Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Trojan (?)


  • Please log in to reply
14 replies to this topic

#1 Crystal_Rod

Crystal_Rod

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 02 November 2008 - 11:57 PM

Hi,

I've been trying to work on my Father-in-law's PC for about a week now, running all sorts of scans. First there was an issue with IE pop-ups (up 20 at a time). I disconnected the PC from the internet and when I opened IE, pop-ups still came up, but blank. I ran the AVG & Avast Anti-Virus Scans and that problem didn't appear again. I followed all the instructions on the Preparation Guide before posting HiJackThis post, all scans were done while in SafeMode. When I rebooted the PC normally and connected it to internet, everything was fine for about the first 3 boots and after that the PC started freezing completely; I couldn't even use CTRL + ALT+DELETE to restart. The Critical Object that kept coming up on all scans was the Win32.Trojan, there was others, but this was the most critical one, according to the Software. Please help, I know this can be fixed without having to Reset Windows XP and formatting Hard Drive.

Thank you so much in advance!!!

Crystal

Here's the HiJackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:37 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {5a3b4dc1-5b88-bd78-11d4-1342e42f2448} - {8442f24e-2431-4d11-87db-88b51cd4b3a5} - C:\WINDOWS\system32\vysvin.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168461538718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168475393218
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://www.imikimi.com/download/imikimi_plugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: vysvin.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6390 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 03 November 2008 - 06:23 AM

Hello Crystal_Rod

Welcome to BleepingComputer :thumbsup:
=======================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
==========================
Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 04:01 PM

Thank you for your quick reply Kahdah... as soon as I have these logs for you I will post them.

I'm currently at work. Have a good day :D

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 03 November 2008 - 08:49 PM

Ok you are welcome :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 11:06 PM

Okay, here are all the logs...


LOG.TXT from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-03 20:24:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 114 GB (78%) free of 147 GB
Total RAM: 511 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:11 PM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {5a3b4dc1-5b88-bd78-11d4-1342e42f2448} - {8442f24e-2431-4d11-87db-88b51cd4b3a5} - C:\WINDOWS\system32\vysvin.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168461538718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168475393218
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://www.imikimi.com/download/imikimi_plugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: vysvin.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6530 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-04 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8442f24e-2431-4d11-87db-88b51cd4b3a5}]
C:\WINDOWS\system32\vysvin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03 98304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-23 1234712]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20387d62]
C:\WINDOWS\system32\ebightvq.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2005-07-22 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
C:\WINDOWS\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\Program Files\Zune\ZuneLauncher.exe [2008-04-29 158624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2003-10-10 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
C:\PROGRA~1\VERIZO~1\VCASTM~1\VCASTM~1.EXE [2005-11-30 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vysvin.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcCusSK
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10cf6325-9231-11dd-bc9c-000ea65077dd}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-03 20:24:54 ----D---- C:\rsit
2008-11-02 21:44:56 ----D---- C:\Program Files\Trend Micro
2008-11-02 20:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-02 20:51:20 ----D---- C:\Program Files\Stinger
2008-11-02 20:49:32 ----N---- C:\WINDOWS\system32\SET3F.tmp
2008-11-02 20:49:32 ----N---- C:\WINDOWS\system32\SET3B.tmp
2008-11-02 20:33:59 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-02 20:33:38 ----A---- C:\WINDOWS\zllsputility.exe
2008-11-02 20:33:37 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-11-02 20:33:24 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-11-02 20:33:24 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-11-02 20:33:23 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-11-02 20:33:23 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-11-02 20:33:19 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-02 20:33:19 ----D---- C:\Program Files\Zone Labs
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-11-02 20:32:38 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-02 20:32:37 ----D---- C:\WINDOWS\Internet Logs
2008-11-02 20:32:37 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-11-02 20:32:37 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-01 16:45:08 ----HDC---- C:\WINDOWS\ie7
2008-11-01 16:19:33 ----D---- C:\WINDOWS\Prefetch
2008-11-01 16:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 16:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 16:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 16:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 16:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 16:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 16:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 16:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 15:59:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-01 15:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 15:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 15:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-01 15:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 15:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 15:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 15:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-01 15:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 15:45:43 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-01 15:45:43 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-01 15:45:42 ----N---- C:\WINDOWS\system32\proxycfg.exe
2008-11-01 15:45:42 ----N---- C:\WINDOWS\system32\logman.exe
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\bthci.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\ieencode.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fltmc.exe
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fltlib.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-01 15:45:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2p.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\twext.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wscsvc.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wscntfy.exe
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-01 15:45:29 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-01 15:45:29 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-11-01 15:45:29 ----N---- C:\WINDOWS\slrundll.exe
2008-11-01 15:45:27 ----D---- C:\WINDOWS\system32\scripting
2008-11-01 15:45:26 ----D---- C:\WINDOWS\l2schemas
2008-11-01 15:45:25 ----D---- C:\WINDOWS\system32\en
2008-11-01 15:42:54 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 15:38:37 ----A---- C:\WINDOWS\002804_.tmp
2008-11-01 15:35:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-01 14:58:34 ----D---- C:\44e6996da51994411c11231baa
2008-11-01 12:38:10 ----D---- C:\Program Files\Lavasoft
2008-11-01 12:38:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-01 12:29:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-31 16:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-31 16:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-31 16:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-31 16:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-31 16:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-31 16:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-25 15:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-25 15:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-23 18:12:33 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-10-23 18:12:33 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-10-23 18:12:32 ----D---- C:\Program Files\Uniblue
2008-10-23 18:10:16 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-23 17:52:11 ----D---- C:\15feb343f47049fc4b29b9b833dc
2008-10-23 17:43:58 ----ASH---- C:\WINDOWS\system32\fywglsok.ini
2008-10-23 17:42:30 ----D---- C:\11663c4aaa758fe1074d
2008-10-11 16:31:53 ----SHD---- C:\RECYCLER
2008-10-04 18:20:33 ----A---- C:\WINDOWS\wininit.ini
2008-10-04 10:38:02 ----D---- C:\WINDOWS\ERUNT
2008-10-04 10:35:55 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-04 10:02:18 ----D---- C:\WINDOWS\erdnt
2008-10-04 10:01:52 ----D---- C:\Program Files\r2 Studios
2008-10-04 10:01:36 ----D---- C:\QooBox
2008-10-04 10:00:27 ----D---- C:\Program Files\SDFix
2008-10-04 09:59:32 ----HD---- C:\$AVG8.VAULT$
2008-10-04 09:48:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 09:43:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 09:42:52 ----D---- C:\Program Files\AVG
2008-10-04 09:42:50 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-04 09:37:37 ----D---- C:\Program Files\Windows Installer Clean Up
2008-10-04 09:37:24 ----D---- C:\Program Files\MSECACHE
2008-10-04 09:36:45 ----D---- C:\Program Files\SpywareGuard
2008-10-04 09:35:50 ----D---- C:\Program Files\Spybot
2008-10-04 09:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-04 09:34:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-04 09:34:17 ----D---- C:\Program Files\Alwil Software

======List of files/folders modified in the last 1 months======

2008-11-02 21:44:56 ----RD---- C:\Program Files
2008-11-02 21:44:22 ----SD---- C:\WINDOWS\Tasks
2008-11-02 21:36:43 ----D---- C:\WINDOWS\Temp
2008-11-02 21:36:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-02 21:15:19 ----D---- C:\WINDOWS
2008-11-02 20:53:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-02 20:53:28 ----D---- C:\WINDOWS\system32
2008-11-02 20:53:27 ----D---- C:\WINDOWS\system32\en-US
2008-11-02 20:53:27 ----D---- C:\Program Files\Internet Explorer
2008-11-02 20:53:07 ----D---- C:\WINDOWS\ie7updates
2008-11-02 20:53:05 ----HD---- C:\WINDOWS\inf
2008-11-02 20:52:30 ----A---- C:\WINDOWS\imsins.BAK
2008-11-02 20:50:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-02 20:36:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-02 11:37:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 01:46:20 ----D---- C:\WINDOWS\Help
2008-11-02 01:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 16:47:18 ----D---- C:\WINDOWS\WBEM
2008-11-01 16:47:11 ----D---- C:\WINDOWS\Media
2008-11-01 16:22:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 16:20:43 ----SHD---- C:\WINDOWS\Installer
2008-11-01 16:20:28 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-01 16:19:26 ----A---- C:\WINDOWS\setuplog.txt
2008-11-01 16:18:28 ----D---- C:\WINDOWS\AppPatch
2008-11-01 16:18:27 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 16:18:26 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 16:18:25 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 15:55:42 ----D---- C:\WINDOWS\security
2008-11-01 15:52:00 ----D---- C:\Program Files\Messenger
2008-11-01 15:48:05 ----RASH---- C:\boot.ini
2008-11-01 15:45:51 ----D---- C:\WINDOWS\WinSxS
2008-11-01 15:45:41 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 15:45:41 ----D---- C:\WINDOWS\ime
2008-11-01 15:45:28 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 15:45:28 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 15:45:24 ----D---- C:\WINDOWS\system32\bits
2008-11-01 15:45:24 ----D---- C:\WINDOWS\peernet
2008-11-01 15:45:24 ----D---- C:\Program Files\Movie Maker
2008-11-01 15:42:46 ----D---- C:\WINDOWS\system32\Restore
2008-11-01 15:42:46 ----D---- C:\WINDOWS\system32\npp
2008-11-01 15:42:45 ----D---- C:\WINDOWS\msagent
2008-11-01 15:42:43 ----D---- C:\WINDOWS\srchasst
2008-11-01 15:42:42 ----D---- C:\Program Files\NetMeeting
2008-11-01 15:42:41 ----D---- C:\WINDOWS\system32\Com
2008-11-01 15:42:38 ----D---- C:\Program Files\Windows Media Player
2008-11-01 15:42:37 ----D---- C:\Program Files\Windows NT
2008-11-01 15:42:37 ----D---- C:\Program Files\Outlook Express
2008-11-01 15:42:33 ----D---- C:\Program Files\Common Files\System
2008-11-01 15:42:12 ----D---- C:\WINDOWS\system
2008-11-01 15:40:31 ----RD---- C:\WINDOWS\Web
2008-11-01 15:40:09 ----RASH---- C:\NTDETECT.COM
2008-11-01 15:38:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 15:35:10 ----D---- C:\WINDOWS\EHome
2008-10-31 16:34:22 ----A---- C:\WINDOWS\win.ini
2008-10-25 15:11:54 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-25 15:06:18 ----D---- C:\WINDOWS\system32\config
2008-10-23 17:52:02 ----ASH---- C:\WINDOWS\system32\KSsuCcfe.ini
2008-10-23 17:49:26 ----ASH---- C:\WINDOWS\system32\KSsuCcfe.ini2
2008-10-23 17:42:29 ----A---- C:\WINDOWS\system32\2b1bb91c-.txt
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 16:21:16 ----D---- C:\Documents and Settings
2008-10-11 16:06:00 ----A---- C:\WINDOWS\system.ini
2008-10-11 16:04:44 ----D---- C:\Program Files\Common Files
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 13:09:21 ----D---- C:\Program Files\Common Files\{20387DCD-088F-1033-1015-030304030001}
2008-10-04 11:23:52 ----A---- C:\WINDOWS\BM230b4efe.txt
2008-10-04 09:42:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-04 09:38:34 ----D---- C:\WINDOWS\pss
2008-10-04 09:31:28 ----D---- C:\Program Files\Yahoo!
2008-10-04 09:29:01 ----D---- C:\Program Files\Grisoft
2008-10-04 09:26:10 ----ASH---- C:\WINDOWS\system32\qvthgibe.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
S1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-04 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-04 26824]
S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
S1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-04 76040]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-01 652497]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-08-19 1343803]
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-21 54784]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 snpstd2;GE 98067 MiniCam Pro; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [2004-12-16 347264]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-11 265344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-02 611664]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-04 875288]
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]

-----------------EOF-----------------

#6 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 11:07 PM

INFO.TXT FROM RSIT:

info.txt logfile of random's system information tool 1.04 2008-11-03 20:25:16

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0684EECC-380C-4B97-8C51-5BDB9E4D679C}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
GE 98067 MiniCam Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3740-->msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Driver Diagnostics-->MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
MAGIX Ringtone Maker 2 silver (US)-->C:\MAGIX\Ringtone_Maker_2_silver\instslct.exe
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot\unins000.exe"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
V CAST Music-->MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free
AV: avast! antivirus 4.8.1229 [VPS 081102-0]
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

#7 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 11:11 PM

GMER (1 OF 4 PARTS):

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-03 20:53:35
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + FFE25751 7C9C217D 272 Bytes [ C0, F1, 77, CB, A8, F1, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + FFE25862 7C9C228E 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + FFE25864 7C9C2290 89 Bytes [ FF, 30, 83, 7C, 17, F8, 82, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + FFE258BE 7C9C22EA 121 Bytes [ 91, 7C, F9, BC, 80, 7C, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + FFE25938 7C9C2364 3 Bytes [ 18, AD, 80 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 8C 7C9EA5DD 267 Bytes [ 53, 48, 47, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 198 7C9EA6E9 25 Bytes [ 72, 6C, 61, 79, 49, 6E, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 1B2 7C9EA703 40 Bytes [ 53, 48, 47, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 1DB 7C9EA72C 181 Bytes [ 77, 4C, 69, 6E, 6B, 49, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 291 7C9EA7E2 818 Bytes [ 53, 48, 47, 65, 74, 53, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFree + 29 7C9EAB15 151 Bytes [ 6E, 72, 65, 61, 64, 4D, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFree + C1 7C9EABAD 231 Bytes [ 65, 49, 6D, 61, 67, 65, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadOLE + 54 7C9EAC95 140 Bytes [ 53, 68, 65, 52, 65, 6D, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadOLE + E1 7C9EAD22 122 Bytes [ 53, 68, 65, 6C, 6C, 45, 78, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetSize + D 7C9EAD9D 34 Bytes [ 53, 68, 65, 6C, 6C, 5F, 47, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetSize + 30 7C9EADC0 334 Bytes [ 49, 6D, 61, 67, 65, 4C, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILClone + 11A 7C9EAF0F 103 Bytes [ 53, 74, 72, 53, 74, 72, 49, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILClone + 182 7C9EAF77 224 Bytes [ 68, 61, 72, 65, 64, 00, 73, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILClone + 263 7C9EB058 95 Bytes [ 00, 50, FF, 15, 60, 15, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCloneFirst + 54 7C9EB0B8 36 Bytes [ 00, 00, 8B, F8, 39, 1D, C4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCloneFirst + 7A 7C9EB0DE 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCloneFirst + 7E 7C9EB0E2 96 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCombine + 2E 7C9EB143 7 Bytes [ 74, 1D, 8B, 07, 8B, CF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCombine + 36 7C9EB14B 26 Bytes [ CC, 00, 00, 00, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCombine + 51 7C9EB166 86 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCombine + A8 7C9EB1BD 17 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCombine + BA 7C9EB1CF 37 Bytes [ 81, C1, 40, 02, 00, 00, 51, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDesktopFolder + 13 7C9EB77B 44 Bytes [ 3B, D7, 72, 1A, 77, 04, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDesktopFolder + 40 7C9EB7A8 25 Bytes [ 5E, 5B, C9, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDesktopFolder + 5A 7C9EB7C2 24 Bytes [ 15, 60, 15, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDesktopFolder + 73 7C9EB7DB 44 Bytes [ C7, 5F, 5E, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDesktopFolder + A0 7C9EB808 233 Bytes [ 90, 90, 90, 90, 90, C7, 01, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRestricted + 38 7C9EC091 38 Bytes [ 85, C0, 74, 1E, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRestricted + 5F 7C9EC0B8 2 Bytes [ 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRestricted + 63 7C9EC0BC 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRestricted + 6F 7C9EC0C8 41 Bytes [ 83, C0, 04, 50, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRestricted + 99 7C9EC0F2 35 Bytes [ 4D, 08, 56, 8B, F1, 57, C1, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILRemoveLastID + 1 7C9EC1B8 4 Bytes [ EC, 83, EC, 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILRemoveLastID + 8 7C9EC1BF 28 Bytes [ 85, C9, 0F, 85, 06, 07, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILRemoveLastID + 25 7C9EC1DC 93 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILRemoveLastID + 83 7C9EC23A 104 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILRemoveLastID + EC 7C9EC2A3 6 Bytes [ 80, 0F, 8D, C6, 74, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetSettings + 63 7C9EC413 75 Bytes [ 50, A5, 89, 45, C8, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetSettings + AF 7C9EC45F 42 Bytes [ 74, 17, FF, 75, CC, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetSettings + DA 7C9EC48A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetSettings + F6 7C9EC4A6 78 Bytes [ 0F, 8C, E4, 01, 00, 00, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetSettings + 145 7C9EC4F5 5 Bytes [ 56, 57, 68, D0, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCLSIDFromString + 26 7C9EC7D9 28 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCLSIDFromString + 43 7C9EC7F6 96 Bytes CALL CA29C801
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCLSIDFromString + A4 7C9EC857 39 Bytes [ 47, 85, C0, 74, 49, 8B, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCLSIDFromString + CC 7C9EC87F 71 Bytes [ 11, 85, C0, 7C, 18, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCLSIDFromString + 114 7C9EC8C7 5 Bytes [ FF, FF, 5D, C2, 10 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindLastID + 2A 7C9EC9A6 80 Bytes [ 53, FF, 75, 10, 8D, 4F, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindLastID + 7B 7C9EC9F7 53 Bytes [ CE, 2B, C8, D1, F9, 51, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindLastID + B1 7C9ECA2D 94 Bytes [ 75, 10, 53, FF, 37, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindLastID + 110 7C9ECA8C 19 Bytes [ 73, 00, 00, 00, 41, 00, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindLastID + 124 7C9ECAA0 55 Bytes [ 49, 00, 44, 00, 50, 00, 52, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHParseDisplayName + 3E 7C9EDBAE 133 Bytes [ 0F, 84, 78, 1A, 01, 00, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHParseDisplayName + C4 7C9EDC34 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHParseDisplayName + FF 7C9EDC6F 51 Bytes CALL 7C9EDB13 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHParseDisplayName + 133 7C9EDCA3 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHParseDisplayName + 13F 7C9EDCAF 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHILCreateFromPath + 8C 7C9EE1CC 27 Bytes CALL 7C9EE171 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHILCreateFromPath + A8 7C9EE1E8 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHILCreateFromPath + D8 7C9EE218 33 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHILCreateFromPath + FA 7C9EE23A 89 Bytes [ 8D, BD, E4, FB, FF, FF, F3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHILCreateFromPath + 154 7C9EE294 19 Bytes [ 53, FF, 75, 14, 57, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPath + 1 7C9EE2E0 8 Bytes [ EC, FF, 75, 10, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPath + A 7C9EE2E9 13 Bytes [ 68, 90, 44, 9C, 7C, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPath + 18 7C9EE2F7 7 Bytes [ FF, 5D, C2, 0C, 00, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPath + 22 7C9EE301 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPath + 29 7C9EE308 52 Bytes [ 30, 02, 00, 00, A1, 48, F5, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathW + 1 7C9EED77 38 Bytes [ D8, 85, DB, 7C, 6B, 83, C6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathW + 28 7C9EED9E 150 Bytes [ 51, 14, 8B, D8, 85, DB, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathW + BF 7C9EEE35 27 Bytes [ 8B, 75, 08, 89, 45, F8, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathW + DC 7C9EEE52 13 Bytes [ 85, C0, 0F, 84, 92, 0B, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathW + EA 7C9EEE60 4 Bytes [ 85, 86, 1B, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderLocation + 19 7C9EF27A 16 Bytes [ 8D, 43, 03, 50, FF, 15, 24, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderLocation + 2A 7C9EF28B 33 Bytes [ FF, 85, C0, 0F, 85, 26, 17, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderLocation + 4C 7C9EF2AD 49 Bytes [ 00, 00, 85, C0, 0F, 8D, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderLocation + 7E 7C9EF2DF 16 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + E 7C9EF2F1 73 Bytes CALL 7C9EF13F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 58 7C9EF33B 1 Byte [ FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 5B 7C9EF33E 3 Bytes [ 84, DC, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 60 7C9EF343 3 Bytes [ 66, 83, 22 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 64 7C9EF347 14 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCoCreateInstance 7C9EF5E2 65 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCoCreateInstance + 42 7C9EF624 40 Bytes [ 15, A8, F2, BB, 7C, 3B, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCoCreateInstance + 6B 7C9EF64D 32 Bytes [ 08, 50, FF, 51, 18, 8B, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCoCreateInstance + 8C 7C9EF66E 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCoCreateInstance + 8E 7C9EF670 27 Bytes [ 33, DB, EB, 93, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 1A 7C9EF792 5 Bytes [ 45, 39, B5, A4, FD ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 20 7C9EF798 33 Bytes [ FF, 74, 52, C7, 85, AC, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 42 7C9EF7BA 22 Bytes CALL 7C9EE7B4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 59 7C9EF7D1 58 Bytes [ FF, 8B, F8, 3B, FE, 7D, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 94 7C9EF80C 41 Bytes [ FF, 50, F3, A5, FF, 15, 3C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsNetDrive + 2 7C9F063E 8 Bytes [ 15, 60, F5, 9E, 7C, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsNetDrive + B 7C9F0647 98 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsNetDrive + 71 7C9F06AD 113 Bytes [ 8B, FF, 55, 8B, EC, 83, 3D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsNetDrive + E3 7C9F071F 7 Bytes CALL 7C9F01D6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsNetDrive + EB 7C9F0727 18 Bytes [ DB, 75, 21, F6, 45, 15, 40, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealDriveType + 15 7C9F0EAB 80 Bytes [ 18, 3B, C3, 74, 02, 89, 30, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DriveType + 2E 7C9F0EFC 29 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DriveType + 4C 7C9F0F1A 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DriveType + 68 7C9F0F36 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DriveType + 85 7C9F0F53 50 Bytes CALL 7C9F0D0E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DriveType + B8 7C9F0F86 21 Bytes [ 75, 0C, 53, FF, 15, 30, 1C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDListW + 3B 7C9F105F 17 Bytes JMP 7C9EB1B7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDListW + 4D 7C9F1071 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDListW + 60 7C9F1084 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDListW + 7A 7C9F109E 47 Bytes [ 00, 49, 0F, 85, 55, 4F, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDListW + AA 7C9F10CE 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsEqual + 20 7C9F122F 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsEqual + 28 7C9F1237 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsEqual + 43 7C9F1252 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsEqual + 46 7C9F1255 48 Bytes [ EC, 81, EC, 54, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsEqual + 77 7C9F1286 85 Bytes [ FF, 8D, 8D, D4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowW + 27 7C9F12DC 23 Bytes [ 3B, F3, 0F, 9F, C0, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowW + 41 7C9F12F6 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowW + 47 7C9F12FC 144 Bytes [ EC, 51, 51, 53, 56, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowW + D8 7C9F138D 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowW + 122 7C9F13D7 7 Bytes [ C0, 75, AD, B8, FF, FF, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsParent + 14 7C9F1440 77 Bytes [ 00, B9, FF, FF, 00, 00, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsParent + 62 7C9F148E 79 Bytes [ FF, 50, FF, B5, 98, FE, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILIsParent + B2 7C9F14DE 90 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindChild + 4D 7C9F1539 95 Bytes CALL 7CA23B92 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindChild + AD 7C9F1599 37 Bytes [ DB, 7C, 41, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindChild + D3 7C9F15BF 42 Bytes [ 45, 14, 8B, 4D, 0C, 8B, 11, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindChild + FE 7C9F15EA 133 Bytes [ 1B, C0, 83, D8, FF, E9, C5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILFindChild + 184 7C9F1670 13 Bytes [ EC, FD, FF, FF, 50, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetClassObject + A6 7C9F295F 85 Bytes [ A1, AC, FA, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetClassObject + FC 7C9F29B5 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetClassObject + 102 7C9F29BB 15 Bytes [ FF, 55, 8B, EC, 53, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetClassObject + 112 7C9F29CB 9 Bytes [ 85, FF, BB, 02, 40, 00, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetClassObject + 11C 7C9F29D5 62 Bytes [ 07, 8D, 4D, 0C, 51, 68, 38, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetImageLists + 26 7C9F3D2F 51 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetImageLists + 5A 7C9F3D63 4 Bytes [ FF, 75, 20, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetImageLists + 5F 7C9F3D68 42 Bytes [ 08, FF, 75, 18, 83, C1, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetImageLists + 8A 7C9F3D93 63 Bytes [ 42, EB, 05, 00, FF, 75, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetImageLists + CB 7C9F3DD4 15 Bytes [ FE, 34, 9F, 7C, AA, DF, 9F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBindToParent + 72 7C9F3F02 32 Bytes [ F1, FF, 75, 08, FF, 76, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBindToParent + 93 7C9F3F23 9 Bytes [ 55, 8B, EC, 83, 3D, 78, FA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBindToParent + 9D 7C9F3F2D 35 Bytes [ 0F, 84, 1F, E3, 00, 00, A1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBindToParent + C1 7C9F3F51 4 Bytes [ 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBindToParent + C6 7C9F3F56 32 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 1A 7C9F3FFA 45 Bytes CALL 7C9F4016 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 48 7C9F4028 348 Bytes [ 75, 08, 8B, F9, 8D, 5F, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 1A5 7C9F4185 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 1AA 7C9F418A 14 Bytes [ 00, 00, 3C, 7E, 87, 3B, DE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 1B9 7C9F4199 14 Bytes [ 52, 1C, 6A, 90, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyDeregister + 2D 7C9F5457 30 Bytes [ 00, 83, F8, 34, 0F, 86, F3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyDeregister + 4C 7C9F5476 64 Bytes [ 4E, 0F, 85, 9B, 3D, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyDeregister + 8D 7C9F54B7 10 Bytes [ 89, 7D, E0, 89, 7D, E4, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyDeregister + 9A 7C9F54C4 35 Bytes [ 0F, 84, C8, 5D, 00, 00, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyDeregister + BE 7C9F54E8 50 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2 7C9F659A 39 Bytes [ 75, 10, FF, 75, 08, E8, C4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2B 7C9F65C3 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2F 7C9F65C7 26 Bytes [ EC, 51, 51, 56, 57, 8B, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 4A 7C9F65E2 55 Bytes [ 00, 8B, D8, 3B, DF, 74, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 82 7C9F661A 93 Bytes [ C6, 0C, 89, 75, F8, 89, 7D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyRegister + 1E 7C9F88F5 92 Bytes [ 8B, 4D, FC, 8B, C7, 5F, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyRegister + 7D 7C9F8954 30 Bytes [ 14, 8B, 06, FF, 75, 10, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyRegister + 9C 7C9F8973 9 Bytes [ FF, 39, 46, 1C, 0F, 8C, B7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyRegister + A6 7C9F897D 55 Bytes [ EB, A3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifyRegister + DE 7C9F89B5 10 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_MergeMenus + 15 7C9F8FE9 37 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_MergeMenus + 3B 7C9F900F 14 Bytes [ 46, 24, 3B, C1, 8D, 50, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_MergeMenus + 4A 7C9F901E 66 Bytes [ 00, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_MergeMenus + 8D 7C9F9061 2 Bytes [ 96, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_MergeMenus + 91 7C9F9065 15 Bytes [ EB, E1, FF, 75, 08, E8, B2, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderView + 2 7C9FA63C 88 Bytes [ 75, 08, 8D, 8E, 40, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderView + 5B 7C9FA695 62 Bytes [ 00, 00, 85, C0, 0F, 84, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderView + 9A 7C9FA6D4 130 Bytes [ 00, FF, 75, 08, 8B, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderView + 11D 7C9FA757 5 Bytes [ 80, A6, 12, 02, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderView + 123 7C9FA75D 129 Bytes [ FE, F6, 86, 14, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7C9FCB7C 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7C9FCB98 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7C9FCB9F 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7C9FCBF3 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7C9FCBFB 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconExW + 4D 7C9FE204 78 Bytes [ CF, FF, 75, 08, 56, E8, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconExW + 9C 7C9FE253 31 Bytes [ 00, 68, 68, D2, 9F, 7C, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconExW + BC 7C9FE273 5 Bytes [ 00, 81, 32, 9F, 7C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconExW + C2 7C9FE279 34 Bytes [ 00, 00, 00, 7A, DF, 66, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconExW + E9 7C9FE2A0 35 Bytes CALL 7C9E8417 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCloneSpecialIDList + 3A 7C9FE585 34 Bytes [ 89, 45, DC, 8B, 45, 14, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCloneSpecialIDList + 5D 7C9FE5A8 2 Bytes [ D9, A5 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCloneSpecialIDList + 60 7C9FE5AB 37 Bytes [ 15, 94, 1A, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCloneSpecialIDList + 86 7C9FE5D1 20 Bytes [ 03, 00, 00, 8B, 45, E8, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCloneSpecialIDList + 9B 7C9FE5E6 25 Bytes [ 56, 0C, 8B, F8, 33, F6, 3B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconW + 48 7C9FECE1 26 Bytes [ 7D, 10, 33, DB, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconW + 63 7C9FECFC 57 Bytes [ 20, 85, C0, 74, 0C, FF, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconW + 9D 7C9FED36 73 Bytes [ 75, 08, 8B, 46, 08, FF, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHExtractIconsW + 36 7C9FED80 27 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHExtractIconsW + 52 7C9FED9C 24 Bytes [ 08, 50, FF, 51, 08, C7, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHExtractIconsW + 6B 7C9FEDB5 54 Bytes [ 75, 0C, 57, 8B, 7D, 08, 23, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHExtractIconsW + A2 7C9FEDEC 23 Bytes [ 33, C0, EB, E3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHExtractIconsW + BA 7C9FEE04 159 Bytes [ 89, 46, 0C, 8B, 45, 08, C7, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetVersion + 5 7C9FFA08 74 Bytes [ 81, EC, 28, 02, 00, 00, A1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetVersion + 51 7C9FFA54 51 Bytes [ 00, 57, 68, 70, F5, BC, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetVersion + 85 7C9FFA88 6 Bytes [ 00, 00, 75, 15, 56, 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetVersion + 8C 7C9FFA8F 88 Bytes [ B5, EC, FD, FF, FF, E8, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllGetVersion + E5 7C9FFAE8 14 Bytes [ 85, E4, FD, FF, FF, 89, B5, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetImageList + C 7C9FFF35 39 Bytes [ F0, FF, FF, 75, 03, 09, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetImageList + 34 7C9FFF5D 13 Bytes JMP 7C9F3AFF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetImageList + 43 7C9FFF6C 26 Bytes [ 88, F1, 9F, 7C, 6C, F1, 9F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetImageList + 5F 7C9FFF88 15 Bytes [ DC, F0, 9F, 7C, B8, F0, 9F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetImageList + 6F 7C9FFF98 11 Bytes [ 54, F0, 9F, 7C, 30, F0, 9F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathResolve + 5B 7CA02AF5 338 Bytes [ B9, F1, 7E, AD, 7C, 89, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathResolve + 1AE 7CA02C48 2 Bytes [ E1, 69 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathResolve + 1B2 7CA02C4C 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathResolve + 1C4 7CA02C5E 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathResolve + 1DA 7CA02C74 19 Bytes [ 83, 25, A0, 00, BD, 7C, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteExW + 96 7CA02F99 61 Bytes [ 83, FF, 08, 0F, 8E, 51, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteExW + D4 7CA02FD7 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteExW + F6 7CA02FF9 92 Bytes [ 10, 89, 91, AC, 00, BD, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteExW + 153 7CA03056 62 Bytes [ 00, 56, FF, 35, 84, 05, BD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteExW + 192 7CA03095 30 Bytes [ 1D, 9C, 7C, 99, 2B, C2, D1, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHTestTokenMembership + 54 7CA055B3 32 Bytes [ 00, 57, FF, B6, 04, 60, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHTestTokenMembership + 75 7CA055D4 179 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHTestTokenMembership + 129 7CA05688 5 Bytes [ FF, 55, 8B, EC, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHTestTokenMembership + 12F 7CA0568E 19 Bytes CALL 7CA056F6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHTestTokenMembership + 144 7CA056A3 50 Bytes [ 0F, 85, 97, 8E, 04, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenRegStream + 1 7CA05ABF 25 Bytes [ EC, 81, EC, 60, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenRegStream + 1B 7CA05AD9 24 Bytes [ 89, BD, A8, FD, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenRegStream + 34 7CA05AF2 12 Bytes [ 8D, 70, 04, 56, FF, 15, F4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenRegStream + 41 7CA05AFF 52 Bytes [ 75, 8D, 85, A0, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenRegStream + 76 7CA05B34 32 Bytes CALL 7CA05B8C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILLoadFromStream + 4 7CA0693A 58 Bytes [ D8, 85, DB, 0F, 8C, 57, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILLoadFromStream + 3F 7CA06975 3 Bytes [ C3, 5B, E8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILLoadFromStream + 43 7CA06979 27 Bytes [ 1A, FE, FF, C9, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILLoadFromStream + 5F 7CA06995 25 Bytes [ 5D, C2, 04, 00, 48, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILLoadFromStream + 79 7CA069AF 224 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_ShowDragImage + 1 7CA08C9D 114 Bytes [ 47, 30, 85, C0, 0F, 85, 7A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_ShowDragImage + 74 7CA08D10 2 Bytes [ 50, 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_ShowDragImage + 77 7CA08D13 3 Bytes [ CE, F9, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_ShowDragImage + 7B 7CA08D17 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_ShowDragImage + A7 7CA08D43 190 Bytes [ FF, 15, EC, 14, 9C, 7C, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA0B1D7 5 Bytes [ FF, 01, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA0B1DD 131 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExW + 17 7CA0B261 99 Bytes [ 16, 9C, 7C, 5F, 5E, 5B, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA0B2C5 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExW + 93 7CA0B2DD 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExW + E8 7CA0B332 4 Bytes [ 84, 1E, E8, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExW + ED 7CA0B337 3 Bytes [ 6A, 43, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + 5 7CA0BCE5 39 Bytes [ 8B, C6, 5E, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + 2D 7CA0BD0D 49 Bytes [ BD, 7C, 3B, 18, 75, E0, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + 5F 7CA0BD3F 93 Bytes JMP 7C9F9149 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + BD 7CA0BD9D 49 Bytes [ FF, 8B, F0, 3B, F7, 0F, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + EF 7CA0BDCF 69 Bytes [ FF, 75, FC, FF, 56, 18, E9, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsUserAnAdmin + 35 7CA0DB90 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsUserAnAdmin + 46 7CA0DBA1 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsUserAnAdmin + 5A 7CA0DBB5 5 Bytes [ 0F, 85, EA, C1, 03 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsUserAnAdmin + 60 7CA0DBBB 42 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsUserAnAdmin + 8B 7CA0DBE6 16 Bytes [ C5, C1, 03, 00, 8B, 45, 10, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathProcessCommand + 41 7CA0E4CC 1 Byte [ 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathProcessCommand + 43 7CA0E4CE 38 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathProcessCommand + 6A 7CA0E4F5 9 Bytes [ FF, 83, FE, FF, 0F, 84, AE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathProcessCommand + 74 7CA0E4FF 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathProcessCommand + 8B 7CA0E516 5 Bytes [ 89, 9D, B0, FB, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFileAorW + 3D 7CA1192E 48 Bytes [ C1, FD, FF, FF, 08, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFileAorW + 6E 7CA1195F 41 Bytes [ 76, 28, 33, DB, 8D, 85, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFileAorW + 98 7CA11989 30 Bytes [ 40, 89, 85, F8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFileAorW + B7 7CA119A8 50 Bytes [ FF, FF, 8D, 4E, FC, E8, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFileAorW + EB 7CA119DC 51 Bytes [ FF, 8B, 85, 58, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListA + 15 7CA1B936 5 Bytes [ 33, C8, 89, 8B, A4 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListA + 1C 7CA1B93D 46 Bytes JMP 7CA1BDD3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListA + 4B 7CA1B96C 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListA + 73 7CA1B994 5 Bytes [ 89, 83, A4, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListA + 79 7CA1B99A 58 Bytes JMP 7CA1BDD4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 53 7CA1DC20 68 Bytes [ 76, 08, FF, D7, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 98 7CA1DC65 25 Bytes [ 00, FF, 45, E4, 8B, 45, E4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + B2 7CA1DC7F 34 Bytes [ F6, D9, 1B, C9, 23, 4D, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + D5 7CA1DCA2 14 Bytes CALL 7CA197C3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + E5 7CA1DCB2 43 Bytes [ F6, 46, 44, 01, 0F, 85, C4, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetLocalizedName + 6 7CA21652 8 Bytes [ 6C, 24, 04, 08, E9, D2, F5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetLocalizedName + F 7CA2165B 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetLocalizedName + 2D 7CA21679 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetLocalizedName + 4B 7CA21697 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetLocalizedName + 85 7CA216D1 14 Bytes JMP 7CA0F4F3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushSFCache + 32 7CA217B0 59 Bytes [ 85, C0, 0F, 84, 86, 18, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushSFCache + 6E 7CA217EC 52 Bytes [ 75, 10, 0F, 84, 0D, 37, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushSFCache + A3 7CA21821 86 Bytes [ 00, 90, 90, 90, 90, 90, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushSFCache + FA 7CA21878 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushSFCache + 161 7CA218DF 4 Bytes [ FD, FF, FF, 8D ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIcon + B 7CA221E1 45 Bytes [ 83, BD, 3C, F5, FF, FF, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIcon + 39 7CA2220F 7 Bytes [ FF, 00, 09, 8D, 28, F5, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIcon + 41 7CA22217 18 Bytes [ 89, 85, 58, F5, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIcon + 54 7CA2222A 8 Bytes [ FF, 8B, F8, 85, FF, 7C, 23, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIcon + 5D 7CA22233 2 Bytes [ 24, F5 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Lock + 6 7CA228EB 9 Bytes [ FF, 8B, CB, 50, 0F, 84, F9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Lock + 10 7CA228F5 66 Bytes [ FF, B5, BC, F9, FF, FF, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Lock + 53 7CA22938 144 Bytes [ 8B, 4D, FC, 8B, 85, C0, F9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Lock + E4 7CA229C9 2 Bytes [ EC, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Lock + E7 7CA229CC 47 Bytes [ 75, 08, FF, 71, 3C, E8, 3F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractVersionResource16W + 11 7CA22C52 5 Bytes [ FC, FF, C9, C2, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractVersionResource16W + 17 7CA22C58 9 Bytes [ 83, 0E, 18, EB, D5, C7, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractVersionResource16W + 22 7CA22C63 114 Bytes [ A1, 60, FA, BC, 7C, 33, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractVersionResource16W + 96 7CA22CD7 36 Bytes [ 00, FF, 15, 7C, 1A, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractVersionResource16W + BB 7CA22CFC 1 Byte [ 52 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllCanUnloadNow + 27 7CA238B4 15 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllCanUnloadNow + 37 7CA238C4 46 Bytes [ 57, 8B, 7D, 08, F7, 47, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllCanUnloadNow + 66 7CA238F3 31 Bytes [ 00, 00, 85, C0, 74, 16, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllCanUnloadNow + 86 7CA23913 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllCanUnloadNow + 129 7CA239B6 4 Bytes [ 55, 8B, EC, 56 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsExe + 2 7CA23A9F 3 Bytes JMP 7CA2397C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsExe + 6 7CA23AA3 108 Bytes [ FF, 39, 7D, F4, 0F, 85, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsExe + 73 7CA23B10 30 Bytes JMP 7CA23893 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsExe + 92 7CA23B2F 8 Bytes JMP 7CA26B44 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsExe + 9B 7CA23B38 24 Bytes [ 40, 04, 8B, 34, 98, 3B, FE, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDrive + 3B 7CA23DCC 54 Bytes [ 69, 00, 6E, 00, 69, 00, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDrive + 72 7CA23E03 96 Bytes [ 83, C6, 04, 81, FE, 2C, 59, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDrive + D3 7CA23E64 20 Bytes [ 9E, 7C, 0F, 85, 72, 01, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDrive + E8 7CA23E79 77 Bytes [ 5E, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDrive + 136 7CA23EC7 28 Bytes [ 0F, 85, 1A, 1A, 02, 00, C3, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 5 7CA24415 89 Bytes [ A1, 54, FA, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 5F 7CA2446F 19 Bytes [ FF, 8B, 45, 08, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 73 7CA24483 3 Bytes [ CE, FF, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 77 7CA24487 17 Bytes [ 8B, F8, 3B, FB, 74, 23, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 8B 7CA2449B 2 Bytes [ FF, 15 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotify + B 7CA24914 3 Bytes [ 68, 64, FA ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotify + 10 7CA24919 50 Bytes CALL 7CA00BA3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotify + 43 7CA2494C 118 Bytes [ 68, A4, FA, BC, 7C, E8, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotify + BA 7CA249C3 16 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotify + CB 7CA249D4 26 Bytes [ 00, F6, 45, 08, 01, 74, 07, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIconW + 41 7CA2A570 7 Bytes [ 64, 00, 52, 00, 75, 00, 6E ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIconW + 49 7CA2A578 1 Byte [ 44 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIconW + 4B 7CA2A57A 41 Bytes [ 6C, 00, 6C, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIconW + 75 7CA2A5A4 115 Bytes [ 63, 00, 64, 00, 6C, 00, 67, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Shell_NotifyIconW + E9 7CA2A618 74 Bytes [ 75, 00, 63, 00, 74, 00, 69, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListW + 17 7CA2AAD0 122 Bytes [ A2, 7C, C3, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListW + 92 7CA2AB4B 8 Bytes [ 07, BD, 7C, C0, A0, A2, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListW + 9B 7CA2AB54 58 Bytes [ 90, 90, 90, 90, C7, 05, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListW + D6 7CA2AB8F 1 Byte [ A0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListW + D8 7CA2AB91 94 Bytes [ 7C, C3, 90, 90, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathA + FB 7CA2AD0C 5 Bytes [ BD, 7C, C0, A0, A2 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathA + 101 7CA2AD12 43 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathA + 12D 7CA2AD3E 19 Bytes [ C0, A0, A2, 7C, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathA + 141 7CA2AD52 17 Bytes [ C3, 90, 90, 90, 90, 90, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathA + 154 7CA2AD65 77 Bytes [ 90, 90, 90, C7, 05, 14, 09, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfoW + 4D 7CA2B040 89 Bytes [ 3D, D0, F5, BC, 7C, 74, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfoW + A7 7CA2B09A 72 Bytes [ 94, AB, 01, 00, A1, 2C, 09, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfoW + F0 7CA2B0E3 106 Bytes [ A1, 58, F5, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfoW + 15B 7CA2B14E 5 Bytes [ 00, E8, 0B, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfoW + 161 7CA2B154 64 Bytes [ 33, C0, 5D, C2, 0C, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragAcceptFiles + 14 7CA2B1BD 19 Bytes [ D8, 0D, 00, A2, A2, 7C, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragAcceptFiles + 28 7CA2B1D1 155 Bytes [ 8B, 38, 4F, 78, 1C, 56, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragAcceptFiles + C4 7CA2B26D 49 Bytes [ 55, 8B, EC, 53, 56, 57, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragAcceptFiles + F6 7CA2B29F 16 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragAcceptFiles + 107 7CA2B2B0 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetMalloc + 43 7CA2B3D8 16 Bytes [ 80, FF, 15, 30, 10, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetMalloc + 54 7CA2B3E9 9 Bytes [ 10, 9C, 7C, 8B, C6, 5E, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetMalloc + 5E 7CA2B3F3 8 Bytes [ 33, F6, 46, EB, F4, B8, 17, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetMalloc + 67 7CA2B3FC 14 Bytes [ 00, 3B, F8, 0F, 86, 80, 87, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetMalloc + 76 7CA2B40B 13 Bytes [ 72, 40, 81, FF, 12, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILSaveToStream + 54 7CA2F480 28 Bytes [ 03, 56, 56, FF, 75, CC, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILSaveToStream + 73 7CA2F49F 82 Bytes [ 85, FF, C7, 45, FC, 01, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILSaveToStream + C6 7CA2F4F2 52 Bytes [ 00, C7, 45, D4, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILSaveToStream + FB 7CA2F527 50 Bytes [ 75, F4, 8B, 46, 18, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILSaveToStream + 12F 7CA2F55B 26 Bytes [ 8D, B7, B4, 01, 00, 00, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAddToRecentDocs + 7 7CA2FD29 42 Bytes [ FF, 15, E0, 15, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAddToRecentDocs + 32 7CA2FD54 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAddToRecentDocs + 47 7CA2FD69 76 Bytes [ C0, 74, 12, 8B, CF, 8B, D1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAddToRecentDocs + 94 7CA2FDB6 45 Bytes [ 55, 8B, EC, 81, EC, 98, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAddToRecentDocs + C2 7CA2FDE4 2 Bytes [ 9D, 70 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Win32DeleteFile + 4B 7CA30510 4 Bytes [ 84, 4C, 48, 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Win32DeleteFile + 50 7CA30515 54 Bytes [ 56, 57, 6A, 60, 6A, 40, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Win32DeleteFile + 87 7CA3054C 36 Bytes CALL 7CA304A2 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Win32DeleteFile + AC 7CA30571 16 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Win32DeleteFile + BD 7CA30582 13 Bytes [ 15, 58, 18, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + 6B 7CA308F4 12 Bytes [ 0A, 00, 89, B5, C6, FB, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + 78 7CA30901 78 Bytes [ FF, 8D, BD, C4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + C7 7CA30950 56 Bytes [ FF, 55, 8B, EC, 51, 56, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + 100 7CA30989 14 Bytes [ 5E, C9, C2, 08, 00, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + 10F 7CA30998 1 Byte [ FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathCleanupSpec + 33 7CA30A9F 63 Bytes [ FF, 6A, 00, 50, 6A, 00, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathCleanupSpec + 73 7CA30ADF 12 Bytes [ F3, 33, C0, F3, A7, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathCleanupSpec + 80 7CA30AEC 4 Bytes [ B5, D0, FD, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathCleanupSpec + 85 7CA30AF1 18 Bytes CALL 7C9EEF16 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathCleanupSpec + 98 7CA30B04 37 Bytes [ 8D, 95, DC, FB, FF, FF, 52, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 20 7CA30B2A 16 Bytes [ 08, 50, FF, 51, 10, 8B, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 31 7CA30B3B 39 Bytes [ 51, 08, 81, FE, 01, 40, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 59 7CA30B63 53 Bytes [ 8D, 44, 43, 02, 51, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 8F 7CA30B99 12 Bytes [ FF, A5, A5, A5, A5, C7, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 9C 7CA30BA6 26 Bytes [ 00, 00, 8B, 85, D4, F5, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrIW + 58 7CA311BF 106 Bytes JMP 7C9FF007 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrIW + C4 7CA3122B 5 Bytes [ 53, 8D, 45, FC, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrIW + CA 7CA31231 45 Bytes [ 75, 0C, 8B, CE, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrIW + F8 7CA3125F 33 Bytes [ 75, 08, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrIW + 11A 7CA31281 31 Bytes [ 75, 10, FF, 15, 34, 16, 9C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfo + 1 7CA31552 47 Bytes [ 4D, 10, 56, 8B, 75, 0C, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfo + 31 7CA31582 16 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfo + 42 7CA31593 4 Bytes [ 8C, 9C, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfo + 47 7CA31598 30 Bytes [ 83, BD, F0, FD, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFileInfo + 66 7CA315B7 14 Bytes CALL 7C9EBD8F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconW + 63 7CA318A1 17 Bytes [ 5D, 14, 89, 85, C0, F7, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconW + 75 7CA318B3 11 Bytes [ B5, D0, F7, FF, FF, 89, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconW + 81 7CA318BF 1 Byte [ 9D ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconW + 83 7CA318C1 78 Bytes [ F7, FF, FF, 0F, 84, BF, 2F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconW + D2 7CA31910 1 Byte [ D7 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetNext + 2B 7CA3449A 10 Bytes [ 50, FF, 75, 10, FF, B5, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetNext + 36 7CA344A5 2 Bytes [ CE, B0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetNext + 3A 7CA344A9 21 Bytes [ FF, B5, E0, F9, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetNext + 50 7CA344BF 15 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILGetNext + 60 7CA344CF 15 Bytes [ 4D, FC, 5F, 8B, C6, 5E, 5B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ReadCabinetState + 2C 7CA346FD 54 Bytes [ C2, 10, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ReadCabinetState + 63 7CA34734 71 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ReadCabinetState + AB 7CA3477C 3 Bytes [ B6, 68, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ReadCabinetState + AF 7CA34780 27 Bytes [ 85, C0, 59, 74, 35, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ReadCabinetState + CB 7CA3479C 84 Bytes [ 8B, 06, 57, FF, 75, 10, 68, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDList + 21 7CA34C52 94 Bytes [ 66, 00, 00, FF, 76, 28, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDList + 80 7CA34CB1 4 Bytes [ 75, 0C, 8B, D9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDList + 85 7CA34CB6 53 Bytes CALL 7CA34BEF C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDList + BB 7CA34CEC 215 Bytes [ F9, FF, 15, D4, 15, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetPathFromIDList + 193 7CA34DC4 61 Bytes [ 00, 0F, 85, 58, 4A, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgReadMultiple + 1 7CA37A62 30 Bytes [ C7, 5F, 5E, 5D, C2, 0C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgReadMultiple + 20 7CA37A81 95 Bytes CALL 7CA3796E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgReadMultiple + 80 7CA37AE1 94 Bytes [ FF, 75, 10, 8B, 06, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgReadMultiple + DF 7CA37B40 82 Bytes [ FF, FF, 90, 90, 4D, 6B, A3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgReadMultiple + 132 7CA37B93 19 Bytes [ F2, 33, DB, F3, A7, 74, 05, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetRealIDL + 17 7CA38DC8 46 Bytes [ EC, 81, EC, 10, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetRealIDL + 46 7CA38DF7 18 Bytes [ 80, 00, 00, 3B, F8, 0F, 8F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetRealIDL + 59 7CA38E0A 35 Bytes [ 00, 02, 00, 00, 0F, 84, 6B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetRealIDL + 7D 7CA38E2E 2 Bytes [ 00, 20 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetRealIDL + 81 7CA38E32 50 Bytes [ 0F, 84, 47, 10, 00, 00, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableA + B 7CA3FA07 28 Bytes [ 00, 6A, 06, FF, B0, B0, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableA + 28 7CA3FA24 101 Bytes [ 51, 14, 85, DB, 0F, 8C, DC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableW + 5 7CA3FA93 57 Bytes [ 56, 57, 6A, 00, 8B, F1, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableW + 40 7CA3FACE 17 Bytes [ 8B, 45, 24, 8D, BE, 38, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableW + 52 7CA3FAE0 48 Bytes [ 00, FF, 75, 18, 89, 86, 3C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableW + 83 7CA3FB11 14 Bytes [ 55, 8B, EC, 56, 57, 68, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExecutableW + 92 7CA3FB20 5 Bytes [ 85, C0, 59, 74, 55 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSettings + 14 7CA3FBC1 32 Bytes [ 00, 8B, C7, 5F, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSettings + 35 7CA3FBE2 17 Bytes [ 43, 3B, C3, B9, 05, 40, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSettings + 47 7CA3FBF4 8 Bytes [ F8, 03, 0F, 84, 43, 84, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSettings + 50 7CA3FBFD 19 Bytes [ C0, 75, 50, 53, 56, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetSettings + 64 7CA3FC11 13 Bytes [ 39, 1E, 75, 18, 8B, 47, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 26 7CA409C0 5 Bytes [ 04, 31, D1, EA, 52 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 2C 7CA409C6 5 Bytes [ 6A, FF, 89, 04, BE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 32 7CA409CC 26 Bytes [ 45, FC, FF, 30, 6A, 00, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 4D 7CA409E7 58 Bytes [ 8B, 45, FC, 47, 3B, 7D, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 88 7CA40A22 82 Bytes [ FF, FF, 33, DB, 8B, F8, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstW + 37 7CA40D96 7 Bytes JMP 7CA4DF23 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstW + 3F 7CA40D9E 85 Bytes [ 83, 7D, FC, 02, 5F, 5E, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstW + 95 7CA40DF4 26 Bytes [ 8B, F0, 8D, 84, 3E, 09, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstW + B0 7CA40E0F 25 Bytes [ 15, 28, 16, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteEx + 4 7CA40E29 38 Bytes [ 7D, 08, 83, C0, F6, 89, 43, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteEx + 2B 7CA40E50 48 Bytes [ 5E, 25, 0E, 00, 07, 80, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteEx + 5C 7CA40E81 68 Bytes [ 15, 80, 14, 9C, 7C, 57, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteEx + A1 7CA40EC6 88 Bytes [ 2B, 45, 0C, 1B, 55, 10, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteEx + FA 7CA40F1F 7 Bytes [ 55, 8B, EC, 51, 56, 8B, F1 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteA + 4B 7CA4119B 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteA + 4D 7CA4119D 12 Bytes CALL 7C9E83EC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteA + 5A 7CA411AA 64 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteA + 9B 7CA411EB 50 Bytes [ 08, FF, 15, B8, 1D, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteA + CE 7CA4121E 19 Bytes [ F8, 50, 68, C0, 51, 9C, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CommandLineToArgvW + 1 7CA41349 9 Bytes CALL 7C9E8480 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CommandLineToArgvW + B 7CA41353 150 Bytes [ 90, 90, 90, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CommandLineToArgvW + A2 7CA413EA 9 Bytes [ 83, 7E, 20, 00, 57, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CommandLineToArgvW + AD 7CA413F5 78 Bytes [ FF, 15, 08, 1E, 9C, 7C, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CommandLineToArgvW + FC 7CA41444 77 Bytes [ 5D, 08, 56, 57, 8B, F1, 56, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A 7CA41F80 84 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 5F 7CA41FD5 1 Byte [ 39 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 6F 7CA41FE5 53 Bytes [ 8B, F0, 8D, 7D, EC, A5, A5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + A5 7CA4201B 80 Bytes CALL 7C9F7D79 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + F6 7CA4206C 70 Bytes [ 61, 00, 6D, 00, 65, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellAboutW + 3F 7CA62EAE 118 Bytes [ 6C, 00, 2C, 00, 2D, 00, 36, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellAboutA + 67 7CA62F25 70 Bytes [ 00, 90, 90, 78, 00, 70, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellAboutA + AE 7CA62F6C 31 Bytes [ 00, 00, 90, 90, 70, 00, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellAboutA + CE 7CA62F8C 27 Bytes [ 32, 00, 30, 00, 32, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellAboutA + EA 7CA62FA8 3 Bytes [ 6C, 00, 6C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellAboutA + EE 7CA62FAC 107 Bytes [ 2C, 00, 30, 00, 00, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHQueryRecycleBinW + 55 7CA66925 62 Bytes [ FF, FF, 15, B0, 1C, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHQueryRecycleBinA + 2 7CA66964 33 Bytes [ 15, AC, 15, 9C, 7C, 8D, 86, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHQueryRecycleBinA + 24 7CA66986 21 Bytes [ 15, 44, 19, 9F, 7C, 83, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHQueryRecycleBinA + 3A 7CA6699C 19 Bytes [ FF, 50, FF, 75, 14, E8, 7B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHQueryRecycleBinA + 4E 7CA669B0 2 Bytes [ 8D, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHQueryRecycleBinA + 51 7CA669B3 66 Bytes [ FB, FF, FF, FF, 75, 10, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 2 7CA66C63 6 Bytes [ FF, 53, E8, 3C, EE, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 9 7CA66C6A 30 Bytes [ 39, B5, DC, F9, FF, FF, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 29 7CA66C8A 31 Bytes [ 18, 01, 00, 00, 74, 08, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 4A 7CA66CAB 14 Bytes CALL 7CA640C7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 59 7CA66CBA 62 Bytes [ 8D, 1C, 9D, C0, 58, BD, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 2E 7CA66CF9 89 Bytes [ 35, A4, F5, BC, 7C, E8, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 88 7CA66D53 110 Bytes [ 56, 0F, 94, C1, 56, 56, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinA + F7 7CA66DC2 55 Bytes [ FF, 0F, 94, C0, 89, 41, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 12F 7CA66DFA 9 Bytes [ 56, 57, 8B, 7D, 08, 89, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 139 7CA66E04 5 Bytes [ FF, 8D, 85, DC, F7 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 18 7CA66E42 112 Bytes [ 85, C0, 0F, 84, 4A, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 89 7CA66EB3 183 Bytes [ 8D, 85, DC, F7, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 141 7CA66F6B 24 Bytes [ D8, BE, 04, 01, 00, 00, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 15A 7CA66F84 13 Bytes [ 08, FE, FF, FF, 50, 57, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 168 7CA66F92 3 Bytes [ 32, 68, AC ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WriteCabinetState + 7E 7CA6718D 54 Bytes [ 15, 88, 1C, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WriteCabinetState + B5 7CA671C4 15 Bytes [ FF, 00, EB, 0C, FF, 15, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WriteCabinetState + C5 7CA671D4 135 Bytes [ 83, BD, BC, F7, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WriteCabinetState + 14D 7CA6725C 7 Bytes [ 15, 60, 1C, 9C, 7C, 57, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WriteCabinetState + 155 7CA67264 39 Bytes [ B5, D8, F7, FF, FF, 89, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFreeNameMappings + 2E 7CA690F7 59 Bytes [ FF, 89, 9E, 18, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFreeNameMappings + 6A 7CA69133 22 Bytes [ 07, 3B, C3, 74, 09, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFreeNameMappings + 81 7CA6914A 19 Bytes [ 15, F4, 15, 9C, 7C, 89, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFreeNameMappings + 95 7CA6915E 19 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFreeNameMappings + A9 7CA69172 20 Bytes [ 76, 04, 33, DB, 89, 5D, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectory + 7 7CA6A8D4 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectory + 9 7CA6A8D6 18 Bytes [ 41, 56, 8B, 75, 08, 57, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExA + 1 7CA6A8E9 15 Bytes CALL 7CA6A787 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExA + 11 7CA6A8F9 23 Bytes [ FF, 15, 64, 1D, 9C, 7C, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExA + 29 7CA6A911 50 Bytes [ 15, DC, 1D, 9C, 7C, 5F, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExA + 5D 7CA6A945 22 Bytes [ 00, 8B, 51, 34, 85, D2, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateDirectoryExA + 74 7CA6A95C 96 Bytes [ D7, FF, B6, EC, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperationW + 24 7CA70860 27 Bytes [ 00, 8B, 86, A4, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperationW + 41 7CA7087D 225 Bytes [ 00, C7, 46, 3C, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperationW + 123 7CA7095F 11 Bytes [ A1, 48, F5, BC, 7C, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperationW + 12F 7CA7096B 8 Bytes [ FC, 8B, 45, 0C, 57, 8B, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperationW + 138 7CA70974 56 Bytes [ 40, 85, C0, BF, 00, 01, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperation + 4B 7CA70B6F 41 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperation + 75 7CA70B99 67 Bytes [ 85, F4, FD, FF, FF, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperation + B9 7CA70BDD 56 Bytes [ FF, EB, 2B, 8B, 3D, AC, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperation + F2 7CA70C16 16 Bytes [ FF, 8B, 46, 40, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFileOperation + 103 7CA70C27 36 Bytes [ FF, 00, 01, 00, 00, 75, 19, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLL + 3D 7CA716A5 27 Bytes JMP 7CA71315 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLL + 59 7CA716C1 88 Bytes [ 00, 50, 8D, 86, F4, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA7171A 5 Bytes [ 50, 8D, 86, F4, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLL + B9 7CA71721 91 Bytes CALL 7CA6BA0F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 20 7CA7177D 38 Bytes [ B5, 04, F9, FF, FF, E8, AD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 47 7CA717A4 29 Bytes [ 83, F8, FF, 74, 11, 8D, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA717C2 11 Bytes [ FF, 68, 04, 01, 00, 00, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA717CE 7 Bytes [ 8D, 85, B4, FD, FF, FF, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 79 7CA717D6 108 Bytes [ 15, AC, 1C, 9C, 7C, 56, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRunControlPanel + 11 7CA72336 5 Bytes [ 5D, C2, 1C, 00, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHRunControlPanel + 1A 7CA7233F 40 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLL + 28 7CA72368 99 Bytes [ 5D, C2, 1C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLLW + 33 7CA723CC 72 Bytes [ 75, 34, 0F, B7, C0, 50, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 23 7CA72415 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 41 7CA72433 67 Bytes [ 0C, 53, 8B, 5D, 08, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 85 7CA72477 45 Bytes [ 85, DB, 74, 0D, 6A, 20, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLLAsUserW + B3 7CA724A5 62 Bytes [ 9C, 7C, 8B, 45, B4, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Control_RunDLLAsUserW + F2 7CA724E4 25 Bytes [ D7, 66, 85, C0, 66, 89, 06, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconEx + 7 7CA72A4D 25 Bytes CALL 7CA72A4F C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DuplicateIcon + 10 7CA72A67 32 Bytes [ FF, 7C, AE, 3B, 9D, F0, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DuplicateIcon + 31 7CA72A88 6 Bytes [ FF, 83, 20, 00, EB, 4D ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DuplicateIcon + 38 7CA72A8F 85 Bytes [ B5, E0, FD, FF, FF, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DuplicateIcon + 8E 7CA72AE5 25 Bytes [ 59, F7, FF, C9, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DuplicateIcon + A8 7CA72AFF 24 Bytes [ 04, 56, 89, 75, FC, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FreeIconList + C 7CA72B19 22 Bytes [ 89, 75, 08, FF, B6, 88, CC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FreeIconList + 23 7CA72B30 88 Bytes [ 86, 8C, CC, 9D, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoW + 1B 7CA72B89 53 Bytes [ B6, 94, CC, 9D, 7C, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoW + 51 7CA72BBF 28 Bytes [ 6A, 00, FF, 75, FC, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoW + 6E 7CA72BDC 40 Bytes [ A1, 48, F5, BC, 7C, 53, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoW + 97 7CA72C05 15 Bytes CALL 7C9ED058 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoW + A7 7CA72C15 38 Bytes [ 00, 68, 01, 26, 00, 00, 53, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoA + 11 7CA73088 24 Bytes [ F3, AB, 68, 08, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoA + 2A 7CA730A1 6 Bytes [ FF, 50, 8D, 85, D4, F7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoA + 32 7CA730A9 29 Bytes CALL 7CA728BC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconResInfoA + 50 7CA730C7 49 Bytes [ FF, 50, 68, 19, 00, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 17 7CA730FA 23 Bytes [ FF, 15, 30, 1C, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 2F 7CA73112 3 Bytes [ 4D, FC, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 33 7CA73116 6 Bytes [ C6, 5E, E8, D3, 52, F7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 3A 7CA7311D 42 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 65 7CA73148 3 Bytes [ 85, F4, FD ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 20 7CA732CE 10 Bytes [ 75, 0C, FF, 75, 10, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 2D 7CA732DB 24 Bytes [ F8, 56, FF, 15, 34, 16, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 48 7CA732F6 57 Bytes [ 00, 74, 16, FF, B5, EC, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 82 7CA73330 5 Bytes [ 75, 08, E8, 1C, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 89 7CA73337 121 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconW + 10 7CA733B1 115 Bytes [ 68, 08, 02, 00, 00, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconA + 26 7CA73425 8 Bytes [ 53, 8B, 5D, 10, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractIconA + 2F 7CA7342E 63 Bytes [ 8B, 7D, 0C, 89, 45, FC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListW + C 7CA7346F 10 Bytes [ 33, C0, 40, EB, 05, 83, 26, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListW + 17 7CA7347A 36 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListW + 3C 7CA7349F 36 Bytes [ 33, C0, F3, A7, 74, 1E, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!InternalExtractIconListW + 61 7CA734C4 211 Bytes [ 75, 08, 8D, 46, 04, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconA + 2B 7CA73598 14 Bytes [ 40, 04, 89, 48, 10, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconA + 3A 7CA735A7 26 Bytes [ 48, 0C, 89, 03, 33, C0, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconA + 55 7CA735C2 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconA + 60 7CA735CD 51 Bytes [ 6A, 10, 33, C0, 33, C9, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ExtractAssociatedIconA + 94 7CA73601 31 Bytes [ 55, 8B, EC, 83, EC, 34, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstA + 4 7CA736B6 53 Bytes [ D1, 0F, AF, D1, 03, D0, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstA + 3A 7CA736EC 114 Bytes [ FF, 89, 45, FC, EB, 40, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstA + AD 7CA7375F 50 Bytes [ 8D, 45, CC, 50, FF, 15, 28, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DoEnvironmentSubstA + E0 7CA73792 174 Bytes CALL CCF7F7CA
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + 99 7CA73841 38 Bytes [ 15, 14, 11, 9C, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + C1 7CA73869 2 Bytes [ 48, 11 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + C6 7CA7386E 37 Bytes [ 3D, 4C, 12, 9C, 7C, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + EC 7CA73894 43 Bytes [ D3, 8B, D8, 53, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + 118 7CA738C0 37 Bytes [ 38, 8B, 45, 1C, FF, 30, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHHelpShortcuts_RunDLLW + B 7CA739DD 36 Bytes [ 75, F4, 48, 50, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHObjectProperties + 20 7CA73A02 26 Bytes [ FF, 75, FC, FF, 75, F8, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHObjectProperties + 3B 7CA73A1D 13 Bytes [ 15, 40, 12, 9C, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHObjectProperties + 83 7CA73A65 25 Bytes [ 0C, FF, 15, 48, 1E, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHObjectProperties + 9D 7CA73A7F 10 Bytes [ 8B, 35, 54, 12, 9C, 7C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHObjectProperties + AA 7CA73A8C 39 Bytes [ FF, D6, 8B, C7, 5F, 5E, C9, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellMessageBoxA + 2 7CA73E03 17 Bytes [ FF, 66, 89, 01, C7, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellMessageBoxA + 15 7CA73E16 24 Bytes [ 66, 39, 5D, 10, 0F, 85, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellMessageBoxA + 2E 7CA73E2F 37 Bytes [ FF, D7, 83, F8, 04, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellMessageBoxA + 54 7CA73E55 56 Bytes [ FF, 6B, C0, 0E, 83, C0, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellMessageBoxA + 8E 7CA73E8F 1 Byte [ 66 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushClipboard + D 7CA73EDC 21 Bytes [ FF, FF, 15, F0, 14, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushClipboard + 23 7CA73EF2 10 Bytes [ 8B, BD, D8, FD, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushClipboard + 2E 7CA73EFD 11 Bytes [ FF, 8B, 95, D8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushClipboard + 3A 7CA73F09 36 Bytes [ FF, 0E, 8D, B5, E4, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFlushClipboard + 5F 7CA73F2E 13 Bytes [ 89, 85, DC, FD, FF, FF, 72, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowA + 38 7CA74BB9 7 Bytes [ 75, 08, 89, 5D, D8, FF, D6 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowA + 40 7CA74BC1 42 Bytes [ 75, 08, FF, 15, 54, 1E, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowA + 6B 7CA74BEC 118 Bytes [ 75, 08, FF, 15, B8, 1D, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowA + E2 7CA74C63 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathIsSlowA + E9 7CA74C6A 58 Bytes [ 55, 8B, EC, FF, 75, 0C, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathGetShortPath + 2 7CA74F80 33 Bytes [ 8B, 45, 08, 8B, 00, 3B, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathGetShortPath + 24 7CA74FA2 38 Bytes [ 75, 10, 8B, 7D, 0C, 68, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathGetShortPath + 4B 7CA74FC9 55 Bytes [ DE, 1B, F6, 46, 5F, 8B, C6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathGetShortPath + 83 7CA75001 31 Bytes [ 85, C0, 74, 16, FF, 75, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathGetShortPath + A3 7CA75021 56 Bytes [ F6, 7D, 07, 57, FF, 15, 20, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDriveA + 24 7CA7511E 28 Bytes [ 8D, 45, EC, 50, FF, 15, 38, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!IsLFNDriveA + 41 7CA7513B 18 Bytes [ 55, 8B, EC, 81, EC, 14, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathQualify + B 7CA7514F 40 Bytes [ 10, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathQualify + 34 7CA75178 44 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathQualify + 61 7CA751A5 50 Bytes [ FF, A1, A4, 5D, BD, 7C, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathQualify + 95 7CA751D9 10 Bytes [ 04, 00, 00, 00, 89, 9D, 54, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathQualify + A0 7CA751E4 22 Bytes [ D7, 85, C0, 75, 14, 83, BD, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathMakeUniqueName + 12 7CA7553E 19 Bytes [ 08, 68, 98, 45, A7, 7C, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathMakeUniqueName + 26 7CA75552 7 Bytes [ FF, 85, C0, 75, 29, 68, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathMakeUniqueName + 2E 7CA7555A 29 Bytes CALL 7C9ED057 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathMakeUniqueName + 4C 7CA75578 2 Bytes [ E2, F9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PathMakeUniqueName + 4F 7CA7557B 42 Bytes [ FF, 85, C0, 75, 04, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PickIconDlg + 19 7CA763E0 29 Bytes [ 7D, 08, 89, 95, E0, FB, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PickIconDlg + 37 7CA763FE 7 Bytes [ 45, 0C, 8B, BD, D4, FB, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PickIconDlg + 3F 7CA76406 4 Bytes [ 8B, 9D, D0, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PickIconDlg + 44 7CA7640B 10 Bytes [ FF, 03, C0, 89, 85, C8, FB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PickIconDlg + 4F 7CA76416 17 Bytes [ B5, DC, FB, FF, FF, 2B, C7, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHInvokePrinterCommandA + 5B 7CA77241 10 Bytes [ 15, 98, 1D, 9C, 7C, E9, E1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHInvokePrinterCommandA + 66 7CA7724C 58 Bytes [ 35, 50, 1D, 9C, 7C, 6A, 0B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHInvokePrinterCommandA + A1 7CA77287 18 Bytes [ 15, 30, 11, 9C, 7C, 33, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHInvokePrinterCommandA + B4 7CA7729A 8 Bytes [ 76, 18, FF, 15, 2C, 11, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHInvokePrinterCommandA + BD 7CA772A3 247 Bytes CALL 7CA1BEDE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PrintersGetCommand_RunDLL + 28 7CA7739B 168 Bytes [ 56, 89, 07, FF, 15, 34, 16, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA77444 2 Bytes [ 75, 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 4F 7CA77447 3 Bytes [ 45, F4, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 53 7CA7744B 8 Bytes [ 75, F8, FF, 75, FC, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 5C 7CA77454 8 Bytes [ 75, 08, FF, 75, 18, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 66 7CA7745E 64 Bytes [ 75, 2E, FF, D3, 83, F8, 7A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAddFromPropSheetExtArray + 2 7CA77818 109 Bytes [ 3C, 00, 00, 00, C7, 85, 54, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + 18 7CA77886 74 Bytes [ F8, FF, 15, 00, 10, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + 63 7CA778D1 78 Bytes [ 80, 00, 00, 56, 89, 85, E4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + B2 7CA77920 7 Bytes [ C7, 74, 38, 66, 39, 38, 74 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + BA 7CA77928 79 Bytes CALL 7CA349D3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + 10B 7CA77979 5 Bytes [ 50, E8, D0, 73, 04 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 20 7CA77A66 95 Bytes [ D6, 8D, 44, 00, 02, 01, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 80 7CA77AC6 14 Bytes [ C6, 5B, 5F, 5E, C9, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 8F 7CA77AD5 104 Bytes [ 55, 8B, EC, 6A, 00, 68, 4F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + F8 7CA77B3E 70 Bytes [ 55, 8B, EC, 81, EC, 3C, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 13F 7CA77B85 21 Bytes [ FF, FF, D7, 8D, 85, EC, FB, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryPoint + 1E 7CA77BD9 69 Bytes [ 34, 16, 9C, 7C, EB, 0C, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragFinish + 7 7CA77C1F 56 Bytes [ 50, 8D, 85, EC, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFile + 2F 7CA77C58 43 Bytes [ 50, 56, 8D, 85, DC, F7, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFile + 5B 7CA77C84 17 Bytes [ B5, C8, F7, FF, FF, E8, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFile + 6D 7CA77C96 18 Bytes [ 8D, 85, D4, F7, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFile + 80 7CA77CA9 52 Bytes [ 8B, 85, D4, F7, FF, FF, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DragQueryFile + B5 7CA77CDE 9 Bytes [ 74, 31, FF, 75, 10, 8D, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialogEx + 2D 7CA783C5 17 Bytes [ 7E, 11, FF, 75, 14, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialogEx + 3F 7CA783D7 44 Bytes [ FF, FF, 75, FC, FF, 15, 34, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialogEx + 6D 7CA78405 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialogEx + 93 7CA7842B 11 Bytes [ 59, 89, 85, A4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialogEx + 9F 7CA78437 28 Bytes CALL 06A78437
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialog + 7 7CA78C8C 13 Bytes [ 75, 11, 53, C7, 05, 58, 59, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialog + 15 7CA78C9A 29 Bytes [ 15, 48, 14, 9C, 7C, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialog + 33 7CA78CB8 21 Bytes [ 15, 08, 16, 9C, 7C, C3, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialog + 49 7CA78CCE 8 Bytes [ A1, 48, F5, BC, 7C, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RestartDialog + 52 7CA78CD7 22 Bytes [ 45, 08, 89, 85, 34, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHOpenPropSheetW + A 7CA7964B 123 Bytes [ FF, 15, 78, 1D, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHOpenPropSheetW + 86 7CA796C7 18 Bytes [ 6A, 01, 68, 10, F0, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHOpenPropSheetW + 9B 7CA796DC 50 Bytes [ 8B, 75, 10, 83, E6, F0, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHOpenPropSheetW + CE 7CA7970F 59 Bytes [ 35, A4, F5, BC, 7C, 89, 35, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHOpenPropSheetW + 10A 7CA7974B 74 Bytes [ 14, 56, FF, 75, 08, C7, 05, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesW + 85 7CA7B32D 9 Bytes [ 75, 10, 74, 11, 56, 68, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesW + 8F 7CA7B337 8 Bytes [ 8D, 8D, 44, F9, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesW + 98 7CA7B340 66 Bytes [ 50, 10, 53, FF, 15, 08, 16, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesA + 32 7CA7B383 30 Bytes [ FF, 15, 40, 1C, 9C, 7C, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesA + 51 7CA7B3A2 57 Bytes [ 55, 8B, EC, 51, 51, E8, 24, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesA + 8B 7CA7B3DC 100 Bytes [ 15, 04, 16, 9C, 7C, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CheckEscapesA + F0 7CA7B441 92 Bytes [ 8D, B7, BC, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrCpyNA + 17 7CA7B49E 89 Bytes [ D6, 85, C0, 5E, 74, 0F, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpW + 36 7CA7B4F9 27 Bytes [ F7, D8, 1B, C0, 23, 45, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpW + 52 7CA7B515 53 Bytes [ 65, FC, 00, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpA + 2 7CA7B54B 105 Bytes CALL 7CB9E284 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpA + 6C 7CA7B5B5 4 Bytes [ 35, A4, F5, BC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpA + 71 7CA7B5BA 163 Bytes [ FF, 15, 54, 1D, 9C, 7C, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpIA + 30 7CA7B65E 26 Bytes [ 85, C0, 0F, 85, 6E, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpIA + 4B 7CA7B679 26 Bytes [ FF, 36, FF, 15, 34, 16, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCmpIA + 66 7CA7B694 145 Bytes [ 55, 8B, EC, 81, EC, CC, 05, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrNCpyA + 35 7CA7B726 30 Bytes [ 50, 68, A4, 52, 9C, 7C, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrRStrW + 4 7CA7B745 54 Bytes [ 85, 4C, FA, FF, FF, 0F, B7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrRStrW + 3B 7CA7B77C 360 Bytes [ FF, 50, 68, 53, 33, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetPathOffsetW + 75 7CA7B8E5 6 Bytes [ 00, 8D, 85, 50, FA, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirW + 2 7CA7B8EC 35 Bytes [ 50, 53, 68, 80, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirW + 26 7CA7B910 15 Bytes [ 83, A5, 4C, FA, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirW + 36 7CA7B920 49 Bytes [ 00, 0F, 8E, 9A, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirW + 68 7CA7B952 5 Bytes [ 00, E8, 1D, 32, F9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirW + 6E 7CA7B958 30 Bytes [ 8B, 9D, 34, FA, FF, FF, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirA + 29 7CA7B9B5 150 Bytes [ 3B, 86, B8, 00, 00, 00, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirW + 56 7CA7BA4C 84 Bytes [ 40, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirW + AB 7CA7BAA1 5 Bytes [ 56, E8, C2, F9, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirW + B1 7CA7BAA7 34 Bytes [ EB, 53, 57, 8B, 7D, 14, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirW + D4 7CA7BACA 19 Bytes [ 15, 70, 1E, 9C, 7C, EB, 2B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirW + E8 7CA7BADE 11 Bytes [ 70, 0C, EB, E7, 8B, 4D, 14, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirA + A 7CA7BBE4 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirA + 2D 7CA7BC07 11 Bytes [ 00, 00, 04, 89, 45, FC, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirA + 39 7CA7BC13 45 Bytes [ C0, 0F, 85, CF, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetCurDrive + E 7CA7BC41 82 Bytes [ BC, FE, FF, FF, 89, 85, C4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheSetCurDrive + 3B 7CA7BC94 12 Bytes [ 15, B0, 1C, 9C, 7C, EB, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheSetCurDrive + 48 7CA7BCA1 74 Bytes [ 80, 8D, B9, FE, FF, FF, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathA + 42 7CA7BCEC 2 Bytes [ 07, 80 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathA + 45 7CA7BCEF 59 Bytes [ 4D, FC, 5F, 5E, 5B, E8, F7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathA + 81 7CA7BD2B 43 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathA + AD 7CA7BD57 81 Bytes [ 00, 00, 48, C7, 85, A0, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathW + 4D 7CA7BDA9 38 Bytes [ 35, A4, F5, BC, 7C, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathW + 74 7CA7BDD0 32 Bytes [ 8B, D8, 85, DB, 74, 15, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathW + 95 7CA7BDF1 10 Bytes CALL 7C9EBAEC C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheFullPathW + A0 7CA7BDFC 114 Bytes [ 8B, 4D, FC, 5E, 5B, E8, EA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirExW + 5B 7CA7BE6F 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirExW + 62 7CA7BE76 48 Bytes [ 55, 8B, EC, 81, EC, 1C, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirExW + 93 7CA7BEA7 4 Bytes [ C7, 85, E8, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirExW + 98 7CA7BEAC 23 Bytes [ FF, 02, 00, 00, 00, 50, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheGetDirExW + B0 7CA7BEC4 9 Bytes [ 68, 08, 02, 00, 00, 50, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExW + 33 7CA7BF44 41 Bytes [ 8B, 4D, FC, 8B, 85, E8, FB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExW + 5D 7CA7BF6E 21 Bytes [ 4D, 14, 53, 8B, 5D, 08, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExW + 73 7CA7BF84 52 Bytes [ FF, 89, 85, 40, F7, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExW + A8 7CA7BFB9 7 Bytes [ 00, 00, 8D, 85, 38, F7, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExW + B0 7CA7BFC1 55 Bytes [ 50, 8D, 85, 44, F7, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExA + 1F 7CA7C1B4 196 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExA + E5 7CA7C27A 17 Bytes [ 0C, 8B, 45, 08, 83, C0, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExA + FA 7CA7C28F 25 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExA + 114 7CA7C2A9 36 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheChangeDirExA + 139 7CA7C2CE 59 Bytes CALL BDB436F6
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RegenerateUserEnvironment + 1B 7CA7D301 3 Bytes [ 85, F0, EF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RegenerateUserEnvironment + 20 7CA7D306 5 Bytes [ 50, 8D, 85, E8, EF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RegenerateUserEnvironment + 26 7CA7D30C 9 Bytes [ FF, 50, FF, 36, 66, 89, BD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RegenerateUserEnvironment + 30 7CA7D316 10 Bytes [ FF, 66, C7, 85, F2, EF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RegenerateUserEnvironment + 3B 7CA7D321 5 Bytes [ 15, 10, 17, 9C, 7C ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_CloseProperties + 11 7CA82AE5 1 Byte [ C0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_CloseProperties + 13 7CA82AE7 77 Bytes [ 07, 66, 83, 4E, 02, FF, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_CloseProperties + 61 7CA82B35 50 Bytes [ 50, 6A, 40, 8D, 85, 64, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_CloseProperties + 94 7CA82B68 71 Bytes [ 85, 54, FF, FF, FF, FF, 48, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_CloseProperties + DC 7CA82BB0 100 Bytes [ A8, FD, FF, FF, 8B, 45, 18, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_GetProperties + 18 7CA83208 11 Bytes CALL 7C9E83ED C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_GetProperties + 24 7CA83214 22 Bytes [ 90, 90, 90, 90, 90, E8, BB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_GetProperties + 3B 7CA8322B 15 Bytes [ FF, 55, 8B, EC, 68, 00, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_GetProperties + 4B 7CA8323B 71 Bytes CALL 7CA2BFF1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_GetProperties + 93 7CA83283 78 Bytes [ 00, 74, 04, 33, C0, EB, 2C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_SetProperties + 43 7CA83AB2 46 Bytes [ 00, 75, 07, A1, 44, B1, BD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_SetProperties + 72 7CA83AE1 11 Bytes [ FF, 8B, F0, 85, F6, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_SetProperties + 7E 7CA83AED 10 Bytes [ 00, 00, 00, 8B, 4D, 0C, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_SetProperties + 8C 7CA83AFB 62 Bytes [ 40, 8B, 46, 10, A8, 01, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_SetProperties + CB 7CA83B3A 22 Bytes [ 8B, 46, 40, 83, F8, FF, 74, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_OpenProperties + FB 7CA84068 31 Bytes [ DD, 9D, 7C, FF, 15, 2C, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_OpenProperties + 11B 7CA84088 38 Bytes [ 15, 14, 1C, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_OpenProperties + 143 7CA840B0 34 Bytes [ C9, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_OpenProperties + 166 7CA840D3 11 Bytes [ 51, 8D, 8D, EC, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!PifMgr_OpenProperties + 172 7CA840DF 18 Bytes [ 00, 53, 33, FF, 89, 45, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheRemoveQuotesW + 6 7CA8BF81 81 Bytes [ 4D, B8, 8B, 40, 04, C1, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheRemoveQuotesA + 1C 7CA8BFD3 9 Bytes [ 75, B0, 89, 75, B4, FF, D3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheRemoveQuotesA + 26 7CA8BFDD 84 Bytes [ 21, 8B, 45, AC, 8B, 48, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheRemoveQuotesA + 7B 7CA8C032 96 Bytes [ 89, 48, 22, 8D, 45, B4, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathW + 25 7CA8C093 35 Bytes [ 75, B0, C7, 45, B4, 40, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathW + 49 7CA8C0B7 27 Bytes [ 83, 60, 02, 00, 6A, 04, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathW + 65 7CA8C0D3 7 Bytes [ 75, B4, FF, D3, 85, C0, 75 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathW + 6D 7CA8C0DB 28 Bytes [ 8B, 45, AC, 8B, 40, 04, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathW + 8A 7CA8C0F8 143 Bytes [ B0, 89, 75, B4, FF, D3, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathA + 3B 7CA8C25C 61 Bytes [ 75, B4, FF, D6, 83, 65, AC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathA + 79 7CA8C29A 135 Bytes [ 75, B4, FF, D6, 01, 5D, A8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathA + 101 7CA8C322 7 Bytes [ D6, 8B, 47, 04, 0F, B7, 48 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathA + 109 7CA8C32A 22 Bytes [ 0F, B7, 40, 10, 53, C1, E1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheShortenPathA + 120 7CA8C341 2 Bytes [ 75, B4 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheConvertPathW + 16 7CA8C5EC 17 Bytes [ 00, 80, 80, 80, 00, 8B, 42, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheConvertPathW + 28 7CA8C5FE 128 Bytes [ 8B, 42, 04, C7, 80, B4, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheConvertPathW + A9 7CA8C67F 9 Bytes [ EC, 20, FF, 75, 0C, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheConvertPathW + B4 7CA8C68A 2 Bytes [ 14, 17 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SheConvertPathW + B9 7CA8C68F 61 Bytes [ 45, 08, 83, 65, F0, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLL 7CA8E029 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLL + 4 7CA8E02D 28 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLL + 21 7CA8E04A 9 Bytes [ 74, 6C, 83, F8, FC, 74, 0E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLL + 2B 7CA8E054 20 Bytes [ 74, 37, 83, F8, FE, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLL + 40 7CA8E069 28 Bytes [ 15, 9C, 1A, 9C, 7C, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLLW + 2 7CA8E0E5 70 Bytes [ 15, E0, 1D, 9C, 7C, EB, 0E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLLW + 49 7CA8E12C 20 Bytes [ 76, 10, FF, 15, 68, 1D, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLLW + 5E 7CA8E141 93 Bytes [ BB, 09, 35, 00, 00, 74, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLLW + BC 7CA8E19F 1 Byte [ 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!OpenAs_RunDLLW + BE 7CA8E1A1 46 Bytes [ EC, 83, EC, 30, 53, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Activate_RunDLL + 1B 7CA8F0AF 29 Bytes [ FF, 07, 00, 00, 00, E8, 21, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Activate_RunDLL + 39 7CA8F0CD 39 Bytes [ 15, 28, F2, BB, 7C, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Activate_RunDLL + 61 7CA8F0F5 6 Bytes [ 5D, 08, 56, 8B, 75, 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Activate_RunDLL + 68 7CA8F0FC 2 Bytes [ 89, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Activate_RunDLL + 6B 7CA8F0FF 10 Bytes CALL 7C9F07DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CA9217E 75 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 9A 7CA921CA 32 Bytes CALL 7C9EB8E6 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHIsFileAvailableOffline + BB 7CA921EB 26 Bytes [ FC, FF, FF, 6A, 00, 56, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHIsFileAvailableOffline + D6 7CA92206 16 Bytes CALL 7CA91E32 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHIsFileAvailableOffline + E7 7CA92217 147 Bytes [ 15, 34, 16, 9C, 7C, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 2F 7CA92549 83 Bytes CALL 7CA92486 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 83 7CA9259D 62 Bytes [ 00, 00, 00, B6, 63, A9, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C3 7CA925DD 6 Bytes [ 75, 08, E8, A4, 06, F8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + CA 7CA925E4 49 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + FC 7CA92616 41 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + C8 7CA92A59 63 Bytes [ 74, 0C, FF, B5, B0, FB, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 109 7CA92A9A 24 Bytes [ 18, FF, 75, 14, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 122 7CA92AB3 23 Bytes [ 74, 07, 6A, 00, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 13A 7CA92ACB 52 Bytes [ 55, 8B, EC, 56, FF, 75, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 16F 7CA92B00 61 Bytes [ 8B, D8, 0F, B7, 05, C0, F9, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteA + B4 7CA94AA0 17 Bytes CALL 7C9F9E2C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteA + C8 7CA94AB4 40 Bytes [ 05, BF, 00, 00, 40, 00, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteA + F1 7CA94ADD 11 Bytes [ 3B, C6, 8B, 5D, 10, 89, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteA + FD 7CA94AE9 89 Bytes [ 00, 6A, 13, 56, 56, 56, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPathPrepareForWriteA + 157 7CA94B43 49 Bytes [ FF, D6, 85, C0, 74, 4F, 68, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 2 7CA94D0A 56 Bytes CALL 7CA2D8CA C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 3B 7CA94D43 4 Bytes [ FF, BE, 00, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 41 7CA94D49 2 Bytes [ 0F, 84 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 44 7CA94D4C 82 Bytes [ 01, 00, 00, 85, C0, 75, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 97 7CA94D9F 6 Bytes [ 45, BC, 50, 6A, 12, 56 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 2C 7CA94F48 32 Bytes [ 8B, 0F, 80, E1, 01, F6, D9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 4D 7CA94F69 6 Bytes [ 68, 74, 96, 9C, 7C, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 54 7CA94F70 53 Bytes [ D6, 8B, 07, 83, E0, 10, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 8B 7CA94FA7 93 Bytes [ FF, 75, FC, FF, D6, 8B, 07, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHSetUnreadMailCountW + E9 7CA95005 99 Bytes [ 75, FC, FF, D6, 8B, 07, 25, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 1 7CA953A5 49 Bytes [ 85, F0, FD, FF, FF, 5F, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 33 7CA953D7 42 Bytes [ 8B, 45, 14, 53, 8B, 5D, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 5E 7CA95402 2 Bytes [ FF, 15 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 61 7CA95405 15 Bytes [ 1C, 9C, 7C, 33, FF, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 71 7CA95415 21 Bytes [ 85, EC, FD, FF, FF, 89, BD, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFormatDrive + 27 7CA982DC 2 Bytes [ 76, 30 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFormatDrive + 2A 7CA982DF 24 Bytes [ D7, 50, FF, D3, 6A, 01, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFormatDrive + 43 7CA982F8 23 Bytes [ 00, FF, 76, 30, FF, D7, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFormatDrive + 5B 7CA98310 20 Bytes [ 5E, 5B, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFormatDrive + 70 7CA98325 3 Bytes [ 00, A1, 48 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!AppCompat_RunDLLW + 2 7CA98A01 7 Bytes [ FF, 50, 53, 68, 43, 01, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!AppCompat_RunDLLW + A 7CA98A09 35 Bytes [ FF, B5, DC, FD, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!AppCompat_RunDLLW + 2F 7CA98A2E 1 Byte [ FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!AppCompat_RunDLLW + 34 7CA98A33 11 Bytes [ 7C, 13, FF, B5, D4, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!AppCompat_RunDLLW + 42 7CA98A41 7 Bytes CALL 7CA919D7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 37 7CA9A228 23 Bytes [ 55, 8B, EC, 51, 51, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 4F 7CA9A240 5 Bytes [ 1D, 94, 1D, 9C, 7C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 55 7CA9A246 86 Bytes [ FF, D3, 8B, CE, 89, 45, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + AC 7CA9A29D 79 Bytes CALL 7CA92AC7 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + FC 7CA9A2ED 33 Bytes [ F0, 85, F6, 7C, 14, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_AutoScroll + 17 7CAA54DD 29 Bytes [ 85, C0, 74, 14, 81, 78, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_AutoScroll + 35 7CAA54FB 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_AutoScroll + 3C 7CAA5502 30 Bytes [ 55, 8B, EC, 53, 56, 8B, 35, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_AutoScroll + 5B 7CAA5521 142 Bytes [ 00, 57, FF, D6, 53, 68, 2E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_AutoScroll + EA 7CAA55B0 66 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_DragEnterEx + 3 7CAAE9AB 122 Bytes [ F8, D1, F8, 03, D1, 3B, D3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_DragMove + 25 7CAAEA26 68 Bytes [ 03, 57, 57, 57, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_SetDragImage + 2A 7CAAEA6B 52 Bytes [ 75, F8, FF, 75, 0C, FF, D3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_SetDragImage + 5F 7CAAEAA0 24 Bytes CALL 7CA760A4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_SetDragImage + 78 7CAAEAB9 11 Bytes [ 75, F4, FF, 15, 58, 12, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_SetDragImage + 84 7CAAEAC5 64 Bytes [ 15, 54, 12, 9C, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_DragLeave + 2A 7CAAEB06 21 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_DragLeave + 40 7CAAEB1C 13 Bytes CALL 7CAAE92A C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DAD_DragLeave + 4E 7CAAEB2A 146 Bytes [ FF, 75, 10, FF, 76, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDoDragDrop + 80 7CAAEBBD 77 Bytes [ EB, 4B, 39, 44, BB, 58, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDoDragDrop + CE 7CAAEC0B 20 Bytes [ 44, BB, 58, 5F, 5B, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDoDragDrop + E3 7CAAEC20 85 Bytes [ 14, 83, 65, EC, 00, 56, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDoDragDrop + 139 7CAAEC76 53 Bytes [ D6, 8B, C7, 5F, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDoDragDrop + 16F 7CAAECAC 10 Bytes [ 89, 5D, FC, 75, 6A, 57, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllInstall + 46 7CAB1B72 48 Bytes [ 50, FF, D6, 83, C4, 10, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllInstall + 77 7CAB1BA3 13 Bytes [ 15, 10, 10, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllInstall + 86 7CAB1BB2 47 Bytes [ FF, FF, B5, B8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllInstall + B6 7CAB1BE2 27 Bytes [ 90, 90, 40, 00, 78, 00, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!DllInstall + D2 7CAB1BFE 97 Bytes [ 2C, 00, 2D, 00, 25, 00, 64, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconA + 1D 7CAB4BF3 27 Bytes [ 00, 50, 8D, 46, 38, 50, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconA + 39 7CAB4C0F 28 Bytes [ 85, C0, 74, 07, 8B, CF, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconA + 56 7CAB4C2C 43 Bytes [ 5F, 83, 7D, 0C, 05, 75, 0B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconA + 82 7CAB4C58 18 Bytes CALL 7C9EB04B C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHDefExtractIconA + 95 7CAB4C6B 118 Bytes [ 75, 1A, FF, 75, 14, C7, 46, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHValidateUNC + 3C 7CAB51DC 6 Bytes [ FF, 74, 0D, 81, F9, 38 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHValidateUNC + 43 7CAB51E3 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHValidateUNC + 45 7CAB51E5 12 Bytes JMP 7CAB52E3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHValidateUNC + 52 7CAB51F2 21 Bytes [ 85, C0, 0F, 85, EB, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHValidateUNC + 69 7CAB5209 63 Bytes CALL 7CAB3974 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SignalFileOpen + C 7CAB595C 30 Bytes [ 55, 8B, EC, 81, EC, AC, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SignalFileOpen + 2B 7CAB597B 74 Bytes [ 15, 5C, 1C, 9C, 7C, 8B, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SignalFileOpen + 76 7CAB59C6 3 Bytes [ 50, FC, 9D ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SignalFileOpen + 7A 7CAB59CA 37 Bytes [ 8D, 85, 5C, FC, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SignalFileOpen + A0 7CAB59F0 11 Bytes [ 10, 9C, 7C, 89, 9D, 58, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteExW + 75 7CAB5B56 10 Bytes CALL 7C9F3BB4 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteExW + 80 7CAB5B61 15 Bytes [ C0, 7C, 4F, 8D, 85, 54, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteExW + 90 7CAB5B71 11 Bytes [ 50, 6A, 00, 6A, 02, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteExW + 9C 7CAB5B7D 23 Bytes [ FF, 50, 53, FF, 15, 70, 1B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteA + B 7CAB5B95 11 Bytes [ 50, FF, 15, 28, 1C, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteA + 17 7CAB5BA1 17 Bytes [ B6, 4C, FB, 9D, 7C, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteA + 29 7CAB5BB3 11 Bytes [ 83, C6, 08, 83, FE, 50, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!RealShellExecuteW + 2 7CAB5BBF 145 Bytes CALL 7CA03717 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteW + 61 7CAB5C51 115 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteW + D5 7CAB5CC5 205 Bytes [ 89, 45, 10, 75, 61, 6A, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteW + 1A3 7CAB5D93 28 Bytes [ 75, 0C, FF, 15, 3C, 1C, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteW + 1C0 7CAB5DB0 26 Bytes [ A1, 48, F5, BC, 7C, 56, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExecuteW + 1DB 7CAB5DCB 18 Bytes CALL 7CA04965 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!GetFileNameFromBrowse + 18 7CAB72BB 5 Bytes [ 89, 9D, 0C, F1, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!GetFileNameFromBrowse + 1E 7CAB72C1 5 Bytes [ 89, B5, D8, F0, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!GetFileNameFromBrowse + 24 7CAB72C7 86 Bytes [ 89, 9D, DC, F0, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!GetFileNameFromBrowse + 7C 7CAB731F 26 Bytes [ 8B, 08, 50, FF, 51, 0C, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!GetFileNameFromBrowse + 97 7CAB733A 22 Bytes [ 5A, 17, 00, 00, 50, FF, 35, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILAppendID + 12 7CAB7693 35 Bytes [ FF, FF, 15, 40, 19, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILAppendID + 37 7CAB76B8 100 Bytes [ 0F, 84, 78, 04, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILAppendID + 9C 7CAB771D 10 Bytes CALL 7CAB6E74 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILAppendID + A7 7CAB7728 91 Bytes [ FF, 50, 8D, 85, EC, FB, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILAppendID + 103 7CAB7784 4 Bytes [ 15, 54, 1D, 9C ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPathA + 2 7CAB78E2 29 Bytes [ FF, C7, 04, 07, 80, 75, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPathA + 20 7CAB7900 3 Bytes [ B5, 58, F1 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPathA + 24 7CAB7904 24 Bytes [ FF, 01, 85, 4C, F1, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPathA + 3D 7CAB791D 12 Bytes [ 8B, 01, FF, B5, 4C, F1, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ILCreateFromPathA + 4A 7CAB792A 55 Bytes [ 85, 44, F1, FF, FF, 8B, 08, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 6B 7CAB9A8F 26 Bytes [ 8B, 45, E4, 2B, 45, EC, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 86 7CAB9AAA 78 Bytes [ 08, 8B, 45, D8, 33, D2, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + D5 7CAB9AF9 4 Bytes [ 00, FF, 76, 18 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + DA 7CAB9AFE 60 Bytes [ 15, 34, 1E, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 117 7CAB9B3B 27 Bytes [ D3, 8B, 3D, A4, 1D, 9C, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHHandleUpdateImage + 2 7CABAD48 27 Bytes CALL 7CABAD48 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHHandleUpdateImage + 1E 7CABAD64 2 Bytes [ FF, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHHandleUpdateImage + 22 7CABAD68 2 Bytes [ 30, 16 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHHandleUpdateImage + 26 7CABAD6C 32 Bytes [ 8D, 44, 00, 02, 50, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHHandleUpdateImage + 47 7CABAD8D 35 Bytes [ B5, E4, FB, FF, FF, FF, 15, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 2 7CABB30F 61 Bytes CALL 7CABA7E1 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 40 7CABB34D 24 Bytes [ 39, 8D, 85, EC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 59 7CABB366 12 Bytes [ B5, EC, FD, FF, FF, E8, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 66 7CABB373 164 Bytes [ 76, 08, FF, B5, F0, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageW + 2A 7CABB418 19 Bytes [ 8D, 47, F0, 50, 6A, 00, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageW + 3E 7CABB42C 18 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageW + 51 7CABB43F 14 Bytes [ 75, 10, 68, 7C, 01, 9E, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageW + 60 7CABB44E 63 Bytes [ 75, 10, FF, 77, F8, 53, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageW + A0 7CABB48E 28 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageA + 3F 7CABB56C 112 Bytes [ 3D, 68, 1C, 9C, 7C, BE, 98, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageA + B0 7CABB5DD 110 Bytes [ 00, 00, FF, B5, EC, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageA + 11F 7CABB64C 83 Bytes [ FF, 85, C0, 75, 13, FF, B5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageA + 174 7CABB6A1 21 Bytes [ 00, 00, 83, C6, 1C, 83, BD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHUpdateImageA + 18A 7CABB6B7 2 Bytes [ 4D, FC ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListA + 2 7CAC23E2 18 Bytes [ 36, FF, 15, A4, F6, 9E, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListA + 16 7CAC23F6 85 Bytes [ EB, C4, C7, 45, FC, 0E, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListA + 6C 7CAC244C 148 Bytes [ 75, 08, FF, 75, FC, E8, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListA + 101 7CAC24E1 6 Bytes [ 00, 00, 8B, C3, 83, E8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetDataFromIDListA + 108 7CAC24E8 62 Bytes [ 74, 08, 2B, C1, 0F, 85, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfo + 79 7CAC26D8 23 Bytes [ 51, 0C, 8B, D8, 3B, DE, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfo + 91 7CAC26F0 107 Bytes [ 75, 0C, FF, 15, 3C, 1A, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfo + FD 7CAC275C 6 Bytes JMP 7CAC2852 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfo + 104 7CAC2763 61 Bytes [ 34, 8D, 60, F0, A5, 7C, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetNewLinkInfo + 142 7CAC27A1 8 Bytes [ F9, 0A, 0F, 8C, A9, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHOpenFolderAndSelectItems + 7B 7CAC2A99 28 Bytes [ 7C, 0E, 8B, 4D, FC, F7, D9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellItem 7CAC2AB6 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellItem + 8 7CAC2ABE 29 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellItem + 26 7CAC2ADC 2 Bytes [ 4D, FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellItem + 29 7CAC2ADF 44 Bytes [ D9, 1B, C9, 83, E1, FE, 41, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellItem + 56 7CAC2B0C 47 Bytes [ 75, 08, 6A, 77, 6A, 06, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateFileExtractIconW + 9 7CAC2C2B 18 Bytes [ 59, 8B, 55, 14, 89, 0A, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateFileExtractIconW + 1C 7CAC2C3E 74 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateFileExtractIconW + 67 7CAC2C89 66 Bytes [ 75, 0C, FF, 75, 08, 6A, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateFileExtractIconW + AA 7CAC2CCC 79 Bytes [ 75, 08, 6A, 02, 6A, 0A, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateFileExtractIconW + FA 7CAC2D1C 63 Bytes [ 4D, FC, F7, D9, 1B, C9, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAppBarMessage + 87 7CAC3EE6 4 Bytes [ 8D, 85, 4C, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAppBarMessage + 8C 7CAC3EEB 36 Bytes [ FF, 50, FF, 15, 78, 15, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAppBarMessage + B1 7CAC3F10 82 Bytes [ FF, 5F, 5E, 8B, 4D, FC, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAppBarMessage + 104 7CAC3F63 42 Bytes [ FF, 89, B5, C4, F9, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHAppBarMessage + 12F 7CAC3F8E 31 Bytes [ 50, FF, 15, 4C, 1A, 9C, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHEnableServiceObject + 2 7CAC3FD1 100 Bytes [ D6, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetInstanceExplorer + 30 7CAC4036 16 Bytes [ FF, 50, FF, 15, 14, 1B, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetInstanceExplorer + 41 7CAC4047 24 Bytes [ 0F, 84, 33, 01, 00, 00, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetInstanceExplorer + 5A 7CAC4060 12 Bytes [ FF, 50, FF, B5, CC, F9, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetInstanceExplorer + 67 7CAC406D 50 Bytes [ FF, 50, FF, D3, FF, B5, D0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetInstanceExplorer + 9B 7CAC40A1 15 Bytes CALL 7CA0431E C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...

Edited by Crystal_Rod, 03 November 2008 - 11:20 PM.


#8 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 11:14 PM

GMER (2 OF 4 PARTS):


.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolderW + 17 7CAC6FB8 94 Bytes [ C1, C7, 00, D4, 67, 9D, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolderW + 76 7CAC7017 12 Bytes [ 50, 68, 00, 80, 00, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolderW + 83 7CAC7024 78 Bytes [ B5, F0, FD, FF, FF, E8, 23, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolderW + D3 7CAC7074 4 Bytes [ 08, 50, FF, 51 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolderW + D8 7CAC7079 142 Bytes [ 8B, 4D, FC, 33, C0, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolder + 6D 7CAC7108 11 Bytes CALL 7C9FF573 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolder + 79 7CAC7114 18 Bytes [ 1D, 5C, 1D, 9C, 7C, 89, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolder + 8C 7CAC7127 12 Bytes [ 50, 68, 44, 37, 00, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolder + 99 7CAC7134 25 Bytes [ 15, 6C, 1D, 9C, 7C, 83, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHBrowseForFolder + B3 7CAC714E 143 Bytes [ 15, E0, 1D, 9C, 7C, FF, 37, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WOWShellExecute + 29 7CAC8601 66 Bytes [ 8B, F0, EB, 02, 33, F6, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WOWShellExecute + 6C 7CAC8644 89 Bytes [ 8D, 55, EC, 52, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WOWShellExecute + C7 7CAC869F 60 Bytes [ 68, 28, B2, 9D, 7C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WOWShellExecute + 104 7CAC86DC 17 Bytes [ 75, 14, 6A, 00, 57, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!WOWShellExecute + 116 7CAC86EE 51 Bytes [ 75, 05, BE, 05, 40, 00, 80, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExec_RunDLLW + 2 7CAC87D6 19 Bytes CALL 7CA9B2AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExec_RunDLLW + 16 7CAC87EA 28 Bytes [ EC, 56, 8D, 45, 08, 50, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExec_RunDLLW + 33 7CAC8807 9 Bytes [ 75, 10, 8B, 08, 6A, 01, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExec_RunDLLW + 3D 7CAC8811 10 Bytes [ 51, 20, 8B, F0, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellExec_RunDLLW + 48 7CAC881C 26 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateProcessAsUserW + C 7CAC93A0 26 Bytes [ 19, 9C, 7C, F7, D8, 1B, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 28 7CAC93BC 18 Bytes [ 68, E0, 03, 00, 00, 6A, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 3B 7CAC93CF 71 Bytes [ 75, 08, FF, 15, EC, 1D, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 83 7CAC9417 5 Bytes [ 15, 68, 1C, 9C, 7C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 89 7CAC941D 16 Bytes [ F8, 3B, FE, 74, 4F, 66, 39, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHShellFolderView_Message + 2 7CACAA6E 5 Bytes [ FF, 04, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHShellFolderView_Message + 8 7CACAA74 18 Bytes [ 15, 30, 1C, 9C, 7C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHShellFolderView_Message + 1B 7CACAA87 7 Bytes [ FF, 6A, 01, FF, B5, F4, F7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHShellFolderView_Message + 23 7CACAA8F 84 Bytes CALL 7CA13719 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHShellFolderView_Message + 78 7CACAAE4 68 Bytes [ FF, 15, 00, 10, 9C, 7C, 5F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 2 7CACAF07 1 Byte [ 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 4 7CACAF09 102 Bytes CALL 7C9EBEF9 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 6B 7CACAF70 35 Bytes [ 50, 8D, 85, FC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 8F 7CACAF94 18 Bytes CALL 7CA136AD C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + A2 7CACAFA7 24 Bytes [ 50, FF, 35, A4, F5, BC, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFind_InitMenuPopup + 55 7CACCCA3 32 Bytes [ 50, 30, 5F, 2B, D8, 5E, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFind_InitMenuPopup + 76 7CACCCC4 14 Bytes [ 08, 33, F6, 51, FF, 50, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFind_InitMenuPopup + 86 7CACCCD4 30 Bytes CALL 7C9EC114 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFind_InitMenuPopup + A5 7CACCCF3 14 Bytes [ 8B, EC, 53, 56, 57, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFind_InitMenuPopup + B4 7CACCD02 16 Bytes [ 15, 70, 19, 9F, 7C, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFindFiles + 2 7CACE248 46 Bytes [ 75, 10, 83, C0, 0C, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFindFiles + 31 7CACE277 168 Bytes [ 55, 8B, EC, 51, 51, 83, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFindFiles + DE 7CACE324 31 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFindFiles + FE 7CACE344 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHFindFiles + 100 7CACE346 23 Bytes [ 46, 10, 57, 8B, 7E, 0C, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 2 7CAD197F 48 Bytes [ 7C, 6B, 8B, 46, 14, 8B, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 33 7CAD19B0 94 Bytes [ B6, 34, 02, 00, 00, FF, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 92 7CAD1A0F 10 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 9D 7CAD1A1A 29 Bytes [ 55, 8B, EC, 81, EC, B8, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + BB 7CAD1A38 125 Bytes [ FF, FF, 89, 45, FC, 8B, 43, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + 2A 7CAD3909 60 Bytes [ 55, 8B, EC, 8B, 4D, 08, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + 69 7CAD3948 76 Bytes [ 0D, 66, 83, 38, 00, 74, 07, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + B6 7CAD3995 24 Bytes [ 39, 5D, 14, 74, 0B, 6A, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + CF 7CAD39AE 43 Bytes CALL 7C9EBDF3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 23 7CAD39DA 54 Bytes [ 89, 1F, 89, 1E, B8, 05, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 5A 7CAD3A11 65 Bytes [ F0, 85, F6, 7C, 1A, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 9C 7CAD3A53 96 Bytes [ 7D, 0C, 89, 45, FC, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + FD 7CAD3AB4 38 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 125 7CAD3ADC 106 Bytes [ 8B, 4D, 18, A1, 48, F5, BC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgCreate + 14 7CAD4522 31 Bytes [ 08, FF, 75, FC, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgCreate + 34 7CAD4542 102 Bytes [ FF, 55, 8B, EC, 8B, 45, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgCreate + 9C 7CAD45AA 24 Bytes [ 00, A1, 48, F5, BC, 7C, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgCreate + B5 7CAD45C3 12 Bytes [ FF, 05, 40, 00, 80, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgCreate + C2 7CAD45D0 44 Bytes [ 55, 0C, 39, 11, 74, 0B, 40, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgWriteMultiple + 2 7CAD5170 53 Bytes [ FF, 50, FF, D6, 53, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgWriteMultiple + 38 7CAD51A6 54 Bytes CALL 7CA25909 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgWriteMultiple + 6F 7CAD51DD 11 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgWriteMultiple + 7B 7CAD51E9 38 Bytes CALL 7CA0C0B3 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHPropStgWriteMultiple + A2 7CAD5210 15 Bytes [ FF, FF, D6, 85, C0, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLimitInputEdit + 3B 7CAD5E7D 27 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLimitInputEdit + 57 7CAD5E99 51 Bytes [ 85, C0, 74, 21, 33, F6, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLimitInputEdit + 8B 7CAD5ECD 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLimitInputEdit + 96 7CAD5ED8 43 Bytes [ 57, FF, 75, 10, BF, 05, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLimitInputEdit + C2 7CAD5F04 31 Bytes [ EC, 56, 8B, 75, 14, 83, 26, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMultiFileProperties + B 7CAD62F3 30 Bytes [ 15, 30, 13, 9C, 7C, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMultiFileProperties + 2A 7CAD6312 33 Bytes [ 8B, 46, 10, A9, 00, 00, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMultiFileProperties + 4C 7CAD6334 14 Bytes [ F9, 30, 72, 06, 66, 83, F9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMultiFileProperties + 5B 7CAD6343 112 Bytes [ 74, 0C, 66, 83, F9, 41, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHMultiFileProperties + CC 7CAD63B4 10 Bytes [ 8B, F1, FF, 15, BC, 14, 9C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2E 7CAD6ABD 1 Byte [ 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 30 7CAD6ABF 2 Bytes [ EC, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 33 7CAD6AC2 94 Bytes [ 8B, 7D, 08, 57, 8B, F1, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 92 7CAD6B21 174 Bytes [ 75, 09, 09, 46, 10, 83, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 141 7CAD6BD0 149 Bytes [ 00, FF, FF, 75, 0F, 83, 7E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExeDlgProc + 10 7CAF5D63 49 Bytes [ 14, 8B, F8, 85, FF, 7C, 11, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExeDlgProc + 42 7CAF5D95 4 Bytes [ EC, 51, 53, 57 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExeDlgProc + 47 7CAF5D9A 76 Bytes [ 7D, 08, 8D, 4F, DC, E8, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExeDlgProc + 94 7CAF5DE7 21 Bytes [ 11, 8B, 35, D4, 19, 9C, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!FindExeDlgProc + AA 7CAF5DFD 19 Bytes [ D6, 85, C0, 7C, 06, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CallCPLEntry16 + 16 7CB26310 2 Bytes [ 45, 18 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CallCPLEntry16 + 19 7CB26313 111 Bytes [ 08, 6A, FF, 50, FF, 91, A4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CallCPLEntry16 + 89 7CB26383 9 Bytes [ 15, F4, 1F, 9C, 7C, 39, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CallCPLEntry16 + 93 7CB2638D 36 Bytes CALL 7CB26916 C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!CallCPLEntry16 + B8 7CB263B2 39 Bytes [ 45, FC, 8B, C1, 6A, 08, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Options_RunDLL + 8 7CB5C586 302 Bytes [ FF, AB, AB, AB, 8D, 85, D0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Options_RunDLLW + 10B 7CB5C6B5 2 Bytes [ 0F, D8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Options_RunDLLW + 10F 7CB5C6B9 30 Bytes [ 8B, F0, 85, F6, 75, 31, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Options_RunDLLW + 12E 7CB5C6D8 2 Bytes CALL E6B5C6E0
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Options_RunDLLW + 132 7CB5C6DC 62 Bytes [ 6A, 0A, 56, FF, 15, 18, 1E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!Options_RunDLLW + 171 7CB5C71B 64 Bytes [ 75, D8, FF, 75, 08, FF, 15, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 1 7CB5E4F6 374 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 178 7CB5E66D 39 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 1A0 7CB5E695 59 Bytes [ FF, 85, C0, 8B, 75, 1C, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 1DC 7CB5E6D1 8 Bytes [ 83, 65, 08, 00, F6, 06, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 1E5 7CB5E6DA 88 Bytes [ 5B, 66, 89, 45, D4, 89, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!ShellMessageBoxW + 1 7CB9C972 10 Bytes [ 75, FC, 68, 31, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrChrA + 1 7CB9C97D 10 Bytes [ D6, 50, FF, 75, FC, 68, 30, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrChrIA + 1 7CB9C988 32 Bytes [ 77, 08, FF, D6, 53, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrCmpNA + 1 7CB9C9A9 10 Bytes [ 45, FC, 8B, 45, FC, 3B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrCmpNIA + 1 7CB9C9B4 25 Bytes [ 77, 08, 8D, 4F, 48, E8, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrCmpNW + 6 7CB9C9CF 5 Bytes [ 50, 50, FF, 77, 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrRChrA + 1 7CB9C9D5 4 Bytes [ 15, A8, F4, BB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrRChrA + 6 7CB9C9DA 47 Bytes [ FF, 75, 08, 8B, CF, E8, 19, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrRStrIW 7CB9CA0B 61 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + 1F 7CB9CA4B 52 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + 56 7CB9CA82 57 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + 90 7CB9CABC 4 Bytes [ 76, 50, FF, 15 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + 95 7CB9CAC1 27 Bytes [ 1D, 9C, 7C, 39, BD, DC, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHELL32.dll!StrStrW + B1 7CB9CADD 21 Bytes CALL 7CB819DE C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99CF5 77F61820 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99CFD 77F61828 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D01 77F6182C 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D05 77F61830 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D09 77F61834 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathBuildRootW + 95 77F640D3 218 Bytes [ 50, 61, 74, 68, 47, 65, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathBuildRootW + 170 77F641AE 130 Bytes [ 50, 61, 74, 68, 49, 73, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathBuildRootW + 1F3 77F64231 390 Bytes [ 69, 76, 65, 41, 00, 50, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetValueW + 99 77F643B8 53 Bytes [ 50, 61, 74, 68, 51, 75, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetValueW + CF 77F643EE 19 Bytes [ 50, 61, 74, 68, 52, 65, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetValueW + E3 77F64402 15 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetValueW + F3 77F64412 175 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetValueW + 1A3 77F644C2 63 Bytes [ 50, 61, 74, 68, 52, 65, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetValueW + 55 77F645DC 82 Bytes [ 50, 61, 74, 68, 55, 6E, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetValueW + A8 77F6462F 135 Bytes [ 50, 61, 74, 68, 55, 6E, 71, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetValueW + 130 77F646B7 9 Bytes [ 53, 48, 43, 72, 65, 61, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetValueW + 13A 77F646C1 115 Bytes [ 72, 65, 61, 6D, 4F, 6E, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetValueW + 1AE 77F64735 50 Bytes [ 53, 48, 44, 65, 6C, 65, 74, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + 6D 77F64B1C 61 Bytes [ 61, 6C, 69, 64, 61, 74, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + AB 77F64B5A 46 Bytes [ 53, 48, 53, 65, 74, 56, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + DA 77F64B89 23 Bytes [ 53, 48, 55, 6E, 6C, 6F, 63, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + F2 77F64BA1 40 Bytes [ 53, 74, 72, 43, 53, 70, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + 11B 77F64BCA 11 Bytes [ 53, 74, 72, 43, 61, 74, 42, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrW + 93 77F66750 159 Bytes [ 09, 04, F9, EC, 8C, F3, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeW + 1E 77F667F0 13 Bytes [ 6F, 00, 6C, 00, 64, 00, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeW + 2C 77F667FE 175 Bytes [ 66, 00, 6F, 00, 54, 00, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindExtensionW + 55 77F668AE 7 Bytes [ 76, 00, 69, 00, 6F, 00, 72 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindExtensionW + 5D 77F668B6 23 Bytes [ 00, 00, 4C, 00, 6F, 00, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindExtensionW + 75 77F668CE 31 Bytes [ 54, 00, 79, 00, 70, 00, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindExtensionW + 95 77F668EE 13 Bytes [ 6C, 00, 65, 00, 54, 00, 79, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 9 77F668FC 13 Bytes [ 00, 00, 90, 90, 48, 00, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 17 77F6690A 5 Bytes [ 69, 00, 73, 00, 6B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 1D 77F66910 3 Bytes [ 46, 00, 69 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 21 77F66914 67 Bytes [ 6C, 00, 65, 00, 54, 00, 79, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCW + 3F 77F66958 3 Bytes [ 48, 00, 69 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCW + 43 77F6695C 29 Bytes [ 64, 00, 65, 00, 5A, 00, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCW + 61 77F6697A 31 Bytes [ 70, 00, 65, 00, 72, 00, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCW + 81 77F6699A 5 Bytes [ 74, 00, 65, 00, 64 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCW + 87 77F669A0 5 Bytes [ 48, 00, 61, 00, 6E ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatBuffW + 7D 77F66BCD 14 Bytes [ 8D, CD, 00, 00, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetDriveNumberW + 27 77F66C01 19 Bytes [ 85, C0, 8D, 85, F4, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetDriveNumberW + 3B 77F66C15 62 Bytes [ 8B, F0, F7, DE, 1B, F6, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetDriveNumberW + 7A 77F66C54 186 Bytes [ 85, F0, FD, FF, FF, 74, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHStrDupW + AC 77F66D0F 2 Bytes [ 68, 80 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHStrDupW + AF 77F66D12 32 Bytes [ F6, 77, 57, FF, D6, 8B, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBufW + 4 77F66D33 75 Bytes [ 4D, F8, 89, 0D, C0, D6, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBufW + 50 77F66D7F 81 Bytes [ 90, 43, 68, 61, 6E, 67, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBufW + A2 77F66DD1 179 Bytes [ 65, 75, 65, 00, 8B, 35, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCW + 17 77F66E86 6 Bytes [ 8B, 4D, FC, 5F, 5E, E8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddBackslashW 77F66E8D 1 Byte [ E1 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddBackslashW + 2 77F66E8F 148 Bytes [ FF, C9, C2, 04, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddBackslashW + 97 77F66F24 55 Bytes [ 89, 45, EC, 29, 5D, EC, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryValueExW + 2E 77F66F5C 158 Bytes [ FF, FF, 85, C0, 8B, 45, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpICA + B 77F66FFB 56 Bytes CALL ED81C77E
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpICA + 44 77F67034 39 Bytes [ 45, D8, 83, 78, 14, 00, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpICA + 6C 77F6705C 32 Bytes [ 15, 6C, 10, F6, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameW + 6 77F6707D 2 Bytes [ 7D, D0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameW + 9 77F67080 18 Bytes [ FF, 74, 2D, 33, F6, 39, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameW + 1C 77F67093 35 Bytes [ 0F, 85, DB, 0F, 85, 9B, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameW + 40 77F670B7 90 Bytes [ 27, 89, 02, 00, 39, 75, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameW + 9B 77F67112 104 Bytes [ 00, 00, 84, C0, 0F, 88, 38, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpW + 55 77F6717B 12 Bytes [ 0F, 84, D3, 03, 00, 00, A8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpW + 62 77F67188 32 Bytes [ 66, F7, 05, 78, D7, FC, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpW + 84 77F671AA 61 Bytes [ 80, EB, 36, 38, 1D, 7A, D7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpW + CF 77F671F5 24 Bytes [ 0F, 85, 59, 03, 00, 00, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpW + E8 77F6720E 33 Bytes [ F9, 02, 0F, 85, 3E, 03, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRootW + B 77F67471 33 Bytes [ 77, 02, 62, F6, 77, 1D, 62, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRootW + 2D 77F67493 7 Bytes [ 63, F6, 77, 72, 63, F6, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRootW + 35 77F6749B 7 Bytes [ 63, F6, 77, A3, 63, F6, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRootW + 3D 77F674A3 39 Bytes [ 63, F6, 77, DD, 63, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveBackslashW + C 77F674CB 393 Bytes [ 64, F6, 77, 54, 65, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 48 77F67655 15 Bytes [ FF, 55, 8B, EC, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 58 77F67665 112 Bytes [ 55, 08, 56, 8B, 75, 10, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + C9 77F676D6 113 Bytes [ 74, 0A, 66, 3B, 4D, 0C, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 13B 77F67748 8 Bytes [ 83, 6D, 08, 02, EB, EB, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 146 77F67753 63 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeW + 4 77F67885 6 Bytes [ 01, 66, 85, C0, 75, E4 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeW + B 77F6788C 41 Bytes [ D2, 8B, C2, 75, 02, 8B, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeW + 35 77F678B6 127 Bytes [ A1, 80, D2, FC, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeW + B5 77F67936 76 Bytes [ ED, 0F, B7, 01, 0F, B7, 0A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeW + 102 77F67983 64 Bytes [ 14, 74, 3E, 57, 66, 89, 06, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineW + 17 77F679E0 16 Bytes [ 18, 33, FF, FF, 75, 14, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineW + 28 77F679F1 11 Bytes [ D6, 3B, C7, 89, 45, FC, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineW + 34 77F679FD 23 Bytes [ 8B, 45, FC, 5F, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineW + 4D 77F67A16 6 Bytes [ 83, 3D, 84, D2, FC, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineW + 54 77F67A1D 50 Bytes [ A1, 80, D2, FC, 77, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAppendW + F8 77F67BC5 123 Bytes [ F0, 8B, 4D, FC, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + 42 77F67C98 32 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + A1 77F67CF7 6 Bytes [ 8B, FF, 55, 8B, EC, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + A8 77F67CFE 147 Bytes [ 10, 33, C9, 33, C0, 39, 4A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFileExistsW + 9 77F67D92 1 Byte [ 75 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFileExistsW + B 77F67D94 14 Bytes [ 0F, 85, A3, 95, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFileExistsW + 1B 77F67DA4 5 Bytes [ 0C, E8, E8, FD, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFileExistsW + 21 77F67DAA 43 Bytes [ 8B, F0, 3B, F7, 0F, 87, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ChrCmpIW 77F67E0A 9 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ChrCmpIW + A 77F67E14 53 Bytes [ 00, 57, 74, 45, 8B, 7D, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrIW + A 77F67E4A 10 Bytes [ C0, 74, 07, 53, 83, C6, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrIW + 15 77F67E55 67 Bytes [ C6, 5E, 5B, 5F, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrIW + 1D 77F67E99 101 Bytes [ C0, 85, FF, 74, 36, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrIW + 83 77F67EFF 10 Bytes [ 17, 66, 8B, 0E, 66, 85, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrIW + 8E 77F67F0A 13 Bytes [ 0A, 42, 42, 46, 46, 4F, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrIW + 9C 77F67F18 11 Bytes [ FF, 5E, 0F, 84, 81, AE, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrIW + A8 77F67F24 4 Bytes [ 5F, 5D, C2, 10 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfA + 62 77F68064 29 Bytes [ FF, 7F, 0F, 87, 78, 6B, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfA + 80 77F68082 19 Bytes [ C2, 74, 26, 66, 8B, 0A, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfA + 94 77F68096 104 Bytes [ F9, 3A, 74, 15, 66, 83, F9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfA + 177 77F68179 69 Bytes [ FC, 01, 00, 00, 00, EB, 52, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfA + 1BD 77F681BF 19 Bytes [ FF, 0F, C1, E7, 04, 03, FA, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfA + 24 77F682A0 22 Bytes [ EB, FE, FF, FF, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfA + 3B 77F682B7 55 Bytes [ 5F, 66, 89, 46, 06, 57, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfA + 73 77F682EF 21 Bytes [ 00, 8A, 45, 0C, 53, 88, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfA + 89 77F68305 85 Bytes [ 85, C0, 0F, 84, D8, A4, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfA + DF 77F6835B 90 Bytes [ FF, 85, C0, 0F, 84, 81, A4, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootW + E 77F68403 93 Bytes [ 20, 40, 40, 66, 39, 08, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootW + 6C 77F68461 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootW + 73 77F68468 58 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpLogicalW + E 77F684A3 20 Bytes [ 0F, 85, E5, A4, 01, 00, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpLogicalW + 23 77F684B8 87 Bytes [ 00, 00, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpLogicalW + 7B 77F68510 27 Bytes [ 8B, 08, 66, 85, C9, 74, 0A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpLogicalW + 97 77F6852C 179 Bytes [ 55, 8B, EC, 8B, 4D, 08, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpLogicalW + 14B 77F685E0 48 Bytes [ 00, 7D, 1E, 8B, 75, 08, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 6 77F68B4F 66 Bytes CALL AA7A9A74
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 4B 77F68B94 19 Bytes [ 6A, 02, 5A, 2B, C2, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 5F 77F68BA8 16 Bytes [ 2B, C2, 0F, 84, AE, 85, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 71 77F68BBA 121 Bytes [ 83, E0, 04, EB, A3, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + EC 77F68C35 2 Bytes [ EB, 07 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegOpenUSKeyW + 56 77F68CE0 92 Bytes [ 55, 10, 3B, D0, 74, 04, 2B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 4B 77F68D3D 134 Bytes [ FF, FF, 7F, 0F, 87, 01, 79, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueW + D2 77F68DC4 54 Bytes [ FF, 55, 8B, EC, 83, 7D, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 109 77F68DFB 3 Bytes [ 25, 80, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 14F 77F68E41 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 152 77F68E44 12 Bytes [ EC, 56, 8B, 75, 08, 85, F6, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + 4D 77F68EC2 58 Bytes [ EB, E0, 8B, C6, 5E, 5B, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + 8A 77F68EFF 36 Bytes [ 4D, 6A, 01, FF, 15, D8, 11, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + CD 77F68F42 14 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + F4 77F68F69 128 Bytes [ 4D, 08, 85, C9, 74, 0F, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 56 77F68FEA 13 Bytes [ 15, 44, 12, F6, 77, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 64 77F68FF8 27 Bytes [ FF, C9, C2, 1C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 80 77F69014 16 Bytes [ 4D, 0C, 8B, 4D, 0C, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 91 77F69025 13 Bytes [ 7D, 08, 89, 75, D8, 89, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 9F 77F69033 72 Bytes [ 00, 89, 45, E0, 0F, 88, 1D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfW + 6 77F691F7 6 Bytes [ 7D, D4, 00, 0F, 85, 7F ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfW + D 77F691FE 34 Bytes [ 02, 00, 85, C0, 0F, 8C, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfW + 30 77F69221 77 Bytes [ 39, 75, D4, 0F, 85, E8, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfW + 7E 77F6926F 47 Bytes [ 55, 0C, 89, 0A, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wvnsprintfW + AE 77F6929F 2 Bytes CALL C37AA1AB
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfW + 56 77F6943C 9 Bytes [ 68, 14, 77, F6, 77, 56, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfW + 60 77F69446 6 Bytes [ 85, FF, 0F, 8C, EB, F7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfW + 67 77F6944D 25 Bytes JMP 77F93B83 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfW + 81 77F69467 41 Bytes [ FF, 75, 0C, 8B, 08, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!wnsprintfW + AB 77F69491 198 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueW + 9 77F69768 47 Bytes [ 77, 73, 70, 49, 74, 69, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueW + 3A 77F69799 71 Bytes [ 97, 06, D1, 2E, 93, CF, 11, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueW + 82 77F697E1 45 Bytes [ EE, 44, 45, 53, 54, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueW + B0 77F6980F 97 Bytes [ 55, 8B, EC, 83, EC, 14, A1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueW + 112 77F69871 34 Bytes [ 0B, D8, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocCreate + 2 77F69E6B 12 Bytes [ 5E, 5D, C2, 1C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocCreate + F 77F69E78 3 Bytes [ 8B, EC, 51 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocCreate + 14 77F69E7D 15 Bytes [ 8B, 7D, 18, 33, C0, 3B, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocCreate + 24 77F69E8D 92 Bytes [ 4D, 18, 8B, 4D, 10, 3B, C8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocCreate + 81 77F69EEA 79 Bytes [ FF, 85, C0, 74, 37, 83, 7D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 26 77F6A565 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 2B 77F6A56A 13 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 3A 77F6A579 9 Bytes [ 70, 08, 57, 8B, 38, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 44 77F6A583 23 Bytes [ FF, 59, 53, FF, D7, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 60 77F6A59F 9 Bytes [ 8B, FF, 55, 8B, EC, F7, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyW + 5D 77F6A60B 67 Bytes [ 45, 0C, 89, 46, 04, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyW + A2 77F6A650 1 Byte [ 8C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyW + A6 77F6A654 7 Bytes [ 5F, 33, C0, 40, 85, DB, 0F ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyW + AE 77F6A65C 18 Bytes [ 0A, C0, 02, 00, 5B, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyW + C1 77F6A66F 194 Bytes [ FF, BE, 30, D4, FC, 77, 39, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntW + 20 77F6AF94 73 Bytes [ 00, 68, 98, 00, 00, 00, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnquoteSpacesW + 1F 77F6AFDE 5 Bytes [ 5B, 5D, C2, 0C, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnquoteSpacesW + 25 77F6AFE4 33 Bytes [ DD, D0, 16, 90, 41, 7C, CC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrW + 19 77F6B077 55 Bytes [ 83, C1, 0C, 39, 75, 10, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathParseIconLocationW + 12 77F6B0AF 107 Bytes CALL 7860C128
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathParseIconLocationW + 7E 77F6B11B 25 Bytes [ CB, 07, F4, C4, 5B, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 15 77F6B135 56 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 4F 77F6B16F 6 Bytes [ 0C, 51, 50, E8, 25, C5 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 56 77F6B176 6 Bytes [ FF, 8D, 4E, F0, 8B, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 5D 77F6B17D 22 Bytes [ 50, 20, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 77 77F6B197 105 Bytes [ 90, 83, 6C, 24, 04, 10, E9, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHUnlockShared 77F6B53E 45 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHFreeShared + 13 77F6B56C 17 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHFreeShared + 7A 77F6B5D3 40 Bytes [ F0, 85, F6, 7C, 3D, 8B, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAllocShared + C 77F6B5FD 25 Bytes [ 14, 8B, 08, FF, 75, 0C, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAllocShared + 26 77F6B617 17 Bytes [ C6, 5E, C9, C2, 14, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAllocShared + 38 77F6B629 174 Bytes [ 57, 8B, 7D, 08, 33, C0, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAllocShared + E7 77F6B6D8 101 Bytes [ 00, 00, 8B, F8, 85, FF, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAllocShared + 14E 77F6B73F 14 Bytes [ 8B, 4D, 1C, 89, 01, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + 15 77F6B8AE 114 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + 88 77F6B921 9 Bytes [ FF, 00, 01, 00, 00, E8, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + 92 77F6B92B 17 Bytes [ 83, 26, 00, 85, C0, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + A5 77F6B93E 3 Bytes [ 85, A8, AA ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + AA 77F6B943 43 Bytes [ 85, DB, 75, 0D, 66, 39, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsURLW + 9 77F6BB9A 47 Bytes [ C4, 10, 85, C0, 7C, 13, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsURLW + 39 77F6BBCA 63 Bytes [ 68, 2C, 01, 00, 00, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsURLW + 79 77F6BC0A 47 Bytes [ 00, 00, B8, 18, AC, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsURLW + A9 77F6BC3A 11 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsURLW + B5 77F6BC46 11 Bytes [ 6F, 00, 77, 00, 73, 00, 5C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsW + A 77F6BCB6 116 Bytes [ 73, 00, 65, 00, 73, 00, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsW + 7F 77F6BD2B 5 Bytes [ A1, 80, D2, FC, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsW + 85 77F6BD31 35 Bytes [ 4D, 1C, 53, 8B, 5D, 14, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsW + A9 77F6BD55 95 Bytes [ FE, FF, FF, C7, 85, F8, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsW + 109 77F6BDB5 25 Bytes [ 85, F8, FE, FF, FF, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLoadIndirectString + A 77F6BEB8 25 Bytes [ 4E, 00, 61, 00, 6D, 00, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLoadIndirectString + 24 77F6BED2 41 Bytes [ 75, 14, 8B, 7D, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLoadIndirectString + 4E 77F6BEFC 72 Bytes [ 51, 6A, 02, 68, 18, AF, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLoadIndirectString + 97 77F6BF45 26 Bytes [ FF, 00, 00, 0D, 00, 00, 07, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLoadIndirectString + B2 77F6BF60 34 Bytes [ 75, 14, 8B, 76, 08, 8B, 06, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameA + 4 77F6C1A0 13 Bytes [ 45, 0C, 66, 83, 38, 40, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameA + 12 77F6C1AE 27 Bytes [ 43, 02, 00, 00, 68, 74, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameA + 2E 77F6C1CA 59 Bytes [ FF, 55, 8B, EC, 81, EC, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameA + 6A 77F6C206 14 Bytes [ 00, 68, 05, 00, 00, 41, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindFileNameA + 79 77F6C215 5 Bytes [ B5, A0, F6, FF, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartW + 27 77F6CCBC 93 Bytes [ 89, 45, FC, 8B, 45, 08, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartW + 85 77F6CD1A 150 Bytes [ 75, 10, FF, 75, 0C, FF, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartW + 11C 77F6CDB1 23 Bytes [ FF, 51, 24, 8B, D8, 3B, DE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartW + 134 77F6CDC9 68 Bytes [ FF, 51, 14, 85, C0, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartW + 179 77F6CE0E 52 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetValueA + 2F 77F70059 193 Bytes [ 79, 6D, 46, 75, 6E, 63, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetValueA + 58 77F7011B 270 Bytes [ 77, 77, 82, FC, 77, 50, F4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryValueExA + 3F 77F7022A 28 Bytes [ 69, 6C, 44, 72, 61, 77, 42, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryValueExA + 5C 77F70247 22 Bytes [ 79, 6C, 65, 00, 90, 53, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryValueExA + 73 77F7025E 21 Bytes [ 90, 90, 53, 65, 74, 47, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryValueExA + 89 77F70274 14 Bytes [ 61, 64, 67, 65, 74, 50, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryValueExA + 98 77F70283 33 Bytes [ 47, 61, 64, 67, 65, 74, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrA + 74 77F70374 216 Bytes [ 47, 65, 74, 47, 61, 64, 67, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrA + 14D 77F7044D 54 Bytes [ 90, 90, 90, 42, 75, 69, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrA + 184 77F70484 14 Bytes [ 41, 75, 74, 6F, 54, 72, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatW + D 77F70493 319 Bytes [ 61, 63, 68, 57, 6E, 64, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddBackslashA + 86 77F705D3 199 Bytes [ 61, 63, 68, 00, 90, 44, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 4E 77F7069B 17 Bytes [ 90, 44, 6E, 73, 4E, 61, 6D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 60 77F706AD 251 Bytes [ 90, 90, 90, 44, 6E, 73, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNIA + 3 77F707A9 632 Bytes [ 49, 50, 72, 6F, 6D, 70, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNIA + 27C 77F70A22 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNIA + 27E 77F70A24 5 Bytes [ E0, 83, FC, 77, 82 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNIA + 284 77F70A2A 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNIA + 286 77F70A2C 5 Bytes [ 74, 7E, FC, 77, 83 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 14 77F710B7 23 Bytes [ 00, 65, 00, 41, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 2C 77F710CF 61 Bytes [ 75, 14, 68, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 6A 77F7110D 138 Bytes [ 33, DB, 8B, 7D, 14, 85, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocGetPerceivedType + F5 77F71198 20 Bytes [ 80, 38, 00, 0F, 84, D1, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 10A 77F711AD 63 Bytes [ 15, AC, 10, F6, 77, 8B, F0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateShellPalette 77F71940 111 Bytes [ B8, 08, D2, FC, 77, EB, D7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateShellPalette + 70 77F719B0 119 Bytes [ 14, 8B, 75, 08, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateShellPalette + E8 77F71A28 44 Bytes [ 2E, 00, 73, 00, 63, 00, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateShellPalette + 115 77F71A55 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateShellPalette + 118 77F71A58 115 Bytes [ 2E, 00, 65, 00, 78, 00, 65, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2W + DC 77F72596 2 Bytes [ B4, 9C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2W + E0 77F7259A 16 Bytes [ 6A, 00, 68, AC, 15, F7, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2W + F1 77F725AB 3 Bytes [ C3, 2A, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2W + F5 77F725AF 119 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrW + 14 77F72627 7 Bytes [ 89, 75, C0, 89, 4D, CC, AB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrW + 1C 77F7262F 50 Bytes [ 4D, D4, 89, 4D, D8, 89, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrW + 4F 77F72662 13 Bytes [ 7D, 81, E2, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrW + 5E 77F72671 123 Bytes [ 33, DB, 3B, C1, 0F, 85, A8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetThreadRef + 59 77F726ED 6 Bytes [ 85, FF, 74, 7A, E9, 88 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetThreadRef + 60 77F726F4 50 Bytes [ 00, 00, 57, FF, 15, 70, 13, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetThreadRef + 93 77F72727 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetThreadRef + 95 77F72729 33 Bytes [ BB, 88, D3, FC, 77, 53, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetThreadRef + B7 77F7274B 3 Bytes [ 89, 3E, 53 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMatchSpecW + 21 77F72847 18 Bytes [ C0, 59, 0F, 84, FD, 5A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMatchSpecW + 34 77F7285A 104 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMatchSpecW + 9D 77F728C3 67 Bytes [ 77, 31, 9B, F6, 77, 40, AA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMatchSpecW + E1 77F72907 112 Bytes [ C3, 46, 00, 6F, 00, 6C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsFileSpecW + 1A 77F72978 68 Bytes [ 00, 00, 00, 3B, F3, 74, 7F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsFileSpecW + 5F 77F729BD 9 Bytes [ 21, 8B, 35, 04, 11, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsFileSpecW + 69 77F729C7 18 Bytes [ FC, FF, FF, 50, 6A, 0A, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsFileSpecW + 7C 77F729DA 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsFileSpecW + 7E 77F729DC 44 Bytes [ 57, FF, D6, 8D, 85, FC, FB, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimW + 54 77F72F3B 70 Bytes [ 00, 30, 21, F7, 77, 28, 21, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimW + 9C 77F72F83 5 Bytes [ 00, CC, 21, F7, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimW + A2 77F72F89 64 Bytes [ 00, 00, 00, 10, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimW + E3 77F72FCA 28 Bytes [ 00, 00, A4, 20, F7, 77, 8C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimW + 101 77F72FE8 53 Bytes [ 64, 20, F7, 77, 00, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIW + 1D 77F7387A 100 Bytes [ 66, 8B, 06, 66, 3B, C7, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIW + 82 77F738DF 27 Bytes [ 85, C0, 7C, 17, 57, 6A, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIW + 9E 77F738FB 182 Bytes [ 75, E4, 8B, 03, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIW + 155 77F739B2 27 Bytes [ 65, 00, 78, 00, 65, 00, 63, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIW + 171 77F739CE 1 Byte [ 65 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocIsDangerous + 11 77F73CA4 57 Bytes [ 72, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocIsDangerous + 4C 77F73CDF 76 Bytes [ 89, 45, FC, EB, 2F, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocIsDangerous + 99 77F73D2C 20 Bytes [ 63, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocIsDangerous + AE 77F73D41 22 Bytes [ 74, 03, 83, 0F, FF, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocIsDangerous + C5 77F73D58 58 Bytes [ FF, 66, 83, 38, 00, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetArgsW + 35 77F74206 21 Bytes [ 00, 00, 85, C0, 0F, 84, D5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsW + 11 77F7421C 65 Bytes [ 55, 8B, EC, 81, EC, 0C, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsW + 53 77F7425E 12 Bytes [ 4D, FC, F7, D8, 1B, C0, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsW + 60 77F7426B 19 Bytes [ FF, C9, C2, 04, 00, 56, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsW + 74 77F7427F 14 Bytes [ 90, 90, 90, 90, 90, B8, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsW + 83 77F7428E 47 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsPrefixW + 86 77F74392 92 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsPrefixW + E3 77F743EF 70 Bytes [ D2, FC, 77, 8D, 85, EC, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsPrefixW + 12A 77F74436 45 Bytes [ FF, 50, 6A, 01, FF, B5, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsPrefixW + 158 77F74464 25 Bytes [ A1, 80, D2, FC, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsPrefixW + 172 77F7447E 1 Byte [ 75 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrA + 58 77F74F3E 177 Bytes [ C7, 45, FC, 02, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegWriteUSValueW + 73 77F74FF0 225 Bytes CALL 586F4730
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegEnumUSKeyW + 71 77F750D2 33 Bytes [ FF, 75, 24, FF, 75, 20, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumKeyExW + 5 77F750FD 5 Bytes [ 51, 51, 83, 7D, 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumKeyExW + B 77F75103 26 Bytes [ 57, BF, 57, 00, 07, 80, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumKeyExW + 26 77F7511E 10 Bytes [ 28, 50, BE, 14, 77, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumKeyExW + 31 77F75129 82 Bytes [ 00, 00, 8B, F8, 85, FF, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumKeyExW + 84 77F7517C 12 Bytes [ 75, 1C, FF, 75, 08, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 4 77F75192 16 Bytes [ 45, 28, 8B, 08, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 15 77F751A3 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 1B 77F751A9 151 Bytes [ FF, 55, 8B, EC, A1, 00, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + B3 77F75241 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + BA 77F75248 118 Bytes [ 55, 8B, EC, 81, EC, 1C, 02, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddExtensionW + 18 77F75303 108 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddExtensionW + 85 77F75370 20 Bytes [ 89, 48, 08, 89, 48, 14, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddExtensionW + 9A 77F75385 88 Bytes [ 48, 30, 89, 48, 34, 5E, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddExtensionW + F3 77F753DE 53 Bytes [ 83, 61, 08, 00, 83, 61, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAddExtensionW + 129 77F75414 7 Bytes [ FF, 55, 8B, EC, 53, 56, 57 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceW 77F758A5 61 Bytes [ 6A, 00, 6A, 23, 6A, 3F, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceW + 4D 77F758F2 13 Bytes [ 83, 7D, FC, 00, 0F, 84, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceW + 6F 77F75914 29 Bytes [ 33, C0, 40, EB, C6, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceW + 8D 77F75932 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceW + A8 77F7594D 61 Bytes CALL 387C6859
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineA + 1C 77F7668C 5 Bytes [ 00, 00, 00, 00, 26 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineA + 22 77F76692 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineA + 31 77F766A1 36 Bytes [ 56, 57, 58, 00, 13, 59, 59, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineA + 58 77F766C8 65 Bytes [ 00, 00, 5F, 00, 60, 06, 44, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineA + 9B 77F7670B 255 Bytes [ 00, 00, 00, 00, 7B, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCanonicalizeA + 33 77F76858 153 Bytes [ 00, 00, 00, 00, 71, CA, CB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueA + 57 77F768F2 12 Bytes [ 3F, FC, FF, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueA + 64 77F768FF 28 Bytes [ 00, 40, D7, FF, FF, FB, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueA + 81 77F7691C 22 Bytes [ 9F, 19, FF, FF, FF, CF, 3F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueA + 98 77F76933 13 Bytes [ 00, FF, 07, 07, 00, FE, 07, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSetValueA + A6 77F76941 8 Bytes [ 7F, 2F, 00, E0, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntA + 12 77F76A47 45 Bytes [ 00, 00, 00, 04, 00, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntA + 40 77F76A75 10 Bytes [ 00, D0, FF, 0E, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntA + 4B 77F76A80 1 Byte [ 3C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntA + 4D 77F76A82 1 Byte [ 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntA + 4F 77F76A84 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyW + 5 77F76F99 46 Bytes [ 30, 8B, 45, 0C, 89, 45, D4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyW + 34 77F76FC8 3 Bytes [ 8D, FD, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyW + 3A 77F76FCE 1 Byte [ 14 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyW + 46 77F76FDA 84 Bytes [ 8B, 45, 08, 85, C0, 56, BE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyW + 9B 77F7702F 7 Bytes [ 3F, 00, 75, 13, 83, 7E, 40 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetMenuPosFromID + 32 77F772EB 6 Bytes [ 90, 42, 00, 61, 00, 67 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetMenuPosFromID + 39 77F772F2 1 Byte [ 73 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetMenuPosFromID + 3B 77F772F4 58 Bytes [ 5C, 00, 41, 00, 6C, 00, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetMenuPosFromID + 76 77F7732F 119 Bytes [ 55, 8B, EC, 81, EC, 5C, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThread + 21 77F773C7 22 Bytes CALL 77F8185F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThread + 38 77F773DE 29 Bytes [ 15, 70, D1, FC, 77, 8B, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThread + 56 77F773FC 23 Bytes [ FF, FF, FF, B5, 74, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThread + 6E 77F77414 21 Bytes [ 0F, 84, 55, F7, 01, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThread + 85 77F7742B 4 Bytes [ FF, 8B, 08, 50 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + B 77F77692 31 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 2B 77F776B2 21 Bytes [ 85, C8, FB, FF, FF, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 41 77F776C8 11 Bytes [ 20, 85, DE, 57, 8B, 7D, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 4D 77F776D4 5 Bytes [ FF, 74, 0A, F7, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 55 77F776DC 8 Bytes [ 04, 74, 02, 33, DE, 8D, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 3B 77F7772A 20 Bytes [ 81, A5, C8, FB, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 50 77F7773F 17 Bytes [ B5, 90, FE, FF, FF, 8D, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 62 77F77751 42 Bytes [ FF, B5, 1C, FF, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 8D 77F7777C 120 Bytes [ 50, 8D, 85, A4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 10B 77F777FA 69 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThreadRef + D 77F77CCD 35 Bytes [ 50, 68, 01, 00, 00, 80, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThreadRef + 6B 77F77D2B 14 Bytes [ FF, 51, 6A, 00, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThreadRef + 7A 77F77D3A 48 Bytes [ FF, FF, FF, A0, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThreadRef + B3 77F77D73 26 Bytes [ F8, 85, FF, 7C, 2A, 68, B4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateThreadRef + CE 77F77D8E 82 Bytes [ 8D, 85, 5C, FF, FF, FF, 50, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyA + 131 77F78642 41 Bytes [ 8B, 45, FC, 89, 45, 08, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteKeyA + 18C 77F7869D 83 Bytes [ 7D, 14, 33, C9, 51, 51, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindOnPathW + 12 77F786F1 18 Bytes [ 55, 8B, EC, 81, EC, 18, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindOnPathW + 25 77F78704 70 Bytes [ 8B, 75, 10, 57, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindOnPathW + 6C 77F7874B 114 Bytes [ FF, 0F, 84, 1B, 07, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindOnPathW + E0 77F787BF 44 Bytes [ 00, 80, 83, BD, F8, FE, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindOnPathW + 10D 77F787EC 27 Bytes [ B3, 10, 01, 00, 00, 8D, 43, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueW + 7 77F78A92 33 Bytes [ FF, FF, 85, C0, 0F, 85, 1E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueW + 29 77F78AB4 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorRGBToHLS + 80 77F78B57 21 Bytes [ 10, F6, 77, 8B, 45, FC, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorRGBToHLS + 96 77F78B6D 104 Bytes [ EC, 83, EC, 50, A1, 80, D2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorHLSToRGB + 54 77F78BD6 51 Bytes [ 45, 08, 8B, 08, 0F, 84, F3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorHLSToRGB + 88 77F78C0A 71 Bytes [ 08, 57, FF, 76, 04, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorHLSToRGB + D0 77F78C52 7 Bytes [ FF, 75, 0C, FF, 75, 08, 68 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorHLSToRGB + 10A 77F78C8C 26 Bytes [ 75, 08, FF, 35, 78, D6, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorHLSToRGB + 125 77F78CA7 28 Bytes [ 80, 5D, C2, 04, 00, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCA + 1B 77F78F50 36 Bytes [ A1, 80, D2, FC, 77, 57, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCA + 40 77F78F75 8 Bytes [ 00, 00, FF, 15, EC, 13, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCA + 49 77F78F7E 8 Bytes [ 4D, FC, 33, C0, 83, BD, 78, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCA + 52 77F78F87 170 Bytes [ FF, 02, 5F, 0F, 94, C0, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeA + 47 77F79032 5 Bytes [ 0F, 87, 00, C9, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeA + 92 77F7907D 34 Bytes [ 00, 50, 56, FF, 75, 10, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeA + B7 77F790A2 36 Bytes [ EB, F8, 25, 00, 64, 00, 78, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCanonicalizeA + DC 77F790C7 91 Bytes [ 85, C0, 0F, 84, C9, D7, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAppendA + 27 77F79123 25 Bytes [ D6, 3B, C3, A3, 8C, D8, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathAppendA + 41 77F7913D 71 Bytes [ D8, FC, 77, 0F, 84, 17, D7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineA + 45 77F79185 20 Bytes [ 68, D0, 81, F7, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineA + 5A 77F7919A 193 Bytes [ 68, BC, 81, F7, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCombineA + 11C 77F7925C 57 Bytes [ 74, 2E, 8B, 75, 10, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeA + 37 77F79298 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeA + 3E 77F7929F 130 Bytes [ 10, 02, 00, 00, A1, 80, D2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeA + C1 77F79322 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeA + C4 77F79325 34 Bytes [ C0, 7C, 22, 53, 68, 74, 7E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsRelativeA + E7 77F79348 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 17 77F7A1BD 7 Bytes [ FF, D3, 8D, 85, F8, FE, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 1F 77F7A1C5 5 Bytes [ 50, E8, 82, 73, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 25 77F7A1CB 11 Bytes [ 85, C0, 89, 85, EC, FE, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 31 77F7A1D7 1 Byte [ FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 33 77F7A1D9 19 Bytes [ 2B, F8, FF, 15, 6C, 14, F6, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringW + 7A 77F7A808 4 Bytes [ 75, 08, E8, 09 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringW + 7F 77F7A80D 39 Bytes [ 00, 00, 5D, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringW + A7 77F7A835 80 Bytes [ 75, 08, 89, 45, FC, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 34 77F7A886 21 Bytes [ 47, 83, 7D, E4, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 5B 77F7A8AD 42 Bytes [ 06, 2D, 00, 46, 46, FF, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 139 77F7A98B 11 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 145 77F7A997 22 Bytes [ 8B, 4D, 08, C7, 00, 9C, 96, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 15C 77F7A9AE 6 Bytes [ 89, 48, 0C, 5D, C2, 04 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrA + 55 77F7AA27 16 Bytes [ 10, 8B, F8, 8B, 06, 56, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrA + 66 77F7AA38 39 Bytes [ 33, F6, EB, C6, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrA + 8E 77F7AA60 116 Bytes [ F8, 7F, 23, DE, BA, 05, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrA + 103 77F7AAD5 10 Bytes [ 75, 08, 6A, 05, FF, 71, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrA + 10E 77F7AAE0 7 Bytes [ 48, 01, 00, 00, E9, 79, 1C ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripPathW 77F7AAED 63 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripPathW + 4C 77F7AB39 4 Bytes [ 02, 00, E9, 44 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripPathW + 51 77F7AB3E 25 Bytes [ FF, FF, 56, 51, 56, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripPathW + 6B 77F7AB58 30 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripPathW + 8C 77F7AB79 46 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryW + 33 77F7AE8C 14 Bytes [ 52, 00, 55, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryW + 42 77F7AE9B 11 Bytes [ EC, 51, 8D, 45, FC, 50, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryW + 4E 77F7AEA7 111 Bytes [ 68, CC, 9E, F7, 77, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryW + BE 77F7AF17 45 Bytes [ 51, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryW + EC 77F7AF45 38 Bytes [ B5, EC, FD, FF, FF, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 11 77F7B095 57 Bytes [ 10, 00, 00, 3B, F7, 76, 35, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 4C 77F7B0D0 34 Bytes [ 00, 8B, 75, 10, 85, F6, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 6F 77F7B0F3 215 Bytes [ 73, 08, FF, 15, 94, 13, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 147 77F7B1CB 173 Bytes [ FF, 3B, C6, 7C, 6A, 53, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 1F6 77F7B27A 56 Bytes [ 74, 4F, F6, 45, 10, 01, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 16 77F7B684 25 Bytes [ 85, C0, 0F, 85, AE, DE, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 30 77F7B69E 4 Bytes JMP 77F905F5 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 35 77F7B6A3 24 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 61 77F7B6CF 15 Bytes [ 00, 00, 0F, B7, C0, 5E, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 71 77F7B6DF 22 Bytes [ FF, 55, 8B, EC, 81, EC, 34, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToInt64ExW + 7E 77F7BBAE 65 Bytes [ F7, 77, C3, AC, F7, 77, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToInt64ExW + C0 77F7BBF0 22 Bytes [ A1, 80, D2, FC, 77, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToInt64ExW + D7 77F7BC07 9 Bytes [ 68, 04, 01, 00, 00, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 55 77F7BC71 10 Bytes [ FF, 55, 8B, EC, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 60 77F7BC7C 41 Bytes [ 75, 08, 68, A4, AC, F7, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 8A 77F7BCA6 102 Bytes [ 70, 00, 70, 00, 6C, 00, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 103 77F7BD1F 7 Bytes [ FF, FF, F7, DA, E9, 8C, 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 10B 77F7BD27 3 Bytes [ FF, 41, 41 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindNextComponentW + 1B 77F7BEF4 65 Bytes [ 55, 8B, EC, 56, 57, 6A, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToW + 15 77F7BF36 18 Bytes [ C6, 5F, 5E, 5D, C2, 18, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToW + 28 77F7BF49 36 Bytes [ 85, ED, E2, FE, FF, 66, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToW + 4D 77F7BF6E 47 Bytes [ 3B, CA, 0F, 84, E2, E2, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToW + 7D 77F7BF9E 35 Bytes [ 56, 00, 61, 00, 72, 00, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToW + A1 77F7BFC2 1 Byte [ 61 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeW + 8C 77F7C272 14 Bytes [ 56, 8B, F1, 8B, 46, 08, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeW + 9B 77F7C281 24 Bytes [ 75, 08, 6A, 40, FF, 15, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLockShared + 14 77F7C29B 1 Byte [ 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLockShared + 16 77F7C29D 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLockShared + 1D 77F7C2A4 24 Bytes [ 55, 8B, EC, 8B, 45, 14, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLockShared + 36 77F7C2BD 40 Bytes [ 89, 41, 14, 8B, 4D, 18, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHLockShared + 5F 77F7C2E6 113 Bytes [ 10, 00, 00, 50, 8B, CB, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteValueW + 17 77F7C358 26 Bytes [ 8B, 45, 14, 85, C0, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteValueW + 32 77F7C373 11 Bytes [ 76, 1C, FF, 15, 00, 10, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteValueW + 3F 77F7C380 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteValueW + 5B 77F7C39C 38 Bytes [ 8B, 4E, 08, 52, 51, 8D, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteValueW + 82 77F7C3C3 70 Bytes [ 15, 74, 14, F6, 77, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeW 77F7C4AB 6 Bytes [ 90, 90, 8B, FF, 55, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 7 77F7C4B2 40 Bytes [ FF, 75, 10, FF, 75, 0C, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 31 77F7C4DC 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 35 77F7C4E0 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 38 77F7C4E3 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathW + A 77F7D3BC 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathW + 25 77F7D3D7 55 Bytes [ 77, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathW + 5D 77F7D40F 14 Bytes [ 77, 6A, 01, 8B, CE, E8, 24, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathW + 6C 77F7D41E 129 Bytes [ 75, 10, 8B, 46, 38, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 11 77F7D4A0 11 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 1D 77F7D4AC 33 Bytes [ FF, 55, 8B, EC, 81, EC, 9C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 3F 77F7D4CE 65 Bytes [ 00, 8B, 55, 0C, 85, D2, 7F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 81 77F7D510 74 Bytes [ FF, FF, 83, BD, 68, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumValueW + B 77F7D55C 64 Bytes CALL D1CA086B
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumValueW + 79 77F7D5CA 51 Bytes [ FF, FF, 50, 8B, 85, 68, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumValueW + AD 77F7D5FE 6 Bytes [ 4D, FC, 8B, 85, 64, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHEnumValueW + BA 77F7D60B 256 Bytes [ C9, C2, 10, 00, 90, 03, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAutoComplete + CD 77F7D70C 127 Bytes [ 79, FE, FF, C9, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAutoComplete + 14D 77F7D78C 62 Bytes [ 33, ED, 8B, 44, 24, 14, 0B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAutoComplete + 18C 77F7D7CB 104 Bytes [ C8, 8B, C6, F7, 64, 24, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAutoComplete + 1FF 77F7D83E 37 Bytes [ 8D, 45, F0, 89, 45, 98, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHAutoComplete + 229 77F7D868 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlW + E5 77F7F05A 357 Bytes [ 43, 61, 63, 68, 65, 45, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 24B 77F7F1C0 72 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 294 77F7F209 446 Bytes [ 79, 73, 74, 65, 6D, 54, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 453 77F7F3C8 41 Bytes [ 49, 6E, 69, 74, 69, 61, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 47D 77F7F3F2 149 Bytes [ 90, 90, 49, 6E, 74, 65, 72, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlUnescapeW 77F7F4FC 323 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlUnescapeW + 144 77F7F640 132 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCanonicalizeW + 84 77F7F6C5 203 Bytes [ 90, 90, 90, 49, 6E, 74, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineW + 48 77F7F791 449 Bytes [ 6E, 64, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineW + 20B 77F7F954 17 Bytes [ 46, 74, 70, 46, 69, 6E, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineW + 21D 77F7F966 15 Bytes [ 90, 90, 46, 74, 70, 44, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineW + 22D 77F7F976 88 Bytes [ 00, 90, 46, 74, 70, 44, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCombineW + 286 77F7F9CF 25 Bytes [ 90, 46, 69, 6E, 64, 4E, 65, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatKBSizeW + 12 77F7FC93 41 Bytes [ 08, 50, FF, 51, 08, 39, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatKBSizeW + 3C 77F7FCBD 122 Bytes [ F1, 89, 46, 10, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatKBSizeW + B7 77F7FD38 59 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatKBSizeW + F3 77F7FD74 30 Bytes [ 71, 14, FF, 75, 08, FF, 71, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatKBSizeW + 113 77F7FD94 52 Bytes [ B5, ED, F7, 77, F9, EE, F7, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSkipJunction + 38 77F801D8 37 Bytes [ FF, 8B, D8, 66, 8B, 03, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSkipJunction + 5E 77F801FE 13 Bytes [ 00, 83, F8, 02, 0F, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSkipJunction + 6C 77F8020C 3 Bytes [ DE, 54, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSkipJunction + 72 77F80212 26 Bytes [ 74, 07, 81, 4F, 24, 00, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHSkipJunction + 8D 77F8022D 7 Bytes [ 53, 8B, CE, E8, B9, 54, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNA + 17 77F80A7C 20 Bytes [ E0, 53, 33, DB, 6A, 02, 43, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNA + 2C 77F80A91 157 Bytes CALL 7CE0508C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNA + CA 77F80B2F 30 Bytes JMP AA7D1A35
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNA + E9 77F80B4E 13 Bytes CALL 77F80954 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpNA + F7 77F80B5C 11 Bytes [ E0, 85, C0, 74, 05, 8B, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyW + 7 77F80C93 81 Bytes [ 7D, 10, 85, FF, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyW + 59 77F80CE5 7 Bytes [ 75, 14, 57, E8, F9, 96, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyW + 61 77F80CED 4 Bytes [ 83, C4, 10, 5E ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyW + 66 77F80CF2 29 Bytes [ 4D, FC, 8B, C7, 5F, E8, 24, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyW + 84 77F80D10 48 Bytes [ 00, 8B, 44, 24, 1C, 0B, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindExtensionA + 7 77F80FB5 157 Bytes [ 0C, 50, 89, 3E, 66, 89, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSearchAndQualifyW + 61 77F81054 17 Bytes [ 3D, 01, 00, 00, 80, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkW + 64 77F810BD 21 Bytes [ 15, 38, 14, F6, 77, A3, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkW + 7A 77F810D3 192 Bytes [ 66, A1, 78, D9, FC, 77, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkW + 158 77F811B1 56 Bytes [ 45, 08, 85, C0, 74, 17, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkW + 191 77F811EA 17 Bytes [ 6E, 00, 64, 00, 69, 00, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkW + 1A3 77F811FC 26 Bytes [ 49, 00, 44, 00, 00, 00, 33, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 16 77F8143E 24 Bytes [ 50, 8D, 85, F4, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 2F 77F81457 4 Bytes [ 85, C0, 75, 57 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 34 77F8145C 22 Bytes [ 85, F8, EF, FF, FF, 50, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 4C 77F81474 15 Bytes CALL 77F8158C C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 5C 77F81484 17 Bytes [ 50, 8D, 85, F4, EF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrNCatA + 4 77F815D3 55 Bytes [ 3D, 88, 14, F6, 77, C7, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrNCatA + 3C 77F8160B 60 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrNCatA + 7B 77F8164A 4 Bytes [ 10, 8B, 46, 2C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrNCatA + 81 77F81650 17 Bytes [ 0C, 8B, 08, FF, 75, 08, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrNCatA + 95 77F81664 58 Bytes [ B8, D4, D0, FC, 77, E9, 31, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeW + B 77F81A40 67 Bytes [ 85, C0, 0F, 84, 85, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeW + 4F 77F81A84 5 Bytes [ 15, B0, 11, F6, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeW + 55 77F81A8A 16 Bytes [ C0, 74, 0A, 80, 7D, EE, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeW + 70 77F81AA5 4 Bytes [ 4D, FC, 5F, 5E ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeW + 76 77F81AAB 1 Byte [ 35 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationA + 65 77F81F22 6 Bytes [ 89, BD, EC, FD, FF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationA + 6C 77F81F29 2 Bytes [ 3B, F9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationA + 70 77F81F2D 31 Bytes [ 3B, C6, 89, 85, E0, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationA + 90 77F81F4D 49 Bytes CALL 77F81F4F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationA + C2 77F81F7F 126 Bytes CALL 77F81EC8 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationW + 2 77F825A9 23 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationW + 1A 77F825C1 3 Bytes [ 74, 31, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationW + 1E 77F825C5 69 Bytes [ 66, 8B, 00, 5E, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationW + 64 77F8260B 50 Bytes [ 33, C0, 40, C3, 33, C0, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetLocationW + 97 77F8263E 10 Bytes [ 83, 7D, 1C, 00, 0F, 84, 48, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCA + 6E 77F82ECC 56 Bytes [ 75, 08, 89, 45, FC, 57, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCA + A7 77F82F05 16 Bytes CALL 77F82D47 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCA + B8 77F82F16 53 Bytes [ F8, 09, 0F, 94, C1, 51, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCA + EE 77F82F4C 17 Bytes [ FF, 8B, F0, 85, F6, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCmpCA + 100 77F82F5E 9 Bytes [ 90, 90, 3A, 00, 2F, 00, 2F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlA + 26 77F82F9B 22 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlA + 3D 77F82FB2 4 Bytes [ 5E, 5D, C2, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlA + 42 77F82FB7 159 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlA + E2 77F83057 4 Bytes [ EB, 65, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCreateFromUrlA + E9 77F8305E 34 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeW + B 77F830AC 61 Bytes [ 66, 83, 3E, 08, 0F, 84, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeW + 49 77F830EA 44 Bytes CALL 77F82F97 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeW + 76 77F83117 93 Bytes [ FF, FF, 8B, 46, 1C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeW + D4 77F83175 55 Bytes CALL 77F8041C C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeW + 14C 77F831ED 5 Bytes [ 57, E8, 7C, 4C, FE ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsOpaqueW + 19 77F8322B 63 Bytes [ 6A, 02, 59, 2B, C1, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsOpaqueW + 59 77F8326B 34 Bytes [ FF, B5, 1C, FD, FF, FF, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatBuffA + 1C 77F832A8 11 Bytes JMP 77F80863 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatBuffA + 28 77F832B4 50 Bytes [ 55, 8B, EC, 81, EC, 98, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatBuffA + 88 77F83314 4 Bytes [ 8C, ED, 23, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatBuffA + 8D 77F83319 44 Bytes [ 68, 60, 1F, F8, 77, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatBuffA + BB 77F83347 4 Bytes CALL 77F82FBB C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCServerA + 6 77F835FF 24 Bytes [ FF, 55, 8B, EC, 8D, 45, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCServerA + 20 77F83619 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCServerA + 45 77F8363E 43 Bytes [ 75, 08, 50, FF, 75, 0C, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCServerA + 71 77F8366A 71 Bytes [ EC, 0F, B7, 4D, 08, 8B, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsUNCServerA + BB 77F836B4 71 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!HashData + 82 77F838C4 310 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareW + 2E 77F839FB 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareW + 39 77F83A06 60 Bytes [ 75, 0C, 68, 4D, 2A, F8, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareW + 76 77F83A43 135 Bytes [ 25, 10, 15, F6, 77, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareW + FE 77F83ACB 50 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareW + 131 77F83AFE 17 Bytes [ 41, 41, 66, 8B, 01, 66, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetInverseCMAP + 2 77F84276 14 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetInverseCMAP + 11 77F84285 168 Bytes [ EB, F1, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetInverseCMAP + BC 77F84330 15 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetInverseCMAP + CC 77F84340 239 Bytes [ 84, C7, CE, 00, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHGetInverseCMAP + 1BC 77F84430 35 Bytes [ 15, 38, 14, F6, 77, 33, C9, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrIA + 5B2 77F8CA80 541 Bytes [ 94, 94, 94, 94, 94, 94, B7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesW + 1AC 77F8CC9E 1 Byte [ 6A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesW + 1AE 77F8CCA0 408 Bytes [ 8F, 8F, 8F, 8F, 8F, 8F, AB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrNCatW + E4 77F8CE39 565 Bytes [ 53, 75, 75, 75, 16, 16, 16, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateW + 15A 77F8D06F 62 Bytes [ FD, F9, F9, F9, 41, 41, 41, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateW + 199 77F8D0AE 71 Bytes [ CC, CC, 26, 26, 26, 47, 47, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateW + 1E1 77F8D0F6 752 Bytes [ 47, 47, 47, 47, 6A, 6A, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateW + 4D2 77F8D3E7 399 Bytes [ C3, C3, C3, C3, 1B, F4, F4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateW + 662 77F8D577 20 Bytes [ EC, 81, EC, 38, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorAdjustLuma + 5B 77FA12DF 87 Bytes [ 90, 43, 65, 72, 74, 43, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorAdjustLuma + B4 77FA1338 43 Bytes [ 40, 01, 00, 00, B1, 83, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorAdjustLuma + E0 77FA1364 25 Bytes [ E0, 83, FC, 77, 49, 01, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorAdjustLuma + FA 77FA137E 9 Bytes [ FC, 77, 50, 01, 00, 00, B1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!ColorAdjustLuma + 104 77FA1388 52 Bytes [ 51, 01, 00, 00, E0, 83, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCopyKeyA + 10 77FA1604 151 Bytes [ 7C, 7E, FC, 77, CC, 08, FA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCopyKeyA + A8 77FA169C 445 Bytes [ 7C, 7E, FC, 77, 44, 07, FA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCopyKeyW 77FA185A 22 Bytes [ 90, 90, 43, 41, 45, 6E, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCopyKeyW + 17 77FA1871 144 Bytes [ 6D, 43, 65, 72, 74, 54, 79, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteEmptyKeyW + 1D 77FA1902 17 Bytes [ 00, 00, 7C, 7E, FC, 77, DB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteEmptyKeyW + 2F 77FA1914 7 Bytes [ 74, 7E, FC, 77, 38, 09, FA ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHDeleteEmptyKeyW + 37 77FA191C 282 Bytes [ D4, 79, FC, 77, 28, 09, FA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryInfoKeyA + 9D 77FA1A37 92 Bytes [ 77, 34, 0B, FA, 77, E0, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHQueryInfoKeyA + FA 77FA1A94 89 Bytes [ 53, 64, 62, 52, 65, 61, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDeleteUSValueA + 57 77FA1AEE 15 Bytes [ 69, 6F, 6E, 00, 90, 90, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDeleteUSValueA + 67 77FA1AFE 90 Bytes [ 61, 62, 61, 73, 65, 00, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDeleteUSValueW + 19 77FA1B59 45 Bytes [ 65, 63, 6B, 53, 68, 65, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDeleteUSValueW + 47 77FA1B87 79 Bytes [ 77, 52, 75, 6E, 53, 65, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 34 77FA1BD7 95 Bytes [ 77, E0, 10, FA, 77, E0, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 94 77FA1C37 304 Bytes [ 77, F8, 0F, FA, 77, F8, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegEnumUSValueA + 31 77FA1D68 66 Bytes [ 50, 6F, 6C, 69, 63, 79, 49, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegEnumUSValueA + 74 77FA1DAB 170 Bytes [ 90, 53, 61, 66, 65, 72, 47, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegEnumUSValueW + 7F 77FA1E56 122 Bytes [ 65, 45, 78, 57, 00, 90, 52, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 5A 77FA1ED1 42 Bytes [ 65, 72, 79, 49, 6E, 66, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 85 77FA1EFC 13 Bytes [ 52, 65, 67, 4F, 70, 65, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetPathW + A 77FA1F0A 79 Bytes [ 90, 90, 52, 65, 67, 4F, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetPathW + 5A 77FA1F5A 48 Bytes [ 90, 90, 52, 65, 67, 44, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetPathW + 8C 77FA1F8C 46 Bytes [ 52, 65, 67, 43, 72, 65, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetPathA + 2D 77FA1FBB 48 Bytes [ 90, 4F, 70, 65, 6E, 54, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetPathA + 5E 77FA1FEC 165 Bytes [ 65, 67, 65, 56, 61, 6C, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 25 77FA2092 239 Bytes [ 72, 63, 65, 00, 90, 90, 43, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 115 77FA2182 48 Bytes [ 00, 00, 6D, 85, FC, 77, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 146 77FA21B3 27 Bytes [ 00, C0, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 164 77FA21D1 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 17C 77FA21E9 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetPathA + 13 77FA22E7 72 Bytes [ 99, F7, F9, 50, EB, 25, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetPathW + 2F 77FA2330 13 Bytes [ 75, 08, FF, 35, 60, D4, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetPathW + 3D 77FA233E 37 Bytes [ 5D, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetPathW + 63 77FA2364 12 Bytes [ 07, 80, EB, 30, 56, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetPathW + 70 77FA2371 24 Bytes [ 75, 10, 8D, 70, FF, 56, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegGetPathW + 89 77FA238A 98 Bytes [ 07, EB, 09, BB, 7A, 00, 07, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueA + 37 77FA2756 102 Bytes [ FF, 6A, 40, FF, 15, 84, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueA + 9E 77FA27BD 17 Bytes [ FF, 15, 40, 10, F6, 77, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueA + B0 77FA27CF 5 Bytes [ 8D, 85, F8, FE, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueA + B6 77FA27D5 4 Bytes [ FF, B5, E8, FD ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegSetUSValueA + BB 77FA27DA 177 Bytes [ FF, FF, B5, CC, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrIA + B 77FA44DA 8 Bytes [ 8D, 85, F0, FA, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrIA + 14 77FA44E3 37 Bytes [ F8, FA, FF, FF, 50, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrIA + 3A 77FA4509 61 Bytes [ 41, 18, 33, D2, F7, 71, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkA + 13 77FA4547 57 Bytes [ E2, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrPBrkA + 4D 77FA4581 54 Bytes [ 11, F6, 77, 50, 8D, 85, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToInt64ExA + 34 77FA45B8 6 Bytes [ FA, FF, FF, 50, 0F, B7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToInt64ExA + 3B 77FA45BF 11 Bytes [ E6, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToInt64ExA + 47 77FA45CB 57 Bytes [ 50, 0F, B7, 85, E0, FA, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntExA + 2 77FA4605 9 Bytes [ 50, FF, B5, F4, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrToIntExA + C 77FA460F 324 Bytes [ B5, F4, FA, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCSpnIA + 16 77FA4754 47 Bytes [ 6C, 75, 2C, 25, 6C, 75, 09, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCSpnIA + 46 77FA4784 62 Bytes [ 5C, 73, 68, 70, 65, 72, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIA + 4C 77FA47D4 27 Bytes [ 81, A5, F4, FE, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIA + 68 77FA47F0 22 Bytes [ FF, A1, AC, D3, FC, 77, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRStrIA + 7F 77FA4807 96 Bytes [ CB, 23, 08, 66, F7, C1, 49, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNW + 4C 77FA4868 11 Bytes [ FF, FF, 89, 06, 8B, 45, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNW + 58 77FA4874 7 Bytes [ 15, A4, 11, F6, 77, 84, DB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNW + 60 77FA487C 29 Bytes [ BD, F0, FE, FF, FF, 89, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + D 77FA489A 70 Bytes [ 51, FF, B5, F0, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 54 77FA48E1 5 Bytes [ 57, FF, B5, F8, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 5A 77FA48E7 4 Bytes [ FF, FF, 70, 60 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 5F 77FA48EC 40 Bytes [ D1, A1, AC, D3, FC, 77, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 88 77FA4915 108 Bytes [ 15, 57, FF, B5, F8, FE, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimA + 2 77FA4982 40 Bytes [ 08, 00, 00, 00, A1, AC, D3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimA + 2B 77FA49AB 61 Bytes [ 4D, FC, 8B, 85, EC, FE, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimA + 69 77FA49E9 40 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrTrimA + 92 77FA4A12 83 Bytes [ 56, 56, 68, 00, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBSTR + 2D 77FA4A66 15 Bytes [ FF, 55, 8B, EC, 5D, E9, 25, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBSTR + 3D 77FA4A76 57 Bytes [ FF, 55, 8B, EC, 81, EC, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBSTR + 77 77FA4AB0 6 Bytes [ 75, 1C, 8D, 85, FC, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBSTR + 7E 77FA4AB7 4 Bytes [ FF, FF, 75, 18 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBSTR + 83 77FA4ABC 9 Bytes [ 75, 14, FF, 75, 10, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBufA + 15 77FA4B06 1 Byte [ 48 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBufA + 17 77FA4B08 56 Bytes [ 47, 48, 0F, 85, 60, 01, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToBufA + 50 77FA4B41 111 Bytes [ 15, F4, 17, F6, 77, A3, D0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHStrDupA + 41 77FA4BB1 28 Bytes [ 83, C4, 10, 33, DB, 53, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrCatChainW + 2 77FA4BCE 105 Bytes [ FF, A1, AC, D3, FC, 77, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrChrNIW + 1D 77FA4C38 73 Bytes [ 15, 68, 14, F6, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRChrIW + 23 77FA4C82 120 Bytes [ 00, 90, 53, 68, 65, 6C, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNIW + E 77FA4CFB 39 Bytes [ 06, 83, 7D, 14, 08, 75, 32, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNIW + 36 77FA4D23 62 Bytes [ 53, 53, 6A, 03, 6A, 01, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNIW + 75 77FA4D62 69 Bytes [ 41, 20, EB, 0D, 33, D2, F7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNIW + BB 77FA4DA8 6 Bytes [ 53, 61, 6D, 65, 25, 73 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrStrNIW + C2 77FA4DAF 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSize64A + 4 77FA4F73 69 Bytes [ 80, A4, 00, 00, 00, 89, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeA + 4 77FA4FB9 9 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeA + E 77FA4FC3 42 Bytes [ C9, C2, 04, 00, 90, 25, 73, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeA + 39 77FA4FEE 29 Bytes [ 45, 08, 8B, 0D, AC, D3, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFormatByteSizeA + 57 77FA500C 50 Bytes [ 00, A1, 80, D2, FC, 77, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrA + 2F 77FA5040 8 Bytes [ 75, 07, 6A, 01, E8, 88, EE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrA + 38 77FA5049 80 Bytes [ 56, FF, 75, 28, 68, 02, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrA + 89 77FA509A 16 Bytes [ 00, 00, 6A, 27, 8D, 45, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrA + 9A 77FA50AB 11 Bytes [ 18, F6, 77, A1, AC, D3, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrRetToStrA + A6 77FA50B7 47 Bytes [ C0, 74, 12, 6A, 13, 57, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFromTimeIntervalA + 46 77FA5296 88 Bytes [ EB, FF, FF, 8B, F8, E8, D1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 34 77FA52EF 174 Bytes [ 12, 56, 57, 6A, 42, 6A, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + E5 77FA53A0 38 Bytes [ 8D, 85, 24, FF, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 119 77FA53D4 1 Byte [ 6A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 11B 77FA53D6 32 Bytes [ 6A, 03, 6A, 03, 8D, 85, 4C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 13C 77FA53F7 2 Bytes [ 90, 41 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceA + 4B 77FA60C8 3 Bytes [ 85, 7C, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceA + 4F 77FA60CC 6 Bytes [ FF, 56, 50, E8, 8C, FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceA + 56 77FA60D3 5 Bytes [ FF, 8D, 85, 7C, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceA + 5C 77FA60D9 62 Bytes [ FF, 50, FF, 75, 0C, 57, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!IsCharSpaceA + 9B 77FA6118 15 Bytes [ FF, 6A, 01, 8D, 45, 14, 50, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsA + 2 77FA7018 19 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsA + 16 77FA702C 5 Bytes [ 00, 00, 00, C0, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsA + 1C 77FA7032 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsA + 30 77FA7046 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveArgsA + 34 77FA704A 136 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindSuffixArrayA + 19 77FA70D4 98 Bytes [ 0C, 8D, 45, FC, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindSuffixArrayA + 7C 77FA7137 70 Bytes [ 8B, DE, 57, FF, 15, 88, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionA + 21 77FA717F 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionA + 25 77FA7183 4 Bytes [ EC, 51, 51, 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveExtensionA + 2A 77FA7188 321 Bytes [ 5D, 14, 56, 57, 8B, 7D, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsPrefixA + 1E 77FA72CA 82 Bytes [ 15, 78, 14, F6, 77, 3B, C6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveFileSpecA + 11 77FA731D 114 Bytes [ 56, 68, 88, D3, FC, 77, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsFileSpecA + 6 77FA7390 117 Bytes [ 00, 89, 45, E4, 53, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetDriveNumberA + 2 77FA7406 5 Bytes [ 75, D0, FF, D6, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetDriveNumberA + 8 77FA740C 113 Bytes [ D4, FF, D6, FF, 75, B4, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 2 77FA747E 31 Bytes [ 75, B4, FF, 75, B0, FF, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 23 77FA749F 38 Bytes CALL 4EA2AAA3
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 4A 77FA74C6 7 Bytes [ F8, 89, 44, 0D, D8, FF, D6 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 53 77FA74CF 1 Byte [ F4 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 55 77FA74D1 168 Bytes [ D6, 83, 45, FC, 04, 83, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryA + 2 77FA757A 34 Bytes [ FF, 66, 8C, 85, BC, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryA + 25 77FA759D 12 Bytes [ 01, 00, 01, 00, 8B, 45, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryA + 32 77FA75AA 19 Bytes [ 8D, 45, 04, 89, 85, EC, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryA + 46 77FA75BE 19 Bytes [ FF, 6A, 14, 59, 33, C0, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryA + 5A 77FA75D2 41 Bytes [ 09, 04, 00, C0, 8B, 45, 04, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnquoteSpacesA + 1D 77FA76AB 22 Bytes [ 57, 8B, F0, FF, 15, 00, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnquoteSpacesA + 34 77FA76C2 4 Bytes [ 81, E6, FF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnquoteSpacesA + 39 77FA76C7 11 Bytes [ 00, 81, CE, 00, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathQuoteSpacesA + 39 77FA7705 33 Bytes [ 75, 0C, FF, 75, 08, E8, B4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindNextComponentA + 7 77FA7727 24 Bytes [ D8, 85, DB, 74, 2A, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindNextComponentA + 20 77FA7740 3 Bytes [ 8B, F0, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindNextComponentA + 24 77FA7744 16 Bytes [ 75, 07, 8B, 45, 14, 89, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindNextComponentA + 35 77FA7755 20 Bytes [ 03, 6A, 0E, 5E, 85, F6, 7E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindNextComponentA + 4A 77FA776A 70 Bytes [ C6, 5E, 5B, C9, C2, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMatchSpecA + 2 77FA789A 95 Bytes [ 75, 0C, FF, 75, 08, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSkipRootA + 12 77FA78FA 77 Bytes CALL 77F82C98 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSkipRootA + 60 77FA7948 19 Bytes [ 00, 53, 6A, 40, 89, 5D, F4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSameRootA + F 77FA795C 10 Bytes [ 39, 7D, FC, 74, 1B, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSameRootA + 1A 77FA7967 53 Bytes [ 8B, F8, 8B, C1, C1, E9, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsURLA + 8 77FA799D 50 Bytes [ 3B, 08, 75, 13, 6A, 00, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeA + 4 77FA79D0 16 Bytes [ FB, 8B, 5D, F4, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeA + 15 77FA79E1 13 Bytes [ 20, 85, FF, 74, 51, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeA + 23 77FA79EF 3 Bytes [ 8E, FE, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeA + 27 77FA79F3 41 Bytes [ 39, 5D, 18, 89, 45, 20, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsContentTypeA + 52 77FA7A1E 15 Bytes [ 75, 08, 39, 4D, 14, 75, 03, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeA + C 77FA7A58 158 Bytes [ F3, 74, 6B, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeA + AC 77FA7AF8 160 Bytes [ 14, 53, 8B, 5D, 18, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeA + 14D 77FA7B99 17 Bytes [ 85, B4, FE, FF, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeA + 15F 77FA7BAB 40 Bytes [ FF, 8D, 85, BC, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathGetCharTypeA + 189 77FA7BD5 1 Byte [ B0 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderA + 1C 77FA7C57 184 Bytes [ B5, B4, FE, FF, FF, E8, 2C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateA + 18 77FA7D10 78 Bytes CALL 77FA7775 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateA + 67 77FA7D5F 34 Bytes [ 15, 88, 14, F6, 77, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateA + 8A 77FA7D82 252 Bytes [ 65, 49, 6E, 66, 6F, 5C, 30, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateA + 187 77FA7E7F 6 Bytes [ 07, 80, 74, 41, 3B, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUndecorateA + 18E 77FA7E86 52 Bytes [ 0C, 3B, D3, 75, 05, 39, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyA + 1 77FA805E 78 Bytes [ 35, D8, 11, F6, 77, 57, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyA + 50 77FA80AD 7 Bytes [ 5D, C2, 08, 00, 33, C0, 40 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyA + 63 77FA80C0 1 Byte [ 83 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyA + 65 77FA80C2 51 Bytes [ 0C, 53, 56, 33, F6, 39, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakePrettyA + 99 77FA80F6 60 Bytes [ D7, 8B, 75, F8, 3B, F0, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveBlanksA + 33 77FA822B 25 Bytes [ D8, 8B, CB, 2B, 4D, 0C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveBlanksA + 4D 77FA8245 84 Bytes [ 85, C0, 74, 16, 80, 3F, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveBackslashA + 45 77FA829A 14 Bytes [ 10, 00, 5F, EB, 02, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRemoveBackslashA + 57 77FA82AC 9 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootA + 9 77FA82B6 9 Bytes [ 74, 27, 39, 45, 0C, 74, 22, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootA + 13 77FA82C0 5 Bytes [ 75, 08, FF, 75, 0C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootA + 19 77FA82C6 2 Bytes [ DD, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripToRootA + 1D 77FA82CA 45 Bytes [ FF, 75, 08, 8B, F0, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsNetworkPathA + 19 77FA82F8 3 Bytes [ 04, 90, FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsNetworkPathA + 1D 77FA82FC 33 Bytes [ 85, C0, 75, 03, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathStripPathA + 7 77FA831E 76 Bytes [ C7, 8B, F7, 74, 29, 8A, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + 27 77FA836B 32 Bytes [ 38, 46, 01, 74, 0F, 88, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + 48 77FA838C 27 Bytes [ 55, 8B, EC, 8B, 45, 08, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + 64 77FA83A8 91 Bytes [ 15, EC, 17, F6, 77, 8A, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + C0 77FA8404 82 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathA + 4A 77FA8457 2 Bytes [ 55, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathA + 4D 77FA845A 34 Bytes [ 8B, 45, 08, EB, 0F, 80, 38, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathA + 70 77FA847D 25 Bytes [ FF, 55, 8B, EC, 56, 33, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathA + 8A 77FA8497 24 Bytes [ 74, 4D, 68, F0, 74, FA, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathA + A3 77FA84B0 29 Bytes [ 6A, 00, FF, 75, 08, 6A, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + 5D 77FA8722 13 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + 6B 77FA8730 2 Bytes [ 74, 28 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + 6E 77FA8733 1 Byte [ 5C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + D2 77FA8797 91 Bytes [ 00, 00, 3C, 3F, 74, 4E, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathParseIconLocationA + 57 77FA87F3 295 Bytes [ 00, 75, 91, 80, 3F, 00, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 109 77FA891B 91 Bytes [ F0, 85, F6, 74, 21, 46, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 165 77FA8977 145 Bytes [ 0C, 2B, F7, 40, 3B, F0, 7F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 1F7 77FA8A09 15 Bytes [ 51, 56, 50, 6A, 0E, 56, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 214 77FA8A26 66 Bytes [ FE, FF, FF, 50, FF, 15, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 257 77FA8A69 129 Bytes [ 3B, 48, 48, 74, 0E, 83, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToA + 27 77FA8FB1 16 Bytes [ 15, 6C, 14, F6, 77, 8B, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToA + 38 77FA8FC2 32 Bytes [ 8D, 85, F8, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToA + 59 77FA8FE3 30 Bytes [ 15, EC, 11, F6, 77, EB, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToA + 78 77FA9002 12 Bytes [ 55, 8B, EC, 6A, 00, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRelativePathToA + 85 77FA900F 2 Bytes [ FF, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExA + 43 77FA913C 63 Bytes [ FF, 50, 8D, 85, D0, FE, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExA + 83 77FA917C 24 Bytes [ 03, 33, FF, 47, FF, B5, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExA + 9C 77FA9195 3 Bytes [ 87, BE, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExA + A0 77FA9199 17 Bytes [ C9, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExA + B2 77FA91AB 50 Bytes [ 56, 57, 74, 3C, 83, 7D, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 2 77FA9479 5 Bytes [ FF, FF, D7, 8B, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 8 77FA947F 49 Bytes [ 39, 85, E0, FE, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 3A 77FA94B1 167 Bytes [ B5, F0, FE, FF, FF, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + E2 77FA9559 2 Bytes [ FF, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + E5 77FA955C 4 Bytes [ B5, F0, FE, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringA + 29 77FAFE46 17 Bytes [ B5, 80, F3, FF, FF, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringA + 3B 77FAFE58 5 Bytes [ B5, 78, F3, FF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringA + 41 77FAFE5E 8 Bytes [ B5, C4, F9, FF, FF, FF, B5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringA + 4B 77FAFE68 17 Bytes [ FF, FF, 15, 54, 13, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringA + 5D 77FAFE7A 36 Bytes [ 73, 04, 8B, F3, 8D, BD, 30, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + B 77FAFF63 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 52 77FAFFAA 4 Bytes [ B5, EC, FD, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 57 77FAFFAF 8 Bytes [ 56, FF, 15, E0, D1, FC, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 60 77FAFFB8 2 Bytes CALL 03FAFFBA
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 64 77FAFFBC 5 Bytes [ 8B, F0, E8, D2, A4 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyA + 2 77FB006F 30 Bytes [ 75, 14, 56, 57, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyA + 21 77FB008E 18 Bytes [ 8B, 45, F8, 68, EC, 03, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyA + 3F 77FB00AC 11 Bytes [ 74, 16, 85, F6, 74, 12, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyA + 4B 77FB00B8 21 Bytes CALL 77FAA700 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!AssocQueryKeyA + 61 77FB00CE 23 Bytes [ FF, 8B, 4D, FC, 8B, C7, 5F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindSuffixArrayW + 2F 77FB100C 23 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindSuffixArrayW + 70 77FB104D 2 Bytes [ FF, E8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathFindSuffixArrayW + 73 77FB1050 29 Bytes [ C5, FB, FF, 8B, 85, DC, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathQuoteSpacesW + 7 77FB106E 52 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSkipRootW + 13 77FB10D5 94 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSameRootW + 15 77FB1134 47 Bytes [ BF, 04, 01, 00, 00, 57, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsSameRootW + 45 77FB1164 184 Bytes [ 00, 8B, 86, 84, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 11 77FB1237 25 Bytes [ 90, 25, 00, 25, 00, 25, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 2B 77FB1251 3 Bytes [ 55, 8B, EC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 30 77FB1256 73 Bytes [ 39, 05, 68, DA, FC, 77, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 6 77FB12A0 1 Byte [ 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 8 77FB12A2 9 Bytes [ 57, 8B, 7D, 0C, 8D, 8D, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 12 77FB12AC 92 Bytes [ 89, 85, 6C, FF, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + F6 77FB1390 7 Bytes [ 75, 11, 6A, FF, FF, B5, 68 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 108 77FB13A2 35 Bytes [ F8, 8D, 8D, 70, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathRenameExtensionW + 2E 77FB1440 192 Bytes [ 8D, 70, FF, FF, FF, E8, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + 97 77FB1501 21 Bytes [ D3, 8D, 44, 00, 02, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + AD 77FB1517 5 Bytes [ FF, E8, 42, 92, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + B3 77FB151D 44 Bytes [ 6A, 00, 8D, 85, F0, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathW + 15 77FB154A 116 Bytes [ F4, FD, FF, FF, 50, FF, B5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathW + 8C 77FB15C1 22 Bytes [ 89, 85, E0, FD, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathW + A3 77FB15D8 16 Bytes [ FF, 83, 85, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathW + B4 77FB15E9 10 Bytes [ 5E, 5B, 8B, 4D, FC, 8B, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathW + D0 77FB1605 46 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]

Edited by Crystal_Rod, 03 November 2008 - 11:19 PM.


#9 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 11:17 PM

GMER (3 OF 4 PARTS):

.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 14 77FB17FD 12 Bytes [ FB, 77, 89, 85, E4, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 21 77FB180A 9 Bytes [ FF, 68, 04, 01, 00, 00, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 2B 77FB1814 1 Byte [ BD ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 33 77FB181C 9 Bytes [ FB, FF, 83, C4, 10, 8D, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 3D 77FB1826 22 Bytes [ FF, 50, 8D, 85, F0, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExW + 34 77FB1B26 79 Bytes [ EB, 03, 33, DB, 43, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExW + CC 77FB1BBE 83 Bytes [ 98, FB, FF, 8B, 4D, FC, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExW + 120 77FB1C12 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExW + 130 77FB1C22 62 Bytes [ A1, 80, D2, FC, 77, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathCompactPathExW + 16F 77FB1C61 60 Bytes [ 83, 04, 07, 80, 83, E3, 40, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + 5F 77FB1EC8 7 Bytes [ 55, 8B, EC, 81, EC, 0C, 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + 67 77FB1ED0 59 Bytes [ 00, A1, 80, D2, FC, 77, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + A3 77FB1F0C 11 Bytes [ 8B, F8, 85, FF, 74, 3A, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + AF 77FB1F18 26 Bytes [ 15, 70, 14, F6, 77, 8D, 44, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + CA 77FB1F33 13 Bytes [ 0D, 68, 24, 62, F9, 77, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 3B 77FB6158 64 Bytes [ 85, C0, 74, 4D, 83, 7D, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 7C 77FB6199 11 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 88 77FB61A5 30 Bytes [ 50, 14, 8B, D8, 5F, 8B, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + A7 77FB61C4 21 Bytes [ 39, 7D, 14, 75, 0A, B8, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + BD 77FB61DA 12 Bytes [ 08, F6, 86, 18, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 40 77FB6EA8 10 Bytes [ 15, 70, 13, F6, 77, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 4B 77FB6EB3 2 Bytes [ 69, E1 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 4F 77FB6EB7 1 Byte [ C9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 51 77FB6EB9 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 54 77FB6EBC 75 Bytes [ 41, 64, 64, 49, 6E, 74, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 3F 77FB6F08 4 Bytes [ 56, 68, 02, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 60 77FB6F29 1 Byte [ 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 7C 77FB6F45 7 Bytes [ FF, 55, 8B, EC, 56, 6A, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 84 77FB6F4D 36 Bytes [ 75, 0C, BE, F8, 62, F9, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + A9 77FB6F72 1 Byte [ 56 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 41 77FBDE36 1 Byte [ 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 43 77FBDE38 2 Bytes [ 4B, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 46 77FBDE3B 74 Bytes [ 00, 57, FF, 15, C4, 17, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + D3 77FBDEC8 37 Bytes [ FF, 75, 14, FF, 75, 10, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + FA 77FBDEEF 107 Bytes [ 10, FF, 35, 80, DC, FC, 77, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareA + 24 77FBED91 1 Byte [ 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareA + 26 77FBED93 12 Bytes CALL 77FADA37 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareA + 33 77FBEDA0 9 Bytes [ 15, 88, 14, F6, 77, EB, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareA + 3D 77FBEDAA 12 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCompareA + 4A 77FBEDB7 133 Bytes [ C9, C3, 90, 90, 90, 70, 73, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashA 77FBEE82 54 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashA + 3A 77FBEEBC 77 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashW + 4D 77FBEF0A 71 Bytes [ 5D, C2, 0C, 00, 90, 90, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashW + 95 77FBEF52 43 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashW + C1 77FBEF7E 214 Bytes [ 45, 08, 50, 57, 57, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashW + 198 77FBF055 99 Bytes [ FF, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlHashW + 1FC 77FBF0B9 58 Bytes [ 8D, 8D, F8, FE, FF, FF, 89, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeA + 1 77FBF73E 7 Bytes [ 00, 25, 00, FF, 00, 00, 09 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeA + 9 77FBF746 29 Bytes [ 83, 7B, 14, 00, 74, 0A, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeA + 27 77FBF764 36 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeA + 4C 77FBF789 40 Bytes [ 85, C0, 74, 12, 6A, 0A, 59, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlEscapeA + 75 77FBF7B2 35 Bytes [ 41, 24, 85, C0, 75, 13, 39, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartA + 2D 77FBF857 1 Byte [ 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartA + 2F 77FBF859 76 Bytes [ 00, 23, C3, 50, FF, 76, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartA + 7C 77FBF8A6 8 Bytes [ 76, 14, FF, 76, 10, E8, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartA + 87 77FBF8B1 34 Bytes [ 75, F8, 89, 45, 08, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlGetPartA + AA 77FBF8D4 24 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlUnescapeA + 13 77FBF943 100 Bytes [ FF, 55, 8B, EC, 51, 83, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlUnescapeA + 78 77FBF9A8 16 Bytes [ F4, C7, 45, FC, 05, 40, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlUnescapeA + 89 77FBF9B9 34 Bytes [ 55, 8B, EC, 8B, 45, 08, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 1A 77FBF9DC 68 Bytes [ EC, 81, EC, 34, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 5F 77FBFA21 39 Bytes [ 50, 01, 00, 00, 56, BE, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 87 77FBFA49 35 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathA + AB 77FBFA6D 33 Bytes [ FF, 89, BD, D8, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlCreateFromPathA + CD 77FBFA8F 69 Bytes [ 50, 6A, FF, 8D, 85, F8, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeA + 27 77FBFAD6 17 Bytes [ FF, 50, 8D, 85, F4, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeA + 39 77FBFAE8 3 Bytes CALL C8FBFAE8
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeA + 3E 77FBFAED 8 Bytes [ 50, 8D, 85, F8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeA + 47 77FBFAF6 11 Bytes [ B5, D8, FB, FF, FF, 89, B5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeA + 53 77FBFB02 11 Bytes [ B5, DC, FB, FF, FF, 89, B5, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeW 77FBFB8A 56 Bytes [ 90, 90, 53, 6F, 66, 74, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeW + 39 77FBFBC3 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeW + B4 77FBFC3E 1 Byte [ 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeW + F9 77FBFC83 38 Bytes [ 00, 5C, 00, 57, 00, 69, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlApplySchemeW + 120 77FBFCAA 48 Bytes [ 73, 00, 69, 00, 6F, 00, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 1C 77FC0002 36 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 41 77FC0027 1 Byte [ 6A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 43 77FC0029 1 Byte [ 6A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 45 77FC002B 6 Bytes [ 6A, 2F, 53, FF, 76, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 4C 77FC0032 113 Bytes CALL 77F83B77 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 1D 77FC024E 72 Bytes [ 4C, 4D, BC, 66, 85, C9, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 66 77FC0297 12 Bytes [ A8, EF, FF, FF, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 73 77FC02A4 75 Bytes [ FF, 8B, 8D, A0, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + BF 77FC02F0 18 Bytes [ FF, 83, BD, A4, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + D2 77FC0303 16 Bytes [ FF, B5, AC, EF, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamW 77FC23BE 128 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 81 77FC243F 23 Bytes CALL BDC32DB9
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 99 77FC2457 100 Bytes [ 56, FF, 15, 8C, 13, F6, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamW + FE 77FC24BC 11 Bytes [ 68, D2, 12, FC, 77, 89, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 10A 77FC24C8 63 Bytes [ 15, E4, 13, F6, 77, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DllGetVersion + 47 77FC5B30 20 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DllGetVersion + 5C 77FC5B45 20 Bytes [ FF, 75, 10, 89, 45, E8, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DllGetVersion + 10F 77FC5BF8 51 Bytes [ 55, 8B, EC, 8B, 45, 08, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DllGetVersion + 143 77FC5C2C 146 Bytes [ 55, 8B, EC, 53, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DllGetVersion + 1D6 77FC5CBF 100 Bytes [ 8B, 46, 24, 2B, C7, C1, E0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 20 77FC6BB5 82 Bytes [ 55, 8B, EC, 8B, 45, 08, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 74 77FC6C09 6 Bytes [ 5E, 0F, 95, C1, 8B, C1 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 7C 77FC6C11 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 83 77FC6C18 58 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!DelayLoadFailureHook + BE 77FC6C53 94 Bytes [ 55, 8B, EC, 56, 33, F6, 39, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + B 77FC7B36 3 Bytes [ 6F, 00, 66 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + F 77FC7B3A 29 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 2D 77FC7B58 19 Bytes [ 6E, 00, 74, 00, 56, 00, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 41 77FC7B6C 3 Bytes [ 45, 00, 78 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 45 77FC7B70 15 Bytes [ 70, 00, 6C, 00, 6F, 00, 72, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WdtpInterfacePointer_UserFree + FFEDCA77 774E1939 55 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WdtpInterfacePointer_UserFree + FFEDCAAF 774E1971 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WdtpInterfacePointer_UserFree + FFEDCABA 774E197C 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WdtpInterfacePointer_UserFree + FFEDCAC1 774E1983 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WdtpInterfacePointer_UserFree + FFEDCACA 774E198C 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemAlloc + B5 774FD115 10 Bytes [ 43, 6F, 6E, 76, 65, 72, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemAlloc + C0 774FD120 35 Bytes [ 47, 65, 74, 44, 6F, 63, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemAlloc + E4 774FD144 19 Bytes [ 6C, 6F, 62, 61, 6C, 46, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemAlloc + F8 774FD158 37 Bytes [ 47, 65, 74, 48, 47, 6C, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemAlloc + 11E 774FD17E 2 Bytes [ 47, 65 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsValidInterface + 52 774FD48B 44 Bytes [ 73, 65, 72, 55, 6E, 6D, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsValidInterface + 7F 774FD4B8 277 Bytes [ 61, 72, 73, 68, 61, 6C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsValidInterface + 195 774FD5CE 7 Bytes [ 65, 6C, 61, 74, 69, 76, 65 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsValidInterface + 19D 774FD5D6 204 Bytes [ 61, 74, 68, 54, 6F, 00, 4F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsValidInterface + 26A 774FD6A3 87 Bytes [ 4F, 6C, 65, 43, 72, 65, 61, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetMalloc + C5 774FDDCD 94 Bytes [ 55, 74, 47, 65, 74, 44, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromGUID2 + 1A 774FDE2C 6 Bytes [ 57, 64, 74, 70, 49, 6E ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromGUID2 + 21 774FDE33 71 Bytes [ 65, 72, 66, 61, 63, 65, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromGUID2 + 69 774FDE7B 45 Bytes [ 57, 72, 69, 74, 65, 43, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromGUID2 + 97 774FDEA9 47 Bytes [ 57, 72, 69, 74, 65, 53, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromGUID2 + C7 774FDED9 20 Bytes [ 35, 50, 77, F3, 1D, 53, 77, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateBindCtx + 91 774FE5DD 6 Bytes [ EB, 52, 77, 4A, 50, 58 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateBindCtx + 98 774FE5E4 16 Bytes [ 11, EB, 52, 77, 5B, 50, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateBindCtx + AB 774FE5F7 9 Bytes [ 90, 90, 8B, FF, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateBindCtx + B5 774FE601 1 Byte [ C0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateBindCtx + B7 774FE603 3 Bytes [ 85, 3F, EE ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetState + 2 774FEDF8 9 Bytes [ 83, C6, 48, 6A, 27, 66, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetState + C 774FEE02 4 Bytes [ 66, 83, 66, 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetState + 11 774FEE07 14 Bytes [ 58, 5E, 5D, C2, 0C, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetState + 20 774FEE16 3 Bytes [ EC, 57, 33 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetState + 24 774FEE1A 17 Bytes [ 39, 7D, 08, 74, 3B, E8, 62, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetErrorInfo + 52 774FEEFC 4 Bytes [ 84, 33, 4A, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetErrorInfo + 57 774FEF01 33 Bytes [ A1, 98, 61, 60, 77, 57, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetErrorInfo + 79 774FEF23 4 Bytes [ 15, 84, 12, 4E ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetErrorInfo + 7E 774FEF28 63 Bytes [ 89, 7E, 04, 89, 06, FF, 05, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateGuid + 37 774FEF68 14 Bytes [ 00, 0F, 85, 34, 85, 05, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateGuid + 47 774FEF78 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeEx + 1 774FEF7C 2 Bytes [ EC, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeEx + 4 774FEF7F 30 Bytes [ 75, 08, 56, 6A, 01, 6A, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeEx + 23 774FEF9E 4 Bytes [ 5E, 5D, C2, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeEx + 28 774FEFA3 18 Bytes [ 90, 90, 90, 90, 90, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeEx + 3B 774FEFB6 36 Bytes [ C3, 90, 6D, 56, 58, 77, 27, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RegisterDragDrop + 35 774FF65F 21 Bytes [ 55, 8B, EC, 56, 8B, F1, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RegisterDragDrop + 4B 774FF675 67 Bytes [ FF, 8B, C6, 5E, 5D, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RegisterDragDrop + 8F 774FF6B9 43 Bytes [ 61, 60, 77, 89, 5E, 0C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RegisterDragDrop + BB 774FF6E5 6 Bytes [ FF, 35, 00, 60, 60, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitialize + 2 774FF6EC 17 Bytes [ 15, 50, 61, 60, 77, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitialize + 14 774FF6FE 11 Bytes [ 6A, 0C, 68, 48, E7, 4F, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitialize + 20 774FF70A 38 Bytes [ 33, C0, 89, 45, FC, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitialize + 94 774FF77E 5 Bytes [ 00, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitialize + 9A 774FF784 51 Bytes [ 8B, FF, 55, 8B, EC, 56, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateInstance + A 77500588 35 Bytes [ EC, 8B, 45, 08, 8D, 50, 34, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateInstance + 2F 775005AD 2 Bytes [ 57, 33 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateInstance + 32 775005B0 56 Bytes [ F6, 46, 28, 01, 89, 7D, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateInstance + B3 77500631 5 Bytes [ 75, 0C, 33, DB, E8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateInstance + B9 77500637 24 Bytes [ DD, FF, FF, 85, C0, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitialize 77502A53 137 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitialize + 8A 77502ADD 13 Bytes [ 53, 57, 8D, 45, FC, 50, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitialize + 98 77502AEB 34 Bytes [ 75, 0C, FF, 75, 08, E8, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitialize + BB 77502B0E 46 Bytes [ 55, 8B, EC, 51, 83, 65, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitialize + EB 77502B3E 60 Bytes [ 8B, 45, 08, 8D, 7B, 1C, A5, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeAllLibraries + F 77503516 30 Bytes [ C7, 5F, 5E, 5D, C2, 0C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeAllLibraries + 2E 77503535 12 Bytes [ 64, A1, 18, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeAllLibraries + 3B 77503542 23 Bytes CALL 20212C4E
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeAllLibraries + 53 7750355A 5 Bytes [ 64, A1, 18, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeAllLibraries + 59 77503560 25 Bytes [ 8B, 80, 80, 0F, 00, 00, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStreamOnHGlobal + 2 77505E82 38 Bytes [ 75, 08, 8B, F1, 89, 1E, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStreamOnHGlobal + 29 77505EA9 39 Bytes [ 00, 89, 06, 89, 5E, 14, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStreamOnHGlobal + 51 77505ED1 73 Bytes [ 89, 46, 54, 8B, 45, 0C, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStreamOnHGlobal + 9B 77505F1B 21 Bytes [ 89, 46, 58, 8B, 45, 10, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStreamOnHGlobal + B1 77505F31 80 Bytes CALL 77504C1E C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorage + 2 77507396 46 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorage + 31 775073C5 41 Bytes [ FF, 15, C4, 10, 4E, 77, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorage + 5B 775073EF 43 Bytes [ 16, 8D, 45, C4, 50, 53, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorage + 87 7750741B 63 Bytes [ 85, C0, FF, 75, C4, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorage + C7 7750745B 17 Bytes [ 4E, 77, 85, C0, 74, 28, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetRunningObjectTable + 33 7750BCC7 60 Bytes [ 3B, C7, 74, 25, 39, BE, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetRunningObjectTable + 70 7750BD04 45 Bytes [ 00, 8B, 00, 03, 46, 04, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetRunningObjectTable + 9F 7750BD33 33 Bytes [ 00, 8D, 8E, 04, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetRunningObjectTable + C1 7750BD55 44 Bytes [ 8D, 8E, 98, 02, 00, 00, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetRunningObjectTable + EE 7750BD82 23 Bytes [ 00, 00, 8B, 00, 03, 86, 88, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DllGetClassObject + 1 7750C308 33 Bytes [ F0, 85, F6, 7D, 66, 6A, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DllGetClassObject + 23 7750C32A 1 Byte [ 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DllGetClassObject + 25 7750C32C 56 Bytes JMP 775046B8 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DllGetClassObject + 5F 7750C366 8 Bytes JMP 77508E61 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DllGetClassObject + 68 7750C36F 2 Bytes [ A9, FC ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromCLSID + 2 7750CA9A 52 Bytes CALL 7750C6DD C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromCLSID + 37 7750CACF 75 Bytes [ 60, 60, 77, FF, 15, 54, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromCLSID + 85 7750CB1D 50 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromCLSID + D9 7750CB71 30 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromCLSID + F8 7750CB90 72 Bytes [ 5F, 5E, 5D, C2, 04, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReleaseMarshalData + 20 7750DF43 59 Bytes [ 85, 8E, F8, 01, 00, F6, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReleaseMarshalData + 97 7750DFBA 4 Bytes [ 10, 83, C8, 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReleaseMarshalData + 9C 7750DFBF 108 Bytes [ 46, 04, F6, 81, AC, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReleaseMarshalData + 109 7750E02C 39 Bytes [ 8B, 5E, 3C, 0B, C1, 89, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReleaseMarshalData + 131 7750E054 68 Bytes [ 85, DB, 5F, 0F, 85, DB, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterface + 10 7750EA81 28 Bytes [ E0, 8D, 45, EC, 50, E8, D4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterface + 2D 7750EA9E 49 Bytes [ 00, 8B, CF, 8B, D8, E8, 37, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterface + 5F 7750EAD0 29 Bytes CALL 37D4B360
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterface + 7E 7750EAEF 1 Byte [ 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterface + 8C 7750EAFD 1 Byte [ 14 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetTreatAsClass + 27 77511508 3 Bytes [ 6B, 06, 06 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetTreatAsClass + 2B 7751150C 56 Bytes [ 33, C0, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetTreatAsClass + 64 77511545 92 Bytes [ 55, 0C, 52, 53, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetTreatAsClass + C1 775115A2 113 Bytes [ C0, 7C, 0B, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetTreatAsClass + 133 77511614 64 Bytes [ FC, 57, 8B, 7D, 08, 83, C7, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetComCatalog + 19 775130A9 130 Bytes [ 00, 85, C0, 8B, 55, 20, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetComCatalog + 9C 7751312C 95 Bytes [ 3B, C3, 7C, 3B, 8B, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetComCatalog + FC 7751318C 165 Bytes [ 4D, 0C, 89, 01, 33, C0, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetComCatalog + 1A2 77513232 13 Bytes [ 89, 4D, FC, 83, 7D, FC, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetComCatalog + 1B0 77513240 7 Bytes [ 4D, 10, C7, 01, 54, 71, 60 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantClear + 4B 7751414F 4 Bytes [ 85, A8, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantClear + 50 77514154 12 Bytes [ 8D, 45, E0, 50, 8B, CE, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantClear + 5D 77514161 48 Bytes [ 00, 68, 44, D8, 4E, 77, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantClear + 8F 77514193 8 Bytes [ 7F, 2C, 01, 0F, 85, 84, 62, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantClear + 98 7751419C 17 Bytes [ 83, 7D, FC, 00, 74, 7C, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateFreeThreadedMarshaler + 93 775155ED 27 Bytes [ 0F, 85, 7B, 27, 05, 00, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateFreeThreadedMarshaler + AF 77515609 19 Bytes [ 90, 90, 90, 90, 90, F6, 05, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCallContext + 5 77515626 9 Bytes [ 56, 8B, 71, 14, 83, E6, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCallContext + F 77515630 201 Bytes [ C6, 5E, 5D, C2, 08, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassObject + 35 775156FA 83 Bytes CALL 5FC8B766
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassObject + 89 7751574E 8 Bytes [ EB, F2, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassObject + 92 77515757 15 Bytes [ 55, 8B, EC, 83, EC, 10, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassObject + C4 77515789 18 Bytes [ FF, 80, 4E, 15, 01, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassObject + D7 7751579C 67 Bytes [ 8B, 46, 0C, 3B, C3, 0F, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterChannelHook + 2 775168D2 128 Bytes [ FF, 3B, C1, 0F, 84, F7, 30, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterChannelHook + 83 77516953 18 Bytes [ 33, FF, 56, 89, 7D, F8, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterChannelHook + 96 77516966 19 Bytes CALL 77511411 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterChannelHook + AA 7751697A 31 Bytes [ 80, C0, 06, 00, 00, 3B, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterChannelHook + CA 7751699A 27 Bytes [ 52, 8D, 55, 0C, 52, 50, 56, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeSecurity + 21 77516BBF 66 Bytes [ 51, 51, 83, 65, F8, 00, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeSecurity + 64 77516C02 39 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeSecurity + 8C 77516C2A 36 Bytes CALL 77511415 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeSecurity + B1 77516C4F 35 Bytes [ 90, 90, 90, 90, 90, 8B, 44, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeSecurity + D5 77516C73 3 Bytes [ 84, 8A, 06 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterClassObject + 61 77517EF1 47 Bytes [ AB, 89, 9D, C8, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterClassObject + 91 77517F21 39 Bytes CALL 77518238 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterClassObject + B9 77517F49 67 Bytes [ 8D, 85, EC, FB, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterClassObject + FE 77517F8E 14 Bytes [ 00, 85, C0, 0F, 85, 22, E1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterClassObject + 10D 77517F9D 140 Bytes [ 50, 8D, 85, C8, FB, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgID + 3B 7751882D 3 Bytes [ 84, B8, D3 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgID + 40 77518832 71 Bytes [ 8B, 4B, 08, 8B, 55, 10, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgID + 88 7751887A 50 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgID + BB 775188AD 122 Bytes JMP 6B438BB4
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromOle1Class + 6F 77518928 26 Bytes [ 8B, 45, F4, 3B, C6, 74, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromOle1Class + 8A 77518943 21 Bytes [ 50, 89, 75, 08, FF, 15, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromOle1Class + A0 77518959 49 Bytes [ 40, 04, 83, E0, 1F, A8, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromOle1Class + D2 7751898B 29 Bytes [ F9, 7C, B0, 5F, 5B, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromOle1Class + F0 775189A9 33 Bytes CALL 77518AC4 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IIDFromString + 2 7751975A 147 Bytes [ 35, 00, 60, 60, 77, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetPSClsid 775197F0 38 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetPSClsid + 57 77519847 17 Bytes CALL 775016C2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetPSClsid + 69 77519859 44 Bytes [ 08, 8D, 55, 08, 52, 68, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetPSClsid + 96 77519886 13 Bytes [ 51, 0C, 8B, 75, F8, 3B, F7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetPSClsid + A4 77519894 4 Bytes [ 84, 0C, 6F, 04 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCopyProxy + 18 7751E416 213 Bytes [ 8B, 06, 8D, 4D, EC, 51, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCopyProxy + EE 7751E4EC 2 Bytes [ B0, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCopyProxy + F2 7751E4F0 66 Bytes [ C9, C2, 08, 00, 8D, 73, 38, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCopyProxy + 135 7751E533 163 Bytes [ 8B, F0, 3B, F7, 59, 74, 13, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCopyProxy + 1D9 7751E5D7 8 Bytes [ 51, 68, A0, D0, 4E, 77, 89, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSwitchCallContext + 1 7751F80E 8 Bytes [ 45, 1C, 85, C0, 0F, 84, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSwitchCallContext + B 7751F818 38 Bytes [ 89, 45, B8, 8B, 45, 14, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSwitchCallContext + 33 7751F840 47 Bytes [ 00, 74, 03, 89, 45, BC, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevertToSelf + 2B 7751F870 161 Bytes [ FF, 0F, 85, FB, 46, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevertToSelf + CD 7751F912 20 Bytes [ 9C, FF, 75, 98, FF, 33, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevertToSelf + E2 7751F927 15 Bytes CALL 776021C5 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevertToSelf + F2 7751F937 57 Bytes CALL 7751F952 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevertToSelf + 12C 7751F971 40 Bytes [ 5E, 5D, C2, 04, 00, 8B, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryProxyBlanket + 7 77520089 1 Byte [ 7D ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryProxyBlanket + 9 7752008B 45 Bytes [ FF, 75, 0C, 0F, B7, DA, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryProxyBlanket + 37 775200B9 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryProxyBlanket + 7E 77520100 95 Bytes [ 55, 8B, EC, 83, EC, 2C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryProxyBlanket + DE 77520160 60 Bytes [ 8B, 46, 64, 89, 45, EC, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!FreePropVariantArray + 1 7752098D 89 Bytes [ 45, F4, 5F, 5E, 3B, C3, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!FreePropVariantArray + 5B 775209E7 11 Bytes [ 00, 00, 85, C0, 0F, 85, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!FreePropVariantArray + 67 775209F3 41 Bytes [ 90, 04, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!FreePropVariantArray + 91 77520A1D 73 Bytes [ 50, FF, 15, 80, 12, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!FreePropVariantArray + DB 77520A67 75 Bytes [ 5E, 75, 1B, FF, B5, 68, FE, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptorFromTypeInfo + 1 7752179D 19 Bytes [ 08, 8D, 55, F8, 52, 8D, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptorFromTypeInfo + 15 775217B1 8 Bytes [ 5D, 08, 89, 45, 14, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptorFromTypeInfo + 1E 775217BA 35 Bytes [ 0C, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptorFromTypeInfo + 42 775217DE 4 Bytes [ 28, 8B, 08, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptorFromTypeInfo + 47 775217E3 1 Byte [ 51 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MkParseDisplayName + 31 77523F1A 38 Bytes [ FF, FF, EF, AF, 56, 77, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MkParseDisplayName + 59 77523F42 3 Bytes [ 84, 80, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MkParseDisplayName + 5D 77523F46 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MkParseDisplayName + 5F 77523F48 9 Bytes [ FC, 8B, CE, FF, 75, 0C, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MkParseDisplayName + 69 77523F52 59 Bytes [ 0A, 00, 00, 00, 5E, C9, C2, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObject + 81 77525187 35 Bytes [ 08, 50, FF, 51, 08, E9, 2E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObject + A5 775251AB 31 Bytes [ FF, 8B, 5D, 08, 83, E3, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObject + C6 775251CC 26 Bytes [ 50, 6A, 02, FF, B5, E8, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObject + E1 775251E7 20 Bytes [ 85, C0, 75, 28, 85, DB, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObject + F6 775251FC 87 Bytes [ FF, 50, 6A, 20, FF, B5, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoResumeClassObjects 77526D50 159 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSuspendClassObjects + 16 77526DF1 121 Bytes [ 4E, 40, 56, 6A, 01, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSuspendClassObjects + 90 77526E6B 29 Bytes [ 89, 4D, D4, 33, D2, 89, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSuspendClassObjects + AE 77526E89 234 Bytes CALL 77526C1F C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSuspendClassObjects + 21B 77526FF6 15 Bytes [ 50, FF, 15, 34, 13, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSuspendClassObjects + 22B 77527006 7 Bytes [ 75, FC, 8B, CE, E8, 97, A9 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryClientBlanket + 3A 775274CE 16 Bytes [ 43, 20, 3B, C7, 74, 11, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryClientBlanket + 4B 775274DF 54 Bytes [ FF, 51, 08, 89, 7B, 20, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryClientBlanket + 82 77527516 19 Bytes [ FF, B8, 0E, 00, 07, 80, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryClientBlanket + 96 7752752A 12 Bytes JMP 7750D7E9 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryClientBlanket + A3 77527537 2 Bytes [ B1, 5B ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetErrorInfo + 68 775299A2 156 Bytes [ 15, 28, 15, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetErrorInfo + 108 77529A42 61 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetErrorInfo + 146 77529A80 225 Bytes [ 8B, F0, 85, F6, 74, 2C, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetErrorInfo + 228 77529B62 51 Bytes [ 8B, F0, 8B, 4D, FC, 5F, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetErrorInfo + 25C 77529B96 22 Bytes [ F8, 8B, C7, 5F, C9, C2, 18, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStm + 9 77529D63 16 Bytes [ 23, 00, 00, 00, 43, 8B, CE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStm + 1A 77529D74 11 Bytes [ 68, D4, 03, 00, 5B, 5E, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStm + 26 77529D80 128 Bytes [ C0, 74, F5, EB, C4, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStm + A7 77529E01 78 Bytes [ 31, 6A, 00, FF, 35, 00, 60, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStm + F6 77529E50 27 Bytes [ 00, 83, 66, 24, 00, 83, 66, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateGenericComposite + 5 77529F3E 122 Bytes CALL 77529F5B C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateGenericComposite + 80 77529FB9 4 Bytes [ 83, 4E, 38, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateGenericComposite + 92 77529FCB 71 Bytes [ 80, 80, 0F, 00, 00, F6, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateGenericComposite + DA 7752A013 5 Bytes [ FF, 55, 8B, EC, 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateGenericComposite + E0 7752A019 12 Bytes [ 57, BF, D8, 94, 60, 77, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeClassObject + 10 7752A303 113 Bytes [ 15, 50, 61, 60, 77, 89, 3D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeClassObject + 82 7752A375 62 Bytes [ 35, 00, 60, 60, 77, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeClassObject + C2 7752A3B5 224 Bytes [ BE, A0, 61, 60, 77, 8B, CE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeClassObject + 1A3 7752A496 138 Bytes [ A1, F0, 6E, 60, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeClassObject + 22E 7752A521 84 Bytes [ 87, AE, 66, FF, FF, 83, 25, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DcomChannelSetHResult + 7 7752B1BE 29 Bytes [ 18, 89, 30, B8, E2, 01, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DcomChannelSetHResult + 25 7752B1DC 6 Bytes [ 8B, 7F, 1C, 8B, 07, 57 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DcomChannelSetHResult + 2C 7752B1E3 36 Bytes [ 50, 04, 5E, 8B, C7, 5F, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DcomChannelSetHResult + 51 7752B208 66 Bytes [ 20, 85, F6, 75, EF, EB, F3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DcomChannelSetHResult + B4 7752B26B 15 Bytes [ 56, 57, 8B, F3, 81, E6, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReleaseStgMedium + 50 7752BB83 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReleaseStgMedium + 52 7752BB85 165 Bytes [ 77, 2B, FD, FF, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReleaseStgMedium + 16D 7752BCA0 91 Bytes [ 18, 00, 00, 00, 8B, 80, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReleaseStgMedium + 1C9 7752BCFC 84 Bytes [ 00, 00, 8B, 4D, F8, 85, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReleaseStgMedium + 23A 7752BD6D 17 Bytes [ C8, 8B, 55, FC, 89, 4A, 48, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetMarshalSizeMax + 19 7752D6D9 94 Bytes [ F3, A5, 8B, 45, FC, 01, 43, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetMarshalSizeMax + 78 7752D738 30 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetMarshalSizeMax + 97 7752D757 39 Bytes [ 35, D4, 6D, 60, 77, E8, 1D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetMarshalSizeMax + BF 7752D77F 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetMarshalSizeMax + C2 7752D782 1 Byte [ EC ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnmarshalInterface + 26 7752D81A 149 Bytes [ 8B, 43, 68, 66, 81, 63, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnmarshalInterface + BC 7752D8B0 48 Bytes [ 45, FC, 2B, F0, 39, 55, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnmarshalInterface + ED 7752D8E1 5 Bytes [ 41, 04, 89, 45, D4 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnmarshalInterface + F3 7752D8E7 40 Bytes [ 4D, D8, 33, D2, 39, 55, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnmarshalInterface + 11F 7752D913 33 Bytes [ 08, 50, FF, 51, 04, 8B, 47, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObjectContext + 5E 7752F679 73 Bytes [ 1C, FF, 75, 20, FF, 75, 14, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObjectContext + A9 7752F6C4 5 Bytes [ 10, 8B, 00, 0F, B7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObjectContext + AF 7752F6CA 23 Bytes [ 8D, 44, 00, 04, 57, 8B, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObjectContext + C7 7752F6E2 63 Bytes [ F6, 74, 2C, 8B, 45, 0C, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetObjectContext + 107 7752F722 127 Bytes [ A1, A4, 97, 60, 77, EB, A5, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisconnectObject + 46 7752FA04 106 Bytes CALL F9327F18
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisconnectObject + B1 7752FA6F 69 Bytes CALL 0352F9FE
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisconnectObject + F8 7752FAB6 4 Bytes [ 89, 4D, D8, E9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisconnectObject + FD 7752FABB 1 Byte [ C0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisconnectObject + FF 7752FABD 108 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromString + 1C 7752FCD2 109 Bytes [ 00, 00, 8B, 80, 80, 0F, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromString + 8A 7752FD40 77 Bytes [ FF, BB, 0A, 01, 01, 80, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromString + D8 7752FD8E 68 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromString + 11D 7752FDD3 1 Byte [ EC ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromString + 121 7752FDD7 48 Bytes [ 8B, 41, 28, 8B, 51, 10, C1, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibraries + F 775300BB 2 Bytes [ 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibraries + 14 775300C0 88 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibraries + AF 7753015B 97 Bytes [ 00, 57, FF, 15, 8C, 14, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibraries + 112 775301BE 17 Bytes [ 5E, C9, C3, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibraries + 124 775301D0 25 Bytes [ 5D, 08, 57, 33, FF, 66, 3B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibrariesEx 7753025D 35 Bytes [ 90, 90, 90, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibrariesEx + 24 77530281 135 Bytes [ 23, C8, 3B, C8, 75, 10, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibrariesEx + AC 77530309 56 Bytes [ 83, 7D, 10, 01, 0F, 84, 63, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibrariesEx + E5 77530342 99 Bytes JMP 7752FBFA C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeUnusedLibrariesEx + 149 775303A6 217 Bytes [ 0D, F0, 71, 60, 77, 89, 0E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeNow + 15 77532A8D 62 Bytes [ 56, 8B, F1, 8B, 06, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeNow + 54 77532ACC 8 Bytes [ 40, 0C, 85, C0, 0F, 84, BD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeNow + 5D 77532AD5 7 Bytes [ FF, 33, C0, 40, 5D, C2, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeNow + 65 77532ADD 17 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeNow + 77 77532AEF 10 Bytes [ 30, 8D, 51, 10, 3B, C2, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemRealloc + 6 77532B0A 13 Bytes [ FF, 89, 77, 08, 5F, 5E, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemRealloc + 14 77532B18 16 Bytes [ 55, 8B, EC, 56, 57, 8B, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemRealloc + 25 77532B29 29 Bytes [ 47, 0C, 89, 46, 0C, 8B, 47, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTaskMemRealloc + 43 77532B47 14 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RevokeDragDrop + 1 77532B56 2 Bytes [ 4E, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RevokeDragDrop + 4 77532B59 37 Bytes [ 46, 08, 8D, 51, 10, 3B, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RevokeDragDrop + 2A 77532B7F 125 Bytes [ FF, 8B, C6, 5E, 5D, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RevokeDragDrop + A8 77532BFD 76 Bytes [ C6, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!RevokeDragDrop + F5 77532C4A 35 Bytes [ 89, 4D, EC, 6A, 00, 8D, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserFree 77532D3C 54 Bytes [ 90, 90, 90, 8B, 0D, 14, 63, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserFree + 37 77532D73 191 Bytes [ 8B, 0D, 18, 63, 60, 77, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetClipboard + A9 77532E58 20 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetClipboard + BE 77532E6D 19 Bytes [ 56, 6A, 10, 8B, F1, 59, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetClipboard + D2 77532E81 2 Bytes [ CE, 89 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetClipboard + F9 77532EA8 16 Bytes [ FF, 8D, 45, AC, 50, 8B, CE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetClipboard + 10A 77532EB9 3 Bytes [ 59, FC, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleUninitialize + 2D 77533214 44 Bytes [ 8B, 46, 08, 85, C0, 8B, 3D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleUninitialize + 5E 77533245 16 Bytes [ 33, C0, 66, A1, 64, 60, 60, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleUninitialize + 6F 77533256 17 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleUninitialize + 81 77533268 63 Bytes [ 83, 65, CC, 00, 56, 6A, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleUninitialize + C1 775332A8 12 Bytes [ 8D, 45, AC, 50, 8B, CE, E8, ... ]
.text ...

.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleQueryCreateFromData + 52 7753341A 148 Bytes [ 47, 14, 89, 46, 14, 8B, 47, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleQueryCreateFromData + E7 775334AF 13 Bytes [ 7D, 0C, FF, 75, 14, 33, DB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleQueryCreateFromData + F5 775334BD 50 Bytes [ 01, 03, 80, 57, 89, 45, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleQueryCreateFromData + 128 775334F0 54 Bytes [ 3B, FB, 0F, 82, 41, 6B, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleQueryCreateFromData + 16B 77533533 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoLockObjectExternal + 2 77533CE6 35 Bytes [ 0F, 84, 38, 7A, 02, 00, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoLockObjectExternal + 26 77533D0A 83 Bytes [ 5F, 8B, C3, 5B, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoLockObjectExternal + 7A 77533D5E 57 Bytes [ 56, 8B, F1, FF, 15, 84, 12, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoLockObjectExternal + B4 77533D98 21 Bytes [ 83, 7E, 14, 00, 0F, 84, D9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoLockObjectExternal + CB 77533DAF 3 Bytes [ 8B, FF, 55 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateFileMoniker + CD 77534066 2 Bytes [ 74, 5A ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateFileMoniker + D0 77534069 4 Bytes [ 19, A3, FC, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateFileMoniker + D6 7753406F 1 Byte [ 0F ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateFileMoniker + D8 77534071 12 Bytes [ 6E, 91, 02, 00, 83, 27, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateFileMoniker + E5 7753407E 2 Bytes [ 77, 91 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCurrentProcess + 20 7753466F 69 Bytes [ 85, F6, 8B, D9, 0F, 85, 32, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCurrentProcess + 67 775346B6 140 Bytes [ 00, BE, 4C, 1A, 4E, 77, A5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCurrentProcess + F4 77534743 43 Bytes [ 83, 26, 00, F6, 45, 10, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCurrentProcess + 120 7753476F 48 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCurrentProcess + 15E 775347AD 33 Bytes [ 55, 8B, EC, 83, C1, 14, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStandardMarshal + 1 775347D5 5 Bytes [ 49, 04, FF, 75, 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStandardMarshal + 7 775347DB 14 Bytes [ 8D, 88, 0C, 02, 00, 00, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStandardMarshal + 16 775347EA 112 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStandardMarshal + 87 7753485B 47 Bytes [ 8B, 00, 03, 01, 8B, 49, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStandardMarshal + B7 7753488B 4 Bytes [ 8B, F1, E8, 74 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgSetTimes + B 77538F79 11 Bytes [ 39, 83, 90, 04, 00, 00, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgSetTimes + 17 77538F85 13 Bytes [ 39, 45, 08, 0F, 84, B0, EE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgSetTimes + 25 77538F93 5 Bytes [ 00, C7, 45, F4, 40 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgSetTimes + 2B 77538F99 82 Bytes [ 00, 00, C7, 45, F0, 06, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgSetTimes + 7E 77538FEC 19 Bytes [ EC, 51, 56, 8B, F1, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfile + 1 77539A78 37 Bytes [ 45, 0C, 25, 00, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfile + 27 77539A9E 105 Bytes [ 52, 20, F6, 45, 0E, 04, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfile + 91 77539B08 4 Bytes [ 75, 0C, 8B, CF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfile + 96 77539B0D 7 Bytes CALL 7750B1E0 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfile + 9E 77539B15 67 Bytes [ 45, 08, 8B, 55, 0C, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStg + 17 7753A798 8 Bytes [ 00, 8B, 00, 03, 46, 20, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStg + 20 7753A7A1 28 Bytes [ 89, 48, 34, C7, 80, 08, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStg + 13 7753A7BE 21 Bytes [ 80, 80, 0F, 00, 00, 8B, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStg + 2A 7753A7D5 3 Bytes [ 3B, 98, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStg + 2E 7753A7D9 73 Bytes [ 64, A1, 18, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStg + 78 7753A823 48 Bytes [ 80, 80, 0F, 00, 00, 8B, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadClassStg + A9 7753A854 40 Bytes [ B4, 39, 7E, 20, 0F, 84, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateStorageEx + 1 7753B9C1 94 Bytes [ 75, 0C, 57, 83, EC, 10, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateStorageEx + 60 7753BA20 94 Bytes [ 8B, FC, 8D, 75, EC, A5, A5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateStorageEx + BF 7753BA7F 48 Bytes [ EC, 81, EC, 20, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateStorageEx + F0 7753BAB0 18 Bytes [ 85, C0, 0F, 84, 42, FA, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateStorageEx + 13F 7753BAFF 5 Bytes [ 8B, FF, 55, 8B, EC ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteFmtUserTypeStg + 2 7753BEBE 46 Bytes [ 7F, 0F, 83, 2A, 2D, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteFmtUserTypeStg + 31 7753BEED 65 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteFmtUserTypeStg + 73 7753BF2F 60 Bytes [ 15, 24, 14, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteFmtUserTypeStg + B0 7753BF6C 88 Bytes [ FF, 55, 8B, EC, 51, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteFmtUserTypeStg + 109 7753BFC5 78 Bytes [ F8, 85, FF, 0F, 84, 5C, 2B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteStringStream + 4 7753C160 46 Bytes [ 75, 08, 6A, 00, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteStringStream + 33 7753C18F 103 Bytes [ FF, 53, 56, 8B, F1, 57, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteStringStream + 9B 7753C1F7 4 Bytes [ C6, 5E, 5B, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteStringStream + A0 7753C1FC 24 Bytes [ 7D, 0C, 00, 0F, 85, 46, 32, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteStringStream + 171 7753C2CD 30 Bytes [ 00, C7, 46, 48, 01, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsRunning + 48 7753DF1E 25 Bytes [ 8D, 45, F8, 50, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsRunning + 64 7753DF3A 7 Bytes [ F8, 57, 66, 8B, 7E, 40, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsRunning + 6C 7753DF42 37 Bytes [ 15, D8, 12, 4E, 77, D1, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsRunning + 92 7753DF68 101 Bytes [ 3C, 02, 0F, 85, 3B, 0D, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsRunning + F9 7753DFCF 13 Bytes CALL 77504B53 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerRelativePathTo + 29 7753E849 6 Bytes [ 8B, 76, 20, 8B, 06, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerRelativePathTo + 30 7753E850 89 Bytes [ 50, 04, 8B, C6, 5E, C3, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerRelativePathTo + 8A 7753E8AA 113 Bytes [ 07, 80, EB, F3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerRelativePathTo + FC 7753E91C 53 Bytes [ 3F, 8D, 4C, 09, 02, 8B, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerRelativePathTo + 132 7753E952 20 Bytes [ C8, 83, E1, 03, F3, A4, 33, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetMiscStatus 7753EC2D 41 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetMiscStatus + 2A 7753EC57 84 Bytes [ 00, 00, 89, 06, F7, D8, 1B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetMiscStatus + 7F 7753ECAC 125 Bytes [ 50, 04, 8B, C6, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetMiscStatus + FD 7753ED2A 49 Bytes [ 33, C0, 5F, 5E, 5D, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetMiscStatus + 12F 7753ED5C 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HENHMETAFILE_UserMarshal + 36 7753EFC1 11 Bytes [ CE, 0F, 85, DA, 0C, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HENHMETAFILE_UserMarshal + 42 7753EFCD 23 Bytes [ 8B, F8, 3B, FB, 0F, 8C, D7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HENHMETAFILE_UserMarshal + 5A 7753EFE5 111 Bytes [ 8B, C7, 5F, 5E, 5B, C9, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HENHMETAFILE_UserMarshal + CA 7753F055 86 Bytes [ 50, FF, 51, 60, 5D, C2, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HENHMETAFILE_UserMarshal + 124 7753F0AF 149 Bytes [ 8B, C7, 5F, EB, F6, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetAutoConvert + 2 7753FA2E 19 Bytes [ 51, 08, 5F, 8B, C6, 5B, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetAutoConvert + 16 7753FA42 1 Byte [ FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetAutoConvert + 18 7753FA44 58 Bytes [ EB, BE, FF, FF, 00, 80, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetAutoConvert + 65 7753FA91 76 Bytes [ 8D, 4F, 5C, 89, 4D, 0C, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetAutoConvert + B2 7753FADE 1 Byte [ 02 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataAdviseHolder + 2 77540155 15 Bytes [ 15, 28, 12, 4E, 77, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataAdviseHolder + 12 77540165 53 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataAdviseHolder + 52 775401A5 48 Bytes [ C3, 5F, 5E, 5B, C9, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataAdviseHolder + 83 775401D6 10 Bytes [ E2, FB, FF, 85, C0, 74, 26, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataAdviseHolder + 8E 775401E1 49 Bytes [ 89, 38, 8B, F0, 85, F6, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInstanceFromFile + 29 77540213 55 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInstanceFromFile + 61 7754024B 58 Bytes [ 75, 0C, 85, F6, 74, 0E, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInstanceFromFile + E6 775402D0 3 Bytes [ CC, E0, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInstanceFromFile + EA 775402D4 27 Bytes [ 5F, 5E, 5B, C9, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInstanceFromFile + 106 775402F0 7 Bytes [ 85, C0, 0F, 84, F6, 15, 02 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkFromData + 7 775404A2 84 Bytes JMP 7752E654 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkFromDataEx + 11 775404F7 31 Bytes [ 6A, 04, 59, BF, BC, A0, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkFromDataEx + 31 77540517 43 Bytes [ 16, 6A, 04, 33, C0, 33, DB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkFromDataEx + 5D 77540543 10 Bytes [ 7F, 23, 45, 10, 57, 50, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkFromDataEx + 6A 77540550 4 Bytes [ 8C, 8C, D2, 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkFromDataEx + 6F 77540555 20 Bytes [ 0F, B7, 45, 08, 8B, 4D, 14, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadFmtUserTypeStg + 36 7754199F 67 Bytes [ 33, 6A, FF, FF, 75, 08, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadFmtUserTypeStg + 7A 775419E3 9 Bytes [ 00, 33, C0, 5F, 5E, 5B, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadFmtUserTypeStg + 84 775419ED 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadFmtUserTypeStg + 8A 775419F3 47 Bytes [ FF, 55, 8B, EC, 83, EC, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadFmtUserTypeStg + BA 77541A23 89 Bytes [ 08, 8B, 06, 56, FF, 50, 04, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsHandlerConnected + B 775425B9 3 Bytes [ FF, 75, F8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsHandlerConnected + F 775425BD 26 Bytes [ 75, E0, FF, 75, F0, E8, CE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsHandlerConnected + 2A 775425D8 3 Bytes [ EC, 8B, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsHandlerConnected + 2E 775425DC 211 Bytes [ 57, 33, FF, 3B, C7, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsHandlerConnected + 102 775426B0 131 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateOleAdviseHolder + 41 7754279D 32 Bytes [ 8B, F0, 85, F6, 74, 47, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateOleAdviseHolder + 63 775427BF 36 Bytes [ FF, 76, 64, 8B, C8, E8, A7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateOleAdviseHolder + 88 775427E4 76 Bytes [ DF, 85, DB, 74, 11, 5F, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateOleAdviseHolder + D6 77542832 22 Bytes [ 00, 85, C0, 89, 06, 74, 19, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateOleAdviseHolder + ED 77542849 235 Bytes [ 5E, 5D, C2, 04, 00, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OpenOrCreateStream + 2 77543B21 41 Bytes [ 15, 94, 12, 4E, 77, 8B, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSave + 5 77543B54 24 Bytes [ 8B, 55, 08, 85, D2, 6A, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSave + 1E 77543B6D 77 Bytes [ 55, 8B, EC, FF, 75, 14, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSave + 6C 77543BBB 59 Bytes [ 00, 8B, 80, 80, 0F, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSave + A8 77543BF7 5 Bytes [ 8B, 00, 03, 46, 70 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSave + AE 77543BFD 56 Bytes [ 40, 08, 25, 00, 00, 08, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromILockBytes + 10 77545210 13 Bytes [ 8B, 08, 50, FF, 51, 08, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromILockBytes + 1E 7754521E 25 Bytes [ B5, E4, FE, FF, FF, 8D, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromILockBytes + 38 77545238 3 Bytes [ 71, FC, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromILockBytes + 3C 7754523C 59 Bytes [ 8B, F8, 33, C0, 3B, F8, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromILockBytes + FB 775452FB 43 Bytes [ 75, 7C, 6A, 08, 8D, 46, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateILockBytesOnHGlobal + 25 7754564F 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateILockBytesOnHGlobal + 2E 77545658 68 Bytes [ EC, 56, 8B, 75, 08, 8D, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateILockBytesOnHGlobal + 74 7754569E 20 Bytes [ 00, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateILockBytesOnHGlobal + 89 775456B3 93 Bytes [ C3, 90, 90, 90, 90, 90, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateILockBytesOnHGlobal + E7 77545711 24 Bytes [ 00, 39, 46, 0C, 0F, 85, 28, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfileOnILockBytes + 18 77545772 5 Bytes [ FF, 83, 7D, F4, 05 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfileOnILockBytes + 1E 77545778 9 Bytes [ 85, 2D, 5C, FF, FF, E9, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfileOnILockBytes + 52 775457AC 24 Bytes [ 8B, 46, 1C, 8B, 76, 18, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfileOnILockBytes + 6B 775457C5 17 Bytes [ 00, 33, F6, 8B, 4D, 08, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreateDocfileOnILockBytes + 7D 775457D7 38 Bytes [ 83, C0, 20, 41, 3B, CE, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromIID + 23 775465BE 18 Bytes [ 77, 0C, FF, 77, 08, E8, 8A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromIID + 36 775465D1 50 Bytes CALL 775055D6 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromIID + 69 77546604 61 Bytes [ 00, 00, 00, 01, 0F, 84, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromIID + BD 77546658 17 Bytes [ 35, D4, 13, 4E, 77, BB, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StringFromIID + CF 7754666A 6 Bytes [ 53, FF, D6, 8B, F8, 85 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateErrorInfo + 8 77546B51 71 Bytes [ BD, 2A, 01, 00, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateErrorInfo + 50 77546B99 91 Bytes [ 00, 53, 8B, 5D, 0C, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateErrorInfo + AC 77546BF5 6 Bytes [ 00, 8B, 85, EC, FD, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateErrorInfo + B3 77546BFC 20 Bytes [ 8B, 4D, FC, 5F, 5E, 5B, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateErrorInfo + C8 77546C11 2 Bytes [ FF, 55 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetClipboard + 57 77547817 76 Bytes [ 8B, FF, 55, 8B, EC, 56, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserSize + 2B 77547864 19 Bytes [ F6, 45, 08, 01, 74, 07, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserSize + 3F 77547878 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserSize + 46 7754787F 57 Bytes [ 56, 8B, F1, 8B, 46, 28, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserMarshal + A 775478B9 38 Bytes [ 60, 60, 77, FF, 15, 50, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserMarshal + 31 775478E0 57 Bytes [ 33, DB, 89, 5D, E4, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserMarshal + 6B 7754791A 9 Bytes [ 8B, F8, 8B, D1, C1, E9, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserMarshal + 4 77547924 25 Bytes [ CA, 83, E1, 03, F3, A4, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserMarshal + 1E 7754793E 35 Bytes [ 45, E0, 3B, C3, 0F, 85, BD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserMarshal + 42 77547962 16 Bytes [ FF, FF, 1D, 1D, 56, 77, 26, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserMarshal + 53 77547973 5 Bytes [ 55, 8B, EC, 8B, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserMarshal + 59 77547979 42 Bytes [ 8B, 4D, 0C, 89, 48, 10, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserSize + B 775479A4 4 Bytes [ 85, 3F, 02, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserSize + 10 775479A9 30 Bytes [ 39, 5D, E4, 7C, 19, 50, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserSize + 2F 775479C8 6 Bytes [ 4D, FC, FF, 8B, 45, E4 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserSize + 36 775479CF 19 Bytes [ 17, 66, FB, FF, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserSize + 4A 775479E3 191 Bytes [ 77, 90, 90, 90, 90, 90, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserFree + 9D 77547AA4 33 Bytes [ 6A, 0C, 68, 38, 6B, 54, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserUnmarshal + 20 77547AC7 73 Bytes [ 0C, 8B, F0, 33, D2, F3, A7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserUnmarshal + 6A 77547B11 69 Bytes [ FC, FF, 8B, 45, E4, E8, CF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!STGMEDIUM_UserUnmarshal + B0 77547B57 166 Bytes [ 89, 7D, FC, 8B, 75, 08, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserUnmarshal + 26 77547BFE 9 Bytes [ 60, 60, 77, FF, 15, 54, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserUnmarshal + 30 77547C08 8 Bytes [ 45, E0, 3B, C3, 74, 1A, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserUnmarshal + 39 77547C11 86 Bytes [ 75, 0C, 8B, F8, 8B, D1, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserUnmarshal + 90 77547C68 123 Bytes [ 8B, D8, 85, DB, 0F, 8C, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLIPFORMAT_UserUnmarshal + 10C 77547CE4 9 Bytes [ FF, 55, 8B, EC, 51, 51, 53, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserMarshal + 87 77547FBC 26 Bytes [ 48, 02, 66, 3B, CA, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserSize + 9 77547FD7 1 Byte [ C0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserSize + B 77547FD9 67 Bytes [ 8D, 77, D0, FD, FF, EB, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserSize + 4F 7754801D 52 Bytes [ 89, 45, FC, 89, 45, F8, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserSize + 84 77548052 58 Bytes [ 3A, 66, 83, FF, 3A, 74, 34, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserSize + BF 7754808D 61 Bytes [ 66, 83, 26, 00, 8D, 45, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageEx + 1D 7754ED9D 12 Bytes [ 05, 00, 8D, 50, 02, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageEx + 2A 7754EDAA 134 Bytes [ B6, 60, 77, 8B, F0, 33, DB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageEx + B1 7754EE31 153 Bytes [ 5D, FC, 0F, B6, 06, 33, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageEx + 14B 7754EECB 77 Bytes [ 24, 08, E6, 4E, 77, 53, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageEx + 199 7754EF19 94 Bytes [ 3B, DF, 0F, 84, 82, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnHandle + 30 77551F11 51 Bytes [ 5E, 5B, C9, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnHandle + 64 77551F45 130 Bytes CALL 7750468B C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnHandle + E8 77551FC9 36 Bytes [ FF, FF, FF, 8C, E3, 56, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnHandle + 10E 77551FEF 27 Bytes [ 00, 00, 89, 41, 0C, 89, 41, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnHandle + 12B 7755200C 3 Bytes [ 90, 90, 90 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSaveToStream 77553300 59 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSaveToStream + 3C 7755333C 1 Byte [ 75 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStm + 63 775533D6 45 Bytes [ 8B, F9, FF, 15, A4, 15, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStm + 91 77553404 25 Bytes [ FF, 75, 0C, 8B, 45, 10, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStm + AB 7755341E 14 Bytes [ F0, 33, DB, 3B, F3, 7C, 35, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStm + BA 7755342D 45 Bytes [ 6A, 04, FF, 75, 10, 66, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteClassStm + E8 7755345B 7 Bytes [ 5D, F4, 74, 16, 64, A1, 18 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ProgIDFromCLSID + 1 77553F03 14 Bytes [ 4D, 08, 6A, 01, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ProgIDFromCLSID + 10 77553F12 6 Bytes [ 5D, C2, 08, 00, 83, BE ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ProgIDFromCLSID + 17 77553F19 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ProgIDFromCLSID + 1A 77553F1C 39 Bytes [ FF, 0F, 84, BE, 7A, FB, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ProgIDFromCLSID + 42 77553F44 13 Bytes [ FF, 85, C0, 7C, 20, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromStream + 1A 77554D99 12 Bytes [ 75, 08, 57, 6A, 04, 59, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromStream + 27 77554DA6 115 Bytes [ F3, A7, 0F, 85, B5, 8A, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromStream + 9B 77554E1A 10 Bytes [ FF, FF, 7C, 9F, 55, 77, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromStream + A6 77554E25 82 Bytes [ 90, 90, 90, 90, 6A, 24, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetHGlobalFromStream + F9 77554E78 7 Bytes [ 10, 89, 45, D0, 8B, 06, 56 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsOle1Class + 7A 77555147 16 Bytes [ 0D, B4, 6E, 60, 77, E9, 26, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsOle1Class + 8B 77555158 4 Bytes [ 55, 8B, EC, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsOle1Class + 90 7755515D 24 Bytes [ 08, 8B, 48, 04, 8B, 10, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsOle1Class + A9 77555176 88 Bytes [ 56, B9, 18, 6E, 60, 77, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoIsOle1Class + 102 775551CF 136 Bytes [ EC, 8B, 45, 08, C7, 40, 04, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateItemMoniker + 8 77555A39 1 Byte [ 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateItemMoniker + A 77555A3B 8 Bytes [ 89, 38, 33, C0, E9, 3E, 11, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateItemMoniker + 13 77555A44 33 Bytes [ 8B, 51, 08, 23, 51, 0C, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateItemMoniker + 35 77555A66 70 Bytes [ 7D, 10, 00, C7, 45, FC, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateItemMoniker + 7C 77555AAD 2 Bytes [ 8B, CF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMessageFilter + 10 77555F2F 76 Bytes [ 3B, F9, 0F, 83, 58, 4A, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMessageFilter + 5D 77555F7C 42 Bytes [ 89, BD, 64, FF, FF, FF, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMessageFilter + 88 77555FA7 26 Bytes [ 87, DC, A6, FE, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMessageFilter + A3 77555FC2 39 Bytes [ B8, 02, 00, 03, 80, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMessageFilter + CB 77555FEA 26 Bytes JMP 77507AD6 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetMenuDescriptor + 2 7755614B 72 Bytes [ 15, 94, 12, 4E, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetMenuDescriptor + 4C 77556195 78 Bytes [ 00, B9, C0, 61, 60, 77, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRun + 1B 775561E4 27 Bytes [ 0C, 72, D3, 8B, 5D, 0C, B9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRun + 37 77556200 45 Bytes [ 45, DC, 8B, 04, B8, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgIDEx + 57 77556264 20 Bytes [ 7D, 10, 89, 45, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgIDEx + 6C 77556279 4 Bytes [ 04, B7, 04, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgIDEx + 72 7755627F 17 Bytes [ 83, 45, 0C, 08, 46, 3B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgIDEx + 84 77556291 33 Bytes [ 5E, 5B, C9, C2, 0C, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CLSIDFromProgIDEx + A6 775562B3 10 Bytes [ 58, 04, 8D, 41, 28, 3B, 38, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateClassMoniker + 21 77556AD0 31 Bytes [ 00, 00, 85, C0, 0F, 84, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateClassMoniker + 41 77556AF0 22 Bytes [ 55, 8B, EC, 83, EC, 10, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateClassMoniker + 58 77556B07 2 Bytes [ 41, 74 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateClassMoniker + 5C 77556B0B 6 Bytes [ 85, C0, 74, 73, 39, 7D ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateClassMoniker + 63 77556B12 62 Bytes [ 8B, 35, 58, 12, 4E, 77, 74, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterfaceAndReleaseStream + 80 77556E56 11 Bytes [ A1, B0, A5, 60, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterfaceAndReleaseStream + 8C 77556E62 14 Bytes [ 00, C3, 3B, FB, 0F, 85, DB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterfaceAndReleaseStream + B5 77556E8B 60 Bytes [ 15, 74, 18, 4E, 77, E9, 97, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterThreadInterfaceInStream + 2 77556EC8 24 Bytes [ 66, C7, 46, 1A, 02, 00, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterThreadInterfaceInStream + 1B 77556EE1 101 Bytes [ 56, FF, 15, 1C, 12, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterThreadInterfaceInStream + 82 77556F48 80 Bytes [ 00, 8B, 80, 80, 0F, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterThreadInterfaceInStream + D3 77556F99 14 Bytes [ 55, 8B, EC, 8B, 45, 08, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalInterThreadInterfaceInStream + E2 77556FA8 15 Bytes [ 50, 7D, 00, 00, 8B, C6, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoWaitForMultipleHandles + 44 77557195 9 Bytes [ 8B, 45, FC, 5F, 5E, 5B, C9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoWaitForMultipleHandles + 4E 7755719F 4 Bytes [ C7, 45, FC, 0F ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoWaitForMultipleHandles + 53 775571A4 130 Bytes [ 04, 80, EB, ED, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoWaitForMultipleHandles + D6 77557227 16 Bytes CALL 775197F1 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoWaitForMultipleHandles + E7 77557238 88 Bytes [ 4D, FC, 5F, 5E, 8B, C3, 5B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserUnmarshal + 3D 775732C4 26 Bytes [ 00, 00, 8B, 80, 80, 0F, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserMarshal + 13 775732E0 16 Bytes [ 74, 16, 64, A1, 18, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserMarshal + 24 775732F1 22 Bytes [ 8E, 8C, 00, 00, 00, EB, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserMarshal + 3B 77573308 49 Bytes [ 00, 00, 8B, 80, 80, 0F, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserSize + 13 775733D6 28 Bytes [ 4D, 08, 66, 83, B9, 82, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserSize + 30 775733F3 92 Bytes [ 8B, F0, 83, C0, F4, F7, DE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserSize + AB 7757346E 20 Bytes [ 66, 04, 00, 83, 26, 00, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserSize + C2 77573485 33 Bytes [ 8B, 80, 80, 0F, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserSize + E4 775734A7 36 Bytes [ 8B, CB, 89, 45, E4, E8, 3B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteOleStg + 19 775752BE 11 Bytes [ 89, 01, FF, 15, 00, 13, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteOleStg + 25 775752CA 23 Bytes [ 04, 8B, CE, EB, 2B, E8, 2A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteOleStg + 3D 775752E2 6 Bytes [ 75, F8, E8, F8, 07, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteOleStg + 44 775752E9 177 Bytes [ 8B, F8, 85, FF, 7C, 12, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!WriteOleStg + F6 7757539B 8 Bytes [ 20, FF, 75, 1C, FF, 75, 18, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadStringStream + 51 77575E14 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadStringStream + 5C 77575E1F 9 Bytes [ 39, DF, FB, FF, 85, C0, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadStringStream + B0 77575E73 1 Byte [ C0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadStringStream + B2 77575E75 36 Bytes [ 11, 8B, 46, 30, 8B, 08, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadStringStream + D8 77575E9B 2 Bytes [ 74, 06 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageFile + 1 77576001 29 Bytes [ F3, FF, 75, F4, F3, A5, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageFile + 1F 7757601F 94 Bytes [ 74, 1D, 8B, 75, 08, 8B, 43, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageFile + A7 775760A7 7 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageFile + AF 775760AF 39 Bytes [ 83, C0, 04, 50, 68, 22, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetUserType + 1D 775760D7 45 Bytes [ 75, 05, 8B, 45, 0C, EB, 13, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetUserType + 4B 77576105 86 Bytes [ 08, 6A, 01, FF, 75, 0C, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetUserType + A2 7757615C 58 Bytes [ 75, 0C, 80, 48, 01, 01, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetUserType + 138 775761F2 57 Bytes [ 85, C0, 74, 12, 8B, 46, 2C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegGetUserType + 1FB 775762B5 74 Bytes [ 85, C0, 74, 0F, 6A, 04, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadOleStg + 3B 775775BF 6 Bytes [ 76, 8B, CB, E8, 99, CC ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadOleStg + 42 775775C6 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadOleStg + 45 775775C9 4 Bytes [ 74, 6B, 83, 7E ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadOleStg + 4A 775775CE 24 Bytes [ FF, 74, 10, 83, 7D, 0C, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ReadOleStg + 63 775775E7 25 Bytes [ FF, 75, 0C, 50, FF, 51, 58, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDoAutoConvert + 11 775777EC 92 Bytes [ 00, 00, 89, 86, AC, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDoAutoConvert + C9 775778A4 37 Bytes [ 8B, D8, EB, 13, 3B, C6, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDoAutoConvert + EF 775778CA 12 Bytes [ 8D, 73, 30, 8B, 06, 56, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDoAutoConvert + FC 775778D7 56 Bytes [ 45, 10, 25, 00, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDoAutoConvert + 135 77577910 20 Bytes [ C0, A5, A5, 8D, 7B, 6C, BE, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoBuildVersion + 5D 77577CD2 71 Bytes CALL 7750ECD3 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoBuildVersion + A5 77577D1A 47 Bytes [ 4D, F9, FF, FF, 75, A0, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoBuildVersion + D5 77577D4A 41 Bytes [ BE, 1D, 01, 01, 80, EB, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoBuildVersion + FF 77577D74 124 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoBuildVersion + 17C 77577DF1 71 Bytes [ 56, 8B, 75, 10, 85, F6, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumVerbs + DB 77578081 6 Bytes [ 11, 57, E8, B1, 63, F8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumVerbs + E2 77578088 39 Bytes [ 85, C0, 75, 07, B8, 57, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumVerbs + 10A 775780B0 42 Bytes [ C0, 74, 06, 8B, 08, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumVerbs + 135 775780DB 98 Bytes [ 51, 50, FF, 52, 10, F6, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumVerbs + 198 7757813E 48 Bytes [ 85, C0, 75, 07, B8, 0E, 01, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLoad + 16 775782FB 261 Bytes [ 50, FF, 51, 14, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLoad + 11C 77578401 5 Bytes [ BE, 80, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLoad + 122 77578407 58 Bytes [ 07, 85, C0, 74, 09, 8B, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLoad + 15D 77578442 33 Bytes [ F6, 0F, 84, BB, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLoad + 17F 77578464 94 Bytes [ 75, 0C, 83, 26, 00, E8, CB, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsAccelerator + 3B 7757887B 11 Bytes [ DB, 74, 1D, 8D, 45, EC, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsAccelerator + 47 77578887 5 Bytes [ FF, FF, 75, E4, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsAccelerator + 56 77578896 21 Bytes [ EC, A5, A5, A5, A5, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsAccelerator + 6C 775788AC 102 Bytes [ 4D, FC, 5F, 5E, 8B, C3, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsAccelerator + D3 77578913 32 Bytes [ FF, 89, 85, 7C, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleTranslateAccelerator + A7 77578A90 66 Bytes [ 00, EB, 10, 6A, 01, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleTranslateAccelerator + EA 77578AD3 12 Bytes [ 10, 53, FF, 75, 80, 8D, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleTranslateAccelerator + F7 77578AE0 115 Bytes [ 85, C0, 74, 4E, 8B, 45, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleTranslateAccelerator + 16B 77578B54 120 Bytes [ 46, 34, 8B, 08, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleTranslateAccelerator + 1E4 77578BCD 38 Bytes [ EB, 3B, 83, 4E, 4C, 01, EB, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateMenuDescriptor + 8D 77578D84 299 Bytes [ C7, 41, 1C, 90, E1, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateMenuDescriptor + 1B9 77578EB0 75 Bytes [ 50, FF, 51, 0C, 8B, D8, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateMenuDescriptor + 205 77578EFC 18 Bytes [ 85, C0, 74, 11, 6A, 04, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateMenuDescriptor + 218 77578F0F 21 Bytes [ 00, 00, 57, 8D, 7E, E4, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserFree + 6 77578F25 18 Bytes [ 08, 50, FF, 51, 14, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserFree + 19 77578F38 65 Bytes [ 44, 8B, 46, 2C, 8B, 08, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserUnmarshal + 31 77578F7A 1 Byte [ 80 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HGLOBAL_UserUnmarshal + 33 77578F7C 21 Bytes [ 0C, 53, 83, C6, 40, 56, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDestroyMenuDescriptor + 1 77578F92 66 Bytes [ C7, 5F, EB, 05, B8, 57, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDestroyMenuDescriptor + 63 77578FF4 49 Bytes [ 00, 68, 78, 8C, 60, 77, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDestroyMenuDescriptor + 95 77579026 5 Bytes [ 89, 18, 8B, 03, 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDestroyMenuDescriptor + 9B 7757902C 10 Bytes [ 50, 04, 8B, 03, 53, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDestroyMenuDescriptor + A6 77579037 10 Bytes [ B5, F4, FD, FF, FF, 8B, 03, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitializeWOW + 20 775797BB 7 Bytes [ F0, 85, F6, 7C, 48, C7, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitializeWOW + 28 775797C3 66 Bytes [ 01, 00, 00, 00, 8B, CB, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitializeWOW + 6B 77579806 27 Bytes [ 50, 18, 8B, 4D, FC, E8, 3E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitializeWOW + 87 77579822 103 Bytes [ EC, 56, 8B, 75, 08, 57, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleInitializeWOW + EF 7757988A 180 Bytes [ 00, 39, 75, 08, 0F, 84, B1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeWOW + 12 77579940 29 Bytes [ 00, 33, F6, 5F, 5B, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeWOW + 30 7757995E 19 Bytes [ 15, 50, 61, 60, 77, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInitializeWOW + 44 77579972 36 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnmarshalHresult + 1C 77579997 85 Bytes [ D7, 66, 85, C0, 7D, 31, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnloadingWOW + 2F 775799ED 80 Bytes [ EC, 53, 56, 57, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnloadingWOW + 80 77579A3E 22 Bytes [ 45, 0C, 50, 57, FF, 76, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnloadingWOW + 97 77579A55 13 Bytes [ 33, 8D, 45, 0C, 50, 57, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnloadingWOW + A5 77579A63 155 Bytes [ 25, 0F, B7, 45, 0C, 50, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoUnloadingWOW + 141 77579AFF 214 Bytes [ F4, 12, 4E, 77, 50, 68, 30, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetConvertStg + 37 7757A39E 13 Bytes [ 66, 30, FD, 89, 7E, 24, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetConvertStg + 45 7757A3AC 4 Bytes [ 4B, 30, 51, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetConvertStg + 5E 7757A3C5 24 Bytes [ F6, 43, 50, 08, 74, A3, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetConvertStg + 77 7757A3DE 26 Bytes [ 00, EB, 8D, 39, 7D, 90, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SetConvertStg + 92 7757A3F9 261 Bytes [ 00, FF, 73, 38, 8D, 45, 88, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsCurrentClipboard + 14 7757A9D5 1 Byte [ 33 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsCurrentClipboard + 16 7757A9D7 11 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsCurrentClipboard + 22 7757A9E3 19 Bytes [ 00, 00, 00, 8B, 80, 80, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsCurrentClipboard + 37 7757A9F8 86 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleIsCurrentClipboard + 8E 7757AA4F 48 Bytes [ FF, 50, 14, 85, C0, 74, CE, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleFlushClipboard + 3F 7757ABB0 52 Bytes [ 03, 6A, 00, FF, 36, 56, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleFlushClipboard + 74 7757ABE5 26 Bytes [ 51, 10, 3B, C6, 75, 20, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleFlushClipboard + 90 7757AC01 50 Bytes [ 51, 89, 45, FC, 8B, 03, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleFlushClipboard + C3 7757AC34 59 Bytes [ 00, 39, 45, 0C, 73, 0F, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleFlushClipboard + FF 7757AC70 82 Bytes [ 30, FF, 15, 04, 12, 4E, 77, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEx + 10 7757BB36 42 Bytes [ EB, 11, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEx + 3B 7757BB61 2 Bytes [ FF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEx + 3E 7757BB64 14 Bytes [ 3D, AB, 57, 77, 46, AB, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEx + 4D 7757BB73 65 Bytes [ 55, 8B, EC, 83, EC, 14, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEx + 8F 7757BBB5 61 Bytes [ F0, 0F, 84, 53, 01, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreate + 38 7757BCCC 110 Bytes [ 15, 78, 12, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreate + A7 7757BD3B 14 Bytes [ FF, 55, 8B, EC, 56, 57, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreate + B6 7757BD4A 88 Bytes [ 15, D4, 18, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreate + 10F 7757BDA3 8 Bytes [ EB, DE, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreate + 118 7757BDAC 30 Bytes [ 55, 8B, EC, 83, EC, 0C, 56, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromDataEx + 1 7757C16C 41 Bytes [ 75, 08, 83, C6, CC, 83, 7E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromDataEx + 2B 7757C196 81 Bytes [ 74, 08, 8B, 00, 8B, 08, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromDataEx + 7D 7757C1E8 94 Bytes [ C6, 04, 4F, 75, EE, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromDataEx + DC 7757C247 76 Bytes CALL 785D475B
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromData + 2D 7757C294 35 Bytes [ 8D, 45, D0, 50, 53, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromData + 51 7757C2B8 51 Bytes [ 45, D0, 8D, 48, 02, 3B, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromData + 85 7757C2EC 11 Bytes [ 15, D4, 13, 4E, 77, EB, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromData + 91 7757C2F8 39 Bytes [ 47, 04, 75, 09, C7, 45, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromData + B9 7757C320 15 Bytes [ CA, 83, E1, 03, F3, A4, 03, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateAntiMoniker + 2A 7757C741 74 Bytes [ 8D, 45, CC, 50, 53, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreatePointerMoniker + 2A 7757C78C 98 Bytes [ 8B, 45, C0, 8D, 48, 02, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateObjrefMoniker + 2D 7757C7EF 154 Bytes [ 15, 78, 12, 4E, 77, 3B, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateObjrefMoniker + C8 7757C88A 61 Bytes [ 39, 5D, E0, 74, 08, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateObjrefMoniker + 107 7757C8C9 1 Byte [ 51 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateObjrefMoniker + 109 7757C8CB 85 Bytes CALL ECE2DD44
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateObjrefMoniker + 1DF 7757C9A1 40 Bytes [ 89, 45, E0, 8D, 45, F4, 50, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!BindMoniker + 20 7757CAE6 67 Bytes [ 5E, 5D, C2, 04, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!BindMoniker + 64 7757CB2A 63 Bytes [ EC, 83, EC, 18, 53, 8B, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!BindMoniker + A5 7757CB6B 7 Bytes [ 20, FF, 75, 1C, FF, 75, 18 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!BindMoniker + AD 7757CB73 85 Bytes [ 75, 14, FF, 75, 10, E8, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!BindMoniker + 103 7757CBC9 3 Bytes [ F0, 85, F6 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerCommonPrefixWith + 7E 7757E23E 4 Bytes [ 8B, 30, 50, 4E ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerCommonPrefixWith + 83 7757E243 97 Bytes [ 15, 24, 12, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerCommonPrefixWith + E5 7757E2A5 72 Bytes [ D6, 85, C0, 7F, 04, FF, D6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerCommonPrefixWith + 12E 7757E2EE 1 Byte [ 15 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!MonikerCommonPrefixWith + 130 7757E2F0 32 Bytes [ 12, 4E, 77, 85, C0, 74, 09, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStdProgressIndicator + 23 7757ED1B 75 Bytes [ 06, 56, 89, 7D, F8, 89, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStdProgressIndicator + 6F 7757ED67 53 Bytes [ D8, EB, 08, 8B, 45, FC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStdProgressIndicator + A7 7757ED9F 100 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateStdProgressIndicator + 10C 7757EE04 25 Bytes [ 08, 57, 8D, 55, 08, 52, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetClassFile + 4 7757EE1E 110 Bytes [ 06, 8D, 4D, FC, 51, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetClassFile + 73 7757EE8D 54 Bytes [ 0F, 84, 6A, 01, 00, 00, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetClassFile + AA 7757EEC4 42 Bytes [ 51, 44, 8B, F8, 33, F6, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetClassFile + D5 7757EEEF 11 Bytes [ 8B, 08, 8D, 55, F4, 52, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetClassFile + E1 7757EEFB 19 Bytes [ 4C, 8B, F8, 85, FF, 75, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalHresult + 1A 7758242D 1 Byte [ 03 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalHresult + 1C 7758242F 4 Bytes [ EB, 18, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoMarshalHresult + 23 77582436 197 Bytes [ 33, C0, 40, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassVersion + 56 775824FC 15 Bytes CALL 7E587CB9
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassVersion + 66 7758250C 32 Bytes [ C2, 08, 00, 90, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassVersion + 87 7758252D 139 Bytes [ 83, 65, FC, 00, 8B, 5D, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassVersion + 113 775825B9 89 Bytes [ 15, 58, 77, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetClassVersion + 16D 77582613 14 Bytes [ 51, 08, 89, 5D, E4, EB, 18, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTreatAsClass + 53 77582AF0 7 Bytes [ FF, FF, FF, FF, C7, 1A, 58 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTreatAsClass + 5B 77582AF8 18 Bytes [ D0, 1A, 58, 77, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTreatAsClass + 6E 77582B0B 3 Bytes [ DA, A1, F8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTreatAsClass + 72 77582B0F 53 Bytes [ 8B, 45, 08, 83, 66, 20, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTreatAsClass + A8 77582B45 92 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DllRegisterServer + 13 77582D6B 86 Bytes [ DE, B4, F7, FF, 89, 65, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterInitializeSpy + E 77582DC2 100 Bytes [ 4D, B4, 73, 07, 66, 83, 3C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterInitializeSpy + 73 77582E27 32 Bytes [ 89, 75, CC, EB, 07, C7, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterInitializeSpy + 94 77582E48 200 Bytes [ 4D, D0, 89, 08, 8B, 45, C8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterInitializeSpy + 15D 77582F11 70 Bytes [ C0, 7C, 38, 2B, 75, 10, D1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeInitializeSpy + B 77582F58 73 Bytes [ FF, FF, FF, FF, 3B, 1F, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeInitializeSpy + 56 77582FA3 20 Bytes [ 74, 15, 8B, 06, 53, 8D, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeInitializeSpy + 6B 77582FB8 23 Bytes [ EB, 2A, C7, 45, D0, 0E, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeInitializeSpy + 84 77582FD1 18 Bytes [ 33, C0, 40, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetState + 10 77582FE4 75 Bytes [ 83, 4D, FC, FF, 8B, 45, D0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryReleaseObject + 7 77583030 14 Bytes [ 45, 18, 89, 18, C7, 45, B4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryReleaseObject + 16 7758303F 43 Bytes [ 08, 8D, 55, B4, 52, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryReleaseObject + 42 7758306B 75 Bytes [ 03, F9, 89, 7D, D8, 89, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryReleaseObject + 8E 775830B7 10 Bytes [ 00, 00, 00, 8B, CB, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryReleaseObject + 99 775830C2 32 Bytes JMP 02FE23C9
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMallocSpy + 2A 77583269 62 Bytes [ 07, 80, EB, 43, 83, 7D, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMallocSpy + 69 775832A8 3 Bytes [ 08, 8B, C6 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMallocSpy + 6D 775832AC 69 Bytes [ 03, 33, C0, 40, 5E, 5F, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMallocSpy + B3 775832F2 2 Bytes [ 75, 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterMallocSpy + B6 775832F5 21 Bytes [ CE, FF, 75, 0C, FF, 75, 08, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeMallocSpy + 17 77583326 14 Bytes [ 15, D0, 18, 4E, 77, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeMallocSpy + 26 77583335 77 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeMallocSpy + 74 77583383 10 Bytes [ 08, 6A, 00, 6A, 04, 8D, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeMallocSpy + 7F 7758338E 55 Bytes [ 51, 0C, 85, C0, 75, 08, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRevokeMallocSpy + B7 775833C6 15 Bytes [ 85, C0, 7C, 13, 8B, 45, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HkOleRegisterObject + C 77583B11 81 Bytes [ 75, 04, 33, C0, 40, C3, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HkOleRegisterObject + 60 77583B65 14 Bytes [ BF, 38, 6C, 4F, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HkOleRegisterObject + 6F 77583B74 23 Bytes [ 02, 50, 57, 6A, 01, 56, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HkOleRegisterObject + 87 77583B8C 24 Bytes [ 00, 00, 8D, 45, 8C, 50, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HkOleRegisterObject + A0 77583BA5 9 Bytes [ 75, 94, FF, 15, 14, 10, 4E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!EnableHookObject 77583D8C 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!EnableHookObject + 4 77583D90 150 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!EnableHookObject + 9B 77583E27 63 Bytes [ 0F, 8C, AB, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!EnableHookObject + DB 77583E67 8 Bytes [ 1B, FF, 08, 56, E8, D4, A1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!EnableHookObject + E4 77583E70 115 Bytes [ C7, 45, 0C, 0E, 00, 07, 80, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!IsValidPtrOut + 14 7758499B 138 Bytes [ 5E, 24, 8B, 46, 28, 3B, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStdMarshalEx + 65 77584A26 61 Bytes [ FF, 55, 8B, EC, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStdMarshalEx + A3 77584A64 58 Bytes [ 07, 80, EB, 31, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStdMarshalEx + DF 77584AA0 85 Bytes [ 90, 90, 90, A1, D0, C5, 60, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStdMarshalEx + 135 77584AF6 9 Bytes [ E0, B8, 02, 40, 00, 80, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetStdMarshalEx + 13F 77584B00 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDeactivateObject + 5A 77584C9F 21 Bytes [ 0F, 85, C3, 00, 00, 00, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDeactivateObject + 70 77584CB5 43 Bytes [ DC, FE, FF, FF, 50, 6A, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReactivateObject + 9 77584CE1 39 Bytes CALL C8584CE4
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReactivateObject + 31 77584D09 33 Bytes [ 74, 5D, 56, 8B, 35, 2C, 12, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoReactivateObject + 53 77584D2B 135 Bytes [ D6, 68, 08, 8B, 4F, 77, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInvalidateRemoteMachineBindings + 2 77584DB3 5 Bytes [ FF, 00, 80, 5D, C2 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInvalidateRemoteMachineBindings + 9 77584DBA 56 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRetireServer + 1E 77584DF3 9 Bytes [ 75, 16, 83, C6, 08, 3B, F0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetContextToken + 1 77584E25 40 Bytes [ 48, 0C, 83, C0, 20, 3B, C8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetContextToken + 2A 77584E4E 55 Bytes [ 4D, FC, 6A, 01, 83, C1, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetSystemSecurityPermissions + 2B 77584E86 14 Bytes [ 60, 60, 77, FF, 15, 54, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetSystemSecurityPermissions + 3A 77584E95 77 Bytes [ 75, 0C, 89, 43, 0C, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetDefaultContext + 3A 77584EE3 77 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetDefaultContext + 89 77584F32 33 Bytes [ 00, 53, 56, 89, 45, FC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetDefaultContext + AB 77584F54 27 Bytes [ FF, 50, FF, 15, C8, 18, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetDefaultContext + C7 77584F70 23 Bytes [ CB, 89, 85, EC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetDefaultContext + 10D 77584FB6 8 Bytes [ FF, 50, 57, 8B, CE, E8, 86, ... ]

#10 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 03 November 2008 - 11:18 PM

GMER (4 OF 4 PARTS):

.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetCancelObject + 7B 775854ED 79 Bytes [ FF, 55, 8B, EC, 68, D0, BA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCancelCall + 35 7758553D 49 Bytes [ FF, 55, 8B, EC, 56, 68, D4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTestCancel + 27 7758556F 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoTestCancel + 2A 77585572 71 Bytes [ EC, 56, 68, D8, BA, 60, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoEnableCallCancellation + 39 775855BA 5 Bytes [ 25, E0, BA, 60, 77 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoEnableCallCancellation + 40 775855C1 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisableCallCancellation + 5 775855CD 80 Bytes [ 68, E4, BA, 60, 77, 68, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisableCallCancellation + 56 7758561E 19 Bytes [ F0, 8B, C6, 5E, 5D, C2, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisableCallCancellation + 6A 77585632 3 Bytes [ 0C, BB, 60 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisableCallCancellation + 6E 77585636 6 Bytes [ 68, 88, 8C, 4F, 77, 33 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDisableCallCancellation + 75 7758563D 11 Bytes CALL 77529CE2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetCancelObject + 9 77585A42 34 Bytes [ 28, 8B, 07, 83, 65, 0C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetCancelObject + 2C 77585A65 37 Bytes [ D8, 8B, 45, 0C, EB, CA, BB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetCancelObject + 52 77585A8B 35 Bytes [ 45, 08, 83, C0, 08, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetCancelObject + 76 77585AAF 32 Bytes [ 40, 0C, FF, 75, 0C, 8B, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoSetCancelObject + 97 77585AD0 31 Bytes [ 45, 08, 83, 78, 0C, 00, 74, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryAuthenticationServices + 5C 77585CA9 29 Bytes [ 06, 56, FF, 50, 08, EB, 07, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryAuthenticationServices + 7A 77585CC7 11 Bytes [ FF, FF, 00, 80, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryAuthenticationServices + 86 77585CD3 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryAuthenticationServices + 8F 77585CDC 10 Bytes [ EC, 8B, 45, 0C, 85, C0, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoQueryAuthenticationServices + 9A 77585CE7 76 Bytes [ 08, 85, F6, 74, 55, 8B, 08, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateObjectInContext + 2F 77589EE1 51 Bytes [ EC, FF, 75, F0, 8B, 08, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateObjectInContext + 63 77589F15 24 Bytes [ 7B, FA, FF, FF, EB, 03, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateObjectInContext + 7C 77589F2E 8 Bytes CALL 77587E81 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateObjectInContext + 85 77589F37 11 Bytes [ 45, F4, 75, 4C, 6A, 01, B9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoCreateObjectInContext + 91 77589F43 2 Bytes [ 76, 49 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetApartmentID + BA 7758B8B5 34 Bytes [ 08, 83, 65, F8, 00, 8D, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetApartmentID + DD 7758B8D8 42 Bytes [ 51, 10, 8B, F0, 8B, 45, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetApartmentID + 108 7758B903 26 Bytes [ 8B, 45, F4, 83, C0, 07, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetApartmentID + 123 7758B91E 12 Bytes [ 8D, 6E, FF, FF, FF, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetApartmentID + 130 7758B92B 54 Bytes [ 4D, FC, 89, 08, 8B, C6, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterPSClsid + 16 7758CB68 95 Bytes [ 00, FF, 75, 10, 8D, 45, C4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterPSClsid + 76 7758CBC8 90 Bytes [ 8B, F0, 85, F6, 0F, 8C, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoPushServiceDomain + 2D 7758CC23 205 Bytes [ 50, 10, 8B, F0, 3B, F7, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoPopServiceDomain + C0 7758CCF1 12 Bytes [ 5D, 0C, 89, 8D, 70, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoPopServiceDomain + CD 7758CCFE 14 Bytes [ FF, 8D, 48, F8, 8D, 45, AC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoPopServiceDomain + DC 7758CD0D 17 Bytes CALL 7751DEED C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoPopServiceDomain + EE 7758CD1F 55 Bytes [ 8D, 75, B0, 8D, 7D, DC, A5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoPopServiceDomain + 126 7758CD57 19 Bytes [ 85, C0, 0F, 84, 8A, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogateEx + 1A 7758E726 5 Bytes [ 68, 30, 75, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogateEx + 20 7758E72C 23 Bytes [ 76, 30, FF, D7, 3B, C3, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogateEx + 38 7758E744 5 Bytes [ 55, 8B, EC, 51, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogateEx + 3E 7758E74A 28 Bytes [ 75, 08, 83, 7E, 2C, 00, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogateEx + 5B 7758E767 174 Bytes [ 6A, 00, FF, 15, 10, 13, 4E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UpdateDCOMSettings + 10 7758FAA2 66 Bytes [ 40, 18, 83, 65, FC, 00, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UpdateDCOMSettings + 53 7758FAE5 41 Bytes [ 15, 38, 12, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UpdateDCOMSettings + 7D 7758FB0F 28 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UpdateDCOMSettings + 9A 7758FB2C 43 Bytes [ 15, 28, 12, 4E, 77, 0D, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UpdateDCOMSettings + C6 7758FB58 27 Bytes [ 09, 89, 48, 14, 33, C0, EB, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogate + 2 77596845 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogate + 4 77596847 121 Bytes [ 45, 08, 5F, 25, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogate + 8D 775968D0 14 Bytes CALL 7759667E C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoRegisterSurrogate + 9E 775968E1 31 Bytes [ 8B, 07, 68, 8C, 24, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInstanceFromIStorage 77596914 54 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoLoadLibrary + D 7759694B 83 Bytes [ 8D, 45, B8, 50, 8D, 45, B4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFreeLibrary + 46 7759699F 352 Bytes [ FD, 79, F6, FF, C9, C3, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInstall + 123 77596B01 8 Bytes [ 8B, C3, 5B, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInstall + 12F 77596B0D 166 Bytes [ 8B, FF, 55, 8B, EC, 56, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInstall + 1D6 77596BB4 101 Bytes [ DB, 89, 02, F3, A7, 74, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInstall + 23C 77596C1A 6 Bytes [ FF, 55, 8B, EC, 51, 53 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoInstall + 243 77596C21 76 Bytes [ D9, 8B, 43, 14, 85, C0, 89, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeToDosDateTime + 12 7759B741 29 Bytes [ 51, 8D, 7E, FC, 8B, 07, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeToDosDateTime + 30 7759B75F 37 Bytes [ FF, 8B, 08, 8D, 95, 8C, FD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeToDosDateTime + 56 7759B785 11 Bytes [ FF, 03, 75, 28, 8B, 07, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeToDosDateTime + 62 7759B791 5 Bytes [ 00, 8D, 8D, 90, FD ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoFileTimeToDosDateTime + 68 7759B797 14 Bytes [ FF, 51, 57, FF, 50, 24, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDosDateTimeToFileTime + 19 7759B7C4 67 Bytes [ FF, 00, 33, C0, 81, BE, A0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDosDateTimeToFileTime + 5D 7759B808 153 Bytes [ FF, 66, 83, 79, FE, 5C, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDosDateTimeToFileTime + F7 7759B8A2 22 Bytes [ 83, A5, 90, FD, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDosDateTimeToFileTime + 10E 7759B8B9 13 Bytes [ 8B, D8, 85, DB, 89, 9D, 88, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoDosDateTimeToFileTime + 11D 7759B8C8 5 Bytes [ 00, 8D, 85, 88, FD ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptor + 1 775A0825 2 Bytes [ 51, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptor + 4 775A0828 26 Bytes [ 45, 08, 3B, 50, 04, 75, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptor + 20 775A0844 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptor + 24 775A0848 10 Bytes [ FF, 55, 8B, EC, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CoGetInterceptor + 2F 775A0853 67 Bytes [ 08, 68, B4, FF, 4E, 77, 50, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_CStdStubBuffer_QueryInterface + 5 775A0BF6 6 Bytes [ 51, 53, 56, 57, 8B, F1 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_CStdStubBuffer_Invoke + 9 775A0C4D 47 Bytes [ 3B, EB, 21, 83, 7F, 0C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_CStdStubBuffer_IsIIDSupported + 1B 775A0C7F 91 Bytes [ 8B, FF, 55, 8B, EC, 51, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_CStdStubBuffer_Connect + 6 775A0CDB 34 Bytes [ 3B, EB, 21, 83, 7F, 0C, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_CStdStubBuffer_Disconnect + C 775A0CFE 10 Bytes [ 3F, 3B, FB, 75, DB, 5F, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubForwardingFunction 775A0D0C 8 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubForwardingFunction + 9 775A0D15 1 Byte [ 7D ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubForwardingFunction + B 775A0D17 56 Bytes [ 85, FF, 8B, F1, 75, 06, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubForwardingFunction + 44 775A0D50 25 Bytes [ 33, C0, EB, 05, B8, 0E, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubForwardingFunction + 5E 775A0D6A 132 Bytes [ 45, 08, 8B, 50, 20, 85, D2, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_IUnknown_AddRef_Proxy + F 775A0FEB 25 Bytes [ 8B, D8, EB, 02, 33, DB, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_IUnknown_Release_Proxy + 1B 775A1011 2 Bytes [ 4D, 14 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_IUnknown_Release_Proxy + 1E 775A1014 4 Bytes [ 75, 10, 8B, F8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_IUnknown_Release_Proxy + 23 775A1019 84 Bytes JMP 03000320
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_IUnknown_Release_Proxy + 78 775A106E 43 Bytes [ 46, FC, 50, 8B, 46, 18, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_IUnknown_Release_Proxy + A4 775A109A 92 Bytes [ 8B, 73, 10, 89, 75, C4, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2_va + F 775A4CBC 99 Bytes [ FF, 90, 90, 90, 90, 90, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2_va + 73 775A4D20 44 Bytes JMP 775A2064 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2_va + A0 775A4D4D 4 Bytes JMP 775A2064 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2_va + A6 775A4D53 24 Bytes [ 90, 90, 90, 90, 90, B8, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2_va + BF 775A4D6C 64 Bytes JMP 775A2065 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2 + 1B 775A5170 206 Bytes [ 90, 90, B8, 47, 03, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2 + EA 775A523F 14 Bytes [ 90, 90, 90, 90, 90, B8, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2 + F9 775A524E 63 Bytes [ 90, 90, 90, 90, 90, B8, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2 + 13A 775A528F 41 Bytes [ B8, 5A, 03, 00, 00, E9, CC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrClientCall2 + 167 775A52BC 83 Bytes [ B8, 5D, 03, 00, 00, E9, 9F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllGetClassObject + 2 775A5919 14 Bytes [ FF, 90, 90, 90, 90, 90, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllGetClassObject + 12 775A5929 8 Bytes [ 90, 90, 90, 90, 90, B8, CB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllGetClassObject + 1B 775A5932 20 Bytes JMP 775A2064 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllGetClassObject + 30 775A5947 28 Bytes [ 90, 90, 90, 90, 90, B8, CD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllGetClassObject + 4D 775A5964 29 Bytes [ FF, 90, 90, 90, 90, 90, B8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllUnregisterProxy + 1 775A665C 4 Bytes CALL 775A6573 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllUnregisterProxy + 6 775A6661 31 Bytes [ FF, F6, 45, 08, 01, 74, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllUnregisterProxy + 26 775A6681 57 Bytes CALL 775A641B C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrDllUnregisterProxy + 61 775A66BC 54 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubCall2 + 34 775A66F3 41 Bytes [ 5D, 0C, 85, DB, 56, 57, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubCall2 + 5E 775A671D 19 Bytes [ 5B, 5D, C2, 0C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubCall2 + 72 775A6731 27 Bytes CALL 775A659B C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubCall2 + 8E 775A674D 15 Bytes [ 51, 0C, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!ComPs_NdrStubCall2 + 9E 775A675D 61 Bytes [ EC, 56, 8B, 75, 08, 56, E8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserSize + 57 775BA0E8 137 Bytes [ A1, 04, 60, 60, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserMarshal + 61 775BA172 66 Bytes [ 32, 02, 00, 00, 8D, 85, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserMarshal + D7 775BA1E8 23 Bytes [ 85, 7C, FB, FF, FF, 89, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserMarshal + EF 775BA200 95 Bytes [ 04, 6D, 4F, 77, BE, B8, 6C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserMarshal + 14F 775BA260 49 Bytes [ FF, 68, 48, 99, 4F, 77, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserMarshal + 181 775BA292 4 Bytes [ C8, 78, 4F, 77 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserUnmarshal + 30 775BA2D1 5 Bytes [ 89, 85, 50, FB, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserUnmarshal + 36 775BA2D7 6 Bytes [ 68, E0, 98, 4F, 77, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserUnmarshal + 3D 775BA2DE 87 Bytes [ D6, 8B, 85, 7C, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserUnmarshal + C9 775BA36A 13 Bytes [ FF, FF, B5, 7C, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserUnmarshal + D7 775BA378 20 Bytes [ D6, 83, A5, 7C, FB, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserFree + E 775BA48E 37 Bytes CALL 72C82A1E
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserFree + 34 775BA4B4 17 Bytes [ 10, 4E, 77, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILEPICT_UserFree + 46 775BA4C6 42 Bytes [ B5, 74, FB, FF, FF, FF, D6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HENHMETAFILE_UserUnmarshal + 11 775BA4F1 177 Bytes [ FF, FF, FF, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILE_UserMarshal + 17 775BA5AE 66 Bytes [ 5B, 18, 3B, DE, 74, 40, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILE_UserMarshal + 5A 775BA5F1 33 Bytes [ 50, EB, 05, 68, 7C, EE, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILE_UserMarshal + 7D 775BA614 60 Bytes [ 00, 33, C0, 8B, 4D, E4, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILE_UserUnmarshal + 12 775BA651 134 Bytes [ 8B, 00, 8B, 70, 14, 6A, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HMETAFILE_UserUnmarshal + 99 775BA6D8 88 Bytes [ 10, FD, FF, FF, 33, DB, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HPALETTE_UserMarshal + 4B 775BA7C2 111 Bytes [ B5, 14, FD, FF, FF, E8, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HPALETTE_UserMarshal + BB 775BA832 83 Bytes [ 89, 8D, 5C, FC, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HPALETTE_UserMarshal + 10F 775BA886 109 Bytes [ 15, D8, 12, 4E, 77, 8D, 44, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HPALETTE_UserMarshal + 17D 775BA8F4 10 Bytes [ 0F, 84, 26, 01, 00, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HPALETTE_UserUnmarshal + B 775BA997 39 Bytes [ FF, FF, 15, 40, 10, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HPALETTE_UserUnmarshal + 33 775BA9BF 20 Bytes [ EB, 06, 8B, 3D, 28, 12, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!HBITMAP_UserFree + 2 775BA9D4 40 Bytes [ FF, FF, 15, 40, 10, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserSize + 1 775BA9FD 21 Bytes [ 85, 10, FD, FF, FF, FF, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserSize + 17 775BAA13 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserSize + 19 775BAA15 8 Bytes [ BE, 7C, EE, 4E, 77, 8B, 3D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserSize + 24 775BAA20 38 Bytes [ 89, 9D, A0, FC, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserMarshal + 2 775BAA47 63 Bytes [ 89, 9D, FC, FC, FF, FF, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserMarshal + 42 775BAA87 5 Bytes [ 4E, 77, 89, 85, CC ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserMarshal + 48 775BAA8D 3 Bytes [ FF, FF, 3B ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserMarshal + 4C 775BAA91 81 Bytes [ 75, 31, FF, B5, E4, FC, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserUnmarshal + 2 775BAAE3 15 Bytes [ D7, 25, FF, FF, 00, 00, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserUnmarshal + 12 775BAAF3 171 Bytes [ 39, 9D, FC, FC, FF, FF, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserUnmarshal + BE 775BAB9F 63 Bytes [ C8, FC, FF, FF, 3B, C3, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserUnmarshal + FE 775BABDF 69 Bytes [ B5, F4, FC, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserUnmarshal + 145 775BAC26 4 Bytes [ 89, 85, 60, FC ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserFree + 2 775BAC45 23 Bytes [ FF, 50, 8D, 85, 0C, FD, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserFree + 1A 775BAC5D 78 Bytes [ B5, 18, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserFree + 6B 775BACAE 11 Bytes [ 15, 40, 10, 4E, 77, FF, D7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserFree + 77 775BACBA 57 Bytes [ D7, EB, 0C, FF, D7, 25, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!SNB_UserFree + B1 775BACF4 251 Bytes [ 53, 8D, 85, 18, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLockRunning + 3B 775C900F 1 Byte [ 52 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleLockRunning + 3D 775C9011 93 Bytes [ 75, 10, 89, 55, 0C, 50, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetContainedObject + 45 775C906F 24 Bytes [ 3B, C3, 89, 45, FC, 74, 17, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleNoteObjectVisible + 72 775C90EF 85 Bytes [ FC, 0F, 85, D1, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleNoteObjectVisible + C8 775C9145 75 Bytes [ 51, 18, 89, 45, FC, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleNoteObjectVisible + 114 775C9191 17 Bytes [ FF, 8B, 76, 24, 8B, 06, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleNoteObjectVisible + 126 775C91A3 26 Bytes [ 1C, 3B, C3, 89, 45, FC, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleNoteObjectVisible + 141 775C91BE 12 Bytes [ EB, 07, C7, 45, FC, 0E, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!GetConvertStg + F 775C93D1 29 Bytes [ D7, 33, C0, EB, F3, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDraw + 3B 775C9429 12 Bytes [ 08, 50, FF, 51, 04, 8B, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDraw + 48 775C9436 126 Bytes [ 66, 85, C9, 74, 11, 66, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDraw + C7 775C94B5 11 Bytes [ 50, 08, 6A, 01, 8B, CE, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDraw + D3 775C94C1 29 Bytes [ 2D, 6A, 00, 6A, 02, 8B, CE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDraw + F1 775C94DF 51 Bytes [ 47, 48, 89, 46, 48, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDuplicateData + 52 775C9702 21 Bytes [ FF, FF, FF, 75, 4A, 50, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDuplicateData + 68 775C9718 6 Bytes [ F0, 85, F6, 74, 1F, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDuplicateData + 6F 775C971F 58 Bytes [ 15, 00, 14, 4E, 77, 8B, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDuplicateData + F6 775C97A6 73 Bytes [ 89, B5, FC, FE, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleDuplicateData + 140 775C97F0 4 Bytes [ 85, 04, FF, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateStaticFromData + 4 775C9E3C 30 Bytes [ 75, 0C, 6A, 04, 59, BF, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateStaticFromData + 23 775C9E5B 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateStaticFromData + 25 775C9E5D 101 Bytes [ 4D, 10, 89, 01, 8B, 08, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateStaticFromData + 8B 775C9EC3 239 Bytes [ 44, F3, FF, 85, C0, 74, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateStaticFromData + 17B 775C9FB3 93 Bytes [ B8, 0E, 00, 07, 80, EB, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkEx + 7C 775CA318 130 Bytes [ 4D, FC, 51, 57, 6A, 10, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFileEx + 21 775CA39B 45 Bytes [ 0C, F7, D8, 1B, C0, 83, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFileEx + 4F 775CA3C9 31 Bytes [ 08, 50, 8B, 45, 08, E8, 22, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFileEx + 6F 775CA3E9 20 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFileEx + 84 775CA3FE 14 Bytes [ 85, C0, 75, 07, BE, 57, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFileEx + 93 775CA40D 7 Bytes [ 14, 74, 18, E8, 71, 3F, F3 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFileEx + E 775CA54C 42 Bytes [ E1, 03, F3, A4, 8B, 4D, DC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFileEx + 39 775CA577 4 Bytes [ 4D, 20, 8B, 11 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFileEx + 3E 775CA57C 2 Bytes [ 50, 20 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFileEx + 41 775CA57F 78 Bytes [ 49, 04, 89, 48, 24, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFileEx + 90 775CA5CE 6 Bytes [ 56, 8D, 8D, F0, FE, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLink + 4 775CA862 2 Bytes [ 08, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLink + 7 775CA865 2 Bytes [ 51, 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLink + A 775CA868 36 Bytes [ 45, E4, 85, C0, 74, 06, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLink + 2F 775CA88D 53 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFile + 1A 775CA8C3 20 Bytes [ 0D, FF, B5, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFile + 2F 775CA8D8 22 Bytes CALL C85CA8DA
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateLinkToFile + 46 775CA8EF 6 Bytes [ 00, 8D, 85, FC, FD, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFile + 2 775CA8F6 40 Bytes CALL C85CA8F8
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFile + 86 775CA97A 7 Bytes [ 33, C9, 41, 3B, C1, 75, 64 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFile + 8E 775CA982 73 Bytes [ 75, 0C, 3B, F7, 74, 48, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFile + D8 775CA9CC 49 Bytes [ 04, 80, EB, 20, 8B, 45, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateFromFile + 10A 775CA9FE 12 Bytes [ 55, 8B, EC, 56, 33, F6, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataCache + 4 775CC76D 27 Bytes [ 4E, 58, 8D, 45, F8, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataCache + 20 775CC789 51 Bytes [ 24, 83, 78, 1C, FF, 75, 1E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataCache + 55 775CC7BE 7 Bytes [ 8B, C7, F7, D0, 21, 46, 68 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataCache + 5D 775CC7C6 1 Byte [ 5D ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!CreateDataCache + 5F 775CC7C8 8 Bytes [ 74, 08, 57, 8B, CE, E8, EA, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DoDragDrop + 37 775D0BA4 18 Bytes [ 8B, F8, 85, FF, 0F, 85, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DoDragDrop + 4A 775D0BB7 71 Bytes [ 16, 9B, 00, 00, 8B, F8, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DoDragDrop + 92 775D0BFF 36 Bytes [ 8B, F8, 83, 3B, 08, 75, 0E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DoDragDrop + B7 775D0C24 12 Bytes [ F8, 8B, 06, 89, 41, 08, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!DoDragDrop + C4 775D0C31 6 Bytes [ 51, 08, 83, 65, A4, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEmbeddingHelper + 3A 775D227E 9 Bytes [ 0C, 0F, 94, C1, 8B, C1, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleCreateEmbeddingHelper + 44 775D2288 398 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetAutoConvert + 6C 775D2417 25 Bytes [ 76, 3C, FF, 75, F0, FF, D3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetAutoConvert + 86 775D2431 30 Bytes [ D3, A8, 03, 74, 4F, 83, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetAutoConvert + A5 775D2450 50 Bytes [ 15, B0, 17, 4E, 77, 83, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetAutoConvert + D8 775D2483 12 Bytes [ FF, FF, 83, 7D, 08, 00, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleSetAutoConvert + E5 775D2490 30 Bytes [ 00, 00, 33, C0, 40, 5B, 5F, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleMetafilePictFromIconAndLabel + 1A 775D2F0E 15 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleMetafilePictFromIconAndLabel + 6D 775D2F61 45 Bytes [ 0F, 94, C1, 51, 56, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleMetafilePictFromIconAndLabel + 9B 775D2F8F 75 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleMetafilePictFromIconAndLabel + E7 775D2FDB 23 Bytes [ 85, C0, 75, 07, B8, 0E, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleMetafilePictFromIconAndLabel + FF 775D2FF3 49 Bytes [ 8B, 7D, 0C, 83, E7, 01, 74, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfFile + A 775D33B6 3 Bytes [ A1, 04, 60 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfFile + E 775D33BA 88 Bytes [ 77, 83, A5, F8, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfFile + 67 775D3413 2 Bytes [ FC, FB ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfFile + 78 775D3424 17 Bytes [ 50, FF, 15, D8, 12, 4E, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfFile + 8A 775D3436 34 Bytes [ C8, EF, 4E, 77, FF, B5, F8, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfClass + 57 775D36ED 24 Bytes [ F6, 74, 07, 33, F6, E9, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfClass + 71 775D3707 58 Bytes [ 15, 80, 13, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfClass + AC 775D3742 7 Bytes [ FF, 8D, 85, 7C, FF, FF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfClass + B4 775D374A 9 Bytes [ FF, 15, 7C, 12, 4E, 77, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleGetIconOfClass + BE 775D3754 2 Bytes [ FF, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumFormatEtc + 2D 775D4533 15 Bytes [ FF, FF, D3, 8D, 85, 88, FA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumFormatEtc + 3D 775D4543 117 Bytes [ 50, FF, 35, 2C, 61, 60, 77, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumFormatEtc + B3 775D45B9 97 Bytes [ FA, FF, FF, 8D, 44, 46, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumFormatEtc + 115 775D461B 12 Bytes [ 50, 8D, 85, 54, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleRegEnumFormatEtc + 122 775D4628 10 Bytes [ 68, 00, 00, 00, 80, C7, 85, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAM + 29 775D9E22 17 Bytes [ 55, 8B, EC, 81, EC, AC, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAM + 3B 775D9E34 3 Bytes [ 53, 33, DB ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAM + 3F 775D9E38 1 Byte [ 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAM + 41 775D9E3A 91 Bytes [ 52, 53, 53, 89, 45, FC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAMEx + 42 775D9E96 148 Bytes [ 75, B4, FF, 15, D8, 12, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAMEx + D7 775D9F2B 1 Byte [ 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAMEx + D9 775D9F2D 9 Bytes [ 5D, B0, 6A, 04, 33, C0, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAMEx + E3 775D9F37 3 Bytes [ AA, EF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertIStorageToOLESTREAMEx + E9 775D9F3D 9 Bytes [ 89, 45, AC, 0F, 8C, 01, 01, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorage + 50 775DA18F 14 Bytes [ 55, 8B, EC, 83, 7D, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorage + 5F 775DA19E 69 Bytes [ 00, 8B, 03, 85, C0, 75, 0A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorageEx + 4 775DA1E4 14 Bytes [ F8, 85, FF, 75, 07, B8, 0E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorageEx + 13 775DA1F3 55 Bytes CALL 775802DC C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorageEx + 4B 775DA22B 2 Bytes [ 15, 3E ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorageEx + 4F 775DA22F 36 Bytes [ 8B, C6, 5E, 5F, 5D, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!OleConvertOLESTREAMToIStorageEx + 115 775DA2F5 22 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtGetDvtd16Info + 1B 775DAEF6 205 Bytes [ F0, 85, F6, 0F, 85, B8, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtGetDvtd16Info + 113 775DAFEE 30 Bytes [ 85, C0, 0F, 8C, 12, 01, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd16toDvtd32 + 8 775DB00D 148 Bytes [ FF, 03, 75, 0F, 8B, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd16toDvtd32 + 9D 775DB0A2 25 Bytes [ 01, 75, 4B, 83, 65, F8, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd16toDvtd32 + 16A 775DB16F 2 Bytes [ 85, C0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd16toDvtd32 + 16D 775DB172 88 Bytes [ 3D, 58, 12, 4E, 77, 74, 09, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd16toDvtd32 + 1C6 775DB1CB 43 Bytes [ 4D, FC, 8B, C7, 5F, 5E, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtGetDvtd32Info + 1 775DB1F7 5 Bytes [ 45, 0C, 89, 45, 94 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtGetDvtd32Info + 7 775DB1FD 20 Bytes [ 45, 10, 53, 8B, 5D, 1C, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtGetDvtd32Info + 1C 775DB212 87 Bytes [ 7D, 20, 8D, 4D, A8, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtGetDvtd32Info + F3 775DB2E9 76 Bytes [ FF, 85, C0, 89, 45, A4, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd32toDvtd16 + 30 775DB336 150 Bytes [ 4E, 1C, 8B, 55, 9C, 89, 0A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd32toDvtd16 + FD 775DB403 41 Bytes [ 06, 56, FF, 50, 0C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd32toDvtd16 + 127 775DB42D 18 Bytes [ 6A, 01, FF, 75, F0, E8, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd32toDvtd16 + 13A 775DB440 71 Bytes [ F8, 7F, 05, 0E, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!UtConvertDvtd32toDvtd16 + 182 775DB488 4 Bytes [ 8B, 45, EC, 83 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnILockBytes + 3F 775DC85C 19 Bytes [ 15, 00, 12, 4E, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnILockBytes + 53 775DC870 174 Bytes [ 00, 50, 6A, 02, FF, 15, D4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnILockBytes + 102 775DC91F 21 Bytes [ C2, 04, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnILockBytes + 118 775DC935 180 Bytes [ 89, 5D, F8, 89, 5D, E8, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenStorageOnILockBytes + 1CD 775DC9EA 28 Bytes [ 15, 98, 11, 4E, 77, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageILockBytes + 10 775DCB82 9 Bytes [ 1F, 39, 5D, FC, 74, 09, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageILockBytes + 1A 775DCB8C 110 Bytes [ 15, D0, 13, 4E, 77, 39, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageILockBytes + 89 775DCBFB 42 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageILockBytes + B4 775DCC26 38 Bytes [ 10, 89, 38, EB, 69, 8B, 3D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgIsStorageILockBytes + DC 775DCC4E 19 Bytes [ 00, 68, 10, 27, 00, 00, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantChangeType + 7A 775E4241 1 Byte [ 0C ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantChangeType + 7C 775E4243 193 Bytes CALL 7750DA96 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropStgNameToFmtId + 37 775E4324 46 Bytes [ 8D, 45, EC, 50, 8D, 45, DC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropStg + 19 775E4362 94 Bytes [ 75, FC, FF, 15, F8, 95, 60, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropStg + 78 775E43C1 64 Bytes [ 73, 83, EE, 16, 74, 2D, 4E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropStg + DA 775E4423 16 Bytes JMP 6B56CF2A
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropStg + EB 775E4434 109 Bytes [ 20, 52, 8D, 95, FC, FC, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropStg + 159 775E44A2 42 Bytes [ CA, 7D, 3D, BE, 0A, 00, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenPropStg + 3 775E44CD 36 Bytes [ 20, 74, 0F, 8B, 45, 1C, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenPropStg + 28 775E44F2 61 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenPropStg + 66 775E4530 182 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenPropStg + 11D 775E45E7 294 Bytes [ 36, 5E, 77, DE, F9, 51, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropSetStg + E2 775E470E 274 Bytes [ 83, F9, 14, 74, 31, 83, F9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropSetStg + 1F5 775E4821 32 Bytes [ 50, FF, 75, F8, 56, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropSetStg + 216 775E4842 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgCreatePropSetStg + 219 775E4845 197 Bytes [ EC, 51, 51, 8B, 4D, 0C, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropSysFreeString + F5 775E4975 6 Bytes [ 84, 9F, 00, 00, 00, 48 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropSysFreeString + FC 775E497C 11 Bytes [ 6B, 48, 74, 12, 48, 48, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropSysFreeString + 108 775E4988 8 Bytes [ 48, 74, 34, 48, 0F, 85, CC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropSysFreeString + 111 775E4991 6 Bytes [ 00, 3B, F7, 0F, 8F, 61 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropSysFreeString + 118 775E4998 6 Bytes [ FF, FF, 7C, 09, 83, FB ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantCopy + 9 775E4AB3 2 Bytes [ 01, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantCopy + C 775E4AB6 36 Bytes [ 83, F9, 1E, 0F, 8D, 6A, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantCopy + 32 775E4ADC 106 Bytes [ 00, 49, 0F, 84, 98, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantCopy + 9D 775E4B47 36 Bytes [ 00, 00, 8B, 4D, 08, 89, 41, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!PropVariantCopy + C2 775E4B6C 15 Bytes [ 00, 00, DF, 6D, F8, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgPropertyLengthAsVariant + 1F 775E65B2 88 Bytes [ 0F, 8C, 1B, 02, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgConvertPropertyToVariant + 40 775E660B 44 Bytes [ 8A, 45, 20, 88, 45, DB, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgConvertPropertyToVariant + 6D 775E6638 10 Bytes [ 06, 00, 00, 8A, 45, 20, 88, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgConvertPropertyToVariant + 78 775E6643 7 Bytes [ 5F, 8D, 46, 08, E9, 12, 02 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgConvertPropertyToVariant + 80 775E664B 23 Bytes [ 00, BA, 08, 20, 00, 00, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgConvertPropertyToVariant + 99 775E6664 5 Bytes [ 3B, C1, 0F, 8F, 9E ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnILockBytes + 3A 775F0D49 14 Bytes [ 0F, 86, 3C, 02, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnILockBytes + 49 775F0D58 39 Bytes [ 00, 8D, 04, 40, 8D, 3C, 81, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnILockBytes + 71 775F0D80 40 Bytes [ 74, 0E, 8B, 45, 10, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnILockBytes + 9A 775F0DA9 26 Bytes [ 83, 3E, 00, 0F, 8C, 4B, 07, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnILockBytes + B5 775F0DC4 19 Bytes [ FF, FF, 8B, 45, 14, FF, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 2 775F0DD8 15 Bytes [ 8B, 45, 14, FF, 30, E8, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 12 775F0DE8 85 Bytes [ FF, FF, 8B, 0F, 83, F9, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 69 775F0E3F 1 Byte [ DC ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 8C 775F0E62 1 Byte [ 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 8E 775F0E64 17 Bytes [ 8D, 0C, 40, 8D, 0C, 8A, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnFile + 48 775F0FCB 205 Bytes [ 8B, CF, 8B, 7D, E4, 8B, D1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnFile + 17E 775F1101 216 Bytes [ FC, 83, 45, E4, 10, 83, C7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnFile + 257 775F11DA 5 Bytes [ FF, E9, 1C, FF, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnFile + 25D 775F11E0 9 Bytes [ 73, 72, 8B, 7D, EC, 2B, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] ole32.dll!StgGetIFillLockBytesOnFile + 270 775F11F3 80 Bytes [ 89, 45, 1C, 0F, 8C, 01, 03, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + FFFF509F 71BF1189 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + FFFF50B2 71BF119C 20 Bytes [ 38, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + FFFF50C8 71BF11B2 9 Bytes [ 00, 00, 00, 00, 00, 00, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + FFFF50D2 71BF11BC 14 Bytes [ 40, 00, 00, 00, 88, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + FFFF50E1 71BF11CB 6 Bytes [ 00, 88, 01, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCloseHandle + C 71BF1F04 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCloseHandle + 18 71BF1F10 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCloseHandle + 20 71BF1F18 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCloseHandle + 24 71BF1F1C 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCloseHandle + 3C 71BF1F34 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamConnect + 3D 71BF38E6 30 Bytes [ 08, 00, 00, 00, 16, 00, 48, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamConnect + 5C 71BF3905 4 Bytes [ 48, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamConnect + 61 71BF390A 18 Bytes [ 2A, 00, 08, 00, 30, 48, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamConnect + 76 71BF391F 27 Bytes [ 00, 00, 00, 08, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamConnect + 93 71BF393C 28 Bytes [ 00, 00, 24, 00, 08, 00, 44, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamFreeMemory + 2A 71BF3A76 4 Bytes [ 08, 00, 00, 48 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamFreeMemory + 2F 71BF3A7B 55 Bytes [ 00, 00, 00, 31, 00, 14, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupDomainInSamServer + 13 71BF3AB3 16 Bytes [ 00, 00, 48, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupDomainInSamServer + 24 71BF3AC4 15 Bytes [ 34, 00, 78, 00, 46, 08, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupDomainInSamServer + 36 71BF3AD6 76 Bytes [ 16, 00, 0B, 01, 04, 00, 64, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupDomainInSamServer + 83 71BF3B23 36 Bytes [ 00, 16, 00, 48, 00, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenDomain + 20 71BF3B48 19 Bytes [ 08, 00, 13, 21, 1C, 00, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenDomain + 34 71BF3B5C 19 Bytes [ 34, 00, 0C, 00, 30, 48, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenDomain + 48 71BF3B70 36 Bytes [ 02, 00, 00, 00, 08, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenDomain + 6E 71BF3B96 23 Bytes [ 24, 00, 08, 00, 46, 03, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenDomain + 86 71BF3BAE 205 Bytes [ CA, 02, 70, 00, 08, 00, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateDomainsInSamServer + 50 71BF3C7C 48 Bytes [ 40, 00, 46, 04, 08, 01, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateDomainsInSamServer + 81 71BF3CAD 53 Bytes [ 00, 00, 00, 2A, 00, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateDomainsInSamServer + B7 71BF3CE3 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateDomainsInSamServer + BA 71BF3CE6 1 Byte [ 2A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateDomainsInSamServer + BC 71BF3CE8 1 Byte [ 08 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupNamesInDomain + 20 71BF3F2C 10 Bytes [ 0B, 5C, 02, 48, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupNamesInDomain + 2B 71BF3F37 19 Bytes [ 00, 01, 00, 00, 00, 40, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupNamesInDomain + 3F 71BF3F4B 39 Bytes [ 00, 50, 31, 00, 00, F1, A5, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupNamesInDomain + 68 71BF3F74 11 Bytes [ C1, 9B, 00, 00, 59, 98, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupNamesInDomain + 74 71BF3F80 38 Bytes [ 09, 9A, 00, 00, 61, A5, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenUser + 20 71BF40A3 19 Bytes [ 00, 97, 33, 00, 00, AD, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenUser + 34 71BF40B7 39 Bytes [ 00, 0C, 34, 00, 00, 21, 34, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenUser + 5D 71BF40E0 106 Bytes JMP 03000034
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenUser + C8 71BF414B 36 Bytes [ 00, 60, 37, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationUser + 20 71BF4170 5 Bytes [ 10, 00, 11, 00, 12 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationUser + 26 71BF4176 3 Bytes [ 13, 00, 14 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationUser + 2A 71BF417A 9 Bytes [ 15, 00, 16, 00, 17, 00, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationUser + 34 71BF4184 1 Byte [ 1A ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationUser + 36 71BF4186 104 Bytes [ 1B, 00, 1C, 00, 1D, 00, 1E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetAliasMembership + 17 71BF41EF 27 Bytes [ 53, 61, 6D, 41, 64, 64, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetAliasMembership + 33 71BF420B 161 Bytes [ 6C, 74, 69, 70, 6C, 65, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetGroupsForUser + 5 71BF42AD 256 Bytes [ 72, 65, 61, 74, 65, 47, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRidToSid + 5E 71BF43AE 38 Bytes [ 61, 6D, 47, 65, 74, 43, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRidToSid + 85 71BF43D5 159 Bytes [ 6D, 65, 72, 61, 74, 69, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQuerySecurityObject + 3F 71BF4475 166 Bytes [ 53, 61, 6D, 4F, 70, 65, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQuerySecurityObject + E6 71BF451C 21 Bytes [ 61, 6D, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQuerySecurityObject + FC 71BF4532 250 Bytes [ 53, 61, 6D, 52, 65, 6D, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetCompatibilityMode + B 71BF462D 41 Bytes [ 53, 61, 6D, 53, 65, 74, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetCompatibilityMode + 35 71BF4657 95 Bytes [ 53, 61, 6D, 54, 65, 73, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryDisplayInformation + 4B 71BF46B7 211 Bytes [ 53, 61, 6D, 69, 43, 68, 61, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryDisplayInformation + 120 71BF478C 22 Bytes [ B3, 01, 83, 65, E0, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupIdsInDomain + 13 71BF47A4 31 Bytes [ 4D, E0, 85, C9, 0F, 84, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupIdsInDomain + 33 71BF47C4 26 Bytes [ 83, 4D, FC, FF, 84, DB, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupIdsInDomain + 4E 71BF47DF 1 Byte [ C2 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupIdsInDomain + 50 71BF47E1 25 Bytes [ 00, 90, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamLookupIdsInDomain + 6A 71BF47FB 27 Bytes [ 55, 8B, EC, 8B, 45, 10, 53, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationDomain + 3A 71BF490A 50 Bytes [ 33, C0, 8D, 7D, AC, AB, AB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationDomain + 6D 71BF493D 138 Bytes [ F0, 89, 75, D8, 85, F6, 7C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationDomain + F8 71BF49C8 37 Bytes [ 45, DC, 8B, 4D, E0, 89, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationDomain + 11E 71BF49EE 94 Bytes [ 90, 90, FF, FF, FF, FF, 1E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationDomain + 17D 71BF4A4D 2 Bytes [ FF, 55 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamTestPrivateFunctionsDomain + A 71BF8E8C 63 Bytes [ 4A, 44, 00, 90, 47, 42, 47, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamTestPrivateFunctionsDomain + 4A 71BF8ECC 5 Bytes [ 72, 00, 6F, 00, 6C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamTestPrivateFunctionsDomain + 50 71BF8ED2 29 Bytes [ 53, 00, 65, 00, 74, 00, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamTestPrivateFunctionsDomain + 70 71BF8EF2 19 Bytes [ 90, 90, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamTestPrivateFunctionsDomain + 84 71BF8F06 1 Byte [ 20 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser2 + 19 71BF90E5 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser2 + 1F 71BF90EB 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser2 + 27 71BF90F3 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser2 + 2D 71BF90F9 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser2 + 35 71BF9101 4 Bytes [ 00, 20, 00, 20 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiOemChangePasswordUser2 + 3E 71BF9327 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiOemChangePasswordUser2 + 4D 71BF9336 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiOemChangePasswordUser2 + 56 71BF933F 23 Bytes [ 00, 00, 00, 00, 00, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiOemChangePasswordUser2 + 6F 71BF9358 65 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiOemChangePasswordUser2 + B1 71BF939A 40 Bytes [ 74, 0A, 8D, 45, FC, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiSetDSRMPassword + 14 71BF9635 23 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiSetDSRMPasswordOWF + E 71BF964D 11 Bytes [ FF, 83, C4, 0C, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiSetDSRMPasswordOWF + 1B 71BF965A 22 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetSecurityObject + 14 71BF9671 2 Bytes [ AB, A8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetSecurityObject + 18 71BF9675 6 Bytes [ 83, C4, 0C, 5D, C2, 0C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetSecurityObject + 1F 71BF967C 38 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetSecurityObject + 46 71BF96A3 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetSecurityObject + 4D 71BF96AA 37 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamShutdownSamServer + 65 71BF97AE 12 Bytes [ C4, 0C, 5D, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamShutdownSamServer + 72 71BF97BB 38 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationDomain + 11 71BF97E2 27 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationDomain + 2D 71BF97FE 74 Bytes [ 5D, C2, 2C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationDomain + 78 71BF9849 11 Bytes [ 83, C4, 0C, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationDomain + 84 71BF9855 107 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateGroupInDomain + 68 71BF98C1 43 Bytes [ 5D, C2, 20, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateGroupInDomain + 96 71BF98EF 3 Bytes [ 90, 90, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateGroupInDomain + 9A 71BF98F3 38 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateGroupInDomain + C1 71BF991A 1 Byte [ 55 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateGroupInDomain + C3 71BF991C 21 Bytes [ EC, 8D, 45, 04, 83, C0, 04, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateGroupsInDomain + 75 71BF99B6 43 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateGroupsInDomain + A1 71BF99E2 1 Byte [ 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateGroupsInDomain + A3 71BF99E4 74 Bytes [ C0, 04, 50, 68, 3C, 2C, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUserInDomain + 27 71BF9A30 72 Bytes [ 04, 83, C0, 04, 50, 68, A0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUserInDomain + 70 71BF9A79 32 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUserInDomain + 92 71BF9A9B 194 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateUsersInDomain + 6D 71BF9B5E 106 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateAliasInDomain + 8 71BF9BC9 77 Bytes [ A5, 3B, 00, 00, 8B, F8, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateAliasInDomain + 56 71BF9C17 81 Bytes [ F8, 85, FF, 7C, 65, 8D, 9E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateAliasInDomain + A8 71BF9C69 4 Bytes CALL 71BF5F95 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateAliasInDomain + AD 71BF9C6E 27 Bytes [ FF, 56, 68, 04, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateAliasInDomain + C9 71BF9C8A 2 Bytes [ 39, B2 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateAliasesInDomain + 29 71BF9CD2 4 Bytes [ 00, 8B, F8, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateAliasesInDomain + 2E 71BF9CD7 29 Bytes [ 7C, 6A, 56, 8D, 45, EC, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateAliasesInDomain + 4C 71BF9CF5 63 Bytes [ 8B, 73, 04, 2B, F9, 8B, D1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateAliasesInDomain + 8D 71BF9D36 24 Bytes CALL C2BF9D39
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamEnumerateAliasesInDomain + A6 71BF9D4F 24 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetDisplayEnumerationIndex + 14 71BF9D85 18 Bytes [ 00, 00, 85, C0, 7C, 28, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetDisplayEnumerationIndex + 27 71BF9D98 5 Bytes [ EC, 39, 00, 00, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetDisplayEnumerationIndex + 2D 71BF9D9E 5 Bytes [ 7C, 13, 80, 7D, 18 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetDisplayEnumerationIndex + 33 71BF9DA4 51 Bytes CALL C2ABE336
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetDisplayEnumerationIndex + 67 71BF9DD8 16 Bytes [ 55, 14, 53, 8B, 5D, 08, 56, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenGroup + 40 71BF9E59 31 Bytes [ C0, 85, C9, 7C, 0F, 56, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenGroup + 60 71BF9E79 21 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenGroup + 76 71BF9E8F 6 Bytes [ 8B, FF, 55, 8B, EC, 83 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenGroup + 7D 71BF9E96 2 Bytes [ 1C, 56 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenGroup + 80 71BF9E99 18 Bytes [ 75, 08, 0F, B7, 06, 57, 33, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationGroup + 4F 71BF9F48 25 Bytes [ FC, 17, 00, 00, C0, EB, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationGroup + 69 71BF9F62 123 Bytes [ E1, 03, F3, AA, 0F, B7, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationGroup + E6 71BF9FDF 52 Bytes [ 85, DB, 74, 1D, 0F, B7, 0E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationGroup + 27 71BFA014 39 Bytes [ 7E, 00, 21, 00, 40, 00, 23, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationGroup + 4F 71BFA03C 26 Bytes [ 3B, 00, 22, 00, 27, 00, 3C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationGroup + 6A 71BFA057 58 Bytes [ 55, 8B, EC, 51, 51, 57, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToGroup + 21 71BFA092 31 Bytes [ 7C, 2D, 66, 8B, 0F, 66, D1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToGroup + 41 71BFA0B2 28 Bytes [ FC, 01, 74, 0B, F6, 07, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToGroup + 5E 71BFA0CF 20 Bytes CALL 71BF3EDC C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToGroup + 73 71BFA0E4 106 Bytes [ 00, C7, 45, A0, 24, 02, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteGroup + 56 71BFA14F 105 Bytes [ 89, 45, E0, 85, C0, 75, 0A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromGroup + 30 71BFA1B9 72 Bytes CALL 71BF93B3 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromGroup + 79 71BFA202 46 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInGroup + 20 71BFA231 19 Bytes CALL 71BFD7FD C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInGroup + 34 71BFA245 48 Bytes [ D4, 81, FE, 21, 07, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInGroup + 65 71BFA276 26 Bytes [ F0, 83, 4D, FC, FF, 8B, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInGroup + 81 71BFA292 6 Bytes [ 83, 7D, E0, 00, 74, 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInGroup + 88 71BFA299 47 Bytes CALL 71BF2EBE C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetMemberAttributesOfGroup + 1 71BFA2EA 1 Byte [ 28 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetMemberAttributesOfGroup + 4 71BFA2ED 1 Byte [ 94 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetMemberAttributesOfGroup + 9 71BFA2F2 1 Byte [ 9B ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetMemberAttributesOfGroup + C 71BFA2F5 33 Bytes [ 33, F6, 89, 75, E0, C7, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetMemberAttributesOfGroup + 2E 71BFA317 73 Bytes [ 15, 40, 11, BF, 71, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenAlias + 32 71BFA3A3 28 Bytes [ 75, 0C, FF, 75, 08, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenAlias + 4F 71BFA3C0 127 Bytes [ EB, 4B, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamOpenAlias + CF 71BFA440 33 Bytes [ 02, C0, 75, 07, C7, 45, E4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationAlias + 11 71BFA462 18 Bytes [ FF, FF, C7, 93, BF, 71, DD, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationAlias + 24 71BFA475 83 Bytes [ EC, 83, EC, 18, A1, 04, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamQueryInformationAlias + 78 71BFA4C9 47 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationAlias + 20 71BFA4F9 129 Bytes [ 85, C0, 75, 0E, 85, C9, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteAlias + 1A 71BFA57B 5 Bytes [ 74, 48, 83, 65, FC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteAlias + 20 71BFA581 25 Bytes [ 8D, 4D, D4, 51, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteAlias + 3C 71BFA59D 5 Bytes [ 90, 90, 8B, 45, EC ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteAlias + 43 71BFA5A4 12 Bytes [ 8B, 00, 89, 45, C0, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteAlias + 52 71BFA5B3 29 Bytes CALL 71801BB7
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToAlias + F 71BFA600 8 Bytes CALL 71BF4EC7 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToAlias + 18 71BFA609 25 Bytes [ FF, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToAlias + 32 71BFA623 27 Bytes [ 55, 8B, EC, 6A, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToAlias + 4E 71BFA63F 10 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMemberToAlias + 59 71BFA64A 8 Bytes [ 75, 0C, FF, 75, 08, E8, 7E, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromAlias + C 71BFA685 2 Bytes [ 89, 7D ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromAlias + F 71BFA688 33 Bytes [ 8D, 45, E4, 50, 57, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromAlias + 31 71BFA6AA 49 Bytes CALL 71BF488E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromAlias + 63 71BFA6DC 3 Bytes [ FF, 75, 0C ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromAlias + 67 71BFA6E0 5 Bytes [ 75, E0, E8, 03, ED ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromForeignDomain + C 71BFA70D 27 Bytes [ 75, DC, FF, 15, 68, 11, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromForeignDomain + 28 71BFA729 48 Bytes CALL 71BF2E80 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMemberFromForeignDomain + 59 71BFA75A 66 Bytes CALL 71BF477E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInAlias + 14 71BFA79D 110 Bytes [ E0, FF, 15, 68, 11, BF, 71, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamGetMembersInAlias + 85 71BFA80E 61 Bytes [ 90, 90, 8B, 45, EC, 8B, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMultipleMembersToAlias + B 71BFA84C 51 Bytes [ 10, 98, BF, 71, 26, 98, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMultipleMembersToAlias + 40 71BFA881 1 Byte [ E0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMultipleMembersToAlias + 44 71BFA885 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMultipleMembersToAlias + 46 71BFA887 2 Bytes [ F5, 9E ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamAddMultipleMembersToAlias + 4A 71BFA88B 70 Bytes [ 84, C0, 75, 0A, B8, 08, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 25 71BFA906 10 Bytes [ 7C, 0A, 8B, 45, D8, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 30 71BFA911 21 Bytes [ 09, 8D, 45, E4, 50, E8, 52, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 46 71BFA927 2 Bytes [ 55, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 4A 71BFA92B 51 Bytes [ C2, 14, 00, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamRemoveMultipleMembersFromAlias + 7E 71BFA95F 9 Bytes [ 0A, B8, 0D, 00, 00, C0, E9, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteUser + C 71BFA98D 44 Bytes [ 75, 14, 8D, 45, E4, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteUser + 3C 71BFA9BD 15 Bytes [ 90, 8B, 45, EC, 8B, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteUser + 4C 71BFA9CD 2 Bytes [ 00, C3 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteUser + 52 71BFA9D3 40 Bytes CALL 71981FD7
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamDeleteUser + 7B 71BFA9FC 54 Bytes [ BE, 99, BF, 71, D4, 99, BF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationUser 71BFAA82 17 Bytes [ 90, 90, 90, 8B, 45, EC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationUser + 12 71BFAA94 24 Bytes [ 00, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationUser + 2B 71BFAAAD 40 Bytes [ 85, F6, 7C, 0A, 8B, 45, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationUser + 54 71BFAAD6 61 Bytes [ FF, C2, 14, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamSetInformationUser + 92 71BFAB14 25 Bytes JMP 71BFABA1 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiLmChangePasswordUser + 8 71BFB045 3 Bytes [ FF, 75, E0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiLmChangePasswordUser + C 71BFB049 22 Bytes [ 15, 68, 11, BF, 71, 83, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiLmChangePasswordUser + 23 71BFB060 39 Bytes [ FF, FF, FF, FF, 2C, A0, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiLmChangePasswordUser + 4B 71BFB088 39 Bytes [ FF, 84, C0, 75, 07, B8, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiLmChangePasswordUser + 73 71BFB0B0 9 Bytes [ 8B, 45, EC, 8B, 00, 8B, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser + 51 71BFB13A 46 Bytes [ 8B, 00, 89, 45, E0, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser + 81 71BFB16A 9 Bytes CALL 71BF2E9F C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser + 8C 71BFB175 23 Bytes [ C2, 04, 00, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser + A4 71BFB18D 8 Bytes CALL 71BF3EDD C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangePasswordUser + AE 71BFB197 1 Byte [ E4 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser + 8E 71BFB3AF 115 Bytes [ 00, 00, 8D, 45, E4, 50, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser + 102 71BFB423 13 Bytes [ 09, 8D, 45, E4, 50, E8, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser + 110 71BFB431 17 Bytes CALL 71BF2E9E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser + 122 71BFB443 30 Bytes [ FF, EB, A3, BF, 71, 01, A4, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser + 141 71BFB462 32 Bytes CALL 71BF477E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser3 + 2 71BFB9D7 20 Bytes [ 75, E0, FF, 15, 68, 11, BF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser3 + 17 71BFB9EC 6 Bytes CALL 71BF2F6C C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser3 + 1E 71BFB9F3 9 Bytes CALL 71BF2EA0 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser3 + 28 71BFB9FD 116 Bytes [ C2, 04, 00, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser3 + 9D 71BFBA72 2 Bytes [ 4A, 74 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser2 + 26 71BFBAD5 44 Bytes [ FF, 84, C0, 75, 0C, B8, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser2 + 53 71BFBB02 41 Bytes CALL D443CA0A
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser2 + 7D 71BFBB2C 34 Bytes [ A9, 00, 00, 00, 20, 0F, 84, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamChangePasswordUser2 + A0 71BFBB4F 31 Bytes [ FF, C6, 85, A7, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiSetBootKeyInformation + 18 71BFBB70 70 Bytes [ 10, 74, 0C, C7, 85, A0, FA, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiSetBootKeyInformation + 5F 71BFBBB7 25 Bytes [ 0D, 00, 00, C0, EB, 16, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiSetBootKeyInformation + 7A 71BFBBD2 25 Bytes [ 00, 80, A5, 5F, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiGetBootKeyInformation + B 71BFBBEC 20 Bytes JMP 71BFBD2E C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiGetBootKeyInformation + 20 71BFBC01 6 Bytes [ 74, 12, 66, F7, 83, A8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiGetBootKeyInformation + 27 71BFBC08 10 Bytes [ 00, 00, 80, 01, 74, 07, C6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiGetBootKeyInformation + 32 71BFBC13 38 Bytes [ FF, 01, C6, 85, A7, FA, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiGetBootKeyInformation + 59 71BFBC3A 48 Bytes [ FF, 89, 85, 98, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangeKeys + 2 71BFBC6B 37 Bytes [ 89, 85, A0, FA, FF, FF, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangeKeys + 28 71BFBC91 26 Bytes [ 56, FF, B5, 9C, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangeKeys + 43 71BFBCAC 21 Bytes [ B5, 84, FA, FF, FF, 33, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangeKeys + 59 71BFBCC2 18 Bytes [ 74, 6E, 6A, 31, 59, 8B, F3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiChangeKeys + 6C 71BFBCD5 24 Bytes [ FF, FF, 89, 85, 98, FA, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamConnectWithCreds + 81 71BFBE9A 62 Bytes JMP 71BFBD93 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUser2InDomain + 29 71BFBED9 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUser2InDomain + 2B 71BFBEDB 28 Bytes JMP 71BFBF77 C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUser2InDomain + 48 71BFBEF8 5 Bytes [ FF, 89, 85, A0, FA ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUser2InDomain + 4F 71BFBEFF 43 Bytes [ 83, 65, FC, 00, EB, 3D, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamCreateUser2InDomain + 7C 71BFBF2C 16 Bytes [ FF, 15, 68, 11, BF, 71, 89, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + 13 71BFC0FD 24 Bytes [ 89, 45, E4, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + 2D 71BFC117 28 Bytes [ FF, 8B, 4D, 20, 89, 8D, 78, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + 4A 71BFC134 11 Bytes JMP 71BFC2FB C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + 56 71BFC140 5 Bytes [ 51, 50, E8, 39, 86 ]
.text C:\WINDOWS\system32\winlogon.exe[220] SAMLIB.dll!SamiEncryptPasswords + 5D 71BFC147 6 Bytes [ 84, C0, 75, 0A, B8, 08 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + FFFEF2A2 76D611F8 5 Bytes [ 00, 00, 00, 00, 20 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + FFFEF2A9 76D611FF 6 Bytes [ 60, 2E, 64, 61, 74, 61 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + FFFEF2B2 76D61208 2 Bytes [ C0, 0E ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + FFFEF2B6 76D6120C 3 Bytes [ 00, 40, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + FFFEF2BA 76D61210 2 Bytes [ 00, 10 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStack + 14 76D62748 5 Bytes [ 2A, 00, 2B, 00, 2C ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStack + 1A 76D6274E 9 Bytes [ 2D, 00, 2E, 00, 2F, 00, 30, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStack + 24 76D62758 3 Bytes [ 32, 00, 33 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStack + 28 76D6275C 1 Byte [ 34 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStack + 2A 76D6275E 7 Bytes [ 35, 00, 36, 00, 37, 00, 38 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterOrderMap + EC 76D629BB 132 Bytes [ 43, 61, 6E, 63, 65, 6C, 49, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterOrderMap + 171 76D62A40 126 Bytes [ 44, 65, 6C, 65, 74, 65, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterOrderMap + 1F0 76D62ABF 20 Bytes [ 47, 65, 74, 41, 64, 61, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterOrderMap + 205 76D62AD4 419 Bytes [ 47, 65, 74, 41, 64, 61, 70, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterOrderMap + 3A9 76D62C78 179 Bytes [ 00, 47, 65, 74, 49, 70, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUniDirectionalAdapterInfo + 14 76D62D2C 186 Bytes [ 47, 65, 74, 4F, 77, 6E, 65, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUniDirectionalAdapterInfo + CF 76D62DE7 261 Bytes [ 47, 65, 74, 54, 63, 70, 53, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUniDirectionalAdapterInfo + 1D5 76D62EED 96 Bytes [ 49, 63, 6D, 70, 36, 43, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUniDirectionalAdapterInfo + 236 76D62F4E 134 Bytes [ 49, 63, 6D, 70, 53, 65, 6E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUniDirectionalAdapterInfo + 2BD 76D62FD5 109 Bytes [ 49, 6E, 74, 65, 72, 6E, 61, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTableFromStack + E 76D63A7C 24 Bytes [ EC, 28, 8B, 45, 08, 53, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTableFromStack + 28 76D63A96 11 Bytes [ 89, 45, E0, 8B, 45, 0C, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTableFromStack + 3D 76D63AAB 2 Bytes [ 01, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTableFromStack + 48 76D63AB6 1 Byte [ 8D ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTableFromStack + 4A 76D63AB8 10 Bytes [ 08, 50, 8B, 45, 10, 05, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntryFromStack + 46 76D63B4E 10 Bytes [ 55, 8B, EC, 51, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntryFromStack + 51 76D63B59 66 Bytes [ 8D, 45, 10, 50, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTable 76D63B9C 48 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTable + 31 76D63BCD 43 Bytes [ 36, 8B, 45, 14, FF, 75, 18, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTable + 5D 76D63BF9 22 Bytes [ 5F, 5E, 5B, C9, C2, 18, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTable + 74 76D63C10 19 Bytes [ A1, B8, 40, D7, 76, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpAddrTable + 88 76D63C24 18 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersAddresses + A 76D63E5E 5 Bytes [ F3, AB, 8B, 85, 04 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersAddresses + 10 76D63E64 8 Bytes [ FF, FF, 8B, 08, 8B, 40, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersAddresses + 19 76D63E6D 16 Bytes [ D8, FE, FF, FF, 6A, 05, B8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersAddresses + 2A 76D63E7E 1 Byte [ 89 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersAddresses + 2C 76D63E80 23 Bytes [ E0, FE, FF, FF, 89, 8D, D4, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho 76D64B79 13 Bytes [ 90, 8B, FF, 55, 8B, EC, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho + E 76D64B87 10 Bytes [ 85, C0, 74, 07, 8B, 40, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho + 19 76D64B92 84 Bytes [ 83, C8, FF, EB, F7, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho + 94 76D64C0D 3 Bytes [ 82, 83, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho + 99 76D64C12 102 Bytes [ 85, DB, 74, 7F, FF, 75, 10, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpCreateFile + 45 76D64DA3 28 Bytes [ 00, 74, 04, 83, 4F, 38, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpCreateFile + 62 76D64DC0 22 Bytes [ 8D, 8D, 78, F9, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpCreateFile + 79 76D64DD7 149 Bytes [ 50, 68, 4F, 42, D6, 76, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpCreateFile + 10F 76D64E6D 25 Bytes [ D2, 38, 00, 00, 56, 8B, 35, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpCreateFile + 129 76D64E87 13 Bytes [ 75, 2A, 83, 7D, 14, 00, 74, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTableFromStack 76D6505D 85 Bytes [ 90, 90, 90, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTableFromStack + 56 76D650B3 2 Bytes [ 56, 8D ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTableFromStack + 59 76D650B6 103 Bytes [ 08, 50, 56, 89, 75, 08, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTableFromStack + C1 76D6511E 4 Bytes [ 00, 3B, DE, 75 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTableFromStack + C6 76D65123 56 Bytes [ 53, FF, 75, 0C, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTable + 19 76D6515C 37 Bytes [ 50, FF, 15, D8, 10, D6, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTable + 3F 76D65182 21 Bytes [ 83, FB, 02, 0F, 84, 28, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTable + 55 76D65198 1 Byte [ 6D ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTable + 57 76D6519A 5 Bytes [ 61, 00, 69, 00, 6E ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfTable + 5F 76D651A2 41 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetNumberOfInterfaces + 2E 76D6529C 172 Bytes [ 00, 00, 6A, 10, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetNumberOfInterfaces + DB 76D65349 27 Bytes [ 00, 7F, 74, 0C, 8B, 55, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetNumberOfInterfaces + F7 76D65365 98 Bytes [ 00, F6, 40, 16, 01, 74, 03, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetNumberOfInterfaces + 15A 76D653C8 157 Bytes [ 56, 53, FF, 55, 0C, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetNumberOfInterfaces + 1F8 76D65466 139 Bytes [ 00, 00, 53, 8B, 1D, 18, 11, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 48 76D65CE4 2 Bytes [ 02, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 4D 76D65CE9 62 Bytes [ 55, 0C, 0F, 84, F9, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 8C 76D65D28 64 Bytes [ C6, 5E, 5D, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + CD 76D65D69 9 Bytes [ FF, 56, 33, F6, 39, 35, 48, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + D7 76D65D73 57 Bytes [ 75, 5E, 68, F4, 24, D6, 76, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersInfo + 1C 76D6606D 33 Bytes [ 83, C0, FC, 33, D2, 8B, CB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersInfo + 3E 76D6608F 86 Bytes [ 00, 57, BF, E0, 40, D7, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersInfo + 95 76D660E6 21 Bytes [ 8B, 45, 08, 89, 30, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersInfo + AB 76D660FC 27 Bytes [ 4D, 08, 8B, C6, 69, C0, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdaptersInfo + C7 76D66118 84 Bytes [ 0F, 83, 8C, 21, 00, 00, FF, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyAddrChange + 2 76D66302 61 Bytes [ FF, 5D, C3, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyAddrChange + 40 76D66340 16 Bytes [ 00, 85, C0, 0F, 84, 76, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyAddrChange + 51 76D66351 51 Bytes [ 83, FE, 01, 89, 45, 0C, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + 2 76D66385 61 Bytes [ 2B, C7, 0F, 84, 6E, 19, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + 40 76D663C3 143 Bytes [ 57, FF, 15, 94, 10, D6, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntry + 65 76D66454 108 Bytes [ 85, C0, 0F, 85, 35, 19, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntry + D2 76D664C1 24 Bytes [ C2, 0C, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntry + EB 76D664DA 95 Bytes [ FF, 55, 8B, EC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntry + 14B 76D6653A 5 Bytes [ FF, FF, 94, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIfEntry + 151 76D66540 20 Bytes [ 8D, 85, 50, FF, FF, FF, 50, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetPerAdapterInfo + 8A 76D667F3 6 Bytes [ 00, 00, 20, FF, 75, F8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetPerAdapterInfo + 91 76D667FA 11 Bytes [ 15, 7C, 10, D6, 76, 8B, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetPerAdapterInfo + 9E 76D66807 48 Bytes [ 5E, 5B, C9, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetPerAdapterInfo + CF 76D66838 441 Bytes [ 00, 00, F7, D8, 1B, C0, F7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetPerAdapterInfo + 28B 76D669F4 20 Bytes [ 54, 6F, 6B, 65, 6E, 20, 52, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + 2B 76D66A9E 48 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + 5C 76D66ACF 159 Bytes [ 00, FF, D6, 85, C0, 75, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 87 76D66B6F 73 Bytes [ 90, 53, 59, 53, 54, 45, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + D1 76D66BB9 99 Bytes [ 72, 72, 65, 6E, 74, 43, 6F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 135 76D66C1D 4 Bytes [ 00, B8, 00, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 13A 76D66C22 58 Bytes [ 00, 89, 45, CC, 89, 45, D0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 175 76D66C5D 28 Bytes [ F8, 83, FF, 01, 0F, 84, 9D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIfTableFromStack + 5E 76D67012 21 Bytes [ FF, 35, 88, 4C, D7, 76, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIfTableFromStack + 74 76D67028 1 Byte [ 15 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIfTableFromStack + 76 76D6702A 100 Bytes [ 11, D6, 76, 59, 8D, 44, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIfTableFromStack + DB 76D6708F 108 Bytes [ FF, 75, 08, FF, D6, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpForwardTableFromStack + 52 76D670FC 43 Bytes [ CA, 83, E1, 03, F3, AA, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpForwardTableFromStack + 7E 76D67128 214 Bytes [ 00, 89, 55, CC, 83, 22, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTableFromStack + CE 76D671FF 20 Bytes [ 82, AC, 01, 00, 00, 50, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTableFromStack + E3 76D67214 27 Bytes [ 80, 8D, 34, C6, 75, C8, 5F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTableFromStack + FF 76D67230 72 Bytes [ 08, 33, C0, 85, C9, 0F, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTableFromStack + 148 76D67279 48 Bytes [ D8, 50, 68, 00, 00, 10, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTableFromStack + 179 76D672AA 11 Bytes [ 15, E0, 10, D6, 76, 83, 3D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetFriendlyIfIndex + 6 76D69652 59 Bytes [ 12, 89, 55, CC, 8B, 4D, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetFriendlyIfIndex + 42 76D6968E 145 Bytes [ 0A, 59, F3, A5, 8B, 12, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetFriendlyIfIndex + D4 76D69720 20 Bytes JMP 027C8A27
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetFriendlyIfIndex + E9 76D69735 35 Bytes [ E4, 83, C0, 03, 83, E0, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetFriendlyIfIndex + 10D 76D69759 18 Bytes [ 57, 18, 89, 55, C0, 8D, 4B, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTable + 39 76D6999B 8 Bytes [ FF, 56, FF, 15, D0, 10, D6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTable + 42 76D699A4 38 Bytes [ 5D, B0, FF, FF, 3D, EA, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTable + 69 76D699CB 16 Bytes [ 85, C0, 89, 03, 75, EF, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTable + 7A 76D699DC 48 Bytes [ 63, A6, FF, FF, 6A, 08, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTable + AB 76D69A0D 35 Bytes [ FF, 15, 88, 10, D6, 76, 50, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatisticsEx + 3F 76D69B0C 190 Bytes [ C7, 85, E4, FE, FF, FF, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatistics + 38 76D69BCB 14 Bytes [ 41, 64, 61, 70, 74, 65, 72, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatistics + 47 76D69BDA 88 Bytes [ 5F, 55, 4E, 49, 44, 49, 52, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatistics + 9 76D69C33 25 Bytes [ B5, F4, FE, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatistics + 43 76D69C6D 2 Bytes [ FE, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatisticsEx + 2 76D69C70 100 Bytes [ 83, F8, 7F, 74, 09, 56, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatisticsEx + 6D 76D69CDB 26 Bytes [ 57, 56, 53, FF, D0, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatisticsEx + 88 76D69CF6 13 Bytes [ 64, 00, 6C, 00, 6C, 00, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatisticsEx + 96 76D69D04 105 Bytes [ 78, 00, 65, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpStatisticsEx + 5A 76D69D6E 136 Bytes [ 00, 00, 52, 00, 50, 00, 43, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpStatistics + 7F 76D69DF7 5 Bytes [ 60, 08, 15, A4, BD ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatisticsEx 76D69E00 12 Bytes [ 00, 00, 00, 00, 00, 00, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatisticsEx + D 76D69E0D 76 Bytes [ 00, 6F, 00, 6D, 00, 61, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatisticsEx + 5A 76D69E5A 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatisticsEx + 5F 76D69E5F 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatistics + 11 76D69E75 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatistics + 17 76D69E7B 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatistics + 44 76D69EA8 57 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatistics + 7E 76D69EE2 36 Bytes [ 2B, C3, 75, 1A, 8B, C1, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIfEntry + 1C 76D69F08 133 Bytes [ 8B, 45, 08, 0F, B7, 40, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateIpForwardEntry + 39 76D69F8E 359 Bytes [ 0C, 0F, B7, 40, 10, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateIpNetEntry + 27 76D6A0F6 38 Bytes [ C6, EB, 4B, 8B, 55, 08, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateIpNetEntry + 4E 76D6A11D 236 Bytes [ 04, 2B, C1, EB, 22, 8B, 35, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!FlushIpNetTable + 1C 76D6A20A 137 Bytes [ 17, BE, FF, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetTcpEntry + 42 76D6A294 80 Bytes [ 00, 00, 8B, C1, 8B, DA, 23, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestInterface + 3B 76D6A2E5 10 Bytes [ D6, 0F, B7, D8, 33, C0, 66, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestInterface + 46 76D6A2F0 38 Bytes [ FF, D6, 0F, B7, C0, 2B, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestInterface + 6D 76D6A317 74 Bytes [ F2, 33, C0, F3, A6, 74, 05, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestInterfaceEx + 7 76D6A362 11 Bytes [ FF, 55, 8B, EC, 8B, 55, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestInterfaceEx + 13 76D6A36E 109 Bytes [ 57, 6A, 10, 59, 8D, 7B, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestInterfaceEx + 81 76D6A3DC 33 Bytes [ 00, 00, 00, 8B, D0, 8B, F9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestRoute + F 76D6A3FE 69 Bytes [ 75, EB, BA, 00, 00, FF, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateProxyArpEntry + 4 76D6A444 25 Bytes [ CF, 23, CA, 23, C2, 2B, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateProxyArpEntry + 1E 76D6A45E 92 Bytes [ FF, 00, 00, 2B, C3, 75, 1A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateProxyArpEntry + 7B 76D6A4BB 3 Bytes [ DF, 2B, D3 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateProxyArpEntry + 7F 76D6A4BF 2 Bytes [ 0C, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CreateProxyArpEntry + 82 76D6A4C2 114 Bytes [ 8B, FE, 23, D1, 23, F9, 2B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteProxyArpEntry + 15 76D6A535 18 Bytes [ 75, 05, 33, C0, 40, EB, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteProxyArpEntry + 28 76D6A548 19 Bytes [ FF, 55, 8B, EC, 57, 8B, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteProxyArpEntry + 3C 76D6A55C 106 Bytes [ 34, 8B, 55, 08, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteProxyArpEntry + A7 76D6A5C7 56 Bytes [ 3B, D0, 74, 04, 2B, CE, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteProxyArpEntry + E0 76D6A600 94 Bytes [ 42, 08, 89, 46, 14, 8B, 42, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTable + 1D 76D6AAE4 98 Bytes [ 56, 8B, 75, 0C, 83, FE, 02, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTable + 80 76D6AB47 7 Bytes [ 45, F8, 50, 68, 10, 27, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTable + 88 76D6AB4F 162 Bytes [ 6A, 21, FF, 35, 58, 45, D7, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTable + 12B 76D6ABF2 24 Bytes [ 00, 8B, D8, 85, DB, 75, 1F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpForwardTable + 144 76D6AC0B 3 Bytes [ 5E, EB, 0A ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpTable + 55 76D6AC72 23 Bytes [ EC, 83, EC, 68, 57, 8B, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpTable + 6D 76D6AC8A 8 Bytes [ 83, FE, 02, 74, 0A, 83, FE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpTable + 76 76D6AC93 41 Bytes [ 05, 6A, 57, 58, EB, 70, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedTcpTable + 6 76D6ACBD 55 Bytes [ FE, 17, 75, 0D, 83, 3D, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedTcpTable + 69 76D6AD20 20 Bytes [ 74, 05, 83, FE, 17, 75, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedTcpTable + 7E 76D6AD35 56 Bytes [ 80, 40, D7, 76, 74, 0D, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedTcpTable + B7 76D6AD6E 94 Bytes [ 5E, 5D, C2, 08, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedTcpTable + 116 76D6ADCD 45 Bytes [ 75, 04, 6A, 32, EB, 17, 83, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetOwnerModuleFromTcp6Entry + 17 76D6B062 21 Bytes [ 00, C0, 5F, 75, 05, B8, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetOwnerModuleFromTcp6Entry + 2D 76D6B078 41 Bytes [ 55, 8B, EC, 83, EC, 68, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpTable + C 76D6B0A2 10 Bytes [ 15, C8, 10, D6, 76, 85, C0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpTable + 17 76D6B0AD 35 Bytes [ 17, 59, 8D, 45, 98, C7, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpTable + 3B 76D6B0D1 272 Bytes [ 55, 8B, EC, 83, EC, 24, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedUdpTable + B8 76D6B1E3 82 Bytes [ 5F, 5E, C9, C2, 04, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedUdpTable + 172 76D6B29D 31 Bytes [ 00, 00, 5F, 5E, C9, C2, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedUdpTable + 192 76D6B2BD 66 Bytes [ 1D, 6A, 04, 53, FF, 15, CC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedUdpTable + 1D5 76D6B300 11 Bytes [ 21, FF, 35, 58, 45, D7, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetExtendedUdpTable + 1E1 76D6B30C 40 Bytes [ 00, 00, 89, 7D, F8, E8, AB, ... ]
.text ...

.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetOwnerModuleFromUdp6Entry + 2 76D6B480 196 Bytes [ 00, 00, EB, 20, 8A, C3, 22, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpErrorString + 39 76D6B546 16 Bytes [ 53, 8B, 5D, 08, 84, DB, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpErrorString + 4A 76D6B557 30 Bytes [ 78, 04, 8B, C6, EB, 2F, 8A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpErrorString + 69 76D6B576 11 Bytes [ FF, FF, 00, EB, 11, 8A, C3, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpErrorString + 75 76D6B582 5 Bytes [ D8, 1B, C0, 25, 1F ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpErrorString + 7B 76D6B588 21 Bytes [ FF, FF, 03, C1, 8B, D3, 23, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6CreateFile + D 76D6B66A 134 Bytes [ 57, 8B, 7D, 14, 33, F6, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6CreateFile + 94 76D6B6F1 22 Bytes [ 02, 00, 00, 56, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6CreateFile + B0 76D6B70D 34 Bytes [ FF, 85, C0, 7D, 05, 6A, 0D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6CreateFile + D3 76D6B730 347 Bytes [ 37, 8B, 75, 08, 8D, 46, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho2 + 150 76D6B88C 28 Bytes [ 6A, FE, 68, 9C, AA, D6, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho2 + 16D 76D6B8A9 50 Bytes [ 85, C0, 7D, 08, 6A, 0D, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho2 + 1A0 76D6B8DC 66 Bytes [ 00, 85, C0, 75, 08, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho2 + 1E4 76D6B920 1 Byte [ E8 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IcmpSendEcho2 + 1E8 76D6B924 57 Bytes CALL 6B4CB87C
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6ParseReplies + 18 76D6B95E 14 Bytes [ 89, 45, DC, 89, 45, D8, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6ParseReplies + 27 76D6B96D 50 Bytes [ 50, 8D, 45, DC, 50, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6SendEcho2 + 35 76D6B9C2 21 Bytes [ 75, F8, C6, 45, FE, 01, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6SendEcho2 + 4B 76D6B9D8 32 Bytes [ 75, 07, 38, 45, FF, 74, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6SendEcho2 + 6C 76D6B9F9 41 Bytes [ 56, FF, 75, F8, 75, 1A, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6SendEcho2 + 11F 76D6BAAC 59 Bytes [ 65, 00, 78, 00, 65, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!Icmp6SendEcho2 + 15B 76D6BAE8 326 Bytes [ 0C, 85, F6, 75, 08, 6A, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!do_echo_rep + 18 76D6BC30 60 Bytes [ 00, 75, 05, 6A, 32, 58, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!do_echo_rep + 55 76D6BC6D 74 Bytes [ 85, C0, 75, 3B, 8B, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!do_echo_rep + A0 76D6BCB8 46 Bytes [ FF, 55, 8B, EC, 83, EC, 3C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!do_echo_rep + CF 76D6BCE7 81 Bytes [ 75, 0C, 85, F6, 75, 08, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!do_echo_rep + 121 76D6BD39 42 Bytes [ FF, 85, C0, 0F, 85, B2, 02, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIfTable + 3A 76D6BDD3 13 Bytes [ FF, 75, 18, 6A, 02, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIfTable + 48 76D6BDE1 46 Bytes [ 00, 33, C9, 3B, C1, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIfTable + 77 76D6BE10 5 Bytes [ 8B, 48, 04, 89, 0A ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIfTable + 7D 76D6BE16 167 Bytes [ 48, 08, 89, 4A, 04, 8B, 48, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpAddrTable + 38 76D6BEBE 6 Bytes [ 85, D2, 0F, 8C, 24, 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpAddrTable + 3F 76D6BEC5 31 Bytes [ 00, 3B, D3, 0F, 8E, 13, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpAddrTable + 60 76D6BEE6 51 Bytes [ 8B, 40, 30, 8B, 50, 18, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpAddrTable + 94 76D6BF1A 53 Bytes [ 15, D4, 10, D6, 76, 8B, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpNetTable + 19 76D6BF50 59 Bytes [ 43, 08, 89, 4D, 10, 76, 54, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpNetTable + 55 76D6BF8C 33 Bytes [ 4A, 34, 6A, 20, 8D, 70, 48, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpNetTable + 7F 76D6BFB6 132 Bytes [ 00, 00, EB, 1E, 8B, 0E, 6B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpForwardTable + 51 76D6C03B 75 Bytes [ FF, EB, 03, 6A, 57, 58, 5E, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetIpForwardTable + 9D 76D6C087 35 Bytes [ EB, 03, 6A, 57, 58, 5E, 5D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetTcpTable + 7 76D6C0AB 33 Bytes [ 05, 6A, 32, 58, EB, 71, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalGetUdpTable + 7 76D6C0CD 49 Bytes [ 0B, FF, 36, FF, 75, 08, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIfEntry + 17 76D6C0FF 8 Bytes [ 0C, 3B, CA, 72, 14, 83, 7D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIfEntry + 20 76D6C108 13 Bytes [ 74, 0E, FF, 75, 10, 51, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIfEntry + 2E 76D6C116 65 Bytes [ EB, 08, 83, C0, 5C, 89, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalCreateIpForwardEntry + 27 76D6C158 158 Bytes [ 00, 56, 8B, 75, 0C, 85, F6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalDeleteIpForwardEntry + 24 76D6C1F7 36 Bytes [ 00, 00, 8B, 40, 30, 8B, 48, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalDeleteIpForwardEntry + 4A 76D6C21D 23 Bytes [ 00, 8D, 70, 08, 56, 52, 51, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIpStats + 1E 76D6C265 17 Bytes [ 89, 07, 39, 0B, 8D, 57, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIpStats + 30 76D6C277 48 Bytes [ 00, 8B, 48, 04, 89, 0A, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalCreateIpNetEntry + 1D 76D6C2A8 3 Bytes [ 81, C2, A0 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalCreateIpNetEntry + 21 76D6C2AC 3 Bytes [ 00, 00, FF ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalCreateIpNetEntry + 25 76D6C2B0 10 Bytes [ 10, 8B, 4D, 10, 3B, 0B, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalCreateIpNetEntry + 30 76D6C2BB 45 Bytes [ 00, EB, BA, 05, 50, 06, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIpNetEntry + 1D 76D6C2EE 18 Bytes [ 00, 8B, 0E, C1, E0, 03, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalSetIpNetEntry + 30 76D6C301 58 Bytes [ 53, FF, 75, 10, 51, 57, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalDeleteIpNetEntry + 25 76D6C33C 28 Bytes [ 45, FC, 69, C0, B0, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!InternalDeleteIpNetEntry + 43 76D6C35A 148 Bytes [ 8D, 70, 08, 56, 52, 51, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIgmpList + 5D 76D6C3EF 8 Bytes [ 05, F0, 06, 00, 00, E9, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIgmpList + 67 76D6C3F9 96 Bytes [ 8B, 0E, 6B, C0, 1C, 8D, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetBlockRoutes + 4B 76D6C45A 30 Bytes [ 75, 15, FF, 75, 14, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetBlockRoutes + 6A 76D6C479 33 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetRouteWithRef + D 76D6C49C 14 Bytes [ 56, FF, 15, C8, 10, D6, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetRouteWithRef + 1D 76D6C4AC 151 Bytes [ 10, 50, 8D, 46, 30, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterIndex + 5F 76D6C544 42 Bytes [ 00, 00, FF, 34, D5, 1C, 4D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterIndex + 8A 76D6C56F 1 Byte [ F6 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterIndex + 8C 76D6C571 42 Bytes [ 1B, FF, 75, FC, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetAdapterIndex + B7 76D6C59C 56 Bytes [ 55, 8B, EC, 8B, 45, 08, 0F, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AddIPAddress + 1B 76D6C5D5 36 Bytes [ 30, 68, F0, B5, D6, 76, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AddIPAddress + 40 76D6C5FA 3 Bytes [ 58, 00, 2D ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AddIPAddress + 44 76D6C5FE 1 Byte [ 25 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AddIPAddress + 46 76D6C600 5 Bytes [ 30, 00, 34, 00, 58 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AddIPAddress + 4C 76D6C606 7 Bytes [ 2D, 00, 25, 00, 30, 00, 34 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteIPAddress + 80 76D6C760 158 Bytes [ 00, 00, EB, 03, 89, 45, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DeleteIPAddress + 11F 76D6C7FF 93 Bytes [ 76, 25, 0F, B6, 4E, 03, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetRTTAndHopCount + 34 76D6C85D 2 Bytes [ 85, B9 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetRTTAndHopCount + 3A 76D6C863 30 Bytes [ 7D, 28, 8D, 74, 07, F8, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetRTTAndHopCount + 59 76D6C882 6 Bytes [ 00, 00, 33, C0, 39, 45 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetRTTAndHopCount + 60 76D6C889 37 Bytes [ 75, 13, 50, 50, 50, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetRTTAndHopCount + 86 76D6C8AF 1 Byte [ 12 ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyRouteChangeEx + 55 76D6CA50 80 Bytes JMP B7525757
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CancelIPChangeNotify + C 76D6CAA1 15 Bytes [ 24, 57, FF, 75, 2C, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CancelIPChangeNotify + 1C 76D6CAB1 5 Bytes [ 75, 14, FF, 75, 10 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CancelIPChangeNotify + 22 76D6CAB7 28 Bytes [ 75, 24, FF, 75, 08, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!CancelIPChangeNotify + 3F 76D6CAD4 13 Bytes [ 75, 10, 51, 51, FF, 75, 24, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!EnableRouter + 9 76D6CAE2 22 Bytes [ 06, 89, 45, 30, FF, 75, 24, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!EnableRouter + 20 76D6CAF9 18 Bytes [ 15, 7C, 11, D6, 76, 50, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!EnableRouter + 33 76D6CB0C 20 Bytes [ F8, EB, 08, 6A, 7A, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!EnableRouter + 48 76D6CB21 64 Bytes [ F8, 5B, 5E, C9, C2, 30, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!EnableRouter + 89 76D6CB62 52 Bytes [ FF, 15, B0, 10, D6, 76, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!UnenableRouter + 30 76D6CB97 21 Bytes CALL CDD6CB9F
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!UnenableRouter + 47 76D6CBAE 70 Bytes [ 75, 14, 88, 5D, FB, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DisableMediaSense + 21 76D6CBF5 90 Bytes [ 76, A1, 10, 48, D7, 76, 89, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!DisableMediaSense + 7C 76D6CC50 220 Bytes [ 48, D7, 76, EB, 02, 89, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IpReleaseAddress + 7 76D6CD2E 18 Bytes [ 33, C0, 5F, 5E, 5B, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IpReleaseAddress + 1A 76D6CD41 27 Bytes [ 02, 2B, 00, 00, 75, 04, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IpReleaseAddress + 36 76D6CD5D 179 Bytes [ 74, 1F, 3B, F7, 74, 0B, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IpRenewAddress + 58 76D6CE11 33 Bytes [ 83, C1, 0C, 57, 8B, F8, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!IpRenewAddress + 7A 76D6CE33 102 Bytes [ 75, 10, FF, 75, 0C, 6A, 01, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SendARP + 51 76D6CE9A 41 Bytes [ 85, C0, 74, 7B, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyRouteChange + 16 76D6CEC4 54 Bytes [ 00, 85, C0, 75, 64, FF, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyRouteChange + 4E 76D6CEFC 32 Bytes [ 00, 57, 8B, F8, 8B, C1, C1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyRouteChange + 6F 76D6CF1D 81 Bytes [ 75, 0C, 6A, 01, 56, E8, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyRouteChange + DE 76D6CF8C 57 Bytes [ 06, 75, 0D, FF, 75, 08, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NotifyRouteChange + 119 76D6CFC7 60 Bytes [ 5F, EB, 14, 6A, 00, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetInterfaceNameFromGuid + 35 76D6D525 29 Bytes [ C0, 0A, 69, C0, 04, 01, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetInterfaceNameFromGuid + 53 76D6D543 34 Bytes [ 04, 6A, 08, EB, 66, 56, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetGuidFromInterfaceName + E 76D6D566 67 Bytes [ 75, 08, FF, 15, C4, 10, D6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetGuidFromInterfaceName + 52 76D6D5AA 38 Bytes [ EB, 03, 6A, 57, 58, 5F, 5B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetGuidFromInterfaceName + 79 76D6D5D1 53 Bytes [ 7D, 08, 83, FF, FF, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetGuidFromInterfaceName + AF 76D6D607 82 Bytes [ 85, FF, 0F, 84, BA, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhGetGuidFromInterfaceName + 102 76D6D65A 194 Bytes [ 74, 6D, 8B, 35, CC, 10, D6, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetBestRouteFromStack + 23 76D6DBAA 358 Bytes [ 12, 00, 50, FF, 15, 9C, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NhpGetInterfaceIndexFromStack + A7 76D6DD11 105 Bytes [ 00, FF, 75, 08, FF, D6, 85, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpTableFromStack + 96 76D6DDAC 14 Bytes [ 8A, CD, D6, 76, 93, CD, D6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpTableFromStack + A5 76D6DDBB 56 Bytes [ 68, 38, CE, D6, 76, E8, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetTcpEntryToStack + 33 76D6DDF4 23 Bytes [ 3B, D8, 77, 05, 6A, 57, 58, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetTcpEntryToStack + 4B 76D6DE0C 5 Bytes [ 50, E8, 59, 5F, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetTcpEntryToStack + 51 76D6DE12 39 Bytes [ 89, 45, E4, EB, 14, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetTcpEntryToStack + 7A 76D6DE3B 123 Bytes [ FF, 1C, CE, D6, 76, 25, CE, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTableFromStack + A4 76D6DF8B 30 Bytes [ 89, 45, FC, 8B, 45, 08, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTableFromStack + C3 76D6DFAA 18 Bytes [ 50, FF, 15, C8, 11, D6, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTableFromStack + D6 76D6DFBD 3 Bytes [ 85, 9C, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTableFromStack + DA 76D6DFC1 25 Bytes [ FF, 50, 68, 02, 00, 00, 80, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpNetTableFromStack + F4 76D6DFDB 40 Bytes [ 90, 90, 90, 90, 90, 53, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStackEx + 4D 76D6E092 3 Bytes [ 74, 00, 69 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStackEx + 51 76D6E096 1 Byte [ 6F ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStackEx + 53 76D6E098 61 Bytes [ 6E, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIpStatsFromStackEx + 91 76D6E0D6 14 Bytes [ 8B, 00, 3B, C2, 75, EB, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpStatsToStack + 9 76D6E0E5 13 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpStatsToStack + 2B 76D6E107 40 Bytes [ 08, 8D, 7E, F8, 8D, 47, 20, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpStatsToStack + 54 76D6E130 22 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpStatsToStack + 6B 76D6E147 218 Bytes [ 15, D4, 10, D6, 76, 8B, D8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatsFromStack + 1 76D6E222 85 Bytes [ 08, 8D, 55, F4, 52, 53, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatsFromStack + 58 76D6E279 10 Bytes [ 00, 8D, 55, F8, 8D, B4, 9D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetIcmpStatsFromStack + 63 76D6E284 128 Bytes [ 8B, 06, 8B, 08, 52, 50, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatsFromStackEx + 71 76D6E305 50 Bytes [ 95, 6C, FF, FF, FF, 52, 6A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatsFromStack + D 76D6E338 26 Bytes [ 00, 74, 06, FF, 15, 40, 40, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatsFromStack + 28 76D6E353 15 Bytes [ 80, 5F, C1, 27, 0E, A2, 56, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatsFromStack + 38 76D6E363 36 Bytes [ 80, 5F, C1, 27, 0E, 90, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpStatsFromStack + 5E 76D6E389 96 Bytes [ 83, 7D, 18, 00, 75, 4A, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpStatsFromStackEx + 92 76D6E430 103 Bytes [ 6D, 00, 65, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpStatsFromStack + 63 76D6E498 125 Bytes [ 56, 57, 6A, 25, BE, 20, 41, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpNetEntryToStack + 6E 76D6E516 47 Bytes [ FF, 75, 0C, FF, 75, 08, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpNetEntryToStack + 9E 76D6E546 3 Bytes [ 18, 01, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpNetEntryToStack + A2 76D6E54A 23 Bytes [ 00, EB, AF, 5F, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpNetEntryToStack + BA 76D6E562 174 Bytes [ 00, 57, 33, FF, 39, 3D, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetProxyArpEntryToStack + 2D 76D6E611 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetProxyArpEntryToStack + 50 76D6E634 101 Bytes [ 8B, 02, 3B, C2, 75, 05, EB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetProxyArpEntryToStack + B8 76D6E69C 12 Bytes [ 8D, 43, 20, 56, 50, FF, 15, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetProxyArpEntryToStack + C5 76D6E6A9 1 Byte [ 08 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetProxyArpEntryToStack + C7 76D6E6AB 31 Bytes [ 40, 10, 59, 59, 8B, 4D, FC, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpRouteEntryToStack + E 76D6E7BC 8 Bytes [ 06, 75, 08, 6A, 08, 58, E9, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpRouteEntryToStack + 17 76D6E7C5 21 Bytes [ 00, 00, C7, 00, 05, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpRouteEntryToStack + 2D 76D6E7DB 24 Bytes [ 06, 8B, 08, 69, C9, 38, 06, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpRouteEntryToStack + 46 76D6E7F4 28 Bytes [ F8, 50, 8B, 06, 83, C0, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpRouteEntryToStack + 63 76D6E811 82 Bytes [ 42, D7, 76, FF, 15, D8, 10, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpMultihopRouteEntryToStack + 67 76D6E89B 130 Bytes [ 00, A1, B8, 40, D7, 76, 83, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIfEntryToStack + 6 76D6E91E 2 Bytes [ 72, FE ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIfEntryToStack + A 76D6E922 57 Bytes [ FF, B5, CC, FD, FF, FF, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIfEntryToStack + 44 76D6E95C 25 Bytes [ 8D, 85, D4, FD, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIfEntryToStack + 5E 76D6E976 33 Bytes [ 15, 24, 11, D6, 76, 59, 59, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIfEntryToStack + 85 76D6E99D 6 Bytes [ 89, 85, D0, FD, FF, FF ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpTableFromStack 76D6E9AF 5 Bytes [ 04, 00, 00, EB, 28 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpTableFromStack + 6 76D6E9B5 68 Bytes [ C7, 20, 57, FF, 15, 18, 11, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpTableFromStack + 4B 76D6E9FA 44 Bytes [ 72, 00, 61, 00, 73, 00, 5C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpTableFromStack + 78 76D6EA27 161 Bytes [ 49, D7, 76, FF, 75, 08, 33, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpNetTableFromStack + 23 76D6EAC9 38 Bytes [ 90, 90, 90, 72, 00, 6F, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpNetTableFromStack + 4A 76D6EAF0 31 Bytes [ 45, D7, 76, 56, 33, F6, 3B, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpNetTableFromStack + 6A 76D6EB10 39 Bytes [ 75, 08, 68, 04, 80, 12, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpNetTableFromStack + 92 76D6EB38 7 Bytes [ 45, F8, 3B, C6, 7D, 09, 50 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetIpNetTableFromStack + 9A 76D6EB40 13 Bytes [ 15, 7C, 11, D6, 76, EB, 02, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpForwardEntryToStack + 3D 76D6EB99 38 Bytes [ 45, FC, C7, 45, C0, 33, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpForwardEntryToStack + 65 76D6EBC1 2 Bytes [ DC, 8B ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetIpForwardEntryToStack + 68 76D6EBC4 42 Bytes [ 0C, 89, 45, E0, 8D, 45, BC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpExTable2FromStack + 18 76D6EBEF 12 Bytes [ C7, 45, D0, 00, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpExTable2FromStack + 26 76D6EBFD 1 Byte [ C7 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpExTable2FromStack + 28 76D6EBFF 75 Bytes [ BC, 34, 00, 00, 00, E8, 71, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpExTable2FromStack + 74 76D6EC4B 40 Bytes [ 18, 8B, 4D, AC, 89, 4E, 1C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetTcpExTable2FromStack + F1 76D6ECC8 24 Bytes [ FF, 75, 08, FF, D6, 8D, 44, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpExTable2FromStack + 21 76D6EFB2 2 Bytes [ D0, 33 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpExTable2FromStack + 24 76D6EFB5 28 Bytes [ 8D, 7D, E0, AB, AB, AB, AB, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpExTable2FromStack + 41 76D6EFD2 18 Bytes [ 85, C0, 74, 09, C7, 45, F8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpExTable2FromStack + 54 76D6EFE5 54 Bytes [ 6A, 18, 33, D2, 59, F7, F1, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpExTableFromStack + C 76D6F01C 50 Bytes [ 50, FF, 75, F0, FF, 15, 08, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetTcpExTableFromStack + 3F 76D6F04F 100 Bytes [ 75, 0C, 83, FE, 02, 74, 0A, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpExTable2FromStack + 27 76D6F0B4 21 Bytes [ 08, 8D, 45, FC, 50, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpExTable2FromStack + 92 76D6F11F 3 Bytes [ C7, 45, 8C ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpExTable2FromStack + 96 76D6F123 1 Byte [ 01 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpExTable2FromStack + 98 76D6F125 8 Bytes [ 00, C7, 45, 80, 01, 03, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!GetUdpExTable2FromStack + A2 76D6F12F 264 Bytes [ 90, 01, 00, 00, 00, 8D, 7D, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetUdpExTable2FromStack + 1A 76D6F302 123 Bytes [ 75, 08, 8D, 45, FC, 50, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetUdpExTableFromStack + 14 76D6F37E 69 Bytes [ F8, 24, 00, 00, 00, C7, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetUdpExTableFromStack + 5A 76D6F3C4 12 Bytes [ 08, 39, 05, 80, 40, D7, 76, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetUdpExTableFromStack + 68 76D6F3D2 65 Bytes [ 39, 05, F8, 40, D7, 76, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetUdpExTableFromStack + AB 76D6F415 8 Bytes [ 50, 56, C7, 45, FC, 24, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!AllocateAndGetUdpExTableFromStack + B4 76D6F41E 42 Bytes [ C7, 45, 0C, 3C, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfRemoveFiltersFromInterface@20 + 8 76D6F54C 13 Bytes [ C0, 89, 75, C8, 50, 8D, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfRemoveFiltersFromInterface@20 + 17 76D6F55B 158 Bytes [ C7, 45, C4, 80, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfRemoveGlobalFilterFromInterface@8 + 3C 76D6F64F 33 Bytes [ EB, 12, FF, 75, 10, E8, 75, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfUnBindInterface@4 + 1D 76D6F671 10 Bytes [ DC, 10, D6, 76, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfUnBindInterface@4 + 28 76D6F67C 6 Bytes [ D0, 80, 02, 00, 00, 0F ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfUnBindInterface@4 + 2F 76D6F683 9 Bytes [ C0, 89, 5D, D4, C7, 45, DC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfUnBindInterface@4 + 39 76D6F68D 20 Bytes [ 00, C7, 45, D8, 00, 03, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfBindInterfaceToIndex@16 + 10 76D6F6A2 9 Bytes [ 00, 89, 7D, C8, 40, 89, 45, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfBindInterfaceToIndex@16 + 1A 76D6F6AC 48 Bytes [ 08, 89, 45, EC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfBindInterfaceToIndex@16 + 4B 76D6F6DD 106 Bytes [ FF, 55, 8B, EC, 83, EC, 30, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfBindInterfaceToIndex@16 + B6 76D6F748 189 Bytes [ C7, 45, D8, 00, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfRebindFilters@8 + 1D 76D6F806 49 Bytes [ 00, 8D, 7D, C0, F3, A5, 8D, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfMakeLog@4 + 10 76D6F881 74 Bytes [ 8D, 45, FC, 50, 56, 68, 74, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfGetInterfaceStatistics@16 + 31 76D6F8CC 53 Bytes [ F8, 50, 8D, 45, 08, 50, 68, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfTestPacket@20 + 12 76D6F903 75 Bytes [ 85, C0, 74, 03, 50, FF, D6, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfTestPacket@20 + 5E 76D6F94F 3 Bytes [ 03, 00, 00 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfTestPacket@20 + 62 76D6F953 1 Byte [ 47 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfTestPacket@20 + 64 76D6F955 1 Byte [ 75 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!_PfTestPacket@20 + 66 76D6F957 17 Bytes [ FF, B6, 00, 02, 00, 00, EB, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTTimeToNTPTime + 14 76D70C29 2 Bytes [ 90, 11 ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTTimeToNTPTime + 18 76D70C2D 114 Bytes [ 3B, C6, 7C, 1A, 8B, 45, E0, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTTimeToNTPTime + 8B 76D70CA0 72 Bytes [ 00, 00, 00, EB, 33, 6A, 04, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTTimeToNTPTime + D7 76D70CEC 20 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTPTimeToNTFileTime + 14 76D70D01 33 Bytes [ 55, 08, 33, C0, 6A, 0A, 59, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTPTimeToNTFileTime + 36 76D70D23 64 Bytes [ D4, 89, 45, E0, 89, 45, E8, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTPTimeToNTFileTime + 77 76D70D64 17 Bytes [ 45, EC, 89, 5E, 24, 89, 46, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTPTimeToNTFileTime + 89 76D70D76 3 Bytes [ 46, 24, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!NTPTimeToNTFileTime + 8D 76D70D7A 158 Bytes [ C6, 5E, 5B, C9, C2, 18, 00, ... ]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + 93 76D71FE9 35 Bytes [ FF, 55, 8B, EC, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + B7 76D7200D 55 Bytes [ 4D, 0C, 75, F1, 83, 7D, 0C, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + EF 76D72045 74 Bytes [ F8, 3B, F0, 75, 07, B8, 57, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + 13B 76D72091 37 Bytes [ D7, 8B, D0, 85, D2, 75, 13, ... ]
.text C:\WINDOWS\system32\winlogon.exe[220] iphlpapi.dll!SetAdapterIpAddress + 161 76D720B7 73 Bytes [ 66, C7, 02, 17, 00, 8B, 48, ... ]
.text ...

---- EOF - GMER 1.0.14 ----

:thumbsup: Thank U!

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 04 November 2008 - 05:34 AM

Hi I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Avast.
============================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:

  • Malware Bytes log
  • New Rsit log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 04 November 2008 - 09:20 AM

Which program do you suggest I keep: AVG or Avast?

:thumbsup:

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 04 November 2008 - 08:52 PM

Personally I recommend AVG as it seems to have a better detection rate as opposed to AVast.

Edited by kahdah, 04 November 2008 - 08:53 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 Crystal_Rod

Crystal_Rod
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 06 November 2008 - 12:50 AM

I've uninstalled Avast and ran the requested scans. Here are the logs:

MALWARE Log:

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 5.1.2600 Service Pack 3

11/5/2008 10:46:47 PM
mbam-log-2008-11-05 (22-46-47).txt

Scan type: Quick Scan
Objects scanned: 54055
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8442f24e-2431-4d11-87db-88b51cd4b3a5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8442f24e-2431-4d11-87db-88b51cd4b3a5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vysvin.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\BM230b4efe.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM230b4efe.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.


New RSIT Log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-05 22:47:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 114 GB (78%) free of 147 GB
Total RAM: 511 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:00 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168461538718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168475393218
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://www.imikimi.com/download/imikimi_plugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: vysvin.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6122 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-04 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03 98304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-23 1234712]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20387d62]
C:\WINDOWS\system32\ebightvq.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2005-07-22 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
C:\WINDOWS\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\Program Files\Zune\ZuneLauncher.exe [2008-04-29 158624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2003-10-10 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
C:\PROGRA~1\VERIZO~1\VCASTM~1\VCASTM~1.EXE [2005-11-30 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vysvin.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcCusSK
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10cf6325-9231-11dd-bc9c-000ea65077dd}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-05 21:36:07 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-05 21:36:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-05 21:36:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-03 20:27:12 ----A---- C:\WINDOWS\gmer.ini
2008-11-03 20:27:09 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-03 20:27:09 ----A---- C:\WINDOWS\gmer.dll
2008-11-03 20:27:08 ----A---- C:\WINDOWS\gmer.exe
2008-11-03 20:24:54 ----D---- C:\rsit
2008-11-02 21:44:56 ----D---- C:\Program Files\Trend Micro
2008-11-02 20:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-02 20:51:20 ----D---- C:\Program Files\Stinger
2008-11-02 20:49:32 ----N---- C:\WINDOWS\system32\SET3F.tmp
2008-11-02 20:49:32 ----N---- C:\WINDOWS\system32\SET3B.tmp
2008-11-02 20:33:59 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-11-02 20:33:38 ----A---- C:\WINDOWS\zllsputility.exe
2008-11-02 20:33:37 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-11-02 20:33:24 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-11-02 20:33:24 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-11-02 20:33:23 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-11-02 20:33:23 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-11-02 20:33:19 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-02 20:33:19 ----D---- C:\Program Files\Zone Labs
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-11-02 20:33:19 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-11-02 20:32:38 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-02 20:32:37 ----D---- C:\WINDOWS\Internet Logs
2008-11-02 20:32:37 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-11-02 20:32:37 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-01 16:45:08 ----HDC---- C:\WINDOWS\ie7
2008-11-01 16:19:33 ----D---- C:\WINDOWS\Prefetch
2008-11-01 16:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 16:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 16:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 16:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 16:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 16:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 16:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 16:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 15:59:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-01 15:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 15:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 15:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-01 15:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 15:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 15:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 15:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-01 15:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 15:45:43 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-01 15:45:43 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-01 15:45:42 ----N---- C:\WINDOWS\system32\proxycfg.exe
2008-11-01 15:45:42 ----N---- C:\WINDOWS\system32\logman.exe
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\bthci.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-01 15:45:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-11-01 15:45:36 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\ieencode.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fltmc.exe
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\fltlib.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-01 15:45:35 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-01 15:45:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-01 15:45:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-01 15:45:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\p2p.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-01 15:45:32 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\twext.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-01 15:45:31 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wscsvc.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wscntfy.exe
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-01 15:45:30 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-01 15:45:29 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-01 15:45:29 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-11-01 15:45:29 ----N---- C:\WINDOWS\slrundll.exe
2008-11-01 15:45:27 ----D---- C:\WINDOWS\system32\scripting
2008-11-01 15:45:26 ----D---- C:\WINDOWS\l2schemas
2008-11-01 15:45:25 ----D---- C:\WINDOWS\system32\en
2008-11-01 15:42:54 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 15:38:37 ----A---- C:\WINDOWS\002804_.tmp
2008-11-01 15:35:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-01 14:58:34 ----D---- C:\44e6996da51994411c11231baa
2008-11-01 12:38:10 ----D---- C:\Program Files\Lavasoft
2008-11-01 12:38:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-01 12:29:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-31 16:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-31 16:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-31 16:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-31 16:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-31 16:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-31 16:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-25 15:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-25 15:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-23 18:12:33 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-10-23 18:12:33 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-10-23 18:12:32 ----D---- C:\Program Files\Uniblue
2008-10-23 18:10:16 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-23 17:52:11 ----D---- C:\15feb343f47049fc4b29b9b833dc
2008-10-23 17:43:58 ----ASH---- C:\WINDOWS\system32\fywglsok.ini
2008-10-23 17:42:30 ----D---- C:\11663c4aaa758fe1074d
2008-10-11 16:31:53 ----SHD---- C:\RECYCLER

======List of files/folders modified in the last 1 months======

2008-11-05 22:47:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-05 22:46:46 ----D---- C:\WINDOWS\system32
2008-11-05 22:46:46 ----D---- C:\WINDOWS
2008-11-05 21:42:33 ----SD---- C:\WINDOWS\Tasks
2008-11-05 21:41:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-05 21:41:39 ----D---- C:\WINDOWS\Temp
2008-11-05 21:36:05 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 21:36:02 ----RD---- C:\Program Files
2008-11-02 20:53:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-02 20:53:27 ----D---- C:\WINDOWS\system32\en-US
2008-11-02 20:53:27 ----D---- C:\Program Files\Internet Explorer
2008-11-02 20:53:07 ----D---- C:\WINDOWS\ie7updates
2008-11-02 20:53:05 ----HD---- C:\WINDOWS\inf
2008-11-02 20:52:30 ----A---- C:\WINDOWS\imsins.BAK
2008-11-02 20:50:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-02 11:37:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-02 01:46:20 ----D---- C:\WINDOWS\Help
2008-11-02 01:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 17:32:14 ----HD---- C:\$AVG8.VAULT$
2008-11-01 16:47:18 ----D---- C:\WINDOWS\WBEM
2008-11-01 16:47:11 ----D---- C:\WINDOWS\Media
2008-11-01 16:22:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 16:20:43 ----SHD---- C:\WINDOWS\Installer
2008-11-01 16:20:28 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-01 16:19:26 ----A---- C:\WINDOWS\setuplog.txt
2008-11-01 16:18:28 ----D---- C:\WINDOWS\AppPatch
2008-11-01 16:18:27 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 16:18:26 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 16:18:25 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 15:55:42 ----D---- C:\WINDOWS\security
2008-11-01 15:52:00 ----D---- C:\Program Files\Messenger
2008-11-01 15:48:05 ----RASH---- C:\boot.ini
2008-11-01 15:45:51 ----D---- C:\WINDOWS\WinSxS
2008-11-01 15:45:41 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 15:45:41 ----D---- C:\WINDOWS\ime
2008-11-01 15:45:28 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 15:45:28 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 15:45:24 ----D---- C:\WINDOWS\system32\bits
2008-11-01 15:45:24 ----D---- C:\WINDOWS\peernet
2008-11-01 15:45:24 ----D---- C:\Program Files\Movie Maker
2008-11-01 15:42:46 ----D---- C:\WINDOWS\system32\Restore
2008-11-01 15:42:46 ----D---- C:\WINDOWS\system32\npp
2008-11-01 15:42:45 ----D---- C:\WINDOWS\msagent
2008-11-01 15:42:43 ----D---- C:\WINDOWS\srchasst
2008-11-01 15:42:42 ----D---- C:\Program Files\NetMeeting
2008-11-01 15:42:41 ----D---- C:\WINDOWS\system32\Com
2008-11-01 15:42:38 ----D---- C:\Program Files\Windows Media Player
2008-11-01 15:42:37 ----D---- C:\Program Files\Windows NT
2008-11-01 15:42:37 ----D---- C:\Program Files\Outlook Express
2008-11-01 15:42:33 ----D---- C:\Program Files\Common Files\System
2008-11-01 15:42:12 ----D---- C:\WINDOWS\system
2008-11-01 15:40:31 ----RD---- C:\WINDOWS\Web
2008-11-01 15:40:09 ----RASH---- C:\NTDETECT.COM
2008-11-01 15:38:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 15:35:10 ----D---- C:\WINDOWS\EHome
2008-11-01 12:19:01 ----D---- C:\Program Files\r2 Studios
2008-11-01 12:18:49 ----D---- C:\Program Files\SpywareGuard
2008-10-31 16:34:22 ----A---- C:\WINDOWS\win.ini
2008-10-26 12:20:54 ----D---- C:\Program Files\SDFix
2008-10-25 15:11:54 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-25 15:06:18 ----D---- C:\WINDOWS\system32\config
2008-10-23 17:52:02 ----ASH---- C:\WINDOWS\system32\KSsuCcfe.ini
2008-10-23 17:49:26 ----ASH---- C:\WINDOWS\system32\KSsuCcfe.ini2
2008-10-23 17:42:29 ----A---- C:\WINDOWS\system32\2b1bb91c-.txt
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 16:21:16 ----D---- C:\Documents and Settings
2008-10-11 16:06:00 ----A---- C:\WINDOWS\system.ini
2008-10-11 16:05:02 ----D---- C:\QooBox
2008-10-11 16:04:44 ----D---- C:\Program Files\Common Files
2008-10-07 16:30:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-21 54784]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-04 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-04 26824]
S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
S1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-04 76040]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-03 85969]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-01 652497]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-08-19 1343803]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 snpstd2;GE 98067 MiniCam Pro; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [2004-12-16 347264]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-11 265344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-02 611664]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-04 875288]
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]

-----------------EOF-----------------

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:27 PM

Posted 06 November 2008 - 06:12 AM

Looks better one more scan to double check.

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users