Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed: My RKU log
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

My RKU log
 Post Reply Post Reply Page  <12
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Topic: My RKU log
    Posted: 30 December 2008 at 2:00pm
See this topic for some discussion about why ComboFix may be flagged by scanners...
Daily affirmation:
net helpmsg 4006
Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 30 December 2008 at 1:36pm
ok, i quess i have to accept the sad truth that there aint no rootkits or malware in my computer. Cry btw, is combofix a trustworthy tool as i scanned it in virustotal and it seemed to be detected by many scanners? I would like to try it just for fun... Big%20smile
Back to Top
SvenBomwollen View Drop Down
Senior Member
Senior Member


Joined: 29 August 2008
Location: Germany
Online Status: Offline
Posts: 1400 		Post Options Post Options   Quote SvenBomwollen Quote  Post ReplyReply Direct Link To This Post Posted: 30 December 2008 at 11:00am
Hi, Creep.

This thread looks much like the Rootkit or maybe not thread continued just using an outdated RKU version instead of Radix for a change.

The RKU logfile seems to hold as many hints that there may be a rootkit on your system as did the Radix logfile: none.

Therefore it is very likely that redhawk's verdict still applies.

Regards,
Sven
Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 30 December 2008 at 10:45am
spybot did not found nothing, super antispyware did not found nothing, avast detected some components belonging to escan that i installed yesterday but removed soon after that because it was unable to scan any files in my computer for some unknown reason, malwarebytes also did not find nothing. Maybe i try the fsecure onlinescanner but i think that the result is propably the same than with the others.

Edited by Creep - 30 December 2008 at 10:47am
Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 30 December 2008 at 10:38am
So is my computer infected with somekinda rootkit? If any expert could take a look at my log file and the screenshot that i posted it would be good. Thank you in advance. Could this be somekinda bootsector rootkit? Sorry i am pretty bad in these computer things.

Edited by Creep - 30 December 2008 at 10:39am
Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 29 December 2008 at 6:35pm

Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 29 December 2008 at 6:30pm
What is that unknown codepage?
Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 29 December 2008 at 6:28pm
ooks

ntoskrnl.exe+0x0006906A, Type: Inline - RelativeJump at address 0x8046906A hook handler located in [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xB7BCCC1C hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xB7BCCBD4 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xB7BCCBC8 hook handler located in [vsdatant.sys]
wanarp.sys+0x000067C1, Type: Inline - RelativeJump at address 0xEB6AE7C1 hook handler located in [wanarp.sys]
wanarp.sys+0x000067C5, Type: Inline - RelativeJump at address 0xEB6AE7C5 hook handler located in [unknown_code_page]
wanarp.sys+0x000067CD, Type: Inline - RelativeJump at address 0xEB6AE7CD hook handler located in [wanarp.sys]
wanarp.sys+0x000067D1, Type: Inline - RelativeJump at address 0xEB6AE7D1 hook handler located in [wanarp.sys]
wanarp.sys+0x000067D5, Type: Inline - RelativeJump at address 0xEB6AE7D5 hook handler located in [wanarp.sys]
wanarp.sys+0x000067D9, Type: Inline - RelativeJump at address 0xEB6AE7D9 hook handler located in [serial.sys]
wanarp.sys+0x000067E1, Type: Inline - RelativeJump at address 0xEB6AE7E1 hook handler located in [unknown_code_page]
wanarp.sys+0x000067E9, Type: Inline - RelativeJump at address 0xEB6AE7E9 hook handler located in [wanarp.sys]
wanarp.sys+0x000067ED, Type: Inline - RelativeJump at address 0xEB6AE7ED hook handler located in [wanarp.sys]
wanarp.sys+0x000067F5, Type: Inline - RelativeCall at address 0xEB6AE7F5 hook handler located in [unknown_code_page]
wanarp.sys+0x000067FD, Type: Inline - RelativeCall at address 0xEB6AE7FD hook handler located in [unknown_code_page]
wanarp.sys+0x00006805, Type: Inline - RelativeJump at address 0xEB6AE805 hook handler located in [unknown_code_page]
wanarp.sys+0x0000680D, Type: Inline - RelativeJump at address 0xEB6AE80D hook handler located in [unknown_code_page]
wanarp.sys+0x00006815, Type: Inline - RelativeJump at address 0xEB6AE815 hook handler located in [unknown_code_page]
wanarp.sys+0x0000681D, Type: Inline - RelativeJump at address 0xEB6AE81D hook handler located in [unknown_code_page]
wanarp.sys+0x00006825, Type: Inline - RelativeJump at address 0xEB6AE825 hook handler located in [unknown_code_page]
wanarp.sys+0x0000682D, Type: Inline - RelativeJump at address 0xEB6AE82D hook handler located in [unknown_code_page]
wanarp.sys+0x00006835, Type: Inline - RelativeJump at address 0xEB6AE835 hook handler located in [unknown_code_page]
wanarp.sys+0x0000683D, Type: Inline - RelativeJump at address 0xEB6AE83D hook handler located in [unknown_code_page]
wanarp.sys+0x00006845, Type: Inline - RelativeJump at address 0xEB6AE845 hook handler located in [unknown_code_page]
wanarp.sys+0x0000684D, Type: Inline - RelativeCall at address 0xEB6AE84D hook handler located in [unknown_code_page]
wanarp.sys+0x00006855, Type: Inline - RelativeJump at address 0xEB6AE855 hook handler located in [unknown_code_page]
wanarp.sys+0x0000685D, Type: Inline - RelativeCall at address 0xEB6AE85D hook handler located in [unknown_code_page]
wanarp.sys+0x00006865, Type: Inline - RelativeJump at address 0xEB6AE865 hook handler located in [wanarp.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xEB6AD280 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xEB6AD25C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xEB6AD298 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xEB6AD268 hook handler located in [vsdatant.sys]
[1224]MWASER.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1224]MWASER.EXE-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1260]MWAGENT.EXE-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1284]mstask.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1284]mstask.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1284]mstask.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1284]mstask.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1284]mstask.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1284]mstask.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1284]mstask.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1284]mstask.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1284]mstask.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[1284]mstask.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[1284]mstask.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[1284]mstask.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1284]mstask.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1320]SMAgent.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1360]sp_rsser.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1432]stisvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1432]stisvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1432]stisvc.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1456]WinMgmt.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[1472]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[1472]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[1472]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[1472]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[1472]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[1472]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[200]WINLOGON.EXE-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[204]CSRSS.EXE-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[252]SERVICES.EXE-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[264]LSASS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[264]LSASS.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[264]LSASS.EXE-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[408]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[408]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[576]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[576]spoolsv.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[576]spoolsv.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[600]a2service.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[600]a2service.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[600]a2service.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[600]a2service.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[600]a2service.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[600]a2service.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[600]a2service.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[600]a2service.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[600]a2service.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[600]a2service.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[600]a2service.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[600]a2service.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[600]a2service.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[656]aawservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[656]aawservice.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[656]aawservice.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[656]aawservice.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[656]aawservice.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[656]aawservice.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[656]aawservice.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[656]aawservice.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[656]aawservice.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[656]aawservice.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[656]aawservice.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[656]aawservice.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[656]aawservice.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[692]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[692]explorer.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[692]explorer.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[692]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[692]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[692]explorer.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[692]explorer.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[692]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[692]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[692]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[692]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[692]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[692]explorer.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[744]prevxcsi.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[800]cisvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[800]cisvc.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[800]cisvc.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[800]cisvc.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[800]cisvc.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[800]cisvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[800]cisvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[800]cisvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[800]cisvc.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[856]WinPatrol.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[868]prevxcsi.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump at address 0x791B4B39 hook handler located in [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump at address 0x791AD051 hook handler located in [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump at address 0x79182E37 hook handler located in [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump at address 0x7918D804 hook handler located in [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump at address 0x7918F4C0 hook handler located in [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump at address 0x7918E841 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump at address 0x7955C243 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump at address 0x7955C275 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x79565040 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x79566981 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump at address 0x7954B412 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump at address 0x7956B87C hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump at address 0x7956CC0E hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump at address 0x7954FCEF hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump at address 0x79560CF7 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump at address 0x79563C52 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump at address 0x7956026D hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x79560595 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump at address 0x7956031E hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump at address 0x79561150 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump at address 0x79566A9D hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump at address 0x7956BB59 hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump at address 0x7955E9EE hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump at address 0x7956752A hook handler located in [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump at address 0x79567990 hook handler located in [unknown_code_page]
[924]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump at address 0x77F885BC hook handler located in [unknown_code_page]
[924]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump at address 0x7D036B6C hook handler located in [unknown_code_page]
[924]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump at address 0x7CFE961B hook handler located in [unknown_code_page]
[924]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump at address 0x7CFE205D hook handler located in [unknown_code_page]
[924]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump at address 0x7D036AF8 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump at address 0x77E3FE82 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump at address 0x77E420FA hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump at address 0x77E1A2A0 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump at address 0x77E165F2 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump at address 0x77E176C6 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump at address 0x77E19BE4 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump at address 0x77E39C81 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump at address 0x77E508C3 hook handler located in [unknown_code_page]
[924]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump at address 0x77E1CFBE hook handler located in [unknown_code_page]
Back to Top
Creep View Drop Down
Senior Member
Senior Member
Avatar

Joined: 17 June 2007
Online Status: Offline
Posts: 290 		Post Options Post Options   Quote Creep Quote  Post ReplyReply Direct Link To This Post Posted: 29 December 2008 at 6:23pm
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 0
Windows Build Number: 2195
==============================================
>SSDT State
NtClose
Actual Address 0xB744C1DA
Hooked by: C:\WINNT\System32\Drivers\aswMon.SYS
NtConnectPort
Actual Address 0xB7AA0040
Hooked by: C:\WINNT\System32\vsdatant.sys
NtCreateDirectoryObject
Actual Address 0xB744C0C6
Hooked by: C:\WINNT\System32\Drivers\aswMon.SYS
NtCreateFile
Actual Address 0xEB6F853C
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtCreateKey
Actual Address 0xEB6FA678
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtCreatePort
Actual Address 0xB7AA0510
Hooked by: C:\WINNT\System32\vsdatant.sys
NtCreateProcess
Actual Address 0xB744AA36
Hooked by: C:\WINNT\System32\Drivers\aswMon.SYS
NtCreateSection
Actual Address 0xB744BB64
Hooked by: C:\WINNT\System32\Drivers\aswMon.SYS
NtCreateThread
Actual Address 0xEB6FB534
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtCreateWaitablePort
Actual Address 0xB7AA0600
Hooked by: C:\WINNT\System32\vsdatant.sys
NtDeleteFile
Actual Address 0xB7A9CF20
Hooked by: C:\WINNT\System32\vsdatant.sys
NtDeleteKey
Actual Address 0xEB6FAD71
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtDeleteValueKey
Actual Address 0xEB6FAC6F
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtDuplicateObject
Actual Address 0xB7AA6580
Hooked by: C:\WINNT\System32\vsdatant.sys
NtFsControlFile
Actual Address 0xEB6F855E
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtLoadKey
Actual Address 0xB7AA88B0
Hooked by: C:\WINNT\System32\vsdatant.sys
NtOpenFile
Actual Address 0xEB6F851E
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtOpenKey
Actual Address 0xEB6FA644
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtOpenProcess
Actual Address 0xB7AA6350
Hooked by: C:\WINNT\System32\vsdatant.sys
NtOpenSection
Actual Address 0xEB6FA0B3
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtOpenThread
Actual Address 0xB7AA6150
Hooked by: C:\WINNT\System32\vsdatant.sys
NtProtectVirtualMemory
Actual Address 0xEB6FA452
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtQueryValueKey
Actual Address 0xB796F62C
Hooked by: C:\WINNT\System32\Drivers\aswSP.SYS
NtReadVirtualMemory
Actual Address 0xEB6FA42F
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtReplaceKey
Actual Address 0xB7AA8CB0
Hooked by: C:\WINNT\System32\vsdatant.sys
NtRequestWaitReplyPort
Actual Address 0xB7A9FC00
Hooked by: C:\WINNT\System32\vsdatant.sys
NtRestoreKey
Actual Address 0xB796F5EC
Hooked by: C:\WINNT\System32\Drivers\aswSP.SYS
NtSecureConnectPort
Actual Address 0xB7AA0220
Hooked by: C:\WINNT\System32\vsdatant.sys
NtSetContextThread
Actual Address 0xEB6FB9B4
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtSetInformationFile
Actual Address 0xB744BEF0
Hooked by: C:\WINNT\System32\Drivers\aswMon.SYS
NtSetSystemInformation
Actual Address 0xEB6FB1F7
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtSetValueKey
Actual Address 0xEB6FA816
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtSuspendThread
Actual Address 0xEB6FB9F2
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtTerminateProcess
Actual Address 0xEB6FA410
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtTerminateThread
Actual Address 0xEB6FB9D3
Hooked by: C:\WINNT\system32\drivers\procguard.sys
NtWriteFile
Actual Address 0xB744BE28
Hooked by: C:\WINNT\System32\Drivers\aswMon.SYS
NtWriteVirtualMemory
Actual Address 0xEB6FA3ED
Hooked by: C:\WINNT\system32\drivers\procguard.sys
==============================================
>Shadow
NtUserMessageCall
Actual Address 0xB7A9E250
Hooked by: C:\WINNT\System32\vsdatant.sys
NtUserPostMessage
Actual Address 0xB7A9E2E0
Hooked by: C:\WINNT\System32\vsdatant.sys
NtUserPostThreadMessage
Actual Address 0xB7A9E360
Hooked by: C:\WINNT\System32\vsdatant.sys
NtUserSendInput
Actual Address 0xB7A9E520
Hooked by: C:\WINNT\System32\vsdatant.sys
NtUserSendMessageCallback
Actual Address 0xB7A9E410
Hooked by: C:\WINNT\System32\vsdatant.sys
NtUserSendNotifyMessage
Actual Address 0xB7A9E4A0
Hooked by: C:\WINNT\System32\vsdatant.sys
==============================================
>Processes
Process: System
Process Id: 8
EPROCESS Address: 0x820A3870

Process: C:\WINNT\System32\smss.exe
Process Id: 180
EPROCESS Address: 0x81E97AF0

Process: C:\WINNT\system32\winlogon.exe
Process Id: 200
EPROCESS Address: 0x81C4A030

Process: C:\WINNT\system32\csrss.exe
Process Id: 204
EPROCESS Address: 0x81DFFB70

Process: C:\WINNT\system32\services.exe
Process Id: 252
EPROCESS Address: 0x81C41D70

Process: C:\WINNT\system32\lsass.exe
Process Id: 264
EPROCESS Address: 0x81C409B0

Process: C:\WINNT\system32\svchost.exe
Process Id: 408
EPROCESS Address: 0x81C0EAD0

Process: C:\WINNT\system32\spoolsv.exe
Process Id: 576
EPROCESS Address: 0x81BD19F0

Process: C:\Program Files\a-squared Free\a2service.exe
Process Id: 600
EPROCESS Address: 0x81BCD5F0

Process: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Process Id: 656
EPROCESS Address: 0x81BBD950

Process: C:\Program Files\Mozilla Firefox\firefox.exe
Process Id: 680
EPROCESS Address: 0x81A03950

Process: C:\WINNT\Explorer.EXE
Process Id: 692
EPROCESS Address: 0x81B73D70

Process: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Process Id: 720
EPROCESS Address: 0x81B6F030

Process: C:\Program Files\PrevxCSI\prevxcsi.exe
Process Id: 744
EPROCESS Address: 0x81B5ED70

Process: C:\Program Files\Alwil Software\Avast4\ashServ.exe
Process Id: 760
EPROCESS Address: 0x819DB030

Process: C:\WINNT\System32\cisvc.exe
Process Id: 800
EPROCESS Address: 0x819D3D70

Process: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
Process Id: 856
EPROCESS Address: 0x81B496F0

Process: C:\Program Files\PrevxCSI\prevxcsi.exe
Process Id: 868
EPROCESS Address: 0x81B60770

Process: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
Process Id: 876
EPROCESS Address: 0x81B48730

Process: C:\Program Files\ThreatFire\TFTray.exe
Process Id: 884
EPROCESS Address: 0x81B5A030

Process: C:\WINNT\System32\svchost.exe
Process Id: 924
EPROCESS Address: 0x819CDD70

Process: C:\WINNT\System32\cidaemon.exe
Process Id: 1208
EPROCESS Address: 0x819B1030

Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Process Id: 1220
EPROCESS Address: 0x819C6D10

Process: C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
Process Id: 1224
EPROCESS Address: 0x81B41030

Process: C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
Process Id: 1260
EPROCESS Address: 0x8198E030

Process: C:\WINNT\system32\MSTask.exe
Process Id: 1284
EPROCESS Address: 0x81AA8290

Process: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Process Id: 1320
EPROCESS Address: 0x81AA18D0

Process: C:\Program Files\Spyware Terminator\sp_rsser.exe
Process Id: 1360
EPROCESS Address: 0x81977D30

Process: C:\Program Files\ThreatFire\TFService.exe
Process Id: 1400
EPROCESS Address: 0x81A77030

Process: C:\WINNT\system32\stisvc.exe
Process Id: 1432
EPROCESS Address: 0x81948030

Process: C:\WINNT\System32\WBEM\WinMgmt.exe
Process Id: 1456
EPROCESS Address: 0x81A4ED70

Process: C:\WINNT\system32\svchost.exe
Process Id: 1472
EPROCESS Address: 0x8193AD70

Process: C:\WINNT\system32\ZoneLabs\vsmon.exe
Process Id: 440
EPROCESS Address: 0x81BFA4F0

Process: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Process Id: 860
EPROCESS Address: 0x81B60A30

==============================================
>Drivers
Driver: C:\WINNT\System32\ntoskrnl.exe
Address: 0x80400000
Size: 1691456 bytes

Driver: PnpManager
Address: 0x80400000
Size: 1691456 bytes

Driver: RAW
Address: 0x80400000
Size: 1691456 bytes

Driver: WMI
Address: 0x80400000
Size: 1691456 bytes

Driver: Win32k
Address: 0xA0000000
Size: 1646592 bytes

Driver: C:\WINNT\system32\win32k.sys
Address: 0xA0000000
Size: 1646592 bytes

Driver: C:\WINNT\System32\ialmdd5.DLL
Address: 0xB7876000
Size: 557056 bytes

Driver: C:\WINNT\system32\drivers\smwdm.sys
Address: 0xBFD4C000
Size: 524288 bytes

Driver: Ntfs.sys
Address: 0xBFEC0000
Size: 516096 bytes

Driver: C:\WINNT\System32\DRIVERS\mrxsmb.sys
Address: 0xB7987000
Size: 417792 bytes

Driver: C:\WINNT\System32\vsdatant.sys
Address: 0xB7A6D000
Size: 393216 bytes

Driver: C:\WINNT\System32\DRIVERS\tcpip.sys
Address: 0xB7B95000
Size: 323584 bytes

Driver: C:\WINNT\System32\DRIVERS\srv.sys
Address: 0xB7118000
Size: 241664 bytes

Driver: C:\WINNT\System32\DRIVERS\netbt.sys
Address: 0xB7733000
Size: 176128 bytes

Driver: C:\WINNT\System32\DRIVERS\update.sys
Address: 0xBFCAD000
Size: 176128 bytes

Driver: NDIS.sys
Address: 0xBFE96000
Size: 172032 bytes

Driver: C:\WINNT\System32\DRIVERS\rdbss.sys
Address: 0xB79FF000
Size: 172032 bytes

Driver: ACPI.sys
Address: 0xBFFD8000
Size: 163840 bytes

Driver: C:\WINNT\System32\ialmdev5.DLL
Address: 0xB78FE000
Size: 163840 bytes

Driver: C:\WINNT\system32\drivers\kmixer.sys
Address: 0xB66E1000
Size: 151552 bytes

Driver: C:\WINNT\system32\drivers\portcls.sys
Address: 0xBFD27000
Size: 151552 bytes

Driver: C:\WINNT\System32\Drivers\Fastfat.SYS
Address: 0xB6DE5000
Size: 143360 bytes

Driver: C:\WINNT\system32\drivers\sp_rsdrv2.sys
Address: 0xB7A4A000
Size: 143360 bytes

Driver: dmio.sys
Address: 0xBFF99000
Size: 139264 bytes

Driver: C:\WINNT\System32\DRIVERS\e100bnt5.sys
Address: 0xBFDF4000
Size: 139264 bytes

Driver: fltmgr.sys
Address: 0xBFF61000
Size: 139264 bytes

Driver: C:\WINNT\System32\DRIVERS\USBPORT.SYS
Address: 0xBFE16000
Size: 139264 bytes

Driver: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xB7A29000
Size: 135168 bytes

Driver: C:\WINNT\System32\Drivers\aswSP.SYS
Address: 0xB7967000
Size: 131072 bytes

Driver: C:\WINNT\system32\drivers\KS.SYS
Address: 0xBFD07000
Size: 131072 bytes

Driver: C:\WINNT\System32\drivers\afd.sys
Address: 0xB7715000
Size: 122880 bytes

Driver: ftdisk.sys
Address: 0xBFFBB000
Size: 118784 bytes

Driver: C:\WINNT\System32\ialmdnt5.dll
Address: 0xB7926000
Size: 102400 bytes

Driver: C:\WINNT\system32\drivers\aeaudio.sys
Address: 0xBFCEF000
Size: 98304 bytes

Driver: C:\WINNT\system32\drivers\tmcomm.sys
Address: 0xB6E08000
Size: 98304 bytes

Driver: C:\WINNT\system32\drivers\ialmsbw.sys
Address: 0xB7C16000
Size: 94208 bytes

Driver: C:\WINNT\System32\DRIVERS\ndiswan.sys
Address: 0xBFCD8000
Size: 94208 bytes

Driver: atapi.sys
Address: 0xBFF83000
Size: 90112 bytes

Driver: Mup.sys
Address: 0xBFE6C000
Size: 90112 bytes

Driver: C:\WINNT\System32\Drivers\aswMon.SYS
Address: 0xB7449000
Size: 86016 bytes

Driver: ACPI_HAL
Address: 0x80062000
Size: 82176 bytes

Driver: C:\WINNT\System32\hal.dll
Address: 0x80062000
Size: 82176 bytes

Driver: C:\WINNT\System32\DRIVERS\ialmnt5.sys
Address: 0xBFE38000
Size: 81920 bytes

Driver: C:\WINNT\System32\DRIVERS\ipsec.sys
Address: 0xB6BCC000
Size: 81920 bytes

Driver: srescan.sys
Address: 0xBFE82000
Size: 81920 bytes

Driver: C:\WINNT\system32\drivers\ialmkchw.sys
Address: 0xB7C04000
Size: 73728 bytes

Driver: KSecDD.sys
Address: 0xBFF3E000
Size: 73728 bytes

Driver: C:\WINNT\system32\drivers\wdmaud.sys
Address: 0xB754B000
Size: 73728 bytes

Driver: TfFsMon.sys
Address: 0xBFF50000
Size: 69632 bytes

Driver: C:\WINNT\System32\Drivers\Cdfs.SYS
Address: 0xB756D000
Size: 65536 bytes

Driver: C:\WINNT\System32\DRIVERS\serial.sys
Address: 0xEB480000
Size: 65536 bytes

Driver: C:\WINNT\System32\DRIVERS\parallel.sys
Address: 0xEB4C0000
Size: 61440 bytes

Driver: pci.sys
Address: 0xEB400000
Size: 61440 bytes

Driver: C:\WINNT\System32\ialmrnt5.dll
Address: 0xEB5A0000
Size: 53248 bytes

Driver: C:\WINNT\System32\DRIVERS\rasl2tp.sys
Address: 0xEB4A0000
Size: 53248 bytes

Driver: TfSysMon.sys
Address: 0xEB430000
Size: 53248 bytes

Driver: C:\WINNT\System32\DRIVERS\usbhub20.sys
Address: 0xEB4F0000
Size: 53248 bytes

Driver: C:\WINNT\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xEB470000
Size: 53248 bytes

Driver: C:\WINNT\System32\DRIVERS\i8042prt.sys
Address: 0xEB490000
Size: 49152 bytes

Driver: isapnp.sys
Address: 0xEB410000
Size: 49152 bytes

Driver: C:\WINNT\System32\DRIVERS\raspptp.sys
Address: 0xEB4B0000
Size: 49152 bytes

Driver: C:\WINNT\system32\drivers\sysaudio.sys
Address: 0xB7655000
Size: 49152 bytes

Driver: C:\WINNT\System32\Drivers\aswTdi.SYS
Address: 0xEB550000
Size: 45056 bytes

Driver: C:\WINNT\system32\drivers\TfNetMon.sys
Address: 0xB7625000
Size: 45056 bytes

Driver: C:\WINNT\System32\Drivers\NDProxy.SYS
Address: 0xEB520000
Size: 40960 bytes

Driver: C:\WINNT\System32\DRIVERS\usbhub.sys
Address: 0xEB4E0000
Size: 40960 bytes

Driver: C:\WINNT\System32\DRIVERS\CLASSPNP.SYS
Address: 0xEB420000
Size: 36864 bytes

Driver: C:\WINNT\System32\Drivers\Fips.SYS
Address: 0xB75CD000
Size: 36864 bytes

Driver: C:\WINNT\System32\DRIVERS\msgpc.sys
Address: 0xEB540000
Size: 36864 bytes

Driver: C:\WINNT\System32\DRIVERS\netbios.sys
Address: 0xEB560000
Size: 36864 bytes

Driver: C:\WINNT\System32\Drivers\Npfs.SYS
Address: 0xEB530000
Size: 36864 bytes

Driver: PxHelp20.sys
Address: 0xEB440000
Size: 36864 bytes

Driver: C:\WINNT\system32\DRIVERS\aswFsBlk.sys
Address: 0xEB7E0000
Size: 32768 bytes

Driver: disk.sys
Address: 0xEB698000
Size: 32768 bytes

Driver: MountMgr.sys
Address: 0xEB688000
Size: 32768 bytes

Driver: C:\WINNT\System32\Drivers\TfKbMon.sys
Address: 0xEB710000
Size: 32768 bytes

Driver: C:\WINNT\System32\DRIVERS\uhcd.sys
Address: 0xEB6B8000
Size: 32768 bytes

Driver: C:\WINNT\System32\DRIVERS\wanarp.sys
Address: 0xEB6A8000
Size: 32768 bytes

Driver: C:\WINNT\System32\DRIVERS\cdrom.sys
Address: 0xEB740000
Size: 28672 bytes

Driver: C:\WINNT\System32\Drivers\EFS.SYS
Address: 0xEB7D0000
Size: 28672 bytes

Driver: C:\WINNT\System32\DRIVERS\fdc.sys
Address: 0xEB6F0000
Size: 28672 bytes

Driver: C:\WINNT\System32\DRIVERS\parport.sys
Address: 0xEB708000
Size: 28672 bytes

Driver: C:\WINNT\system32\drivers\procguard.sys
Address: 0xEB6F8000
Size: 28672 bytes

Driver: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xEB6E8000
Size: 28672 bytes

Driver: C:\WINNT\System32\DRIVERS\kbdclass.sys
Address: 0xEB720000
Size: 24576 bytes

Driver: C:\WINNT\System32\DRIVERS\mouclass.sys
Address: 0xEB730000
Size: 24576 bytes

Driver: C:\WINNT\System32\Drivers\Msfs.SYS
Address: 0xEB7F0000
Size: 24576 bytes

Driver: pavboot.sys
Address: 0xEB690000
Size: 24576 bytes

Driver: C:\WINNT\System32\DRIVERS\PCIIDEX.SYS
Address: 0xEB680000
Size: 24576 bytes

Driver: C:\WINNT\System32\drivers\pxark.sys
Address: 0xEB7C8000
Size: 24576 bytes

Driver: C:\WINNT\System32\Drivers\rkhdrv40.SYS
Address: 0xEB748000
Size: 24576 bytes

Driver: C:\WINNT\System32\Drivers\Aavmker4.SYS
Address: 0xEB718000
Size: 20480 bytes

Driver: C:\WINNT\System32\DRIVERS\flpydisk.sys
Address: 0xEB7C0000
Size: 20480 bytes

Driver: C:\WINNT\System32\DRIVERS\ptilink.sys
Address: 0xEB788000
Size: 20480 bytes

Driver: C:\WINNT\System32\DRIVERS\raspti.sys
Address: 0xEB798000
Size: 20480 bytes

Driver: C:\WINNT\System32\DRIVERS\USBD.SYS
Address: 0xEB6D0000
Size: 20480 bytes

Driver: C:\WINNT\System32\DRIVERS\usbehci.sys
Address: 0xEB6E0000
Size: 20480 bytes

Driver: C:\WINNT\System32\Drivers\aswRdr.SYS
Address: 0xB6C51000
Size: 16384 bytes

Driver: C:\WINNT\System32\DRIVERS\serenum.sys
Address: 0xEB898000
Size: 16384 bytes

Driver: C:\WINNT\System32\DRIVERS\TDI.SYS
Address: 0xEB8B8000
Size: 16384 bytes

Driver: C:\WINNT\System32\drivers\vga.sys
Address: 0xEB8E4000
Size: 16384 bytes

Driver: C:\WINNT\System32\BOOTVID.dll
Address: 0xEB810000
Size: 12288 bytes

Driver: C:\WINNT\System32\DRIVERS\ndistapi.sys
Address: 0xEB8A8000
Size: 12288 bytes

Driver: PartMgr.sys
Address: 0xEB814000
Size: 12288 bytes

Driver: avgarkt.sys
Address: 0xEB900000
Size: 8192 bytes

Driver: Diskperf.sys
Address: 0xEB902000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xEB904000
Size: 8192 bytes

Driver: C:\WINNT\System32\Drivers\Fs_Rec.SYS
Address: 0xEB918000
Size: 8192 bytes

Driver: C:\WINNT\System32\Drivers\ParVdm.SYS
Address: 0xEB97C000
Size: 8192 bytes

Driver: C:\WINNT\System32\DRIVERS\rasacd.sys
Address: 0xEB920000
Size: 8192 bytes

Driver: C:\WINNT\System32\DRIVERS\audstub.sys
Address: 0xEB9F0000
Size: 4096 bytes

Driver: C:\WINNT\System32\DRIVERS\AvgArCln.sys
Address: 0xEBA13000
Size: 4096 bytes

Driver: C:\WINNT\System32\Drivers\Beep.SYS
Address: 0xEBA11000
Size: 4096 bytes

Driver: C:\WINNT\System32\Drivers\Cdr4_2K.SYS
Address: 0xEB9E7000
Size: 4096 bytes

Driver: C:\WINNT\System32\Drivers\Cdralw2k.SYS
Address: 0xEB9EA000
Size: 4096 bytes

Driver: C:\WINNT\system32\Drivers\mchInjDrv.sys
Address: 0xEBA4F000
Size: 4096 bytes

Driver: C:\WINNT\System32\Drivers\mnmdd.SYS
Address: 0xEBA16000
Size: 4096 bytes

Driver: C:\WINNT\System32\Drivers\Null.SYS
Address: 0xEBA0F000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xEB9C9000
Size: 4096 bytes

Driver: C:\WINNT\System32\DRIVERS\swenum.sys
Address: 0xEB9FA000
Size: 4096 bytes

Driver: C:\WINNT\System32\DRIVERS\WMILIB.SYS
Address: 0xEB9C8000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files
==============================================



Edited by Creep - 29 December 2008 at 6:28pm
Back to Top
 Post Reply Post Reply Page  <12

Forum Jump Forum Permissions View Drop Down