes JMP 3EE8D7B0
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!GetFileSecurityA + 2 77F7D365 5 Bytes JMP 3EE8D1AA
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!CreateProcessAsUserA + 2 77F8095A 6 Bytes JMP 3EE87EDE
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!CreateProcessWithLogonW 77F85C9D 5 Bytes JMP 3EE883FD
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77F91546 7 Bytes JMP 3EE8B58C
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77F91592 7 Bytes JMP 3EE8F431
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77FA553D 6 Bytes JMP 3EE89DB9
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77FA589F 6 Bytes JMP 3EE8CFD7
.text C:\WINDOWS\system32\hldrrr.exe[160] ADVAPI32.dll!RegSetValueW + 2 77FA5FC4 5 Bytes JMP 3EE8EB3D
.text C:\WINDOWS\system32\hldrrr.exe[160] ws2_32.dll!connect + 2 71A3406C 6 Bytes JMP 3EE8999A
.text C:\WINDOWS\system32\hldrrr.exe[160] ws2_32.dll!gethostbyname + 2 71A34FD6 9 Bytes JMP 3EE89966
.text C:\WINDOWS\system32\hldrrr.exe[160] ws2_32.dll!WSAAsyncGetHostByName + 2 71A3E987 13 Bytes [ F9, F3, 49, 42, FC, 92, 2F, ... ]
.text C:\WINDOWS\system32\hldrrr.exe[160] ws2_32.dll!WSAConnect + 2 71A40C6B 14 Bytes [ 9F, 48, D6, 9F, 99, F9, 90, ... ]
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EE89430
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EE88CEB
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EE88AAE
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EE8F4A7
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EE88C1E
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 6 Bytes [ 49, F3, 42, 42, E9, EE ]
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindFirstFileExW + 9 7C80EC86 2 Bytes [ 68, C2 ]
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EE8F148
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EE8E15E
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EE8C788
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EE8DDD7
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EE8EB6D
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EE8F856
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EE8F819
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EE881E8
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EE8B816
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EE8D6CC
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EE8EC8B
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EE8D522
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EE8F879
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EE8BFD9
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EE8B424
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EE8BEDF
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EE89D1C
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EE8DC00
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EE8EBA3
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EE8DAAC
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EE8D03C
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EE8955F
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EE8F958
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EE8A114
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EE8B40E
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EE8E598
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EE8D8D7
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EE8AF57
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Module32FirstW + 2 7C863E21 3 Bytes JMP 3EE8C17E
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Module32FirstW + 6 7C863E25 2 Bytes [ 62, C2 ]
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EE8F2C5
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EE8DDAD
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EE8B2AB
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EE8EC64
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EE8BDA1
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] USER32.dll!ExitWindowsEx + 2 77D59E6F 6 Bytes JMP 3EE8848C
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegOpenKeyExW + 2 77F46A7A 6 Bytes JMP 3EE8C527
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegCloseKey + 2 77F46BF2 2 Bytes [ 92, E9 ]
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegCloseKey + 5 77F46BF5 3 Bytes [ 87, F4, C6 ]
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryValueExW + 2 77F46FCA 6 Bytes JMP 3EE8B3AE
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegCreateKeyExW + 2 77F47537 6 Bytes JMP 3EE8F37C
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegOpenKeyExA + 2 77F4761D 6 Bytes JMP 3EE8EB4B
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryValueExA + 2 77F47885 6 Bytes JMP 3EE8BF44
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegEnumValueW + 2 77F48083 6 Bytes JMP 3EE8B931
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegSetValueExW 77F4D7CC 7 Bytes JMP 3EE8B6D6
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryValueW + 2 77F4D8E4 6 Bytes JMP 3EE8CE31
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegCreateKeyExA + 2 77F4EAF6 6 Bytes JMP 3EE8F4CB
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegSetValueExA 77F4EBE7 7 Bytes JMP 3EE8C8CD
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegDeleteValueA + 2 77F4EDE7 6 Bytes JMP 3EE8F931
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegDeleteValueW + 2 77F4EEF3 6 Bytes JMP 3EE8AB59
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegSetValueA + 2 77F56F4B 5 Bytes JMP 3EE8B1B8
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!SetFileSecurityW + 2 77F5AA6B 6 Bytes JMP 3EE8B984
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegEnumValueA + 2 77F5CF4C 6 Bytes JMP 3EE8AE48
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77F61287 6 Bytes JMP 3EE8CD2A
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!CreateProcessAsUserW + 2 77F67777 6 Bytes JMP 3EE88F4B
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegDeleteKeyW + 2 77F69886 6 Bytes JMP 3EE8A048
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!GetFileSecurityW + 2 77F6BCE0 6 Bytes JMP 3EE8A450
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegDeleteKeyA + 2 77F6C125 6 Bytes JMP 3EE8B010
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryInfoKeyA + 2 77F6C1B7 6 Bytes JMP 3EE8CE16
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegOpenKeyA + 2 77F6C41D 6 Bytes JMP 3EE8C2F7
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryValueA + 2 77F6CC12 6 Bytes JMP 3EE8C914
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryInfoKeyW + 2 77F6CCF1 6 Bytes JMP 3EE8A9EF
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77F6D07A 7 Bytes JMP 3EE8B510
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegCreateKeyA + 2 77F6D5BD 6 Bytes JMP 3EE8B600
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!SetFileSecurityA + 2 77F7D2FF 5 Bytes JMP 3EE8D7B0
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!GetFileSecurityA + 2 77F7D365 5 Bytes JMP 3EE8D1AA
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!CreateProcessAsUserA + 2 77F8095A 6 Bytes JMP 3EE87EDE
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!CreateProcessWithLogonW 77F85C9D 5 Bytes JMP 3EE883FD
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77F91546 7 Bytes JMP 3EE8B58C
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77F91592 7 Bytes JMP 3EE8F431
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77FA553D 6 Bytes JMP 3EE89DB9
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77FA589F 6 Bytes JMP 3EE8CFD7
.text C:\Documents and Settings\1984\Desktop\gmer\gmer.exe[280] ADVAPI32.dll!RegSetValueW + 2 77FA5FC4 5 Bytes JMP 3EE8EB3D
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2
.text C:\WINDOWS\explorer.exe[584] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EE89430
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EE88CEB
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EE88AAE
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EE8F4A7
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EE88C1E
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 6 Bytes [ F3, F5, 98, 41, E9, EE ]
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindFirstFileExW + 9 7C80EC86 2 Bytes [ 68, C2 ]
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EE8F148
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EE8E15E
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EE8C788
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EE8DDD7
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EE8EB6D
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EE8F856
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EE8F819
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EE881E8
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EE8B816
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EE8D6CC
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EE8EC8B
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EE8D522
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EE8F879
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EE8BFD9
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EE8B424
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EE8BEDF
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EE89D1C
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EE8DC00
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EE8EBA3
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EE8DAAC
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EE8D03C
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EE8955F
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EE8F958
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EE8A114
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EE8B40E
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EE8E598
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EE8D8D7
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EE8AF57
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Module32FirstW + 2 7C863E21 3 Bytes JMP 3EE8C17E
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Module32FirstW + 6 7C863E25 2 Bytes [ 62, C2 ]
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EE8F2C5
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EE8DDAD
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EE8B2AB
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EE8EC64
.text C:\WINDOWS\explorer.exe[584] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EE8BDA1
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegOpenKeyExW + 2 77F46A7A 6 Bytes JMP 3EE8C527
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegCloseKey + 2 77F46BF2 2 Bytes [ D6, E9 ]
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegCloseKey + 5 77F46BF5 3 Bytes [ 87, F4, C6 ]
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryValueExW + 2 77F46FCA 6 Bytes JMP 3EE8B3AE
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegCreateKeyExW + 2 77F47537 6 Bytes JMP 3EE8F37C
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegOpenKeyExA + 2 77F4761D 6 Bytes JMP 3EE8EB4B
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryValueExA + 2 77F47885 6 Bytes JMP 3EE8BF44
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegEnumValueW + 2 77F48083 6 Bytes JMP 3EE8B931
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegSetValueExW 77F4D7CC 7 Bytes JMP 3EE8B6D6
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryValueW + 2 77F4D8E4 6 Bytes JMP 3EE8CE31
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegCreateKeyExA + 2 77F4EAF6 6 Bytes JMP 3EE8F4CB
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegSetValueExA 77F4EBE7 7 Bytes JMP 3EE8C8CD
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegDeleteValueA + 2 77F4EDE7 6 Bytes JMP 3EE8F931
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegDeleteValueW + 2 77F4EEF3 6 Bytes JMP 3EE8AB59
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegSetValueA + 2 77F56F4B 5 Bytes JMP 3EE8B1B8
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!SetFileSecurityW + 2 77F5AA6B 6 Bytes JMP 3EE8B984
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegEnumValueA + 2 77F5CF4C 6 Bytes JMP 3EE8AE48
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77F61287 6 Bytes JMP 3EE8CD2A
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!CreateProcessAsUserW + 2 77F67777 6 Bytes JMP 3EE88F4B
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegDeleteKeyW + 2 77F69886 6 Bytes JMP 3EE8A048
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!GetFileSecurityW + 2 77F6BCE0 6 Bytes JMP 3EE8A450
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegDeleteKeyA + 2 77F6C125 6 Bytes JMP 3EE8B010
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryInfoKeyA + 2 77F6C1B7 6 Bytes JMP 3EE8CE16
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegOpenKeyA + 2 77F6C41D 6 Bytes JMP 3EE8C2F7
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryValueA + 2 77F6CC12 6 Bytes JMP 3EE8C914
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryInfoKeyW + 2 77F6CCF1 6 Bytes JMP 3EE8A9EF
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77F6D07A 7 Bytes JMP 3EE8B510
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegCreateKeyA + 2 77F6D5BD 6 Bytes JMP 3EE8B600
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!SetFileSecurityA + 2 77F7D2FF 5 Bytes JMP 3EE8D7B0
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!GetFileSecurityA + 2 77F7D365 5 Bytes JMP 3EE8D1AA
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!CreateProcessAsUserA + 2 77F8095A 6 Bytes JMP 3EE87EDE
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!CreateProcessWithLogonW 77F85C9D 5 Bytes JMP 3EE883FD
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77F91546 7 Bytes JMP 3EE8B58C
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77F91592 7 Bytes JMP 3EE8F431
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77FA553D 6 Bytes JMP 3EE89DB9
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77FA589F 6 Bytes JMP 3EE8CFD7
.text C:\WINDOWS\explorer.exe[584] ADVAPI32.dll!RegSetValueW + 2 77FA5FC4 5 Bytes JMP 3EE8EB3D
.text C:\WINDOWS\explorer.exe[584] USER32.dll!ExitWindowsEx + 2 77D59E6F 6 Bytes JMP 3EE8848C
.text C:\WINDOWS\explorer.exe[584] PSAPI.DLL!EnumProcessModules 76BB1F1C 5 Bytes JMP 3EE8E944
.t