.text ntdll.dll!NtClose 7C90D586 5 Bytes JMP 72033FAA .text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 72034135 .text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 72034019 .text ntdll.dll!NtCreateSection 7C90D793 5 Bytes JMP 72033FC8 ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!SetAdapterIpAddress + FFFEEBD1 76D511F4 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!SetAdapterIpAddress + FFFEEBD9 76D511FC 2 Bytes [00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!SetAdapterIpAddress + FFFEEBDD 76D51200 1 Byte [00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!SetAdapterIpAddress + FFFEEBE1 76D51204 1 Byte [00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!SetAdapterIpAddress + FFFEEBE5 76D51208 1 Byte [00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpStatsFromStack + 14 76D5274C 5 Bytes [00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpStatsFromStack + 1A 76D52752 8 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpStatsFromStack + 24 76D5275C 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpStatsFromStack + 28 76D52760 1 Byte [00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpStatsFromStack + 2B 76D52763 3 Bytes [00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetInterfaceInfo + C 76D52851 53 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetInterfaceInfo + 43 76D52888 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetInterfaceInfo + 47 76D5288C 8 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetInterfaceInfo + 51 76D52896 13 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetInterfaceInfo + 5F 76D528A4 2 Bytes [00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdapterOrderMap + 36 76D52909 8 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdapterOrderMap + 40 76D52913 17 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdapterOrderMap + 53 76D52926 31 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdapterOrderMap + 74 76D52947 8 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdapterOrderMap + 7E 76D52951 20 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetUniDirectionalAdapterInfo + 14 76D52D58 13 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetUniDirectionalAdapterInfo + 22 76D52D66 1 Byte [00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetUniDirectionalAdapterInfo + 24 76D52D68 14 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetUniDirectionalAdapterInfo + 33 76D52D77 20 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetUniDirectionalAdapterInfo + 49 76D52D8D 5 Bytes [00, 00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTableFromStack + 14 76D53ADA 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTableFromStack + 1A 76D53AE0 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTableFromStack + 1E 76D53AE4 12 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTableFromStack + 2C 76D53AF2 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTableFromStack + 30 76D53AF6 1 Byte [00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntryFromStack + 9 76D53B69 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntryFromStack + F 76D53B6F 11 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntryFromStack + 1B 76D53B7B 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntryFromStack + 21 76D53B81 17 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntryFromStack + 33 76D53B93 4 Bytes [00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTable + 14 76D53C08 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTable + 1A 76D53C0E 10 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTable + 26 76D53C1A 18 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTable + 3A 76D53C2E 15 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIpAddrTable + 4B 76D53C3F 22 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersAddresses + 1D 76D53D6A 21 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersAddresses + 33 76D53D80 5 Bytes [00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersAddresses + 39 76D53D86 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersAddresses + 40 76D53D8D 23 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersAddresses + 5A 76D53DA7 4 Bytes [00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpSendEcho + 1A 76D54C4B 55 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpSendEcho + 53 76D54C84 26 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpSendEcho + 6E 76D54C9F 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpSendEcho + 74 76D54CA5 30 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpSendEcho + 93 76D54CC4 4 Bytes [00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpParseReplies + 12 76D54DA0 6 Bytes [00, 00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpParseReplies + 1B 76D54DA9 5 Bytes [00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpParseReplies + 22 76D54DB0 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpParseReplies + 28 76D54DB6 14 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpParseReplies + 39 76D54DC7 30 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCloseHandle + C 76D54DF7 17 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCloseHandle + 1F 76D54E0A 6 Bytes [00, 00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCloseHandle + 26 76D54E11 52 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCreateFile + 32 76D54E48 16 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCreateFile + 45 76D54E5B 9 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCreateFile + 51 76D54E67 7 Bytes [00, 00, 00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCreateFile + 5B 76D54E71 18 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!IcmpCreateFile + 6F 76D54E85 62 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTableFromStack + 10 76D55125 33 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTableFromStack + 33 76D55148 16 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTableFromStack + 44 76D55159 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTableFromStack + 4A 76D5515F 11 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTableFromStack + 57 76D5516C 3 Bytes [00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTable + 1F 76D5521A 10 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTable + 2B 76D55226 18 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTable + 3F 76D5523A 13 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTable + 4E 76D55249 6 Bytes [00, 00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfTable + 57 76D55252 5 Bytes [00, 00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetNumberOfInterfaces + 14 76D5533A 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetNumberOfInterfaces + 1A 76D55340 10 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetNumberOfInterfaces + 26 76D5534C 2 Bytes [00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetNumberOfInterfaces + 29 76D5534F 2 Bytes [00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetNumberOfInterfaces + 2E 76D55354 6 Bytes [00, 00, 00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 2D 76D55DB9 9 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 39 76D55DC5 17 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 4C 76D55DD8 17 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 5F 76D55DEB 57 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetArpEntTableFromStack + 99 76D55E25 71 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersInfo + 1D 76D5615E 20 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersInfo + 33 76D56174 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersInfo + 37 76D56178 5 Bytes [00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersInfo + 3E 76D5617F 11 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetAdaptersInfo + 4B 76D5618C 28 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NotifyAddrChange + 15 76D563FB 7 Bytes [00, 00, 00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NotifyAddrChange + 1E 76D56404 17 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NotifyAddrChange + 31 76D56417 13 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NotifyAddrChange + 40 76D56426 16 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NotifyAddrChange + 52 76D56438 13 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + F 76D56478 24 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + 2A 76D56493 21 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + 41 76D564AA 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + 45 76D564AE 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpAddrTableFromStack + 4B 76D564B4 18 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntry + 12 76D564E7 22 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntry + 29 76D564FE 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntry + 2F 76D56504 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntry + 34 76D56509 1 Byte [00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetIfEntry + 37 76D5650C 10 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetPerAdapterInfo + 1D 76D5686E 20 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetPerAdapterInfo + 33 76D56884 3 Bytes [00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetPerAdapterInfo + 37 76D56888 15 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetPerAdapterInfo + 48 76D56899 28 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!GetPerAdapterInfo + 66 76D568B7 19 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + A 76D56B68 19 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + 20 76D56B7E 12 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + 2E 76D56B8C 27 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + 4B 76D56BA9 16 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhGetInterfaceNameFromDeviceGuid + 5C 76D56BBA 19 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 27 76D56BFA 10 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 33 76D56C06 21 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 4B 76D56C1E 10 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 57 76D56C2A 2 Bytes [00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!NhpAllocateAndGetInterfaceInfoFromStack + 5A 76D56C2D 12 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIfTableFromStack + 28 76D570C3 4 Bytes [00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIfTableFromStack + 2E 76D570C9 21 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIfTableFromStack + 45 76D570E0 7 Bytes [00, 00, 00, 00, 00, 00, 00] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIfTableFromStack + 4E 76D570E9 15 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIfTableFromStack + 5E 76D570F9 7 Bytes [00, 00, 00, 00, 00, 00, 00] .text … .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpForwardTableFromStack + 2E 76D571BF 22 Bytes [00, 00, 00, 00, 00, 00, 00, …] .text C:\WINDOWS\explorer.exe[304] iphlpapi.dll!AllocateAndGetIpForwardTableFromStack + 45 76D571D6 9 Bytes [00, 00, 00, 00, 00, 00, 00, …]