GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2008-01-20 07:11:03 Windows 5.2.3790 Service Pack 2 ---- Kernel code sections - GMER 1.0.13 ---- .text ntdll.dll!RtlRunEncodeUnicodeString 7C805DB5 5 Bytes JMP 7FFA6612 .text ntdll.dll!NtCreateFile 7C826DDF 5 Bytes JMP 7FFA654E .text ntdll.dll!NtDeviceIoControlFile 7C826FBF 5 Bytes JMP 7FFA61C4 .text ntdll.dll!NtEnumerateKey 7C82701F 5 Bytes JMP 7FFA5A26 .text ntdll.dll!NtEnumerateValueKey 7C82703F 5 Bytes JMP 7FFA5B2B .text ntdll.dll!NtOpenFile 7C82730F 5 Bytes JMP 7FFA65D7 .text ntdll.dll!NtOpenProcess 7C82736F 5 Bytes JMP 7FFA64E3 .text ntdll.dll!NtQueryDirectoryFile 7C8274DF 5 Bytes JMP 7FFA58EE .text ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 7FFA5750 .text ntdll.dll!NtQueryVolumeInformationFile 7C82771F 5 Bytes JMP 7FFA60F4 .text ntdll.dll!NtReadVirtualMemory 7C82778F 5 Bytes JMP 7FFA5B9E .text ntdll.dll!NtResumeThread 7C8278CF 5 Bytes JMP 7FFA59BF .text ntdll.dll!NtVdmControl 7C827CCF 5 Bytes JMP 7FFA5950 .text ntdll.dll!LdrLoadDll 7C833F63 5 Bytes JMP 7FFA5D9E ---- User code sections - GMER 1.0.13 ---- .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!RtlRunEncodeUnicodeString 7C805DB5 5 Bytes JMP 7FF96612 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtCreateFile 7C826DDF 5 Bytes JMP 7FF9654E .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtDeviceIoControlFile 7C826FBF 5 Bytes JMP 7FF961C4 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtEnumerateKey 7C82701F 5 Bytes JMP 7FF95A26 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtEnumerateValueKey 7C82703F 5 Bytes JMP 7FF95B2B .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtOpenFile 7C82730F 5 Bytes JMP 7FF965D7 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtOpenProcess 7C82736F 5 Bytes JMP 7FF964E3 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtQueryDirectoryFile 7C8274DF 5 Bytes JMP 7FF958EE .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 7FF95750 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtQueryVolumeInformationFile 7C82771F 5 Bytes JMP 7FF960F4 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtReadVirtualMemory 7C82778F 5 Bytes JMP 7FF95B9E .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtResumeThread 7C8278CF 5 Bytes JMP 7FF959BF .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!NtVdmControl 7C827CCF 5 Bytes JMP 7FF95950 .text C:\WINDOWS\system32\winlogon.exe[412] ntdll.dll!LdrLoadDll 7C833F63 5 Bytes JMP 7FF95D9E .text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!ReadFile 77E4184B 5 Bytes JMP 7FF95666 .text C:\WINDOWS\system32\winlogon.exe[412] ADVAPI32.dll!EnumServicesStatusExW 77F54EE3 5 Bytes JMP 7FF95FE2 .text C:\WINDOWS\system32\winlogon.exe[412] ADVAPI32.dll!EnumServicesStatusExA 77F553BB 5 Bytes JMP 7FF9604E .text C:\WINDOWS\system32\winlogon.exe[412] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 7FF95F7C .text C:\WINDOWS\system32\winlogon.exe[412] ADVAPI32.dll!EnumServiceGroupW 77FB6010 5 Bytes JMP 7FF95F13 .text C:\WINDOWS\system32\winlogon.exe[412] Secur32.dll!LsaLogonUser 76F56F58 5 Bytes JMP 7FF96683 .text C:\WINDOWS\system32\winlogon.exe[412] WS2_32.dll!recv 71C02F7F 5 Bytes JMP 7FF95DE0 .text C:\WINDOWS\system32\winlogon.exe[412] WS2_32.dll!WSARecv 71C09480 5 Bytes JMP 7FF95E40 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!RtlRunEncodeUnicodeString 7C805DB5 5 Bytes JMP 7FF96612 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtCreateFile 7C826DDF 5 Bytes JMP 7FF9654E .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtDeviceIoControlFile 7C826FBF 5 Bytes JMP 7FF961C4 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtEnumerateKey 7C82701F 5 Bytes JMP 7FF95A26 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtEnumerateValueKey 7C82703F 5 Bytes JMP 7FF95B2B .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtOpenFile 7C82730F 5 Bytes JMP 7FF965D7 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtOpenProcess 7C82736F 5 Bytes JMP 7FF964E3 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtQueryDirectoryFile 7C8274DF 5 Bytes JMP 7FF958EE .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 7FF95750 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtQueryVolumeInformationFile 7C82771F 5 Bytes JMP 7FF960F4 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtReadVirtualMemory 7C82778F 5 Bytes JMP 7FF95B9E .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtResumeThread 7C8278CF 5 Bytes JMP 7FF959BF .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtVdmControl 7C827CCF 5 Bytes JMP 7FF95950 .text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!LdrLoadDll 7C833F63 5 Bytes JMP 7FF95D9E .text C:\WINDOWS\system32\lsass.exe[480] kernel32.dll!ReadFile 77E4184B 5 Bytes JMP 7FF95666 .text C:\WINDOWS\system32\lsass.exe[480] ADVAPI32.dll!EnumServicesStatusExW 77F54EE3 5 Bytes JMP 7FF95FE2 .text C:\WINDOWS\system32\lsass.exe[480] ADVAPI32.dll!EnumServicesStatusExA 77F553BB 5 Bytes JMP 7FF9604E .text C:\WINDOWS\system32\lsass.exe[480] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 7FF95F7C .text C:\WINDOWS\system32\lsass.exe[480] ADVAPI32.dll!EnumServiceGroupW 77FB6010 5 Bytes JMP 7FF95F13 .text C:\WINDOWS\system32\lsass.exe[480] Secur32.dll!LsaLogonUser 76F56F58 5 Bytes JMP 7FF96683 .text C:\WINDOWS\system32\lsass.exe[480] WS2_32.dll!recv 71C02F7F 5 Bytes JMP 7FF95DE0 .text C:\WINDOWS\system32\lsass.exe[480] WS2_32.dll!WSARecv 71C09480 5 Bytes JMP 7FF95E40 ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[192] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\KERNEL32.dll IAT C:\WINDOWS\system32\csrss.exe[380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\KERNEL32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\gmer.exe[388] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\winlogon.exe[412] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\lsass.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[488] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [77ECAF9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [77ECAFD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [77ECAFB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [77ECAFEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[824] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [77ECAFC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchos