Sick Desktop Computer "virus called tr/crypt.zpack.gen"

ntoskrnl.exe+0x0013D8EE, Type: Inline - RelativeJump 0x806148EE-->80599EC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D976, Type: Inline - RelativeJump 0x80614976-->805E9F51 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D97B, Type: Inline - RelativeJump 0x8061497B-->8061498B [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9A9, Type: Inline - RelativeJump 0x806149A9-->806149BB [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9BD, Type: Inline - RelativeJump 0x806149BD-->8059B3DD [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9C9, Type: Inline - RelativeJump 0x806149C9-->8059B3DD [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9D1, Type: Inline - RelativeCall 0x806149D1-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9D9, Type: Inline - RelativeJump 0x806149D9-->8059B476 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9DF, Type: Inline - RelativeJump 0x806149DF-->806149BD [ntoskrnl.exe]
ntoskrnl.exe+0x0013DB9E, Type: Inline - RelativeJump 0x80614B9E-->80614BC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DD62, Type: Inline - RelativeJump 0x80614D62-->80614D86 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DED0, Type: Inline - RelativeJump 0x80614ED0-->80614EDA [ntoskrnl.exe]
ntoskrnl.exe+0x0013DF2A, Type: Inline - RelativeJump 0x80614F2A-->80614F34 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DF3C, Type: Inline - RelativeJump 0x80614F3C-->80614F46 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DFBA, Type: Inline - RelativeJump 0x80614FBA-->80615037 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E15F, Type: Inline - RelativeJump 0x8061515F-->8061514B [ntoskrnl.exe]
ntoskrnl.exe+0x0013E328, Type: Inline - RelativeJump 0x80615328-->805D4676 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E332, Type: Inline - RelativeCall 0x80615332-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E3DB, Type: Inline - RelativeJump 0x806153DB-->806153EF [ntoskrnl.exe]
ntoskrnl.exe+0x0013E45D, Type: Inline - RelativeCall 0x8061545D-->804F7BCC [ntoskrnl.exe]
ntoskrnl.exe+0x0013E51E, Type: Inline - RelativeJump 0x8061551E-->8061553C [ntoskrnl.exe]
ntoskrnl.exe+0x0013E766, Type: Inline - RelativeJump 0x80615766-->8061576B [ntoskrnl.exe]
ntoskrnl.exe+0x0013E89F, Type: Inline - RelativeJump 0x8061589F-->806158BE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E8E8, Type: Inline - RelativeCall 0x806158E8-->805DA670 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E8EE, Type: Inline - RelativeJump 0x806158EE-->805788B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9DD, Type: Inline - RelativeJump 0x806159DD-->805997EE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9E8, Type: Inline - RelativeJump 0x806159E8-->805997EE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9ED, Type: Inline - RelativeCall 0x806159ED-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9F4, Type: Inline - RelativeJump 0x806159F4-->80615A66 [ntoskrnl.exe]
ntoskrnl.exe+0x0013ED4B, Type: Inline - RelativeCall 0x80615D4B-->8061C3F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F4CB, Type: Inline - DirectCall 0x806164CB-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0013F58E, Type: Inline - RelativeJump 0x8061658E-->80616592 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F70E, Type: Inline - RelativeJump 0x8061670E-->805D45B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F9F1, Type: Inline - RelativeJump 0x806169F1-->80616A07 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F9F8, Type: Inline - RelativeJump 0x806169F8-->80616A11 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FB93, Type: Inline - RelativeJump 0x80616B93-->80616B85 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FC7C, Type: Inline - RelativeCall 0x80616C7C-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0013FC95, Type: Inline - RelativeJump 0x80616C95-->80616CD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FE93, Type: Inline - RelativeJump 0x80616E93-->805C8BE1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FEA1, Type: Inline - RelativeJump 0x80616EA1-->805C8BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00140007, Type: Inline - RelativeCall 0x80617007-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014000F, Type: Inline - RelativeCall 0x8061700F-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00140019, Type: Inline - RelativeJump 0x80617019-->805B7773 [ntoskrnl.exe]
ntoskrnl.exe+0x0014001E, Type: Inline - RelativeJump 0x8061701E-->80587A97 [ntoskrnl.exe]
ntoskrnl.exe+0x00140163, Type: Inline - RelativeJump 0x80617163-->805D69E0 [ntoskrnl.exe]
ntoskrnl.exe+0x00140168, Type: Inline - RelativeCall 0x80617168-->80587586 [ntoskrnl.exe]
ntoskrnl.exe+0x00140194, Type: Inline - RelativeJump 0x80617194-->805E135F [ntoskrnl.exe]
ntoskrnl.exe+0x001401A0, Type: Inline - PushRet 0x806171A0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014030A, Type: Inline - RelativeJump 0x8061730A-->8061731A [ntoskrnl.exe]
ntoskrnl.exe+0x0014031C, Type: Inline - RelativeJump 0x8061731C-->80586ED9 [ntoskrnl.exe]
ntoskrnl.exe+0x00140324, Type: Inline - RelativeJump 0x80617324-->80586EEC [ntoskrnl.exe]
ntoskrnl.exe+0x001407E2, Type: Inline - RelativeJump 0x806177E2-->80587179 [ntoskrnl.exe]
ntoskrnl.exe+0x001407E7, Type: Inline - RelativeJump 0x806177E7-->8058719C [ntoskrnl.exe]
ntoskrnl.exe+0x001407EC, Type: Inline - RelativeJump 0x806177EC-->806177FD [ntoskrnl.exe]
ntoskrnl.exe+0x001407F5, Type: Inline - DirectCall 0x806177F5-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00140A1B, Type: Inline - RelativeJump 0x80617A1B-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A27, Type: Inline - RelativeJump 0x80617A27-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A2C, Type: Inline - RelativeJump 0x80617A2C-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A6C, Type: Inline - RelativeJump 0x80617A6C-->80617A7E [ntoskrnl.exe]
ntoskrnl.exe+0x00140A7C, Type: Inline - RelativeJump 0x80617A7C-->805D684A [ntoskrnl.exe]
ntoskrnl.exe+0x00140B36, Type: Inline - RelativeJump 0x80617B36-->8057274A [ntoskrnl.exe]
ntoskrnl.exe+0x00140B3B, Type: Inline - RelativeCall 0x80617B3B-->80570360 [ntoskrnl.exe]
ntoskrnl.exe+0x00140B7C, Type: Inline - RelativeJump 0x80617B7C-->805726BD [ntoskrnl.exe]
ntoskrnl.exe+0x00140B83, Type: Inline - RelativeJump 0x80617B83-->80572732 [ntoskrnl.exe]
ntoskrnl.exe+0x00140B95, Type: Inline - RelativeJump 0x80617B95-->80617BC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00140BDF, Type: Inline - RelativeJump 0x80617BDF-->80586182 [ntoskrnl.exe]
ntoskrnl.exe+0x00140C19, Type: Inline - RelativeJump 0x80617C19-->80617C3F [ntoskrnl.exe]
ntoskrnl.exe+0x00140C1E, Type: Inline - RelativeJump 0x80617C1E-->80617CBB [ntoskrnl.exe]
ntoskrnl.exe+0x00140C2A, Type: Inline - RelativeJump 0x80617C2A-->80617CC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00140EAB, Type: Inline - RelativeJump 0x80617EAB-->80617EB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00140FFF, Type: Inline - RelativeCall 0x80617FFF-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00141008, Type: Inline - RelativeJump 0x80618008-->805DC66A [ntoskrnl.exe]
ntoskrnl.exe+0x001410DA, Type: Inline - RelativeCall 0x806180DA-->805E1B20 [ntoskrnl.exe]
ntoskrnl.exe+0x001410E9, Type: Inline - RelativeJump 0x806180E9-->80618130 [ntoskrnl.exe]
ntoskrnl.exe+0x001410EC, Type: Inline - RelativeJump 0x806180EC-->80618116 [ntoskrnl.exe]
ntoskrnl.exe+0x001412F4, Type: Inline - RelativeJump 0x806182F4-->80618305 [ntoskrnl.exe]
ntoskrnl.exe+0x00141415, Type: Inline - PushRet 0x80618415-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014149D, Type: Inline - RelativeJump 0x8061849D-->8058056C [ntoskrnl.exe]
ntoskrnl.exe+0x001414A6, Type: Inline - RelativeJump 0x806184A6-->806184E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00141540, Type: Inline - RelativeCall 0x80618540-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00141872, Type: Inline - RelativeJump 0x80618872-->80578624 [ntoskrnl.exe]
ntoskrnl.exe+0x00141889, Type: Inline - RelativeJump 0x80618889-->80618874 [ntoskrnl.exe]
ntoskrnl.exe+0x001418BC, Type: Inline - RelativeJump 0x806188BC-->806188C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001419CE, Type: Inline - RelativeCall 0x806189CE-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001419D6, Type: Inline - RelativeCall 0x806189D6-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x00141F17, Type: Inline - RelativeJump 0x80618F17-->80573349 [ntoskrnl.exe]
ntoskrnl.exe+0x00141F1E, Type: Inline - RelativeJump 0x80618F1E-->805EB444 [ntoskrnl.exe]
ntoskrnl.exe+0x00141F6D, Type: Inline - RelativeJump 0x80618F6D-->80618F7D [ntoskrnl.exe]
ntoskrnl.exe+0x00141F82, Type: Inline - RelativeJump 0x80618F82-->80618F9C [ntoskrnl.exe]
ntoskrnl.exe+0x0014202B, Type: Inline - RelativeJump 0x8061902B-->80619041 [ntoskrnl.exe]
ntoskrnl.exe+0x001421FE, Type: Inline - RelativeJump 0x806191FE-->80619228 [ntoskrnl.exe]
ntoskrnl.exe+0x00142225, Type: Inline - RelativeJump 0x80619225-->80619233 [ntoskrnl.exe]
ntoskrnl.exe+0x00142253, Type: Inline - RelativeJump 0x80619253-->80597905 [ntoskrnl.exe]
ntoskrnl.exe+0x00142264, Type: Inline - RelativeJump 0x80619264-->805D4FFC [ntoskrnl.exe]
ntoskrnl.exe+0x0014226B, Type: Inline - RelativeJump 0x8061926B-->8061928C [ntoskrnl.exe]
ntoskrnl.exe+0x001422E1, Type: Inline - RelativeJump 0x806192E1-->8059824B [ntoskrnl.exe]
ntoskrnl.exe+0x0014231D, Type: Inline - RelativeJump 0x8061931D-->80597A14 [ntoskrnl.exe]
ntoskrnl.exe+0x0014246F, Type: Inline - RelativeCall 0x8061946F-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00142475, Type: Inline - RelativeJump 0x80619475-->805D6DA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0014247A, Type: Inline - RelativeJump 0x8061947A-->8061948C [ntoskrnl.exe]
ntoskrnl.exe+0x00142481, Type: Inline - RelativeJump 0x80619481-->80619483 [ntoskrnl.exe]
ntoskrnl.exe+0x0014250D, Type: Inline - RelativeJump 0x8061950D-->805D6ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x00142537, Type: Inline - RelativeJump 0x80619537-->80619549 [ntoskrnl.exe]
ntoskrnl.exe+0x00142542, Type: Inline - RelativeJump 0x80619542-->80619550 [ntoskrnl.exe]
ntoskrnl.exe+0x001425C4, Type: Inline - RelativeJump 0x806195C4-->806195C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001425D7, Type: Inline - RelativeJump 0x806195D7-->806195E8 [ntoskrnl.exe]
ntoskrnl.exe+0x001425E3, Type: Inline - RelativeJump 0x806195E3-->806195E7 [ntoskrnl.exe]
ntoskrnl.exe+0x001425E8, Type: Inline - RelativeJump 0x806195E8-->806195E2 [ntoskrnl.exe]
ntoskrnl.exe+0x001425EC, Type: Inline - PushRet 0x806195EC-->EBFFF7EF [unknown_code_page]
ntoskrnl.exe+0x001425F0, Type: Inline - RelativeJump 0x806195F0-->806195A2 [ntoskrnl.exe]
ntoskrnl.exe+0x00142607, Type: Inline - RelativeJump 0x80619607-->80619595 [ntoskrnl.exe]
ntoskrnl.exe+0x00142615, Type: Inline - RelativeJump 0x80619615-->80619606 [ntoskrnl.exe]
ntoskrnl.exe+0x00142619, Type: Inline - RelativeJump 0x80619619-->8061962A [ntoskrnl.exe]
ntoskrnl.exe+0x0014262A, Type: Inline - RelativeJump 0x8061962A-->8061959E [ntoskrnl.exe]
ntoskrnl.exe+0x00142630, Type: Inline - RelativeJump 0x80619630-->8061959E [ntoskrnl.exe]
ntoskrnl.exe+0x0014263B, Type: Inline - RelativeJump 0x8061963B-->8061959B [ntoskrnl.exe]
ntoskrnl.exe+0x00142740, Type: Inline - RelativeJump 0x80619740-->8061976E [ntoskrnl.exe]
ntoskrnl.exe+0x0014274A, Type: Inline - RelativeJump 0x8061974A-->805DB282 [ntoskrnl.exe]
ntoskrnl.exe+0x00142754, Type: Inline - RelativeCall 0x80619754-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x0014275D, Type: Inline - RelativeJump 0x8061975D-->805DB282 [ntoskrnl.exe]
ntoskrnl.exe+0x00142763, Type: Inline - RelativeJump 0x80619763-->8061975D [ntoskrnl.exe]
ntoskrnl.exe+0x001427BE, Type: Inline - RelativeJump 0x806197BE-->806197A8 [ntoskrnl.exe]
ntoskrnl.exe+0x00142816, Type: Inline - RelativeJump 0x80619816-->80619825 [ntoskrnl.exe]
ntoskrnl.exe+0x00142825, Type: Inline - RelativeJump 0x80619825-->80619834 [ntoskrnl.exe]
ntoskrnl.exe+0x00142A59, Type: Inline - RelativeJump 0x80619A59-->805E12AA [ntoskrnl.exe]
ntoskrnl.exe+0x00142A63, Type: Inline - RelativeCall 0x80619A63-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x00142B5B, Type: Inline - RelativeJump 0x80619B5B-->805E15F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00142B65, Type: Inline - RelativeJump 0x80619B65-->805E1602 [ntoskrnl.exe]
ntoskrnl.exe+0x00142B6A, Type: Inline - RelativeJump 0x80619B6A-->80619B84 [ntoskrnl.exe]
ntoskrnl.exe+0x00142C66, Type: Inline - RelativeJump 0x80619C66-->80619D56 [ntoskrnl.exe]
ntoskrnl.exe+0x00142C70, Type: Inline - RelativeJump 0x80619C70-->80619D56 [ntoskrnl.exe]
ntoskrnl.exe+0x00143168, Type: Inline - RelativeJump 0x8061A168-->80586DE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00143173, Type: Inline - RelativeCall 0x8061A173-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00143846, Type: Inline - RelativeJump 0x8061A846-->8061A7FB [ntoskrnl.exe]
ntoskrnl.exe+0x00143868, Type: Inline - RelativeJump 0x8061A868-->8061A85B [ntoskrnl.exe]
ntoskrnl.exe+0x00143B6E, Type: Inline - RelativeJump 0x8061AB6E-->8061AB87 [ntoskrnl.exe]
ntoskrnl.exe+0x00143BC2, Type: Inline - RelativeJump 0x8061ABC2-->8061ABA7 [ntoskrnl.exe]
ntoskrnl.exe+0x00143BFA, Type: Inline - RelativeCall 0x8061ABFA-->8065FCB9 [ntoskrnl.exe]
ntoskrnl.exe+0x00143C00, Type: Inline - RelativeJump 0x8061AC00-->805D5F8A [ntoskrnl.exe]
ntoskrnl.exe+0x00143DCA, Type: Inline - RelativeJump 0x8061ADCA-->80586722 [ntoskrnl.exe]
ntoskrnl.exe+0x00143DCF, Type: Inline - RelativeJump 0x8061ADCF-->8061ADED [ntoskrnl.exe]
ntoskrnl.exe+0x00143F4B, Type: Inline - DirectCall 0x8061AF4B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00143F4F, Type: Inline - RelativeJump 0x8061AF4F-->805DB32A [ntoskrnl.exe]
ntoskrnl.exe+0x00143F54, Type: Inline - RelativeJump 0x8061AF54-->805DB30D [ntoskrnl.exe]
ntoskrnl.exe+0x00144254, Type: Inline - RelativeJump 0x8061B254-->8061B2DF [ntoskrnl.exe]
ntoskrnl.exe+0x00144433, Type: Inline - RelativeJump 0x8061B433-->8061B458 [ntoskrnl.exe]
ntoskrnl.exe+0x00144486, Type: Inline - RelativeCall 0x8061B486-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x0014448F, Type: Inline - RelativeJump 0x8061B48F-->8061B4BC [ntoskrnl.exe]
ntoskrnl.exe+0x00144713, Type: Inline - RelativeCall 0x8061B713-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x00144719, Type: Inline - RelativeJump 0x8061B719-->8061B72A [ntoskrnl.exe]
ntoskrnl.exe+0x00144726, Type: Inline - RelativeJump 0x8061B726-->805D5179 [ntoskrnl.exe]
ntoskrnl.exe+0x00144730, Type: Inline - RelativeJump 0x8061B730-->805D5179 [ntoskrnl.exe]
ntoskrnl.exe+0x0014473F, Type: Inline - RelativeJump 0x8061B73F-->805D522D [ntoskrnl.exe]
ntoskrnl.exe+0x00144750, Type: Inline - RelativeJump 0x8061B750-->8061B768 [ntoskrnl.exe]
ntoskrnl.exe+0x001448C1, Type: Inline - PushRet 0x8061B8C1-->8B804D81 [unknown_code_page]
ntoskrnl.exe+0x001448C2, Type: Inline - DirectCall 0x8061B8C2-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x00144989, Type: Inline - PushRet 0x8061B989-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00144993, Type: Inline - RelativeCall 0x8061B993-->DDEB94CB [unknown_code_page]
ntoskrnl.exe+0x00144B9C, Type: Inline - RelativeJump 0x8061BB9C-->805A0D34 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BB2, Type: Inline - RelativeJump 0x8061BBB2-->805A0D50 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BB7, Type: Inline - RelativeJump 0x8061BBB7-->805A0D69 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BBF, Type: Inline - RelativeJump 0x8061BBBF-->805A0D82 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BCE, Type: Inline - RelativeJump 0x8061BBCE-->805A1290 [ntoskrnl.exe]
ntoskrnl.exe+0x00144CA9, Type: Inline - RelativeJump 0x8061BCA9-->805DCEDC [ntoskrnl.exe]
ntoskrnl.exe+0x00144EFF, Type: Inline - RelativeJump 0x8061BEFF-->8061BF1E [ntoskrnl.exe]
ntoskrnl.exe+0x00145040, Type: Inline - RelativeCall 0x8061C040-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00145045, Type: Inline - PushRet 0x8061C045-->90900014 [unknown_code_page]
ntoskrnl.exe+0x0014508B, Type: Inline - RelativeJump 0x8061C08B-->8061C096 [ntoskrnl.exe]
ntoskrnl.exe+0x00145092, Type: Inline - RelativeJump 0x8061C092-->8061C0A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014517B, Type: Inline - RelativeJump 0x8061C17B-->8061C189 [ntoskrnl.exe]
ntoskrnl.exe+0x00145183, Type: Inline - RelativeJump 0x8061C183-->8061C1AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014528C, Type: Inline - RelativeCall 0x8061C28C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x001452A3, Type: Inline - RelativeJump 0x8061C2A3-->8061C376 [ntoskrnl.exe]
ntoskrnl.exe+0x001452B0, Type: Inline - RelativeCall 0x8061C2B0-->8064CBAC [ntoskrnl.exe]
ntoskrnl.exe+0x001452C4, Type: Inline - RelativeJump 0x8061C2C4-->8061C2E4 [ntoskrnl.exe]
ntoskrnl.exe+0x001454B8, Type: Inline - RelativeCall 0x8061C4B8-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x001454C9, Type: Inline - RelativeJump 0x8061C4C9-->8061C4E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014563F, Type: Inline - RelativeCall 0x8061C63F-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00145673, Type: Inline - RelativeJump 0x8061C673-->8061C678 [ntoskrnl.exe]
ntoskrnl.exe+0x001457AD, Type: Inline - RelativeJump 0x8061C7AD-->8061C7DE [ntoskrnl.exe]
ntoskrnl.exe+0x0014585D, Type: Inline - RelativeJump 0x8061C85D-->8061C879 [ntoskrnl.exe]
ntoskrnl.exe+0x00145A23, Type: Inline - RelativeJump 0x8061CA23-->8061CA84 [ntoskrnl.exe]
ntoskrnl.exe+0x00145A84, Type: Inline - RelativeJump 0x8061CA84-->8061CAD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00145C89, Type: Inline - RelativeJump 0x8061CC89-->8061CF21 [ntoskrnl.exe]
ntoskrnl.exe+0x00145CA6, Type: Inline - RelativeJump 0x8061CCA6-->8061CCB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00145CBB, Type: Inline - RelativeJump 0x8061CCBB-->8061CD56 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D1A, Type: Inline - RelativeCall 0x8061CD1A-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D30, Type: Inline - RelativeJump 0x8061CD30-->8061CD49 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D4A, Type: Inline - RelativeJump 0x8061CD4A-->8061CC8E [ntoskrnl.exe]
ntoskrnl.exe+0x00145D5B, Type: Inline - RelativeCall 0x8061CD5B-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D6C, Type: Inline - RelativeJump 0x8061CD6C-->8061CCD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D7E, Type: Inline - RelativeJump 0x8061CD7E-->8061CD99 [ntoskrnl.exe]
ntoskrnl.exe+0x00145E27, Type: Inline - RelativeJump 0x8061CE27-->8061CE57 [ntoskrnl.exe]
ntoskrnl.exe+0x0014606E, Type: Inline - RelativeJump 0x8061D06E-->8061D24C [ntoskrnl.exe]
ntoskrnl.exe+0x00146078, Type: Inline - RelativeJump 0x8061D078-->8061D0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00146083, Type: Inline - RelativeCall 0x8061D083-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x001460C8, Type: Inline - RelativeJump 0x8061D0C8-->8061D0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x001460CE, Type: Inline - RelativeJump 0x8061D0CE-->8061D0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00146213, Type: Inline - RelativeJump 0x8061D213-->8061D23F [ntoskrnl.exe]
ntoskrnl.exe+0x00146229, Type: Inline - RelativeJump 0x8061D229-->8061D239 [ntoskrnl.exe]
ntoskrnl.exe+0x0014628D, Type: Inline - RelativeJump 0x8061D28D-->8061D624 [ntoskrnl.exe]
ntoskrnl.exe+0x00146334, Type: Inline - RelativeJump 0x8061D334-->8061D616 [ntoskrnl.exe]
ntoskrnl.exe+0x00146347, Type: Inline - RelativeJump 0x8061D347-->8061D356 [ntoskrnl.exe]
ntoskrnl.exe+0x0014634D, Type: Inline - RelativeJump 0x8061D34D-->8061D616 [ntoskrnl.exe]
ntoskrnl.exe+0x0014643A, Type: Inline - RelativeJump 0x8061D43A-->8061D624 [ntoskrnl.exe]
ntoskrnl.exe+0x00146685, Type: Inline - RelativeJump 0x8061D685-->8061D69B [ntoskrnl.exe]
ntoskrnl.exe+0x001466A2, Type: Inline - RelativeJump 0x8061D6A2-->8AD822E0 [unknown_code_page]
ntoskrnl.exe+0x001467F2, Type: Inline - RelativeJump 0x8061D7F2-->8061D83A [ntoskrnl.exe]
ntoskrnl.exe+0x00146A08, Type: Inline - RelativeJump 0x8061DA08-->8061DA20 [ntoskrnl.exe]
ntoskrnl.exe+0x00146A1C, Type: Inline - RelativeCall 0x8061DA1C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x00146A26, Type: Inline - PushRet 0x8061DA26-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x00146CC7, Type: Inline - RelativeJump 0x8061DCC7-->8061DF50 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D42, Type: Inline - RelativeJump 0x8061DD42-->8061DD77 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D6C, Type: Inline - RelativeJump 0x8061DD6C-->8061DD83 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D84, Type: Inline - RelativeJump 0x8061DD84-->8061DDDE [ntoskrnl.exe]
ntoskrnl.exe+0x00146D90, Type: Inline - RelativeJump 0x8061DD90-->8061DDFE [ntoskrnl.exe]
ntoskrnl.exe+0x00146DB7, Type: Inline - RelativeJump 0x8061DDB7-->8061DD47 [ntoskrnl.exe]
ntoskrnl.exe+0x00146DF2, Type: Inline - RelativeJump 0x8061DDF2-->8061DE85 [ntoskrnl.exe]
ntoskrnl.exe+0x00146DF8, Type: Inline - RelativeJump 0x8061DDF8-->8061DE85 [ntoskrnl.exe]
ntoskrnl.exe+0x00146EDC, Type: Inline - RelativeJump 0x8061DEDC-->8061DEF6 [ntoskrnl.exe]
ntoskrnl.exe+0x00146F78, Type: Inline - RelativeJump 0x8061DF78-->8061DF88 [ntoskrnl.exe]
ntoskrnl.exe+0x00147001, Type: Inline - RelativeJump 0x8061E001-->8061E05E [ntoskrnl.exe]
ntoskrnl.exe+0x00147049, Type: Inline - RelativeJump 0x8061E049-->8061E047 [ntoskrnl.exe]
ntoskrnl.exe+0x00147155, Type: Inline - RelativeJump 0x8061E155-->8061E171 [ntoskrnl.exe]
ntoskrnl.exe+0x001471BD, Type: Inline - RelativeJump 0x8061E1BD-->8061E1DB [ntoskrnl.exe]
ntoskrnl.exe+0x0014739B, Type: Inline - RelativeJump 0x8061E39B-->8061E49C [ntoskrnl.exe]
ntoskrnl.exe+0x00147476, Type: Inline - RelativeJump 0x8061E476-->8061E48C [ntoskrnl.exe]
ntoskrnl.exe+0x00147532, Type: Inline - RelativeJump 0x8061E532-->8061E53E [ntoskrnl.exe]
ntoskrnl.exe+0x001478B1, Type: Inline - RelativeJump 0x8061E8B1-->8061E8A3 [ntoskrnl.exe]
ntoskrnl.exe+0x001478BD, Type: Inline - RelativeCall 0x8061E8BD-->80518DB9 [ntoskrnl.exe]
ntoskrnl.exe+0x001478CD, Type: Inline - RelativeJump 0x8061E8CD-->8061EB07 [ntoskrnl.exe]
ntoskrnl.exe+0x001478D6, Type: Inline - RelativeCall 0x8061E8D6-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x00147A6E, Type: Inline - RelativeJump 0x8061EA6E-->8061EA87 [ntoskrnl.exe]
ntoskrnl.exe+0x0014810A, Type: Inline - RelativeJump 0x8061F10A-->8061F0EC [ntoskrnl.exe]
ntoskrnl.exe+0x00148191, Type: Inline - RelativeJump 0x8061F191-->8061F250 [ntoskrnl.exe]
ntoskrnl.exe+0x001482EE, Type: Inline - RelativeJump 0x8061F2EE-->8061F300 [ntoskrnl.exe]
ntoskrnl.exe+0x00148384, Type: Inline - RelativeJump 0x8061F384-->8061F3BA [ntoskrnl.exe]
ntoskrnl.exe+0x00148392, Type: Inline - RelativeCall 0x8061F392-->8061EF09 [ntoskrnl.exe]
ntoskrnl.exe+0x00148883, Type: Inline - RelativeJump 0x8061F883-->8061F9A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0014888B, Type: Inline - RelativeJump 0x8061F88B-->8061F89B [ntoskrnl.exe]
ntoskrnl.exe+0x00148912, Type: Inline - RelativeJump 0x8061F912-->8061F97B [ntoskrnl.exe]
ntoskrnl.exe+0x001489A4, Type: Inline - RelativeCall 0x8061F9A4-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001489B5, Type: Inline - PushRet 0x8061F9B5-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00148A60, Type: Inline - RelativeCall 0x8061FA60-->8061F25F [ntoskrnl.exe]
ntoskrnl.exe+0x00148A91, Type: Inline - RelativeJump 0x8061FA91-->8061FAC3 [ntoskrnl.exe]
ntoskrnl.exe+0x00148A94, Type: Inline - RelativeJump 0x8061FA94-->8061FAC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00148BD5, Type: Inline - PushRet 0x8061FBD5-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00148D59, Type: Inline - RelativeJump 0x8061FD59-->8061FDA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00148D6F, Type: Inline - RelativeJump 0x8061FD6F-->8061FD8E [ntoskrnl.exe]
ntoskrnl.exe+0x00148D78, Type: Inline - RelativeCall 0x8061FD78-->8061FB49 [ntoskrnl.exe]
ntoskrnl.exe+0x00148D88, Type: Inline - RelativeJump 0x8061FD88-->8061FDA1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014913A, Type: Inline - RelativeJump 0x8062013A-->8062014A [ntoskrnl.exe]
ntoskrnl.exe+0x001493AC, Type: Inline - RelativeCall 0x806203AC-->8057010D [ntoskrnl.exe]
ntoskrnl.exe+0x001493B7, Type: Inline - RelativeJump 0x806203B7-->806203D6 [ntoskrnl.exe]
ntoskrnl.exe+0x001495EC, Type: Inline - RelativeJump 0x806205EC-->806205F7 [ntoskrnl.exe]
ntoskrnl.exe+0x001496EC, Type: Inline - RelativeJump 0x806206EC-->806206FE [ntoskrnl.exe]
ntoskrnl.exe+0x00149BC0, Type: Inline - RelativeJump 0x80620BC0-->80620BD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00149BC4, Type: Inline - RelativeJump 0x80620BC4-->80620BCE [ntoskrnl.exe]
ntoskrnl.exe+0x00149CD1, Type: Inline - RelativeCall 0x80620CD1-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00149CFA, Type: Inline - RelativeJump 0x80620CFA-->80620D05 [ntoskrnl.exe]
ntoskrnl.exe+0x00149D7C, Type: Inline - RelativeJump 0x80620D7C-->80620D92 [ntoskrnl.exe]
ntoskrnl.exe+0x00149D80, Type: Inline - RelativeCall 0x80620D80-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00149DC0, Type: Inline - RelativeJump 0x80620DC0-->80620DD9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A2D6, Type: Inline - RelativeCall 0x806212D6-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A5A6, Type: Inline - RelativeJump 0x806215A6-->806215D6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A891, Type: Inline - PushRet 0x80621891-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014A898, Type: Inline - RelativeJump 0x80621898-->80621B7C [ntoskrnl.exe]
ntoskrnl.exe+0x0014A8B0, Type: Inline - RelativeJump 0x806218B0-->806218CC [ntoskrnl.exe]
ntoskrnl.exe+0x0014A952, Type: Inline - RelativeCall 0x80621952-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A9BF, Type: Inline - RelativeJump 0x806219BF-->806219DB [ntoskrnl.exe]
ntoskrnl.exe+0x0014A9E6, Type: Inline - RelativeJump 0x806219E6-->C6EBFA3A [unknown_code_page]
ntoskrnl.exe+0x0014AAD3, Type: Inline - RelativeCall 0x80621AD3-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014AADB, Type: Inline - RelativeJump 0x80621ADB-->80621B7C [ntoskrnl.exe]
ntoskrnl.exe+0x0014ACE8, Type: Inline - RelativeJump 0x80621CE8-->80621D1B [ntoskrnl.exe]
ntoskrnl.exe+0x0014ACFE, Type: Inline - RelativeJump 0x80621CFE-->80621CE0 [ntoskrnl.exe]
ntoskrnl.exe+0x0014AE4D, Type: Inline - PushRet 0x80621E4D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014AE60, Type: Inline - RelativeCall 0x80621E60-->EB3E9464 [unknown_code_page]
ntoskrnl.exe+0x0014AE65, Type: Inline - RelativeJump 0x80621E65-->80621E1D [ntoskrnl.exe]
ntoskrnl.exe+0x0014AFFC, Type: Inline - PushRet 0x80621FFC-->8BD84589 [unknown_code_page]
ntoskrnl.exe+0x0014B0B0, Type: Inline - RelativeJump 0x806220B0-->806220C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B171, Type: Inline - RelativeJump 0x80622171-->8062218F [ntoskrnl.exe]
ntoskrnl.exe+0x0014B221, Type: Inline - RelativeCall 0x80622221-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B23C, Type: Inline - RelativeJump 0x8062223C-->80622257 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B302, Type: Inline - RelativeJump 0x80622302-->80622320 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B314, Type: Inline - RelativeJump 0x80622314-->806222EE [ntoskrnl.exe]
ntoskrnl.exe+0x0014B398, Type: Inline - RelativeJump 0x80622398-->806223AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4A3, Type: Inline - RelativeJump 0x806224A3-->806224BD [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4A6, Type: Inline - PushRet 0x806224A6-->E8057403 [unknown_code_page]
ntoskrnl.exe+0x0014B4B4, Type: Inline - RelativeJump 0x806224B4-->806224C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4C0, Type: Inline - RelativeJump 0x806224C0-->806224CB [ntoskrnl.exe]
ntoskrnl.exe+0x0014B555, Type: Inline - RelativeJump 0x80622555-->806227AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B611, Type: Inline - RelativeJump 0x80622611-->806227AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B679, Type: Inline - RelativeJump 0x80622679-->80622693 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B6B6, Type: Inline - RelativeJump 0x806226B6-->806226E3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B6C7, Type: Inline - RelativeJump 0x806226C7-->806226D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B702, Type: Inline - RelativeCall 0x80622702-->80573888 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B908, Type: Inline - RelativeJump 0x80622908-->80622931 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B95A, Type: Inline - RelativeJump 0x8062295A-->8062296F [ntoskrnl.exe]
ntoskrnl.exe+0x0014B9E5, Type: Inline - RelativeCall 0x806229E5-->805352CC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B9F7, Type: Inline - PushRet 0x806229F7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014BB42, Type: Inline - RelativeCall 0x80622B42-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0014BB49, Type: Inline - RelativeCall 0x80622B49-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0014BC6B, Type: Inline - PushRet 0x80622C6B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014C034, Type: Inline - RelativeCall 0x80623034-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C044, Type: Inline - RelativeCall 0x80623044-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C052, Type: Inline - RelativeJump 0x80623052-->8062306C [ntoskrnl.exe]
ntoskrnl.exe+0x0014C0EC, Type: Inline - RelativeCall 0x806230EC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C1E2, Type: Inline - PushRet 0x806231E2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014C3A6, Type: Inline - RelativeJump 0x806233A6-->806233B4 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C45C, Type: Inline - PushRet 0x8062345C-->CCCC0010 [unknown_code_page]
ntoskrnl.exe+0x0014C6BD, Type: Inline - RelativeCall 0x806236BD-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6C5, Type: Inline - RelativeJump 0x806236C5-->806236D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6D1, Type: Inline - RelativeCall 0x806236D1-->804F2DB1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6EE, Type: Inline - RelativeJump 0x806236EE-->8062374E [ntoskrnl.exe]
ntoskrnl.exe+0x0014C8AF, Type: Inline - PushRet 0x806238AF-->C2C95E5B [unknown_code_page]
ntoskrnl.exe+0x0014C914, Type: Inline - RelativeJump 0x80623914-->806239B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA58, Type: Inline - RelativeCall 0x80623A58-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA60, Type: Inline - RelativeJump 0x80623A60-->80623BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA70, Type: Inline - RelativeCall 0x80623A70-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA7C, Type: Inline - RelativeJump 0x80623A7C-->80623C02 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA87, Type: Inline - RelativeJump 0x80623A87-->80623C02 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CB55, Type: Inline - RelativeJump 0x80623B55-->80623AEC [ntoskrnl.exe]
ntoskrnl.exe+0x0014CBA7, Type: Inline - RelativeCall 0x80623BA7-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CF63, Type: Inline - RelativeJump 0x80623F63-->806243CF [ntoskrnl.exe]
ntoskrnl.exe+0x0014D0A2, Type: Inline - RelativeCall 0x806240A2-->80622ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014D737, Type: Inline - PushRet 0x80624737-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014D904, Type: Inline - RelativeCall 0x80624904-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0014DF94, Type: Inline - RelativeJump 0x80624F94-->806250CA [ntoskrnl.exe]
ntoskrnl.exe+0x0014E20C, Type: Inline - RelativeJump 0x8062520C-->806251EA [ntoskrnl.exe]
ntoskrnl.exe+0x0014E25B, Type: Inline - RelativeJump 0x8062525B-->80625209 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E520, Type: Inline - RelativeJump 0x80625520-->80625526 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E564, Type: Inline - RelativeJump 0x80625564-->80625574 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E5F2, Type: Inline - PushRet 0x806255F2-->F1B80775 [unknown_code_page]
ntoskrnl.exe+0x0014E5FE, Type: Inline - RelativeJump 0x806255FE-->8062561C [ntoskrnl.exe]
ntoskrnl.exe+0x0014E611, Type: Inline - RelativeJump 0x80625611-->8062561F [ntoskrnl.exe]
ntoskrnl.exe+0x0014E6CC, Type: Inline - RelativeJump 0x806256CC-->806256C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014EAC6, Type: Inline - RelativeCall 0x80625AC6-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F207, Type: Inline - RelativeJump 0x80626207-->80626217 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F283, Type: Inline - RelativeJump 0x80626283-->80626296 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F3A3, Type: Inline - RelativeJump 0x806263A3-->806263CF [ntoskrnl.exe]
ntoskrnl.exe+0x0014F3BE, Type: Inline - RelativeJump 0x806263BE-->806263D3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F400, Type: Inline - RelativeJump 0x80626400-->806264A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F42F, Type: Inline - RelativeJump 0x8062642F-->80626370 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F434, Type: Inline - RelativeJump 0x80626434-->806263D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F6D7, Type: Inline - RelativeJump 0x806266D7-->80626716 [ntoskrnl.exe]
ntoskrnl.exe+0x0014FD00, Type: Inline - RelativeCall 0x80626D00-->80535B3F [ntoskrnl.exe]
ntoskrnl.exe+0x0014FD0B, Type: Inline - RelativeJump 0x80626D0B-->80626D3A [ntoskrnl.exe]
ntoskrnl.exe+0x00150344, Type: Inline - RelativeJump 0x80627344-->80627373 [ntoskrnl.exe]
ntoskrnl.exe+0x0015034F, Type: Inline - RelativeJump 0x8062734F-->80627369 [ntoskrnl.exe]
ntoskrnl.exe+0x00150355, Type: Inline - RelativeJump 0x80627355-->80627353 [ntoskrnl.exe]
ntoskrnl.exe+0x0015037A, Type: Inline - RelativeJump 0x8062737A-->80627398 [ntoskrnl.exe]
ntoskrnl.exe+0x001503EB, Type: Inline - RelativeCall 0x806273EB-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x001505C5, Type: Inline - RelativeJump 0x806275C5-->806275E3 [ntoskrnl.exe]
ntoskrnl.exe+0x00150829, Type: Inline - RelativeCall 0x80627829-->805A1115 [ntoskrnl.exe]
ntoskrnl.exe+0x00150976, Type: Inline - RelativeJump 0x80627976-->80627994 [ntoskrnl.exe]
ntoskrnl.exe+0x001509D5, Type: Inline - RelativeJump 0x806279D5-->806279E4 [ntoskrnl.exe]
ntoskrnl.exe+0x001509E7, Type: Inline - RelativeJump 0x806279E7-->806279F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00150B7B, Type: Inline - RelativeCall 0x80627B7B-->EBC00000 [unknown_code_page]
ntoskrnl.exe+0x00151043, Type: Inline - RelativeCall 0x80628043-->80627F7D [ntoskrnl.exe]
ntoskrnl.exe+0x0015104A, Type: Inline - RelativeJump 0x8062804A-->80628056 [ntoskrnl.exe]
ntoskrnl.exe+0x00151166, Type: Inline - RelativeJump 0x80628166-->80628194 [ntoskrnl.exe]
ntoskrnl.exe+0x0015124B, Type: Inline - RelativeCall 0x8062824B-->805A7B02 [ntoskrnl.exe]
ntoskrnl.exe+0x00151258, Type: Inline - RelativeJump 0x80628258-->80628271 [ntoskrnl.exe]
ntoskrnl.exe+0x001513B7, Type: Inline - RelativeJump 0x806283B7-->806283CC [ntoskrnl.exe]
ntoskrnl.exe+0x001514B4, Type: Inline - DirectCall 0x806284B4-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x001514CA, Type: Inline - RelativeJump 0x806284CA-->80628508 [ntoskrnl.exe]
ntoskrnl.exe+0x0015168D, Type: Inline - RelativeJump 0x8062868D-->8062868F [ntoskrnl.exe]
ntoskrnl.exe+0x001516BA, Type: Inline - PushRet 0x806286BA-->90900008 [unknown_code_page]
ntoskrnl.exe+0x00151817, Type: Inline - RelativeJump 0x80628817-->80628823 [ntoskrnl.exe]
ntoskrnl.exe+0x0015183C, Type: Inline - RelativeJump 0x8062883C-->80628846 [ntoskrnl.exe]
ntoskrnl.exe+0x00151848, Type: Inline - RelativeJump 0x80628848-->8062884E [ntoskrnl.exe]
ntoskrnl.exe+0x00151B47, Type: Inline - RelativeCall 0x80628B47-->805A714A [ntoskrnl.exe]
ntoskrnl.exe+0x00151B86, Type: Inline - RelativeCall 0x80628B86-->8062A017 [ntoskrnl.exe]
ntoskrnl.exe+0x00151C76, Type: Inline - RelativeJump 0x80628C76-->80628C80 [ntoskrnl.exe]
ntoskrnl.exe+0x001521C4, Type: Inline - RelativeCall 0x806291C4-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0015222D, Type: Inline - RelativeJump 0x8062922D-->80629236 [ntoskrnl.exe]
ntoskrnl.exe+0x00152416, Type: Inline - RelativeJump 0x80629416-->8062942F [ntoskrnl.exe]
ntoskrnl.exe+0x0015242E, Type: Inline - RelativeJump 0x8062942E-->806293E4 [ntoskrnl.exe]
ntoskrnl.exe+0x00152592, Type: Inline - RelativeJump 0x80629592-->806295C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0015265E, Type: Inline - RelativeJump 0x8062965E-->806296EE [ntoskrnl.exe]
ntoskrnl.exe+0x0015273C, Type: Inline - RelativeJump 0x8062973C-->8062974B [ntoskrnl.exe]
ntoskrnl.exe+0x001527F3, Type: Inline - RelativeJump 0x806297F3-->80629966 [ntoskrnl.exe]
ntoskrnl.exe+0x001529D5, Type: Inline - RelativeJump 0x806299D5-->806299DF [ntoskrnl.exe]
ntoskrnl.exe+0x00152B5D, Type: Inline - RelativeJump 0x80629B5D-->80629B68 [ntoskrnl.exe]
ntoskrnl.exe+0x00152B60, Type: Inline - RelativeJump 0x80629B60-->80629BC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00152B75, Type: Inline - RelativeJump 0x80629B75-->80629B8B [ntoskrnl.exe]
ntoskrnl.exe+0x001530BF, Type: Inline - PushRet 0x8062A0BF-->8AFC45C7 [unknown_code_page]
ntoskrnl.exe+0x00153190, Type: Inline - RelativeCall 0x8062A190-->BC4AE721 [unknown_code_page]
ntoskrnl.exe+0x00153196, Type: Inline - RelativeJump 0x8062A196-->8062A1B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001531A6, Type: Inline - RelativeJump 0x8062A1A6-->8062A18C [ntoskrnl.exe]
ntoskrnl.exe+0x001531B7, Type: Inline - RelativeJump 0x8062A1B7-->8062A187 [ntoskrnl.exe]
ntoskrnl.exe+0x00153220, Type: Inline - RelativeJump 0x8062A220-->8062A236 [ntoskrnl.exe]
ntoskrnl.exe+0x0015322C, Type: Inline - RelativeCall 0x8062A22C-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00153242, Type: Inline - RelativeJump 0x8062A242-->8062A23A [ntoskrnl.exe]
ntoskrnl.exe+0x001534F0, Type: Inline - RelativeJump 0x8062A4F0-->8062A503 [ntoskrnl.exe]
ntoskrnl.exe+0x0015378C, Type: Inline - RelativeJump 0x8062A78C-->8062A7F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00153828, Type: Inline - RelativeJump 0x8062A828-->8062A840 [ntoskrnl.exe]
ntoskrnl.exe+0x001538A2, Type: Inline - RelativeJump 0x8062A8A2-->8062A8C0 [ntoskrnl.exe]
ntoskrnl.exe+0x001538B7, Type: Inline - RelativeJump 0x8062A8B7-->8062A8C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001539B3, Type: Inline - RelativeJump 0x8062A9B3-->8062A9C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001539BE, Type: Inline - PushRet 0x8062A9BE-->CCCC0014 [unknown_code_page]
ntoskrnl.exe+0x00153A5A, Type: Inline - RelativeJump 0x8062AA5A-->8062AA70 [ntoskrnl.exe]
ntoskrnl.exe+0x00153A68, Type: Inline - RelativeJump 0x8062AA68-->8062AA86 [ntoskrnl.exe]
ntoskrnl.exe+0x00153B4F, Type: Inline - RelativeJump 0x8062AB4F-->8062AAC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00153D70, Type: Inline - RelativeJump 0x8062AD70-->8062ADA0 [ntoskrnl.exe]
ntoskrnl.exe+0x00153E01, Type: Inline - RelativeJump 0x8062AE01-->8062AE17 [ntoskrnl.exe]
ntoskrnl.exe+0x00153F40, Type: Inline - RelativeCall 0x8062AF40-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00153F6C, Type: Inline - RelativeJump 0x8062AF6C-->8062AFD4 [ntoskrnl.exe]
ntoskrnl.exe+0x00154080, Type: Inline - RelativeCall 0x8062B080-->804E310E [ntoskrnl.exe]
ntoskrnl.exe+0x00154368, Type: Inline - RelativeJump 0x8062B368-->8062B386 [ntoskrnl.exe]
ntoskrnl.exe+0x0015469C, Type: Inline - RelativeJump 0x8062B69C-->E4458BFF [unknown_code_page]
ntoskrnl.exe+0x00154A9F, Type: Inline - RelativeJump 0x8062BA9F-->8062BAB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00154C13, Type: Inline - RelativeJump 0x8062BC13-->8062BB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00154C5F, Type: Inline - RelativeJump 0x8062BC5F-->8062BC78 [ntoskrnl.exe]
ntoskrnl.exe+0x00154EA0, Type: Inline - PushRet 0x8062BEA0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00154F1E, Type: Inline - RelativeJump 0x8062BF1E-->8062BF2C [ntoskrnl.exe]
ntoskrnl.exe+0x001552FF, Type: Inline - RelativeJump 0x8062C2FF-->8062C3AF [ntoskrnl.exe]
ntoskrnl.exe+0x0015566C, Type: Inline - RelativeJump 0x8062C66C-->8062C6C8 [ntoskrnl.exe]
ntoskrnl.exe+0x00155724, Type: Inline - RelativeCall 0x8062C724-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe+0x001559F3, Type: Inline - RelativeCall 0x8062C9F3-->804EA1F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00155A5E, Type: Inline - RelativeCall 0x8062CA5E-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00155A68, Type: Inline - RelativeJump 0x8062CA68-->8062CA7C [ntoskrnl.exe]
ntoskrnl.exe+0x00155A73, Type: Inline - RelativeJump 0x8062CA73-->8062CB66 [ntoskrnl.exe]
ntoskrnl.exe+0x00155CC7, Type: Inline - RelativeJump 0x8062CCC7-->8062CD0A [ntoskrnl.exe]
ntoskrnl.exe+0x00155DF8, Type: Inline - RelativeCall 0x8062CDF8-->80550010 [ntoskrnl.exe]
ntoskrnl.exe+0x00155E06, Type: Inline - PushRet 0x8062CE06-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00155ED1, Type: Inline - DirectCall 0x8062CED1-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00155EDB, Type: Inline - RelativeJump 0x8062CEDB-->8062CEE2 [ntoskrnl.exe]
ntoskrnl.exe+0x00155F41, Type: Inline - RelativeJump 0x8062CF41-->8062CF4F [ntoskrnl.exe]
ntoskrnl.exe+0x001561D9, Type: Inline - RelativeCall 0x8062D1D9-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe+0x001561E2, Type: Inline - RelativeJump 0x8062D1E2-->8062D1F3 [ntoskrnl.exe]
ntoskrnl.exe+0x00156331, Type: Inline - RelativeJump 0x8062D331-->8062D38D [ntoskrnl.exe]
ntoskrnl.exe+0x00156511, Type: Inline - PushRet 0x8062D511-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0015680E, Type: Inline - RelativeCall 0x8062D80E-->805F2596 [ntoskrnl.exe]
ntoskrnl.exe+0x00156814, Type: Inline - RelativeCall 0x8062D814-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0015681C, Type: Inline - PushRet 0x8062D81C-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00156A4F, Type: Inline - RelativeCall 0x8062DA4F-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00156A54, Type: Inline - RelativeJump 0x8062DA54-->8062DA7A [ntoskrnl.exe]
ntoskrnl.exe+0x00156F37, Type: Inline - RelativeJump 0x8062DF37-->8062DF4B [ntoskrnl.exe]
ntoskrnl.exe+0x00157002, Type: Inline - RelativeJump 0x8062E002-->8062E081 [ntoskrnl.exe]
ntoskrnl.exe+0x00157012, Type: Inline - RelativeJump 0x8062E012-->8062E023 [ntoskrnl.exe]
ntoskrnl.exe+0x001571E2, Type: Inline - RelativeJump 0x8062E1E2-->8062E1C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0015752B, Type: Inline - RelativeJump 0x8062E52B-->8062E6FF [ntoskrnl.exe]
ntoskrnl.exe+0x001575E3, Type: Inline - RelativeJump 0x8062E5E3-->8062E60C [ntoskrnl.exe]
ntoskrnl.exe+0x00157753, Type: Inline - RelativeJump 0x8062E753-->8062E703 [ntoskrnl.exe]
ntoskrnl.exe+0x001577C7, Type: Inline - RelativeCall 0x8062E7C7-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x001577D4, Type: Inline - RelativeJump 0x8062E7D4-->8062E7E2 [ntoskrnl.exe]
ntoskrnl.exe+0x0015782F, Type: Inline - RelativeJump 0x8062E82F-->8062E83D [ntoskrnl.exe]
ntoskrnl.exe+0x0015783C, Type: Inline - RelativeJump 0x8062E83C-->8062EB0A [ntoskrnl.exe]
ntoskrnl.exe+0x00157843, Type: Inline - RelativeJump 0x8062E843-->8062E862 [ntoskrnl.exe]
ntoskrnl.exe+0x0015784A, Type: Inline - RelativeCall 0x8062E84A-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe+0x00157863, Type: Inline - DirectCall 0x8062E863-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00157929, Type: Inline - RelativeJump 0x8062E929-->8062E940 [ntoskrnl.exe]
ntoskrnl.exe+0x00157A80, Type: Inline - RelativeCall 0x8062EA80-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00157A86, Type: Inline - PushRet 0x8062EA86-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00157C62, Type: Inline - RelativeJump 0x8062EC62-->8062ECFC [ntoskrnl.exe]
ntoskrnl.exe+0x00157CD6, Type: Inline - RelativeCall 0x8062ECD6-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00157CE1, Type: Inline - PushRet 0x8062ECE1-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00157D09, Type: Inline - RelativeJump 0x8062ED09-->8062ED5B [ntoskrnl.exe]
ntoskrnl.exe+0x00157DA8, Type: Inline - DirectCall 0x8062EDA8-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00157DFE, Type: Inline - RelativeJump 0x8062EDFE-->8062EE9B [ntoskrnl.exe]
ntoskrnl.exe+0x00157E47, Type: Inline - RelativeJump 0x8062EE47-->8062EE7E [ntoskrnl.exe]
ntoskrnl.exe+0x00157EF2, Type: Inline - RelativeJump 0x8062EEF2-->8062EF3F [ntoskrnl.exe]
ntoskrnl.exe+0x00157F9E, Type: Inline - RelativeJump 0x8062EF9E-->8062EFAC [ntoskrnl.exe]
ntoskrnl.exe+0x00157FB4, Type: Inline - PushRet 0x8062EFB4-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00158142, Type: Inline - DirectCall 0x8062F142-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x001583F1, Type: Inline - RelativeCall 0x8062F3F1-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00158409, Type: Inline - PushRet 0x8062F409-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00158485, Type: Inline - RelativeJump 0x8062F485-->8062F48C [ntoskrnl.exe]
ntoskrnl.exe+0x001586E7, Type: Inline - PushRet 0x8062F6E7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00158B99, Type: Inline - RelativeJump 0x8062FB99-->8062FBAB [ntoskrnl.exe]
ntoskrnl.exe+0x00158E10, Type: Inline - RelativeJump 0x8062FE10-->8062FFBE [ntoskrnl.exe]
ntoskrnl.exe+0x00158F11, Type: Inline - RelativeCall 0x8062FF11-->8062C7E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00159084, Type: Inline - RelativeCall 0x80630084-->8062F72F [ntoskrnl.exe]
ntoskrnl.exe+0x0015908F, Type: Inline - RelativeJump 0x8063008F-->8063061C [ntoskrnl.exe]
ntoskrnl.exe+0x0015909A, Type: Inline - RelativeJump 0x8063009A-->80630615 [ntoskrnl.exe]
ntoskrnl.exe+0x00159128, Type: Inline - RelativeCall 0x80630128-->908A49AD [unknown_code_page]
ntoskrnl.exe+0x0015916A, Type: Inline - RelativeJump 0x8063016A-->806301A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0015926A, Type: Inline - RelativeJump 0x8063026A-->80630259 [ntoskrnl.exe]
ntoskrnl.exe+0x001592D1, Type: Inline - RelativeCall 0x806302D1-->8053CDD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00159653, Type: Inline - RelativeCall 0x80630653-->8054020F [ntoskrnl.exe]
ntoskrnl.exe+0x001599EF, Type: Inline - RelativeJump 0x806309EF-->80630A2B [ntoskrnl.exe]
ntoskrnl.exe+0x00159D12, Type: Inline - RelativeJump 0x80630D12-->80630D2B [ntoskrnl.exe]
ntoskrnl.exe+0x00159EDC, Type: Inline - RelativeJump 0x80630EDC-->80630EF4 [ntoskrnl.exe]
ntoskrnl.exe+0x00159FB1, Type: Inline - RelativeJump 0x80630FB1-->80630FDA [ntoskrnl.exe]
ntoskrnl.exe+0x00159FED, Type: Inline - RelativeJump 0x80630FED-->80631003 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A054, Type: Inline - PushRet 0x80631054-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x0015A0B8, Type: Inline - RelativeCall 0x806310B8-->804F4295 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A211, Type: Inline - RelativeJump 0x80631211-->80631244 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A9ED, Type: Inline - RelativeCall 0x806319ED-->80631904 [ntoskrnl.exe]
ntoskrnl.exe+0x0015AAC3, Type: Inline - RelativeJump 0x80631AC3-->80631BDC [ntoskrnl.exe]
ntoskrnl.exe+0x0015AAD1, Type: Inline - RelativeJump 0x80631AD1-->80631AEB [ntoskrnl.exe]
ntoskrnl.exe+0x0015AE2B, Type: Inline - RelativeJump 0x80631E2B-->80631E57 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B092, Type: Inline - RelativeCall 0x80632092-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B2F4, Type: Inline - RelativeCall 0x806322F4-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B926, Type: Inline - RelativeCall 0x80632926-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0015B930, Type: Inline - PushRet 0x80632930-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0015B96A, Type: Inline - RelativeJump 0x8063296A-->80632974 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C011, Type: Inline - RelativeJump 0x80633011-->80633027 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C0C6, Type: Inline - RelativeJump 0x806330C6-->806330DA [ntoskrnl.exe]
ntoskrnl.exe+0x0015C0D7, Type: Inline - RelativeCall 0x806330D7-->8050795F [ntoskrnl.exe]
ntoskrnl.exe+0x0015C183, Type: Inline - RelativeCall 0x80633183-->805D9E44 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C190, Type: Inline - RelativeCall 0x80633190-->805D9AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C307, Type: Inline - RelativeJump 0x80633307-->80633361 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C351, Type: Inline - RelativeJump 0x80633351-->80633368 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C3FA, Type: Inline - RelativeJump 0x806333FA-->80633414 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C65F, Type: Inline - RelativeJump 0x8063365F-->80633677 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C926, Type: Inline - RelativeJump 0x80633926-->8063392E [ntoskrnl.exe]
ntoskrnl.exe+0x0015CAEA, Type: Inline - RelativeCall 0x80633AEA-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0015CAF4, Type: Inline - PushRet 0x80633AF4-->90CC0004 [unknown_code_page]
ntoskrnl.exe+0x0015CB8F, Type: Inline - RelativeJump 0x80633B8F-->80633B99 [ntoskrnl.exe]
ntoskrnl.exe+0x0015CBD4, Type: Inline - RelativeCall 0x80633BD4-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0015CD3F, Type: Inline - RelativeJump 0x80633D3F-->80633D5E [ntoskrnl.exe]
ntoskrnl.exe+0x0015CE25, Type: Inline - PushRet 0x80633E25-->E8016AD0 [unknown_code_page]
ntoskrnl.exe+0x0015D059, Type: Inline - RelativeCall 0x80634059-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D0CD, Type: Inline - RelativeCall 0x806340CD-->81CD93D5 [unknown_code_page]
ntoskrnl.exe+0x0015D0D5, Type: Inline - RelativeJump 0x806340D5-->80634114 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D3DC, Type: Inline - RelativeJump 0x806343DC-->806343D5 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D622, Type: Inline - RelativeJump 0x80634622-->8063466E [ntoskrnl.exe]
ntoskrnl.exe+0x0015D696, Type: Inline - RelativeJump 0x80634696-->806346AF [ntoskrnl.exe]
ntoskrnl.exe+0x0015D6AF, Type: Inline - RelativeJump 0x806346AF-->806346A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC2F, Type: Inline - RelativeCall 0x80634C2F-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC34, Type: Inline - RelativeJump 0x80634C34-->80634E24 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC40, Type: Inline - RelativeCall 0x80634C40-->804E5C6E [ntoskrnl.exe]
ntoskrnl.exe+0x0015DCE1, Type: Inline - RelativeCall 0x80634CE1-->80634B17 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DD35, Type: Inline - RelativeJump 0x80634D35-->80634D49 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E0A9, Type: Inline - RelativeJump 0x806350A9-->8063509B [ntoskrnl.exe]
ntoskrnl.exe+0x0015E51B, Type: Inline - RelativeJump 0x8063551B-->8063552C [ntoskrnl.exe]
ntoskrnl.exe+0x0015E582, Type: Inline - RelativeJump 0x80635582-->80635590 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E603, Type: Inline - RelativeCall 0x80635603-->8064CBE3 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E95F, Type: Inline - PushRet 0x8063595F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0015E976, Type: Inline - RelativeJump 0x80635976-->80635A12 [ntoskrnl.exe]
ntoskrnl.exe+0x0015EB05, Type: Inline - RelativeJump 0x80635B05-->80635B28 [ntoskrnl.exe]
ntoskrnl.exe+0x0015ECDB, Type: Inline - PushRet 0x80635CDB-->EABC4FE8 [unknown_code_page]
ntoskrnl.exe+0x0015ED25, Type: Inline - PushRet 0x80635D25-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0015F104, Type: Inline - RelativeCall 0x80636104-->80590F69 [ntoskrnl.exe]
ntoskrnl.exe+0x0015F113, Type: Inline - RelativeJump 0x80636113-->8063625F [ntoskrnl.exe]
ntoskrnl.exe+0x0015F1C9, Type: Inline - RelativeJump 0x806361C9-->80636262 [ntoskrnl.exe]
ntoskrnl.exe+0x0015F52F, Type: Inline - RelativeJump 0x8063652F-->80636549 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FAD2, Type: Inline - RelativeCall 0x80636AD2-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FAD8, Type: Inline - RelativeJump 0x80636AD8-->80636C7F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FC58, Type: Inline - RelativeJump 0x80636C58-->80636C36 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD3C, Type: Inline - RelativeCall 0x80636D3C-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD4A, Type: Inline - RelativeJump 0x80636D4A-->80636E3B [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD52, Type: Inline - RelativeJump 0x80636D52-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD64, Type: Inline - RelativeJump 0x80636D64-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD6D, Type: Inline - RelativeJump 0x80636D6D-->80636D90 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD78, Type: Inline - RelativeJump 0x80636D78-->80636D88 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FDF6, Type: Inline - RelativeJump 0x80636DF6-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FE05, Type: Inline - RelativeJump 0x80636E05-->80636E0E [ntoskrnl.exe]
ntoskrnl.exe+0x00160097, Type: Inline - RelativeJump 0x80637097-->806370A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001600EA, Type: Inline - RelativeCall 0x806370EA-->8054D3D1 [ntoskrnl.exe]
ntoskrnl.exe+0x001601BB, Type: Inline - RelativeJump 0x806371BB-->80637242 [ntoskrnl.exe]
ntoskrnl.exe+0x0016055F, Type: Inline - RelativeJump 0x8063755F-->80637583 [ntoskrnl.exe]
ntoskrnl.exe+0x001607BF, Type: Inline - PushRet 0x806377BF-->8BED75F6 [unknown_code_page]
ntoskrnl.exe+0x001607C0, Type: Inline - RelativeCall 0x806377C0-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x001607C5, Type: Inline - RelativeJump 0x806377C5-->806377D3 [ntoskrnl.exe]
ntoskrnl.exe+0x00160B4D, Type: Inline - RelativeJump 0x80637B4D-->80637B55 [ntoskrnl.exe]
ntoskrnl.exe+0x00160CDC, Type: Inline - RelativeJump 0x80637CDC-->80637D15 [ntoskrnl.exe]
ntoskrnl.exe+0x00160D4E, Type: Inline - RelativeCall 0x80637D4E-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00160D56, Type: Inline - PushRet 0x80637D56-->9090000C [unknown_code_page]
ntoskrnl.exe+0x00160E08, Type: Inline - DirectCall 0x80637E08-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00160EEE, Type: Inline - RelativeJump 0x80637EEE-->80637F15 [ntoskrnl.exe]
ntoskrnl.exe+0x00160FF8, Type: Inline - RelativeJump 0x80637FF8-->8063800D [ntoskrnl.exe]
ntoskrnl.exe+0x0016139D, Type: Inline - RelativeJump 0x8063839D-->FF006AFF [unknown_code_page]
ntoskrnl.exe+0x001613A6, Type: Inline - RelativeCall 0x806383A6-->806382BF [ntoskrnl.exe]
ntoskrnl.exe+0x001613AC, Type: Inline - RelativeCall 0x806383AC-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00161591, Type: Inline - PushRet 0x80638591-->CC900014 [unknown_code_page]
ntoskrnl.exe+0x001615D4, Type: Inline - RelativeCall 0x806385D4-->80505760 [ntoskrnl.exe]
ntoskrnl.exe+0x0016187D, Type: Inline - RelativeJump 0x8063887D-->80638893 [ntoskrnl.exe]
ntoskrnl.exe+0x00161C43, Type: Inline - RelativeJump 0x80638C43-->80638CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00161C5C, Type: Inline - RelativeJump 0x80638C5C-->80638C83 [ntoskrnl.exe]
ntoskrnl.exe+0x00161CEE, Type: Inline - RelativeJump 0x80638CEE-->80638C64 [ntoskrnl.exe]
ntoskrnl.exe+0x00161D0B, Type: Inline - RelativeCall 0x80638D0B-->B96C4F94 [unknown_code_page]
ntoskrnl.exe+0x00161D11, Type: Inline - RelativeJump 0x80638D11-->80638CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00161D1C, Type: Inline - RelativeJump 0x80638D1C-->80638B76 [ntoskrnl.exe]
ntoskrnl.exe+0x00161F07, Type: Inline - RelativeJump 0x80638F07-->80638F19 [ntoskrnl.exe]
ntoskrnl.exe+0x00162513, Type: Inline - RelativeJump 0x80639513-->80639505 [ntoskrnl.exe]
ntoskrnl.exe+0x00162847, Type: Inline - RelativeJump 0x80639847-->80639952 [ntoskrnl.exe]
ntoskrnl.exe+0x00162853, Type: Inline - RelativeJump 0x80639853-->8063917F [ntoskrnl.exe]
ntoskrnl.exe+0x00162858, Type: Inline - RelativeJump 0x80639858-->80639952 [ntoskrnl.exe]
ntoskrnl.exe+0x00162908, Type: Inline - RelativeJump 0x80639908-->80639933 [ntoskrnl.exe]
ntoskrnl.exe+0x0016293A, Type: Inline - RelativeJump 0x8063993A-->80639879 [ntoskrnl.exe]
ntoskrnl.exe+0x00162ED6, Type: Inline - RelativeCall 0x80639ED6-->88A92C2B [unknown_code_page]
ntoskrnl.exe+0x00163158, Type: Inline - RelativeCall 0x8063A158-->8056F21C [ntoskrnl.exe]
ntoskrnl.exe+0x00163163, Type: Inline - RelativeJump 0x8063A163-->8063A175 [ntoskrnl.exe]
ntoskrnl.exe+0x0016348C, Type: Inline - RelativeJump 0x8063A48C-->8063A513 [ntoskrnl.exe]
ntoskrnl.exe+0x0016361C, Type: Inline - RelativeCall 0x8063A61C-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163B14, Type: Inline - RelativeJump 0x8063AB14-->8063ACD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163B96, Type: Inline - RelativeJump 0x8063AB96-->8063ABA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00163BEC, Type: Inline - RelativeJump 0x8063ABEC-->8063AC12 [ntoskrnl.exe]
ntoskrnl.exe+0x00163C58, Type: Inline - RelativeJump 0x8063AC58-->8063ACD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00163D5A, Type: Inline - RelativeJump 0x8063AD5A-->8063ACD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163D68, Type: Inline - RelativeJump 0x8063AD68-->8063AD9C [ntoskrnl.exe]
ntoskrnl.exe+0x00163DC7, Type: Inline - RelativeJump 0x8063ADC7-->8063ADA9 [ntoskrnl.exe]
ntoskrnl.exe+0x00163E65, Type: Inline - RelativeJump 0x8063AE65-->8063AE6A [ntoskrnl.exe]
ntoskrnl.exe+0x00163F1D, Type: Inline - RelativeJump 0x8063AF1D-->8063AF05 [ntoskrnl.exe]
ntoskrnl.exe+0x00163F61, Type: Inline - PushRet 0x8063AF61-->F0C5048D [unknown_code_page]
ntoskrnl.exe+0x00163F62, Type: Inline - RelativeCall 0x8063AF62-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe+0x001640C5, Type: Inline - RelativeJump 0x8063B0C5-->8063B0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0016467A, Type: Inline - RelativeJump 0x8063B67A-->8063B753 [ntoskrnl.exe]
ntoskrnl.exe+0x0016467F, Type: Inline - RelativeJump 0x8063B67F-->8063B74B [ntoskrnl.exe]
ntoskrnl.exe+0x0016468A, Type: Inline - RelativeJump 0x8063B68A-->8063B6BE [ntoskrnl.exe]
ntoskrnl.exe+0x00164AEC, Type: Inline - RelativeJump 0x8063BAEC-->8063BAB4 [ntoskrnl.exe]
ntoskrnl.exe+0x00164AFB, Type: Inline - RelativeJump 0x8063BAFB-->8063BAC0 [ntoskrnl.exe]
ntoskrnl.exe+0x00164B44, Type: Inline - RelativeJump 0x8063BB44-->8063BB74 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C5E, Type: Inline - RelativeJump 0x8063BC5E-->8063BAB3 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C6C, Type: Inline - RelativeJump 0x8063BC6C-->8063BC08 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C7E, Type: Inline - RelativeJump 0x8063BC7E-->8063BC8B [ntoskrnl.exe]
ntoskrnl.exe+0x00164D26, Type: Inline - RelativeCall 0x8063BD26-->805D2201 [ntoskrnl.exe]
ntoskrnl.exe+0x00164D3A, Type: Inline - RelativeJump 0x8063BD3A-->8063BD55 [ntoskrnl.exe]
ntoskrnl.exe+0x00164D85, Type: Inline - RelativeJump 0x8063BD85-->8063BDA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00164EB4, Type: Inline - RelativeJump 0x8063BEB4-->8063BECE [ntoskrnl.exe]
ntoskrnl.exe+0x00165171, Type: Inline - PushRet 0x8063C171-->90900008 [unknown_code_page]
ntoskrnl.exe+0x001653EE, Type: Inline - RelativeJump 0x8063C3EE-->8063C411 [ntoskrnl.exe]
ntoskrnl.exe+0x00165503, Type: Inline - RelativeJump 0x8063C503-->8063C523 [ntoskrnl.exe]
ntoskrnl.exe+0x00165513, Type: Inline - RelativeJump 0x8063C513-->8063C5B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016558C, Type: Inline - RelativeJump 0x8063C58C-->8063C5BE [ntoskrnl.exe]
ntoskrnl.exe+0x001659C1, Type: Inline - RelativeCall 0x8063C9C1-->BC72B4FD [unknown_code_page]
ntoskrnl.exe+0x001659C6, Type: Inline - RelativeJump 0x8063C9C6-->8063C9F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00165A0B, Type: Inline - PushRet 0x8063CA0B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00165A1A, Type: Inline - RelativeCall 0x8063CA1A-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00165A2C, Type: Inline - PushRet 0x8063CA2C-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x00165B77, Type: Inline - RelativeJump 0x8063CB77-->8063CB65 [ntoskrnl.exe]
ntoskrnl.exe+0x00165C18, Type: Inline - PushRet 0x8063CC18-->CC900010 [unknown_code_page]
ntoskrnl.exe+0x00165CEF, Type: Inline - DirectJump 0x8063CCEF-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00166106, Type: Inline - RelativeCall 0x8063D106-->805B61D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016610C, Type: Inline - RelativeCall 0x8063D10C-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00166237, Type: Inline - RelativeJump 0x8063D237-->8063D251 [ntoskrnl.exe]
ntoskrnl.exe+0x0016623C, Type: Inline - DirectCall 0x8063D23C-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00166246, Type: Inline - RelativeJump 0x8063D246-->8063D251 [ntoskrnl.exe]
ntoskrnl.exe+0x001663EC, Type: Inline - RelativeJump 0x8063D3EC-->8063D406 [ntoskrnl.exe]
ntoskrnl.exe+0x00166566, Type: Inline - PushRet 0x8063D566-->CC900014 [unknown_code_page]
ntoskrnl.exe+0x001665D6, Type: Inline - RelativeJump 0x8063D5D6-->8063D5DE [ntoskrnl.exe]
ntoskrnl.exe+0x0016663A, Type: Inline - RelativeCall 0x8063D63A-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe+0x00166645, Type: Inline - RelativeJump 0x8063D645-->8063D651 [ntoskrnl.exe]
ntoskrnl.exe+0x001666C6, Type: Inline - RelativeCall 0x8063D6C6-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x001666D7, Type: Inline - PushRet 0x8063D6D7-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00166B00, Type: Inline - RelativeJump 0x8063DB00-->8063DB06 [ntoskrnl.exe]
ntoskrnl.exe+0x00166B12, Type: Inline - RelativeJump 0x8063DB12-->8063DB18 [ntoskrnl.exe]
ntoskrnl.exe+0x00166E01, Type: Inline - RelativeJump 0x8063DE01-->8063DD27 [ntoskrnl.exe]
ntoskrnl.exe+0x00166EED, Type: Inline - RelativeJump 0x8063DEED-->8063DEF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016702C, Type: Inline - RelativeJump 0x8063E02C-->8063E041 [ntoskrnl.exe]
ntoskrnl.exe+0x00167318, Type: Inline - RelativeJump 0x8063E318-->8063E4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00167326, Type: Inline - RelativeJump 0x8063E326-->8063E4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00167360, Type: Inline - RelativeJump 0x8063E360-->8063E4D8 [ntoskrnl.exe]
ntoskrnl.exe+0x0016738C, Type: Inline - RelativeJump 0x8063E38C-->8063E497 [ntoskrnl.exe]
ntoskrnl.exe+0x00167478, Type: Inline - RelativeCall 0x8063E478-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016795B, Type: Inline - RelativeCall 0x8063E95B-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x00167963, Type: Inline - RelativeJump 0x8063E963-->8063E9F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00167AEB, Type: Inline - RelativeJump 0x8063EAEB-->8063EC41 [ntoskrnl.exe]
ntoskrnl.exe+0x00167F15, Type: Inline - RelativeJump 0x8063EF15-->8063EF1B [ntoskrnl.exe]
ntoskrnl.exe+0x00168003, Type: Inline - RelativeJump 0x8063F003-->8063F023 [ntoskrnl.exe]
ntoskrnl.exe+0x0016800E, Type: Inline - RelativeJump 0x8063F00E-->8063F023 [ntoskrnl.exe]
ntoskrnl.exe+0x00168035, Type: Inline - RelativeCall 0x8063F035-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0016810A, Type: Inline - RelativeJump 0x8063F10A-->8063F1E5 [ntoskrnl.exe]
ntoskrnl.exe+0x001684F1, Type: Inline - RelativeCall 0x8063F4F1-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x001684F6, Type: Inline - PushRet 0x8063F4F6-->90909090 [unknown_code_page]

ntoskrnl.exe+0x001686F5, Type: Inline - RelativeCall 0x8063F6F5-->8056FE2C [ntoskrnl.exe]
ntoskrnl.exe+0x001687DD, Type: Inline - RelativeJump 0x8063F7DD-->8063F7EF [ntoskrnl.exe]
ntoskrnl.exe+0x00168875, Type: Inline - RelativeJump 0x8063F875-->8063F8B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016889E, Type: Inline - RelativeJump 0x8063F89E-->8063FA0B [ntoskrnl.exe]
ntoskrnl.exe+0x00168910, Type: Inline - RelativeJump 0x8063F910-->8063F8DE [ntoskrnl.exe]
ntoskrnl.exe+0x0016892F, Type: Inline - RelativeJump 0x8063F92F-->8063F905 [ntoskrnl.exe]
ntoskrnl.exe+0x001689E9, Type: Inline - RelativeCall 0x8063F9E9-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x001689F5, Type: Inline - RelativeJump 0x8063F9F5-->8063FA0C [ntoskrnl.exe]
ntoskrnl.exe+0x00168A01, Type: Inline - RelativeJump 0x8063FA01-->8063F9E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00168A0F, Type: Inline - RelativeJump 0x8063FA0F-->8063FB7A [ntoskrnl.exe]
ntoskrnl.exe+0x00168A16, Type: Inline - RelativeJump 0x8063FA16-->8063FA7D [ntoskrnl.exe]
ntoskrnl.exe+0x00168A70, Type: Inline - RelativeJump 0x8063FA70-->8063FA80 [ntoskrnl.exe]
ntoskrnl.exe+0x00168E5A, Type: Inline - PushRet 0x8063FE5A-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00169014, Type: Inline - RelativeJump 0x80640014-->8064003A [ntoskrnl.exe]
ntoskrnl.exe+0x00169094, Type: Inline - PushRet 0x80640094-->CCCC0024 [unknown_code_page]
ntoskrnl.exe+0x001697E0, Type: Inline - RelativeCall 0x806407E0-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x00169813, Type: Inline - RelativeCall 0x80640813-->80590EF2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016A021, Type: Inline - RelativeJump 0x80641021-->8064101F [ntoskrnl.exe]
ntoskrnl.exe+0x0016A14A, Type: Inline - RelativeJump 0x8064114A-->8064114A [ntoskrnl.exe]
ntoskrnl.exe+0x0016A34C, Type: Inline - RelativeCall 0x8064134C-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0016A351, Type: Inline - RelativeJump 0x80641351-->8064135F [ntoskrnl.exe]
ntoskrnl.exe+0x0016AA78, Type: Inline - RelativeCall 0x80641A78-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AA7D, Type: Inline - RelativeJump 0x80641A7D-->80641A8B [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB24, Type: Inline - RelativeJump 0x80641B24-->80641BF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB2C, Type: Inline - RelativeJump 0x80641B2C-->80641BF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB42, Type: Inline - RelativeJump 0x80641B42-->80641BF6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB48, Type: Inline - RelativeJump 0x80641B48-->80641B5B [ntoskrnl.exe]
ntoskrnl.exe+0x0016AF13, Type: Inline - RelativeJump 0x80641F13-->80641F49 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AFD3, Type: Inline - RelativeJump 0x80641FD3-->80641FE9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AFDA, Type: Inline - RelativeJump 0x80641FDA-->80641FEF [ntoskrnl.exe]
ntoskrnl.exe+0x0016B1F7, Type: Inline - RelativeJump 0x806421F7-->80642229 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B20D, Type: Inline - RelativeJump 0x8064220D-->8064221F [ntoskrnl.exe]
ntoskrnl.exe+0x0016B768, Type: Inline - RelativeCall 0x80642768-->80642618 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B773, Type: Inline - RelativeJump 0x80642773-->80642790 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B77A, Type: Inline - RelativeCall 0x8064277A-->806426C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B7A0, Type: Inline - RelativeJump 0x806427A0-->806427B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BA94, Type: Inline - RelativeJump 0x80642A94-->80642A9C [ntoskrnl.exe]
ntoskrnl.exe+0x0016BABE, Type: Inline - RelativeJump 0x80642ABE-->80642B5A [ntoskrnl.exe]
ntoskrnl.exe+0x0016BB54, Type: Inline - RelativeJump 0x80642B54-->80642B63 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BB9F, Type: Inline - RelativeJump 0x80642B9F-->80642A13 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BCD0, Type: Inline - RelativeJump 0x80642CD0-->80642D78 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BD5C, Type: Inline - RelativeJump 0x80642D5C-->80642D75 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BF03, Type: Inline - RelativeJump 0x80642F03-->80642E9A [ntoskrnl.exe]
ntoskrnl.exe+0x0016C171, Type: Inline - RelativeCall 0x80643171-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C3A0, Type: Inline - RelativeJump 0x806433A0-->806433B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C3B7, Type: Inline - PushRet 0x806433B7-->8BA5F3FA [unknown_code_page]
ntoskrnl.exe+0x0016C4B6, Type: Inline - RelativeCall 0x806434B6-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0016C4BC, Type: Inline - RelativeJump 0x806434BC-->806434D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C8E4, Type: Inline - RelativeCall 0x806438E4-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0016C8F9, Type: Inline - PushRet 0x806438F9-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0016C999, Type: Inline - RelativeJump 0x80643999-->8068FCA1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016CA78, Type: Inline - PushRet 0x80643A78-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CBCD, Type: Inline - RelativeCall 0x80643BCD-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0016CC54, Type: Inline - RelativeJump 0x80643C54-->80643C64 [ntoskrnl.exe]
ntoskrnl.exe+0x0016CD54, Type: Inline - PushRet 0x80643D54-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CE40, Type: Inline - PushRet 0x80643E40-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CFF2, Type: Inline - PushRet 0x80643FF2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016D27F, Type: Inline - RelativeJump 0x8064427F-->806442B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016DD8A, Type: Inline - RelativeJump 0x80644D8A-->80644D7C [ntoskrnl.exe]
ntoskrnl.exe+0x0016DEEA, Type: Inline - RelativeJump 0x80644EEA-->80644EE7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016DF1D, Type: Inline - RelativeJump 0x80644F1D-->80644EAE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E082, Type: Inline - RelativeJump 0x80645082-->806450A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E203, Type: Inline - RelativeCall 0x80645203-->80644A0E [ntoskrnl.exe]
ntoskrnl.exe+0x0016E39E, Type: Inline - RelativeJump 0x8064539E-->806453B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E4F5, Type: Inline - RelativeCall 0x806454F5-->80546FFE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E500, Type: Inline - PushRet 0x80645500-->90CC0004 [unknown_code_page]
ntoskrnl.exe+0x0016E5BB, Type: Inline - RelativeCall 0x806455BB-->804E3B12 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5C4, Type: Inline - PushRet 0x806455C4-->F08B077D [unknown_code_page]
ntoskrnl.exe+0x0016E5C5, Type: Inline - RelativeJump 0x806455C5-->806455D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5E4, Type: Inline - RelativeJump 0x806455E4-->8064561B [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5FC, Type: Inline - PushRet 0x806455FC-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016E64B, Type: Inline - RelativeCall 0x8064564B-->804E391E [ntoskrnl.exe]
ntoskrnl.exe+0x0016E65E, Type: Inline - PushRet 0x8064565E-->FF628C0F [unknown_code_page]
ntoskrnl.exe+0x0016E65F, Type: Inline - RelativeJump 0x8064565F-->806455C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E695, Type: Inline - RelativeCall 0x80645695-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E69E, Type: Inline - RelativeJump 0x8064569E-->806455C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E893, Type: Inline - RelativeJump 0x80645893-->806458AC [ntoskrnl.exe]
ntoskrnl.exe+0x0016E8CC, Type: Inline - RelativeCall 0x806458CC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E8DC, Type: Inline - RelativeJump 0x806458DC-->80645A76 [ntoskrnl.exe]
ntoskrnl.exe+0x0016EA22, Type: Inline - RelativeCall 0x80645A22-->804E86F5 [ntoskrnl.exe]
ntoskrnl.exe+0x0016EA86, Type: Inline - RelativeJump 0x80645A86-->80645A8C [ntoskrnl.exe]
ntoskrnl.exe+0x0016EAAA, Type: Inline - RelativeJump 0x80645AAA-->80645AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016ECE4, Type: Inline - RelativeJump 0x80645CE4-->80645D9F [ntoskrnl.exe]
ntoskrnl.exe+0x0016EE7E, Type: Inline - PushRet 0x80645E7E-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016F158, Type: Inline - RelativeJump 0x80646158-->8064677D [ntoskrnl.exe]
ntoskrnl.exe+0x0016F1D2, Type: Inline - RelativeJump 0x806461D2-->806461DF [ntoskrnl.exe]
ntoskrnl.exe+0x0016F206, Type: Inline - RelativeJump 0x80646206-->80646222 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F226, Type: Inline - RelativeJump 0x80646226-->80646259 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F23A, Type: Inline - RelativeJump 0x8064623A-->80646259 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F552, Type: Inline - RelativeJump 0x80646552-->8064656C [ntoskrnl.exe]
ntoskrnl.exe+0x0016F590, Type: Inline - RelativeCall 0x80646590-->8064C717 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F5A6, Type: Inline - RelativeJump 0x806465A6-->8064674A [ntoskrnl.exe]
ntoskrnl.exe+0x0016F5E0, Type: Inline - RelativeJump 0x806465E0-->806465F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F60E, Type: Inline - RelativeJump 0x8064660E-->806466D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F626, Type: Inline - RelativeJump 0x80646626-->806466B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F62E, Type: Inline - RelativeJump 0x8064662E-->806466B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F6B0, Type: Inline - RelativeJump 0x806466B0-->806466C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FA6F, Type: Inline - RelativeJump 0x80646A6F-->80646A8B [ntoskrnl.exe]
ntoskrnl.exe+0x0016FA85, Type: Inline - RelativeJump 0x80646A85-->80646AA0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FBD5, Type: Inline - RelativeCall 0x80646BD5-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FBE1, Type: Inline - RelativeCall 0x80646BE1-->80645EC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FC24, Type: Inline - RelativeJump 0x80646C24-->80646C6B [ntoskrnl.exe]
ntoskrnl.exe+0x0016FCDD, Type: Inline - RelativeCall 0x80646CDD-->80649F4E [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEB8, Type: Inline - RelativeJump 0x80646EB8-->80647056 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEBD, Type: Inline - RelativeJump 0x80646EBD-->80647059 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEC5, Type: Inline - RelativeJump 0x80646EC5-->80647030 [ntoskrnl.exe]
ntoskrnl.exe+0x0017000E, Type: Inline - RelativeCall 0x8064700E-->FFC00000 [unknown_code_page]
ntoskrnl.exe+0x00170016, Type: Inline - RelativeCall 0x80647016-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0017001B, Type: Inline - RelativeJump 0x8064701B-->8064705A [ntoskrnl.exe]
ntoskrnl.exe+0x001705C7, Type: Inline - RelativeJump 0x806475C7-->8064761D [ntoskrnl.exe]
ntoskrnl.exe+0x00170804, Type: Inline - RelativeJump 0x80647804-->8064781E [ntoskrnl.exe]
ntoskrnl.exe+0x00170924, Type: Inline - RelativeJump 0x80647924-->80647907 [ntoskrnl.exe]
ntoskrnl.exe+0x0017095C, Type: Inline - RelativeJump 0x8064795C-->8064797A [ntoskrnl.exe]
ntoskrnl.exe+0x00170968, Type: Inline - PushRet 0x80647968-->E8A55210 [unknown_code_page]
ntoskrnl.exe+0x0017096B, Type: Inline - RelativeCall 0x8064796B-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x0017097B, Type: Inline - RelativeCall 0x8064797B-->80649F4E [ntoskrnl.exe]
ntoskrnl.exe+0x00170980, Type: Inline - RelativeJump 0x80647980-->8064798F [ntoskrnl.exe]
ntoskrnl.exe+0x00170B02, Type: Inline - RelativeJump 0x80647B02-->80647A88 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C10, Type: Inline - RelativeJump 0x80647C10-->80647D90 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C17, Type: Inline - RelativeJump 0x80647C17-->80647D07 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C80, Type: Inline - RelativeJump 0x80647C80-->80647D85 [ntoskrnl.exe]
ntoskrnl.exe+0x00170CE4, Type: Inline - PushRet 0x80647CE4-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00170CEE, Type: Inline - RelativeJump 0x80647CEE-->80647DCE [ntoskrnl.exe]
ntoskrnl.exe+0x00170D04, Type: Inline - RelativeJump 0x80647D04-->80647D90 [ntoskrnl.exe]
ntoskrnl.exe+0x00170D0F, Type: Inline - RelativeJump 0x80647D0F-->80647D6A [ntoskrnl.exe]
ntoskrnl.exe+0x00170E41, Type: Inline - RelativeJump 0x80647E41-->80647E5B [ntoskrnl.exe]
ntoskrnl.exe+0x00170ECD, Type: Inline - RelativeCall 0x80647ECD-->80684277 [ntoskrnl.exe]
ntoskrnl.exe+0x00170EDD, Type: Inline - RelativeCall 0x80647EDD-->80648F9F [ntoskrnl.exe]
ntoskrnl.exe+0x00171105, Type: Inline - RelativeCall 0x80648105-->804E1343 [ntoskrnl.exe]
ntoskrnl.exe+0x00171157, Type: Inline - RelativeCall 0x80648157-->80684277 [ntoskrnl.exe]
ntoskrnl.exe+0x001712B5, Type: Inline - RelativeJump 0x806482B5-->80648364 [ntoskrnl.exe]
ntoskrnl.exe+0x001712BB, Type: Inline - RelativeJump 0x806482BB-->80648378 [ntoskrnl.exe]
ntoskrnl.exe+0x001714F8, Type: Inline - RelativeJump 0x806484F8-->806484D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017193A, Type: Inline - RelativeJump 0x8064893A-->80648966 [ntoskrnl.exe]
ntoskrnl.exe+0x00171BEA, Type: Inline - RelativeJump 0x80648BEA-->80648D06 [ntoskrnl.exe]
ntoskrnl.exe+0x00171CEE, Type: Inline - RelativeJump 0x80648CEE-->80648CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00172259, Type: Inline - RelativeJump 0x80649259-->8064931F [ntoskrnl.exe]
ntoskrnl.exe+0x00172292, Type: Inline - RelativeJump 0x80649292-->806492A2 [ntoskrnl.exe]
ntoskrnl.exe+0x001722CE, Type: Inline - RelativeJump 0x806492CE-->806492C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00172305, Type: Inline - RelativeJump 0x80649305-->80649319 [ntoskrnl.exe]
ntoskrnl.exe+0x00172330, Type: Inline - RelativeJump 0x80649330-->8064933F [ntoskrnl.exe]
ntoskrnl.exe+0x00172543, Type: Inline - PushRet 0x80649543-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00172A01, Type: Inline - RelativeJump 0x80649A01-->80649A16 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B24, Type: Inline - RelativeJump 0x80649B24-->80649B2C [ntoskrnl.exe]
ntoskrnl.exe+0x00172B2C, Type: Inline - RelativeJump 0x80649B2C-->80649B36 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B40, Type: Inline - RelativeJump 0x80649B40-->80649B48 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B50, Type: Inline - RelativeJump 0x80649B50-->80649B5A [ntoskrnl.exe]
ntoskrnl.exe+0x00172B60, Type: Inline - RelativeJump 0x80649B60-->80649B6A [ntoskrnl.exe]
ntoskrnl.exe+0x00172D8D, Type: Inline - DirectCall 0x80649D8D-->804D8054 [ntoskrnl.exe]
ntoskrnl.exe+0x00172E6F, Type: Inline - PushRet 0x80649E6F-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00172F4F, Type: Inline - RelativeJump 0x80649F4F-->80649F67 [ntoskrnl.exe]
ntoskrnl.exe+0x00173124, Type: Inline - RelativeJump 0x8064A124-->8064A139 [ntoskrnl.exe]
ntoskrnl.exe+0x0017320B, Type: Inline - RelativeJump 0x8064A20B-->8064A219 [ntoskrnl.exe]
ntoskrnl.exe+0x00173250, Type: Inline - RelativeJump 0x8064A250-->8064A25A [ntoskrnl.exe]
ntoskrnl.exe+0x00173292, Type: Inline - RelativeJump 0x8064A292-->8064A29C [ntoskrnl.exe]
ntoskrnl.exe+0x001732AE, Type: Inline - RelativeJump 0x8064A2AE-->8064A2BA [ntoskrnl.exe]
ntoskrnl.exe+0x001734CF, Type: Inline - RelativeJump 0x8064A4CF-->8064A4F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00173682, Type: Inline - RelativeJump 0x8064A682-->8064A794 [ntoskrnl.exe]
ntoskrnl.exe+0x00173793, Type: Inline - RelativeCall 0x8064A793-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001737A4, Type: Inline - RelativeJump 0x8064A7A4-->8064A7C7 [ntoskrnl.exe]
ntoskrnl.exe+0x001737BD, Type: Inline - RelativeJump 0x8064A7BD-->8064A7C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00173893, Type: Inline - RelativeJump 0x8064A893-->8064ABE3 [ntoskrnl.exe]
ntoskrnl.exe+0x001738D6, Type: Inline - RelativeJump 0x8064A8D6-->8064AB77 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A2C, Type: Inline - RelativeJump 0x8064AA2C-->8064AA44 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A82, Type: Inline - RelativeCall 0x8064AA82-->805B56A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A87, Type: Inline - RelativeJump 0x8064AA87-->8064AB32 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A8F, Type: Inline - RelativeJump 0x8064AA8F-->8064AB32 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A9B, Type: Inline - RelativeJump 0x8064AA9B-->8064AABB [ntoskrnl.exe]
ntoskrnl.exe+0x00173AAE, Type: Inline - RelativeJump 0x8064AAAE-->8064AB36 [ntoskrnl.exe]
ntoskrnl.exe+0x00173ABE, Type: Inline - RelativeJump 0x8064AABE-->8064AAD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00173AED, Type: Inline - RelativeJump 0x8064AAED-->8064AB05 [ntoskrnl.exe]
ntoskrnl.exe+0x00173B44, Type: Inline - RelativeJump 0x8064AB44-->8064A8DC [ntoskrnl.exe]
ntoskrnl.exe+0x00173B4F, Type: Inline - PushRet 0x8064AB4F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00173BBC, Type: Inline - RelativeJump 0x8064ABBC-->8064ABCB [ntoskrnl.exe]
ntoskrnl.exe+0x00173BC7, Type: Inline - RelativeJump 0x8064ABC7-->8064ABE7 [ntoskrnl.exe]
ntoskrnl.exe+0x00173BF6, Type: Inline - PushRet 0x8064ABF6-->CC900024 [unknown_code_page]
ntoskrnl.exe+0x00173C47, Type: Inline - RelativeJump 0x8064AC47-->8064AC58 [ntoskrnl.exe]
ntoskrnl.exe+0x00173E20, Type: Inline - RelativeJump 0x8064AE20-->8064AE2E [ntoskrnl.exe]
ntoskrnl.exe+0x00173ECF, Type: Inline - RelativeJump 0x8064AECF-->8064AEFF [ntoskrnl.exe]
ntoskrnl.exe+0x00173EE6, Type: Inline - RelativeCall 0x8064AEE6-->804E5CEF [ntoskrnl.exe]
ntoskrnl.exe+0x00173EF0, Type: Inline - RelativeJump 0x8064AEF0-->8064AEFF [ntoskrnl.exe]
ntoskrnl.exe+0x00174145, Type: Inline - RelativeJump 0x8064B145-->8064B155 [ntoskrnl.exe]
ntoskrnl.exe+0x00174151, Type: Inline - RelativeJump 0x8064B151-->8064B16D [ntoskrnl.exe]
ntoskrnl.exe+0x001744BB, Type: Inline - RelativeJump 0x8064B4BB-->8064B4EC [ntoskrnl.exe]
ntoskrnl.exe+0x001747A2, Type: Inline - RelativeJump 0x8064B7A2-->8064B7C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017481D, Type: Inline - RelativeCall 0x8064B81D-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x001748A5, Type: Inline - RelativeJump 0x8064B8A5-->8064B79F [ntoskrnl.exe]
ntoskrnl.exe+0x001748C4, Type: Inline - RelativeJump 0x8064B8C4-->8064B8CA [ntoskrnl.exe]
ntoskrnl.exe+0x00174A6D, Type: Inline - RelativeCall 0x8064BA6D-->804EA0FD [ntoskrnl.exe]
ntoskrnl.exe+0x00174AD1, Type: Inline - RelativeJump 0x8064BAD1-->8064BAF7 [ntoskrnl.exe]
ntoskrnl.exe+0x00174AD5, Type: Inline - RelativeJump 0x8064BAD5-->8064BAEF [ntoskrnl.exe]
ntoskrnl.exe+0x00174ADB, Type: Inline - RelativeJump 0x8064BADB-->8064BAED [ntoskrnl.exe]
ntoskrnl.exe+0x00174B62, Type: Inline - RelativeJump 0x8064BB62-->8064BB90 [ntoskrnl.exe]
ntoskrnl.exe+0x00174C8F, Type: Inline - RelativeJump 0x8064BC8F-->8064BCA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00174D31, Type: Inline - RelativeJump 0x8064BD31-->8064BCA1 [ntoskrnl.exe]
ntoskrnl.exe+0x00175091, Type: Inline - RelativeCall 0x8064C091-->8050B721 [ntoskrnl.exe]
ntoskrnl.exe+0x00175099, Type: Inline - RelativeJump 0x8064C099-->8064C0A6 [ntoskrnl.exe]
ntoskrnl.exe+0x001751B9, Type: Inline - RelativeJump 0x8064C1B9-->8064C1D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017523C, Type: Inline - RelativeCall 0x8064C23C-->8064BFB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00175299, Type: Inline - RelativeJump 0x8064C299-->8064C2B7 [ntoskrnl.exe]
ntoskrnl.exe+0x001755D5, Type: Inline - RelativeJump 0x8064C5D5-->8064C619 [ntoskrnl.exe]
ntoskrnl.exe+0x001755EA, Type: Inline - RelativeJump 0x8064C5EA-->8064C611 [ntoskrnl.exe]
ntoskrnl.exe+0x00175D71, Type: Inline - RelativeJump 0x8064CD71-->8064CD72 [ntoskrnl.exe]
ntoskrnl.exe+0x00175DEA, Type: Inline - RelativeCall 0x8064CDEA-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x00175DEF, Type: Inline - PushRet 0x8064CDEF-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00175E4D, Type: Inline - RelativeCall 0x8064CE4D-->8059296C [ntoskrnl.exe]
ntoskrnl.exe+0x00175E5A, Type: Inline - PushRet 0x8064CE5A-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x00176003, Type: Inline - RelativeJump 0x8064D003-->8064D046 [ntoskrnl.exe]
ntoskrnl.exe+0x00176448, Type: Inline - RelativeJump 0x8064D448-->8064D432 [ntoskrnl.exe]
ntoskrnl.exe+0x00176466, Type: Inline - RelativeJump 0x8064D466-->8064D46C [ntoskrnl.exe]
ntoskrnl.exe+0x00176468, Type: Inline - RelativeJump 0x8064D468-->8064D46E [ntoskrnl.exe]
ntoskrnl.exe+0x00176490, Type: Inline - RelativeJump 0x8064D490-->8064D4A8 [ntoskrnl.exe]
ntoskrnl.exe+0x001765C5, Type: Inline - RelativeJump 0x8064D5C5-->8064D5D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017692A, Type: Inline - RelativeJump 0x8064D92A-->8064D934 [ntoskrnl.exe]
ntoskrnl.exe+0x00176958, Type: Inline - RelativeJump 0x8064D958-->8064D95E [ntoskrnl.exe]
ntoskrnl.exe+0x00176964, Type: Inline - RelativeJump 0x8064D964-->8064D96A [ntoskrnl.exe]
ntoskrnl.exe+0x00176E5F, Type: Inline - RelativeCall 0x8064DE5F-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00176F05, Type: Inline - RelativeCall 0x8064DF05-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00176F0A, Type: Inline - RelativeCall 0x8064DF0A-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x001770F4, Type: Inline - RelativeJump 0x8064E0F4-->8064E0B5 [ntoskrnl.exe]
ntoskrnl.exe+0x001775DE, Type: Inline - RelativeJump 0x8064E5DE-->8064E717 [ntoskrnl.exe]
ntoskrnl.exe+0x0017777D, Type: Inline - RelativeJump 0x8064E77D-->8064E779 [ntoskrnl.exe]
ntoskrnl.exe+0x001777E2, Type: Inline - RelativeJump 0x8064E7E2-->8064E8D2 [ntoskrnl.exe]
ntoskrnl.exe+0x001777E8, Type: Inline - RelativeCall 0x8064E7E8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00177AAC, Type: Inline - RelativeJump 0x8064EAAC-->8064EAB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00177B0A, Type: Inline - RelativeJump 0x8064EB0A-->8064EB10 [ntoskrnl.exe]
ntoskrnl.exe+0x00177B61, Type: Inline - RelativeJump 0x8064EB61-->8064EB6A [ntoskrnl.exe]
ntoskrnl.exe+0x00177C2D, Type: Inline - PushRet 0x8064EC2D-->90CC0008 [unknown_code_page]
ntoskrnl.exe+0x00177CD8, Type: Inline - RelativeCall 0x8064ECD8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00177D23, Type: Inline - RelativeCall 0x8064ED23-->80572BDF [ntoskrnl.exe]
ntoskrnl.exe+0x00177D34, Type: Inline - RelativeJump 0x8064ED34-->8064EFC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00177F31, Type: Inline - RelativeJump 0x8064EF31-->8064EF50 [ntoskrnl.exe]
ntoskrnl.exe+0x00177F42, Type: Inline - RelativeJump 0x8064EF42-->89FFE929 [unknown_code_page]
ntoskrnl.exe+0x00178014, Type: Inline - RelativeJump 0x8064F014-->8064F01A [ntoskrnl.exe]
ntoskrnl.exe+0x001780B2, Type: Inline - RelativeJump 0x8064F0B2-->8064F0C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001780D4, Type: Inline - RelativeJump 0x8064F0D4-->8064F0E0 [ntoskrnl.exe]
ntoskrnl.exe+0x001782B6, Type: Inline - RelativeJump 0x8064F2B6-->8064F30A [ntoskrnl.exe]
ntoskrnl.exe+0x001782C8, Type: Inline - RelativeJump 0x8064F2C8-->8064F30A [ntoskrnl.exe]
ntoskrnl.exe+0x001783C9, Type: Inline - RelativeJump 0x8064F3C9-->806DB6CF [ntoskrnl.exe]
ntoskrnl.exe+0x001785E0, Type: Inline - RelativeJump 0x8064F5E0-->8064F5EE [ntoskrnl.exe]
ntoskrnl.exe+0x0017883F, Type: Inline - RelativeJump 0x8064F83F-->8064F858 [ntoskrnl.exe]
ntoskrnl.exe+0x00178885, Type: Inline - RelativeJump 0x8064F885-->8064F86F [ntoskrnl.exe]
ntoskrnl.exe+0x00178E01, Type: Inline - RelativeJump 0x8064FE01-->8064FE1F [ntoskrnl.exe]
ntoskrnl.exe+0x00178E94, Type: Inline - RelativeCall 0x8064FE94-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00178E9A, Type: Inline - RelativeJump 0x8064FE9A-->8064FEAE [ntoskrnl.exe]
ntoskrnl.exe+0x00178EA8, Type: Inline - RelativeCall 0x8064FEA8-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00178EAF, Type: Inline - PushRet 0x8064FEAF-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00178EC4, Type: Inline - PushRet 0x8064FEC4-->90900014 [unknown_code_page]
ntoskrnl.exe+0x00178EDA, Type: Inline - PushRet 0x8064FEDA-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x00178EEE, Type: Inline - PushRet 0x8064FEEE-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00178F36, Type: Inline - RelativeJump 0x8064FF36-->8064FFE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00178F6C, Type: Inline - RelativeJump 0x8064FF6C-->8065019E [ntoskrnl.exe]
ntoskrnl.exe+0x00179069, Type: Inline - RelativeCall 0x80650069-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00179071, Type: Inline - RelativeJump 0x80650071-->80650091 [ntoskrnl.exe]
ntoskrnl.exe+0x0017907C, Type: Inline - RelativeJump 0x8065007C-->8065003E [ntoskrnl.exe]
ntoskrnl.exe+0x0017949B, Type: Inline - RelativeJump 0x8065049B-->806504D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0017963B, Type: Inline - RelativeJump 0x8065063B-->80650698 [ntoskrnl.exe]
ntoskrnl.exe+0x00179652, Type: Inline - RelativeJump 0x80650652-->80650668 [ntoskrnl.exe]
ntoskrnl.exe+0x001796DA, Type: Inline - PushRet 0x806506DA-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001796DB, Type: Inline - RelativeJump 0x806506DB-->806506CE [ntoskrnl.exe]
ntoskrnl.exe+0x001797AC, Type: Inline - RelativeJump 0x806507AC-->806507AE [ntoskrnl.exe]
ntoskrnl.exe+0x001797C5, Type: Inline - PushRet 0x806507C5-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00179807, Type: Inline - RelativeJump 0x80650807-->80650815 [ntoskrnl.exe]
ntoskrnl.exe+0x00179876, Type: Inline - RelativeCall 0x80650876-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x00179882, Type: Inline - RelativeJump 0x80650882-->806508B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001799AF, Type: Inline - RelativeCall 0x806509AF-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00179AB9, Type: Inline - RelativeJump 0x80650AB9-->80650AEA [ntoskrnl.exe]
ntoskrnl.exe+0x00179B2A, Type: Inline - RelativeCall 0x80650B2A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00179B34, Type: Inline - RelativeJump 0x80650B34-->80650B44 [ntoskrnl.exe]
ntoskrnl.exe+0x00179C59, Type: Inline - RelativeJump 0x80650C59-->80650C8C [ntoskrnl.exe]
ntoskrnl.exe+0x00179C63, Type: Inline - RelativeJump 0x80650C63-->80650C51 [ntoskrnl.exe]
ntoskrnl.exe+0x00179E10, Type: Inline - RelativeJump 0x80650E10-->80650F0A [ntoskrnl.exe]
ntoskrnl.exe+0x00179FE3, Type: Inline - RelativeCall 0x80650FE3-->804EE0B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00179FEB, Type: Inline - RelativeCall 0x80650FEB-->804F6EB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00179FF5, Type: Inline - RelativeJump 0x80650FF5-->80651013 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A078, Type: Inline - RelativeCall 0x80651078-->80615E00 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A07E, Type: Inline - RelativeJump 0x8065107E-->806510BC [ntoskrnl.exe]
ntoskrnl.exe+0x0017A101, Type: Inline - RelativeCall 0x80651101-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A157, Type: Inline - RelativeJump 0x80651157-->80651175 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A159, Type: Inline - RelativeCall 0x80651159-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A161, Type: Inline - RelativeJump 0x80651161-->8065117F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A17F, Type: Inline - RelativeJump 0x8065117F-->8065148D [ntoskrnl.exe]
ntoskrnl.exe+0x0017A188, Type: Inline - DirectJump 0x80651188-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0017A194, Type: Inline - RelativeJump 0x80651194-->806511B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A19E, Type: Inline - RelativeJump 0x8065119E-->80651488 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A1FB, Type: Inline - RelativeJump 0x806511FB-->80651494 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A23D, Type: Inline - RelativeJump 0x8065123D-->8065124B [ntoskrnl.exe]
ntoskrnl.exe+0x0017A243, Type: Inline - RelativeJump 0x80651243-->80651494 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A25B, Type: Inline - RelativeJump 0x8065125B-->80651269 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A353, Type: Inline - RelativeJump 0x80651353-->80651335 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A37D, Type: Inline - RelativeJump 0x8065137D-->8065138F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A39A, Type: Inline - RelativeJump 0x8065139A-->8065137C [ntoskrnl.exe]
ntoskrnl.exe+0x0017A3A2, Type: Inline - RelativeJump 0x806513A2-->806513B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A3F7, Type: Inline - RelativeJump 0x806513F7-->80651411 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A445, Type: Inline - RelativeJump 0x80651445-->8065145F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A44B, Type: Inline - RelativeJump 0x8065144B-->8065145D [ntoskrnl.exe]
ntoskrnl.exe+0x0017A45D, Type: Inline - RelativeJump 0x8065145D-->806514DC [ntoskrnl.exe]
ntoskrnl.exe+0x0017A4D1, Type: Inline - RelativeJump 0x806514D1-->E4458BFF [unknown_code_page]
ntoskrnl.exe+0x0017A61F, Type: Inline - RelativeJump 0x8065161F-->806517A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A667, Type: Inline - RelativeJump 0x80651667-->80651687 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A6B6, Type: Inline - RelativeJump 0x806516B6-->80651795 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A794, Type: Inline - RelativeJump 0x80651794-->8075DAA7 [unknown_code_page]
ntoskrnl.exe+0x0017A7CC, Type: Inline - RelativeJump 0x806517CC-->80651A10 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A8FC, Type: Inline - RelativeJump 0x806518FC-->806519D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A929, Type: Inline - RelativeJump 0x80651929-->8065193F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A92C, Type: Inline - RelativeJump 0x8065192C-->8065190E [ntoskrnl.exe]
ntoskrnl.exe+0x0017A9B1, Type: Inline - RelativeCall 0x806519B1-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AAE1, Type: Inline - RelativeCall 0x80651AE1-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AAEE, Type: Inline - RelativeJump 0x80651AEE-->80651BAE [ntoskrnl.exe]
ntoskrnl.exe+0x0017AB2C, Type: Inline - RelativeCall 0x80651B2C-->804DB4B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AC65, Type: Inline - PushRet 0x80651C65-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x0017ACEB, Type: Inline - RelativeJump 0x80651CEB-->80651CF0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017ACFA, Type: Inline - RelativeJump 0x80651CFA-->80651D00 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AD10, Type: Inline - RelativeJump 0x80651D10-->80651D5D [ntoskrnl.exe]
ntoskrnl.exe+0x0017AE74, Type: Inline - PushRet 0x80651E74-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0017B0FD, Type: Inline - RelativeJump 0x806520FD-->80652113 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B140, Type: Inline - RelativeJump 0x80652140-->80652155 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B14A, Type: Inline - RelativeJump 0x8065214A-->8065233B [ntoskrnl.exe]
ntoskrnl.exe+0x0017B1A6, Type: Inline - RelativeJump 0x806521A6-->8065226D [ntoskrnl.exe]
ntoskrnl.exe+0x0017B1B6, Type: Inline - RelativeJump 0x806521B6-->80652275 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B250, Type: Inline - RelativeJump 0x80652250-->806521B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B268, Type: Inline - RelativeJump 0x80652268-->80652279 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B274, Type: Inline - RelativeCall 0x80652274-->805A4B2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017B27C, Type: Inline - RelativeJump 0x8065227C-->80652339 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B2A8, Type: Inline - RelativeJump 0x806522A8-->8065210E [ntoskrnl.exe]
ntoskrnl.exe+0x0017B2B5, Type: Inline - RelativeJump 0x806522B5-->80652302 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B3B5, Type: Inline - RelativeCall 0x806523B5-->80652524 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B3F0, Type: Inline - RelativeJump 0x806523F0-->80652414 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B448, Type: Inline - RelativeJump 0x80652448-->806524CC [ntoskrnl.exe]
ntoskrnl.exe+0x0017B48E, Type: Inline - RelativeCall 0x8065248E-->80652DA4 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B494, Type: Inline - RelativeJump 0x80652494-->8065249F [ntoskrnl.exe]
ntoskrnl.exe+0x0017B4E5, Type: Inline - RelativeJump 0x806524E5-->80652503 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B4F1, Type: Inline - RelativeJump 0x806524F1-->806524FF [ntoskrnl.exe]
ntoskrnl.exe+0x0017B541, Type: Inline - RelativeJump 0x80652541-->88B2B138 [unknown_code_page]
ntoskrnl.exe+0x0017B5CF, Type: Inline - RelativeJump 0x806525CF-->8065262A [ntoskrnl.exe]
ntoskrnl.exe+0x0017B6A5, Type: Inline - RelativeJump 0x806526A5-->806526A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BB47, Type: Inline - RelativeJump 0x80652B47-->80652B63 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BB88, Type: Inline - RelativeJump 0x80652B88-->80652B96 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BE72, Type: Inline - RelativeJump 0x80652E72-->80652E84 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BFF0, Type: Inline - RelativeCall 0x80652FF0-->80652E26 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C377, Type: Inline - RelativeCall 0x80653377-->804DA88D [ntoskrnl.exe]
ntoskrnl.exe+0x0017C390, Type: Inline - RelativeJump 0x80653390-->8065339C [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4CD, Type: Inline - RelativeCall 0x806534CD-->8065292E [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4D6, Type: Inline - RelativeCall 0x806534D6-->806526EE [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4DF, Type: Inline - RelativeJump 0x806534DF-->80653538 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C525, Type: Inline - RelativeCall 0x80653525-->80652E26 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C72C, Type: Inline - RelativeJump 0x8065372C-->80653795 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C730, Type: Inline - RelativeJump 0x80653730-->80653799 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C73B, Type: Inline - RelativeJump 0x8065373B-->8065377B [ntoskrnl.exe]
ntoskrnl.exe+0x0017C78C, Type: Inline - RelativeJump 0x8065378C-->8065379A [ntoskrnl.exe]
ntoskrnl.exe+0x0017C881, Type: Inline - RelativeJump 0x80653881-->80653897 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C9FD, Type: Inline - RelativeJump 0x806539FD-->80653A4F [ntoskrnl.exe]
ntoskrnl.exe+0x0017CAA2, Type: Inline - RelativeJump 0x80653AA2-->80653AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017CAE4, Type: Inline - RelativeCall 0x80653AE4-->8065384B [ntoskrnl.exe]
ntoskrnl.exe+0x0017CD98, Type: Inline - PushRet 0x80653D98-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0017CEA4, Type: Inline - RelativeJump 0x80653EA4-->80653E35 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D020, Type: Inline - RelativeJump 0x80654020-->80654080 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D13D, Type: Inline - RelativeJump 0x8065413D-->806541B7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D3AF, Type: Inline - RelativeJump 0x806543AF-->80654641 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D3B5, Type: Inline - RelativeCall 0x806543B5-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D530, Type: Inline - RelativeCall 0x80654530-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D561, Type: Inline - RelativeCall 0x80654561-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D613, Type: Inline - RelativeJump 0x80654613-->8065462D [ntoskrnl.exe]
ntoskrnl.exe+0x0017D628, Type: Inline - RelativeJump 0x80654628-->80654642 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D630, Type: Inline - RelativeJump 0x80654630-->8065468F [ntoskrnl.exe]
ntoskrnl.exe+0x0017D680, Type: Inline - RelativeCall 0x80654680-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DDB8, Type: Inline - RelativeCall 0x80654DB8-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DDCA, Type: Inline - RelativeCall 0x80654DCA-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE37, Type: Inline - RelativeCall 0x80654E37-->805B779D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE3C, Type: Inline - RelativeJump 0x80654E3C-->80654F2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE4C, Type: Inline - RelativeCall 0x80654E4C-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE5E, Type: Inline - RelativeCall 0x80654E5E-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE7E, Type: Inline - RelativeCall 0x80654E7E-->805B779D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE83, Type: Inline - RelativeJump 0x80654E83-->80654F2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE93, Type: Inline - RelativeJump 0x80654E93-->80654DA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DEC7, Type: Inline - RelativeJump 0x80654EC7-->80654F31 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DF25, Type: Inline - RelativeJump 0x80654F25-->80654F31 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DF33, Type: Inline - RelativeCall 0x80654F33-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DFBA, Type: Inline - RelativeJump 0x80654FBA-->80654FC6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DFD1, Type: Inline - RelativeJump 0x80654FD1-->80654FDA [ntoskrnl.exe]
ntoskrnl.exe+0x0017E012, Type: Inline - RelativeJump 0x80655012-->8065501C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E02E, Type: Inline - RelativeJump 0x8065502E-->8065503C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E040, Type: Inline - RelativeJump 0x80655040-->8065504C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E052, Type: Inline - RelativeJump 0x80655052-->80655058 [ntoskrnl.exe]
ntoskrnl.exe+0x0017E238, Type: Inline - RelativeJump 0x80655238-->8065521E [ntoskrnl.exe]
ntoskrnl.exe+0x0017E2C5, Type: Inline - RelativeJump 0x806552C5-->806552CF [ntoskrnl.exe]
ntoskrnl.exe+0x0017E2CC, Type: Inline - RelativeJump 0x806552CC-->806552D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017E6F2, Type: Inline - RelativeJump 0x806556F2-->80655764 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EA95, Type: Inline - RelativeJump 0x80655A95-->80655AB3 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EAA8, Type: Inline - RelativeJump 0x80655AA8-->80655AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB38, Type: Inline - RelativeJump 0x80655B38-->80655B5E [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB43, Type: Inline - RelativeJump 0x80655B43-->80655B5B [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB51, Type: Inline - RelativeJump 0x80655B51-->80655B8C [ntoskrnl.exe]
ntoskrnl.exe+0x0017F144, Type: Inline - RelativeCall 0x80656144-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F23B, Type: Inline - RelativeCall 0x8065623B-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F243, Type: Inline - RelativeJump 0x80656243-->8065629E [ntoskrnl.exe]
ntoskrnl.exe+0x0017F336, Type: Inline - RelativeJump 0x80656336-->8065634C [ntoskrnl.exe]
ntoskrnl.exe+0x0017F33E, Type: Inline - RelativeCall 0x8065633E-->80570313 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F433, Type: Inline - RelativeCall 0x80656433-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F43C, Type: Inline - RelativeJump 0x8065643C-->80656487 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F441, Type: Inline - RelativeJump 0x80656441-->80656442 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F45D, Type: Inline - RelativeJump 0x8065645D-->80656472 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F51B, Type: Inline - RelativeJump 0x8065651B-->8065651D [ntoskrnl.exe]
ntoskrnl.exe+0x0017F54F, Type: Inline - RelativeJump 0x8065654F-->80656572 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F5F6, Type: Inline - RelativeCall 0x806565F6-->80655083 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F5FC, Type: Inline - RelativeJump 0x806565FC-->80656644 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F70C, Type: Inline - RelativeJump 0x8065670C-->8065670E [ntoskrnl.exe]
ntoskrnl.exe+0x0017F71C, Type: Inline - RelativeCall 0x8065671C-->80655083 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F8C9, Type: Inline - RelativeCall 0x806568C9-->8065C0F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017FDAD, Type: Inline - RelativeJump 0x80656DAD-->80656F3A [ntoskrnl.exe]
ntoskrnl.exe+0x0018009F, Type: Inline - RelativeJump 0x8065709F-->806570C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001800A6, Type: Inline - RelativeJump 0x806570A6-->80657063 [ntoskrnl.exe]
ntoskrnl.exe+0x00180154, Type: Inline - RelativeJump 0x80657154-->80657162 [ntoskrnl.exe]
ntoskrnl.exe+0x001801BD, Type: Inline - RelativeJump 0x806571BD-->80657242 [ntoskrnl.exe]
ntoskrnl.exe+0x001802E0, Type: Inline - RelativeJump 0x806572E0-->806572F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0018030C, Type: Inline - RelativeJump 0x8065730C-->80657312 [ntoskrnl.exe]
ntoskrnl.exe+0x00180328, Type: Inline - RelativeJump 0x80657328-->8065732E [ntoskrnl.exe]
ntoskrnl.exe+0x00180593, Type: Inline - RelativeCall 0x80657593-->8057FCE0 [ntoskrnl.exe]
ntoskrnl.exe+0x0018062C, Type: Inline - RelativeJump 0x8065762C-->80657638 [ntoskrnl.exe]
ntoskrnl.exe+0x0018063A, Type: Inline - RelativeJump 0x8065763A-->80657640 [ntoskrnl.exe]
ntoskrnl.exe+0x0018074D, Type: Inline - RelativeJump 0x8065774D-->8065775D [ntoskrnl.exe]
ntoskrnl.exe+0x0018075A, Type: Inline - RelativeJump 0x8065775A-->80657769 [ntoskrnl.exe]
ntoskrnl.exe+0x00180890, Type: Inline - RelativeCall 0x80657890-->804E3BED [ntoskrnl.exe]
ntoskrnl.exe+0x0018089C, Type: Inline - RelativeJump 0x8065789C-->80657960 [ntoskrnl.exe]
ntoskrnl.exe+0x00180A2A, Type: Inline - RelativeCall 0x80657A2A-->805DE2C1 [ntoskrnl.exe]
ntoskrnl.exe+0x00180A39, Type: Inline - RelativeJump 0x80657A39-->80657C28 [ntoskrnl.exe]
ntoskrnl.exe+0x00180BE0, Type: Inline - RelativeJump 0x80657BE0-->80657C5C [ntoskrnl.exe]
ntoskrnl.exe+0x00180C0E, Type: Inline - RelativeJump 0x80657C0E-->80657C28 [ntoskrnl.exe]
ntoskrnl.exe+0x00180C4F, Type: Inline - RelativeJump 0x80657C4F-->80657C4D [ntoskrnl.exe]
ntoskrnl.exe+0x00180CBC, Type: Inline - RelativeJump 0x80657CBC-->80657CC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00180FE6, Type: Inline - RelativeCall 0x80657FE6-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0018107A, Type: Inline - RelativeJump 0x8065807A-->8065817D [ntoskrnl.exe]
ntoskrnl.exe+0x00181082, Type: Inline - RelativeCall 0x80658082-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00181092, Type: Inline - RelativeCall 0x80658092-->80572F19 [ntoskrnl.exe]
ntoskrnl.exe+0x0018115E, Type: Inline - RelativeJump 0x8065815E-->80658128 [ntoskrnl.exe]
ntoskrnl.exe+0x00181232, Type: Inline - RelativeJump 0x80658232-->80658238 [ntoskrnl.exe]
ntoskrnl.exe+0x00181778, Type: Inline - RelativeCall 0x80658778-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x001817D8, Type: Inline - RelativeJump 0x806587D8-->806587EE [ntoskrnl.exe]
ntoskrnl.exe+0x00181986, Type: Inline - RelativeCall 0x80658986-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0018198B, Type: Inline - RelativeJump 0x8065898B-->80658A7F [ntoskrnl.exe]
ntoskrnl.exe+0x001819E0, Type: Inline - RelativeCall 0x806589E0-->805DAB3E [ntoskrnl.exe]
ntoskrnl.exe+0x001819EB, Type: Inline - RelativeJump 0x806589EB-->80658A75 [ntoskrnl.exe]
ntoskrnl.exe+0x00181A3B, Type: Inline - RelativeJump 0x80658A3B-->80658A48 [ntoskrnl.exe]
ntoskrnl.exe+0x00181A54, Type: Inline - RelativeJump 0x80658A54-->80658A7E [ntoskrnl.exe]
ntoskrnl.exe+0x00181B62, Type: Inline - RelativeJump 0x80658B62-->80658B68 [ntoskrnl.exe]
ntoskrnl.exe+0x00181B6A, Type: Inline - RelativeJump 0x80658B6A-->80658B74 [ntoskrnl.exe]
ntoskrnl.exe+0x00181FF9, Type: Inline - RelativeCall 0x80658FF9-->80572F19 [ntoskrnl.exe]
ntoskrnl.exe+0x00182006, Type: Inline - RelativeJump 0x80659006-->8065933D [ntoskrnl.exe]
ntoskrnl.exe+0x0018200E, Type: Inline - RelativeJump 0x8065900E-->8065933D [ntoskrnl.exe]
ntoskrnl.exe+0x00182086, Type: Inline - RelativeJump 0x80659086-->806594C5 [ntoskrnl.exe]
ntoskrnl.exe+0x00182224, Type: Inline - RelativeCall 0x80659224-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001823DA, Type: Inline - RelativeCall 0x806593DA-->80657362 [ntoskrnl.exe]
ntoskrnl.exe+0x001823EE, Type: Inline - RelativeJump 0x806593EE-->806594C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001824D1, Type: Inline - RelativeJump 0x806594D1-->80658EB4 [ntoskrnl.exe]
ntoskrnl.exe+0x001824E6, Type: Inline - RelativeJump 0x806594E6-->806594F4 [ntoskrnl.exe]
ntoskrnl.exe+0x001824F0, Type: Inline - RelativeJump 0x806594F0-->806594F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00182582, Type: Inline - RelativeJump 0x80659582-->80659590 [ntoskrnl.exe]
ntoskrnl.exe+0x00182676, Type: Inline - RelativeJump 0x80659676-->8065967C [ntoskrnl.exe]
ntoskrnl.exe+0x0018268A, Type: Inline - RelativeJump 0x8065968A-->80659698 [ntoskrnl.exe]
ntoskrnl.exe+0x001826D0, Type: Inline - RelativeJump 0x806596D0-->806596DC [ntoskrnl.exe]
ntoskrnl.exe+0x001826DE, Type: Inline - RelativeJump 0x806596DE-->806596E8 [ntoskrnl.exe]
ntoskrnl.exe+0x00182716, Type: Inline - RelativeJump 0x80659716-->8065971C [ntoskrnl.exe]
ntoskrnl.exe+0x00182744, Type: Inline - RelativeJump 0x80659744-->8065974A [ntoskrnl.exe]
ntoskrnl.exe+0x0018274E, Type: Inline - RelativeJump 0x8065974E-->80659756 [ntoskrnl.exe]
ntoskrnl.exe+0x00182752, Type: Inline - RelativeJump 0x80659752-->8065975E [ntoskrnl.exe]
ntoskrnl.exe+0x0018279D, Type: Inline - RelativeJump 0x8065979D-->806597AE [ntoskrnl.exe]
ntoskrnl.exe+0x0018280E, Type: Inline - RelativeJump 0x8065980E-->80659814 [ntoskrnl.exe]
ntoskrnl.exe+0x00182810, Type: Inline - RelativeJump 0x80659810-->80659816 [ntoskrnl.exe]
ntoskrnl.exe+0x00182814, Type: Inline - RelativeJump 0x80659814-->8065981A [ntoskrnl.exe]
ntoskrnl.exe+0x00182819, Type: Inline - RelativeJump 0x80659819-->80659830 [ntoskrnl.exe]
ntoskrnl.exe+0x0018282C, Type: Inline - RelativeJump 0x8065982C-->80659832 [ntoskrnl.exe]
ntoskrnl.exe+0x0018282E, Type: Inline - RelativeJump 0x8065982E-->80659834 [ntoskrnl.exe]
ntoskrnl.exe+0x0018287A, Type: Inline - RelativeJump 0x8065987A-->80659880 [ntoskrnl.exe]
ntoskrnl.exe+0x00182A90, Type: Inline - RelativeJump 0x80659A90-->80659B03 [ntoskrnl.exe]
ntoskrnl.exe+0x00182A97, Type: Inline - RelativeJump 0x80659A97-->80659AC4 [ntoskrnl.exe]
ntoskrnl.exe+0x00182AA0, Type: Inline - RelativeJump 0x80659AA0-->80659AC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00182BA8, Type: Inline - RelativeCall 0x80659BA8-->8065BE17 [ntoskrnl.exe]
ntoskrnl.exe+0x00182C4A, Type: Inline - RelativeJump 0x80659C4A-->80659CD5 [ntoskrnl.exe]
ntoskrnl.exe+0x00182C6D, Type: Inline - RelativeCall 0x80659C6D-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x00182DA4, Type: Inline - RelativeJump 0x80659DA4-->80659D52 [ntoskrnl.exe]
ntoskrnl.exe+0x00183127, Type: Inline - RelativeJump 0x8065A127-->8065A14A [ntoskrnl.exe]
ntoskrnl.exe+0x0018338C, Type: Inline - RelativeJump 0x8065A38C-->8065A3A6 [ntoskrnl.exe]
ntoskrnl.exe+0x00183892, Type: Inline - RelativeJump 0x8065A892-->8065A8A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0018389F, Type: Inline - RelativeCall 0x8065A89F-->80578B44 [ntoskrnl.exe]
ntoskrnl.exe+0x001838D7, Type: Inline - RelativeJump 0x8065A8D7-->8065A8EB [ntoskrnl.exe]
ntoskrnl.exe+0x001838E8, Type: Inline - RelativeJump 0x8065A8E8-->8065A8F6 [ntoskrnl.exe]
ntoskrnl.exe+0x001839C8, Type: Inline - RelativeJump 0x8065A9C8-->8065A9DE [ntoskrnl.exe]
ntoskrnl.exe+0x00183A6C, Type: Inline - RelativeCall 0x8065AA6C-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00183A7B, Type: Inline - RelativeJump 0x8065AA7B-->8065AA93 [ntoskrnl.exe]
ntoskrnl.exe+0x00183BDD, Type: Inline - RelativeJump 0x8065ABDD-->8065AD17 [ntoskrnl.exe]
ntoskrnl.exe+0x00183D5B, Type: Inline - DirectCall 0x8065AD5B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00183DF4, Type: Inline - PushRet 0x8065ADF4-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00183F0D, Type: Inline - RelativeJump 0x8065AF0D-->8065AED0 [ntoskrnl.exe]
ntoskrnl.exe+0x00183F92, Type: Inline - RelativeJump 0x8065AF92-->8065AECC [ntoskrnl.exe]
ntoskrnl.exe+0x001841A4, Type: Inline - PushRet 0x8065B1A4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x001845BF, Type: Inline - RelativeJump 0x8065B5BF-->8065B595 [ntoskrnl.exe]
ntoskrnl.exe+0x00184877, Type: Inline - RelativeJump 0x8065B877-->8065BC95 [ntoskrnl.exe]
ntoskrnl.exe+0x00184882, Type: Inline - RelativeJump 0x8065B882-->8065BC95 [ntoskrnl.exe]
ntoskrnl.exe+0x0018488D, Type: Inline - RelativeCall 0x8065B88D-->8065E63B [ntoskrnl.exe]
ntoskrnl.exe+0x001849D2, Type: Inline - RelativeJump 0x8065B9D2-->8065BC9A [ntoskrnl.exe]
ntoskrnl.exe+0x001849D9, Type: Inline - RelativeJump 0x8065B9D9-->8065BC9A [ntoskrnl.exe]
ntoskrnl.exe+0x001849E3, Type: Inline - RelativeJump 0x8065B9E3-->8065BAD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00184AF5, Type: Inline - RelativeJump 0x8065BAF5-->8065BAFD [ntoskrnl.exe]
ntoskrnl.exe+0x00184B61, Type: Inline - RelativeCall 0x8065BB61-->8065C87D [ntoskrnl.exe]
ntoskrnl.exe+0x00184B6B, Type: Inline - RelativeJump 0x8065BB6B-->8065BB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00184BDC, Type: Inline - RelativeJump 0x8065BBDC-->8065BC5B [ntoskrnl.exe]
ntoskrnl.exe+0x00184E8E, Type: Inline - DirectCall 0x8065BE8E-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00185218, Type: Inline - RelativeCall 0x8065C218-->805868A3 [ntoskrnl.exe]
ntoskrnl.exe+0x00185296, Type: Inline - RelativeCall 0x8065C296-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001853DB, Type: Inline - RelativeJump 0x8065C3DB-->8065C45C [ntoskrnl.exe]
ntoskrnl.exe+0x001853F0, Type: Inline - RelativeCall 0x8065C3F0-->80659D18 [ntoskrnl.exe]
ntoskrnl.exe+0x001853F7, Type: Inline - RelativeJump 0x8065C3F7-->8065C30B [ntoskrnl.exe]
ntoskrnl.exe+0x00185477, Type: Inline - RelativeJump 0x8065C477-->8065C48E [ntoskrnl.exe]
ntoskrnl.exe+0x0018560F, Type: Inline - RelativeJump 0x8065C60F-->8065C693 [ntoskrnl.exe]
ntoskrnl.exe+0x001859FC, Type: Inline - RelativeJump 0x8065C9FC-->8065C963 [ntoskrnl.exe]
ntoskrnl.exe+0x00185BE4, Type: Inline - RelativeCall 0x8065CBE4-->8058621A [ntoskrnl.exe]
ntoskrnl.exe+0x00185BE9, Type: Inline - RelativeJump 0x8065CBE9-->8065CBCF [ntoskrnl.exe]
ntoskrnl.exe+0x00185C16, Type: Inline - RelativeJump 0x8065CC16-->8065CC24 [ntoskrnl.exe]
ntoskrnl.exe+0x00185E42, Type: Inline - RelativeCall 0x8065CE42-->805702E9 [ntoskrnl.exe]
ntoskrnl.exe+0x00185E4B, Type: Inline - RelativeJump 0x8065CE4B-->8065CE60 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F3B, Type: Inline - RelativeCall 0x8065CF3B-->805D6BA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F4C, Type: Inline - RelativeJump 0x8065CF4C-->8065D074 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F5E, Type: Inline - RelativeJump 0x8065CF5E-->8065CF48 [ntoskrnl.exe]
ntoskrnl.exe+0x00185FED, Type: Inline - RelativeJump 0x8065CFED-->8065D000 [ntoskrnl.exe]
ntoskrnl.exe+0x00186029, Type: Inline - RelativeJump 0x8065D029-->8065CFCC [ntoskrnl.exe]
ntoskrnl.exe+0x0018603D, Type: Inline - RelativeJump 0x8065D03D-->8065D007 [ntoskrnl.exe]
ntoskrnl.exe+0x00186145, Type: Inline - RelativeCall 0x8065D145-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0018614A, Type: Inline - RelativeCall 0x8065D14A-->80585F2E [ntoskrnl.exe]
ntoskrnl.exe+0x00186155, Type: Inline - PushRet 0x8065D155-->CC900004 [unknown_code_page]
ntoskrnl.exe+0x00186282, Type: Inline - RelativeJump 0x8065D282-->8065D28F [ntoskrnl.exe]
ntoskrnl.exe+0x0018638B, Type: Inline - RelativeJump 0x8065D38B-->8065D3B3 [ntoskrnl.exe]
ntoskrnl.exe+0x001863C4, Type: Inline - RelativeJump 0x8065D3C4-->8065D3F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0018653D, Type: Inline - RelativeCall 0x8065D53D-->8065EA3F [ntoskrnl.exe]
ntoskrnl.exe+0x00186974, Type: Inline - RelativeCall 0x8065D974-->805702E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0018697A, Type: Inline - RelativeJump 0x8065D97A-->8065D98B [ntoskrnl.exe]
ntoskrnl.exe+0x00186A55, Type: Inline - RelativeCall 0x8065DA55-->8065F02B [ntoskrnl.exe]
ntoskrnl.exe+0x00186B33, Type: Inline - RelativeJump 0x8065DB33-->8065DB49 [ntoskrnl.exe]
ntoskrnl.exe+0x00186BE6, Type: Inline - RelativeCall 0x8065DBE6-->8065EDD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00186BF6, Type: Inline - RelativeJump 0x8065DBF6-->8065DC09 [ntoskrnl.exe]
ntoskrnl.exe+0x00186C33, Type: Inline - RelativeCall 0x8065DC33-->8065F02B [ntoskrnl.exe]
ntoskrnl.exe+0x00186C9E, Type: Inline - RelativeCall 0x8065DC9E-->8065EA3F [ntoskrnl.exe]
ntoskrnl.exe-->atoi, Type: EAT modification 0x80684C98-->805119B4 [ntoskrnl.exe]
ntoskrnl.exe-->atol, Type: EAT modification 0x80684C9C-->805119C1 [ntoskrnl.exe]
ntoskrnl.exe-->CcCanIWrite, Type: EAT modification 0x80683714-->804F836E [ntoskrnl.exe]
ntoskrnl.exe-->CcCopyRead, Type: EAT modification 0x80683718-->8057B042 [ntoskrnl.exe]
ntoskrnl.exe-->CcCopyWrite, Type: EAT modification 0x8068371C-->804F8648 [ntoskrnl.exe]
ntoskrnl.exe-->CcDeferWrite, Type: Inline - RelativeJump 0x8052A962-->8052A986 [ntoskrnl.exe]
ntoskrnl.exe-->CcDeferWrite, Type: EAT modification 0x80683720-->8052F7C5 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastCopyRead, Type: EAT modification 0x80683724-->8058B0E9 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastCopyWrite, Type: EAT modification 0x80683728-->80514419 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastMdlReadWait, Type: EAT modification 0x8068372C-->8055F5C4 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastReadNotPossible, Type: EAT modification 0x80683730-->8055F5CC [ntoskrnl.exe]
ntoskrnl.exe-->CcFastReadWait, Type: EAT modification 0x80683734-->8055F5D4 [ntoskrnl.exe]
ntoskrnl.exe-->CcFlushCache, Type: EAT modification 0x80683738-->804ECEE7 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetDirtyPages, Type: EAT modification 0x8068373C-->804F0014 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x80683740-->8052FDB7 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x80683744-->8052FD79 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFlushedValidData, Type: EAT modification 0x80683748-->804F789F [ntoskrnl.exe]
ntoskrnl.exe-->CcGetLsnForFileObject, Type: EAT modification 0x8068374C-->8052FC00 [ntoskrnl.exe]
ntoskrnl.exe-->CcInitializeCacheMap, Type: EAT modification 0x80683750-->804F5140 [ntoskrnl.exe]
ntoskrnl.exe-->CcIsThereDirtyData, Type: EAT modification 0x80683754-->8052FB57 [ntoskrnl.exe]
ntoskrnl.exe-->CcMapData, Type: EAT modification 0x80683758-->8057BE0A [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlRead, Type: EAT modification 0x8068375C-->8061BE7D [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlReadComplete, Type: EAT modification 0x80683760-->8061C130 [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlWriteAbort, Type: EAT modification 0x80683764-->8052FF2F [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlWriteComplete, Type: EAT modification 0x80683768-->8061C175 [ntoskrnl.exe]
ntoskrnl.exe-->CcPinMappedData, Type: EAT modification 0x8068376C-->8057BFF4 [ntoskrnl.exe]
ntoskrnl.exe-->CcPinRead, Type: EAT modification 0x80683770-->8058ACDD [ntoskrnl.exe]
ntoskrnl.exe-->CcPrepareMdlWrite, Type: EAT modification 0x80683774-->8052FFE3 [ntoskrnl.exe]
ntoskrnl.exe-->CcPreparePinWrite, Type: EAT modification 0x80683778-->80572491 [ntoskrnl.exe]
ntoskrnl.exe-->CcPurgeCacheSection, Type: EAT modification 0x8068377C-->804F7D86 [ntoskrnl.exe]
ntoskrnl.exe-->CcRemapBcb, Type: EAT modification 0x80683780-->804F2AD9 [ntoskrnl.exe]
ntoskrnl.exe-->CcRepinBcb, Type: EAT modification 0x80683784-->8052F8C5 [ntoskrnl.exe]
ntoskrnl.exe-->CcScheduleReadAhead, Type: EAT modification 0x80683788-->805022CF [ntoskrnl.exe]
ntoskrnl.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x8068378C-->8050244A [ntoskrnl.exe]
ntoskrnl.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x80683790-->80572572 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x80683794-->8052FD40 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x80683798-->804EF448 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetFileSizes, Type: EAT modification 0x8068379C-->804F7592 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetLogHandleForFile, Type: EAT modification 0x806837A0-->80582D00 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x806837A4-->804F549C [ntoskrnl.exe]
ntoskrnl.exe-->CcUninitializeCacheMap, Type: EAT modification 0x806837A8-->804F5570 [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinData, Type: EAT modification 0x806837AC-->8057BDBC [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinDataForThread, Type: EAT modification 0x806837B0-->8057259C [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x806837B4-->8052FA64 [ntoskrnl.exe]
ntoskrnl.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x806837B8-->80530311 [ntoskrnl.exe]
ntoskrnl.exe-->CcZeroData, Type: EAT modification 0x806837BC-->805E656C [ntoskrnl.exe]
ntoskrnl.exe-->CmRegisterCallback, Type: EAT modification 0x806837C0-->8061C287 [ntoskrnl.exe]
ntoskrnl.exe-->CmUnRegisterCallback, Type: EAT modification 0x806837C4-->8061C1CB [ntoskrnl.exe]
ntoskrnl.exe-->DbgBreakPoint, Type: EAT modification 0x806837C8-->804E2A66 [ntoskrnl.exe]
ntoskrnl.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x806837CC-->804E2A6E [ntoskrnl.exe]
ntoskrnl.exe-->DbgLoadImageSymbols, Type: EAT modification 0x806837D0-->80506311 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrint, Type: EAT modification 0x806837D4-->80501F09 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrintEx, Type: EAT modification 0x806837D8-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrintReturnControlC, Type: EAT modification 0x806837DC-->80542E08 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrompt, Type: EAT modification 0x806837E0-->80542E7B [ntoskrnl.exe]
ntoskrnl.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x806837E4-->80542ED3 [ntoskrnl.exe]
ntoskrnl.exe-->DbgSetDebugFilterState, Type: EAT modification 0x806837E8-->80542EE8 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x80683628-->804DBE15 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: Inline - RelativeCall 0x804E35E6-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x806837EC-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x806837F0-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtection, Type: EAT modification 0x8068362C-->8056FF59 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtectionEx, Type: Inline - RelativeJump 0x8064542A-->80645437 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x80683630-->8064C8EA [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x806837F4-->804EF378 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: Inline - DirectCall 0x804E8A22-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x806837F8-->804F2B23 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x806837FC-->804E9237 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePool, Type: EAT modification 0x80683800-->8050D57A [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x80683804-->8054A97B [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x80683808-->804E8782 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x8068380C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x80683810-->804F3C7E [ntoskrnl.exe]
ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: Inline - RelativeJump 0x804FB61E-->804FB2ED [ntoskrnl.exe]
ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x80683814-->804F9ACA [ntoskrnl.exe]
ntoskrnl.exe-->ExCreateCallback, Type: EAT modification 0x80683818-->805BBD83 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x8068381C-->8054AA43 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x80683820-->8054AA98 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeleteResourceLite, Type: EAT modification 0x80683824-->804E9E92 [ntoskrnl.exe]
ntoskrnl.exe-->ExDesktopObjectType, Type: EAT modification 0x80683828-->8056A9BC [ntoskrnl.exe]
ntoskrnl.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x8068382C-->804EF3CA [ntoskrnl.exe]
ntoskrnl.exe-->ExEnumHandleTable, Type: EAT modification 0x80683830-->805E84E4 [ntoskrnl.exe]
ntoskrnl.exe-->ExEventObjectType, Type: EAT modification 0x80683834-->8056A940 [ntoskrnl.exe]
ntoskrnl.exe-->ExExtendZone, Type: EAT modification 0x80683838-->80518582 [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x80683668-->8056F374 [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockShared, Type: Inline - RelativeJump 0x8057E9EE-->8057E9FD [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x8068366C-->8056F40A [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x80683690-->804E56FC [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x80683694-->804E5708 [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x80683698-->804E56F0 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x80683670-->804E55BC [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x80683674-->804E5734 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x80683678-->804E55E8 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x8068367C-->804E5620 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x80683680-->804E568C [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x80683684-->804E56BC [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x80683688-->804E5658 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreePool, Type: EAT modification 0x8068383C-->805513D4 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreePoolWithTag, Type: EAT modification 0x80683840-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x80683844-->804E920D [ntoskrnl.exe]
ntoskrnl.exe-->ExfReleasePushLock, Type: EAT modification 0x8068368C-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x80683848-->8054ADE9 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x8068384C-->8054ADA2 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x80683850-->80549D3A [ntoskrnl.exe]
ntoskrnl.exe-->ExGetPreviousMode, Type: EAT modification 0x80683854-->8051917D [ntoskrnl.exe]
ntoskrnl.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x80683858-->80549D55 [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x806838F8-->804DC05E [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x806838FC-->804DC072 [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x80683900-->804DC04A [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x8068385C-->80508A20 [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x80683860-->805B6911 [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeResourceLite, Type: EAT modification 0x80683864-->804E9EEF [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeRundownProtection, Type: EAT modification 0x80683634-->8064C8BF [ntoskrnl.exe]

ntoskrnl.exe-->ExInitializeZone, Type: EAT modification 0x80683868-->80509C60 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x8068386C-->804DBE49 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeStatistic, Type: Inline - RelativeJump 0x804E2E1E-->804E2E2D [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x80683638-->804E55B0 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddUlong, Type: Inline - PushRet 0x804DB33B-->8BFC418D [unknown_code_page]
ntoskrnl.exe-->ExInterlockedAddUlong, Type: EAT modification 0x80683870-->804DBE9A [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x8068363C-->804E5750 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x80683874-->804DC026 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x80683878-->804DC03A [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedExtendZone, Type: EAT modification 0x8068387C-->8054AAFF [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedFlushSList, Type: EAT modification 0x80683640-->804E12FF [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x80683880-->804DC012 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x80683884-->804DBECE [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x80683888-->804DBF12 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x8068388C-->804DBFA2 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x80683644-->804E131F [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x80683890-->804DBFDA [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x80683648-->804E133F [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x80683894-->804DBF56 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x80683898-->8050BAB1 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x8068389C-->804F28C9 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x806838A0-->804EB012 [ntoskrnl.exe]
ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x806838A4-->804F9AA0 [ntoskrnl.exe]
ntoskrnl.exe-->ExNotifyCallback, Type: EAT modification 0x806838A8-->80519120 [ntoskrnl.exe]
ntoskrnl.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x806838AC-->8054A0C7 [ntoskrnl.exe]
ntoskrnl.exe-->ExQueueWorkItem, Type: EAT modification 0x806838B0-->804DA3FC [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseAccessViolation, Type: EAT modification 0x806838B4-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x806838B8-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseException, Type: EAT modification 0x806838BC-->804E310E [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseHardError, Type: EAT modification 0x806838C0-->805B25C2 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseStatus, Type: EAT modification 0x806838C4-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe-->ExRegisterCallback, Type: EAT modification 0x806838C8-->8050D0B4 [ntoskrnl.exe]
ntoskrnl.exe-->ExReinitializeResourceLite, Type: EAT modification 0x806838CC-->804FC2A7 [ntoskrnl.exe]
ntoskrnl.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x8068364C-->8064C8CF [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x80683650-->804DBE35 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x806838D0-->804EFF24 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseResourceLite, Type: EAT modification 0x80683654-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseRundownProtection, Type: EAT modification 0x80683658-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x8068365C-->8064C927 [ntoskrnl.exe]
ntoskrnl.exe-->ExRundownCompleted, Type: EAT modification 0x80683660-->80593172 [ntoskrnl.exe]
ntoskrnl.exe-->ExSemaphoreObjectType, Type: EAT modification 0x806838D4-->8056A520 [ntoskrnl.exe]
ntoskrnl.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x806838D8-->804EFC14 [ntoskrnl.exe]
ntoskrnl.exe-->ExSetTimerResolution, Type: EAT modification 0x806838DC-->8064EB8F [ntoskrnl.exe]
ntoskrnl.exe-->ExSystemExceptionFilter, Type: EAT modification 0x806838E0-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x806838E4-->805150FE [ntoskrnl.exe]
ntoskrnl.exe-->ExUnregisterCallback, Type: EAT modification 0x806838E8-->8054A9AA [ntoskrnl.exe]
ntoskrnl.exe-->ExUuidCreate, Type: EAT modification 0x806838EC-->805E9C7C [ntoskrnl.exe]
ntoskrnl.exe-->ExVerifySuite, Type: EAT modification 0x806838F0-->8050E0E8 [ntoskrnl.exe]
ntoskrnl.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x80683664-->80575BD8 [ntoskrnl.exe]
ntoskrnl.exe-->ExWindowStationObjectType, Type: EAT modification 0x806838F4-->8056A9C0 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: Inline - RelativeJump 0x80572E37-->805726BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: Inline - RelativeJump 0x80572E3F-->805726AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x80683904-->8057C4A1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x80683908-->804F7EB3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x8068390C-->80530A07 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: Inline - RelativeJump 0x805923AA-->8059248B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x80683910-->80589455 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x80683914-->805167C9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePool, Type: EAT modification 0x80683918-->80530F8B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuota, Type: Inline - RelativeCall 0x8052C192-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x8068391C-->80530FC2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x80683920-->8053102E [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x80683924-->80530FF9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocateResource, Type: EAT modification 0x80683928-->8061D709 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x8068392C-->805796A1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlBalanceReads, Type: EAT modification 0x80683930-->805BBFE2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x80683934-->804F45B3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x80683938-->804F7E6A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckOplock, Type: EAT modification 0x8068393C-->804E942F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCopyRead, Type: EAT modification 0x80683940-->8061CC31 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCopyWrite, Type: EAT modification 0x80683944-->8061CF37 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x80683948-->805318DB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x8068394C-->80579721 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x80683950-->805E5B4A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x80683954-->805D2CC5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x80683958-->8061D9A3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDissectDbcs, Type: EAT modification 0x8068395C-->8061DA38 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDissectName, Type: EAT modification 0x80683960-->8057B388 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x80683964-->8061DAE1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x80683968-->8057B89A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x8068396C-->804F7292 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x80683970-->8051657A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x80683974-->804F56F1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x80683978-->80530F4F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x8068397C-->805161EE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x80683980-->80583E5B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFreeFileLock, Type: EAT modification 0x80683984-->804FE989 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetFileSize, Type: EAT modification 0x80683988-->8057C4BB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x8068398C-->8050105B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x80683990-->804EC915 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x80683994-->805307EC [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x8068399C-->8061CC15 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x80683998-->805305EE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x806839A0-->80530605 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: Inline - RelativeJump 0x805744B9-->805744CC [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x806839A4-->80574B0D [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x806839A8-->804F7E8F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x806839AC-->804FBC9A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeMcb, Type: EAT modification 0x806839B0-->8061D6DF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeOplock, Type: Inline - RelativeJump 0x805774D6-->805774F1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeOplock, Type: EAT modification 0x806839B4-->80573E48 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x806839B8-->805D2C50 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x806839BC-->80531C0A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x806839C0-->804FBD4C [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x806839C4-->8061DB53 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x806839C8-->805898AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x806839CC-->8061DFB4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x806839D0-->8057B8D3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x806839D4-->8050A3A2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsPagingFile, Type: EAT modification 0x806839D8-->80531BEB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x806839DC-->80503910 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x806839E0-->804D8168 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x806839E4-->804ECD15 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x806839E8-->804F910E [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x806839EC-->8053069F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x806839F0-->80530791 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x806839F4-->80530A96 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x806839F8-->80531AA7 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerStreamContextInternal, Type: Inline - RelativeJump 0x804F478B-->804F479F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x806839FC-->804F383C [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlRead, Type: EAT modification 0x80683A00-->8061C6B1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x80683A04-->80530616 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x80683A08-->805305BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadDev, Type: EAT modification 0x80683A0C-->8061C4BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x80683A10-->8061D65B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x80683A14-->8061CBC3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x80683A18-->8050A3D5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x80683A1C-->8061E13B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x80683A20-->805E2B73 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x80683A24-->80587F0F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x80683A28-->8057C0FA [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: Inline - RelativeJump 0x80613817-->805A3992 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x80683A2C-->8061E173 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x80683A30-->8061E1EB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x80683A34-->8059E2D8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyReportChange, Type: Inline - RelativeJump 0x80613854-->805A3992 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x80683A38-->8061E1AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x80683A3C-->80583A91 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x80683A40-->805AB55A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x80683A44-->804F91C1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x80683A48-->805307D7 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x80683A4C-->805DCF14 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x80683A50-->8056FE85 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x80683A54-->80531DEB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x80683A58-->80531DC8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x80683A5C-->8061CB3B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWriteDev, Type: Inline - RelativeJump 0x80611E23-->805B0BE8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x80683A60-->8061C73B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrivateLock, Type: EAT modification 0x80683A64-->80515DBA [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlProcessFileLock, Type: EAT modification 0x80683A68-->80500AC5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x80683A6C-->805106E9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x80683A70-->805D9792 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlReleaseFile, Type: EAT modification 0x80683A74-->8057C368 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x80683A78-->804FD588 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x80683A7C-->80530A30 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x80683A80-->80531B40 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x80683A84-->80515B69 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x80683A88-->804ECA20 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: Inline - RelativeJump 0x8052BA0D-->804FC4C0 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: Inline - RelativeJump 0x8052BA12-->804EB229 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x80683A8C-->8053085B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSyncVolumes, Type: EAT modification 0x80683A90-->8061D74B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x80683A94-->8057C788 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x80683A98-->804F8FCB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateMcb, Type: Inline - RelativeCall 0x8052BB9C-->80543CCE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateMcb, Type: EAT modification 0x80683A9C-->805309E4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x80683AA0-->804F99DB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x80683AA4-->804FC309 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x80683AA8-->8061D6F4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x80683AAC-->804FC261 [ntoskrnl.exe]
ntoskrnl.exe-->HalDispatchTable, Type: EAT modification 0x80683AB0-->80553038 [ntoskrnl.exe]
ntoskrnl.exe-->HalExamineMBR, Type: EAT modification 0x8068369C-->8050D44B [ntoskrnl.exe]
ntoskrnl.exe-->HalPrivateDispatchTable, Type: EAT modification 0x80683AB4-->80553090 [ntoskrnl.exe]
ntoskrnl.exe-->HeadlessDispatch, Type: EAT modification 0x80683AB8-->8050D2F8 [ntoskrnl.exe]
ntoskrnl.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x80683ABC-->805321FF [ntoskrnl.exe]
ntoskrnl.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x80683AC0-->8050B508 [ntoskrnl.exe]
ntoskrnl.exe-->InbvDisplayString, Type: EAT modification 0x80683AC4-->8050D350 [ntoskrnl.exe]
ntoskrnl.exe-->InbvEnableBootDriver, Type: EAT modification 0x80683AC8-->8050D212 [ntoskrnl.exe]
ntoskrnl.exe-->InbvEnableDisplayString, Type: EAT modification 0x80683ACC-->8050D527 [ntoskrnl.exe]
ntoskrnl.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x80683AD0-->805108B4 [ntoskrnl.exe]
ntoskrnl.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x80683AD4-->80532022 [ntoskrnl.exe]
ntoskrnl.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x80683AD8-->8050C222 [ntoskrnl.exe]
ntoskrnl.exe-->InbvResetDisplay, Type: EAT modification 0x80683ADC-->80532033 [ntoskrnl.exe]
ntoskrnl.exe-->InbvSetScrollRegion, Type: EAT modification 0x80683AE0-->8053225F [ntoskrnl.exe]
ntoskrnl.exe-->InbvSetTextColor, Type: EAT modification 0x80683AE4-->80532143 [ntoskrnl.exe]
ntoskrnl.exe-->InbvSolidColorFill, Type: EAT modification 0x80683AE8-->805320B7 [ntoskrnl.exe]
ntoskrnl.exe-->InitSafeBootMode, Type: EAT modification 0x80683AEC-->80560880 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedCompareExchange, Type: EAT modification 0x806836A0-->804E5728 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedDecrement, Type: EAT modification 0x806836A4-->804E571C [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedExchange, Type: EAT modification 0x806836A8-->804E5708 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedExchangeAdd, Type: EAT modification 0x806836AC-->804E576C [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedIncrement, Type: EAT modification 0x806836B0-->804E5710 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedPopEntrySList, Type: EAT modification 0x806836B4-->804E131F [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedPushEntrySList, Type: EAT modification 0x806836B8-->804E1343 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x80683AF0-->804E81D7 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x80683AF4-->804EAD26 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x80683AF8-->805058D0 [ntoskrnl.exe]
ntoskrnl.exe-->IoAdapterObjectType, Type: EAT modification 0x80683AFC-->80560D70 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x80683B00-->80518C16 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateController, Type: EAT modification 0x80683B04-->80509230 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x80683B08-->8050999B [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x80683B0C-->8050BB6D [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateIrp, Type: EAT modification 0x80683B10-->804EAFBD [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateMdl, Type: EAT modification 0x80683B14-->804EDDB1 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateWorkItem, Type: EAT modification 0x80683B18-->804FEBBD [ntoskrnl.exe]
ntoskrnl.exe-->IoAssignDriveLetters, Type: EAT modification 0x806836BC-->805C079D [ntoskrnl.exe]
ntoskrnl.exe-->IoAssignResources, Type: EAT modification 0x80683B1C-->80624B37 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDevice, Type: EAT modification 0x80683B20-->80621101 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceByPointer, Type: Inline - DirectCall 0x8052E337-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x80683B24-->80532CD0 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: Inline - RelativeCall 0x8050BB8F-->8050BBA2 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x80683B28-->80506BF6 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x80683B2C-->80508EA3 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x80683B30-->804FC59C [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x80683B34-->80518674 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildPartialMdl, Type: EAT modification 0x80683B38-->804EE132 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x80683B3C-->80518DB9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCallDriver, Type: EAT modification 0x80683B40-->80532862 [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelFileOpen, Type: Inline - RelativeJump 0x806164B9-->806164DE [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelFileOpen, Type: EAT modification 0x80683B44-->80620DF9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelIrp, Type: EAT modification 0x80683B48-->805184C1 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckDesiredAccess, Type: EAT modification 0x80683B4C-->8061FF83 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x80683B50-->8059E280 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckFunctionAccess, Type: EAT modification 0x80683B54-->805EB34E [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x80683B58-->80532379 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x80683B5C-->805323C3 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x80683B60-->8061FFC4 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckShareAccess, Type: EAT modification 0x80683B64-->8057B23E [ntoskrnl.exe]
ntoskrnl.exe-->IoCompleteRequest, Type: EAT modification 0x80683B68-->80532881 [ntoskrnl.exe]
ntoskrnl.exe-->IoConnectInterrupt, Type: EAT modification 0x80683B6C-->805B07B1 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateController, Type: EAT modification 0x80683B70-->805C5A7D [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDevice, Type: EAT modification 0x80683B74-->805A170C [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDisk, Type: EAT modification 0x80683B78-->8061FCD3 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDriver, Type: EAT modification 0x80683B7C-->805B50EE [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFile, Type: Inline - RelativeJump 0x8056CE50-->8056CE4E [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFile, Type: EAT modification 0x80683B80-->80579B92 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x80683B84-->8058B001 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateNotificationEvent, Type: EAT modification 0x80683B88-->805B6BAB [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObject, Type: EAT modification 0x80683B8C-->805D2CFC [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x80683B90-->8050A4FD [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x80683B94-->8057BB83 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateSymbolicLink, Type: EAT modification 0x80683B98-->805D2EFF [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x80683B9C-->805C6899 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x80683BA0-->805D712C [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqInitialize, Type: EAT modification 0x80683BA4-->80509A3C [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqInsertIrp, Type: EAT modification 0x80683BA8-->80518C81 [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqRemoveIrp, Type: EAT modification 0x80683BAC-->80518CE6 [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x80683BB0-->804E612C [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteController, Type: EAT modification 0x80683BB4-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteDevice, Type: EAT modification 0x80683BB8-->80505760 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteDriver, Type: EAT modification 0x80683BBC-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x80683BC0-->805D7E64 [ntoskrnl.exe]
ntoskrnl.exe-->IoDetachDevice, Type: EAT modification 0x80683BC4-->80507FC4 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x80683BC8-->80560D54 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x80683BCC-->80560D5C [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceObjectType, Type: EAT modification 0x80683BD0-->80560D64 [ntoskrnl.exe]
ntoskrnl.exe-->IoDisconnectInterrupt, Type: EAT modification 0x80683BD4-->805AF3E9 [ntoskrnl.exe]
ntoskrnl.exe-->IoDriverObjectType, Type: EAT modification 0x80683BD8-->80560D60 [ntoskrnl.exe]
ntoskrnl.exe-->IoEnqueueIrp, Type: EAT modification 0x80683BDC-->806202B8 [ntoskrnl.exe]
ntoskrnl.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x80683BE0-->8050A29E [ntoskrnl.exe]
ntoskrnl.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x80683BE4-->80620F86 [ntoskrnl.exe]
ntoskrnl.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x80683BE8-->806202FB [ntoskrnl.exe]
ntoskrnl.exe-->IofCallDriver, Type: EAT modification 0x806836CC-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe-->IofCompleteRequest, Type: EAT modification 0x806836D0-->804E17CF [ntoskrnl.exe]
ntoskrnl.exe-->IoFileObjectType, Type: EAT modification 0x80683BEC-->80560D58 [ntoskrnl.exe]
ntoskrnl.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x80683BF0-->805C5620 [ntoskrnl.exe]
ntoskrnl.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x80683BF4-->805C5620 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeController, Type: EAT modification 0x80683BF8-->80509203 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x80683BFC-->80532315 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeIrp, Type: EAT modification 0x80683C00-->804EAF62 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeMdl, Type: EAT modification 0x80683C04-->804EDE66 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeWorkItem, Type: EAT modification 0x80683C08-->804FEBA5 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetAttachedDevice, Type: EAT modification 0x80683C0C-->804E8477 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x80683C10-->8051527F [ntoskrnl.exe]
ntoskrnl.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x80683C14-->804ED31D [ntoskrnl.exe]
ntoskrnl.exe-->IoGetBootDiskInformation, Type: EAT modification 0x80683C18-->805CC72D [ntoskrnl.exe]
ntoskrnl.exe-->IoGetConfigurationInformation, Type: EAT modification 0x80683C1C-->805D7121 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetCurrentProcess, Type: EAT modification 0x80683C20-->804E5E36 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x80683C24-->80508E5A [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x80683C28-->805D86E7 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x80683C2C-->8059D4AC [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x80683C30-->805E3B29 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceProperty, Type: EAT modification 0x80683C34-->8059BFB5 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceToVerify, Type: EAT modification 0x80683C38-->8050A371 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x80683C3C-->8050A31C [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDmaAdapter, Type: EAT modification 0x80683C40-->805C3C25 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x80683C44-->8050582A [ntoskrnl.exe]
ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x80683C48-->80579683 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetInitialStack, Type: EAT modification 0x80683C4C-->8053245E [ntoskrnl.exe]
ntoskrnl.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x80683C50-->80508DC6 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x80683C54-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorProcess, Type: EAT modification 0x80683C58-->804F4331 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorProcessId, Type: EAT modification 0x80683C5C-->804F9B61 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorSessionId, Type: EAT modification 0x80683C60-->80515366 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetStackLimits, Type: EAT modification 0x80683C64-->804DC214 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetTopLevelIrp, Type: EAT modification 0x80683C68-->804E84B2 [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeCrashDump, Type: EAT modification 0x80683C6C-->805BA4CB [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeIrp, Type: EAT modification 0x80683C70-->805197FC [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x80683C74-->805B667B [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeTimer, Type: EAT modification 0x80683C78-->805D7ED6 [ntoskrnl.exe]
ntoskrnl.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x80683C7C-->80505DDD [ntoskrnl.exe]
ntoskrnl.exe-->IoInvalidateDeviceState, Type: EAT modification 0x80683C80-->8050BADF [ntoskrnl.exe]
ntoskrnl.exe-->IoIsFileOriginRemote, Type: EAT modification 0x80683C84-->804F8355 [ntoskrnl.exe]
ntoskrnl.exe-->IoIsOperationSynchronous, Type: EAT modification 0x80683C88-->804EAFCE [ntoskrnl.exe]
ntoskrnl.exe-->IoIsSystemThread, Type: EAT modification 0x80683C8C-->80514E6B [ntoskrnl.exe]
ntoskrnl.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x80683C90-->80620400 [ntoskrnl.exe]
ntoskrnl.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x80683C94-->8059D309 [ntoskrnl.exe]
ntoskrnl.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x80683C98-->80513B48 [ntoskrnl.exe]
ntoskrnl.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x80683C9C-->805A0681 [ntoskrnl.exe]
ntoskrnl.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x80683CA0-->8059D062 [ntoskrnl.exe]
ntoskrnl.exe-->IoPageRead, Type: EAT modification 0x80683CA4-->804FB224 [ntoskrnl.exe]
ntoskrnl.exe-->IoPnPDeliverServicePowerNotification, Type: EAT modification 0x80683CA8-->80625626 [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryDeviceDescription, Type: EAT modification 0x80683CAC-->805B427B [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x80683CB0-->80620F0B [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryFileInformation, Type: EAT modification 0x80683CB4-->8058EFEC [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryVolumeInformation, Type: EAT modification 0x80683CB8-->805BB0FC [ntoskrnl.exe]
ntoskrnl.exe-->IoQueueThreadIrp, Type: EAT modification 0x80683CBC-->804FEB68 [ntoskrnl.exe]
ntoskrnl.exe-->IoQueueWorkItem, Type: EAT modification 0x80683CC0-->804E627F [ntoskrnl.exe]
ntoskrnl.exe-->IoRaiseHardError, Type: EAT modification 0x80683CC4-->8050A461 [ntoskrnl.exe]
ntoskrnl.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x80683CC8-->805324C7 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadDiskSignature, Type: Inline - RelativeJump 0x8050F8F2-->8050F8F8 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadDiskSignature, Type: EAT modification 0x80683CCC-->80510819 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadOperationCount, Type: EAT modification 0x80683CD0-->80560D50 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadPartitionTable, Type: EAT modification 0x806836C0-->805BE9EE [ntoskrnl.exe]
ntoskrnl.exe-->IoReadPartitionTableEx, Type: EAT modification 0x80683CD4-->805CC6CD [ntoskrnl.exe]
ntoskrnl.exe-->IoReadTransferCount, Type: EAT modification 0x80683CD8-->80560D40 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x80683CDC-->805C6911 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x80683CE0-->805DCC64 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x80683CE4-->805C5D02 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFileSystem, Type: EAT modification 0x80683CE8-->805AF1B5 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFsRegistrationChange, Type: Inline - RelativeJump 0x805D2A75-->805D2A83 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x80683CEC-->805CE9E2 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x80683CF0-->80620933 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x80683CF4-->8059D346 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x80683CF8-->805BB902 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x80683CFC-->804E81BD [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x80683D00-->80624AE1 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x80683D04-->804EACF3 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x80683D08-->805058EC [ntoskrnl.exe]
ntoskrnl.exe-->IoRemoveShareAccess, Type: Inline - RelativeJump 0x8056D00C-->8056D03E [ntoskrnl.exe]
ntoskrnl.exe-->IoRemoveShareAccess, Type: EAT modification 0x80683D0C-->80579BF4 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportDetectedDevice, Type: EAT modification 0x80683D10-->805CDE34 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportHalResourceUsage, Type: EAT modification 0x80683D14-->806B48FB [ntoskrnl.exe]
ntoskrnl.exe-->IoReportResourceForDetection, Type: EAT modification 0x80683D18-->805BDCFD [ntoskrnl.exe]
ntoskrnl.exe-->IoReportResourceUsage, Type: EAT modification 0x80683D1C-->805BD317 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x80683D20-->80625711 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x80683D24-->805054D9 [ntoskrnl.exe]
ntoskrnl.exe-->IoRequestDeviceEject, Type: EAT modification 0x80683D28-->80535825 [ntoskrnl.exe]
ntoskrnl.exe-->IoReuseIrp, Type: EAT modification 0x80683D2C-->804ECE58 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x80683D30-->8050D9E8 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x80683D34-->805D7867 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetDeviceToVerify, Type: EAT modification 0x80683D38-->8050A388 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetFileOrigin, Type: EAT modification 0x80683D3C-->8051C812 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x80683D40-->80508949 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetInformation, Type: EAT modification 0x80683D44-->8062098F [ntoskrnl.exe]
ntoskrnl.exe-->IoSetIoCompletion, Type: EAT modification 0x80683D48-->80576D74 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformation, Type: Inline - RelativeJump 0x80613BB8-->80613BCE [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformation, Type: EAT modification 0x806836C4-->8061E517 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x80683D4C-->8061FD2A [ntoskrnl.exe]
ntoskrnl.exe-->IoSetShareAccess, Type: EAT modification 0x80683D50-->80579C54 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetStartIoAttributes, Type: EAT modification 0x80683D54-->8050E35E [ntoskrnl.exe]
ntoskrnl.exe-->IoSetSystemPartition, Type: EAT modification 0x80683D58-->8053294B [ntoskrnl.exe]
ntoskrnl.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x80683D5C-->804E9480 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetTopLevelIrp, Type: EAT modification 0x80683D60-->804E8495 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacket, Type: Inline - RelativeCall 0x804E3EEB-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacket, Type: EAT modification 0x80683D64-->804E5C3B [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacketByKey, Type: EAT modification 0x80683D68-->805327F1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartPacket, Type: EAT modification 0x80683D6C-->804E60A1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartTimer, Type: EAT modification 0x80683D70-->80508AA0 [ntoskrnl.exe]
ntoskrnl.exe-->IoStatisticsLock, Type: EAT modification 0x80683D74-->80559700 [ntoskrnl.exe]
ntoskrnl.exe-->IoStopTimer, Type: EAT modification 0x80683D78-->80507CD1 [ntoskrnl.exe]
ntoskrnl.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x80683D7C-->805B6B18 [ntoskrnl.exe]
ntoskrnl.exe-->IoSynchronousPageWrite, Type: EAT modification 0x80683D80-->804EEC16 [ntoskrnl.exe]
ntoskrnl.exe-->IoThreadToProcess, Type: EAT modification 0x80683D84-->804E8400 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterFileSystem, Type: EAT modification 0x80683D88-->805B05C9 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x80683D8C-->80620C44 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x80683D90-->8059D295 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x80683D94-->80665347 [ntoskrnl.exe]
ntoskrnl.exe-->IoUpdateShareAccess, Type: EAT modification 0x80683D98-->8057BB20 [ntoskrnl.exe]
ntoskrnl.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x80683D9C-->80532B20 [ntoskrnl.exe]
ntoskrnl.exe-->IoVerifyPartitionTable, Type: EAT modification 0x80683DA0-->8061FAE0 [ntoskrnl.exe]
ntoskrnl.exe-->IoVerifyVolume, Type: EAT modification 0x80683DA4-->80620CB4 [ntoskrnl.exe]
ntoskrnl.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x80683DA8-->80534DE2 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x80683DAC-->80646D42 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIDeviceObjectToInstanceName, Type: Inline - RelativeCall 0x80545D11-->80545A53 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x80683DB0-->80549B6B [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIExecuteMethod, Type: EAT modification 0x80683DB4-->80647337 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x80683DB8-->8050B48C [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIOpenBlock, Type: Inline - RelativeJump 0x805A8171-->805C71BD [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIOpenBlock, Type: EAT modification 0x80683DBC-->805B10CA [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQueryAllData, Type: EAT modification 0x80683DC0-->805B194F [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x80683DC4-->8064707A [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x80683DC8-->805B5762 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x80683DCC-->806470FC [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIRegistrationControl, Type: EAT modification 0x80683DD0-->805A218B [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x80683DD4-->805B1BF7 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetSingleInstance, Type: EAT modification 0x80683DD8-->8064717F [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetSingleItem, Type: EAT modification 0x80683DDC-->80647257 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x80683DE0-->80646E29 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIWriteEvent, Type: EAT modification 0x80683DE4-->805094CA [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x80683DE8-->8050BDCD [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteOperationCount, Type: EAT modification 0x80683DEC-->80560D4C [ntoskrnl.exe]
ntoskrnl.exe-->IoWritePartitionTable, Type: EAT modification 0x806836C8-->8061E78B [ntoskrnl.exe]
ntoskrnl.exe-->IoWritePartitionTableEx, Type: EAT modification 0x80683DF0-->8061F9C6 [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteTransferCount, Type: EAT modification 0x80683DF4-->80560D38 [ntoskrnl.exe]
ntoskrnl.exe-->isdigit, Type: EAT modification 0x80684CA0-->805124D7 [ntoskrnl.exe]
ntoskrnl.exe-->islower, Type: EAT modification 0x80684CA4-->8054B4C1 [ntoskrnl.exe]
ntoskrnl.exe-->isprint, Type: EAT modification 0x80684CA8-->8054B542 [ntoskrnl.exe]
ntoskrnl.exe-->isspace, Type: Inline - RelativeJump 0x805476AE-->805476D3 [ntoskrnl.exe]
ntoskrnl.exe-->isspace, Type: EAT modification 0x80684CAC-->80512500 [ntoskrnl.exe]
ntoskrnl.exe-->isupper, Type: EAT modification 0x80684CB0-->805124AE [ntoskrnl.exe]
ntoskrnl.exe-->isxdigit, Type: EAT modification 0x80684CB4-->8054B4FF [ntoskrnl.exe]
ntoskrnl.exe-->KdDebuggerEnabled, Type: EAT modification 0x80683DF8-->8055BA41 [ntoskrnl.exe]
ntoskrnl.exe-->KdDebuggerNotPresent, Type: EAT modification 0x80683DFC-->8055BA40 [ntoskrnl.exe]
ntoskrnl.exe-->KdDisableDebugger, Type: EAT modification 0x80683E00-->80535F65 [ntoskrnl.exe]
ntoskrnl.exe-->KdEnableDebugger, Type: EAT modification 0x80683E04-->80535FDE [ntoskrnl.exe]
ntoskrnl.exe-->KdEnteredDebugger, Type: EAT modification 0x80683E08-->8055BA44 [ntoskrnl.exe]
ntoskrnl.exe-->KdPollBreakIn, Type: EAT modification 0x80683E0C-->804E25AB [ntoskrnl.exe]
ntoskrnl.exe-->KdPowerTransition, Type: EAT modification 0x80683E10-->8053603B [ntoskrnl.exe]
ntoskrnl.exe-->Ke386CallBios, Type: Inline - RelativeCall 0x805B790E-->805B7926 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386CallBios, Type: EAT modification 0x80683E14-->805B334A [ntoskrnl.exe]
ntoskrnl.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x80683E18-->8050DC81 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x80683E1C-->8050DC25 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x80683E20-->8050DD1F [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x806836D4-->804E2518 [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x80683E24-->80536447 [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x80683E28-->804E243B [ntoskrnl.exe]
ntoskrnl.exe-->KeAddSystemServiceTable, Type: EAT modification 0x80683E2C-->805B8D9D [ntoskrnl.exe]
ntoskrnl.exe-->KeAreApcsDisabled, Type: EAT modification 0x80683E30-->8051AEAC [ntoskrnl.exe]
ntoskrnl.exe-->KeAttachProcess, Type: EAT modification 0x80683E34-->804F15C5 [ntoskrnl.exe]
ntoskrnl.exe-->KeBugCheck, Type: EAT modification 0x80683E38-->80537679 [ntoskrnl.exe]
ntoskrnl.exe-->KeBugCheckEx, Type: EAT modification 0x80683E3C-->8053769F [ntoskrnl.exe]
ntoskrnl.exe-->KeCancelTimer, Type: EAT modification 0x80683E40-->804E61C5 [ntoskrnl.exe]
ntoskrnl.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x80683E44-->8053375F [ntoskrnl.exe]
ntoskrnl.exe-->KeClearEvent, Type: EAT modification 0x80683E48-->804E5AA4 [ntoskrnl.exe]
ntoskrnl.exe-->KeConnectInterrupt, Type: EAT modification 0x80683E4C-->8050A11A [ntoskrnl.exe]
ntoskrnl.exe-->KeDcacheFlushCount, Type: EAT modification 0x80683E50-->8055BA54 [ntoskrnl.exe]
ntoskrnl.exe-->KeDelayExecutionThread, Type: EAT modification 0x80683E54-->804E14F6 [ntoskrnl.exe]
ntoskrnl.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x80683E58-->805368B7 [ntoskrnl.exe]
ntoskrnl.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x80683E5C-->805369DF [ntoskrnl.exe]
ntoskrnl.exe-->KeDetachProcess, Type: EAT modification 0x80683E60-->804F161E [ntoskrnl.exe]
ntoskrnl.exe-->KeDisconnectInterrupt, Type: EAT modification 0x80683E64-->80509FF8 [ntoskrnl.exe]
ntoskrnl.exe-->KeEnterCriticalRegion, Type: EAT modification 0x80683E68-->804D95F2 [ntoskrnl.exe]
ntoskrnl.exe-->KeEnterKernelDebugger, Type: EAT modification 0x80683E6C-->8053686B [ntoskrnl.exe]
ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x806836E0-->804E2427 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: EAT modification 0x80683E70-->806B4DD9 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x80683E74-->806BA287 [ntoskrnl.exe]
ntoskrnl.exe-->KeFlushEntireTb, Type: EAT modification 0x80683E78-->804E9BF5 [ntoskrnl.exe]
ntoskrnl.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x80683E7C-->805AD468 [ntoskrnl.exe]
ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: EAT modification 0x806836E4-->804E2468 [ntoskrnl.exe]
ntoskrnl.exe-->KeGetCurrentThread, Type: EAT modification 0x80683E80-->804DB622 [ntoskrnl.exe]
ntoskrnl.exe-->KeGetPreviousMode, Type: EAT modification 0x80683E84-->804DB62A [ntoskrnl.exe]
ntoskrnl.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x80683E88-->80508931 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386AbiosCall, Type: EAT modification 0x80683E8C-->80537CFD [ntoskrnl.exe]
ntoskrnl.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x80683E90-->80510DC4 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x80683E94-->804D9A3C [ntoskrnl.exe]
ntoskrnl.exe-->KeI386Call16BitFunction, Type: EAT modification 0x80683E98-->804D9898 [ntoskrnl.exe]
ntoskrnl.exe-->Kei386EoiHelper, Type: EAT modification 0x8068370C-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x80683E9C-->80537E0A [ntoskrnl.exe]
ntoskrnl.exe-->KeI386GetLid, Type: EAT modification 0x80683EA0-->80537AFF [ntoskrnl.exe]
ntoskrnl.exe-->KeI386MachineType, Type: EAT modification 0x80683EA4-->8055BA84 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x80683EA8-->80537D9F [ntoskrnl.exe]
ntoskrnl.exe-->KeI386ReleaseLid, Type: EAT modification 0x80683EAC-->80537C7B [ntoskrnl.exe]
ntoskrnl.exe-->KeI386SetGdtSelector, Type: EAT modification 0x80683EB0-->806664DA [ntoskrnl.exe]
ntoskrnl.exe-->KeIcacheFlushCount, Type: EAT modification 0x80683EB4-->8055BA58 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeApc, Type: EAT modification 0x80683EB8-->804E5C99 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x80683EBC-->80506671 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeDpc, Type: EAT modification 0x80683EC0-->804E7DB8 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeEvent, Type: EAT modification 0x80683EC4-->804E7DE6 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeInterrupt, Type: EAT modification 0x80683EC8-->8050A082 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutant, Type: EAT modification 0x80683ECC-->804FA804 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutex, Type: Inline - RelativeJump 0x8051243B-->8052ACC7 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutex, Type: EAT modification 0x80683ED0-->80518BE3 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeQueue, Type: EAT modification 0x80683ED4-->804FE890 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeSemaphore, Type: EAT modification 0x80683ED8-->804E88F1 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeSpinLock, Type: EAT modification 0x80683EDC-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeTimer, Type: EAT modification 0x80683EE0-->804EC4FB [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeTimerEx, Type: EAT modification 0x80683EE4-->804EC513 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x80683EE8-->804E5F99 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertDeviceQueue, Type: EAT modification 0x80683EEC-->804E605E [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertHeadQueue, Type: EAT modification 0x80683EF0-->8051AFA3 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueue, Type: EAT modification 0x80683EF4-->804E5AB9 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueueApc, Type: EAT modification 0x80683EF8-->804E5CEF [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueueDpc, Type: EAT modification 0x80683EFC-->804D968D [ntoskrnl.exe]
ntoskrnl.exe-->KeIsAttachedProcess, Type: EAT modification 0x80683F00-->80509CD9 [ntoskrnl.exe]
ntoskrnl.exe-->KeIsExecutingDpc, Type: EAT modification 0x80683F04-->804DB63A [ntoskrnl.exe]
ntoskrnl.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x80683F08-->804D9604 [ntoskrnl.exe]
ntoskrnl.exe-->KeLoaderBlock, Type: EAT modification 0x80683F0C-->8055BA5C [ntoskrnl.exe]
ntoskrnl.exe-->KeNumberProcessors, Type: EAT modification 0x80683F10-->8055BA60 [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterrupt, Type: EAT modification 0x80683F14-->804E28EE [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterruptWithSource, Type: Inline - RelativeCall 0x804E3482-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x80683F18-->804E28F6 [ntoskrnl.exe]
ntoskrnl.exe-->KePulseEvent, Type: EAT modification 0x80683F1C-->80515CB3 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryActiveProcessors, Type: EAT modification 0x80683F20-->805B623F [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryInterruptTime, Type: EAT modification 0x80683F24-->804E5C65 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryPriorityThread, Type: EAT modification 0x80683F28-->80538084 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryRuntimeThread, Type: EAT modification 0x80683F2C-->805150DC [ntoskrnl.exe]
ntoskrnl.exe-->KeQuerySystemTime, Type: Inline - RelativeCall 0x804E3BB5-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeQuerySystemTime, Type: EAT modification 0x80683F30-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTickCount, Type: Inline - RelativeJump 0x804EDC2E-->804EDC28 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTickCount, Type: EAT modification 0x80683F34-->804ED995 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTimeIncrement, Type: EAT modification 0x80683F38-->804E5A3E [ntoskrnl.exe]
ntoskrnl.exe-->KeRaiseUserException, Type: EAT modification 0x80683F3C-->805383C4 [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateEvent, Type: Inline - PushRet 0x804E42CB-->CFB80008 [unknown_code_page]
ntoskrnl.exe-->KeReadStateEvent, Type: EAT modification 0x80683F40-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateMutant, Type: EAT modification 0x80683F44-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateMutex, Type: EAT modification 0x80683F48-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateQueue, Type: EAT modification 0x80683F4C-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateSemaphore, Type: EAT modification 0x80683F50-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateTimer, Type: EAT modification 0x80683F54-->804E6C19 [ntoskrnl.exe]
ntoskrnl.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x80683F58-->8050DB2A [ntoskrnl.exe]
ntoskrnl.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x80683F5C-->8050E119 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x806836D8-->804E2550 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x80683F60-->80536476 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseMutant, Type: EAT modification 0x80683F64-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseMutex, Type: EAT modification 0x80683F68-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSemaphore, Type: EAT modification 0x80683F6C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSpinLockFromDpcLevel, Type: Inline - RelativeJump 0x804DA5EF-->804DA603 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x80683F70-->804E246C [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x80683F74-->804E6020 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x80683F78-->80537F0F [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveDeviceQueue, Type: EAT modification 0x80683F7C-->804E5FE4 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x80683F80-->80537F84 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveQueue, Type: EAT modification 0x80683F84-->804E21B4 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveQueueDpc, Type: EAT modification 0x80683F88-->80514F93 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x80683F8C-->8062A382 [ntoskrnl.exe]
ntoskrnl.exe-->KeResetEvent, Type: EAT modification 0x80683F90-->804E8525 [ntoskrnl.exe]
ntoskrnl.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x80683F94-->804F44A2 [ntoskrnl.exe]
ntoskrnl.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x80683F98-->80506DBF [ntoskrnl.exe]
ntoskrnl.exe-->KeRundownQueue, Type: EAT modification 0x80683F9C-->804FE9AC [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: Inline - RelativeCall 0x804F0D9B-->804EA9EB [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: Inline - RelativeJump 0x804F0DA3-->80507AFA [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: EAT modification 0x80683FA0-->804F4385 [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveStateForHibernate, Type: EAT modification 0x80683FA4-->8053849F [ntoskrnl.exe]
ntoskrnl.exe-->KeServiceDescriptorTable, Type: EAT modification 0x80683FA8-->80562520 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetAffinityThread, Type: EAT modification 0x80683FAC-->805188C3 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetBasePriorityThread, Type: EAT modification 0x80683FB0-->80514FD4 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x80683FB4-->80536367 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetEvent, Type: EAT modification 0x80683FB8-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetEventBoostPriority, Type: EAT modification 0x80683FBC-->804E68BC [ntoskrnl.exe]
ntoskrnl.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x80683FC0-->80519874 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetImportanceDpc, Type: EAT modification 0x80683FC4-->804EC82B [ntoskrnl.exe]
ntoskrnl.exe-->KeSetKernelStackSwapEnable, Type: EAT modification 0x80683FC8-->804F45DC [ntoskrnl.exe]
ntoskrnl.exe-->KeSetPriorityThread, Type: EAT modification 0x80683FCC-->804EC21C [ntoskrnl.exe]
ntoskrnl.exe-->KeSetProfileIrql, Type: EAT modification 0x80683FD0-->806B4D76 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x80683FD4-->80506D58 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x80683FD8-->80509693 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimeIncrement, Type: EAT modification 0x80683FDC-->80510D87 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimer, Type: EAT modification 0x80683FE0-->804E216F [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimerEx, Type: EAT modification 0x80683FE4-->804E210E [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimeUpdateNotifyRoutine, Type: EAT modification 0x806836DC-->8062A3EF [ntoskrnl.exe]
ntoskrnl.exe-->KeStackAttachProcess, Type: EAT modification 0x80683FE8-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe-->KeSynchronizeExecution, Type: EAT modification 0x80683FEC-->804DB68A [ntoskrnl.exe]
ntoskrnl.exe-->KeTerminateThread, Type: EAT modification 0x80683FF0-->804EC32A [ntoskrnl.exe]
ntoskrnl.exe-->KeTickCount, Type: EAT modification 0x80683FF4-->8055A000 [ntoskrnl.exe]
ntoskrnl.exe-->KeUnstackDetachProcess, Type: Inline - RelativeCall 0x804F14F6-->804F1580 [ntoskrnl.exe]
ntoskrnl.exe-->KeUnstackDetachProcess, Type: EAT modification 0x80683FF8-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateRunTime, Type: Inline - RelativeCall 0x804E3346-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateRunTime, Type: EAT modification 0x80683FFC-->804E2794 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateSystemTime, Type: EAT modification 0x80684000-->804E2608 [ntoskrnl.exe]
ntoskrnl.exe-->KeUserModeCallback, Type: EAT modification 0x80684004-->8056F133 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x80684008-->804E1A33 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForMutexObject, Type: EAT modification 0x8068400C-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForSingleObject, Type: EAT modification 0x80684010-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe-->KiAcquireSpinLock, Type: EAT modification 0x806836E8-->804E2478 [ntoskrnl.exe]
ntoskrnl.exe-->KiBugCheckData, Type: EAT modification 0x80684014-->80562EC0 [ntoskrnl.exe]
ntoskrnl.exe-->KiCoprocessorError, Type: EAT modification 0x80684018-->804E114B [ntoskrnl.exe]
ntoskrnl.exe-->KiDeliverApc, Type: EAT modification 0x8068401C-->804DCE01 [ntoskrnl.exe]
ntoskrnl.exe-->KiDispatchInterrupt, Type: Inline - RelativeJump 0x804DB880-->804DB87F [ntoskrnl.exe]

ntoskrnl.exe-->KiDispatchInterrupt, Type: EAT modification 0x80684020-->804DC862 [ntoskrnl.exe]
ntoskrnl.exe-->KiEnableTimerWatchdog, Type: EAT modification 0x80684024-->8055BA78 [ntoskrnl.exe]
ntoskrnl.exe-->Kii386SpinOnSpinLock, Type: EAT modification 0x80683710-->804DB61F [ntoskrnl.exe]
ntoskrnl.exe-->KiIpiServiceRoutine, Type: EAT modification 0x80684028-->804D9D1E [ntoskrnl.exe]
ntoskrnl.exe-->KiReleaseSpinLock, Type: EAT modification 0x806836EC-->804E2498 [ntoskrnl.exe]
ntoskrnl.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x8068402C-->804DBAF4 [ntoskrnl.exe]
ntoskrnl.exe-->LdrAccessResource, Type: EAT modification 0x80684030-->805DE2A9 [ntoskrnl.exe]
ntoskrnl.exe-->LdrEnumResources, Type: EAT modification 0x80684034-->80638B08 [ntoskrnl.exe]
ntoskrnl.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x80684038-->805B5A5F [ntoskrnl.exe]
ntoskrnl.exe-->LdrFindResource_U, Type: EAT modification 0x8068403C-->805B8648 [ntoskrnl.exe]
ntoskrnl.exe-->LpcPortObjectType, Type: EAT modification 0x80684040-->80562F08 [ntoskrnl.exe]
ntoskrnl.exe-->LpcRequestPort, Type: EAT modification 0x80684044-->8059531E [ntoskrnl.exe]
ntoskrnl.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x80684048-->8059E237 [ntoskrnl.exe]
ntoskrnl.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x8068404C-->80651D70 [ntoskrnl.exe]
ntoskrnl.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x80684050-->80651E13 [ntoskrnl.exe]
ntoskrnl.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x80684054-->805EB39D [ntoskrnl.exe]
ntoskrnl.exe-->LsaLogonUser, Type: EAT modification 0x80684058-->80651C76 [ntoskrnl.exe]
ntoskrnl.exe-->LsaLookupAuthenticationPackage, Type: EAT modification 0x8068405C-->80651BC8 [ntoskrnl.exe]
ntoskrnl.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x80684060-->80651A2F [ntoskrnl.exe]
ntoskrnl.exe-->mbstowcs, Type: EAT modification 0x80684CB8-->8054B59C [ntoskrnl.exe]
ntoskrnl.exe-->mbtowc, Type: EAT modification 0x80684CBC-->804FCFAF [ntoskrnl.exe]
ntoskrnl.exe-->memchr, Type: EAT modification 0x80684CC0-->804DA9DB [ntoskrnl.exe]
ntoskrnl.exe-->memcpy, Type: EAT modification 0x80684CC4-->804DAA82 [ntoskrnl.exe]
ntoskrnl.exe-->memmove, Type: EAT modification 0x80684CC8-->804DADC5 [ntoskrnl.exe]
ntoskrnl.exe-->memset, Type: EAT modification 0x80684CCC-->804DB105 [ntoskrnl.exe]
ntoskrnl.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x80684064-->80567944 [ntoskrnl.exe]
ntoskrnl.exe-->MmAddPhysicalMemory, Type: EAT modification 0x80684068-->8066AC0B [ntoskrnl.exe]
ntoskrnl.exe-->MmAddVerifierThunks, Type: EAT modification 0x8068406C-->8062BAF4 [ntoskrnl.exe]
ntoskrnl.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x80684070-->8066AC3B [ntoskrnl.exe]
ntoskrnl.exe-->MmAdvanceMdl, Type: EAT modification 0x80684074-->8053AB13 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x80684078-->8050C3E2 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x8068407C-->80504DD2 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateMappingAddress, Type: EAT modification 0x80684080-->805C5B3D [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x80684084-->8062CC8A [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x80684088-->8066586D [ntoskrnl.exe]
ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x8068408C-->804EDEBC [ntoskrnl.exe]
ntoskrnl.exe-->MmCanFileBeTruncated, Type: EAT modification 0x80684090-->804F719D [ntoskrnl.exe]
ntoskrnl.exe-->MmCommitSessionMappedView, Type: EAT modification 0x80684094-->805053E8 [ntoskrnl.exe]
ntoskrnl.exe-->MmCreateMdl, Type: EAT modification 0x80684098-->804FAA38 [ntoskrnl.exe]
ntoskrnl.exe-->MmCreateSection, Type: EAT modification 0x8068409C-->804E1CC0 [ntoskrnl.exe]
ntoskrnl.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x806840A0-->804FAC31 [ntoskrnl.exe]
ntoskrnl.exe-->MmFlushImageSection, Type: EAT modification 0x806840A4-->804F710E [ntoskrnl.exe]
ntoskrnl.exe-->MmForceSectionClosed, Type: EAT modification 0x806840A8-->80500F48 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeContiguousMemory, Type: EAT modification 0x806840AC-->80504F19 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x806840B0-->8053B0C8 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeMappingAddress, Type: EAT modification 0x806840B4-->8062C8DD [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x806840B8-->8062CDBB [ntoskrnl.exe]
ntoskrnl.exe-->MmFreePagesFromMdl, Type: EAT modification 0x806840BC-->8066B0FF [ntoskrnl.exe]
ntoskrnl.exe-->MmGetPhysicalAddress, Type: EAT modification 0x806840C0-->80505086 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x806840C4-->80669CF7 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x806840C8-->805C0E58 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x806840CC-->8053B0E8 [ntoskrnl.exe]
ntoskrnl.exe-->MmGrowKernelStack, Type: EAT modification 0x806840D0-->804FA101 [ntoskrnl.exe]
ntoskrnl.exe-->MmHighestUserAddress, Type: EAT modification 0x806840D4-->80567EDC [ntoskrnl.exe]
ntoskrnl.exe-->MmIsAddressValid, Type: EAT modification 0x806840D8-->804E1F76 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsDriverVerifying, Type: Inline - PushRet 0x8050BD9C-->C7470010 [unknown_code_page]
ntoskrnl.exe-->MmIsDriverVerifying, Type: EAT modification 0x806840DC-->8050E225 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x806840E0-->8053CF57 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsRecursiveIoFault, Type: Inline - RelativeJump 0x80536CD3-->80536CE1 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x806840E4-->8053B195 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x806840E8-->80509675 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsVerifierEnabled, Type: EAT modification 0x806840EC-->805B84D1 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableDataSection, Type: EAT modification 0x806840F0-->805E7DA9 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableImageSection, Type: EAT modification 0x806840F4-->805E7DA9 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x806840F8-->805E09D2 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapIoSpace, Type: EAT modification 0x806840FC-->8050B5CA [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPages, Type: EAT modification 0x80684100-->804F97B4 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x80684104-->804EDF4C [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x80684108-->8053A6E9 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x8068410C-->8053B1BB [ntoskrnl.exe]
ntoskrnl.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x80684110-->8066B226 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapVideoDisplay, Type: EAT modification 0x80684114-->805C5993 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x80684118-->805E3103 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x8068411C-->8062D687 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewOfSection, Type: EAT modification 0x80684120-->8057A468 [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x80684124-->8062B9AB [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsGood, Type: Inline - RelativeJump 0x8066222D-->80662217 [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x80684128-->80669B6D [ntoskrnl.exe]
ntoskrnl.exe-->MmPageEntireDriver, Type: EAT modification 0x8068412C-->805DC76C [ntoskrnl.exe]
ntoskrnl.exe-->MmPrefetchPages, Type: EAT modification 0x80684130-->8059AB16 [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockPages, Type: EAT modification 0x80684134-->804F6BFF [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x80684138-->8062CE16 [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x8068413C-->8050863E [ntoskrnl.exe]
ntoskrnl.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x80684140-->8053AD4F [ntoskrnl.exe]
ntoskrnl.exe-->MmQuerySystemSize, Type: EAT modification 0x80684144-->8050896A [ntoskrnl.exe]
ntoskrnl.exe-->MmRemovePhysicalMemory, Type: Inline - RelativeJump 0x80623B43-->80623B51 [ntoskrnl.exe]
ntoskrnl.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x80684148-->8062B9CF [ntoskrnl.exe]
ntoskrnl.exe-->MmResetDriverPaging, Type: EAT modification 0x8068414C-->805DC83F [ntoskrnl.exe]
ntoskrnl.exe-->MmSectionObjectType, Type: EAT modification 0x80684150-->80567C40 [ntoskrnl.exe]
ntoskrnl.exe-->MmSecureVirtualMemory, Type: EAT modification 0x80684154-->80571DB6 [ntoskrnl.exe]
ntoskrnl.exe-->MmSetAddressRangeModified, Type: EAT modification 0x80684158-->804EF03B [ntoskrnl.exe]
ntoskrnl.exe-->MmSetBankedSection, Type: EAT modification 0x8068415C-->8062C991 [ntoskrnl.exe]
ntoskrnl.exe-->MmSizeOfMdl, Type: Inline - RelativeCall 0x804F7F4D-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe-->MmSizeOfMdl, Type: EAT modification 0x80684160-->804FACC1 [ntoskrnl.exe]
ntoskrnl.exe-->MmSystemRangeStart, Type: EAT modification 0x80684164-->80567ED8 [ntoskrnl.exe]
ntoskrnl.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x80684168-->8053DBAF [ntoskrnl.exe]
ntoskrnl.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x8068416C-->8051A1AB [ntoskrnl.exe]
ntoskrnl.exe-->MmUnlockPages, Type: EAT modification 0x80684170-->804F6EB5 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapIoSpace, Type: EAT modification 0x80684174-->8050B721 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapLockedPages, Type: EAT modification 0x80684178-->804EE0B8 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapReservedMapping, Type: EAT modification 0x8068417C-->8053A9B6 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x80684180-->805C59B2 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x80684184-->805E2E4C [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x80684188-->8062D6B4 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewOfSection, Type: EAT modification 0x8068418C-->8057C697 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x80684190-->80571D9E [ntoskrnl.exe]
ntoskrnl.exe-->MmUserProbeAddress, Type: EAT modification 0x80684194-->80567ED4 [ntoskrnl.exe]
ntoskrnl.exe-->NlsAnsiCodePage, Type: EAT modification 0x80684198-->8069A4F0 [ntoskrnl.exe]
ntoskrnl.exe-->NlsLeadByteInfo, Type: EAT modification 0x8068419C-->8056C4BC [ntoskrnl.exe]
ntoskrnl.exe-->NlsMbCodePageTag, Type: EAT modification 0x806841A0-->8069A508 [ntoskrnl.exe]
ntoskrnl.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x806841A4-->8069A720 [ntoskrnl.exe]
ntoskrnl.exe-->NlsOemCodePage, Type: EAT modification 0x806841A8-->8069A4F4 [ntoskrnl.exe]
ntoskrnl.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x806841AC-->8056C4C0 [ntoskrnl.exe]
ntoskrnl.exe-->NtAddAtom, Type: EAT modification 0x806841B0-->8057FA34 [ntoskrnl.exe]
ntoskrnl.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x806841B4-->80589C03 [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x806841B8-->805E28DD [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateUuids, Type: EAT modification 0x806841BC-->805DE611 [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x806841C0-->80570BC5 [ntoskrnl.exe]
ntoskrnl.exe-->NtBuildNumber, Type: EAT modification 0x806841C4-->805530E8 [ntoskrnl.exe]
ntoskrnl.exe-->NtCallbackReturn, Type: Inline - RelativeJump 0x804E2CD2-->804E2D17 [ntoskrnl.exe]
ntoskrnl.exe-->NtClearEvent, Type: Inline - RelativeJump 0x80569682-->80569689 [ntoskrnl.exe]
ntoskrnl.exe-->NtClose, Type: EAT modification 0x806841C8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe-->NtConnectPort, Type: EAT modification 0x806841CC-->80584D73 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateEvent, Type: EAT modification 0x806841D0-->805744F6 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: EAT modification 0x806841D4-->80573DFB [ntoskrnl.exe]
ntoskrnl.exe-->NtCreatePort, Type: Inline - RelativeCall 0x80597611-->8056C3D1 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSection, Type: EAT modification 0x806841D8-->8056DB66 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSemaphore, Type: Inline - RelativeJump 0x80572631-->805726BD [ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteAtom, Type: EAT modification 0x806841DC-->8058771C [ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteFile, Type: EAT modification 0x806841E0-->805DB33C [ntoskrnl.exe]
ntoskrnl.exe-->NtDeviceIoControlFile, Type: EAT modification 0x806841E4-->8058D747 [ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateObject, Type: EAT modification 0x806841E8-->8057EDE5 [ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateToken, Type: EAT modification 0x806841EC-->8058C373 [ntoskrnl.exe]
ntoskrnl.exe-->NtFindAtom, Type: EAT modification 0x806841F0-->805E480C [ntoskrnl.exe]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: EAT modification 0x806841F4-->805710BF [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Inline - RelativeJump 0x8057AC9C-->8057B57D [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Inline - RelativeJump 0x8057ACA4-->80579755 [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: EAT modification 0x806841F8-->8058274A [ntoskrnl.exe]
ntoskrnl.exe-->NtGlobalFlag, Type: EAT modification 0x806841FC-->805607EC [ntoskrnl.exe]
ntoskrnl.exe-->NtInitializeRegistry, Type: Inline - RelativeJump 0x805A80EA-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe-->NtInitiatePowerAction, Type: Inline - RelativeJump 0x8062C2AC-->8062C2B2 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockFile, Type: EAT modification 0x80684200-->80587AE9 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Inline - RelativeJump 0x805D0F98-->805A8085 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Inline - RelativeJump 0x805D0FA1-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe-->NtMakePermanentObject, Type: EAT modification 0x80684204-->805E7AE2 [ntoskrnl.exe]
ntoskrnl.exe-->NtMapViewOfSection, Type: EAT modification 0x80684208-->8057A879 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x8068420C-->80587D80 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeCall 0x8058EAA0-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x8058EAA9-->80574322 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x8058EAAE-->80599DFC [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeCall 0x8058EB69-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeJump 0x8058EB72-->8057F2BF [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeJump 0x8058EB77-->805AFC1C [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenEventPair, Type: Inline - RelativeJump 0x8064957F-->80649536 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenFile, Type: EAT modification 0x80684210-->80579CF1 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Inline - RelativeJump 0x8059540D-->8059678E [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Inline - RelativeJump 0x80595413-->805EA1C3 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcess, Type: EAT modification 0x80684214-->8057F592 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessToken, Type: EAT modification 0x80684218-->80578148 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x8068421C-->8057809F [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThread, Type: EAT modification 0x80684220-->80584849 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadToken, Type: EAT modification 0x80684224-->805746D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x80684228-->805745CF [ntoskrnl.exe]
ntoskrnl.exe-->NtPrivilegedServiceAuditAlarm, Type: Inline - RelativeJump 0x805AA8D4-->805D92D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump 0x8057EC95-->8057EC6B [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: EAT modification 0x8068422C-->8057B814 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEaFile, Type: EAT modification 0x80684230-->8062164C [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEvent, Type: Inline - RelativeJump 0x80589EBC-->80589ECE [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationAtom, Type: EAT modification 0x80684234-->805B065E [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: Inline - RelativeJump 0x80572E51-->80572E42 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: EAT modification 0x80684238-->8057AB98 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: Inline - RelativeJump 0x8056DD1F-->8056DD45 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: EAT modification 0x8068423C-->805747B6 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationThread, Type: EAT modification 0x80684240-->80576860 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationToken, Type: EAT modification 0x80684244-->80576F36 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Inline - PushRet 0x80567344-->9822D25A [unknown_code_page]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Inline - RelativeJump 0x8056734F-->80567359 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPortInformationProcess, Type: Inline - RelativeJump 0x8062D845-->8062D85D [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x80684248-->80621F03 [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySecurityObject, Type: EAT modification 0x8068424C-->805DFD3E [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySymbolicLinkObject, Type: Inline - RelativeJump 0x80589B76-->80589E54 [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemInformation, Type: EAT modification 0x80684250-->8058B41A [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemTime, Type: Inline - RelativeJump 0x8058A5B6-->805EB5D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x80684254-->8057A03C [ntoskrnl.exe]
ntoskrnl.exe-->NtRaiseException, Type: Inline - RelativeJump 0x804E206A-->804E2068 [ntoskrnl.exe]
ntoskrnl.exe-->NtReadFile, Type: EAT modification 0x80684258-->8057495D [ntoskrnl.exe]
ntoskrnl.exe-->NtReleaseMutant, Type: Inline - RelativeJump 0x80566490-->80566499 [ntoskrnl.exe]
ntoskrnl.exe-->NtRemoveProcessDebug, Type: Inline - RelativeJump 0x8065B62B-->8065B66E [ntoskrnl.exe]
ntoskrnl.exe-->NtRequestPort, Type: EAT modification 0x8068425C-->805E33BE [ntoskrnl.exe]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x80684260-->8057CD93 [ntoskrnl.exe]
ntoskrnl.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8064F0EC-->8064F0F2 [ntoskrnl.exe]
ntoskrnl.exe-->NtSecureConnectPort, Type: Inline - RelativeJump 0x805888DD-->805E62D4 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetEaFile, Type: EAT modification 0x80684264-->80621B91 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetEvent, Type: EAT modification 0x80684268-->80570634 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Inline - RelativeCall 0x8064988C-->80649352 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Inline - RelativeJump 0x80649892-->80649869 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationFile, Type: EAT modification 0x8068426C-->8058A47C [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationProcess, Type: EAT modification 0x80684270-->80574B1F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationThread, Type: EAT modification 0x80684274-->80576AB3 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x80684278-->80621ED9 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetSecurityObject, Type: EAT modification 0x8068427C-->805DFB3F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeJump 0x80617B1B-->8057275F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeJump 0x80617B25-->80572626 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeCall 0x80617B2A-->80570360 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x80684280-->80622417 [ntoskrnl.exe]
ntoskrnl.exe-->NtShutdownSystem, Type: EAT modification 0x80684284-->8064E8EB [ntoskrnl.exe]
ntoskrnl.exe-->NtSignalAndWaitForSingleObject, Type: Inline - RelativeJump 0x805173A1-->80517452 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateJobObject, Type: Inline - RelativeJump 0x80630579-->806305F6 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA71-->8057B034 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeCall 0x8057BA76-->80573C38 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA7B-->8056D095 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA8B-->8057B9B6 [ntoskrnl.exe]
ntoskrnl.exe-->NtTraceEvent, Type: EAT modification 0x80684288-->805499E0 [ntoskrnl.exe]
ntoskrnl.exe-->NtUnlockFile, Type: EAT modification 0x8068428C-->80587C49 [ntoskrnl.exe]
ntoskrnl.exe-->NtVdmControl, Type: EAT modification 0x80684290-->805B3552 [ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForSingleObject, Type: Inline - PushRet 0x8056618A-->9822CEC6 [unknown_code_page]
ntoskrnl.exe-->NtWaitForSingleObject, Type: EAT modification 0x80684294-->8056DF62 [ntoskrnl.exe]
ntoskrnl.exe-->NtWriteFile, Type: EAT modification 0x80684298-->8058A6FD [ntoskrnl.exe]
ntoskrnl.exe-->ObAssignSecurity, Type: EAT modification 0x8068429C-->80575777 [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckCreateObjectAccess, Type: Inline - RelativeCall 0x8058DD06-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x806842A0-->8058858B [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckObjectAccess, Type: EAT modification 0x806842A4-->8056DD78 [ntoskrnl.exe]
ntoskrnl.exe-->ObCloseHandle, Type: EAT modification 0x806842A8-->80571730 [ntoskrnl.exe]
ntoskrnl.exe-->ObCreateObject, Type: EAT modification 0x806842AC-->8056D525 [ntoskrnl.exe]
ntoskrnl.exe-->ObCreateObjectType, Type: EAT modification 0x806842B0-->805CBC4E [ntoskrnl.exe]
ntoskrnl.exe-->ObDereferenceObject, Type: EAT modification 0x806842B4-->80541089 [ntoskrnl.exe]
ntoskrnl.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x806842B8-->8056D963 [ntoskrnl.exe]
ntoskrnl.exe-->ObfDereferenceObject, Type: EAT modification 0x806836F0-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe-->ObFindHandleForObject, Type: EAT modification 0x806842BC-->805E859F [ntoskrnl.exe]
ntoskrnl.exe-->ObfReferenceObject, Type: EAT modification 0x806836F4-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe-->ObGetObjectSecurity, Type: EAT modification 0x806842C0-->8056C287 [ntoskrnl.exe]
ntoskrnl.exe-->ObInsertObject, Type: EAT modification 0x806842C4-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x806842C8-->80541121 [ntoskrnl.exe]
ntoskrnl.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x806842CC-->805755A8 [ntoskrnl.exe]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: EAT modification 0x806842D0-->805E74E6 [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByName, Type: EAT modification 0x806842D4-->8057010D [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByPointer, Type: Inline - RelativeCall 0x8056DC57-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByPointer, Type: EAT modification 0x806842D8-->80577F90 [ntoskrnl.exe]
ntoskrnl.exe-->ObQueryNameString, Type: EAT modification 0x806842DC-->8058F2D9 [ntoskrnl.exe]
ntoskrnl.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x806842E0-->80589506 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x806842E4-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByName, Type: EAT modification 0x806842E8-->80597466 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x806842EC-->804EA5A1 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x806842F0-->8059DD71 [ntoskrnl.exe]
ntoskrnl.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x806842F4-->8056C241 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetHandleAttributes, Type: EAT modification 0x806842F8-->80595862 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x806842FC-->8059EE92 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x80684300-->805DFBEF [ntoskrnl.exe]
ntoskrnl.exe-->PfxFindPrefix, Type: EAT modification 0x80684304-->80639DD3 [ntoskrnl.exe]
ntoskrnl.exe-->PfxInitialize, Type: EAT modification 0x80684308-->806399CC [ntoskrnl.exe]
ntoskrnl.exe-->PfxInsertPrefix, Type: EAT modification 0x8068430C-->80639CE9 [ntoskrnl.exe]
ntoskrnl.exe-->PfxRemovePrefix, Type: EAT modification 0x80684310-->806399EF [ntoskrnl.exe]
ntoskrnl.exe-->PoCallDriver, Type: EAT modification 0x80684314-->805072A3 [ntoskrnl.exe]
ntoskrnl.exe-->PoCancelDeviceNotify, Type: EAT modification 0x80684318-->805411A0 [ntoskrnl.exe]
ntoskrnl.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x8068431C-->805C5BB2 [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x80684320-->8050565D [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x80684324-->8054169B [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterSystemState, Type: EAT modification 0x80684328-->805192E1 [ntoskrnl.exe]
ntoskrnl.exe-->PoRequestPowerIrp, Type: EAT modification 0x8068432C-->80507355 [ntoskrnl.exe]
ntoskrnl.exe-->PoRequestShutdownEvent, Type: EAT modification 0x80684330-->805B3D76 [ntoskrnl.exe]
ntoskrnl.exe-->PoSetHiberRange, Type: EAT modification 0x80684334-->8066DF9A [ntoskrnl.exe]
ntoskrnl.exe-->PoSetPowerState, Type: EAT modification 0x80684338-->80507E25 [ntoskrnl.exe]
ntoskrnl.exe-->PoSetSystemState, Type: EAT modification 0x8068433C-->8051A4A5 [ntoskrnl.exe]
ntoskrnl.exe-->PoShutdownBugCheck, Type: Inline - RelativeJump 0x8062B429-->8062B413 [ntoskrnl.exe]
ntoskrnl.exe-->PoShutdownBugCheck, Type: EAT modification 0x80684340-->80632E7F [ntoskrnl.exe]
ntoskrnl.exe-->PoStartNextPowerIrp, Type: EAT modification 0x80684344-->80507169 [ntoskrnl.exe]
ntoskrnl.exe-->PoUnregisterSystemState, Type: EAT modification 0x80684348-->80518BBE [ntoskrnl.exe]
ntoskrnl.exe-->ProbeForRead, Type: EAT modification 0x8068434C-->805838BB [ntoskrnl.exe]
ntoskrnl.exe-->ProbeForWrite, Type: EAT modification 0x80684350-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe-->PsAssignImpersonationToken, Type: Inline - RelativeJump 0x80575872-->805D8F3A [ntoskrnl.exe]
ntoskrnl.exe-->PsAssignImpersonationToken, Type: EAT modification 0x80684354-->80580B55 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargePoolQuota, Type: EAT modification 0x80684358-->804F4784 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessNonPagedPoolQuota, Type: Inline - RelativeJump 0x804EB2AB-->804EB4E2 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x8068435C-->804F07EB [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x80684360-->804F6327 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x80684364-->804E8847 [ntoskrnl.exe]
ntoskrnl.exe-->PsCreateSystemProcess, Type: EAT modification 0x80684368-->806357FB [ntoskrnl.exe]
ntoskrnl.exe-->PsCreateSystemThread, Type: EAT modification 0x8068436C-->805762A6 [ntoskrnl.exe]
ntoskrnl.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x80684370-->80635413 [ntoskrnl.exe]
ntoskrnl.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x80684374-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->PsDisableImpersonation, Type: EAT modification 0x80684378-->80584F4A [ntoskrnl.exe]
ntoskrnl.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x8068437C-->805B92EF [ntoskrnl.exe]
ntoskrnl.exe-->PsGetContextThread, Type: EAT modification 0x80684380-->80635837 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcess, Type: EAT modification 0x80684384-->804E5E36 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcessId, Type: EAT modification 0x80684388-->804E6997 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x8068438C-->804EA489 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThread, Type: EAT modification 0x80684390-->804E5DA7 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadId, Type: EAT modification 0x80684394-->804E83EE [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x80684398-->8051917D [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x8068439C-->80542D19 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x806843A0-->80542D30 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobLock, Type: EAT modification 0x806843A4-->80542C23 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobSessionId, Type: EAT modification 0x806843A8-->80542C3C [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x806843AC-->80509627 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x806843B0-->80513374 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessDebugPort, Type: Inline - RelativeJump 0x80502C51-->8051EA6E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessDebugPort, Type: EAT modification 0x806843B4-->80503940 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x806843B8-->80635D17 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitStatus, Type: EAT modification 0x806843BC-->80542C73 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitTime, Type: EAT modification 0x806843C0-->8059DDB6 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessId, Type: EAT modification 0x806843C4-->804FA911 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessImageFileName, Type: EAT modification 0x806843C8-->8051338B [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x806843CC-->804FF78E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessJob, Type: EAT modification 0x806843D0-->804F41F3 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPeb, Type: Inline - RelativeJump 0x804E7413-->804E7427 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPeb, Type: EAT modification 0x806843D4-->804EA4C8 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x806843D8-->80542CBF [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x806843DC-->804FA3E6 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x806843E0-->8059E255 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSessionId, Type: Inline - RelativeJump 0x804FA95D-->804F0B40 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSessionId, Type: EAT modification 0x806843E4-->804FE25E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessWin32Process, Type: EAT modification 0x806843E8-->804E6BCA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x806843EC-->804F41DC [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x806843F0-->804EA180 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: Inline - RelativeCall 0x805082C8-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: Inline - RelativeJump 0x805082CE-->805082AD [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x806843F4-->80508BDA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadId, Type: EAT modification 0x806843F8-->804E7D5F [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadProcess, Type: EAT modification 0x806843FC-->804E8400 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadProcessId, Type: EAT modification 0x80684400-->804E7D48 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadSessionId, Type: EAT modification 0x80684404-->8057D6A9 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadTeb, Type: EAT modification 0x80684408-->804F0A40 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x8068440C-->804E6BCA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetVersion, Type: EAT modification 0x80684410-->80542BB2 [ntoskrnl.exe]
ntoskrnl.exe-->PsImpersonateClient, Type: EAT modification 0x80684414-->80580C82 [ntoskrnl.exe]
ntoskrnl.exe-->PsInitialSystemProcess, Type: EAT modification 0x80684418-->80569754 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x8068441C-->80635CF5 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsSystemThread, Type: EAT modification 0x80684420-->80514E6B [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadImpersonating, Type: EAT modification 0x80684424-->80635D90 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadTerminating, Type: Inline - RelativeJump 0x804E6ED7-->80521FD2 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadTerminating, Type: EAT modification 0x80684428-->804F1725 [ntoskrnl.exe]
ntoskrnl.exe-->PsJobType, Type: EAT modification 0x8068442C-->805696E0 [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x80684430-->8057F50F [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x80684434-->8057CC54 [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x80684438-->8057D6C5 [ntoskrnl.exe]
ntoskrnl.exe-->PsProcessType, Type: EAT modification 0x8068443C-->80569758 [ntoskrnl.exe]
ntoskrnl.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x80684440-->8056C2A5 [ntoskrnl.exe]
ntoskrnl.exe-->PsReferencePrimaryToken, Type: EAT modification 0x80684444-->8056C967 [ntoskrnl.exe]
ntoskrnl.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x80684448-->806355E0 [ntoskrnl.exe]
ntoskrnl.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x8068444C-->80635707 [ntoskrnl.exe]
ntoskrnl.exe-->PsRestoreImpersonation, Type: EAT modification 0x80684450-->8058501F [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnPoolQuota, Type: EAT modification 0x80684454-->804E86F5 [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x80684458-->804F1429 [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x8068445C-->804F60B9 [ntoskrnl.exe]
ntoskrnl.exe-->PsRevertThreadToSelf, Type: EAT modification 0x80684460-->80580BF1 [ntoskrnl.exe]
ntoskrnl.exe-->PsRevertToSelf, Type: EAT modification 0x80684464-->805B1467 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetContextThread, Type: EAT modification 0x80684468-->80635ACF [ntoskrnl.exe]
ntoskrnl.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x8068446C-->8063549F [ntoskrnl.exe]
ntoskrnl.exe-->PsSetCreateThreadNotifyRoutine, Type: EAT modification 0x80684470-->80635577 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x80684474-->80635D3D [ntoskrnl.exe]
ntoskrnl.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x80684478-->805B9406 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x8068447C-->80635695 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x80684480-->80571E63 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x80684484-->80635D5C [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x80684488-->805E6086 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWin32Process, Type: Inline - RelativeJump 0x8057FD2C-->8057FD3A [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWin32Process, Type: EAT modification 0x8068448C-->80592812 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWindowStation, Type: EAT modification 0x80684490-->80592DC5 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadHardErrorsAreDisabled, Type: Inline - RelativeJump 0x805082F3-->805214D1 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x80684494-->80508BF8 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadWin32Thread, Type: Inline - RelativeJump 0x8057BD31-->8057BCFB [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x80684498-->8059583E [ntoskrnl.exe]
ntoskrnl.exe-->PsTerminateSystemThread, Type: EAT modification 0x8068449C-->80583248 [ntoskrnl.exe]
ntoskrnl.exe-->PsThreadType, Type: EAT modification 0x806844A0-->8056975C [ntoskrnl.exe]
ntoskrnl.exe-->qsort, Type: Inline - PushRet 0x8050844F-->90900008 [unknown_code_page]
ntoskrnl.exe-->qsort, Type: EAT modification 0x80684CD0-->8050B1B4 [ntoskrnl.exe]
ntoskrnl.exe-->rand, Type: EAT modification 0x80684CD4-->8054B68A [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x806844A4-->804DA0AA [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806844A8-->804DA0E2 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806844AC-->804DA0C6 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x806844B0-->804DA086 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x806844B4-->804DA09E [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x806844B8-->804DA092 [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x806844BC-->805C1474 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: EAT modification 0x806844C0-->805852BE [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x806844C4-->805B1BD3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAce, Type: EAT modification 0x806844C8-->805D337A [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x806844CC-->80570802 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddRange, Type: EAT modification 0x806844D0-->805C1EFB [ntoskrnl.exe]
ntoskrnl.exe-->RtlAllocateHeap, Type: EAT modification 0x806844D4-->8057D7CA [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x806844D8-->80582233 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeSize, Type: Inline - DirectCall 0x80633AE2-->804D811C [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x806844DC-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x806844E0-->8058DB92 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendAsciizToString, Type: EAT modification 0x806844E4-->8063C09F [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendStringToString, Type: EAT modification 0x806844E8-->805D3077 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x806844EC-->804F7BCC [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendUnicodeToString, Type: EAT modification 0x806844F0-->804F5F19 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAllAccessesGranted, Type: Inline - RelativeJump 0x80566A0F-->80566A19 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x806844F4-->8056EF85 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x806844F8-->8058B2F6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreBitsClear, Type: EAT modification 0x806844FC-->804F8F41 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreBitsSet, Type: EAT modification 0x80684500-->804F9056 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAssert, Type: EAT modification 0x80684504-->805436B0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCaptureContext, Type: EAT modification 0x80684508-->804DC152 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x8068450C-->805436DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlCharToInteger, Type: EAT modification 0x80684510-->8063C903 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCheckRegistryKey, Type: EAT modification 0x80684514-->805B6595 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearAllBits, Type: EAT modification 0x80684518-->80513EB1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearBit, Type: EAT modification 0x8068451C-->80542FE9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearBits, Type: EAT modification 0x80684520-->804EA9A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareMemory, Type: EAT modification 0x80684524-->804E5080 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x80684528-->804E50D0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareString, Type: Inline - RelativeJump 0x80634174-->80634185 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareString, Type: EAT modification 0x8068452C-->8063BFEB [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareUnicodeString, Type: EAT modification 0x80684530-->80574887 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompressBuffer, Type: EAT modification 0x80684534-->80671217 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompressChunks, Type: EAT modification 0x80684538-->8063D447 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x8068453C-->804DBE04 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x80684540-->8058E317 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x80684544-->804DBE0C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyLuid, Type: EAT modification 0x80684548-->805AC48C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyRangeList, Type: Inline - RelativeJump 0x805C3EDE-->805C3EE4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyRangeList, Type: EAT modification 0x8068454C-->805BC474 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopySid, Type: EAT modification 0x80684550-->8056FE2C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyString, Type: EAT modification 0x80684554-->8050D6C1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyUnicodeString, Type: EAT modification 0x80684558-->804F2DB1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateAcl, Type: EAT modification 0x8068455C-->8057545D [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateAtomTable, Type: EAT modification 0x80684560-->805D31B6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateHeap, Type: EAT modification 0x80684564-->805ABBBF [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateRegistryKey, Type: EAT modification 0x80684568-->805B66DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x8068456C-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x80684570-->8063D944 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateUnicodeString, Type: EAT modification 0x80684574-->805CF6E5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x80684578-->80638D96 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressBuffer, Type: Inline - PushRet 0x806352AE-->8139C033 [unknown_code_page]
ntoskrnl.exe-->RtlDecompressBuffer, Type: EAT modification 0x8068457C-->8063D129 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressChunks, Type: EAT modification 0x80684580-->8063D27E [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressFragment, Type: EAT modification 0x80684584-->805DD2DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlDelete, Type: EAT modification 0x80684588-->804F2FC1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteAce, Type: EAT modification 0x8068458C-->805C5CA3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x80684590-->8057D741 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x80684594-->80513757 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x80684598-->804FC1E2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteNoSplay, Type: EAT modification 0x8068459C-->805147B9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x806845A0-->805BC674 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteRange, Type: EAT modification 0x806845A4-->8063A442 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x806845A8-->805C2D41 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDescribeChunk, Type: EAT modification 0x806845AC-->8063D1A1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDestroyAtomTable, Type: EAT modification 0x806845B0-->8063A087 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDestroyHeap, Type: EAT modification 0x806845B4-->8063A7FF [ntoskrnl.exe]
ntoskrnl.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x806845B8-->8063B7C7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEmptyAtomTable, Type: EAT modification 0x806845BC-->8063A149 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x806845C0-->804DBBE3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x806845C4-->804DBBFB [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x806845C8-->804DBBEF [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x806845CC-->80543A17 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x806845D0-->80500A83 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableLikeADirectory, Type: EAT modification 0x806845D4-->80543BEB [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x806845D8-->804FBA9D [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: EAT modification 0x806845DC-->80500AA8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualLuid, Type: EAT modification 0x806845E0-->8063C151 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualSid, Type: EAT modification 0x806845E4-->80573938 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualString, Type: EAT modification 0x806845E8-->8050372A [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualUnicodeString, Type: EAT modification 0x806845EC-->8056C684 [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: EAT modification 0x806845F0-->804DBD08 [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x806845F4-->804DBC1B [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x806845F8-->804DBC78 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFillMemory, Type: EAT modification 0x806845FC-->804E5100 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFillMemoryUlong, Type: EAT modification 0x80684600-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearBits, Type: EAT modification 0x80684604-->804F044D [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x80684608-->804F0AA8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearRuns, Type: EAT modification 0x8068460C-->80503A42 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindFirstRunClear, Type: EAT modification 0x80684610-->80543481 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLastBackwardRunClear, Type: EAT modification 0x80684614-->805035B1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x80684618-->80511437 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLongestRunClear, Type: EAT modification 0x8068461C-->80543329 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindMessage, Type: EAT modification 0x80684620-->805DE2C1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x80684624-->80543388 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x80684628-->80513474 [ntoskrnl.exe]

ntoskrnl.exe-->RtlFindRange, Type: EAT modification 0x8068462C-->805C2338 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindSetBits, Type: EAT modification 0x80684630-->8054305F [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x80684634-->80543447 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x80684638-->805964BE [ntoskrnl.exe]
ntoskrnl.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x8068463C-->8058E485 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeAnsiString, Type: EAT modification 0x80684640-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeHeap, Type: EAT modification 0x80684644-->8057D392 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeOemString, Type: EAT modification 0x80684648-->805E5654 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeRangeList, Type: EAT modification 0x8068464C-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeUnicodeString, Type: EAT modification 0x80684650-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x80684658-->80588A90 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetAce, Type: EAT modification 0x8068465C-->805AEF9A [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetCallersAddress, Type: EAT modification 0x80684660-->804DA198 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x80684664-->80665146 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x80684668-->805B1763 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x8068466C-->8058B3F2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetElementGenericTable, Type: EAT modification 0x80684670-->80543960 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x80684674-->80543ADB [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetFirstRange, Type: EAT modification 0x80684678-->8059DC4A [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x8068467C-->805BBF77 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetNextRange, Type: EAT modification 0x80684680-->8059DBE0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x80684684-->805E3E91 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x80684688-->805BBF35 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: EAT modification 0x8068468C-->805BBF00 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x80684690-->8063DF91 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetVersion, Type: EAT modification 0x80684694-->805D7F67 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGUIDFromString, Type: EAT modification 0x80684654-->805A02D4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlHashUnicodeString, Type: EAT modification 0x80684698-->80589617 [ntoskrnl.exe]
ntoskrnl.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x8068469C-->804FE293 [ntoskrnl.exe]
ntoskrnl.exe-->RtlImageNtHeader, Type: EAT modification 0x806846A0-->804FA366 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitAnsiString, Type: EAT modification 0x806846A4-->804DA26D [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitCodePageTable, Type: EAT modification 0x806846A8-->805CD087 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeBitMap, Type: EAT modification 0x806846B4-->8057BF4E [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeGenericTable, Type: EAT modification 0x806846B8-->80509716 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x806846BC-->804FF7A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeRangeList, Type: EAT modification 0x806846C0-->805CFA97 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeSid, Type: EAT modification 0x806846C4-->80588972 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x806846C8-->805BDBE1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitString, Type: EAT modification 0x806846AC-->804DA235 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitUnicodeString, Type: EAT modification 0x806846B0-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTable, Type: EAT modification 0x806846CC-->804FBB74 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x806846D0-->80519427 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x806846D4-->804FBB35 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x806846D8-->804FBC0B [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x806846DC-->80593C1E [ntoskrnl.exe]
ntoskrnl.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x806846E0-->8063CE0D [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToChar, Type: EAT modification 0x806846E4-->8058F1EF [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToUnicode, Type: EAT modification 0x806846E8-->8058E5C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x806846EC-->8058DCB5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInvertRangeList, Type: EAT modification 0x806846F0-->8063A580 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x806846F4-->8054416D [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x806846F8-->805441BB [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x806846FC-->80544620 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x80684700-->805445C2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x80684704-->80544C33 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x80684708-->80544E47 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x8068470C-->8054555B [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x80684710-->8050BC50 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x80684714-->80543E59 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x80684718-->80544088 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringExW, Type: EAT modification 0x8068471C-->805444CD [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x80684720-->80544262 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x80684724-->805446C8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x80684728-->805449EE [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x8068472C-->805452EA [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x80684730-->80544FE7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x80684734-->80543943 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x80684738-->80506658 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x8068473C-->8063DC9E [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsRangeAvailable, Type: EAT modification 0x80684740-->805C805C [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x80684744-->8063DB5A [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x80684748-->804DBBCF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x8068474C-->804DBDB0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x80684750-->805456DF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x80684754-->804DBDDC [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x80684758-->804DBD60 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x8068475C-->804DBD88 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x80684760-->804DBDF0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthRequiredSid, Type: EAT modification 0x80684764-->80581CA2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x80684768-->805753C9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSid, Type: Inline - RelativeJump 0x8059B50E-->8059B534 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSid, Type: EAT modification 0x8068476C-->805DF5CA [ntoskrnl.exe]
ntoskrnl.exe-->RtlLockBootStatusData, Type: EAT modification 0x80684770-->8063DE28 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x80684774-->8057D5FC [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x80684778-->805137F4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x8068477C-->805152BA [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x80684780-->805137AF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x80684784-->804F5BDE [ntoskrnl.exe]
ntoskrnl.exe-->RtlMapGenericMask, Type: EAT modification 0x80684788-->8056FDCA [ntoskrnl.exe]
ntoskrnl.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x8068478C-->805191D2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMergeRangeLists, Type: EAT modification 0x80684790-->8063A352 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMoveMemory, Type: EAT modification 0x80684794-->804E51C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x80684798-->80571F11 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x8068479C-->805E9A23 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x806847A0-->80639C52 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNtStatusToDosError, Type: EAT modification 0x806847A4-->805835E0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x806847A8-->805173A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberGenericTableElements, Type: EAT modification 0x806847AC-->804FBADF [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x806847B0-->80506621 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberOfClearBits, Type: EAT modification 0x806847B4-->80503664 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberOfSetBits, Type: EAT modification 0x806847B8-->80513D7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x806847BC-->8063BD83 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x806847C0-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x806847C4-->805E37D2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemToUnicodeN, Type: EAT modification 0x806847C8-->805E36C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x806847CC-->805D3109 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x806836F8-->804E5531 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefixString, Type: EAT modification 0x806847D0-->805B6329 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x806847D4-->805E686C [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x806847D8-->8057208F [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryRegistryValues, Type: EAT modification 0x806847DC-->8059B907 [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x806847E0-->805D0463 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRaiseException, Type: EAT modification 0x806847E4-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRandom, Type: EAT modification 0x806847E8-->80591915 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRandomEx, Type: EAT modification 0x806847EC-->8054576F [ntoskrnl.exe]
ntoskrnl.exe-->RtlRealPredecessor, Type: EAT modification 0x806847F0-->805438DF [ntoskrnl.exe]
ntoskrnl.exe-->RtlRealSuccessor, Type: EAT modification 0x806847F4-->804F173E [ntoskrnl.exe]
ntoskrnl.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x806847F8-->80593D1F [ntoskrnl.exe]
ntoskrnl.exe-->RtlReserveChunk, Type: EAT modification 0x806847FC-->8063D20E [ntoskrnl.exe]
ntoskrnl.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x80684800-->80500ECC [ntoskrnl.exe]
ntoskrnl.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x80684804-->8054582C [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x8068480C-->805BEC83 [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x80684808-->80639E8B [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetAllBits, Type: EAT modification 0x80684810-->8050BA7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetBit, Type: EAT modification 0x80684814-->804F0BC5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetBits, Type: EAT modification 0x80684818-->804F03FD [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x8068481C-->80585052 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetGroupSecurityDescriptor, Type: EAT modification 0x80684820-->805D347C [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x80684824-->805DFC36 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x80684828-->805D34C6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x8068482C-->8063D00B [ntoskrnl.exe]
ntoskrnl.exe-->RtlSizeHeap, Type: EAT modification 0x80684830-->8063A8E2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSplay, Type: EAT modification 0x80684834-->804F345D [ntoskrnl.exe]
ntoskrnl.exe-->RtlStringFromGUID, Type: EAT modification 0x80684838-->8059CA05 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x8068483C-->8063C124 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubAuthoritySid, Type: EAT modification 0x80684840-->805DC816 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubtreePredecessor, Type: EAT modification 0x80684844-->804FC4A6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x80684848-->805438A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTestBit, Type: EAT modification 0x8068484C-->8054301F [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x80684850-->80506F79 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x80684854-->8063E0A1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x80684858-->8054586B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x8068485C-->805457E1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToTimeFields, Type: EAT modification 0x80684860-->8050A933 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x80684864-->80545EF7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x80684868-->80545B1A [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x8068486C-->80545C0B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x80684870-->80545A8B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x80684874-->80545CF3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x80684878-->80545ECD [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x8068487C-->80545EE2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x80684880-->80545CA4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUlongByteSwap, Type: EAT modification 0x806836FC-->804DBBAC [ntoskrnl.exe]
ntoskrnl.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x80683700-->804DBBBC [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x80684884-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x80684888-->8058C6CD [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x8068488C-->805899A0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: EAT modification 0x80684890-->805E4C39 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x80684894-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemString, Type: Inline - RelativeCall 0x8059EF9D-->8059EE92 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x80684898-->805E2C84 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x8068489C-->80638F81 [ntoskrnl.exe]



ntoskrnl.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x806848A0-->8058C523 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x806848A4-->805E9B8A [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - PushRet 0x80591F25-->F4A66EE8 [unknown_code_page]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - RelativeCall 0x80591F26-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - RelativeJump 0x80591F2B-->80591F42 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: EAT modification 0x806848A8-->80589725 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnlockBootStatusData, Type: EAT modification 0x806848AC-->8063DF46 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnwind, Type: EAT modification 0x806848B0-->804FD281 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x806848B4-->8056EFB0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x806848B8-->80570494 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x806848BC-->8063BCB9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x806848C0-->8063BE4C [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x806848C4-->805E55AA [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x806848C8-->80639137 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x806848CC-->805D2201 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x806848D0-->805E4F7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpperChar, Type: EAT modification 0x806848D4-->805A3DDB [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpperString, Type: EAT modification 0x806848D8-->805C80F6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUshortByteSwap, Type: EAT modification 0x80683704-->804DBB9C [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x806848DC-->805B1C60 [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x806848E0-->805DD1A3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidSid, Type: EAT modification 0x806848E4-->8057537B [ntoskrnl.exe]
ntoskrnl.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x806848E8-->80509AEC [ntoskrnl.exe]
ntoskrnl.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x806848EC-->80534DE2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlWalkFrameChain, Type: EAT modification 0x806848F0-->80519648 [ntoskrnl.exe]
ntoskrnl.exe-->RtlWriteRegistryValue, Type: EAT modification 0x806848F4-->805B61D7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x80684900-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x80684904-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x80684908-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x8068490C-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroHeap, Type: Inline - RelativeJump 0x806327E7-->80632850 [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroHeap, Type: EAT modification 0x806848F8-->8063A621 [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroMemory, Type: EAT modification 0x806848FC-->804E5190 [ntoskrnl.exe]
ntoskrnl.exe-->SeAccessCheck, Type: EAT modification 0x80684910-->8056C2C7 [ntoskrnl.exe]
ntoskrnl.exe-->SeAppendPrivileges, Type: EAT modification 0x80684914-->8058AF21 [ntoskrnl.exe]
ntoskrnl.exe-->SeAssignSecurity, Type: EAT modification 0x80684918-->805751E4 [ntoskrnl.exe]
ntoskrnl.exe-->SeAssignSecurityEx, Type: EAT modification 0x8068491C-->80640060 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x80684920-->806409AB [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileEvents, Type: EAT modification 0x80684924-->80642051 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x80684928-->80579876 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x8068492C-->80641FCC [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingHardLinkEvents, Type: EAT modification 0x80684930-->806420A9 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x80684934-->80642112 [ntoskrnl.exe]
ntoskrnl.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x80684938-->80581D5F [ntoskrnl.exe]
ntoskrnl.exe-->SeCaptureSubjectContext, Type: EAT modification 0x8068493C-->80573991 [ntoskrnl.exe]
ntoskrnl.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x80684940-->80641A66 [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateAccessState, Type: Inline - DirectCall 0x805641C3-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->SeCreateAccessState, Type: Inline - PushRet 0x805641C5-->982491FE [unknown_code_page]
ntoskrnl.exe-->SeCreateAccessState, Type: EAT modification 0x80684944-->8056CA6B [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateClientSecurity, Type: EAT modification 0x80684948-->80581387 [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x8068494C-->805E60E4 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeassignSecurity, Type: EAT modification 0x80684950-->805884D4 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeleteAccessState, Type: EAT modification 0x80684954-->8056CAC8 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x80684958-->80641AB3 [ntoskrnl.exe]
ntoskrnl.exe-->SeExports, Type: EAT modification 0x8068495C-->8069AD50 [ntoskrnl.exe]
ntoskrnl.exe-->SeFilterToken, Type: EAT modification 0x80684960-->8063FBBC [ntoskrnl.exe]
ntoskrnl.exe-->SeFreePrivileges, Type: Inline - RelativeJump 0x8057844E-->80578485 [ntoskrnl.exe]
ntoskrnl.exe-->SeFreePrivileges, Type: EAT modification 0x80684964-->80581CCE [ntoskrnl.exe]
ntoskrnl.exe-->SeImpersonateClient, Type: EAT modification 0x80684968-->80642926 [ntoskrnl.exe]
ntoskrnl.exe-->SeImpersonateClientEx, Type: EAT modification 0x8068496C-->8058145E [ntoskrnl.exe]
ntoskrnl.exe-->SeLockSubjectContext, Type: EAT modification 0x80684970-->8056C39C [ntoskrnl.exe]
ntoskrnl.exe-->SeMarkLogonSessionForTerminationNotification, Type: EAT modification 0x80684974-->80642D87 [ntoskrnl.exe]
ntoskrnl.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x80684978-->8056DCB2 [ntoskrnl.exe]
ntoskrnl.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x8068497C-->8064236F [ntoskrnl.exe]
ntoskrnl.exe-->SePrivilegeCheck, Type: EAT modification 0x80684980-->805738F5 [ntoskrnl.exe]
ntoskrnl.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x80684984-->8058AE40 [ntoskrnl.exe]
ntoskrnl.exe-->SePublicDefaultDacl, Type: EAT modification 0x80684988-->8069AC50 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x8068498C-->80582C58 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryInformationToken, Type: Inline - PushRet 0x805837CE-->90900008 [unknown_code_page]
ntoskrnl.exe-->SeQueryInformationToken, Type: Inline - RelativeCall 0x805837D1-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryInformationToken, Type: EAT modification 0x80684990-->8058FB61 [ntoskrnl.exe]
ntoskrnl.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x80684994-->805734CB [ntoskrnl.exe]
ntoskrnl.exe-->SeQuerySessionIdToken, Type: EAT modification 0x80684998-->805830D2 [ntoskrnl.exe]
ntoskrnl.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x8068499C-->805D9A0D [ntoskrnl.exe]
ntoskrnl.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x806849A0-->80575533 [ntoskrnl.exe]
ntoskrnl.exe-->SeReleaseSubjectContext, Type: EAT modification 0x806849A4-->8056CA9C [ntoskrnl.exe]
ntoskrnl.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x806849A8-->80579651 [ntoskrnl.exe]
ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x806849AC-->805DFAD7 [ntoskrnl.exe]
ntoskrnl.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x806849B0-->8064308F [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: Inline - RelativeJump 0x80571943-->80571A3F [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: Inline - RelativeJump 0x8057194F-->80571ABA [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x806849B4-->8057898F [ntoskrnl.exe]
ntoskrnl.exe-->SeSystemDefaultDacl, Type: EAT modification 0x806849B8-->8069AC60 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x806849BC-->805811E9 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsAdmin, Type: EAT modification 0x806849C0-->806430DF [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsRestricted, Type: EAT modification 0x806849C4-->8056FD90 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x806849C8-->80592F94 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenObjectType, Type: EAT modification 0x806849CC-->8069AEE0 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenType, Type: EAT modification 0x806849D0-->80573A3F [ntoskrnl.exe]
ntoskrnl.exe-->SeUnlockSubjectContext, Type: EAT modification 0x806849D4-->8056C3D1 [ntoskrnl.exe]
ntoskrnl.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x806849D8-->80642CC0 [ntoskrnl.exe]
ntoskrnl.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x806849DC-->80583CA1 [ntoskrnl.exe]
ntoskrnl.exe-->sprintf, Type: EAT modification 0x80684CD8-->8050621E [ntoskrnl.exe]
ntoskrnl.exe-->srand, Type: EAT modification 0x80684CDC-->8054B671 [ntoskrnl.exe]
ntoskrnl.exe-->strcat, Type: EAT modification 0x80684CE0-->804DB16D [ntoskrnl.exe]
ntoskrnl.exe-->strchr, Type: EAT modification 0x80684CE4-->804E596B [ntoskrnl.exe]
ntoskrnl.exe-->strcmp, Type: EAT modification 0x80684CE8-->804DB253 [ntoskrnl.exe]
ntoskrnl.exe-->strcpy, Type: EAT modification 0x80684CEC-->804DB15D [ntoskrnl.exe]
ntoskrnl.exe-->strlen, Type: Inline - RelativeJump 0x804DA292-->804DA29D [ntoskrnl.exe]
ntoskrnl.exe-->strlen, Type: EAT modification 0x80684CF0-->804DB2D8 [ntoskrnl.exe]
ntoskrnl.exe-->strncat, Type: EAT modification 0x80684CF4-->804DB353 [ntoskrnl.exe]
ntoskrnl.exe-->strncmp, Type: EAT modification 0x80684CF8-->804DB478 [ntoskrnl.exe]
ntoskrnl.exe-->strncpy, Type: EAT modification 0x80684CFC-->804DB4B0 [ntoskrnl.exe]
ntoskrnl.exe-->strrchr, Type: EAT modification 0x80684D00-->804DB5B0 [ntoskrnl.exe]
ntoskrnl.exe-->strspn, Type: EAT modification 0x80684D04-->804DB5D7 [ntoskrnl.exe]
ntoskrnl.exe-->strstr, Type: EAT modification 0x80684D08-->804E58DC [ntoskrnl.exe]
ntoskrnl.exe-->swprintf, Type: EAT modification 0x80684D0C-->804FCA51 [ntoskrnl.exe]
ntoskrnl.exe-->tolower, Type: EAT modification 0x80684D10-->80512529 [ntoskrnl.exe]
ntoskrnl.exe-->toupper, Type: EAT modification 0x80684D14-->80507C85 [ntoskrnl.exe]
ntoskrnl.exe-->towlower, Type: EAT modification 0x80684D18-->8054B75A [ntoskrnl.exe]
ntoskrnl.exe-->towupper, Type: EAT modification 0x80684D1C-->8054B782 [ntoskrnl.exe]
ntoskrnl.exe-->vDbgPrintEx, Type: EAT modification 0x80684D20-->80542F23 [ntoskrnl.exe]
ntoskrnl.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x80684D24-->80501E10 [ntoskrnl.exe]
ntoskrnl.exe-->VerSetConditionMask, Type: EAT modification 0x806849E0-->80509A7D [ntoskrnl.exe]
ntoskrnl.exe-->VfFailDeviceNode, Type: EAT modification 0x806849E4-->805477D3 [ntoskrnl.exe]
ntoskrnl.exe-->VfFailDriver, Type: EAT modification 0x806849E8-->80547857 [ntoskrnl.exe]
ntoskrnl.exe-->VfFailSystemBIOS, Type: EAT modification 0x806849EC-->80547814 [ntoskrnl.exe]
ntoskrnl.exe-->VfIsVerificationEnabled, Type: EAT modification 0x806849F0-->80511626 [ntoskrnl.exe]
ntoskrnl.exe-->vsprintf, Type: Inline - RelativeJump 0x80508277-->80508299 [ntoskrnl.exe]
ntoskrnl.exe-->vsprintf, Type: EAT modification 0x80684D28-->8050B8CA [ntoskrnl.exe]
ntoskrnl.exe-->wcscat, Type: EAT modification 0x80684D2C-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe-->wcschr, Type: EAT modification 0x80684D30-->804FE23A [ntoskrnl.exe]
ntoskrnl.exe-->wcscmp, Type: EAT modification 0x80684D34-->804EA0FD [ntoskrnl.exe]
ntoskrnl.exe-->wcscpy, Type: EAT modification 0x80684D38-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe-->wcscspn, Type: EAT modification 0x80684D3C-->8054B7B8 [ntoskrnl.exe]
ntoskrnl.exe-->wcslen, Type: EAT modification 0x80684D40-->804EA4A9 [ntoskrnl.exe]
ntoskrnl.exe-->wcsncat, Type: EAT modification 0x80684D44-->80509161 [ntoskrnl.exe]
ntoskrnl.exe-->wcsncmp, Type: EAT modification 0x80684D48-->805012EC [ntoskrnl.exe]
ntoskrnl.exe-->wcsncpy, Type: EAT modification 0x80684D4C-->804FC693 [ntoskrnl.exe]
ntoskrnl.exe-->wcsrchr, Type: EAT modification 0x80684D50-->805062C6 [ntoskrnl.exe]
ntoskrnl.exe-->wcsspn, Type: EAT modification 0x80684D54-->8054B828 [ntoskrnl.exe]
ntoskrnl.exe-->wcsstr, Type: EAT modification 0x80684D58-->804FF706 [ntoskrnl.exe]
ntoskrnl.exe-->wcstombs, Type: EAT modification 0x80684D5C-->8054B884 [ntoskrnl.exe]
ntoskrnl.exe-->wctomb, Type: EAT modification 0x80684D60-->80506272 [ntoskrnl.exe]
ntoskrnl.exe-->WmiFlushTrace, Type: EAT modification 0x80684A0C-->8064678F [ntoskrnl.exe]
ntoskrnl.exe-->WmiGetClock, Type: EAT modification 0x80683708-->805490A4 [ntoskrnl.exe]
ntoskrnl.exe-->WmiQueryTrace, Type: EAT modification 0x80684A10-->80645EC3 [ntoskrnl.exe]
ntoskrnl.exe-->WmiQueryTraceInformation, Type: EAT modification 0x80684A14-->8064681C [ntoskrnl.exe]
ntoskrnl.exe-->WmiStartTrace, Type: EAT modification 0x80684A18-->80646CAB [ntoskrnl.exe]
ntoskrnl.exe-->WmiStopTrace, Type: EAT modification 0x80684A1C-->80645EEF [ntoskrnl.exe]
ntoskrnl.exe-->WmiTraceMessage, Type: EAT modification 0x80684A20-->805499B7 [ntoskrnl.exe]
ntoskrnl.exe-->WmiTraceMessageVa, Type: EAT modification 0x80684A24-->805496DB [ntoskrnl.exe]
ntoskrnl.exe-->WmiUpdateTrace, Type: EAT modification 0x80684A28-->8064610C [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x806849F4-->804DA13A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806849F8-->804DA17A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806849FC-->804DA15A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x80684A00-->804DA0FE [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x80684A04-->804DA126 [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x80684A08-->804DA112 [ntoskrnl.exe]
ntoskrnl.exe-->XIPDispatch, Type: EAT modification 0x80684A2C-->8054AF97 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x80684A30-->804E32CA [ntoskrnl.exe]
ntoskrnl.exe-->ZwAddBootEntry, Type: Inline - RelativeJump 0x804DC775-->804DC758 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAddBootEntry, Type: EAT modification 0x80684A34-->804E3356 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x80684A38-->804E337E [ntoskrnl.exe]
ntoskrnl.exe-->ZwAlertThread, Type: EAT modification 0x80684A3C-->804E33A6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x80684A40-->804E33F6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x80684A44-->804E341E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCancelIoFile, Type: EAT modification 0x80684A48-->804E345A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCancelTimer, Type: EAT modification 0x80684A4C-->804E346E [ntoskrnl.exe]
ntoskrnl.exe-->ZwClearEvent, Type: Inline - RelativeJump 0x804DC89F-->804DC91B [ntoskrnl.exe]
ntoskrnl.exe-->ZwClearEvent, Type: EAT modification 0x80684A50-->804E3482 [ntoskrnl.exe]
ntoskrnl.exe-->ZwClose, Type: Inline - RelativeJump 0x804DC8B0-->804DC91C [ntoskrnl.exe]
ntoskrnl.exe-->ZwClose, Type: EAT modification 0x80684A54-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x80684A58-->804E34AA [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: Inline - RelativeCall 0x804DC928-->804EA3B7 [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: Inline - RelativeJump 0x804DC92F-->804DC8D5 [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: EAT modification 0x80684A5C-->804E350E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: Inline - RelativeJump 0x804DC969-->804DCAF2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: Inline - RelativeJump 0x804DC970-->804DCAC9 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x80684A60-->804E354A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateEvent, Type: Inline - RelativeJump 0x804DC97D-->804DCAA4 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateEvent, Type: EAT modification 0x80684A64-->804E355E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateFile, Type: EAT modification 0x80684A68-->804E3586 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateJobObject, Type: EAT modification 0x80684A6C-->804E35AE [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateKey, Type: EAT modification 0x80684A70-->804E35D6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSection, Type: EAT modification 0x80684A74-->804E368A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSymbolicLinkObject, Type: Inline - RelativeJump 0x804DCAD1-->804DC97D [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x80684A78-->804E36B2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateTimer, Type: EAT modification 0x80684A7C-->804E36DA [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteBootEntry, Type: EAT modification 0x80684A80-->804E3766 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteFile, Type: EAT modification 0x80684A84-->804E377A [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteKey, Type: EAT modification 0x80684A88-->804E378E [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteValueKey, Type: EAT modification 0x80684A8C-->804E37B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x80684A90-->804E37CA [ntoskrnl.exe]
ntoskrnl.exe-->ZwDisplayString, Type: Inline - RelativeJump 0x804DCBF8-->804DCC0B [ntoskrnl.exe]
ntoskrnl.exe-->ZwDisplayString, Type: EAT modification 0x80684A94-->804E37DE [ntoskrnl.exe]
ntoskrnl.exe-->ZwDuplicateObject, Type: EAT modification 0x80684A98-->804E37F2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDuplicateToken, Type: EAT modification 0x80684A9C-->804E3806 [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateBootEntries, Type: Inline - RelativeJump 0x804DCC37-->804DCC7A [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x80684AA0-->804E381A [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateKey, Type: EAT modification 0x80684AA4-->804E382E [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateValueKey, Type: Inline - RelativeJump 0x804DCC70-->804DCC77 [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateValueKey, Type: EAT modification 0x80684AA8-->804E3856 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: Inline - RelativeJump 0x804DCCD4-->804DCD5F [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: Inline - RelativeJump 0x804DCCDA-->804DCD56 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: EAT modification 0x80684AAC-->804E38BA [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushKey, Type: Inline - RelativeJump 0x804DCCEB-->804DCD51 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushKey, Type: EAT modification 0x80684AB0-->804E38CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x80684AB4-->804E38E2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFreeVirtualMemory, Type: Inline - RelativeJump 0x804DCD38-->804DCCDE [ntoskrnl.exe]
ntoskrnl.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x80684AB8-->804E391E [ntoskrnl.exe]
ntoskrnl.exe-->ZwFsControlFile, Type: EAT modification 0x80684ABC-->804E3932 [ntoskrnl.exe]
ntoskrnl.exe-->ZwInitiatePowerAction, Type: EAT modification 0x80684AC0-->804E39E6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwIsProcessInJob, Type: EAT modification 0x80684AC4-->804E39FA [ntoskrnl.exe]
ntoskrnl.exe-->ZwLoadDriver, Type: EAT modification 0x80684AC8-->804E3A36 [ntoskrnl.exe]
ntoskrnl.exe-->ZwLoadKey, Type: EAT modification 0x80684ACC-->804E3A4A [ntoskrnl.exe]
ntoskrnl.exe-->ZwMakeTemporaryObject, Type: Inline - RelativeJump 0x804DCEF4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x80684AD0-->804E3AD6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMapViewOfSection, Type: Inline - RelativeJump 0x804DCF30-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMapViewOfSection, Type: EAT modification 0x80684AD4-->804E3B12 [ntoskrnl.exe]
ntoskrnl.exe-->ZwNotifyChangeKey, Type: Inline - RelativeJump 0x804DCF6C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwNotifyChangeKey, Type: EAT modification 0x80684AD8-->804E3B4E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenDirectoryObject, Type: Inline - RelativeJump 0x804DCF94-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x80684ADC-->804E3B76 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenEvent, Type: Inline - RelativeJump 0x804DCFA8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenEvent, Type: EAT modification 0x80684AE0-->804E3B8A [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenFile, Type: Inline - RelativeJump 0x804DCFD0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenFile, Type: EAT modification 0x80684AE4-->804E3BB2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenJobObject, Type: Inline - RelativeJump 0x804DCFF8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenJobObject, Type: EAT modification 0x80684AE8-->804E3BDA [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenKey, Type: Inline - RelativeJump 0x804DD00C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenKey, Type: EAT modification 0x80684AEC-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcess, Type: Inline - RelativeJump 0x804DD048-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcess, Type: EAT modification 0x80684AF0-->804E3C2A [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessToken, Type: Inline - RelativeJump 0x804DD05C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessToken, Type: EAT modification 0x80684AF4-->804E3C3E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessTokenEx, Type: Inline - RelativeJump 0x804DD070-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x80684AF8-->804E3C52 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSection, Type: Inline - RelativeJump 0x804DD084-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSection, Type: EAT modification 0x80684AFC-->804E3C66 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSymbolicLinkObject, Type: Inline - RelativeJump 0x804DD0AC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x80684B00-->804E3C8E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThread, Type: Inline - RelativeJump 0x804DD0C0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThread, Type: EAT modification 0x80684B04-->804E3CA2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadToken, Type: Inline - RelativeJump 0x804DD0D4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadToken, Type: EAT modification 0x80684B08-->804E3CB6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadTokenEx, Type: Inline - RelativeJump 0x804DD0E8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x80684B0C-->804E3CCA [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenTimer, Type: Inline - RelativeJump 0x804DD0FC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenTimer, Type: EAT modification 0x80684B10-->804E3CDE [ntoskrnl.exe]
ntoskrnl.exe-->ZwPowerInformation, Type: Inline - RelativeJump 0x804DD124-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPowerInformation, Type: EAT modification 0x80684B14-->804E3D06 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPulseEvent, Type: Inline - RelativeJump 0x804DD188-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPulseEvent, Type: EAT modification 0x80684B18-->804E3D6A [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootEntryOrder, Type: Inline - RelativeJump 0x804DD1B0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x80684B1C-->804E3D92 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootOptions, Type: Inline - RelativeJump 0x804DD1C4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootOptions, Type: EAT modification 0x80684B20-->804E3DA6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultLocale, Type: Inline - RelativeJump 0x804DD1EC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x80684B24-->804E3DCE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultUILanguage, Type: Inline - RelativeJump 0x804DD200-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultUILanguage, Type: EAT modification

0x80684B28-->804E3DE2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryFile, Type: Inline - RelativeJump 0x804DD214-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x80684B2C-->804E3DF6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryObject, Type: Inline - RelativeJump 0x804DD228-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x80684B30-->804E3E0A [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryEaFile, Type: Inline - RelativeJump 0x804DD23C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryEaFile, Type: EAT modification 0x80684B34-->804E3E1E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryFullAttributesFile, Type: Inline - RelativeJump 0x804DD264-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x80684B38-->804E3E46 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationFile, Type: Inline - RelativeJump 0x804DD28C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationFile, Type: EAT modification 0x80684B3C-->804E3E6E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationJobObject, Type: Inline - RelativeJump 0x804DD2A0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x80684B40-->804E3E82 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationProcess, Type: Inline - RelativeJump 0x804DD2C8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationProcess, Type: EAT modification 0x80684B44-->804E3EAA [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationThread, Type: Inline - RelativeJump 0x804DD2DC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationThread, Type: EAT modification 0x80684B48-->804E3EBE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationToken, Type: Inline - RelativeJump 0x804DD2F0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationToken, Type: EAT modification 0x80684B4C-->804E3ED2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInstallUILanguage, Type: Inline - RelativeJump 0x804DD304-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x80684B50-->804E3EE6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryKey, Type: Inline - RelativeJump 0x804DD340-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryKey, Type: EAT modification 0x80684B54-->804E3F22 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryObject, Type: Inline - RelativeJump 0x804DD37C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryObject, Type: EAT modification 0x80684B58-->804E3F5E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySection, Type: Inline - RelativeJump 0x804DD3CC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySection, Type: EAT modification 0x80684B5C-->804E3FAE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySecurityObject, Type: Inline - RelativeJump 0x804DD3E0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySecurityObject, Type: EAT modification 0x80684B60-->804E3FC2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySymbolicLinkObject, Type: Inline - RelativeJump 0x804DD408-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x80684B64-->804E3FEA [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySystemInformation, Type: Inline - RelativeJump 0x804DD444-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySystemInformation, Type: EAT modification 0x80684B68-->804E4026 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryValueKey, Type: Inline - RelativeJump 0x804DD494-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryValueKey, Type: EAT modification 0x80684B6C-->804E4076 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryVolumeInformationFile, Type: Inline - RelativeJump 0x804DD4BC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x80684B70-->804E409E [ntoskrnl.exe]
ntoskrnl.exe-->ZwReadFile, Type: Inline - RelativeJump 0x804DD50C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwReadFile, Type: EAT modification 0x80684B74-->804E40EE [ntoskrnl.exe]
ntoskrnl.exe-->ZwReplaceKey, Type: Inline - RelativeJump 0x804DD5D4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwReplaceKey, Type: EAT modification 0x80684B78-->804E41B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwRequestWaitReplyPort, Type: Inline - RelativeJump 0x804DD660-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x80684B7C-->804E4242 [ntoskrnl.exe]
ntoskrnl.exe-->ZwResetEvent, Type: EAT modification 0x80684B80-->804E426A [ntoskrnl.exe]
ntoskrnl.exe-->ZwRestoreKey, Type: EAT modification 0x80684B84-->804E4292 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSaveKey, Type: EAT modification 0x80684B88-->804E42CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSaveKeyEx, Type: EAT modification 0x80684B8C-->804E42E2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootEntryOrder, Type: Inline - RelativeJump 0x804DD73C-->804DD841 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x80684B90-->804E431E [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootOptions, Type: Inline - RelativeJump 0x804DD750-->804DD76A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootOptions, Type: EAT modification 0x80684B94-->804E4332 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetDefaultLocale, Type: EAT modification 0x80684B98-->804E4382 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x80684B9C-->804E4396 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetEaFile, Type: EAT modification 0x80684BA0-->804E43AA [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetEvent, Type: EAT modification 0x80684BA4-->804E43BE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationFile, Type: EAT modification 0x80684BA8-->804E4422 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationJobObject, Type: EAT modification 0x80684BAC-->804E4436 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationObject, Type: Inline - RelativeJump 0x804DD87C-->804DEF1A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationObject, Type: EAT modification 0x80684BB0-->804E445E [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationProcess, Type: Inline - RelativeJump 0x804DD890-->804DD870 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationProcess, Type: EAT modification 0x80684BB4-->804E4472 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationThread, Type: EAT modification 0x80684BB8-->804E4486 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSecurityObject, Type: Inline - RelativeJump 0x804DD94C-->804DD682 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSecurityObject, Type: EAT modification 0x80684BBC-->804E4526 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSystemInformation, Type: EAT modification 0x80684BC0-->804E4562 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSystemTime, Type: EAT modification 0x80684BC4-->804E458A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetTimer, Type: Inline - RelativeJump 0x804DD9D0-->804DDA1B [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetTimer, Type: EAT modification 0x80684BC8-->804E45B2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetValueKey, Type: EAT modification 0x80684BCC-->804E45EE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x80684BD0-->804E4602 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTerminateJobObject, Type: EAT modification 0x80684BD4-->804E46A2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTerminateProcess, Type: EAT modification 0x80684BD8-->804E46B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTranslateFilePath, Type: EAT modification 0x80684BDC-->804E4706 [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnloadDriver, Type: EAT modification 0x80684BE0-->804E471A [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnloadKey, Type: EAT modification 0x80684BE4-->804E472E [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x80684BE8-->804E477E [ntoskrnl.exe]
ntoskrnl.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x80684BEC-->804E47BA [ntoskrnl.exe]
ntoskrnl.exe-->ZwWaitForSingleObject, Type: EAT modification 0x80684BF0-->804E47CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwWriteFile, Type: EAT modification 0x80684BF4-->804E480A [ntoskrnl.exe]
ntoskrnl.exe-->ZwYieldExecution, Type: EAT modification 0x80684BF8-->804E485A [ntoskrnl.exe]
ntoskrnl.exe-->_abnormal_termination, Type: EAT modification 0x80684C08-->804E30C4 [ntoskrnl.exe]
ntoskrnl.exe-->_alldiv, Type: EAT modification 0x80684C0C-->804DA42D [ntoskrnl.exe]
ntoskrnl.exe-->_alldvrm, Type: EAT modification 0x80684C10-->804DA4D7 [ntoskrnl.exe]
ntoskrnl.exe-->_allmul, Type: EAT modification 0x80684C14-->804DA5B6 [ntoskrnl.exe]
ntoskrnl.exe-->_alloca_probe, Type: Inline - RelativeJump 0x804D959C-->804D95A2 [ntoskrnl.exe]
ntoskrnl.exe-->_alloca_probe, Type: EAT modification 0x80684C18-->804DA5EA [ntoskrnl.exe]
ntoskrnl.exe-->_allrem, Type: EAT modification 0x80684C1C-->804DA627 [ntoskrnl.exe]
ntoskrnl.exe-->_allshl, Type: EAT modification 0x80684C20-->804DA6DB [ntoskrnl.exe]
ntoskrnl.exe-->_allshr, Type: EAT modification 0x80684C24-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe-->_aulldiv, Type: EAT modification 0x80684C28-->804DA71B [ntoskrnl.exe]
ntoskrnl.exe-->_aulldvrm, Type: EAT modification 0x80684C2C-->804DA783 [ntoskrnl.exe]
ntoskrnl.exe-->_aullrem, Type: EAT modification 0x80684C30-->804DA818 [ntoskrnl.exe]
ntoskrnl.exe-->_aullshr, Type: EAT modification 0x80684C34-->804DA88D [ntoskrnl.exe]
ntoskrnl.exe-->_CIcos, Type: EAT modification 0x80684BFC-->804E5773 [ntoskrnl.exe]
ntoskrnl.exe-->_CIsin, Type: EAT modification 0x80684C00-->804E582C [ntoskrnl.exe]
ntoskrnl.exe-->_CIsqrt, Type: EAT modification 0x80684C04-->804E2BCC [ntoskrnl.exe]
ntoskrnl.exe-->_except_handler2, Type: EAT modification 0x80684C38-->804DA8B4 [ntoskrnl.exe]
ntoskrnl.exe-->_except_handler3, Type: EAT modification 0x80684C3C-->804E2EF8 [ntoskrnl.exe]
ntoskrnl.exe-->_global_unwind2, Type: EAT modification 0x80684C40-->804E2FF9 [ntoskrnl.exe]
ntoskrnl.exe-->_itoa, Type: EAT modification 0x80684C44-->8054B13A [ntoskrnl.exe]
ntoskrnl.exe-->_itow, Type: EAT modification 0x80684C48-->8054B1CA [ntoskrnl.exe]
ntoskrnl.exe-->_local_unwind2, Type: EAT modification 0x80684C4C-->804E3054 [ntoskrnl.exe]
ntoskrnl.exe-->_purecall, Type: EAT modification 0x80684C50-->8054AF1F [ntoskrnl.exe]
ntoskrnl.exe-->_snprintf, Type: EAT modification 0x80684C54-->8050A866 [ntoskrnl.exe]
ntoskrnl.exe-->_snwprintf, Type: EAT modification 0x80684C58-->80515305 [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: Inline - RelativeCall 0x80501B1C-->804E116B [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: Inline - RelativeJump 0x80501B23-->8052200E [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: EAT modification 0x80684C5C-->805198E9 [ntoskrnl.exe]
ntoskrnl.exe-->_strlwr, Type: EAT modification 0x80684C60-->8054B212 [ntoskrnl.exe]
ntoskrnl.exe-->_strnicmp, Type: EAT modification 0x80684C64-->804FBA2E [ntoskrnl.exe]
ntoskrnl.exe-->_strnset, Type: EAT modification 0x80684C68-->804DA962 [ntoskrnl.exe]
ntoskrnl.exe-->_strrev, Type: EAT modification 0x80684C6C-->804DA98B [ntoskrnl.exe]
ntoskrnl.exe-->_strset, Type: EAT modification 0x80684C70-->804DA9BB [ntoskrnl.exe]
ntoskrnl.exe-->_strupr, Type: EAT modification 0x80684C74-->805116E6 [ntoskrnl.exe]
ntoskrnl.exe-->_vsnprintf, Type: EAT modification 0x80684C78-->80501AB8 [ntoskrnl.exe]
ntoskrnl.exe-->_vsnwprintf, Type: EAT modification 0x80684C7C-->8054B274 [ntoskrnl.exe]
ntoskrnl.exe-->_wcsicmp, Type: EAT modification 0x80684C80-->804E8120 [ntoskrnl.exe]
ntoskrnl.exe-->_wcslwr, Type: EAT modification 0x80684C84-->8054B2FA [ntoskrnl.exe]
ntoskrnl.exe-->_wcsnicmp, Type: EAT modification 0x80684C88-->804FC53A [ntoskrnl.exe]
ntoskrnl.exe-->_wcsnset, Type: EAT modification 0x80684C8C-->8054B33C [ntoskrnl.exe]
ntoskrnl.exe-->_wcsrev, Type: EAT modification 0x80684C90-->8054B372 [ntoskrnl.exe]
ntoskrnl.exe-->_wcsupr, Type: EAT modification 0x80684C94-->8050B59C [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB4DDC428-->F795E16D [IPVNMon.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB4DDC454-->F795E0B3 [IPVNMon.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB4DDC460-->F795DBC4 [IPVNMon.sys]
tcpip.sys-->ntoskrnl.exe-->DbgBreakPoint, Type: IAT modification 0xB4DDC574-->804E2A66 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->DbgPrint, Type: IAT modification 0xB4DDC63C-->80501F09 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xB4DDC68C-->80551005 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: IAT modification 0xB4DDC6A8-->804F3C7E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExCreateCallback, Type: IAT modification 0xB4DDC59C-->805BBD83 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xB4DDC4B4-->8054AA43 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExfInterlockedAddUlong, Type: IAT modification 0xB4DDC660-->804E55BC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: IAT modification 0xB4DDC66C-->804E5620 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xB4DDC6A4-->805511E6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xB4DDC4CC-->80508A20 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExIsProcessorFeaturePresent, Type: IAT modification 0xB4DDC4E4-->8050BAB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: IAT modification 0xB4DDC600-->804F9AA0 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExNotifyCallback, Type: IAT modification 0xB4DDC598-->80519120 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xB4DDC4DC-->804E131F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xB4DDC4E0-->804E1343 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xB4DDC654-->804E81D7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xB4DDC5C0-->804EDDB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xB4DDC51C-->80518674 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xB4DDC488-->805A170C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xB4DDC530-->805D2EFF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xB4DDC5EC-->80505760 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xB4DDC4B0-->805D7E64 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xB4DDC518-->804E13B9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xB4DDC65C-->804E17CF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoFileObjectType, Type: IAT modification 0xB4DDC5B8-->80560D58 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xB4DDC668-->804EDE66 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetCurrentProcess, Type: IAT modification 0xB4DDC560-->804E5E36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xB4DDC520-->805E3B29 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xB4DDC4FC-->80579683 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoRaiseInformationalHardError, Type: IAT modification 0xB4DDC69C-->805324C7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xB4DDC658-->804E81BD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoWMIRegistrationControl, Type: IAT modification 0xB4DDC55C-->805A218B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xB4DDC6C0-->8053769F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeCancelTimer, Type: IAT modification 0xB4DDC690-->804E61C5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeClearEvent, Type: IAT modification 0xB4DDC694-->804E5AA4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xB4DDC4B8-->804E14F6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeEnterCriticalRegion, Type: IAT modification 0xB4DDC4A4-->804D95F2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xB4DDC6B8-->804E2427 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xB4DDC6BC-->804E2468 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeDpc, Type: IAT modification 0xB4DDC4C8-->804E7DB8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xB4DDC6A0-->804E7DE6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeMutex, Type: IAT modification 0xB4DDC5D8-->80518BE3 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xB4DDC6AC-->804E2417 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeTimer, Type: IAT modification 0xB4DDC4C4-->804EC4FB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeTimerEx, Type: IAT modification 0xB4DDC564-->804EC513 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeLeaveCriticalRegion, Type: IAT modification 0xB4DDC4A0-->804D9604 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeNumberProcessors, Type: IAT modification 0xB4DDC678-->8055BA60 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQueryInterruptTime, Type: IAT modification 0xB4DDC56C-->804E5C65 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xB4DDC6B4-->804D95AF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQueryTimeIncrement, Type: IAT modification 0xB4DDC4A8-->804E5A3E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeReadStateEvent, Type: IAT modification 0xB4DDC5E8-->804E5DBB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeReleaseMutex, Type: IAT modification 0xB4DDC5E4-->804E8508 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeResetEvent, Type: IAT modification 0xB4DDC650-->804E8525 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xB4DDC4AC-->804E20A9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: IAT modification 0xB4DDC578-->80509693 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetTimerEx, Type: IAT modification 0xB4DDC4C0-->804E210E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xB4DDC6C8-->8055A000 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xB4DDC5E0-->804DC400 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xB4DDC640-->804DADC5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: IAT modification 0xB4DDC6CC-->804EDEBC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: IAT modification 0xB4DDC5DC-->80509675 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmLockPagableDataSection, Type: IAT modification 0xB4DDC680-->805E7DA9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: IAT modification 0xB4DDC4D0-->805E09D2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xB4DDC674-->804F97B4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: IAT modification 0xB4DDC664-->804EDF4C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmProbeAndLockPages, Type: IAT modification 0xB4DDC5BC-->804F6BFF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmQuerySystemSize, Type: IAT modification 0xB4DDC614-->8050896A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmUnlockPagableImageSection, Type: IAT modification 0xB4DDC684-->8051A1AB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmUnlockPages, Type: IAT modification 0xB4DDC5A4-->804F6EB5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObDereferenceSecurityDescriptor, Type: IAT modification 0xB4DDC58C-->8056D963 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xB4DDC524-->804E1930 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xB4DDC5CC-->804DA06B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObGetObjectSecurity, Type: IAT modification 0xB4DDC514-->8056C287 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObLogSecurityDescriptor, Type: IAT modification 0xB4DDC5B0-->805755A8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObReferenceObjectByHandle, Type: IAT modification 0xB4DDC5A0-->8056C559 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObReleaseObjectSecurity, Type: IAT modification 0xB4DDC500-->8056C241 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: IAT modification 0xB4DDC53C-->805DFBEF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ProbeForWrite, Type: IAT modification 0xB4DDC5C8-->8056E89F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->PsGetCurrentProcess, Type: IAT modification 0xB4DDC5D0-->804E5E36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->PsGetCurrentProcessId, Type: IAT modification 0xB4DDC590-->804E6997 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: IAT modification 0xB4DDC4E8-->805852BE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAddAce, Type: IAT modification 0xB4DDC528-->805D337A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: IAT modification 0xB4DDC698-->8058DB92 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xB4DDC648-->804F7BCC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAppendUnicodeToString, Type: IAT modification 0xB4DDC608-->804F5F19 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAreBitsSet, Type: IAT modification 0xB4DDC62C-->804F9056 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlClearAllBits, Type: IAT modification 0xB4DDC620-->80513EB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlClearBits, Type: IAT modification 0xB4DDC630-->804EA9A5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCompareMemory, Type: IAT modification 0xB4DDC688-->804E5080 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCompareUnicodeString, Type: IAT modification 0xB4DDC618-->80574887 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xB4DDC644-->804F2DB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCreateAcl, Type: IAT modification 0xB4DDC4EC-->8057545D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: IAT modification 0xB4DDC510-->8056FC49 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: IAT modification 0xB4DDC568-->804DBD08 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlExtendedMagicDivide, Type: IAT modification 0xB4DDC604-->804DBC78 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlFindClearBitsAndSet, Type: IAT modification 0xB4DDC634-->804F0AA8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlFindClearRuns, Type: IAT modification 0xB4DDC638-->80503A42 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetAce, Type: IAT modification 0xB4DDC52C-->805AEF9A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: IAT modification 0xB4DDC550-->805B1763 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: IAT modification 0xB4DDC548-->805BBF77 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: IAT modification 0xB4DDC54C-->805BBF35 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: IAT modification 0xB4DDC544-->805BBF00 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitializeBitMap, Type: IAT modification 0xB4DDC61C-->8057BF4E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitializeSid, Type: IAT modification 0xB4DDC534-->80588972 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xB4DDC670-->804DA2A5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlIpv4StringToAddressW, Type: IAT modification 0xB4DDC5F8-->8050BC50 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthRequiredSid, Type: IAT modification 0xB4DDC538-->80581CA2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: IAT modification 0xB4DDC508-->805753C9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthSid, Type: IAT modification 0xB4DDC4F0-->805DF5CA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlMapGenericMask, Type: IAT modification 0xB4DDC4F8-->8056FDCA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlPrefetchMemoryNonTemporal, Type: IAT modification 0xB4DDC5D4-->804E5531 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->absoƖute, Type: IAT modification 0xB4DDC540-->805BEC83 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetBit, Type: IAT modification 0xB4DDC57C-->804F0BC5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetBits, Type: IAT modification 0xB4DDC624-->804F03FD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: IAT modification 0xB4DDC50C-->80585052 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSubAuthoritySid, Type: IAT modification 0xB4DDC6C4-->805DC816 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlTimeToTimeFields, Type: IAT modification 0xB4DDC5FC-->8050A933 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: IAT modification 0xB4DDC67C-->8058C6CD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: IAT modification 0xB4DDC5F4-->805E4C39 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlVerifyVersionInfo, Type: IAT modification 0xB4DDC554-->80509AEC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlWalkFrameChain, Type: IAT modification 0xB4DDC594-->80519648 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xB4DDC584-->8056C2C7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAppendPrivileges, Type: IAT modification 0xB4DDC5AC-->8058AF21 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAssignSecurity, Type: IAT modification 0xB4DDC5B4-->805751E4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xB4DDC4F4-->8069AD50 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeFreePrivileges, Type: IAT modification 0xB4DDC5A8-->80581CCE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xB4DDC588-->8056C39C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: IAT modification 0xB4DDC504-->805DFAD7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xB4DDC580-->8056C3D1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->VerSetConditionMask, Type: IAT modification 0xB4DDC558-->80509A7D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcschr, Type: IAT modification 0xB4DDC498-->804FE23A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcscpy, Type: IAT modification 0xB4DDC490-->804F36E9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xB4DDC628-->804EA4A9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcsncpy, Type: IAT modification 0xB4DDC494-->804FC693 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xB4DDC60C-->804E3496 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwCreateFile, Type: IAT modification 0xB4DDC6D4-->804E3586 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwDeviceIoControlFile, Type: IAT modification 0xB4DDC6D0-->804E37CA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwEnumerateValueKey, Type: IAT modification 0xB4DDC5F0-->804E3856 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwLoadDriver, Type: IAT modification 0xB4DDC64C-->804E3A36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xB4DDC4BC-->804E3BEE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwQueryValueKey, Type: IAT modification 0xB4DDC4D4-->804E4076 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwSetInformationThread, Type: IAT modification 0xB4DDC49C-->804E4486 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwSetValueKey, Type: IAT modification 0xB4DDC4D8-->804E45EE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xB4DDC6B0-->804DA42D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xB4DDC610-->804DA5B6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_aulldiv, Type: IAT modification 0xB4DDC570-->804DA71B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xB4DDC5C4-->804E2EF8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_wcsicmp, Type: IAT modification 0xB4DDC48C-->804E8120 [ntoskrnl.exe]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF758CB4C-->F795E16D [IPVNMon.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF758CB3C-->F795E0B3 [IPVNMon.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF758CB28-->F795DBC4 [IPVNMon.sys]
wanarp.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xF758CBF0-->80551005 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xF758CB84-->8054AA43 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xF758CBF8-->805511E6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xF758CB7C-->80508A20 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xF758CBE0-->804DA3FC [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xF758CBC8-->804E131F [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xF758CBC4-->804E1343 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xF758CB78-->804E81D7 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xF758CBB0-->80518674 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xF758CC08-->805A170C [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xF758CBBC-->805D2EFF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xF758CB80-->80505760 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xF758CBC0-->805D7E64 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xF758CBB4-->804E13B9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xF758CB70-->804E17CF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xF758CBD0-->804EDE66 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xF758CBA4-->805E3B29 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xF758CB74-->804E81BD [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xF758CB9C-->8053769F [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xF758CBB8-->804E14F6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xF758CBFC-->804E2427 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xF758CC00-->804E2468 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xF758CBE4-->804E7DE6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xF758CBF4-->804E2417 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xF758CC0C-->804D95AF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xF758CBEC-->804E20A9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xF758CB98-->8055A000 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xF758CBE8-->804DC400 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xF758CBCC-->804F97B4 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xF758CBAC-->804E1930 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xF758CBA8-->804DA06B [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xF758CB8C-->804F7BCC [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xF758CB90-->804F2DB1 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xF758CBD8-->804DA2A5 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: IAT modification 0xF758CBD4-->80570494 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->swprintf, Type: IAT modification 0xF758CB94-->804FCA51 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xF758CBDC-->804EA4A9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xF758CB88-->804E3496 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xF758CBA0-->804E3BEE [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xF758CC04-->804DA42D [ntoskrnl.exe]
[1252]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1252]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[208]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[208]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[208]explorer.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001228-->00000000 [iphook32.dll]
[208]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[208]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[208]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[208]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[208]explorer.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7C9C1488-->00000000 [iphook32.dll]
[208]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[208]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [iphook32.dll]
[208]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

WOW I hope you really wanted all of that..... The computer is working much better. I now get an error message "Generic Host Process for Win32 Services"

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 04.09.10 by jpshortstuff
Log created at 21:24 on 10/12/2010 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [22:21 10/09/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a---- 96512 bytes [14:52 11/04/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 96512 bytes [13:00 03/09/2002] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-= EOF =-

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\ERDNT\cache\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\ServicePackFiles\i386\atapi.sys

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-12-11.01 - Owner 12/11/2010 10:16:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.816 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\kb.dll

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\ERDNT\cache\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 06:02 . 2010-12-11 06:02 -------- d-----w- c:\program files\Common Files\Java
2010-12-11 06:02 . 2010-09-15 12:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-10 03:07 . 2010-12-10 03:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-12-10 03:07 . 2010-12-10 03:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-12-10 02:56 . 2010-12-10 02:56 -------- d-----w- c:\program files\7-Zip
2010-12-07 03:18 . 2010-12-08 15:29 0 ----a-w- c:\windows\Kyuya.bin
2010-12-07 03:18 . 2010-12-07 03:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 23:30 . 2010-11-02 02:00 155567790 ----a-w- C:\cookn9-42994.exe
2010-09-18 19:23 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 13:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 10:29 . 2010-04-10 16:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_14.52.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 06:51 . 2007-11-07 06:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 06:51 . 2007-11-07 06:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 09:07 . 2009-07-12 09:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 09:19 . 2009-07-12 09:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-12-11 18:13 . 2010-12-11 18:13 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2002-09-03 13:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2002-09-03 13:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2010-12-11 06:09 . 2009-01-10 00:18 27136 c:\windows\system32\ReinstallBackups\0018\DriverFiles\RimSerial.sys
+ 2010-03-31 07:16 . 2010-03-31 07:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 1980-01-01 00:00 . 2010-12-11 06:10 71732 c:\windows\system32\perfc009.dat
- 1980-01-01 00:00 . 2010-03-16 03:19 71732 c:\windows\system32\perfc009.dat
+ 2009-11-07 08:07 . 2009-11-07 08:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 05:17 . 2009-11-06 05:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2002-09-03 13:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2002-09-03 13:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2010-07-14 22:14 . 2010-04-20 03:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-14 22:14 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2009-06-22 00:42 . 2010-04-20 03:47 41984 c:\windows\system32\drivers\usbaapl.sys
+ 2010-05-18 23:35 . 2010-05-18 23:35 91424 c:\windows\system32\dnssd.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2002-09-03 13:00 . 2004-08-04 05:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2002-09-03 13:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2002-09-03 13:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 01:19 . 2003-02-21 01:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-10-16 09:54 . 2010-10-16 09:54 21504 c:\windows\Installer\a31e39b.msi
+ 2010-08-01 20:46 . 2010-08-01 20:46 38400 c:\windows\Installer\19a2912a.msi
+ 2010-05-13 12:54 . 2010-05-13 12:54 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 69632 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-08-01 20:47 . 2010-09-29 10:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2010-04-16 00:54 . 2010-04-16 00:54 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-10-06 10:02 . 2010-10-06 10:02 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e4fb287c\System.Drawing.Design.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_74c68084\CustomMarshalers.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 10:16 . 2010-08-12 10:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 10:15 . 2010-08-12 10:15 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 10:21 . 2010-08-12 10:21 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 10:02 . 2008-04-14 00:11 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-05-26 10:00 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 10:00 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 10:14 . 2008-04-14 00:11 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-04-14 04:50 . 2008-04-14 00:11 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-09-15 10:08 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-10-14 10:07 . 2008-04-14 00:12 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-09-29 10:01 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-29 10:01 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-08-11 23:51 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-15 04:37 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-15 17:43 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
- 2004-04-01 04:15 . 2010-03-10 11:00 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-10-06 10:05 . 2010-10-06 10:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-14 10:16 . 2009-10-14 10:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-15 10:07 . 2008-05-03 11:55 2560

c:\windows\$NtUninstallKB982802$\xpsp4res.dll
+ 2010-10-14 10:02 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-14 10:07 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2010-10-14 04:54 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2002-09-03 13:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2002-09-03 13:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2002-09-03 13:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
- 2002-09-03 13:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2002-09-03 13:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2002-09-03 13:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2002-09-03 13:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2002-09-03 13:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2004-04-15 19:08 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2010-03-31 07:10 . 2010-03-31 07:10 295264 c:\windows\system32\PresentationHost.exe
+ 1980-01-01 00:00 . 2010-12-11 06:10 442466 c:\windows\system32\perfh009.dat
- 1980-01-01 00:00 . 2010-03-16 03:19 442466 c:\windows\system32\perfh009.dat
+ 2009-11-07 08:07 . 2009-11-07 08:07 297808 c:\windows\system32\mscoree.dll
- 2004-02-22 08:11 . 2004-08-04 07:56 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-02-22 08:11 . 2010-04-05 18:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-12-11 06:02 . 2010-09-15 12:50 153376 c:\windows\system32\javaws.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 153376 c:\windows\system32\javaws.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 145184 c:\windows\system32\javaw.exe
+ 2010-12-11 06:02 . 2010-09-15 12:50 145184 c:\windows\system32\javaw.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 145184 c:\windows\system32\java.exe
+ 2010-12-11 06:02 . 2010-09-15 12:50 145184 c:\windows\system32\java.exe
+ 2004-06-07 21:19 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2004-02-21 22:08 . 2010-10-14 10:24 247904 c:\windows\system32\FNTCACHE.DAT
- 2004-02-21 22:08 . 2009-11-11 11:20 247904 c:\windows\system32\FNTCACHE.DAT
+ 2002-09-03 13:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2002-09-03 13:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2002-09-03 13:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-05-18 23:35 . 2010-05-18 23:35 107808 c:\windows\system32\dns-sd.exe
+ 2004-08-04 07:56 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 08:32 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-11-11 20:14 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-04-05 18:54 . 2010-04-05 18:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-14 08:13 . 2010-09-18 19:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-14 04:59 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2010-10-14 04:59 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2002-09-03 13:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2008-08-20 14:22 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-07-14 11:48 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-10-14 04:59 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2002-09-03 13:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2002-09-03 13:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2002-09-03 13:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2002-09-03 13:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2004-02-22 04:13 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2004-02-22 04:13 . 2008-04-14 00:12 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
+ 2010-03-31 07:16 . 2010-03-31 07:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 19:22 . 2010-02-09 19:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 06:51 . 2009-08-08 06:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\dcd5792.msp
+ 2010-09-24 04:02 . 2010-09-24 04:02 798208 c:\windows\Installer\34053a5.msp
+ 2010-12-11 06:06 . 2010-12-11 06:06 228352 c:\windows\Installer\320fde3.msi
+ 2010-12-11 06:02 . 2010-12-11 06:02 180224 c:\windows\Installer\320fdde.msi
+ 2010-07-14 22:12 . 2010-07-14 22:12 807424 c:\windows\Installer\17fcaa9.msi
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2010-07-14 22:21 . 2010-07-14 22:21 372736 c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-09-23 02:10 . 2010-09-23 02:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2008-11-11 20:14 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-10-06 10:02 . 2010-10-06 10:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d7078a6e\System.Drawing.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b03bcc04\System.Drawing.Design.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7bf9142d\CustomMarshalers.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 10:20 . 2010-08-12 10:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 10:22 . 2010-08-12 10:22 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-08-12 10:17 . 2010-08-12 10:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 10:22 . 2010-08-12 10:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-10-06 10:09 . 2010-10-06 10:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-08-12 10:17 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys
+ 2010-08-12 10:17 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2010-08-12 10:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-05-26 10:00 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 10:00 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-08-12 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-08-12 10:08 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-04-15 10:35 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-15 10:35 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-15 10:35 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-10 10:20 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-10 10:20 . 2008-04-14 00:09 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-10-14 10:06 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2010-10-14 10:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
+ 2010-10-14 10:06 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2010-04-15 10:45 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-15 10:45 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-10 10:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-10 10:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-06-10 10:15 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-10 10:15 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-04-14 04:50 . 2008-04-14 00:12 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-12 10:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 10:02 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-15 10:22 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-15 10:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-15 10:22 . 2008-04-14 00:11 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-04-15 10:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-15 10:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-09-15 10:08 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-09-15 10:08 . 2004-08-04 07:56 384512 c:\windows\$NtUninstallKB975558_WM8$\mp4sdmod.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2010-10-14 10:08 . 2006-10-14 08:13 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll
+ 2010-10-14 10:08 . 2008-04-14 00:11 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll
+ 2010-10-14 10:08 . 2002-09-03 13:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll
+ 2010-10-14 10:07 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2010-10-14 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2010-10-14 10:02 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys
+ 2010-10-14 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2008-04-14 00:11 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2279986$\atmfd.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-15 10:04 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-15 10:04 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
+ 2010-09-29 10:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-29 10:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-09-15 10:02 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-09-15 10:07 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-08-12 10:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe
+ 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-08-12 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-08-12 10:17 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-08-12 10:17 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-08-11 23:51 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2010-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-08-12 10:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981957\update\updspapi.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981957\update\update.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981957\spuninst.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-09-15 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-09-15 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-08-12 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-15 10:45 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-15 04:37 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-06-10 10:20 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-10 10:20 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-10 10:20 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2010-10-14 10:07 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2010-04-15 10:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-15 10:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-06-10 10:18 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-10 10:18 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-10 10:18 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-10 10:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-10 10:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 10:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-15 10:32 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-15 10:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-10 10:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-10 10:14 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
+ 2010-10-14 10:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe
+ 2010-10-14 04:59 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe
+ 2010-10-14 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe
+ 2010-10-14 04:54 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-09-15 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2010-08-04 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-04 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-14 10:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2279986\update\updspapi.dll
+ 2010-10-14 10:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2279986\update\update.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2279986\spuninst.exe
+ 2010-09-01 11:48 . 2010-09-01 11:48 285824 c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-09-15 10:08 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-15 10:04 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-15 10:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-14 11:48 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2160329\update\update.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2160329\spuninst.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-08-12 10:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe

+ 2010-10-14 04:59 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2002-09-03 13:00 . 2010-04-03 13:39 2377576 c:\windows\system32\WMVCore.dll
+ 2003-09-17 08:25 . 2010-08-25 14:23 5541888 c:\windows\system32\wmp.dll
+ 2002-09-03 13:00 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
+ 2009-06-22 00:42 . 2010-04-20 03:47 3062048 c:\windows\system32\usbaaplrc.dll
+ 2004-07-14 15:40 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-02-22 08:44 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2004-02-22 08:44 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-04-15 19:08 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2002-09-03 13:00 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2002-09-03 13:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2002-09-03 13:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2010-07-14 22:14 . 2010-04-20 03:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-14 22:14 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2002-09-03 13:00 . 2010-04-03 13:39 2377576 c:\windows\system32\dllcache\WMVCore.dll
+ 2003-09-17 08:25 . 2010-08-25 14:23 5541888 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-15 08:31 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 08:31 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 08:31 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-11 20:14 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-11 20:14 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-08-12 09:31 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-12 09:31 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
- 2010-03-10 10:43 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 10:43 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-11-07 08:06 . 2009-11-07 08:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 16:44 . 2010-09-22 16:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 12:32 . 2010-03-23 12:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 06:51 . 2009-08-08 06:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 09:25 . 2010-09-23 09:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 07:43 . 2008-05-28 07:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-08-18 17:19 . 2010-08-18 17:19 8400896 c:\windows\Installer\e726cd5.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\dcd579e.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\dcd579d.msp
+ 2010-01-11 23:35 . 2010-01-11 23:35 4480000 c:\windows\Installer\6045e416.msp
+ 2010-10-05 00:00 . 2010-10-05 00:00 7973888 c:\windows\Installer\48c10bc.msp
+ 2010-02-26 13:09 . 2010-02-26 13:09 8300544 c:\windows\Installer\46af360.msp
+ 2010-08-09 23:44 . 2010-08-09 23:44 3778048 c:\windows\Installer\46699209.msp
+ 2010-08-27 20:36 . 2010-08-27 20:36 2807296 c:\windows\Installer\466991f6.msp
+ 2010-04-16 04:39 . 2010-04-16 04:39 9472000 c:\windows\Installer\3b98dd8.msi
+ 2010-09-23 14:39 . 2010-09-23 14:39 4265472 c:\windows\Installer\340539e.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\320fdc7.msp
+ 2010-12-11 05:57 . 2010-12-11 05:57 3940864 c:\windows\Installer\320fdb4.msi
+ 2010-05-24 20:54 . 2010-05-24 20:54 6704640 c:\windows\Installer\27d4924.msp
+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\192bdf41.msp
+ 2010-06-29 23:01 . 2010-06-29 23:01 8404992 c:\windows\Installer\1856a902.msp
+ 2010-07-14 22:21 . 2010-07-14 22:21 4820480 c:\windows\Installer\17fd336.msi
+ 2010-07-14 22:14 . 2010-07-14 22:14 3089408 c:\windows\Installer\17fcb14.msi
+ 2010-07-14 22:13 . 2010-07-14 22:13 1984000 c:\windows\Installer\17fcae1.msi
+ 2010-09-26 12:59 . 2010-09-26 12:59 1223680 c:\windows\Installer\1765dd43.msi
+ 2010-09-16 11:08 . 2010-09-16 11:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2008-10-15 08:31 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 08:31 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-06 10:02 . 2010-10-06 10:02 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fcfc5ab8\System.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2e76303c\System.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7952d5c4\System.Xml.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_58a5ecf3\System.Xml.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_112292c9\System.Windows.Forms.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_045c9557\System.Windows.Forms.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6f58764e\System.Drawing.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fb280e14\System.Design.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4d98f055\System.Design.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1b9a5f4d\mscorlib.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_14677707\mscorlib.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-06 10:09 . 2010-10-06 10:09 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-21 10:26 . 2009-08-21 10:26 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-06 10:07 . 2010-10-06 10:07 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:04 . 2009-10-14 10:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:04 . 2009-10-14 10:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 10:03 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-10-14 10:03 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB981957$\win32k.sys
+ 2010-08-12 10:15 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-08-12 10:15 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-08-12 10:15 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-08-12 10:15 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-10-14 10:06 . 2008-04-14 00:12 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll
+ 2010-04-15 10:45 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-15 10:45 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-15 10:45 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-15 10:45 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-10 10:18 . 2009-08-14 13:21 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-10 10:15 . 2009-05-20 19:24 2373504 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 10:02 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-10 10:14 . 2009-11-27 17:11 1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-10-14 10:08 . 2008-04-14 00:11 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll
+ 2010-10-14 10:07 . 2009-07-13 17:08 5537792 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
+ 2010-08-04 10:02 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-08-12 10:09 . 2010-05-02 05:22 1851264 c:\windows\$NtUninstallKB2160329$\win32k.sys
+ 2010-08-12 10:14 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-08-11 23:50 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-08-31 13:38 . 2010-08-31 13:38 1861888 c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys
+ 2010-08-11 23:51 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-08-11 23:51 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 14:14 . 2010-04-28 14:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-08-11 23:51 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2010-04-15 04:37 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-15 04:37 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-15 04:37 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-15 04:37 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-06-24 02:14 . 2010-06-24 02:14 1861120 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
+ 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2005-05-11 02:15 . 2010-11-11 11:00 35758536 c:\windows\system32\MRT.exe
+ 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-09-24 21:08 . 2010-09-24 21:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-08-18 17:12 . 2010-08-18 17:12 17516032 c:\windows\Installer\e726cc2.msp
+ 2010-04-02 19:30 . 2010-04-02 19:30 17456640 c:\windows\Installer\dcd57c9.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 14599680 c:\windows\Installer\dcd57ac.msp
+ 2010-04-16 04:34 . 2010-04-16 04:34 17510912 c:\windows\Installer\dcd5787.msp
+ 2010-09-14 10:01 . 2010-09-14 10:01 20303872 c:\windows\Installer\413dda79.msp
+ 2010-09-24 14:08 . 2010-09-24 14:08 17518080 c:\windows\Installer\3405395.msp
+ 2010-12-11 06:08 . 2010-12-11 06:08 24010752 c:\windows\Installer\320fe24.msi
+ 2010-09-29 10:02 . 2010-09-29 10:02 20303872 c:\windows\Installer\2639eb0a.msp
+ 2010-08-01 20:46 . 2010-08-01 20:46 20242432 c:\windows\Installer\19a29130.msp
+ 2010-03-31 08:23 . 2010-03-31 08:23 15638528 c:\windows\Installer\192bdf4d.msp
+ 2010-05-19 20:08 . 2010-05-19 20:08 11408896 c:\windows\Installer\1856a8ef.msp
+ 2010-06-29 06:46 . 2010-06-29 06:46 17512960 c:\windows\Installer\1856a8e5.msp
+ 2010-08-12 10:19 . 2010-08-12 10:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-06 10:08 . 2010-10-06 10:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 10:16 . 2010-08-12 10:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 10:14 . 2010-08-12 10:14 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"User Space Manager"="c:\program files\Intel\LDCM\Bin\USM.exe" [2002-05-02 20563]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-02-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-12 86016]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2005-01-15 385024]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2005-05-09 86016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-3-7 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\LDCM\\BIN\\USM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cook'n9\\Cook'n.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 9:09 PM 64160]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [5/5/2009 5:19 AM 616408]
R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\cismbios.sys [2/21/2004 8:45 PM 9978]
R2 Intel Bootstrap Agent;Intel Bootstrap Agent;c:\program files\Intel\BootStrap Agent\bsa.exe [2/21/2004 8:45 PM 65536]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2/21/2004 8:48 PM 6736]
S2 gupdate1c9a6b15c4c2a8c;Google Update Service (gupdate1c9a6b15c4c2a8c);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 7:35 PM 133104]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 1029456]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:08]

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://fredmeyer.storefront.com/images/global/activex/SFImageUpload1_8.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD600BB-53CAA1 rev.17.07W17 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A263555]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2697b0]; MOV EAX, [0x8a26982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A281AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006d[0x8A285EB0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A284D98]
\Driver\atapi[0x8A2AD030] -> IRP_MJ_CREATE -> 0x8A263555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD600BB-53CAA1______________________17.07W17#4457572d414d4638323133393839_037_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A26339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
Completion time: 2010-12-11 10:41:13
ComboFix-quarantined-files.txt 2010-12-11 18:41
ComboFix2.txt 2010-12-09 04:06
ComboFix3.txt 2010-04-11 14:54
ComboFix4.txt 2009-03-16 15:08

Pre-Run: 8,789,316,608 bytes free
Post-Run: 9,640,254,976 bytes free

- - End Of File - - F8C5F56143F080591179CB359A7274BD

Hmm.

Please run TDSSKiller one more time and post the new log.

How do I do that? I don't think I have ran than yet...

Thanks.