Sick Desktop Computer "virus called tr/crypt.zpack.gen"

ntoskrnl.exe+0x0013D8EE, Type: Inline - RelativeJump 0x806148EE-->80599EC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D976, Type: Inline - RelativeJump 0x80614976-->805E9F51 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D97B, Type: Inline - RelativeJump 0x8061497B-->8061498B [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9A9, Type: Inline - RelativeJump 0x806149A9-->806149BB [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9BD, Type: Inline - RelativeJump 0x806149BD-->8059B3DD [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9C9, Type: Inline - RelativeJump 0x806149C9-->8059B3DD [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9D1, Type: Inline - RelativeCall 0x806149D1-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9D9, Type: Inline - RelativeJump 0x806149D9-->8059B476 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9DF, Type: Inline - RelativeJump 0x806149DF-->806149BD [ntoskrnl.exe]
ntoskrnl.exe+0x0013DB9E, Type: Inline - RelativeJump 0x80614B9E-->80614BC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DD62, Type: Inline - RelativeJump 0x80614D62-->80614D86 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DED0, Type: Inline - RelativeJump 0x80614ED0-->80614EDA [ntoskrnl.exe]
ntoskrnl.exe+0x0013DF2A, Type: Inline - RelativeJump 0x80614F2A-->80614F34 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DF3C, Type: Inline - RelativeJump 0x80614F3C-->80614F46 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DFBA, Type: Inline - RelativeJump 0x80614FBA-->80615037 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E15F, Type: Inline - RelativeJump 0x8061515F-->8061514B [ntoskrnl.exe]
ntoskrnl.exe+0x0013E328, Type: Inline - RelativeJump 0x80615328-->805D4676 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E332, Type: Inline - RelativeCall 0x80615332-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E3DB, Type: Inline - RelativeJump 0x806153DB-->806153EF [ntoskrnl.exe]
ntoskrnl.exe+0x0013E45D, Type: Inline - RelativeCall 0x8061545D-->804F7BCC [ntoskrnl.exe]
ntoskrnl.exe+0x0013E51E, Type: Inline - RelativeJump 0x8061551E-->8061553C [ntoskrnl.exe]
ntoskrnl.exe+0x0013E766, Type: Inline - RelativeJump 0x80615766-->8061576B [ntoskrnl.exe]
ntoskrnl.exe+0x0013E89F, Type: Inline - RelativeJump 0x8061589F-->806158BE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E8E8, Type: Inline - RelativeCall 0x806158E8-->805DA670 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E8EE, Type: Inline - RelativeJump 0x806158EE-->805788B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9DD, Type: Inline - RelativeJump 0x806159DD-->805997EE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9E8, Type: Inline - RelativeJump 0x806159E8-->805997EE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9ED, Type: Inline - RelativeCall 0x806159ED-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9F4, Type: Inline - RelativeJump 0x806159F4-->80615A66 [ntoskrnl.exe]
ntoskrnl.exe+0x0013ED4B, Type: Inline - RelativeCall 0x80615D4B-->8061C3F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F4CB, Type: Inline - DirectCall 0x806164CB-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0013F58E, Type: Inline - RelativeJump 0x8061658E-->80616592 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F70E, Type: Inline - RelativeJump 0x8061670E-->805D45B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F9F1, Type: Inline - RelativeJump 0x806169F1-->80616A07 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F9F8, Type: Inline - RelativeJump 0x806169F8-->80616A11 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FB93, Type: Inline - RelativeJump 0x80616B93-->80616B85 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FC7C, Type: Inline - RelativeCall 0x80616C7C-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0013FC95, Type: Inline - RelativeJump 0x80616C95-->80616CD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FE93, Type: Inline - RelativeJump 0x80616E93-->805C8BE1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FEA1, Type: Inline - RelativeJump 0x80616EA1-->805C8BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00140007, Type: Inline - RelativeCall 0x80617007-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014000F, Type: Inline - RelativeCall 0x8061700F-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00140019, Type: Inline - RelativeJump 0x80617019-->805B7773 [ntoskrnl.exe]
ntoskrnl.exe+0x0014001E, Type: Inline - RelativeJump 0x8061701E-->80587A97 [ntoskrnl.exe]
ntoskrnl.exe+0x00140163, Type: Inline - RelativeJump 0x80617163-->805D69E0 [ntoskrnl.exe]
ntoskrnl.exe+0x00140168, Type: Inline - RelativeCall 0x80617168-->80587586 [ntoskrnl.exe]
ntoskrnl.exe+0x00140194, Type: Inline - RelativeJump 0x80617194-->805E135F [ntoskrnl.exe]
ntoskrnl.exe+0x001401A0, Type: Inline - PushRet 0x806171A0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014030A, Type: Inline - RelativeJump 0x8061730A-->8061731A [ntoskrnl.exe]
ntoskrnl.exe+0x0014031C, Type: Inline - RelativeJump 0x8061731C-->80586ED9 [ntoskrnl.exe]
ntoskrnl.exe+0x00140324, Type: Inline - RelativeJump 0x80617324-->80586EEC [ntoskrnl.exe]
ntoskrnl.exe+0x001407E2, Type: Inline - RelativeJump 0x806177E2-->80587179 [ntoskrnl.exe]
ntoskrnl.exe+0x001407E7, Type: Inline - RelativeJump 0x806177E7-->8058719C [ntoskrnl.exe]
ntoskrnl.exe+0x001407EC, Type: Inline - RelativeJump 0x806177EC-->806177FD [ntoskrnl.exe]
ntoskrnl.exe+0x001407F5, Type: Inline - DirectCall 0x806177F5-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00140A1B, Type: Inline - RelativeJump 0x80617A1B-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A27, Type: Inline - RelativeJump 0x80617A27-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A2C, Type: Inline - RelativeJump 0x80617A2C-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A6C, Type: Inline - RelativeJump 0x80617A6C-->80617A7E [ntoskrnl.exe]
ntoskrnl.exe+0x00140A7C, Type: Inline - RelativeJump 0x80617A7C-->805D684A [ntoskrnl.exe]
ntoskrnl.exe+0x00140B36, Type: Inline - RelativeJump 0x80617B36-->8057274A [ntoskrnl.exe]
ntoskrnl.exe+0x00140B3B, Type: Inline - RelativeCall 0x80617B3B-->80570360 [ntoskrnl.exe]
ntoskrnl.exe+0x00140B7C, Type: Inline - RelativeJump 0x80617B7C-->805726BD [ntoskrnl.exe]
ntoskrnl.exe+0x00140B83, Type: Inline - RelativeJump 0x80617B83-->80572732 [ntoskrnl.exe]
ntoskrnl.exe+0x00140B95, Type: Inline - RelativeJump 0x80617B95-->80617BC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00140BDF, Type: Inline - RelativeJump 0x80617BDF-->80586182 [ntoskrnl.exe]
ntoskrnl.exe+0x00140C19, Type: Inline - RelativeJump 0x80617C19-->80617C3F [ntoskrnl.exe]
ntoskrnl.exe+0x00140C1E, Type: Inline - RelativeJump 0x80617C1E-->80617CBB [ntoskrnl.exe]
ntoskrnl.exe+0x00140C2A, Type: Inline - RelativeJump 0x80617C2A-->80617CC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00140EAB, Type: Inline - RelativeJump 0x80617EAB-->80617EB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00140FFF, Type: Inline - RelativeCall 0x80617FFF-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00141008, Type: Inline - RelativeJump 0x80618008-->805DC66A [ntoskrnl.exe]
ntoskrnl.exe+0x001410DA, Type: Inline - RelativeCall 0x806180DA-->805E1B20 [ntoskrnl.exe]
ntoskrnl.exe+0x001410E9, Type: Inline - RelativeJump 0x806180E9-->80618130 [ntoskrnl.exe]
ntoskrnl.exe+0x001410EC, Type: Inline - RelativeJump 0x806180EC-->80618116 [ntoskrnl.exe]
ntoskrnl.exe+0x001412F4, Type: Inline - RelativeJump 0x806182F4-->80618305 [ntoskrnl.exe]
ntoskrnl.exe+0x00141415, Type: Inline - PushRet 0x80618415-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014149D, Type: Inline - RelativeJump 0x8061849D-->8058056C [ntoskrnl.exe]
ntoskrnl.exe+0x001414A6, Type: Inline - RelativeJump 0x806184A6-->806184E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00141540, Type: Inline - RelativeCall 0x80618540-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00141872, Type: Inline - RelativeJump 0x80618872-->80578624 [ntoskrnl.exe]
ntoskrnl.exe+0x00141889, Type: Inline - RelativeJump 0x80618889-->80618874 [ntoskrnl.exe]
ntoskrnl.exe+0x001418BC, Type: Inline - RelativeJump 0x806188BC-->806188C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001419CE, Type: Inline - RelativeCall 0x806189CE-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001419D6, Type: Inline - RelativeCall 0x806189D6-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x00141F17, Type: Inline - RelativeJump 0x80618F17-->80573349 [ntoskrnl.exe]
ntoskrnl.exe+0x00141F1E, Type: Inline - RelativeJump 0x80618F1E-->805EB444 [ntoskrnl.exe]
ntoskrnl.exe+0x00141F6D, Type: Inline - RelativeJump 0x80618F6D-->80618F7D [ntoskrnl.exe]
ntoskrnl.exe+0x00141F82, Type: Inline - RelativeJump 0x80618F82-->80618F9C [ntoskrnl.exe]
ntoskrnl.exe+0x0014202B, Type: Inline - RelativeJump 0x8061902B-->80619041 [ntoskrnl.exe]
ntoskrnl.exe+0x001421FE, Type: Inline - RelativeJump 0x806191FE-->80619228 [ntoskrnl.exe]
ntoskrnl.exe+0x00142225, Type: Inline - RelativeJump 0x80619225-->80619233 [ntoskrnl.exe]
ntoskrnl.exe+0x00142253, Type: Inline - RelativeJump 0x80619253-->80597905 [ntoskrnl.exe]
ntoskrnl.exe+0x00142264, Type: Inline - RelativeJump 0x80619264-->805D4FFC [ntoskrnl.exe]
ntoskrnl.exe+0x0014226B, Type: Inline - RelativeJump 0x8061926B-->8061928C [ntoskrnl.exe]
ntoskrnl.exe+0x001422E1, Type: Inline - RelativeJump 0x806192E1-->8059824B [ntoskrnl.exe]
ntoskrnl.exe+0x0014231D, Type: Inline - RelativeJump 0x8061931D-->80597A14 [ntoskrnl.exe]
ntoskrnl.exe+0x0014246F, Type: Inline - RelativeCall 0x8061946F-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00142475, Type: Inline - RelativeJump 0x80619475-->805D6DA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0014247A, Type: Inline - RelativeJump 0x8061947A-->8061948C [ntoskrnl.exe]
ntoskrnl.exe+0x00142481, Type: Inline - RelativeJump 0x80619481-->80619483 [ntoskrnl.exe]
ntoskrnl.exe+0x0014250D, Type: Inline - RelativeJump 0x8061950D-->805D6ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x00142537, Type: Inline - RelativeJump 0x80619537-->80619549 [ntoskrnl.exe]
ntoskrnl.exe+0x00142542, Type: Inline - RelativeJump 0x80619542-->80619550 [ntoskrnl.exe]
ntoskrnl.exe+0x001425C4, Type: Inline - RelativeJump 0x806195C4-->806195C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001425D7, Type: Inline - RelativeJump 0x806195D7-->806195E8 [ntoskrnl.exe]
ntoskrnl.exe+0x001425E3, Type: Inline - RelativeJump 0x806195E3-->806195E7 [ntoskrnl.exe]
ntoskrnl.exe+0x001425E8, Type: Inline - RelativeJump 0x806195E8-->806195E2 [ntoskrnl.exe]
ntoskrnl.exe+0x001425EC, Type: Inline - PushRet 0x806195EC-->EBFFF7EF [unknown_code_page]
ntoskrnl.exe+0x001425F0, Type: Inline - RelativeJump 0x806195F0-->806195A2 [ntoskrnl.exe]
ntoskrnl.exe+0x00142607, Type: Inline - RelativeJump 0x80619607-->80619595 [ntoskrnl.exe]
ntoskrnl.exe+0x00142615, Type: Inline - RelativeJump 0x80619615-->80619606 [ntoskrnl.exe]
ntoskrnl.exe+0x00142619, Type: Inline - RelativeJump 0x80619619-->8061962A [ntoskrnl.exe]
ntoskrnl.exe+0x0014262A, Type: Inline - RelativeJump 0x8061962A-->8061959E [ntoskrnl.exe]
ntoskrnl.exe+0x00142630, Type: Inline - RelativeJump 0x80619630-->8061959E [ntoskrnl.exe]
ntoskrnl.exe+0x0014263B, Type: Inline - RelativeJump 0x8061963B-->8061959B [ntoskrnl.exe]
ntoskrnl.exe+0x00142740, Type: Inline - RelativeJump 0x80619740-->8061976E [ntoskrnl.exe]
ntoskrnl.exe+0x0014274A, Type: Inline - RelativeJump 0x8061974A-->805DB282 [ntoskrnl.exe]
ntoskrnl.exe+0x00142754, Type: Inline - RelativeCall 0x80619754-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x0014275D, Type: Inline - RelativeJump 0x8061975D-->805DB282 [ntoskrnl.exe]
ntoskrnl.exe+0x00142763, Type: Inline - RelativeJump 0x80619763-->8061975D [ntoskrnl.exe]
ntoskrnl.exe+0x001427BE, Type: Inline - RelativeJump 0x806197BE-->806197A8 [ntoskrnl.exe]
ntoskrnl.exe+0x00142816, Type: Inline - RelativeJump 0x80619816-->80619825 [ntoskrnl.exe]
ntoskrnl.exe+0x00142825, Type: Inline - RelativeJump 0x80619825-->80619834 [ntoskrnl.exe]
ntoskrnl.exe+0x00142A59, Type: Inline - RelativeJump 0x80619A59-->805E12AA [ntoskrnl.exe]
ntoskrnl.exe+0x00142A63, Type: Inline - RelativeCall 0x80619A63-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x00142B5B, Type: Inline - RelativeJump 0x80619B5B-->805E15F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00142B65, Type: Inline - RelativeJump 0x80619B65-->805E1602 [ntoskrnl.exe]
ntoskrnl.exe+0x00142B6A, Type: Inline - RelativeJump 0x80619B6A-->80619B84 [ntoskrnl.exe]
ntoskrnl.exe+0x00142C66, Type: Inline - RelativeJump 0x80619C66-->80619D56 [ntoskrnl.exe]
ntoskrnl.exe+0x00142C70, Type: Inline - RelativeJump 0x80619C70-->80619D56 [ntoskrnl.exe]
ntoskrnl.exe+0x00143168, Type: Inline - RelativeJump 0x8061A168-->80586DE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00143173, Type: Inline - RelativeCall 0x8061A173-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00143846, Type: Inline - RelativeJump 0x8061A846-->8061A7FB [ntoskrnl.exe]
ntoskrnl.exe+0x00143868, Type: Inline - RelativeJump 0x8061A868-->8061A85B [ntoskrnl.exe]
ntoskrnl.exe+0x00143B6E, Type: Inline - RelativeJump 0x8061AB6E-->8061AB87 [ntoskrnl.exe]
ntoskrnl.exe+0x00143BC2, Type: Inline - RelativeJump 0x8061ABC2-->8061ABA7 [ntoskrnl.exe]
ntoskrnl.exe+0x00143BFA, Type: Inline - RelativeCall 0x8061ABFA-->8065FCB9 [ntoskrnl.exe]
ntoskrnl.exe+0x00143C00, Type: Inline - RelativeJump 0x8061AC00-->805D5F8A [ntoskrnl.exe]
ntoskrnl.exe+0x00143DCA, Type: Inline - RelativeJump 0x8061ADCA-->80586722 [ntoskrnl.exe]
ntoskrnl.exe+0x00143DCF, Type: Inline - RelativeJump 0x8061ADCF-->8061ADED [ntoskrnl.exe]
ntoskrnl.exe+0x00143F4B, Type: Inline - DirectCall 0x8061AF4B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00143F4F, Type: Inline - RelativeJump 0x8061AF4F-->805DB32A [ntoskrnl.exe]
ntoskrnl.exe+0x00143F54, Type: Inline - RelativeJump 0x8061AF54-->805DB30D [ntoskrnl.exe]
ntoskrnl.exe+0x00144254, Type: Inline - RelativeJump 0x8061B254-->8061B2DF [ntoskrnl.exe]
ntoskrnl.exe+0x00144433, Type: Inline - RelativeJump 0x8061B433-->8061B458 [ntoskrnl.exe]
ntoskrnl.exe+0x00144486, Type: Inline - RelativeCall 0x8061B486-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x0014448F, Type: Inline - RelativeJump 0x8061B48F-->8061B4BC [ntoskrnl.exe]
ntoskrnl.exe+0x00144713, Type: Inline - RelativeCall 0x8061B713-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x00144719, Type: Inline - RelativeJump 0x8061B719-->8061B72A [ntoskrnl.exe]
ntoskrnl.exe+0x00144726, Type: Inline - RelativeJump 0x8061B726-->805D5179 [ntoskrnl.exe]
ntoskrnl.exe+0x00144730, Type: Inline - RelativeJump 0x8061B730-->805D5179 [ntoskrnl.exe]
ntoskrnl.exe+0x0014473F, Type: Inline - RelativeJump 0x8061B73F-->805D522D [ntoskrnl.exe]
ntoskrnl.exe+0x00144750, Type: Inline - RelativeJump 0x8061B750-->8061B768 [ntoskrnl.exe]
ntoskrnl.exe+0x001448C1, Type: Inline - PushRet 0x8061B8C1-->8B804D81 [unknown_code_page]
ntoskrnl.exe+0x001448C2, Type: Inline - DirectCall 0x8061B8C2-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x00144989, Type: Inline - PushRet 0x8061B989-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00144993, Type: Inline - RelativeCall 0x8061B993-->DDEB94CB [unknown_code_page]
ntoskrnl.exe+0x00144B9C, Type: Inline - RelativeJump 0x8061BB9C-->805A0D34 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BB2, Type: Inline - RelativeJump 0x8061BBB2-->805A0D50 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BB7, Type: Inline - RelativeJump 0x8061BBB7-->805A0D69 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BBF, Type: Inline - RelativeJump 0x8061BBBF-->805A0D82 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BCE, Type: Inline - RelativeJump 0x8061BBCE-->805A1290 [ntoskrnl.exe]
ntoskrnl.exe+0x00144CA9, Type: Inline - RelativeJump 0x8061BCA9-->805DCEDC [ntoskrnl.exe]
ntoskrnl.exe+0x00144EFF, Type: Inline - RelativeJump 0x8061BEFF-->8061BF1E [ntoskrnl.exe]
ntoskrnl.exe+0x00145040, Type: Inline - RelativeCall 0x8061C040-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00145045, Type: Inline - PushRet 0x8061C045-->90900014 [unknown_code_page]
ntoskrnl.exe+0x0014508B, Type: Inline - RelativeJump 0x8061C08B-->8061C096 [ntoskrnl.exe]
ntoskrnl.exe+0x00145092, Type: Inline - RelativeJump 0x8061C092-->8061C0A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014517B, Type: Inline - RelativeJump 0x8061C17B-->8061C189 [ntoskrnl.exe]
ntoskrnl.exe+0x00145183, Type: Inline - RelativeJump 0x8061C183-->8061C1AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014528C, Type: Inline - RelativeCall 0x8061C28C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x001452A3, Type: Inline - RelativeJump 0x8061C2A3-->8061C376 [ntoskrnl.exe]
ntoskrnl.exe+0x001452B0, Type: Inline - RelativeCall 0x8061C2B0-->8064CBAC [ntoskrnl.exe]
ntoskrnl.exe+0x001452C4, Type: Inline - RelativeJump 0x8061C2C4-->8061C2E4 [ntoskrnl.exe]
ntoskrnl.exe+0x001454B8, Type: Inline - RelativeCall 0x8061C4B8-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x001454C9, Type: Inline - RelativeJump 0x8061C4C9-->8061C4E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014563F, Type: Inline - RelativeCall 0x8061C63F-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00145673, Type: Inline - RelativeJump 0x8061C673-->8061C678 [ntoskrnl.exe]
ntoskrnl.exe+0x001457AD, Type: Inline - RelativeJump 0x8061C7AD-->8061C7DE [ntoskrnl.exe]
ntoskrnl.exe+0x0014585D, Type: Inline - RelativeJump 0x8061C85D-->8061C879 [ntoskrnl.exe]
ntoskrnl.exe+0x00145A23, Type: Inline - RelativeJump 0x8061CA23-->8061CA84 [ntoskrnl.exe]
ntoskrnl.exe+0x00145A84, Type: Inline - RelativeJump 0x8061CA84-->8061CAD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00145C89, Type: Inline - RelativeJump 0x8061CC89-->8061CF21 [ntoskrnl.exe]
ntoskrnl.exe+0x00145CA6, Type: Inline - RelativeJump 0x8061CCA6-->8061CCB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00145CBB, Type: Inline - RelativeJump 0x8061CCBB-->8061CD56 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D1A, Type: Inline - RelativeCall 0x8061CD1A-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D30, Type: Inline - RelativeJump 0x8061CD30-->8061CD49 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D4A, Type: Inline - RelativeJump 0x8061CD4A-->8061CC8E [ntoskrnl.exe]
ntoskrnl.exe+0x00145D5B, Type: Inline - RelativeCall 0x8061CD5B-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D6C, Type: Inline - RelativeJump 0x8061CD6C-->8061CCD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D7E, Type: Inline - RelativeJump 0x8061CD7E-->8061CD99 [ntoskrnl.exe]
ntoskrnl.exe+0x00145E27, Type: Inline - RelativeJump 0x8061CE27-->8061CE57 [ntoskrnl.exe]
ntoskrnl.exe+0x0014606E, Type: Inline - RelativeJump 0x8061D06E-->8061D24C [ntoskrnl.exe]
ntoskrnl.exe+0x00146078, Type: Inline - RelativeJump 0x8061D078-->8061D0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00146083, Type: Inline - RelativeCall 0x8061D083-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x001460C8, Type: Inline - RelativeJump 0x8061D0C8-->8061D0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x001460CE, Type: Inline - RelativeJump 0x8061D0CE-->8061D0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00146213, Type: Inline - RelativeJump 0x8061D213-->8061D23F [ntoskrnl.exe]
ntoskrnl.exe+0x00146229, Type: Inline - RelativeJump 0x8061D229-->8061D239 [ntoskrnl.exe]
ntoskrnl.exe+0x0014628D, Type: Inline - RelativeJump 0x8061D28D-->8061D624 [ntoskrnl.exe]
ntoskrnl.exe+0x00146334, Type: Inline - RelativeJump 0x8061D334-->8061D616 [ntoskrnl.exe]
ntoskrnl.exe+0x00146347, Type: Inline - RelativeJump 0x8061D347-->8061D356 [ntoskrnl.exe]
ntoskrnl.exe+0x0014634D, Type: Inline - RelativeJump 0x8061D34D-->8061D616 [ntoskrnl.exe]
ntoskrnl.exe+0x0014643A, Type: Inline - RelativeJump 0x8061D43A-->8061D624 [ntoskrnl.exe]
ntoskrnl.exe+0x00146685, Type: Inline - RelativeJump 0x8061D685-->8061D69B [ntoskrnl.exe]
ntoskrnl.exe+0x001466A2, Type: Inline - RelativeJump 0x8061D6A2-->8AD822E0 [unknown_code_page]
ntoskrnl.exe+0x001467F2, Type: Inline - RelativeJump 0x8061D7F2-->8061D83A [ntoskrnl.exe]
ntoskrnl.exe+0x00146A08, Type: Inline - RelativeJump 0x8061DA08-->8061DA20 [ntoskrnl.exe]
ntoskrnl.exe+0x00146A1C, Type: Inline - RelativeCall 0x8061DA1C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x00146A26, Type: Inline - PushRet 0x8061DA26-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x00146CC7, Type: Inline - RelativeJump 0x8061DCC7-->8061DF50 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D42, Type: Inline - RelativeJump 0x8061DD42-->8061DD77 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D6C, Type: Inline - RelativeJump 0x8061DD6C-->8061DD83 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D84, Type: Inline - RelativeJump 0x8061DD84-->8061DDDE [ntoskrnl.exe]
ntoskrnl.exe+0x00146D90, Type: Inline - RelativeJump 0x8061DD90-->8061DDFE [ntoskrnl.exe]
ntoskrnl.exe+0x00146DB7, Type: Inline - RelativeJump 0x8061DDB7-->8061DD47 [ntoskrnl.exe]
ntoskrnl.exe+0x00146DF2, Type: Inline - RelativeJump 0x8061DDF2-->8061DE85 [ntoskrnl.exe]
ntoskrnl.exe+0x00146DF8, Type: Inline - RelativeJump 0x8061DDF8-->8061DE85 [ntoskrnl.exe]
ntoskrnl.exe+0x00146EDC, Type: Inline - RelativeJump 0x8061DEDC-->8061DEF6 [ntoskrnl.exe]
ntoskrnl.exe+0x00146F78, Type: Inline - RelativeJump 0x8061DF78-->8061DF88 [ntoskrnl.exe]
ntoskrnl.exe+0x00147001, Type: Inline - RelativeJump 0x8061E001-->8061E05E [ntoskrnl.exe]
ntoskrnl.exe+0x00147049, Type: Inline - RelativeJump 0x8061E049-->8061E047 [ntoskrnl.exe]
ntoskrnl.exe+0x00147155, Type: Inline - RelativeJump 0x8061E155-->8061E171 [ntoskrnl.exe]
ntoskrnl.exe+0x001471BD, Type: Inline - RelativeJump 0x8061E1BD-->8061E1DB [ntoskrnl.exe]
ntoskrnl.exe+0x0014739B, Type: Inline - RelativeJump 0x8061E39B-->8061E49C [ntoskrnl.exe]
ntoskrnl.exe+0x00147476, Type: Inline - RelativeJump 0x8061E476-->8061E48C [ntoskrnl.exe]
ntoskrnl.exe+0x00147532, Type: Inline - RelativeJump 0x8061E532-->8061E53E [ntoskrnl.exe]
ntoskrnl.exe+0x001478B1, Type: Inline - RelativeJump 0x8061E8B1-->8061E8A3 [ntoskrnl.exe]
ntoskrnl.exe+0x001478BD, Type: Inline - RelativeCall 0x8061E8BD-->80518DB9 [ntoskrnl.exe]
ntoskrnl.exe+0x001478CD, Type: Inline - RelativeJump 0x8061E8CD-->8061EB07 [ntoskrnl.exe]
ntoskrnl.exe+0x001478D6, Type: Inline - RelativeCall 0x8061E8D6-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x00147A6E, Type: Inline - RelativeJump 0x8061EA6E-->8061EA87 [ntoskrnl.exe]
ntoskrnl.exe+0x0014810A, Type: Inline - RelativeJump 0x8061F10A-->8061F0EC [ntoskrnl.exe]
ntoskrnl.exe+0x00148191, Type: Inline - RelativeJump 0x8061F191-->8061F250 [ntoskrnl.exe]
ntoskrnl.exe+0x001482EE, Type: Inline - RelativeJump 0x8061F2EE-->8061F300 [ntoskrnl.exe]
ntoskrnl.exe+0x00148384, Type: Inline - RelativeJump 0x8061F384-->8061F3BA [ntoskrnl.exe]
ntoskrnl.exe+0x00148392, Type: Inline - RelativeCall 0x8061F392-->8061EF09 [ntoskrnl.exe]
ntoskrnl.exe+0x00148883, Type: Inline - RelativeJump 0x8061F883-->8061F9A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0014888B, Type: Inline - RelativeJump 0x8061F88B-->8061F89B [ntoskrnl.exe]
ntoskrnl.exe+0x00148912, Type: Inline - RelativeJump 0x8061F912-->8061F97B [ntoskrnl.exe]
ntoskrnl.exe+0x001489A4, Type: Inline - RelativeCall 0x8061F9A4-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001489B5, Type: Inline - PushRet 0x8061F9B5-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00148A60, Type: Inline - RelativeCall 0x8061FA60-->8061F25F [ntoskrnl.exe]
ntoskrnl.exe+0x00148A91, Type: Inline - RelativeJump 0x8061FA91-->8061FAC3 [ntoskrnl.exe]
ntoskrnl.exe+0x00148A94, Type: Inline - RelativeJump 0x8061FA94-->8061FAC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00148BD5, Type: Inline - PushRet 0x8061FBD5-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00148D59, Type: Inline - RelativeJump 0x8061FD59-->8061FDA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00148D6F, Type: Inline - RelativeJump 0x8061FD6F-->8061FD8E [ntoskrnl.exe]
ntoskrnl.exe+0x00148D78, Type: Inline - RelativeCall 0x8061FD78-->8061FB49 [ntoskrnl.exe]
ntoskrnl.exe+0x00148D88, Type: Inline - RelativeJump 0x8061FD88-->8061FDA1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014913A, Type: Inline - RelativeJump 0x8062013A-->8062014A [ntoskrnl.exe]
ntoskrnl.exe+0x001493AC, Type: Inline - RelativeCall 0x806203AC-->8057010D [ntoskrnl.exe]
ntoskrnl.exe+0x001493B7, Type: Inline - RelativeJump 0x806203B7-->806203D6 [ntoskrnl.exe]
ntoskrnl.exe+0x001495EC, Type: Inline - RelativeJump 0x806205EC-->806205F7 [ntoskrnl.exe]
ntoskrnl.exe+0x001496EC, Type: Inline - RelativeJump 0x806206EC-->806206FE [ntoskrnl.exe]
ntoskrnl.exe+0x00149BC0, Type: Inline - RelativeJump 0x80620BC0-->80620BD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00149BC4, Type: Inline - RelativeJump 0x80620BC4-->80620BCE [ntoskrnl.exe]
ntoskrnl.exe+0x00149CD1, Type: Inline - RelativeCall 0x80620CD1-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00149CFA, Type: Inline - RelativeJump 0x80620CFA-->80620D05 [ntoskrnl.exe]
ntoskrnl.exe+0x00149D7C, Type: Inline - RelativeJump 0x80620D7C-->80620D92 [ntoskrnl.exe]
ntoskrnl.exe+0x00149D80, Type: Inline - RelativeCall 0x80620D80-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00149DC0, Type: Inline - RelativeJump 0x80620DC0-->80620DD9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A2D6, Type: Inline - RelativeCall 0x806212D6-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A5A6, Type: Inline - RelativeJump 0x806215A6-->806215D6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A891, Type: Inline - PushRet 0x80621891-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014A898, Type: Inline - RelativeJump 0x80621898-->80621B7C [ntoskrnl.exe]
ntoskrnl.exe+0x0014A8B0, Type: Inline - RelativeJump 0x806218B0-->806218CC [ntoskrnl.exe]
ntoskrnl.exe+0x0014A952, Type: Inline - RelativeCall 0x80621952-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A9BF, Type: Inline - RelativeJump 0x806219BF-->806219DB [ntoskrnl.exe]
ntoskrnl.exe+0x0014A9E6, Type: Inline - RelativeJump 0x806219E6-->C6EBFA3A [unknown_code_page]
ntoskrnl.exe+0x0014AAD3, Type: Inline - RelativeCall 0x80621AD3-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014AADB, Type: Inline - RelativeJump 0x80621ADB-->80621B7C [ntoskrnl.exe]
ntoskrnl.exe+0x0014ACE8, Type: Inline - RelativeJump 0x80621CE8-->80621D1B [ntoskrnl.exe]
ntoskrnl.exe+0x0014ACFE, Type: Inline - RelativeJump 0x80621CFE-->80621CE0 [ntoskrnl.exe]
ntoskrnl.exe+0x0014AE4D, Type: Inline - PushRet 0x80621E4D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014AE60, Type: Inline - RelativeCall 0x80621E60-->EB3E9464 [unknown_code_page]
ntoskrnl.exe+0x0014AE65, Type: Inline - RelativeJump 0x80621E65-->80621E1D [ntoskrnl.exe]
ntoskrnl.exe+0x0014AFFC, Type: Inline - PushRet 0x80621FFC-->8BD84589 [unknown_code_page]
ntoskrnl.exe+0x0014B0B0, Type: Inline - RelativeJump 0x806220B0-->806220C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B171, Type: Inline - RelativeJump 0x80622171-->8062218F [ntoskrnl.exe]
ntoskrnl.exe+0x0014B221, Type: Inline - RelativeCall 0x80622221-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B23C, Type: Inline - RelativeJump 0x8062223C-->80622257 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B302, Type: Inline - RelativeJump 0x80622302-->80622320 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B314, Type: Inline - RelativeJump 0x80622314-->806222EE [ntoskrnl.exe]
ntoskrnl.exe+0x0014B398, Type: Inline - RelativeJump 0x80622398-->806223AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4A3, Type: Inline - RelativeJump 0x806224A3-->806224BD [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4A6, Type: Inline - PushRet 0x806224A6-->E8057403 [unknown_code_page]
ntoskrnl.exe+0x0014B4B4, Type: Inline - RelativeJump 0x806224B4-->806224C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4C0, Type: Inline - RelativeJump 0x806224C0-->806224CB [ntoskrnl.exe]
ntoskrnl.exe+0x0014B555, Type: Inline - RelativeJump 0x80622555-->806227AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B611, Type: Inline - RelativeJump 0x80622611-->806227AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B679, Type: Inline - RelativeJump 0x80622679-->80622693 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B6B6, Type: Inline - RelativeJump 0x806226B6-->806226E3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B6C7, Type: Inline - RelativeJump 0x806226C7-->806226D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B702, Type: Inline - RelativeCall 0x80622702-->80573888 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B908, Type: Inline - RelativeJump 0x80622908-->80622931 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B95A, Type: Inline - RelativeJump 0x8062295A-->8062296F [ntoskrnl.exe]
ntoskrnl.exe+0x0014B9E5, Type: Inline - RelativeCall 0x806229E5-->805352CC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B9F7, Type: Inline - PushRet 0x806229F7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014BB42, Type: Inline - RelativeCall 0x80622B42-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0014BB49, Type: Inline - RelativeCall 0x80622B49-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0014BC6B, Type: Inline - PushRet 0x80622C6B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014C034, Type: Inline - RelativeCall 0x80623034-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C044, Type: Inline - RelativeCall 0x80623044-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C052, Type: Inline - RelativeJump 0x80623052-->8062306C [ntoskrnl.exe]
ntoskrnl.exe+0x0014C0EC, Type: Inline - RelativeCall 0x806230EC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C1E2, Type: Inline - PushRet 0x806231E2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014C3A6, Type: Inline - RelativeJump 0x806233A6-->806233B4 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C45C, Type: Inline - PushRet 0x8062345C-->CCCC0010 [unknown_code_page]
ntoskrnl.exe+0x0014C6BD, Type: Inline - RelativeCall 0x806236BD-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6C5, Type: Inline - RelativeJump 0x806236C5-->806236D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6D1, Type: Inline - RelativeCall 0x806236D1-->804F2DB1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6EE, Type: Inline - RelativeJump 0x806236EE-->8062374E [ntoskrnl.exe]
ntoskrnl.exe+0x0014C8AF, Type: Inline - PushRet 0x806238AF-->C2C95E5B [unknown_code_page]
ntoskrnl.exe+0x0014C914, Type: Inline - RelativeJump 0x80623914-->806239B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA58, Type: Inline - RelativeCall 0x80623A58-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA60, Type: Inline - RelativeJump 0x80623A60-->80623BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA70, Type: Inline - RelativeCall 0x80623A70-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA7C, Type: Inline - RelativeJump 0x80623A7C-->80623C02 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA87, Type: Inline - RelativeJump 0x80623A87-->80623C02 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CB55, Type: Inline - RelativeJump 0x80623B55-->80623AEC [ntoskrnl.exe]
ntoskrnl.exe+0x0014CBA7, Type: Inline - RelativeCall 0x80623BA7-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CF63, Type: Inline - RelativeJump 0x80623F63-->806243CF [ntoskrnl.exe]
ntoskrnl.exe+0x0014D0A2, Type: Inline - RelativeCall 0x806240A2-->80622ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014D737, Type: Inline - PushRet 0x80624737-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014D904, Type: Inline - RelativeCall 0x80624904-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0014DF94, Type: Inline - RelativeJump 0x80624F94-->806250CA [ntoskrnl.exe]
ntoskrnl.exe+0x0014E20C, Type: Inline - RelativeJump 0x8062520C-->806251EA [ntoskrnl.exe]
ntoskrnl.exe+0x0014E25B, Type: Inline - RelativeJump 0x8062525B-->80625209 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E520, Type: Inline - RelativeJump 0x80625520-->80625526 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E564, Type: Inline - RelativeJump 0x80625564-->80625574 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E5F2, Type: Inline - PushRet 0x806255F2-->F1B80775 [unknown_code_page]
ntoskrnl.exe+0x0014E5FE, Type: Inline - RelativeJump 0x806255FE-->8062561C [ntoskrnl.exe]
ntoskrnl.exe+0x0014E611, Type: Inline - RelativeJump 0x80625611-->8062561F [ntoskrnl.exe]
ntoskrnl.exe+0x0014E6CC, Type: Inline - RelativeJump 0x806256CC-->806256C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014EAC6, Type: Inline - RelativeCall 0x80625AC6-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F207, Type: Inline - RelativeJump 0x80626207-->80626217 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F283, Type: Inline - RelativeJump 0x80626283-->80626296 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F3A3, Type: Inline - RelativeJump 0x806263A3-->806263CF [ntoskrnl.exe]
ntoskrnl.exe+0x0014F3BE, Type: Inline - RelativeJump 0x806263BE-->806263D3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F400, Type: Inline - RelativeJump 0x80626400-->806264A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F42F, Type: Inline - RelativeJump 0x8062642F-->80626370 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F434, Type: Inline - RelativeJump 0x80626434-->806263D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F6D7, Type: Inline - RelativeJump 0x806266D7-->80626716 [ntoskrnl.exe]
ntoskrnl.exe+0x0014FD00, Type: Inline - RelativeCall 0x80626D00-->80535B3F [ntoskrnl.exe]
ntoskrnl.exe+0x0014FD0B, Type: Inline - RelativeJump 0x80626D0B-->80626D3A [ntoskrnl.exe]
ntoskrnl.exe+0x00150344, Type: Inline - RelativeJump 0x80627344-->80627373 [ntoskrnl.exe]
ntoskrnl.exe+0x0015034F, Type: Inline - RelativeJump 0x8062734F-->80627369 [ntoskrnl.exe]
ntoskrnl.exe+0x00150355, Type: Inline - RelativeJump 0x80627355-->80627353 [ntoskrnl.exe]
ntoskrnl.exe+0x0015037A, Type: Inline - RelativeJump 0x8062737A-->80627398 [ntoskrnl.exe]
ntoskrnl.exe+0x001503EB, Type: Inline - RelativeCall 0x806273EB-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x001505C5, Type: Inline - RelativeJump 0x806275C5-->806275E3 [ntoskrnl.exe]
ntoskrnl.exe+0x00150829, Type: Inline - RelativeCall 0x80627829-->805A1115 [ntoskrnl.exe]
ntoskrnl.exe+0x00150976, Type: Inline - RelativeJump 0x80627976-->80627994 [ntoskrnl.exe]
ntoskrnl.exe+0x001509D5, Type: Inline - RelativeJump 0x806279D5-->806279E4 [ntoskrnl.exe]
ntoskrnl.exe+0x001509E7, Type: Inline - RelativeJump 0x806279E7-->806279F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00150B7B, Type: Inline - RelativeCall 0x80627B7B-->EBC00000 [unknown_code_page]
ntoskrnl.exe+0x00151043, Type: Inline - RelativeCall 0x80628043-->80627F7D [ntoskrnl.exe]
ntoskrnl.exe+0x0015104A, Type: Inline - RelativeJump 0x8062804A-->80628056 [ntoskrnl.exe]
ntoskrnl.exe+0x00151166, Type: Inline - RelativeJump 0x80628166-->80628194 [ntoskrnl.exe]
ntoskrnl.exe+0x0015124B, Type: Inline - RelativeCall 0x8062824B-->805A7B02 [ntoskrnl.exe]
ntoskrnl.exe+0x00151258, Type: Inline - RelativeJump 0x80628258-->80628271 [ntoskrnl.exe]
ntoskrnl.exe+0x001513B7, Type: Inline - RelativeJump 0x806283B7-->806283CC [ntoskrnl.exe]
ntoskrnl.exe+0x001514B4, Type: Inline - DirectCall 0x806284B4-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x001514CA, Type: Inline - RelativeJump 0x806284CA-->80628508 [ntoskrnl.exe]
ntoskrnl.exe+0x0015168D, Type: Inline - RelativeJump 0x8062868D-->8062868F [ntoskrnl.exe]
ntoskrnl.exe+0x001516BA, Type: Inline - PushRet 0x806286BA-->90900008 [unknown_code_page]
ntoskrnl.exe+0x00151817, Type: Inline - RelativeJump 0x80628817-->80628823 [ntoskrnl.exe]
ntoskrnl.exe+0x0015183C, Type: Inline - RelativeJump 0x8062883C-->80628846 [ntoskrnl.exe]
ntoskrnl.exe+0x00151848, Type: Inline - RelativeJump 0x80628848-->8062884E [ntoskrnl.exe]
ntoskrnl.exe+0x00151B47, Type: Inline - RelativeCall 0x80628B47-->805A714A [ntoskrnl.exe]
ntoskrnl.exe+0x00151B86, Type: Inline - RelativeCall 0x80628B86-->8062A017 [ntoskrnl.exe]
ntoskrnl.exe+0x00151C76, Type: Inline - RelativeJump 0x80628C76-->80628C80 [ntoskrnl.exe]
ntoskrnl.exe+0x001521C4, Type: Inline - RelativeCall 0x806291C4-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0015222D, Type: Inline - RelativeJump 0x8062922D-->80629236 [ntoskrnl.exe]
ntoskrnl.exe+0x00152416, Type: Inline - RelativeJump 0x80629416-->8062942F [ntoskrnl.exe]
ntoskrnl.exe+0x0015242E, Type: Inline - RelativeJump 0x8062942E-->806293E4 [ntoskrnl.exe]
ntoskrnl.exe+0x00152592, Type: Inline - RelativeJump 0x80629592-->806295C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0015265E, Type: Inline - RelativeJump 0x8062965E-->806296EE [ntoskrnl.exe]
ntoskrnl.exe+0x0015273C, Type: Inline - RelativeJump 0x8062973C-->8062974B [ntoskrnl.exe]
ntoskrnl.exe+0x001527F3, Type: Inline - RelativeJump 0x806297F3-->80629966 [ntoskrnl.exe]
ntoskrnl.exe+0x001529D5, Type: Inline - RelativeJump 0x806299D5-->806299DF [ntoskrnl.exe]
ntoskrnl.exe+0x00152B5D, Type: Inline - RelativeJump 0x80629B5D-->80629B68 [ntoskrnl.exe]
ntoskrnl.exe+0x00152B60, Type: Inline - RelativeJump 0x80629B60-->80629BC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00152B75, Type: Inline - RelativeJump 0x80629B75-->80629B8B [ntoskrnl.exe]
ntoskrnl.exe+0x001530BF, Type: Inline - PushRet 0x8062A0BF-->8AFC45C7 [unknown_code_page]
ntoskrnl.exe+0x00153190, Type: Inline - RelativeCall 0x8062A190-->BC4AE721 [unknown_code_page]
ntoskrnl.exe+0x00153196, Type: Inline - RelativeJump 0x8062A196-->8062A1B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001531A6, Type: Inline - RelativeJump 0x8062A1A6-->8062A18C [ntoskrnl.exe]
ntoskrnl.exe+0x001531B7, Type: Inline - RelativeJump 0x8062A1B7-->8062A187 [ntoskrnl.exe]
ntoskrnl.exe+0x00153220, Type: Inline - RelativeJump 0x8062A220-->8062A236 [ntoskrnl.exe]
ntoskrnl.exe+0x0015322C, Type: Inline - RelativeCall 0x8062A22C-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00153242, Type: Inline - RelativeJump 0x8062A242-->8062A23A [ntoskrnl.exe]
ntoskrnl.exe+0x001534F0, Type: Inline - RelativeJump 0x8062A4F0-->8062A503 [ntoskrnl.exe]
ntoskrnl.exe+0x0015378C, Type: Inline - RelativeJump 0x8062A78C-->8062A7F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00153828, Type: Inline - RelativeJump 0x8062A828-->8062A840 [ntoskrnl.exe]
ntoskrnl.exe+0x001538A2, Type: Inline - RelativeJump 0x8062A8A2-->8062A8C0 [ntoskrnl.exe]
ntoskrnl.exe+0x001538B7, Type: Inline - RelativeJump 0x8062A8B7-->8062A8C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001539B3, Type: Inline - RelativeJump 0x8062A9B3-->8062A9C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001539BE, Type: Inline - PushRet 0x8062A9BE-->CCCC0014 [unknown_code_page]
ntoskrnl.exe+0x00153A5A, Type: Inline - RelativeJump 0x8062AA5A-->8062AA70 [ntoskrnl.exe]
ntoskrnl.exe+0x00153A68, Type: Inline - RelativeJump 0x8062AA68-->8062AA86 [ntoskrnl.exe]
ntoskrnl.exe+0x00153B4F, Type: Inline - RelativeJump 0x8062AB4F-->8062AAC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00153D70, Type: Inline - RelativeJump 0x8062AD70-->8062ADA0 [ntoskrnl.exe]
ntoskrnl.exe+0x00153E01, Type: Inline - RelativeJump 0x8062AE01-->8062AE17 [ntoskrnl.exe]
ntoskrnl.exe+0x00153F40, Type: Inline - RelativeCall 0x8062AF40-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00153F6C, Type: Inline - RelativeJump 0x8062AF6C-->8062AFD4 [ntoskrnl.exe]
ntoskrnl.exe+0x00154080, Type: Inline - RelativeCall 0x8062B080-->804E310E [ntoskrnl.exe]
ntoskrnl.exe+0x00154368, Type: Inline - RelativeJump 0x8062B368-->8062B386 [ntoskrnl.exe]
ntoskrnl.exe+0x0015469C, Type: Inline - RelativeJump 0x8062B69C-->E4458BFF [unknown_code_page]
ntoskrnl.exe+0x00154A9F, Type: Inline - RelativeJump 0x8062BA9F-->8062BAB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00154C13, Type: Inline - RelativeJump 0x8062BC13-->8062BB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00154C5F, Type: Inline - RelativeJump 0x8062BC5F-->8062BC78 [ntoskrnl.exe]
ntoskrnl.exe+0x00154EA0, Type: Inline - PushRet 0x8062BEA0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00154F1E, Type: Inline - RelativeJump 0x8062BF1E-->8062BF2C [ntoskrnl.exe]
ntoskrnl.exe+0x001552FF, Type: Inline - RelativeJump 0x8062C2FF-->8062C3AF [ntoskrnl.exe]
ntoskrnl.exe+0x0015566C, Type: Inline - RelativeJump 0x8062C66C-->8062C6C8 [ntoskrnl.exe]
ntoskrnl.exe+0x00155724, Type: Inline - RelativeCall 0x8062C724-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe+0x001559F3, Type: Inline - RelativeCall 0x8062C9F3-->804EA1F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00155A5E, Type: Inline - RelativeCall 0x8062CA5E-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00155A68, Type: Inline - RelativeJump 0x8062CA68-->8062CA7C [ntoskrnl.exe]
ntoskrnl.exe+0x00155A73, Type: Inline - RelativeJump 0x8062CA73-->8062CB66 [ntoskrnl.exe]
ntoskrnl.exe+0x00155CC7, Type: Inline - RelativeJump 0x8062CCC7-->8062CD0A [ntoskrnl.exe]
ntoskrnl.exe+0x00155DF8, Type: Inline - RelativeCall 0x8062CDF8-->80550010 [ntoskrnl.exe]
ntoskrnl.exe+0x00155E06, Type: Inline - PushRet 0x8062CE06-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00155ED1, Type: Inline - DirectCall 0x8062CED1-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00155EDB, Type: Inline - RelativeJump 0x8062CEDB-->8062CEE2 [ntoskrnl.exe]
ntoskrnl.exe+0x00155F41, Type: Inline - RelativeJump 0x8062CF41-->8062CF4F [ntoskrnl.exe]
ntoskrnl.exe+0x001561D9, Type: Inline - RelativeCall 0x8062D1D9-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe+0x001561E2, Type: Inline - RelativeJump 0x8062D1E2-->8062D1F3 [ntoskrnl.exe]
ntoskrnl.exe+0x00156331, Type: Inline - RelativeJump 0x8062D331-->8062D38D [ntoskrnl.exe]
ntoskrnl.exe+0x00156511, Type: Inline - PushRet 0x8062D511-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0015680E, Type: Inline - RelativeCall 0x8062D80E-->805F2596 [ntoskrnl.exe]
ntoskrnl.exe+0x00156814, Type: Inline - RelativeCall 0x8062D814-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0015681C, Type: Inline - PushRet 0x8062D81C-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00156A4F, Type: Inline - RelativeCall 0x8062DA4F-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00156A54, Type: Inline - RelativeJump 0x8062DA54-->8062DA7A [ntoskrnl.exe]
ntoskrnl.exe+0x00156F37, Type: Inline - RelativeJump 0x8062DF37-->8062DF4B [ntoskrnl.exe]
ntoskrnl.exe+0x00157002, Type: Inline - RelativeJump 0x8062E002-->8062E081 [ntoskrnl.exe]
ntoskrnl.exe+0x00157012, Type: Inline - RelativeJump 0x8062E012-->8062E023 [ntoskrnl.exe]
ntoskrnl.exe+0x001571E2, Type: Inline - RelativeJump 0x8062E1E2-->8062E1C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0015752B, Type: Inline - RelativeJump 0x8062E52B-->8062E6FF [ntoskrnl.exe]
ntoskrnl.exe+0x001575E3, Type: Inline - RelativeJump 0x8062E5E3-->8062E60C [ntoskrnl.exe]
ntoskrnl.exe+0x00157753, Type: Inline - RelativeJump 0x8062E753-->8062E703 [ntoskrnl.exe]
ntoskrnl.exe+0x001577C7, Type: Inline - RelativeCall 0x8062E7C7-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x001577D4, Type: Inline - RelativeJump 0x8062E7D4-->8062E7E2 [ntoskrnl.exe]
ntoskrnl.exe+0x0015782F, Type: Inline - RelativeJump 0x8062E82F-->8062E83D [ntoskrnl.exe]
ntoskrnl.exe+0x0015783C, Type: Inline - RelativeJump 0x8062E83C-->8062EB0A [ntoskrnl.exe]
ntoskrnl.exe+0x00157843, Type: Inline - RelativeJump 0x8062E843-->8062E862 [ntoskrnl.exe]
ntoskrnl.exe+0x0015784A, Type: Inline - RelativeCall 0x8062E84A-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe+0x00157863, Type: Inline - DirectCall 0x8062E863-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00157929, Type: Inline - RelativeJump 0x8062E929-->8062E940 [ntoskrnl.exe]
ntoskrnl.exe+0x00157A80, Type: Inline - RelativeCall 0x8062EA80-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00157A86, Type: Inline - PushRet 0x8062EA86-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00157C62, Type: Inline - RelativeJump 0x8062EC62-->8062ECFC [ntoskrnl.exe]
ntoskrnl.exe+0x00157CD6, Type: Inline - RelativeCall 0x8062ECD6-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00157CE1, Type: Inline - PushRet 0x8062ECE1-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00157D09, Type: Inline - RelativeJump 0x8062ED09-->8062ED5B [ntoskrnl.exe]
ntoskrnl.exe+0x00157DA8, Type: Inline - DirectCall 0x8062EDA8-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00157DFE, Type: Inline - RelativeJump 0x8062EDFE-->8062EE9B [ntoskrnl.exe]
ntoskrnl.exe+0x00157E47, Type: Inline - RelativeJump 0x8062EE47-->8062EE7E [ntoskrnl.exe]
ntoskrnl.exe+0x00157EF2, Type: Inline - RelativeJump 0x8062EEF2-->8062EF3F [ntoskrnl.exe]
ntoskrnl.exe+0x00157F9E, Type: Inline - RelativeJump 0x8062EF9E-->8062EFAC [ntoskrnl.exe]
ntoskrnl.exe+0x00157FB4, Type: Inline - PushRet 0x8062EFB4-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00158142, Type: Inline - DirectCall 0x8062F142-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x001583F1, Type: Inline - RelativeCall 0x8062F3F1-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00158409, Type: Inline - PushRet 0x8062F409-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00158485, Type: Inline - RelativeJump 0x8062F485-->8062F48C [ntoskrnl.exe]
ntoskrnl.exe+0x001586E7, Type: Inline - PushRet 0x8062F6E7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00158B99, Type: Inline - RelativeJump 0x8062FB99-->8062FBAB [ntoskrnl.exe]
ntoskrnl.exe+0x00158E10, Type: Inline - RelativeJump 0x8062FE10-->8062FFBE [ntoskrnl.exe]
ntoskrnl.exe+0x00158F11, Type: Inline - RelativeCall 0x8062FF11-->8062C7E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00159084, Type: Inline - RelativeCall 0x80630084-->8062F72F [ntoskrnl.exe]
ntoskrnl.exe+0x0015908F, Type: Inline - RelativeJump 0x8063008F-->8063061C [ntoskrnl.exe]
ntoskrnl.exe+0x0015909A, Type: Inline - RelativeJump 0x8063009A-->80630615 [ntoskrnl.exe]
ntoskrnl.exe+0x00159128, Type: Inline - RelativeCall 0x80630128-->908A49AD [unknown_code_page]
ntoskrnl.exe+0x0015916A, Type: Inline - RelativeJump 0x8063016A-->806301A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0015926A, Type: Inline - RelativeJump 0x8063026A-->80630259 [ntoskrnl.exe]
ntoskrnl.exe+0x001592D1, Type: Inline - RelativeCall 0x806302D1-->8053CDD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00159653, Type: Inline - RelativeCall 0x80630653-->8054020F [ntoskrnl.exe]
ntoskrnl.exe+0x001599EF, Type: Inline - RelativeJump 0x806309EF-->80630A2B [ntoskrnl.exe]
ntoskrnl.exe+0x00159D12, Type: Inline - RelativeJump 0x80630D12-->80630D2B [ntoskrnl.exe]
ntoskrnl.exe+0x00159EDC, Type: Inline - RelativeJump 0x80630EDC-->80630EF4 [ntoskrnl.exe]
ntoskrnl.exe+0x00159FB1, Type: Inline - RelativeJump 0x80630FB1-->80630FDA [ntoskrnl.exe]
ntoskrnl.exe+0x00159FED, Type: Inline - RelativeJump 0x80630FED-->80631003 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A054, Type: Inline - PushRet 0x80631054-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x0015A0B8, Type: Inline - RelativeCall 0x806310B8-->804F4295 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A211, Type: Inline - RelativeJump 0x80631211-->80631244 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A9ED, Type: Inline - RelativeCall 0x806319ED-->80631904 [ntoskrnl.exe]
ntoskrnl.exe+0x0015AAC3, Type: Inline - RelativeJump 0x80631AC3-->80631BDC [ntoskrnl.exe]
ntoskrnl.exe+0x0015AAD1, Type: Inline - RelativeJump 0x80631AD1-->80631AEB [ntoskrnl.exe]
ntoskrnl.exe+0x0015AE2B, Type: Inline - RelativeJump 0x80631E2B-->80631E57 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B092, Type: Inline - RelativeCall 0x80632092-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B2F4, Type: Inline - RelativeCall 0x806322F4-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B926, Type: Inline - RelativeCall 0x80632926-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0015B930, Type: Inline - PushRet 0x80632930-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0015B96A, Type: Inline - RelativeJump 0x8063296A-->80632974 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C011, Type: Inline - RelativeJump 0x80633011-->80633027 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C0C6, Type: Inline - RelativeJump 0x806330C6-->806330DA [ntoskrnl.exe]
ntoskrnl.exe+0x0015C0D7, Type: Inline - RelativeCall 0x806330D7-->8050795F [ntoskrnl.exe]
ntoskrnl.exe+0x0015C183, Type: Inline - RelativeCall 0x80633183-->805D9E44 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C190, Type: Inline - RelativeCall 0x80633190-->805D9AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C307, Type: Inline - RelativeJump 0x80633307-->80633361 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C351, Type: Inline - RelativeJump 0x80633351-->80633368 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C3FA, Type: Inline - RelativeJump 0x806333FA-->80633414 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C65F, Type: Inline - RelativeJump 0x8063365F-->80633677 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C926, Type: Inline - RelativeJump 0x80633926-->8063392E [ntoskrnl.exe]
ntoskrnl.exe+0x0015CAEA, Type: Inline - RelativeCall 0x80633AEA-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0015CAF4, Type: Inline - PushRet 0x80633AF4-->90CC0004 [unknown_code_page]
ntoskrnl.exe+0x0015CB8F, Type: Inline - RelativeJump 0x80633B8F-->80633B99 [ntoskrnl.exe]
ntoskrnl.exe+0x0015CBD4, Type: Inline - RelativeCall 0x80633BD4-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0015CD3F, Type: Inline - RelativeJump 0x80633D3F-->80633D5E [ntoskrnl.exe]
ntoskrnl.exe+0x0015CE25, Type: Inline - PushRet 0x80633E25-->E8016AD0 [unknown_code_page]
ntoskrnl.exe+0x0015D059, Type: Inline - RelativeCall 0x80634059-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D0CD, Type: Inline - RelativeCall 0x806340CD-->81CD93D5 [unknown_code_page]
ntoskrnl.exe+0x0015D0D5, Type: Inline - RelativeJump 0x806340D5-->80634114 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D3DC, Type: Inline - RelativeJump 0x806343DC-->806343D5 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D622, Type: Inline - RelativeJump 0x80634622-->8063466E [ntoskrnl.exe]
ntoskrnl.exe+0x0015D696, Type: Inline - RelativeJump 0x80634696-->806346AF [ntoskrnl.exe]
ntoskrnl.exe+0x0015D6AF, Type: Inline - RelativeJump 0x806346AF-->806346A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC2F, Type: Inline - RelativeCall 0x80634C2F-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC34, Type: Inline - RelativeJump 0x80634C34-->80634E24 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC40, Type: Inline - RelativeCall 0x80634C40-->804E5C6E [ntoskrnl.exe]
ntoskrnl.exe+0x0015DCE1, Type: Inline - RelativeCall 0x80634CE1-->80634B17 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DD35, Type: Inline - RelativeJump 0x80634D35-->80634D49 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E0A9, Type: Inline - RelativeJump 0x806350A9-->8063509B [ntoskrnl.exe]
ntoskrnl.exe+0x0015E51B, Type: Inline - RelativeJump 0x8063551B-->8063552C [ntoskrnl.exe]
ntoskrnl.exe+0x0015E582, Type: Inline - RelativeJump 0x80635582-->80635590 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E603, Type: Inline - RelativeCall 0x80635603-->8064CBE3 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E95F, Type: Inline - PushRet 0x8063595F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0015E976, Type: Inline - RelativeJump 0x80635976-->80635A12 [ntoskrnl.exe]
ntoskrnl.exe+0x0015EB05, Type: Inline - RelativeJump 0x80635B05-->80635B28 [ntoskrnl.exe]
ntoskrnl.exe+0x0015ECDB, Type: Inline - PushRet 0x80635CDB-->EABC4FE8 [unknown_code_page]
ntoskrnl.exe+0x0015ED25, Type: Inline - PushRet 0x80635D25-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0015F104, Type: Inline - RelativeCall 0x80636104-->80590F69 [ntoskrnl.exe]
ntoskrnl.exe+0x0015F113, Type: Inline - RelativeJump 0x80636113-->8063625F [ntoskrnl.exe]
ntoskrnl.exe+0x0015F1C9, Type: Inline - RelativeJump 0x806361C9-->80636262 [ntoskrnl.exe]
ntoskrnl.exe+0x0015F52F, Type: Inline - RelativeJump 0x8063652F-->80636549 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FAD2, Type: Inline - RelativeCall 0x80636AD2-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FAD8, Type: Inline - RelativeJump 0x80636AD8-->80636C7F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FC58, Type: Inline - RelativeJump 0x80636C58-->80636C36 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD3C, Type: Inline - RelativeCall 0x80636D3C-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD4A, Type: Inline - RelativeJump 0x80636D4A-->80636E3B [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD52, Type: Inline - RelativeJump 0x80636D52-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD64, Type: Inline - RelativeJump 0x80636D64-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD6D, Type: Inline - RelativeJump 0x80636D6D-->80636D90 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD78, Type: Inline - RelativeJump 0x80636D78-->80636D88 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FDF6, Type: Inline - RelativeJump 0x80636DF6-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FE05, Type: Inline - RelativeJump 0x80636E05-->80636E0E [ntoskrnl.exe]
ntoskrnl.exe+0x00160097, Type: Inline - RelativeJump 0x80637097-->806370A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001600EA, Type: Inline - RelativeCall 0x806370EA-->8054D3D1 [ntoskrnl.exe]
ntoskrnl.exe+0x001601BB, Type: Inline - RelativeJump 0x806371BB-->80637242 [ntoskrnl.exe]
ntoskrnl.exe+0x0016055F, Type: Inline - RelativeJump 0x8063755F-->80637583 [ntoskrnl.exe]
ntoskrnl.exe+0x001607BF, Type: Inline - PushRet 0x806377BF-->8BED75F6 [unknown_code_page]
ntoskrnl.exe+0x001607C0, Type: Inline - RelativeCall 0x806377C0-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x001607C5, Type: Inline - RelativeJump 0x806377C5-->806377D3 [ntoskrnl.exe]
ntoskrnl.exe+0x00160B4D, Type: Inline - RelativeJump 0x80637B4D-->80637B55 [ntoskrnl.exe]
ntoskrnl.exe+0x00160CDC, Type: Inline - RelativeJump 0x80637CDC-->80637D15 [ntoskrnl.exe]
ntoskrnl.exe+0x00160D4E, Type: Inline - RelativeCall 0x80637D4E-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00160D56, Type: Inline - PushRet 0x80637D56-->9090000C [unknown_code_page]
ntoskrnl.exe+0x00160E08, Type: Inline - DirectCall 0x80637E08-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00160EEE, Type: Inline - RelativeJump 0x80637EEE-->80637F15 [ntoskrnl.exe]
ntoskrnl.exe+0x00160FF8, Type: Inline - RelativeJump 0x80637FF8-->8063800D [ntoskrnl.exe]
ntoskrnl.exe+0x0016139D, Type: Inline - RelativeJump 0x8063839D-->FF006AFF [unknown_code_page]
ntoskrnl.exe+0x001613A6, Type: Inline - RelativeCall 0x806383A6-->806382BF [ntoskrnl.exe]
ntoskrnl.exe+0x001613AC, Type: Inline - RelativeCall 0x806383AC-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00161591, Type: Inline - PushRet 0x80638591-->CC900014 [unknown_code_page]
ntoskrnl.exe+0x001615D4, Type: Inline - RelativeCall 0x806385D4-->80505760 [ntoskrnl.exe]
ntoskrnl.exe+0x0016187D, Type: Inline - RelativeJump 0x8063887D-->80638893 [ntoskrnl.exe]
ntoskrnl.exe+0x00161C43, Type: Inline - RelativeJump 0x80638C43-->80638CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00161C5C, Type: Inline - RelativeJump 0x80638C5C-->80638C83 [ntoskrnl.exe]
ntoskrnl.exe+0x00161CEE, Type: Inline - RelativeJump 0x80638CEE-->80638C64 [ntoskrnl.exe]
ntoskrnl.exe+0x00161D0B, Type: Inline - RelativeCall 0x80638D0B-->B96C4F94 [unknown_code_page]
ntoskrnl.exe+0x00161D11, Type: Inline - RelativeJump 0x80638D11-->80638CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00161D1C, Type: Inline - RelativeJump 0x80638D1C-->80638B76 [ntoskrnl.exe]
ntoskrnl.exe+0x00161F07, Type: Inline - RelativeJump 0x80638F07-->80638F19 [ntoskrnl.exe]
ntoskrnl.exe+0x00162513, Type: Inline - RelativeJump 0x80639513-->80639505 [ntoskrnl.exe]
ntoskrnl.exe+0x00162847, Type: Inline - RelativeJump 0x80639847-->80639952 [ntoskrnl.exe]
ntoskrnl.exe+0x00162853, Type: Inline - RelativeJump 0x80639853-->8063917F [ntoskrnl.exe]
ntoskrnl.exe+0x00162858, Type: Inline - RelativeJump 0x80639858-->80639952 [ntoskrnl.exe]
ntoskrnl.exe+0x00162908, Type: Inline - RelativeJump 0x80639908-->80639933 [ntoskrnl.exe]
ntoskrnl.exe+0x0016293A, Type: Inline - RelativeJump 0x8063993A-->80639879 [ntoskrnl.exe]
ntoskrnl.exe+0x00162ED6, Type: Inline - RelativeCall 0x80639ED6-->88A92C2B [unknown_code_page]
ntoskrnl.exe+0x00163158, Type: Inline - RelativeCall 0x8063A158-->8056F21C [ntoskrnl.exe]
ntoskrnl.exe+0x00163163, Type: Inline - RelativeJump 0x8063A163-->8063A175 [ntoskrnl.exe]
ntoskrnl.exe+0x0016348C, Type: Inline - RelativeJump 0x8063A48C-->8063A513 [ntoskrnl.exe]
ntoskrnl.exe+0x0016361C, Type: Inline - RelativeCall 0x8063A61C-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163B14, Type: Inline - RelativeJump 0x8063AB14-->8063ACD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163B96, Type: Inline - RelativeJump 0x8063AB96-->8063ABA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00163BEC, Type: Inline - RelativeJump 0x8063ABEC-->8063AC12 [ntoskrnl.exe]
ntoskrnl.exe+0x00163C58, Type: Inline - RelativeJump 0x8063AC58-->8063ACD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00163D5A, Type: Inline - RelativeJump 0x8063AD5A-->8063ACD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163D68, Type: Inline - RelativeJump 0x8063AD68-->8063AD9C [ntoskrnl.exe]
ntoskrnl.exe+0x00163DC7, Type: Inline - RelativeJump 0x8063ADC7-->8063ADA9 [ntoskrnl.exe]
ntoskrnl.exe+0x00163E65, Type: Inline - RelativeJump 0x8063AE65-->8063AE6A [ntoskrnl.exe]
ntoskrnl.exe+0x00163F1D, Type: Inline - RelativeJump 0x8063AF1D-->8063AF05 [ntoskrnl.exe]
ntoskrnl.exe+0x00163F61, Type: Inline - PushRet 0x8063AF61-->F0C5048D [unknown_code_page]
ntoskrnl.exe+0x00163F62, Type: Inline - RelativeCall 0x8063AF62-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe+0x001640C5, Type: Inline - RelativeJump 0x8063B0C5-->8063B0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0016467A, Type: Inline - RelativeJump 0x8063B67A-->8063B753 [ntoskrnl.exe]
ntoskrnl.exe+0x0016467F, Type: Inline - RelativeJump 0x8063B67F-->8063B74B [ntoskrnl.exe]
ntoskrnl.exe+0x0016468A, Type: Inline - RelativeJump 0x8063B68A-->8063B6BE [ntoskrnl.exe]
ntoskrnl.exe+0x00164AEC, Type: Inline - RelativeJump 0x8063BAEC-->8063BAB4 [ntoskrnl.exe]
ntoskrnl.exe+0x00164AFB, Type: Inline - RelativeJump 0x8063BAFB-->8063BAC0 [ntoskrnl.exe]
ntoskrnl.exe+0x00164B44, Type: Inline - RelativeJump 0x8063BB44-->8063BB74 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C5E, Type: Inline - RelativeJump 0x8063BC5E-->8063BAB3 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C6C, Type: Inline - RelativeJump 0x8063BC6C-->8063BC08 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C7E, Type: Inline - RelativeJump 0x8063BC7E-->8063BC8B [ntoskrnl.exe]
ntoskrnl.exe+0x00164D26, Type: Inline - RelativeCall 0x8063BD26-->805D2201 [ntoskrnl.exe]
ntoskrnl.exe+0x00164D3A, Type: Inline - RelativeJump 0x8063BD3A-->8063BD55 [ntoskrnl.exe]
ntoskrnl.exe+0x00164D85, Type: Inline - RelativeJump 0x8063BD85-->8063BDA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00164EB4, Type: Inline - RelativeJump 0x8063BEB4-->8063BECE [ntoskrnl.exe]
ntoskrnl.exe+0x00165171, Type: Inline - PushRet 0x8063C171-->90900008 [unknown_code_page]
ntoskrnl.exe+0x001653EE, Type: Inline - RelativeJump 0x8063C3EE-->8063C411 [ntoskrnl.exe]
ntoskrnl.exe+0x00165503, Type: Inline - RelativeJump 0x8063C503-->8063C523 [ntoskrnl.exe]
ntoskrnl.exe+0x00165513, Type: Inline - RelativeJump 0x8063C513-->8063C5B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016558C, Type: Inline - RelativeJump 0x8063C58C-->8063C5BE [ntoskrnl.exe]
ntoskrnl.exe+0x001659C1, Type: Inline - RelativeCall 0x8063C9C1-->BC72B4FD [unknown_code_page]
ntoskrnl.exe+0x001659C6, Type: Inline - RelativeJump 0x8063C9C6-->8063C9F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00165A0B, Type: Inline - PushRet 0x8063CA0B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00165A1A, Type: Inline - RelativeCall 0x8063CA1A-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00165A2C, Type: Inline - PushRet 0x8063CA2C-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x00165B77, Type: Inline - RelativeJump 0x8063CB77-->8063CB65 [ntoskrnl.exe]
ntoskrnl.exe+0x00165C18, Type: Inline - PushRet 0x8063CC18-->CC900010 [unknown_code_page]
ntoskrnl.exe+0x00165CEF, Type: Inline - DirectJump 0x8063CCEF-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00166106, Type: Inline - RelativeCall 0x8063D106-->805B61D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016610C, Type: Inline - RelativeCall 0x8063D10C-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00166237, Type: Inline - RelativeJump 0x8063D237-->8063D251 [ntoskrnl.exe]
ntoskrnl.exe+0x0016623C, Type: Inline - DirectCall 0x8063D23C-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00166246, Type: Inline - RelativeJump 0x8063D246-->8063D251 [ntoskrnl.exe]
ntoskrnl.exe+0x001663EC, Type: Inline - RelativeJump 0x8063D3EC-->8063D406 [ntoskrnl.exe]
ntoskrnl.exe+0x00166566, Type: Inline - PushRet 0x8063D566-->CC900014 [unknown_code_page]
ntoskrnl.exe+0x001665D6, Type: Inline - RelativeJump 0x8063D5D6-->8063D5DE [ntoskrnl.exe]
ntoskrnl.exe+0x0016663A, Type: Inline - RelativeCall 0x8063D63A-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe+0x00166645, Type: Inline - RelativeJump 0x8063D645-->8063D651 [ntoskrnl.exe]
ntoskrnl.exe+0x001666C6, Type: Inline - RelativeCall 0x8063D6C6-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x001666D7, Type: Inline - PushRet 0x8063D6D7-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00166B00, Type: Inline - RelativeJump 0x8063DB00-->8063DB06 [ntoskrnl.exe]
ntoskrnl.exe+0x00166B12, Type: Inline - RelativeJump 0x8063DB12-->8063DB18 [ntoskrnl.exe]
ntoskrnl.exe+0x00166E01, Type: Inline - RelativeJump 0x8063DE01-->8063DD27 [ntoskrnl.exe]
ntoskrnl.exe+0x00166EED, Type: Inline - RelativeJump 0x8063DEED-->8063DEF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016702C, Type: Inline - RelativeJump 0x8063E02C-->8063E041 [ntoskrnl.exe]
ntoskrnl.exe+0x00167318, Type: Inline - RelativeJump 0x8063E318-->8063E4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00167326, Type: Inline - RelativeJump 0x8063E326-->8063E4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00167360, Type: Inline - RelativeJump 0x8063E360-->8063E4D8 [ntoskrnl.exe]
ntoskrnl.exe+0x0016738C, Type: Inline - RelativeJump 0x8063E38C-->8063E497 [ntoskrnl.exe]
ntoskrnl.exe+0x00167478, Type: Inline - RelativeCall 0x8063E478-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016795B, Type: Inline - RelativeCall 0x8063E95B-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x00167963, Type: Inline - RelativeJump 0x8063E963-->8063E9F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00167AEB, Type: Inline - RelativeJump 0x8063EAEB-->8063EC41 [ntoskrnl.exe]
ntoskrnl.exe+0x00167F15, Type: Inline - RelativeJump 0x8063EF15-->8063EF1B [ntoskrnl.exe]
ntoskrnl.exe+0x00168003, Type: Inline - RelativeJump 0x8063F003-->8063F023 [ntoskrnl.exe]
ntoskrnl.exe+0x0016800E, Type: Inline - RelativeJump 0x8063F00E-->8063F023 [ntoskrnl.exe]
ntoskrnl.exe+0x00168035, Type: Inline - RelativeCall 0x8063F035-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0016810A, Type: Inline - RelativeJump 0x8063F10A-->8063F1E5 [ntoskrnl.exe]
ntoskrnl.exe+0x001684F1, Type: Inline - RelativeCall 0x8063F4F1-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x001684F6, Type: Inline - PushRet 0x8063F4F6-->90909090 [unknown_code_page]

ntoskrnl.exe+0x001686F5, Type: Inline - RelativeCall 0x8063F6F5-->8056FE2C [ntoskrnl.exe]
ntoskrnl.exe+0x001687DD, Type: Inline - RelativeJump 0x8063F7DD-->8063F7EF [ntoskrnl.exe]
ntoskrnl.exe+0x00168875, Type: Inline - RelativeJump 0x8063F875-->8063F8B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016889E, Type: Inline - RelativeJump 0x8063F89E-->8063FA0B [ntoskrnl.exe]
ntoskrnl.exe+0x00168910, Type: Inline - RelativeJump 0x8063F910-->8063F8DE [ntoskrnl.exe]
ntoskrnl.exe+0x0016892F, Type: Inline - RelativeJump 0x8063F92F-->8063F905 [ntoskrnl.exe]
ntoskrnl.exe+0x001689E9, Type: Inline - RelativeCall 0x8063F9E9-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x001689F5, Type: Inline - RelativeJump 0x8063F9F5-->8063FA0C [ntoskrnl.exe]
ntoskrnl.exe+0x00168A01, Type: Inline - RelativeJump 0x8063FA01-->8063F9E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00168A0F, Type: Inline - RelativeJump 0x8063FA0F-->8063FB7A [ntoskrnl.exe]
ntoskrnl.exe+0x00168A16, Type: Inline - RelativeJump 0x8063FA16-->8063FA7D [ntoskrnl.exe]
ntoskrnl.exe+0x00168A70, Type: Inline - RelativeJump 0x8063FA70-->8063FA80 [ntoskrnl.exe]
ntoskrnl.exe+0x00168E5A, Type: Inline - PushRet 0x8063FE5A-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00169014, Type: Inline - RelativeJump 0x80640014-->8064003A [ntoskrnl.exe]
ntoskrnl.exe+0x00169094, Type: Inline - PushRet 0x80640094-->CCCC0024 [unknown_code_page]
ntoskrnl.exe+0x001697E0, Type: Inline - RelativeCall 0x806407E0-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x00169813, Type: Inline - RelativeCall 0x80640813-->80590EF2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016A021, Type: Inline - RelativeJump 0x80641021-->8064101F [ntoskrnl.exe]
ntoskrnl.exe+0x0016A14A, Type: Inline - RelativeJump 0x8064114A-->8064114A [ntoskrnl.exe]
ntoskrnl.exe+0x0016A34C, Type: Inline - RelativeCall 0x8064134C-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0016A351, Type: Inline - RelativeJump 0x80641351-->8064135F [ntoskrnl.exe]
ntoskrnl.exe+0x0016AA78, Type: Inline - RelativeCall 0x80641A78-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AA7D, Type: Inline - RelativeJump 0x80641A7D-->80641A8B [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB24, Type: Inline - RelativeJump 0x80641B24-->80641BF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB2C, Type: Inline - RelativeJump 0x80641B2C-->80641BF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB42, Type: Inline - RelativeJump 0x80641B42-->80641BF6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB48, Type: Inline - RelativeJump 0x80641B48-->80641B5B [ntoskrnl.exe]
ntoskrnl.exe+0x0016AF13, Type: Inline - RelativeJump 0x80641F13-->80641F49 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AFD3, Type: Inline - RelativeJump 0x80641FD3-->80641FE9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AFDA, Type: Inline - RelativeJump 0x80641FDA-->80641FEF [ntoskrnl.exe]
ntoskrnl.exe+0x0016B1F7, Type: Inline - RelativeJump 0x806421F7-->80642229 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B20D, Type: Inline - RelativeJump 0x8064220D-->8064221F [ntoskrnl.exe]
ntoskrnl.exe+0x0016B768, Type: Inline - RelativeCall 0x80642768-->80642618 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B773, Type: Inline - RelativeJump 0x80642773-->80642790 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B77A, Type: Inline - RelativeCall 0x8064277A-->806426C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B7A0, Type: Inline - RelativeJump 0x806427A0-->806427B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BA94, Type: Inline - RelativeJump 0x80642A94-->80642A9C [ntoskrnl.exe]
ntoskrnl.exe+0x0016BABE, Type: Inline - RelativeJump 0x80642ABE-->80642B5A [ntoskrnl.exe]
ntoskrnl.exe+0x0016BB54, Type: Inline - RelativeJump 0x80642B54-->80642B63 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BB9F, Type: Inline - RelativeJump 0x80642B9F-->80642A13 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BCD0, Type: Inline - RelativeJump 0x80642CD0-->80642D78 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BD5C, Type: Inline - RelativeJump 0x80642D5C-->80642D75 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BF03, Type: Inline - RelativeJump 0x80642F03-->80642E9A [ntoskrnl.exe]
ntoskrnl.exe+0x0016C171, Type: Inline - RelativeCall 0x80643171-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C3A0, Type: Inline - RelativeJump 0x806433A0-->806433B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C3B7, Type: Inline - PushRet 0x806433B7-->8BA5F3FA [unknown_code_page]
ntoskrnl.exe+0x0016C4B6, Type: Inline - RelativeCall 0x806434B6-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0016C4BC, Type: Inline - RelativeJump 0x806434BC-->806434D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C8E4, Type: Inline - RelativeCall 0x806438E4-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0016C8F9, Type: Inline - PushRet 0x806438F9-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0016C999, Type: Inline - RelativeJump 0x80643999-->8068FCA1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016CA78, Type: Inline - PushRet 0x80643A78-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CBCD, Type: Inline - RelativeCall 0x80643BCD-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0016CC54, Type: Inline - RelativeJump 0x80643C54-->80643C64 [ntoskrnl.exe]
ntoskrnl.exe+0x0016CD54, Type: Inline - PushRet 0x80643D54-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CE40, Type: Inline - PushRet 0x80643E40-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CFF2, Type: Inline - PushRet 0x80643FF2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016D27F, Type: Inline - RelativeJump 0x8064427F-->806442B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016DD8A, Type: Inline - RelativeJump 0x80644D8A-->80644D7C [ntoskrnl.exe]
ntoskrnl.exe+0x0016DEEA, Type: Inline - RelativeJump 0x80644EEA-->80644EE7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016DF1D, Type: Inline - RelativeJump 0x80644F1D-->80644EAE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E082, Type: Inline - RelativeJump 0x80645082-->806450A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E203, Type: Inline - RelativeCall 0x80645203-->80644A0E [ntoskrnl.exe]
ntoskrnl.exe+0x0016E39E, Type: Inline - RelativeJump 0x8064539E-->806453B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E4F5, Type: Inline - RelativeCall 0x806454F5-->80546FFE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E500, Type: Inline - PushRet 0x80645500-->90CC0004 [unknown_code_page]
ntoskrnl.exe+0x0016E5BB, Type: Inline - RelativeCall 0x806455BB-->804E3B12 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5C4, Type: Inline - PushRet 0x806455C4-->F08B077D [unknown_code_page]
ntoskrnl.exe+0x0016E5C5, Type: Inline - RelativeJump 0x806455C5-->806455D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5E4, Type: Inline - RelativeJump 0x806455E4-->8064561B [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5FC, Type: Inline - PushRet 0x806455FC-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016E64B, Type: Inline - RelativeCall 0x8064564B-->804E391E [ntoskrnl.exe]
ntoskrnl.exe+0x0016E65E, Type: Inline - PushRet 0x8064565E-->FF628C0F [unknown_code_page]
ntoskrnl.exe+0x0016E65F, Type: Inline - RelativeJump 0x8064565F-->806455C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E695, Type: Inline - RelativeCall 0x80645695-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E69E, Type: Inline - RelativeJump 0x8064569E-->806455C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E893, Type: Inline - RelativeJump 0x80645893-->806458AC [ntoskrnl.exe]
ntoskrnl.exe+0x0016E8CC, Type: Inline - RelativeCall 0x806458CC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E8DC, Type: Inline - RelativeJump 0x806458DC-->80645A76 [ntoskrnl.exe]
ntoskrnl.exe+0x0016EA22, Type: Inline - RelativeCall 0x80645A22-->804E86F5 [ntoskrnl.exe]
ntoskrnl.exe+0x0016EA86, Type: Inline - RelativeJump 0x80645A86-->80645A8C [ntoskrnl.exe]
ntoskrnl.exe+0x0016EAAA, Type: Inline - RelativeJump 0x80645AAA-->80645AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016ECE4, Type: Inline - RelativeJump 0x80645CE4-->80645D9F [ntoskrnl.exe]
ntoskrnl.exe+0x0016EE7E, Type: Inline - PushRet 0x80645E7E-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016F158, Type: Inline - RelativeJump 0x80646158-->8064677D [ntoskrnl.exe]
ntoskrnl.exe+0x0016F1D2, Type: Inline - RelativeJump 0x806461D2-->806461DF [ntoskrnl.exe]
ntoskrnl.exe+0x0016F206, Type: Inline - RelativeJump 0x80646206-->80646222 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F226, Type: Inline - RelativeJump 0x80646226-->80646259 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F23A, Type: Inline - RelativeJump 0x8064623A-->80646259 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F552, Type: Inline - RelativeJump 0x80646552-->8064656C [ntoskrnl.exe]
ntoskrnl.exe+0x0016F590, Type: Inline - RelativeCall 0x80646590-->8064C717 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F5A6, Type: Inline - RelativeJump 0x806465A6-->8064674A [ntoskrnl.exe]
ntoskrnl.exe+0x0016F5E0, Type: Inline - RelativeJump 0x806465E0-->806465F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F60E, Type: Inline - RelativeJump 0x8064660E-->806466D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F626, Type: Inline - RelativeJump 0x80646626-->806466B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F62E, Type: Inline - RelativeJump 0x8064662E-->806466B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F6B0, Type: Inline - RelativeJump 0x806466B0-->806466C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FA6F, Type: Inline - RelativeJump 0x80646A6F-->80646A8B [ntoskrnl.exe]
ntoskrnl.exe+0x0016FA85, Type: Inline - RelativeJump 0x80646A85-->80646AA0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FBD5, Type: Inline - RelativeCall 0x80646BD5-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FBE1, Type: Inline - RelativeCall 0x80646BE1-->80645EC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FC24, Type: Inline - RelativeJump 0x80646C24-->80646C6B [ntoskrnl.exe]
ntoskrnl.exe+0x0016FCDD, Type: Inline - RelativeCall 0x80646CDD-->80649F4E [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEB8, Type: Inline - RelativeJump 0x80646EB8-->80647056 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEBD, Type: Inline - RelativeJump 0x80646EBD-->80647059 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEC5, Type: Inline - RelativeJump 0x80646EC5-->80647030 [ntoskrnl.exe]
ntoskrnl.exe+0x0017000E, Type: Inline - RelativeCall 0x8064700E-->FFC00000 [unknown_code_page]
ntoskrnl.exe+0x00170016, Type: Inline - RelativeCall 0x80647016-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0017001B, Type: Inline - RelativeJump 0x8064701B-->8064705A [ntoskrnl.exe]
ntoskrnl.exe+0x001705C7, Type: Inline - RelativeJump 0x806475C7-->8064761D [ntoskrnl.exe]
ntoskrnl.exe+0x00170804, Type: Inline - RelativeJump 0x80647804-->8064781E [ntoskrnl.exe]
ntoskrnl.exe+0x00170924, Type: Inline - RelativeJump 0x80647924-->80647907 [ntoskrnl.exe]
ntoskrnl.exe+0x0017095C, Type: Inline - RelativeJump 0x8064795C-->8064797A [ntoskrnl.exe]
ntoskrnl.exe+0x00170968, Type: Inline - PushRet 0x80647968-->E8A55210 [unknown_code_page]
ntoskrnl.exe+0x0017096B, Type: Inline - RelativeCall 0x8064796B-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x0017097B, Type: Inline - RelativeCall 0x8064797B-->80649F4E [ntoskrnl.exe]
ntoskrnl.exe+0x00170980, Type: Inline - RelativeJump 0x80647980-->8064798F [ntoskrnl.exe]
ntoskrnl.exe+0x00170B02, Type: Inline - RelativeJump 0x80647B02-->80647A88 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C10, Type: Inline - RelativeJump 0x80647C10-->80647D90 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C17, Type: Inline - RelativeJump 0x80647C17-->80647D07 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C80, Type: Inline - RelativeJump 0x80647C80-->80647D85 [ntoskrnl.exe]
ntoskrnl.exe+0x00170CE4, Type: Inline - PushRet 0x80647CE4-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00170CEE, Type: Inline - RelativeJump 0x80647CEE-->80647DCE [ntoskrnl.exe]
ntoskrnl.exe+0x00170D04, Type: Inline - RelativeJump 0x80647D04-->80647D90 [ntoskrnl.exe]
ntoskrnl.exe+0x00170D0F, Type: Inline - RelativeJump 0x80647D0F-->80647D6A [ntoskrnl.exe]
ntoskrnl.exe+0x00170E41, Type: Inline - RelativeJump 0x80647E41-->80647E5B [ntoskrnl.exe]
ntoskrnl.exe+0x00170ECD, Type: Inline - RelativeCall 0x80647ECD-->80684277 [ntoskrnl.exe]
ntoskrnl.exe+0x00170EDD, Type: Inline - RelativeCall 0x80647EDD-->80648F9F [ntoskrnl.exe]
ntoskrnl.exe+0x00171105, Type: Inline - RelativeCall 0x80648105-->804E1343 [ntoskrnl.exe]
ntoskrnl.exe+0x00171157, Type: Inline - RelativeCall 0x80648157-->80684277 [ntoskrnl.exe]
ntoskrnl.exe+0x001712B5, Type: Inline - RelativeJump 0x806482B5-->80648364 [ntoskrnl.exe]
ntoskrnl.exe+0x001712BB, Type: Inline - RelativeJump 0x806482BB-->80648378 [ntoskrnl.exe]
ntoskrnl.exe+0x001714F8, Type: Inline - RelativeJump 0x806484F8-->806484D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017193A, Type: Inline - RelativeJump 0x8064893A-->80648966 [ntoskrnl.exe]
ntoskrnl.exe+0x00171BEA, Type: Inline - RelativeJump 0x80648BEA-->80648D06 [ntoskrnl.exe]
ntoskrnl.exe+0x00171CEE, Type: Inline - RelativeJump 0x80648CEE-->80648CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00172259, Type: Inline - RelativeJump 0x80649259-->8064931F [ntoskrnl.exe]
ntoskrnl.exe+0x00172292, Type: Inline - RelativeJump 0x80649292-->806492A2 [ntoskrnl.exe]
ntoskrnl.exe+0x001722CE, Type: Inline - RelativeJump 0x806492CE-->806492C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00172305, Type: Inline - RelativeJump 0x80649305-->80649319 [ntoskrnl.exe]
ntoskrnl.exe+0x00172330, Type: Inline - RelativeJump 0x80649330-->8064933F [ntoskrnl.exe]
ntoskrnl.exe+0x00172543, Type: Inline - PushRet 0x80649543-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00172A01, Type: Inline - RelativeJump 0x80649A01-->80649A16 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B24, Type: Inline - RelativeJump 0x80649B24-->80649B2C [ntoskrnl.exe]
ntoskrnl.exe+0x00172B2C, Type: Inline - RelativeJump 0x80649B2C-->80649B36 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B40, Type: Inline - RelativeJump 0x80649B40-->80649B48 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B50, Type: Inline - RelativeJump 0x80649B50-->80649B5A [ntoskrnl.exe]
ntoskrnl.exe+0x00172B60, Type: Inline - RelativeJump 0x80649B60-->80649B6A [ntoskrnl.exe]
ntoskrnl.exe+0x00172D8D, Type: Inline - DirectCall 0x80649D8D-->804D8054 [ntoskrnl.exe]
ntoskrnl.exe+0x00172E6F, Type: Inline - PushRet 0x80649E6F-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00172F4F, Type: Inline - RelativeJump 0x80649F4F-->80649F67 [ntoskrnl.exe]
ntoskrnl.exe+0x00173124, Type: Inline - RelativeJump 0x8064A124-->8064A139 [ntoskrnl.exe]
ntoskrnl.exe+0x0017320B, Type: Inline - RelativeJump 0x8064A20B-->8064A219 [ntoskrnl.exe]
ntoskrnl.exe+0x00173250, Type: Inline - RelativeJump 0x8064A250-->8064A25A [ntoskrnl.exe]
ntoskrnl.exe+0x00173292, Type: Inline - RelativeJump 0x8064A292-->8064A29C [ntoskrnl.exe]
ntoskrnl.exe+0x001732AE, Type: Inline - RelativeJump 0x8064A2AE-->8064A2BA [ntoskrnl.exe]
ntoskrnl.exe+0x001734CF, Type: Inline - RelativeJump 0x8064A4CF-->8064A4F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00173682, Type: Inline - RelativeJump 0x8064A682-->8064A794 [ntoskrnl.exe]
ntoskrnl.exe+0x00173793, Type: Inline - RelativeCall 0x8064A793-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001737A4, Type: Inline - RelativeJump 0x8064A7A4-->8064A7C7 [ntoskrnl.exe]
ntoskrnl.exe+0x001737BD, Type: Inline - RelativeJump 0x8064A7BD-->8064A7C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00173893, Type: Inline - RelativeJump 0x8064A893-->8064ABE3 [ntoskrnl.exe]
ntoskrnl.exe+0x001738D6, Type: Inline - RelativeJump 0x8064A8D6-->8064AB77 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A2C, Type: Inline - RelativeJump 0x8064AA2C-->8064AA44 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A82, Type: Inline - RelativeCall 0x8064AA82-->805B56A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A87, Type: Inline - RelativeJump 0x8064AA87-->8064AB32 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A8F, Type: Inline - RelativeJump 0x8064AA8F-->8064AB32 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A9B, Type: Inline - RelativeJump 0x8064AA9B-->8064AABB [ntoskrnl.exe]
ntoskrnl.exe+0x00173AAE, Type: Inline - RelativeJump 0x8064AAAE-->8064AB36 [ntoskrnl.exe]
ntoskrnl.exe+0x00173ABE, Type: Inline - RelativeJump 0x8064AABE-->8064AAD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00173AED, Type: Inline - RelativeJump 0x8064AAED-->8064AB05 [ntoskrnl.exe]
ntoskrnl.exe+0x00173B44, Type: Inline - RelativeJump 0x8064AB44-->8064A8DC [ntoskrnl.exe]
ntoskrnl.exe+0x00173B4F, Type: Inline - PushRet 0x8064AB4F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00173BBC, Type: Inline - RelativeJump 0x8064ABBC-->8064ABCB [ntoskrnl.exe]
ntoskrnl.exe+0x00173BC7, Type: Inline - RelativeJump 0x8064ABC7-->8064ABE7 [ntoskrnl.exe]
ntoskrnl.exe+0x00173BF6, Type: Inline - PushRet 0x8064ABF6-->CC900024 [unknown_code_page]
ntoskrnl.exe+0x00173C47, Type: Inline - RelativeJump 0x8064AC47-->8064AC58 [ntoskrnl.exe]
ntoskrnl.exe+0x00173E20, Type: Inline - RelativeJump 0x8064AE20-->8064AE2E [ntoskrnl.exe]
ntoskrnl.exe+0x00173ECF, Type: Inline - RelativeJump 0x8064AECF-->8064AEFF [ntoskrnl.exe]
ntoskrnl.exe+0x00173EE6, Type: Inline - RelativeCall 0x8064AEE6-->804E5CEF [ntoskrnl.exe]
ntoskrnl.exe+0x00173EF0, Type: Inline - RelativeJump 0x8064AEF0-->8064AEFF [ntoskrnl.exe]
ntoskrnl.exe+0x00174145, Type: Inline - RelativeJump 0x8064B145-->8064B155 [ntoskrnl.exe]
ntoskrnl.exe+0x00174151, Type: Inline - RelativeJump 0x8064B151-->8064B16D [ntoskrnl.exe]
ntoskrnl.exe+0x001744BB, Type: Inline - RelativeJump 0x8064B4BB-->8064B4EC [ntoskrnl.exe]
ntoskrnl.exe+0x001747A2, Type: Inline - RelativeJump 0x8064B7A2-->8064B7C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017481D, Type: Inline - RelativeCall 0x8064B81D-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x001748A5, Type: Inline - RelativeJump 0x8064B8A5-->8064B79F [ntoskrnl.exe]
ntoskrnl.exe+0x001748C4, Type: Inline - RelativeJump 0x8064B8C4-->8064B8CA [ntoskrnl.exe]
ntoskrnl.exe+0x00174A6D, Type: Inline - RelativeCall 0x8064BA6D-->804EA0FD [ntoskrnl.exe]
ntoskrnl.exe+0x00174AD1, Type: Inline - RelativeJump 0x8064BAD1-->8064BAF7 [ntoskrnl.exe]
ntoskrnl.exe+0x00174AD5, Type: Inline - RelativeJump 0x8064BAD5-->8064BAEF [ntoskrnl.exe]
ntoskrnl.exe+0x00174ADB, Type: Inline - RelativeJump 0x8064BADB-->8064BAED [ntoskrnl.exe]
ntoskrnl.exe+0x00174B62, Type: Inline - RelativeJump 0x8064BB62-->8064BB90 [ntoskrnl.exe]
ntoskrnl.exe+0x00174C8F, Type: Inline - RelativeJump 0x8064BC8F-->8064BCA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00174D31, Type: Inline - RelativeJump 0x8064BD31-->8064BCA1 [ntoskrnl.exe]
ntoskrnl.exe+0x00175091, Type: Inline - RelativeCall 0x8064C091-->8050B721 [ntoskrnl.exe]
ntoskrnl.exe+0x00175099, Type: Inline - RelativeJump 0x8064C099-->8064C0A6 [ntoskrnl.exe]
ntoskrnl.exe+0x001751B9, Type: Inline - RelativeJump 0x8064C1B9-->8064C1D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017523C, Type: Inline - RelativeCall 0x8064C23C-->8064BFB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00175299, Type: Inline - RelativeJump 0x8064C299-->8064C2B7 [ntoskrnl.exe]
ntoskrnl.exe+0x001755D5, Type: Inline - RelativeJump 0x8064C5D5-->8064C619 [ntoskrnl.exe]
ntoskrnl.exe+0x001755EA, Type: Inline - RelativeJump 0x8064C5EA-->8064C611 [ntoskrnl.exe]
ntoskrnl.exe+0x00175D71, Type: Inline - RelativeJump 0x8064CD71-->8064CD72 [ntoskrnl.exe]
ntoskrnl.exe+0x00175DEA, Type: Inline - RelativeCall 0x8064CDEA-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x00175DEF, Type: Inline - PushRet 0x8064CDEF-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00175E4D, Type: Inline - RelativeCall 0x8064CE4D-->8059296C [ntoskrnl.exe]
ntoskrnl.exe+0x00175E5A, Type: Inline - PushRet 0x8064CE5A-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x00176003, Type: Inline - RelativeJump 0x8064D003-->8064D046 [ntoskrnl.exe]
ntoskrnl.exe+0x00176448, Type: Inline - RelativeJump 0x8064D448-->8064D432 [ntoskrnl.exe]
ntoskrnl.exe+0x00176466, Type: Inline - RelativeJump 0x8064D466-->8064D46C [ntoskrnl.exe]
ntoskrnl.exe+0x00176468, Type: Inline - RelativeJump 0x8064D468-->8064D46E [ntoskrnl.exe]
ntoskrnl.exe+0x00176490, Type: Inline - RelativeJump 0x8064D490-->8064D4A8 [ntoskrnl.exe]
ntoskrnl.exe+0x001765C5, Type: Inline - RelativeJump 0x8064D5C5-->8064D5D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017692A, Type: Inline - RelativeJump 0x8064D92A-->8064D934 [ntoskrnl.exe]
ntoskrnl.exe+0x00176958, Type: Inline - RelativeJump 0x8064D958-->8064D95E [ntoskrnl.exe]
ntoskrnl.exe+0x00176964, Type: Inline - RelativeJump 0x8064D964-->8064D96A [ntoskrnl.exe]
ntoskrnl.exe+0x00176E5F, Type: Inline - RelativeCall 0x8064DE5F-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00176F05, Type: Inline - RelativeCall 0x8064DF05-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00176F0A, Type: Inline - RelativeCall 0x8064DF0A-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x001770F4, Type: Inline - RelativeJump 0x8064E0F4-->8064E0B5 [ntoskrnl.exe]
ntoskrnl.exe+0x001775DE, Type: Inline - RelativeJump 0x8064E5DE-->8064E717 [ntoskrnl.exe]
ntoskrnl.exe+0x0017777D, Type: Inline - RelativeJump 0x8064E77D-->8064E779 [ntoskrnl.exe]
ntoskrnl.exe+0x001777E2, Type: Inline - RelativeJump 0x8064E7E2-->8064E8D2 [ntoskrnl.exe]
ntoskrnl.exe+0x001777E8, Type: Inline - RelativeCall 0x8064E7E8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00177AAC, Type: Inline - RelativeJump 0x8064EAAC-->8064EAB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00177B0A, Type: Inline - RelativeJump 0x8064EB0A-->8064EB10 [ntoskrnl.exe]
ntoskrnl.exe+0x00177B61, Type: Inline - RelativeJump 0x8064EB61-->8064EB6A [ntoskrnl.exe]
ntoskrnl.exe+0x00177C2D, Type: Inline - PushRet 0x8064EC2D-->90CC0008 [unknown_code_page]
ntoskrnl.exe+0x00177CD8, Type: Inline - RelativeCall 0x8064ECD8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00177D23, Type: Inline - RelativeCall 0x8064ED23-->80572BDF [ntoskrnl.exe]
ntoskrnl.exe+0x00177D34, Type: Inline - RelativeJump 0x8064ED34-->8064EFC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00177F31, Type: Inline - RelativeJump 0x8064EF31-->8064EF50 [ntoskrnl.exe]
ntoskrnl.exe+0x00177F42, Type: Inline - RelativeJump 0x8064EF42-->89FFE929 [unknown_code_page]
ntoskrnl.exe+0x00178014, Type: Inline - RelativeJump 0x8064F014-->8064F01A [ntoskrnl.exe]
ntoskrnl.exe+0x001780B2, Type: Inline - RelativeJump 0x8064F0B2-->8064F0C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001780D4, Type: Inline - RelativeJump 0x8064F0D4-->8064F0E0 [ntoskrnl.exe]
ntoskrnl.exe+0x001782B6, Type: Inline - RelativeJump 0x8064F2B6-->8064F30A [ntoskrnl.exe]
ntoskrnl.exe+0x001782C8, Type: Inline - RelativeJump 0x8064F2C8-->8064F30A [ntoskrnl.exe]
ntoskrnl.exe+0x001783C9, Type: Inline - RelativeJump 0x8064F3C9-->806DB6CF [ntoskrnl.exe]
ntoskrnl.exe+0x001785E0, Type: Inline - RelativeJump 0x8064F5E0-->8064F5EE [ntoskrnl.exe]
ntoskrnl.exe+0x0017883F, Type: Inline - RelativeJump 0x8064F83F-->8064F858 [ntoskrnl.exe]
ntoskrnl.exe+0x00178885, Type: Inline - RelativeJump 0x8064F885-->8064F86F [ntoskrnl.exe]
ntoskrnl.exe+0x00178E01, Type: Inline - RelativeJump 0x8064FE01-->8064FE1F [ntoskrnl.exe]
ntoskrnl.exe+0x00178E94, Type: Inline - RelativeCall 0x8064FE94-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00178E9A, Type: Inline - RelativeJump 0x8064FE9A-->8064FEAE [ntoskrnl.exe]
ntoskrnl.exe+0x00178EA8, Type: Inline - RelativeCall 0x8064FEA8-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00178EAF, Type: Inline - PushRet 0x8064FEAF-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00178EC4, Type: Inline - PushRet 0x8064FEC4-->90900014 [unknown_code_page]
ntoskrnl.exe+0x00178EDA, Type: Inline - PushRet 0x8064FEDA-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x00178EEE, Type: Inline - PushRet 0x8064FEEE-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00178F36, Type: Inline - RelativeJump 0x8064FF36-->8064FFE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00178F6C, Type: Inline - RelativeJump 0x8064FF6C-->8065019E [ntoskrnl.exe]
ntoskrnl.exe+0x00179069, Type: Inline - RelativeCall 0x80650069-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00179071, Type: Inline - RelativeJump 0x80650071-->80650091 [ntoskrnl.exe]
ntoskrnl.exe+0x0017907C, Type: Inline - RelativeJump 0x8065007C-->8065003E [ntoskrnl.exe]
ntoskrnl.exe+0x0017949B, Type: Inline - RelativeJump 0x8065049B-->806504D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0017963B, Type: Inline - RelativeJump 0x8065063B-->80650698 [ntoskrnl.exe]
ntoskrnl.exe+0x00179652, Type: Inline - RelativeJump 0x80650652-->80650668 [ntoskrnl.exe]
ntoskrnl.exe+0x001796DA, Type: Inline - PushRet 0x806506DA-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001796DB, Type: Inline - RelativeJump 0x806506DB-->806506CE [ntoskrnl.exe]
ntoskrnl.exe+0x001797AC, Type: Inline - RelativeJump 0x806507AC-->806507AE [ntoskrnl.exe]
ntoskrnl.exe+0x001797C5, Type: Inline - PushRet 0x806507C5-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00179807, Type: Inline - RelativeJump 0x80650807-->80650815 [ntoskrnl.exe]
ntoskrnl.exe+0x00179876, Type: Inline - RelativeCall 0x80650876-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x00179882, Type: Inline - RelativeJump 0x80650882-->806508B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001799AF, Type: Inline - RelativeCall 0x806509AF-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00179AB9, Type: Inline - RelativeJump 0x80650AB9-->80650AEA [ntoskrnl.exe]
ntoskrnl.exe+0x00179B2A, Type: Inline - RelativeCall 0x80650B2A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00179B34, Type: Inline - RelativeJump 0x80650B34-->80650B44 [ntoskrnl.exe]
ntoskrnl.exe+0x00179C59, Type: Inline - RelativeJump 0x80650C59-->80650C8C [ntoskrnl.exe]
ntoskrnl.exe+0x00179C63, Type: Inline - RelativeJump 0x80650C63-->80650C51 [ntoskrnl.exe]
ntoskrnl.exe+0x00179E10, Type: Inline - RelativeJump 0x80650E10-->80650F0A [ntoskrnl.exe]
ntoskrnl.exe+0x00179FE3, Type: Inline - RelativeCall 0x80650FE3-->804EE0B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00179FEB, Type: Inline - RelativeCall 0x80650FEB-->804F6EB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00179FF5, Type: Inline - RelativeJump 0x80650FF5-->80651013 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A078, Type: Inline - RelativeCall 0x80651078-->80615E00 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A07E, Type: Inline - RelativeJump 0x8065107E-->806510BC [ntoskrnl.exe]
ntoskrnl.exe+0x0017A101, Type: Inline - RelativeCall 0x80651101-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A157, Type: Inline - RelativeJump 0x80651157-->80651175 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A159, Type: Inline - RelativeCall 0x80651159-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A161, Type: Inline - RelativeJump 0x80651161-->8065117F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A17F, Type: Inline - RelativeJump 0x8065117F-->8065148D [ntoskrnl.exe]
ntoskrnl.exe+0x0017A188, Type: Inline - DirectJump 0x80651188-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0017A194, Type: Inline - RelativeJump 0x80651194-->806511B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A19E, Type: Inline - RelativeJump 0x8065119E-->80651488 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A1FB, Type: Inline - RelativeJump 0x806511FB-->80651494 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A23D, Type: Inline - RelativeJump 0x8065123D-->8065124B [ntoskrnl.exe]
ntoskrnl.exe+0x0017A243, Type: Inline - RelativeJump 0x80651243-->80651494 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A25B, Type: Inline - RelativeJump 0x8065125B-->80651269 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A353, Type: Inline - RelativeJump 0x80651353-->80651335 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A37D, Type: Inline - RelativeJump 0x8065137D-->8065138F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A39A, Type: Inline - RelativeJump 0x8065139A-->8065137C [ntoskrnl.exe]
ntoskrnl.exe+0x0017A3A2, Type: Inline - RelativeJump 0x806513A2-->806513B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A3F7, Type: Inline - RelativeJump 0x806513F7-->80651411 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A445, Type: Inline - RelativeJump 0x80651445-->8065145F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A44B, Type: Inline - RelativeJump 0x8065144B-->8065145D [ntoskrnl.exe]
ntoskrnl.exe+0x0017A45D, Type: Inline - RelativeJump 0x8065145D-->806514DC [ntoskrnl.exe]
ntoskrnl.exe+0x0017A4D1, Type: Inline - RelativeJump 0x806514D1-->E4458BFF [unknown_code_page]
ntoskrnl.exe+0x0017A61F, Type: Inline - RelativeJump 0x8065161F-->806517A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A667, Type: Inline - RelativeJump 0x80651667-->80651687 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A6B6, Type: Inline - RelativeJump 0x806516B6-->80651795 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A794, Type: Inline - RelativeJump 0x80651794-->8075DAA7 [unknown_code_page]
ntoskrnl.exe+0x0017A7CC, Type: Inline - RelativeJump 0x806517CC-->80651A10 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A8FC, Type: Inline - RelativeJump 0x806518FC-->806519D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A929, Type: Inline - RelativeJump 0x80651929-->8065193F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A92C, Type: Inline - RelativeJump 0x8065192C-->8065190E [ntoskrnl.exe]
ntoskrnl.exe+0x0017A9B1, Type: Inline - RelativeCall 0x806519B1-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AAE1, Type: Inline - RelativeCall 0x80651AE1-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AAEE, Type: Inline - RelativeJump 0x80651AEE-->80651BAE [ntoskrnl.exe]
ntoskrnl.exe+0x0017AB2C, Type: Inline - RelativeCall 0x80651B2C-->804DB4B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AC65, Type: Inline - PushRet 0x80651C65-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x0017ACEB, Type: Inline - RelativeJump 0x80651CEB-->80651CF0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017ACFA, Type: Inline - RelativeJump 0x80651CFA-->80651D00 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AD10, Type: Inline - RelativeJump 0x80651D10-->80651D5D [ntoskrnl.exe]
ntoskrnl.exe+0x0017AE74, Type: Inline - PushRet 0x80651E74-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0017B0FD, Type: Inline - RelativeJump 0x806520FD-->80652113 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B140, Type: Inline - RelativeJump 0x80652140-->80652155 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B14A, Type: Inline - RelativeJump 0x8065214A-->8065233B [ntoskrnl.exe]
ntoskrnl.exe+0x0017B1A6, Type: Inline - RelativeJump 0x806521A6-->8065226D [ntoskrnl.exe]
ntoskrnl.exe+0x0017B1B6, Type: Inline - RelativeJump 0x806521B6-->80652275 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B250, Type: Inline - RelativeJump 0x80652250-->806521B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B268, Type: Inline - RelativeJump 0x80652268-->80652279 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B274, Type: Inline - RelativeCall 0x80652274-->805A4B2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017B27C, Type: Inline - RelativeJump 0x8065227C-->80652339 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B2A8, Type: Inline - RelativeJump 0x806522A8-->8065210E [ntoskrnl.exe]
ntoskrnl.exe+0x0017B2B5, Type: Inline - RelativeJump 0x806522B5-->80652302 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B3B5, Type: Inline - RelativeCall 0x806523B5-->80652524 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B3F0, Type: Inline - RelativeJump 0x806523F0-->80652414 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B448, Type: Inline - RelativeJump 0x80652448-->806524CC [ntoskrnl.exe]
ntoskrnl.exe+0x0017B48E, Type: Inline - RelativeCall 0x8065248E-->80652DA4 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B494, Type: Inline - RelativeJump 0x80652494-->8065249F [ntoskrnl.exe]
ntoskrnl.exe+0x0017B4E5, Type: Inline - RelativeJump 0x806524E5-->80652503 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B4F1, Type: Inline - RelativeJump 0x806524F1-->806524FF [ntoskrnl.exe]
ntoskrnl.exe+0x0017B541, Type: Inline - RelativeJump 0x80652541-->88B2B138 [unknown_code_page]
ntoskrnl.exe+0x0017B5CF, Type: Inline - RelativeJump 0x806525CF-->8065262A [ntoskrnl.exe]
ntoskrnl.exe+0x0017B6A5, Type: Inline - RelativeJump 0x806526A5-->806526A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BB47, Type: Inline - RelativeJump 0x80652B47-->80652B63 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BB88, Type: Inline - RelativeJump 0x80652B88-->80652B96 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BE72, Type: Inline - RelativeJump 0x80652E72-->80652E84 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BFF0, Type: Inline - RelativeCall 0x80652FF0-->80652E26 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C377, Type: Inline - RelativeCall 0x80653377-->804DA88D [ntoskrnl.exe]
ntoskrnl.exe+0x0017C390, Type: Inline - RelativeJump 0x80653390-->8065339C [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4CD, Type: Inline - RelativeCall 0x806534CD-->8065292E [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4D6, Type: Inline - RelativeCall 0x806534D6-->806526EE [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4DF, Type: Inline - RelativeJump 0x806534DF-->80653538 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C525, Type: Inline - RelativeCall 0x80653525-->80652E26 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C72C, Type: Inline - RelativeJump 0x8065372C-->80653795 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C730, Type: Inline - RelativeJump 0x80653730-->80653799 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C73B, Type: Inline - RelativeJump 0x8065373B-->8065377B [ntoskrnl.exe]
ntoskrnl.exe+0x0017C78C, Type: Inline - RelativeJump 0x8065378C-->8065379A [ntoskrnl.exe]
ntoskrnl.exe+0x0017C881, Type: Inline - RelativeJump 0x80653881-->80653897 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C9FD, Type: Inline - RelativeJump 0x806539FD-->80653A4F [ntoskrnl.exe]
ntoskrnl.exe+0x0017CAA2, Type: Inline - RelativeJump 0x80653AA2-->80653AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017CAE4, Type: Inline - RelativeCall 0x80653AE4-->8065384B [ntoskrnl.exe]
ntoskrnl.exe+0x0017CD98, Type: Inline - PushRet 0x80653D98-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0017CEA4, Type: Inline - RelativeJump 0x80653EA4-->80653E35 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D020, Type: Inline - RelativeJump 0x80654020-->80654080 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D13D, Type: Inline - RelativeJump 0x8065413D-->806541B7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D3AF, Type: Inline - RelativeJump 0x806543AF-->80654641 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D3B5, Type: Inline - RelativeCall 0x806543B5-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D530, Type: Inline - RelativeCall 0x80654530-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D561, Type: Inline - RelativeCall 0x80654561-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D613, Type: Inline - RelativeJump 0x80654613-->8065462D [ntoskrnl.exe]
ntoskrnl.exe+0x0017D628, Type: Inline - RelativeJump 0x80654628-->80654642 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D630, Type: Inline - RelativeJump 0x80654630-->8065468F [ntoskrnl.exe]
ntoskrnl.exe+0x0017D680, Type: Inline - RelativeCall 0x80654680-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DDB8, Type: Inline - RelativeCall 0x80654DB8-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DDCA, Type: Inline - RelativeCall 0x80654DCA-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE37, Type: Inline - RelativeCall 0x80654E37-->805B779D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE3C, Type: Inline - RelativeJump 0x80654E3C-->80654F2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE4C, Type: Inline - RelativeCall 0x80654E4C-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE5E, Type: Inline - RelativeCall 0x80654E5E-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE7E, Type: Inline - RelativeCall 0x80654E7E-->805B779D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE83, Type: Inline - RelativeJump 0x80654E83-->80654F2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE93, Type: Inline - RelativeJump 0x80654E93-->80654DA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DEC7, Type: Inline - RelativeJump 0x80654EC7-->80654F31 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DF25, Type: Inline - RelativeJump 0x80654F25-->80654F31 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DF33, Type: Inline - RelativeCall 0x80654F33-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DFBA, Type: Inline - RelativeJump 0x80654FBA-->80654FC6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DFD1, Type: Inline - RelativeJump 0x80654FD1-->80654FDA [ntoskrnl.exe]
ntoskrnl.exe+0x0017E012, Type: Inline - RelativeJump 0x80655012-->8065501C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E02E, Type: Inline - RelativeJump 0x8065502E-->8065503C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E040, Type: Inline - RelativeJump 0x80655040-->8065504C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E052, Type: Inline - RelativeJump 0x80655052-->80655058 [ntoskrnl.exe]
ntoskrnl.exe+0x0017E238, Type: Inline - RelativeJump 0x80655238-->8065521E [ntoskrnl.exe]
ntoskrnl.exe+0x0017E2C5, Type: Inline - RelativeJump 0x806552C5-->806552CF [ntoskrnl.exe]
ntoskrnl.exe+0x0017E2CC, Type: Inline - RelativeJump 0x806552CC-->806552D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017E6F2, Type: Inline - RelativeJump 0x806556F2-->80655764 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EA95, Type: Inline - RelativeJump 0x80655A95-->80655AB3 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EAA8, Type: Inline - RelativeJump 0x80655AA8-->80655AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB38, Type: Inline - RelativeJump 0x80655B38-->80655B5E [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB43, Type: Inline - RelativeJump 0x80655B43-->80655B5B [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB51, Type: Inline - RelativeJump 0x80655B51-->80655B8C [ntoskrnl.exe]
ntoskrnl.exe+0x0017F144, Type: Inline - RelativeCall 0x80656144-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F23B, Type: Inline - RelativeCall 0x8065623B-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F243, Type: Inline - RelativeJump 0x80656243-->8065629E [ntoskrnl.exe]
ntoskrnl.exe+0x0017F336, Type: Inline - RelativeJump 0x80656336-->8065634C [ntoskrnl.exe]
ntoskrnl.exe+0x0017F33E, Type: Inline - RelativeCall 0x8065633E-->80570313 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F433, Type: Inline - RelativeCall 0x80656433-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F43C, Type: Inline - RelativeJump 0x8065643C-->80656487 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F441, Type: Inline - RelativeJump 0x80656441-->80656442 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F45D, Type: Inline - RelativeJump 0x8065645D-->80656472 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F51B, Type: Inline - RelativeJump 0x8065651B-->8065651D [ntoskrnl.exe]
ntoskrnl.exe+0x0017F54F, Type: Inline - RelativeJump 0x8065654F-->80656572 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F5F6, Type: Inline - RelativeCall 0x806565F6-->80655083 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F5FC, Type: Inline - RelativeJump 0x806565FC-->80656644 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F70C, Type: Inline - RelativeJump 0x8065670C-->8065670E [ntoskrnl.exe]
ntoskrnl.exe+0x0017F71C, Type: Inline - RelativeCall 0x8065671C-->80655083 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F8C9, Type: Inline - RelativeCall 0x806568C9-->8065C0F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017FDAD, Type: Inline - RelativeJump 0x80656DAD-->80656F3A [ntoskrnl.exe]
ntoskrnl.exe+0x0018009F, Type: Inline - RelativeJump 0x8065709F-->806570C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001800A6, Type: Inline - RelativeJump 0x806570A6-->80657063 [ntoskrnl.exe]
ntoskrnl.exe+0x00180154, Type: Inline - RelativeJump 0x80657154-->80657162 [ntoskrnl.exe]
ntoskrnl.exe+0x001801BD, Type: Inline - RelativeJump 0x806571BD-->80657242 [ntoskrnl.exe]
ntoskrnl.exe+0x001802E0, Type: Inline - RelativeJump 0x806572E0-->806572F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0018030C, Type: Inline - RelativeJump 0x8065730C-->80657312 [ntoskrnl.exe]
ntoskrnl.exe+0x00180328, Type: Inline - RelativeJump 0x80657328-->8065732E [ntoskrnl.exe]
ntoskrnl.exe+0x00180593, Type: Inline - RelativeCall 0x80657593-->8057FCE0 [ntoskrnl.exe]
ntoskrnl.exe+0x0018062C, Type: Inline - RelativeJump 0x8065762C-->80657638 [ntoskrnl.exe]
ntoskrnl.exe+0x0018063A, Type: Inline - RelativeJump 0x8065763A-->80657640 [ntoskrnl.exe]
ntoskrnl.exe+0x0018074D, Type: Inline - RelativeJump 0x8065774D-->8065775D [ntoskrnl.exe]
ntoskrnl.exe+0x0018075A, Type: Inline - RelativeJump 0x8065775A-->80657769 [ntoskrnl.exe]
ntoskrnl.exe+0x00180890, Type: Inline - RelativeCall 0x80657890-->804E3BED [ntoskrnl.exe]
ntoskrnl.exe+0x0018089C, Type: Inline - RelativeJump 0x8065789C-->80657960 [ntoskrnl.exe]
ntoskrnl.exe+0x00180A2A, Type: Inline - RelativeCall 0x80657A2A-->805DE2C1 [ntoskrnl.exe]
ntoskrnl.exe+0x00180A39, Type: Inline - RelativeJump 0x80657A39-->80657C28 [ntoskrnl.exe]
ntoskrnl.exe+0x00180BE0, Type: Inline - RelativeJump 0x80657BE0-->80657C5C [ntoskrnl.exe]
ntoskrnl.exe+0x00180C0E, Type: Inline - RelativeJump 0x80657C0E-->80657C28 [ntoskrnl.exe]
ntoskrnl.exe+0x00180C4F, Type: Inline - RelativeJump 0x80657C4F-->80657C4D [ntoskrnl.exe]
ntoskrnl.exe+0x00180CBC, Type: Inline - RelativeJump 0x80657CBC-->80657CC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00180FE6, Type: Inline - RelativeCall 0x80657FE6-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0018107A, Type: Inline - RelativeJump 0x8065807A-->8065817D [ntoskrnl.exe]
ntoskrnl.exe+0x00181082, Type: Inline - RelativeCall 0x80658082-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00181092, Type: Inline - RelativeCall 0x80658092-->80572F19 [ntoskrnl.exe]
ntoskrnl.exe+0x0018115E, Type: Inline - RelativeJump 0x8065815E-->80658128 [ntoskrnl.exe]
ntoskrnl.exe+0x00181232, Type: Inline - RelativeJump 0x80658232-->80658238 [ntoskrnl.exe]
ntoskrnl.exe+0x00181778, Type: Inline - RelativeCall 0x80658778-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x001817D8, Type: Inline - RelativeJump 0x806587D8-->806587EE [ntoskrnl.exe]
ntoskrnl.exe+0x00181986, Type: Inline - RelativeCall 0x80658986-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0018198B, Type: Inline - RelativeJump 0x8065898B-->80658A7F [ntoskrnl.exe]
ntoskrnl.exe+0x001819E0, Type: Inline - RelativeCall 0x806589E0-->805DAB3E [ntoskrnl.exe]
ntoskrnl.exe+0x001819EB, Type: Inline - RelativeJump 0x806589EB-->80658A75 [ntoskrnl.exe]
ntoskrnl.exe+0x00181A3B, Type: Inline - RelativeJump 0x80658A3B-->80658A48 [ntoskrnl.exe]
ntoskrnl.exe+0x00181A54, Type: Inline - RelativeJump 0x80658A54-->80658A7E [ntoskrnl.exe]
ntoskrnl.exe+0x00181B62, Type: Inline - RelativeJump 0x80658B62-->80658B68 [ntoskrnl.exe]
ntoskrnl.exe+0x00181B6A, Type: Inline - RelativeJump 0x80658B6A-->80658B74 [ntoskrnl.exe]
ntoskrnl.exe+0x00181FF9, Type: Inline - RelativeCall 0x80658FF9-->80572F19 [ntoskrnl.exe]
ntoskrnl.exe+0x00182006, Type: Inline - RelativeJump 0x80659006-->8065933D [ntoskrnl.exe]
ntoskrnl.exe+0x0018200E, Type: Inline - RelativeJump 0x8065900E-->8065933D [ntoskrnl.exe]
ntoskrnl.exe+0x00182086, Type: Inline - RelativeJump 0x80659086-->806594C5 [ntoskrnl.exe]
ntoskrnl.exe+0x00182224, Type: Inline - RelativeCall 0x80659224-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001823DA, Type: Inline - RelativeCall 0x806593DA-->80657362 [ntoskrnl.exe]
ntoskrnl.exe+0x001823EE, Type: Inline - RelativeJump 0x806593EE-->806594C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001824D1, Type: Inline - RelativeJump 0x806594D1-->80658EB4 [ntoskrnl.exe]
ntoskrnl.exe+0x001824E6, Type: Inline - RelativeJump 0x806594E6-->806594F4 [ntoskrnl.exe]
ntoskrnl.exe+0x001824F0, Type: Inline - RelativeJump 0x806594F0-->806594F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00182582, Type: Inline - RelativeJump 0x80659582-->80659590 [ntoskrnl.exe]
ntoskrnl.exe+0x00182676, Type: Inline - RelativeJump 0x80659676-->8065967C [ntoskrnl.exe]
ntoskrnl.exe+0x0018268A, Type: Inline - RelativeJump 0x8065968A-->80659698 [ntoskrnl.exe]
ntoskrnl.exe+0x001826D0, Type: Inline - RelativeJump 0x806596D0-->806596DC [ntoskrnl.exe]
ntoskrnl.exe+0x001826DE, Type: Inline - RelativeJump 0x806596DE-->806596E8 [ntoskrnl.exe]
ntoskrnl.exe+0x00182716, Type: Inline - RelativeJump 0x80659716-->8065971C [ntoskrnl.exe]
ntoskrnl.exe+0x00182744, Type: Inline - RelativeJump 0x80659744-->8065974A [ntoskrnl.exe]
ntoskrnl.exe+0x0018274E, Type: Inline - RelativeJump 0x8065974E-->80659756 [ntoskrnl.exe]
ntoskrnl.exe+0x00182752, Type: Inline - RelativeJump 0x80659752-->8065975E [ntoskrnl.exe]
ntoskrnl.exe+0x0018279D, Type: Inline - RelativeJump 0x8065979D-->806597AE [ntoskrnl.exe]
ntoskrnl.exe+0x0018280E, Type: Inline - RelativeJump 0x8065980E-->80659814 [ntoskrnl.exe]
ntoskrnl.exe+0x00182810, Type: Inline - RelativeJump 0x80659810-->80659816 [ntoskrnl.exe]
ntoskrnl.exe+0x00182814, Type: Inline - RelativeJump 0x80659814-->8065981A [ntoskrnl.exe]
ntoskrnl.exe+0x00182819, Type: Inline - RelativeJump 0x80659819-->80659830 [ntoskrnl.exe]
ntoskrnl.exe+0x0018282C, Type: Inline - RelativeJump 0x8065982C-->80659832 [ntoskrnl.exe]
ntoskrnl.exe+0x0018282E, Type: Inline - RelativeJump 0x8065982E-->80659834 [ntoskrnl.exe]
ntoskrnl.exe+0x0018287A, Type: Inline - RelativeJump 0x8065987A-->80659880 [ntoskrnl.exe]
ntoskrnl.exe+0x00182A90, Type: Inline - RelativeJump 0x80659A90-->80659B03 [ntoskrnl.exe]
ntoskrnl.exe+0x00182A97, Type: Inline - RelativeJump 0x80659A97-->80659AC4 [ntoskrnl.exe]
ntoskrnl.exe+0x00182AA0, Type: Inline - RelativeJump 0x80659AA0-->80659AC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00182BA8, Type: Inline - RelativeCall 0x80659BA8-->8065BE17 [ntoskrnl.exe]
ntoskrnl.exe+0x00182C4A, Type: Inline - RelativeJump 0x80659C4A-->80659CD5 [ntoskrnl.exe]
ntoskrnl.exe+0x00182C6D, Type: Inline - RelativeCall 0x80659C6D-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x00182DA4, Type: Inline - RelativeJump 0x80659DA4-->80659D52 [ntoskrnl.exe]
ntoskrnl.exe+0x00183127, Type: Inline - RelativeJump 0x8065A127-->8065A14A [ntoskrnl.exe]
ntoskrnl.exe+0x0018338C, Type: Inline - RelativeJump 0x8065A38C-->8065A3A6 [ntoskrnl.exe]
ntoskrnl.exe+0x00183892, Type: Inline - RelativeJump 0x8065A892-->8065A8A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0018389F, Type: Inline - RelativeCall 0x8065A89F-->80578B44 [ntoskrnl.exe]
ntoskrnl.exe+0x001838D7, Type: Inline - RelativeJump 0x8065A8D7-->8065A8EB [ntoskrnl.exe]
ntoskrnl.exe+0x001838E8, Type: Inline - RelativeJump 0x8065A8E8-->8065A8F6 [ntoskrnl.exe]
ntoskrnl.exe+0x001839C8, Type: Inline - RelativeJump 0x8065A9C8-->8065A9DE [ntoskrnl.exe]
ntoskrnl.exe+0x00183A6C, Type: Inline - RelativeCall 0x8065AA6C-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00183A7B, Type: Inline - RelativeJump 0x8065AA7B-->8065AA93 [ntoskrnl.exe]
ntoskrnl.exe+0x00183BDD, Type: Inline - RelativeJump 0x8065ABDD-->8065AD17 [ntoskrnl.exe]
ntoskrnl.exe+0x00183D5B, Type: Inline - DirectCall 0x8065AD5B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00183DF4, Type: Inline - PushRet 0x8065ADF4-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00183F0D, Type: Inline - RelativeJump 0x8065AF0D-->8065AED0 [ntoskrnl.exe]
ntoskrnl.exe+0x00183F92, Type: Inline - RelativeJump 0x8065AF92-->8065AECC [ntoskrnl.exe]
ntoskrnl.exe+0x001841A4, Type: Inline - PushRet 0x8065B1A4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x001845BF, Type: Inline - RelativeJump 0x8065B5BF-->8065B595 [ntoskrnl.exe]
ntoskrnl.exe+0x00184877, Type: Inline - RelativeJump 0x8065B877-->8065BC95 [ntoskrnl.exe]
ntoskrnl.exe+0x00184882, Type: Inline - RelativeJump 0x8065B882-->8065BC95 [ntoskrnl.exe]
ntoskrnl.exe+0x0018488D, Type: Inline - RelativeCall 0x8065B88D-->8065E63B [ntoskrnl.exe]
ntoskrnl.exe+0x001849D2, Type: Inline - RelativeJump 0x8065B9D2-->8065BC9A [ntoskrnl.exe]
ntoskrnl.exe+0x001849D9, Type: Inline - RelativeJump 0x8065B9D9-->8065BC9A [ntoskrnl.exe]
ntoskrnl.exe+0x001849E3, Type: Inline - RelativeJump 0x8065B9E3-->8065BAD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00184AF5, Type: Inline - RelativeJump 0x8065BAF5-->8065BAFD [ntoskrnl.exe]
ntoskrnl.exe+0x00184B61, Type: Inline - RelativeCall 0x8065BB61-->8065C87D [ntoskrnl.exe]
ntoskrnl.exe+0x00184B6B, Type: Inline - RelativeJump 0x8065BB6B-->8065BB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00184BDC, Type: Inline - RelativeJump 0x8065BBDC-->8065BC5B [ntoskrnl.exe]
ntoskrnl.exe+0x00184E8E, Type: Inline - DirectCall 0x8065BE8E-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00185218, Type: Inline - RelativeCall 0x8065C218-->805868A3 [ntoskrnl.exe]
ntoskrnl.exe+0x00185296, Type: Inline - RelativeCall 0x8065C296-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001853DB, Type: Inline - RelativeJump 0x8065C3DB-->8065C45C [ntoskrnl.exe]
ntoskrnl.exe+0x001853F0, Type: Inline - RelativeCall 0x8065C3F0-->80659D18 [ntoskrnl.exe]
ntoskrnl.exe+0x001853F7, Type: Inline - RelativeJump 0x8065C3F7-->8065C30B [ntoskrnl.exe]
ntoskrnl.exe+0x00185477, Type: Inline - RelativeJump 0x8065C477-->8065C48E [ntoskrnl.exe]
ntoskrnl.exe+0x0018560F, Type: Inline - RelativeJump 0x8065C60F-->8065C693 [ntoskrnl.exe]
ntoskrnl.exe+0x001859FC, Type: Inline - RelativeJump 0x8065C9FC-->8065C963 [ntoskrnl.exe]
ntoskrnl.exe+0x00185BE4, Type: Inline - RelativeCall 0x8065CBE4-->8058621A [ntoskrnl.exe]
ntoskrnl.exe+0x00185BE9, Type: Inline - RelativeJump 0x8065CBE9-->8065CBCF [ntoskrnl.exe]
ntoskrnl.exe+0x00185C16, Type: Inline - RelativeJump 0x8065CC16-->8065CC24 [ntoskrnl.exe]
ntoskrnl.exe+0x00185E42, Type: Inline - RelativeCall 0x8065CE42-->805702E9 [ntoskrnl.exe]
ntoskrnl.exe+0x00185E4B, Type: Inline - RelativeJump 0x8065CE4B-->8065CE60 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F3B, Type: Inline - RelativeCall 0x8065CF3B-->805D6BA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F4C, Type: Inline - RelativeJump 0x8065CF4C-->8065D074 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F5E, Type: Inline - RelativeJump 0x8065CF5E-->8065CF48 [ntoskrnl.exe]
ntoskrnl.exe+0x00185FED, Type: Inline - RelativeJump 0x8065CFED-->8065D000 [ntoskrnl.exe]
ntoskrnl.exe+0x00186029, Type: Inline - RelativeJump 0x8065D029-->8065CFCC [ntoskrnl.exe]
ntoskrnl.exe+0x0018603D, Type: Inline - RelativeJump 0x8065D03D-->8065D007 [ntoskrnl.exe]
ntoskrnl.exe+0x00186145, Type: Inline - RelativeCall 0x8065D145-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0018614A, Type: Inline - RelativeCall 0x8065D14A-->80585F2E [ntoskrnl.exe]
ntoskrnl.exe+0x00186155, Type: Inline - PushRet 0x8065D155-->CC900004 [unknown_code_page]
ntoskrnl.exe+0x00186282, Type: Inline - RelativeJump 0x8065D282-->8065D28F [ntoskrnl.exe]
ntoskrnl.exe+0x0018638B, Type: Inline - RelativeJump 0x8065D38B-->8065D3B3 [ntoskrnl.exe]
ntoskrnl.exe+0x001863C4, Type: Inline - RelativeJump 0x8065D3C4-->8065D3F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0018653D, Type: Inline - RelativeCall 0x8065D53D-->8065EA3F [ntoskrnl.exe]
ntoskrnl.exe+0x00186974, Type: Inline - RelativeCall 0x8065D974-->805702E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0018697A, Type: Inline - RelativeJump 0x8065D97A-->8065D98B [ntoskrnl.exe]
ntoskrnl.exe+0x00186A55, Type: Inline - RelativeCall 0x8065DA55-->8065F02B [ntoskrnl.exe]
ntoskrnl.exe+0x00186B33, Type: Inline - RelativeJump 0x8065DB33-->8065DB49 [ntoskrnl.exe]
ntoskrnl.exe+0x00186BE6, Type: Inline - RelativeCall 0x8065DBE6-->8065EDD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00186BF6, Type: Inline - RelativeJump 0x8065DBF6-->8065DC09 [ntoskrnl.exe]
ntoskrnl.exe+0x00186C33, Type: Inline - RelativeCall 0x8065DC33-->8065F02B [ntoskrnl.exe]
ntoskrnl.exe+0x00186C9E, Type: Inline - RelativeCall 0x8065DC9E-->8065EA3F [ntoskrnl.exe]
ntoskrnl.exe-->atoi, Type: EAT modification 0x80684C98-->805119B4 [ntoskrnl.exe]
ntoskrnl.exe-->atol, Type: EAT modification 0x80684C9C-->805119C1 [ntoskrnl.exe]
ntoskrnl.exe-->CcCanIWrite, Type: EAT modification 0x80683714-->804F836E [ntoskrnl.exe]
ntoskrnl.exe-->CcCopyRead, Type: EAT modification 0x80683718-->8057B042 [ntoskrnl.exe]
ntoskrnl.exe-->CcCopyWrite, Type: EAT modification 0x8068371C-->804F8648 [ntoskrnl.exe]
ntoskrnl.exe-->CcDeferWrite, Type: Inline - RelativeJump 0x8052A962-->8052A986 [ntoskrnl.exe]
ntoskrnl.exe-->CcDeferWrite, Type: EAT modification 0x80683720-->8052F7C5 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastCopyRead, Type: EAT modification 0x80683724-->8058B0E9 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastCopyWrite, Type: EAT modification 0x80683728-->80514419 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastMdlReadWait, Type: EAT modification 0x8068372C-->8055F5C4 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastReadNotPossible, Type: EAT modification 0x80683730-->8055F5CC [ntoskrnl.exe]
ntoskrnl.exe-->CcFastReadWait, Type: EAT modification 0x80683734-->8055F5D4 [ntoskrnl.exe]
ntoskrnl.exe-->CcFlushCache, Type: EAT modification 0x80683738-->804ECEE7 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetDirtyPages, Type: EAT modification 0x8068373C-->804F0014 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x80683740-->8052FDB7 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x80683744-->8052FD79 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFlushedValidData, Type: EAT modification 0x80683748-->804F789F [ntoskrnl.exe]
ntoskrnl.exe-->CcGetLsnForFileObject, Type: EAT modification 0x8068374C-->8052FC00 [ntoskrnl.exe]
ntoskrnl.exe-->CcInitializeCacheMap, Type: EAT modification 0x80683750-->804F5140 [ntoskrnl.exe]
ntoskrnl.exe-->CcIsThereDirtyData, Type: EAT modification 0x80683754-->8052FB57 [ntoskrnl.exe]
ntoskrnl.exe-->CcMapData, Type: EAT modification 0x80683758-->8057BE0A [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlRead, Type: EAT modification 0x8068375C-->8061BE7D [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlReadComplete, Type: EAT modification 0x80683760-->8061C130 [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlWriteAbort, Type: EAT modification 0x80683764-->8052FF2F [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlWriteComplete, Type: EAT modification 0x80683768-->8061C175 [ntoskrnl.exe]
ntoskrnl.exe-->CcPinMappedData, Type: EAT modification 0x8068376C-->8057BFF4 [ntoskrnl.exe]
ntoskrnl.exe-->CcPinRead, Type: EAT modification 0x80683770-->8058ACDD [ntoskrnl.exe]
ntoskrnl.exe-->CcPrepareMdlWrite, Type: EAT modification 0x80683774-->8052FFE3 [ntoskrnl.exe]
ntoskrnl.exe-->CcPreparePinWrite, Type: EAT modification 0x80683778-->80572491 [ntoskrnl.exe]
ntoskrnl.exe-->CcPurgeCacheSection, Type: EAT modification 0x8068377C-->804F7D86 [ntoskrnl.exe]
ntoskrnl.exe-->CcRemapBcb, Type: EAT modification 0x80683780-->804F2AD9 [ntoskrnl.exe]
ntoskrnl.exe-->CcRepinBcb, Type: EAT modification 0x80683784-->8052F8C5 [ntoskrnl.exe]
ntoskrnl.exe-->CcScheduleReadAhead, Type: EAT modification 0x80683788-->805022CF [ntoskrnl.exe]
ntoskrnl.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x8068378C-->8050244A [ntoskrnl.exe]
ntoskrnl.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x80683790-->80572572 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x80683794-->8052FD40 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x80683798-->804EF448 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetFileSizes, Type: EAT modification 0x8068379C-->804F7592 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetLogHandleForFile, Type: EAT modification 0x806837A0-->80582D00 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x806837A4-->804F549C [ntoskrnl.exe]
ntoskrnl.exe-->CcUninitializeCacheMap, Type: EAT modification 0x806837A8-->804F5570 [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinData, Type: EAT modification 0x806837AC-->8057BDBC [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinDataForThread, Type: EAT modification 0x806837B0-->8057259C [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x806837B4-->8052FA64 [ntoskrnl.exe]
ntoskrnl.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x806837B8-->80530311 [ntoskrnl.exe]
ntoskrnl.exe-->CcZeroData, Type: EAT modification 0x806837BC-->805E656C [ntoskrnl.exe]
ntoskrnl.exe-->CmRegisterCallback, Type: EAT modification 0x806837C0-->8061C287 [ntoskrnl.exe]
ntoskrnl.exe-->CmUnRegisterCallback, Type: EAT modification 0x806837C4-->8061C1CB [ntoskrnl.exe]
ntoskrnl.exe-->DbgBreakPoint, Type: EAT modification 0x806837C8-->804E2A66 [ntoskrnl.exe]
ntoskrnl.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x806837CC-->804E2A6E [ntoskrnl.exe]
ntoskrnl.exe-->DbgLoadImageSymbols, Type: EAT modification 0x806837D0-->80506311 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrint, Type: EAT modification 0x806837D4-->80501F09 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrintEx, Type: EAT modification 0x806837D8-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrintReturnControlC, Type: EAT modification 0x806837DC-->80542E08 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrompt, Type: EAT modification 0x806837E0-->80542E7B [ntoskrnl.exe]
ntoskrnl.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x806837E4-->80542ED3 [ntoskrnl.exe]
ntoskrnl.exe-->DbgSetDebugFilterState, Type: EAT modification 0x806837E8-->80542EE8 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x80683628-->804DBE15 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: Inline - RelativeCall 0x804E35E6-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x806837EC-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x806837F0-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtection, Type: EAT modification 0x8068362C-->8056FF59 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtectionEx, Type: Inline - RelativeJump 0x8064542A-->80645437 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x80683630-->8064C8EA [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x806837F4-->804EF378 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: Inline - DirectCall 0x804E8A22-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x806837F8-->804F2B23 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x806837FC-->804E9237 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePool, Type: EAT modification 0x80683800-->8050D57A [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x80683804-->8054A97B [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x80683808-->804E8782 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x8068380C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x80683810-->804F3C7E [ntoskrnl.exe]
ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: Inline - RelativeJump 0x804FB61E-->804FB2ED [ntoskrnl.exe]
ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x80683814-->804F9ACA [ntoskrnl.exe]
ntoskrnl.exe-->ExCreateCallback, Type: EAT modification 0x80683818-->805BBD83 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x8068381C-->8054AA43 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x80683820-->8054AA98 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeleteResourceLite, Type: EAT modification 0x80683824-->804E9E92 [ntoskrnl.exe]
ntoskrnl.exe-->ExDesktopObjectType, Type: EAT modification 0x80683828-->8056A9BC [ntoskrnl.exe]
ntoskrnl.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x8068382C-->804EF3CA [ntoskrnl.exe]
ntoskrnl.exe-->ExEnumHandleTable, Type: EAT modification 0x80683830-->805E84E4 [ntoskrnl.exe]
ntoskrnl.exe-->ExEventObjectType, Type: EAT modification 0x80683834-->8056A940 [ntoskrnl.exe]
ntoskrnl.exe-->ExExtendZone, Type: EAT modification 0x80683838-->80518582 [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x80683668-->8056F374 [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockShared, Type: Inline - RelativeJump 0x8057E9EE-->8057E9FD [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x8068366C-->8056F40A [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x80683690-->804E56FC [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x80683694-->804E5708 [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x80683698-->804E56F0 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x80683670-->804E55BC [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x80683674-->804E5734 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x80683678-->804E55E8 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x8068367C-->804E5620 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x80683680-->804E568C [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x80683684-->804E56BC [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x80683688-->804E5658 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreePool, Type: EAT modification 0x8068383C-->805513D4 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreePoolWithTag, Type: EAT modification 0x80683840-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x80683844-->804E920D [ntoskrnl.exe]
ntoskrnl.exe-->ExfReleasePushLock, Type: EAT modification 0x8068368C-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x80683848-->8054ADE9 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x8068384C-->8054ADA2 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x80683850-->80549D3A [ntoskrnl.exe]
ntoskrnl.exe-->ExGetPreviousMode, Type: EAT modification 0x80683854-->8051917D [ntoskrnl.exe]
ntoskrnl.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x80683858-->80549D55 [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x806838F8-->804DC05E [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x806838FC-->804DC072 [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x80683900-->804DC04A [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x8068385C-->80508A20 [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x80683860-->805B6911 [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeResourceLite, Type: EAT modification 0x80683864-->804E9EEF [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeRundownProtection, Type: EAT modification 0x80683634-->8064C8BF [ntoskrnl.exe]

ntoskrnl.exe-->ExInitializeZone, Type: EAT modification 0x80683868-->80509C60 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x8068386C-->804DBE49 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeStatistic, Type: Inline - RelativeJump 0x804E2E1E-->804E2E2D [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x80683638-->804E55B0 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddUlong, Type: Inline - PushRet 0x804DB33B-->8BFC418D [unknown_code_page]
ntoskrnl.exe-->ExInterlockedAddUlong, Type: EAT modification 0x80683870-->804DBE9A [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x8068363C-->804E5750 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x80683874-->804DC026 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x80683878-->804DC03A [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedExtendZone, Type: EAT modification 0x8068387C-->8054AAFF [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedFlushSList, Type: EAT modification 0x80683640-->804E12FF [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x80683880-->804DC012 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x80683884-->804DBECE [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x80683888-->804DBF12 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x8068388C-->804DBFA2 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x80683644-->804E131F [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x80683890-->804DBFDA [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x80683648-->804E133F [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x80683894-->804DBF56 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x80683898-->8050BAB1 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x8068389C-->804F28C9 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x806838A0-->804EB012 [ntoskrnl.exe]
ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x806838A4-->804F9AA0 [ntoskrnl.exe]
ntoskrnl.exe-->ExNotifyCallback, Type: EAT modification 0x806838A8-->80519120 [ntoskrnl.exe]
ntoskrnl.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x806838AC-->8054A0C7 [ntoskrnl.exe]
ntoskrnl.exe-->ExQueueWorkItem, Type: EAT modification 0x806838B0-->804DA3FC [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseAccessViolation, Type: EAT modification 0x806838B4-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x806838B8-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseException, Type: EAT modification 0x806838BC-->804E310E [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseHardError, Type: EAT modification 0x806838C0-->805B25C2 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseStatus, Type: EAT modification 0x806838C4-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe-->ExRegisterCallback, Type: EAT modification 0x806838C8-->8050D0B4 [ntoskrnl.exe]
ntoskrnl.exe-->ExReinitializeResourceLite, Type: EAT modification 0x806838CC-->804FC2A7 [ntoskrnl.exe]
ntoskrnl.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x8068364C-->8064C8CF [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x80683650-->804DBE35 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x806838D0-->804EFF24 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseResourceLite, Type: EAT modification 0x80683654-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseRundownProtection, Type: EAT modification 0x80683658-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x8068365C-->8064C927 [ntoskrnl.exe]
ntoskrnl.exe-->ExRundownCompleted, Type: EAT modification 0x80683660-->80593172 [ntoskrnl.exe]
ntoskrnl.exe-->ExSemaphoreObjectType, Type: EAT modification 0x806838D4-->8056A520 [ntoskrnl.exe]
ntoskrnl.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x806838D8-->804EFC14 [ntoskrnl.exe]
ntoskrnl.exe-->ExSetTimerResolution, Type: EAT modification 0x806838DC-->8064EB8F [ntoskrnl.exe]
ntoskrnl.exe-->ExSystemExceptionFilter, Type: EAT modification 0x806838E0-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x806838E4-->805150FE [ntoskrnl.exe]
ntoskrnl.exe-->ExUnregisterCallback, Type: EAT modification 0x806838E8-->8054A9AA [ntoskrnl.exe]
ntoskrnl.exe-->ExUuidCreate, Type: EAT modification 0x806838EC-->805E9C7C [ntoskrnl.exe]
ntoskrnl.exe-->ExVerifySuite, Type: EAT modification 0x806838F0-->8050E0E8 [ntoskrnl.exe]
ntoskrnl.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x80683664-->80575BD8 [ntoskrnl.exe]
ntoskrnl.exe-->ExWindowStationObjectType, Type: EAT modification 0x806838F4-->8056A9C0 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: Inline - RelativeJump 0x80572E37-->805726BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: Inline - RelativeJump 0x80572E3F-->805726AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x80683904-->8057C4A1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x80683908-->804F7EB3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x8068390C-->80530A07 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: Inline - RelativeJump 0x805923AA-->8059248B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x80683910-->80589455 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x80683914-->805167C9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePool, Type: EAT modification 0x80683918-->80530F8B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuota, Type: Inline - RelativeCall 0x8052C192-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x8068391C-->80530FC2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x80683920-->8053102E [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x80683924-->80530FF9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocateResource, Type: EAT modification 0x80683928-->8061D709 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x8068392C-->805796A1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlBalanceReads, Type: EAT modification 0x80683930-->805BBFE2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x80683934-->804F45B3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x80683938-->804F7E6A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckOplock, Type: EAT modification 0x8068393C-->804E942F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCopyRead, Type: EAT modification 0x80683940-->8061CC31 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCopyWrite, Type: EAT modification 0x80683944-->8061CF37 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x80683948-->805318DB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x8068394C-->80579721 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x80683950-->805E5B4A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x80683954-->805D2CC5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x80683958-->8061D9A3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDissectDbcs, Type: EAT modification 0x8068395C-->8061DA38 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDissectName, Type: EAT modification 0x80683960-->8057B388 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x80683964-->8061DAE1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x80683968-->8057B89A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x8068396C-->804F7292 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x80683970-->8051657A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x80683974-->804F56F1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x80683978-->80530F4F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x8068397C-->805161EE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x80683980-->80583E5B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFreeFileLock, Type: EAT modification 0x80683984-->804FE989 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetFileSize, Type: EAT modification 0x80683988-->8057C4BB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x8068398C-->8050105B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x80683990-->804EC915 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x80683994-->805307EC [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x8068399C-->8061CC15 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x80683998-->805305EE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x806839A0-->80530605 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: Inline - RelativeJump 0x805744B9-->805744CC [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x806839A4-->80574B0D [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x806839A8-->804F7E8F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x806839AC-->804FBC9A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeMcb, Type: EAT modification 0x806839B0-->8061D6DF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeOplock, Type: Inline - RelativeJump 0x805774D6-->805774F1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeOplock, Type: EAT modification 0x806839B4-->80573E48 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x806839B8-->805D2C50 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x806839BC-->80531C0A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x806839C0-->804FBD4C [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x806839C4-->8061DB53 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x806839C8-->805898AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x806839CC-->8061DFB4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x806839D0-->8057B8D3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x806839D4-->8050A3A2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsPagingFile, Type: EAT modification 0x806839D8-->80531BEB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x806839DC-->80503910 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x806839E0-->804D8168 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x806839E4-->804ECD15 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x806839E8-->804F910E [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x806839EC-->8053069F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x806839F0-->80530791 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x806839F4-->80530A96 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x806839F8-->80531AA7 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerStreamContextInternal, Type: Inline - RelativeJump 0x804F478B-->804F479F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x806839FC-->804F383C [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlRead, Type: EAT modification 0x80683A00-->8061C6B1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x80683A04-->80530616 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x80683A08-->805305BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadDev, Type: EAT modification 0x80683A0C-->8061C4BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x80683A10-->8061D65B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x80683A14-->8061CBC3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x80683A18-->8050A3D5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x80683A1C-->8061E13B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x80683A20-->805E2B73 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x80683A24-->80587F0F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x80683A28-->8057C0FA [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: Inline - RelativeJump 0x80613817-->805A3992 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x80683A2C-->8061E173 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x80683A30-->8061E1EB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x80683A34-->8059E2D8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyReportChange, Type: Inline - RelativeJump 0x80613854-->805A3992 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x80683A38-->8061E1AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x80683A3C-->80583A91 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x80683A40-->805AB55A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x80683A44-->804F91C1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x80683A48-->805307D7 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x80683A4C-->805DCF14 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x80683A50-->8056FE85 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x80683A54-->80531DEB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x80683A58-->80531DC8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x80683A5C-->8061CB3B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWriteDev, Type: Inline - RelativeJump 0x80611E23-->805B0BE8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x80683A60-->8061C73B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrivateLock, Type: EAT modification 0x80683A64-->80515DBA [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlProcessFileLock, Type: EAT modification 0x80683A68-->80500AC5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x80683A6C-->805106E9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x80683A70-->805D9792 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlReleaseFile, Type: EAT modification 0x80683A74-->8057C368 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x80683A78-->804FD588 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x80683A7C-->80530A30 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x80683A80-->80531B40 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x80683A84-->80515B69 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x80683A88-->804ECA20 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: Inline - RelativeJump 0x8052BA0D-->804FC4C0 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: Inline - RelativeJump 0x8052BA12-->804EB229 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x80683A8C-->8053085B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSyncVolumes, Type: EAT modification 0x80683A90-->8061D74B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x80683A94-->8057C788 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x80683A98-->804F8FCB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateMcb, Type: Inline - RelativeCall 0x8052BB9C-->80543CCE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateMcb, Type: EAT modification 0x80683A9C-->805309E4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x80683AA0-->804F99DB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x80683AA4-->804FC309 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x80683AA8-->8061D6F4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x80683AAC-->804FC261 [ntoskrnl.exe]
ntoskrnl.exe-->HalDispatchTable, Type: EAT modification 0x80683AB0-->80553038 [ntoskrnl.exe]
ntoskrnl.exe-->HalExamineMBR, Type: EAT modification 0x8068369C-->8050D44B [ntoskrnl.exe]
ntoskrnl.exe-->HalPrivateDispatchTable, Type: EAT modification 0x80683AB4-->80553090 [ntoskrnl.exe]
ntoskrnl.exe-->HeadlessDispatch, Type: EAT modification 0x80683AB8-->8050D2F8 [ntoskrnl.exe]
ntoskrnl.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x80683ABC-->805321FF [ntoskrnl.exe]
ntoskrnl.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x80683AC0-->8050B508 [ntoskrnl.exe]
ntoskrnl.exe-->InbvDisplayString, Type: EAT modification 0x80683AC4-->8050D350 [ntoskrnl.exe]
ntoskrnl.exe-->InbvEnableBootDriver, Type: EAT modification 0x80683AC8-->8050D212 [ntoskrnl.exe]
ntoskrnl.exe-->InbvEnableDisplayString, Type: EAT modification 0x80683ACC-->8050D527 [ntoskrnl.exe]
ntoskrnl.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x80683AD0-->805108B4 [ntoskrnl.exe]
ntoskrnl.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x80683AD4-->80532022 [ntoskrnl.exe]
ntoskrnl.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x80683AD8-->8050C222 [ntoskrnl.exe]
ntoskrnl.exe-->InbvResetDisplay, Type: EAT modification 0x80683ADC-->80532033 [ntoskrnl.exe]
ntoskrnl.exe-->InbvSetScrollRegion, Type: EAT modification 0x80683AE0-->8053225F [ntoskrnl.exe]
ntoskrnl.exe-->InbvSetTextColor, Type: EAT modification 0x80683AE4-->80532143 [ntoskrnl.exe]
ntoskrnl.exe-->InbvSolidColorFill, Type: EAT modification 0x80683AE8-->805320B7 [ntoskrnl.exe]
ntoskrnl.exe-->InitSafeBootMode, Type: EAT modification 0x80683AEC-->80560880 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedCompareExchange, Type: EAT modification 0x806836A0-->804E5728 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedDecrement, Type: EAT modification 0x806836A4-->804E571C [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedExchange, Type: EAT modification 0x806836A8-->804E5708 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedExchangeAdd, Type: EAT modification 0x806836AC-->804E576C [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedIncrement, Type: EAT modification 0x806836B0-->804E5710 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedPopEntrySList, Type: EAT modification 0x806836B4-->804E131F [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedPushEntrySList, Type: EAT modification 0x806836B8-->804E1343 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x80683AF0-->804E81D7 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x80683AF4-->804EAD26 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x80683AF8-->805058D0 [ntoskrnl.exe]
ntoskrnl.exe-->IoAdapterObjectType, Type: EAT modification 0x80683AFC-->80560D70 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x80683B00-->80518C16 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateController, Type: EAT modification 0x80683B04-->80509230 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x80683B08-->8050999B [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x80683B0C-->8050BB6D [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateIrp, Type: EAT modification 0x80683B10-->804EAFBD [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateMdl, Type: EAT modification 0x80683B14-->804EDDB1 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateWorkItem, Type: EAT modification 0x80683B18-->804FEBBD [ntoskrnl.exe]
ntoskrnl.exe-->IoAssignDriveLetters, Type: EAT modification 0x806836BC-->805C079D [ntoskrnl.exe]
ntoskrnl.exe-->IoAssignResources, Type: EAT modification 0x80683B1C-->80624B37 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDevice, Type: EAT modification 0x80683B20-->80621101 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceByPointer, Type: Inline - DirectCall 0x8052E337-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x80683B24-->80532CD0 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: Inline - RelativeCall 0x8050BB8F-->8050BBA2 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x80683B28-->80506BF6 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x80683B2C-->80508EA3 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x80683B30-->804FC59C [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x80683B34-->80518674 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildPartialMdl, Type: EAT modification 0x80683B38-->804EE132 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x80683B3C-->80518DB9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCallDriver, Type: EAT modification 0x80683B40-->80532862 [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelFileOpen, Type: Inline - RelativeJump 0x806164B9-->806164DE [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelFileOpen, Type: EAT modification 0x80683B44-->80620DF9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelIrp, Type: EAT modification 0x80683B48-->805184C1 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckDesiredAccess, Type: EAT modification 0x80683B4C-->8061FF83 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x80683B50-->8059E280 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckFunctionAccess, Type: EAT modification 0x80683B54-->805EB34E [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x80683B58-->80532379 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x80683B5C-->805323C3 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x80683B60-->8061FFC4 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckShareAccess, Type: EAT modification 0x80683B64-->8057B23E [ntoskrnl.exe]
ntoskrnl.exe-->IoCompleteRequest, Type: EAT modification 0x80683B68-->80532881 [ntoskrnl.exe]
ntoskrnl.exe-->IoConnectInterrupt, Type: EAT modification 0x80683B6C-->805B07B1 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateController, Type: EAT modification 0x80683B70-->805C5A7D [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDevice, Type: EAT modification 0x80683B74-->805A170C [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDisk, Type: EAT modification 0x80683B78-->8061FCD3 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDriver, Type: EAT modification 0x80683B7C-->805B50EE [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFile, Type: Inline - RelativeJump 0x8056CE50-->8056CE4E [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFile, Type: EAT modification 0x80683B80-->80579B92 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x80683B84-->8058B001 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateNotificationEvent, Type: EAT modification 0x80683B88-->805B6BAB [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObject, Type: EAT modification 0x80683B8C-->805D2CFC [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x80683B90-->8050A4FD [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x80683B94-->8057BB83 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateSymbolicLink, Type: EAT modification 0x80683B98-->805D2EFF [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x80683B9C-->805C6899 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x80683BA0-->805D712C [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqInitialize, Type: EAT modification 0x80683BA4-->80509A3C [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqInsertIrp, Type: EAT modification 0x80683BA8-->80518C81 [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqRemoveIrp, Type: EAT modification 0x80683BAC-->80518CE6 [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x80683BB0-->804E612C [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteController, Type: EAT modification 0x80683BB4-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteDevice, Type: EAT modification 0x80683BB8-->80505760 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteDriver, Type: EAT modification 0x80683BBC-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x80683BC0-->805D7E64 [ntoskrnl.exe]
ntoskrnl.exe-->IoDetachDevice, Type: EAT modification 0x80683BC4-->80507FC4 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x80683BC8-->80560D54 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x80683BCC-->80560D5C [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceObjectType, Type: EAT modification 0x80683BD0-->80560D64 [ntoskrnl.exe]
ntoskrnl.exe-->IoDisconnectInterrupt, Type: EAT modification 0x80683BD4-->805AF3E9 [ntoskrnl.exe]
ntoskrnl.exe-->IoDriverObjectType, Type: EAT modification 0x80683BD8-->80560D60 [ntoskrnl.exe]
ntoskrnl.exe-->IoEnqueueIrp, Type: EAT modification 0x80683BDC-->806202B8 [ntoskrnl.exe]
ntoskrnl.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x80683BE0-->8050A29E [ntoskrnl.exe]
ntoskrnl.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x80683BE4-->80620F86 [ntoskrnl.exe]
ntoskrnl.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x80683BE8-->806202FB [ntoskrnl.exe]
ntoskrnl.exe-->IofCallDriver, Type: EAT modification 0x806836CC-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe-->IofCompleteRequest, Type: EAT modification 0x806836D0-->804E17CF [ntoskrnl.exe]
ntoskrnl.exe-->IoFileObjectType, Type: EAT modification 0x80683BEC-->80560D58 [ntoskrnl.exe]
ntoskrnl.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x80683BF0-->805C5620 [ntoskrnl.exe]
ntoskrnl.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x80683BF4-->805C5620 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeController, Type: EAT modification 0x80683BF8-->80509203 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x80683BFC-->80532315 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeIrp, Type: EAT modification 0x80683C00-->804EAF62 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeMdl, Type: EAT modification 0x80683C04-->804EDE66 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeWorkItem, Type: EAT modification 0x80683C08-->804FEBA5 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetAttachedDevice, Type: EAT modification 0x80683C0C-->804E8477 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x80683C10-->8051527F [ntoskrnl.exe]
ntoskrnl.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x80683C14-->804ED31D [ntoskrnl.exe]
ntoskrnl.exe-->IoGetBootDiskInformation, Type: EAT modification 0x80683C18-->805CC72D [ntoskrnl.exe]
ntoskrnl.exe-->IoGetConfigurationInformation, Type: EAT modification 0x80683C1C-->805D7121 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetCurrentProcess, Type: EAT modification 0x80683C20-->804E5E36 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x80683C24-->80508E5A [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x80683C28-->805D86E7 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x80683C2C-->8059D4AC [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x80683C30-->805E3B29 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceProperty, Type: EAT modification 0x80683C34-->8059BFB5 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceToVerify, Type: EAT modification 0x80683C38-->8050A371 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x80683C3C-->8050A31C [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDmaAdapter, Type: EAT modification 0x80683C40-->805C3C25 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x80683C44-->8050582A [ntoskrnl.exe]
ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x80683C48-->80579683 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetInitialStack, Type: EAT modification 0x80683C4C-->8053245E [ntoskrnl.exe]
ntoskrnl.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x80683C50-->80508DC6 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x80683C54-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorProcess, Type: EAT modification 0x80683C58-->804F4331 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorProcessId, Type: EAT modification 0x80683C5C-->804F9B61 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorSessionId, Type: EAT modification 0x80683C60-->80515366 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetStackLimits, Type: EAT modification 0x80683C64-->804DC214 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetTopLevelIrp, Type: EAT modification 0x80683C68-->804E84B2 [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeCrashDump, Type: EAT modification 0x80683C6C-->805BA4CB [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeIrp, Type: EAT modification 0x80683C70-->805197FC [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x80683C74-->805B667B [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeTimer, Type: EAT modification 0x80683C78-->805D7ED6 [ntoskrnl.exe]
ntoskrnl.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x80683C7C-->80505DDD [ntoskrnl.exe]
ntoskrnl.exe-->IoInvalidateDeviceState, Type: EAT modification 0x80683C80-->8050BADF [ntoskrnl.exe]
ntoskrnl.exe-->IoIsFileOriginRemote, Type: EAT modification 0x80683C84-->804F8355 [ntoskrnl.exe]
ntoskrnl.exe-->IoIsOperationSynchronous, Type: EAT modification 0x80683C88-->804EAFCE [ntoskrnl.exe]
ntoskrnl.exe-->IoIsSystemThread, Type: EAT modification 0x80683C8C-->80514E6B [ntoskrnl.exe]
ntoskrnl.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x80683C90-->80620400 [ntoskrnl.exe]
ntoskrnl.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x80683C94-->8059D309 [ntoskrnl.exe]
ntoskrnl.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x80683C98-->80513B48 [ntoskrnl.exe]
ntoskrnl.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x80683C9C-->805A0681 [ntoskrnl.exe]
ntoskrnl.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x80683CA0-->8059D062 [ntoskrnl.exe]
ntoskrnl.exe-->IoPageRead, Type: EAT modification 0x80683CA4-->804FB224 [ntoskrnl.exe]
ntoskrnl.exe-->IoPnPDeliverServicePowerNotification, Type: EAT modification 0x80683CA8-->80625626 [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryDeviceDescription, Type: EAT modification 0x80683CAC-->805B427B [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x80683CB0-->80620F0B [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryFileInformation, Type: EAT modification 0x80683CB4-->8058EFEC [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryVolumeInformation, Type: EAT modification 0x80683CB8-->805BB0FC [ntoskrnl.exe]
ntoskrnl.exe-->IoQueueThreadIrp, Type: EAT modification 0x80683CBC-->804FEB68 [ntoskrnl.exe]
ntoskrnl.exe-->IoQueueWorkItem, Type: EAT modification 0x80683CC0-->804E627F [ntoskrnl.exe]
ntoskrnl.exe-->IoRaiseHardError, Type: EAT modification 0x80683CC4-->8050A461 [ntoskrnl.exe]
ntoskrnl.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x80683CC8-->805324C7 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadDiskSignature, Type: Inline - RelativeJump 0x8050F8F2-->8050F8F8 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadDiskSignature, Type: EAT modification 0x80683CCC-->80510819 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadOperationCount, Type: EAT modification 0x80683CD0-->80560D50 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadPartitionTable, Type: EAT modification 0x806836C0-->805BE9EE [ntoskrnl.exe]
ntoskrnl.exe-->IoReadPartitionTableEx, Type: EAT modification 0x80683CD4-->805CC6CD [ntoskrnl.exe]
ntoskrnl.exe-->IoReadTransferCount, Type: EAT modification 0x80683CD8-->80560D40 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x80683CDC-->805C6911 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x80683CE0-->805DCC64 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x80683CE4-->805C5D02 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFileSystem, Type: EAT modification 0x80683CE8-->805AF1B5 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFsRegistrationChange, Type: Inline - RelativeJump 0x805D2A75-->805D2A83 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x80683CEC-->805CE9E2 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x80683CF0-->80620933 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x80683CF4-->8059D346 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x80683CF8-->805BB902 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x80683CFC-->804E81BD [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x80683D00-->80624AE1 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x80683D04-->804EACF3 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x80683D08-->805058EC [ntoskrnl.exe]
ntoskrnl.exe-->IoRemoveShareAccess, Type: Inline - RelativeJump 0x8056D00C-->8056D03E [ntoskrnl.exe]
ntoskrnl.exe-->IoRemoveShareAccess, Type: EAT modification 0x80683D0C-->80579BF4 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportDetectedDevice, Type: EAT modification 0x80683D10-->805CDE34 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportHalResourceUsage, Type: EAT modification 0x80683D14-->806B48FB [ntoskrnl.exe]
ntoskrnl.exe-->IoReportResourceForDetection, Type: EAT modification 0x80683D18-->805BDCFD [ntoskrnl.exe]
ntoskrnl.exe-->IoReportResourceUsage, Type: EAT modification 0x80683D1C-->805BD317 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x80683D20-->80625711 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x80683D24-->805054D9 [ntoskrnl.exe]
ntoskrnl.exe-->IoRequestDeviceEject, Type: EAT modification 0x80683D28-->80535825 [ntoskrnl.exe]
ntoskrnl.exe-->IoReuseIrp, Type: EAT modification 0x80683D2C-->804ECE58 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x80683D30-->8050D9E8 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x80683D34-->805D7867 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetDeviceToVerify, Type: EAT modification 0x80683D38-->8050A388 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetFileOrigin, Type: EAT modification 0x80683D3C-->8051C812 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x80683D40-->80508949 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetInformation, Type: EAT modification 0x80683D44-->8062098F [ntoskrnl.exe]
ntoskrnl.exe-->IoSetIoCompletion, Type: EAT modification 0x80683D48-->80576D74 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformation, Type: Inline - RelativeJump 0x80613BB8-->80613BCE [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformation, Type: EAT modification 0x806836C4-->8061E517 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x80683D4C-->8061FD2A [ntoskrnl.exe]
ntoskrnl.exe-->IoSetShareAccess, Type: EAT modification 0x80683D50-->80579C54 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetStartIoAttributes, Type: EAT modification 0x80683D54-->8050E35E [ntoskrnl.exe]
ntoskrnl.exe-->IoSetSystemPartition, Type: EAT modification 0x80683D58-->8053294B [ntoskrnl.exe]
ntoskrnl.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x80683D5C-->804E9480 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetTopLevelIrp, Type: EAT modification 0x80683D60-->804E8495 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacket, Type: Inline - RelativeCall 0x804E3EEB-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacket, Type: EAT modification 0x80683D64-->804E5C3B [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacketByKey, Type: EAT modification 0x80683D68-->805327F1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartPacket, Type: EAT modification 0x80683D6C-->804E60A1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartTimer, Type: EAT modification 0x80683D70-->80508AA0 [ntoskrnl.exe]
ntoskrnl.exe-->IoStatisticsLock, Type: EAT modification 0x80683D74-->80559700 [ntoskrnl.exe]
ntoskrnl.exe-->IoStopTimer, Type: EAT modification 0x80683D78-->80507CD1 [ntoskrnl.exe]
ntoskrnl.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x80683D7C-->805B6B18 [ntoskrnl.exe]
ntoskrnl.exe-->IoSynchronousPageWrite, Type: EAT modification 0x80683D80-->804EEC16 [ntoskrnl.exe]
ntoskrnl.exe-->IoThreadToProcess, Type: EAT modification 0x80683D84-->804E8400 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterFileSystem, Type: EAT modification 0x80683D88-->805B05C9 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x80683D8C-->80620C44 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x80683D90-->8059D295 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x80683D94-->80665347 [ntoskrnl.exe]
ntoskrnl.exe-->IoUpdateShareAccess, Type: EAT modification 0x80683D98-->8057BB20 [ntoskrnl.exe]
ntoskrnl.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x80683D9C-->80532B20 [ntoskrnl.exe]
ntoskrnl.exe-->IoVerifyPartitionTable, Type: EAT modification 0x80683DA0-->8061FAE0 [ntoskrnl.exe]
ntoskrnl.exe-->IoVerifyVolume, Type: EAT modification 0x80683DA4-->80620CB4 [ntoskrnl.exe]
ntoskrnl.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x80683DA8-->80534DE2 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x80683DAC-->80646D42 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIDeviceObjectToInstanceName, Type: Inline - RelativeCall 0x80545D11-->80545A53 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x80683DB0-->80549B6B [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIExecuteMethod, Type: EAT modification 0x80683DB4-->80647337 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x80683DB8-->8050B48C [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIOpenBlock, Type: Inline - RelativeJump 0x805A8171-->805C71BD [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIOpenBlock, Type: EAT modification 0x80683DBC-->805B10CA [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQueryAllData, Type: EAT modification 0x80683DC0-->805B194F [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x80683DC4-->8064707A [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x80683DC8-->805B5762 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x80683DCC-->806470FC [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIRegistrationControl, Type: EAT modification 0x80683DD0-->805A218B [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x80683DD4-->805B1BF7 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetSingleInstance, Type: EAT modification 0x80683DD8-->8064717F [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetSingleItem, Type: EAT modification 0x80683DDC-->80647257 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x80683DE0-->80646E29 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIWriteEvent, Type: EAT modification 0x80683DE4-->805094CA [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x80683DE8-->8050BDCD [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteOperationCount, Type: EAT modification 0x80683DEC-->80560D4C [ntoskrnl.exe]
ntoskrnl.exe-->IoWritePartitionTable, Type: EAT modification 0x806836C8-->8061E78B [ntoskrnl.exe]
ntoskrnl.exe-->IoWritePartitionTableEx, Type: EAT modification 0x80683DF0-->8061F9C6 [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteTransferCount, Type: EAT modification 0x80683DF4-->80560D38 [ntoskrnl.exe]
ntoskrnl.exe-->isdigit, Type: EAT modification 0x80684CA0-->805124D7 [ntoskrnl.exe]
ntoskrnl.exe-->islower, Type: EAT modification 0x80684CA4-->8054B4C1 [ntoskrnl.exe]
ntoskrnl.exe-->isprint, Type: EAT modification 0x80684CA8-->8054B542 [ntoskrnl.exe]
ntoskrnl.exe-->isspace, Type: Inline - RelativeJump 0x805476AE-->805476D3 [ntoskrnl.exe]
ntoskrnl.exe-->isspace, Type: EAT modification 0x80684CAC-->80512500 [ntoskrnl.exe]
ntoskrnl.exe-->isupper, Type: EAT modification 0x80684CB0-->805124AE [ntoskrnl.exe]
ntoskrnl.exe-->isxdigit, Type: EAT modification 0x80684CB4-->8054B4FF [ntoskrnl.exe]
ntoskrnl.exe-->KdDebuggerEnabled, Type: EAT modification 0x80683DF8-->8055BA41 [ntoskrnl.exe]
ntoskrnl.exe-->KdDebuggerNotPresent, Type: EAT modification 0x80683DFC-->8055BA40 [ntoskrnl.exe]
ntoskrnl.exe-->KdDisableDebugger, Type: EAT modification 0x80683E00-->80535F65 [ntoskrnl.exe]
ntoskrnl.exe-->KdEnableDebugger, Type: EAT modification 0x80683E04-->80535FDE [ntoskrnl.exe]
ntoskrnl.exe-->KdEnteredDebugger, Type: EAT modification 0x80683E08-->8055BA44 [ntoskrnl.exe]
ntoskrnl.exe-->KdPollBreakIn, Type: EAT modification 0x80683E0C-->804E25AB [ntoskrnl.exe]
ntoskrnl.exe-->KdPowerTransition, Type: EAT modification 0x80683E10-->8053603B [ntoskrnl.exe]
ntoskrnl.exe-->Ke386CallBios, Type: Inline - RelativeCall 0x805B790E-->805B7926 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386CallBios, Type: EAT modification 0x80683E14-->805B334A [ntoskrnl.exe]
ntoskrnl.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x80683E18-->8050DC81 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x80683E1C-->8050DC25 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x80683E20-->8050DD1F [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x806836D4-->804E2518 [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x80683E24-->80536447 [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x80683E28-->804E243B [ntoskrnl.exe]
ntoskrnl.exe-->KeAddSystemServiceTable, Type: EAT modification 0x80683E2C-->805B8D9D [ntoskrnl.exe]
ntoskrnl.exe-->KeAreApcsDisabled, Type: EAT modification 0x80683E30-->8051AEAC [ntoskrnl.exe]
ntoskrnl.exe-->KeAttachProcess, Type: EAT modification 0x80683E34-->804F15C5 [ntoskrnl.exe]
ntoskrnl.exe-->KeBugCheck, Type: EAT modification 0x80683E38-->80537679 [ntoskrnl.exe]
ntoskrnl.exe-->KeBugCheckEx, Type: EAT modification 0x80683E3C-->8053769F [ntoskrnl.exe]
ntoskrnl.exe-->KeCancelTimer, Type: EAT modification 0x80683E40-->804E61C5 [ntoskrnl.exe]
ntoskrnl.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x80683E44-->8053375F [ntoskrnl.exe]
ntoskrnl.exe-->KeClearEvent, Type: EAT modification 0x80683E48-->804E5AA4 [ntoskrnl.exe]
ntoskrnl.exe-->KeConnectInterrupt, Type: EAT modification 0x80683E4C-->8050A11A [ntoskrnl.exe]
ntoskrnl.exe-->KeDcacheFlushCount, Type: EAT modification 0x80683E50-->8055BA54 [ntoskrnl.exe]
ntoskrnl.exe-->KeDelayExecutionThread, Type: EAT modification 0x80683E54-->804E14F6 [ntoskrnl.exe]
ntoskrnl.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x80683E58-->805368B7 [ntoskrnl.exe]
ntoskrnl.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x80683E5C-->805369DF [ntoskrnl.exe]
ntoskrnl.exe-->KeDetachProcess, Type: EAT modification 0x80683E60-->804F161E [ntoskrnl.exe]
ntoskrnl.exe-->KeDisconnectInterrupt, Type: EAT modification 0x80683E64-->80509FF8 [ntoskrnl.exe]
ntoskrnl.exe-->KeEnterCriticalRegion, Type: EAT modification 0x80683E68-->804D95F2 [ntoskrnl.exe]
ntoskrnl.exe-->KeEnterKernelDebugger, Type: EAT modification 0x80683E6C-->8053686B [ntoskrnl.exe]
ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x806836E0-->804E2427 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: EAT modification 0x80683E70-->806B4DD9 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x80683E74-->806BA287 [ntoskrnl.exe]
ntoskrnl.exe-->KeFlushEntireTb, Type: EAT modification 0x80683E78-->804E9BF5 [ntoskrnl.exe]
ntoskrnl.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x80683E7C-->805AD468 [ntoskrnl.exe]
ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: EAT modification 0x806836E4-->804E2468 [ntoskrnl.exe]
ntoskrnl.exe-->KeGetCurrentThread, Type: EAT modification 0x80683E80-->804DB622 [ntoskrnl.exe]
ntoskrnl.exe-->KeGetPreviousMode, Type: EAT modification 0x80683E84-->804DB62A [ntoskrnl.exe]
ntoskrnl.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x80683E88-->80508931 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386AbiosCall, Type: EAT modification 0x80683E8C-->80537CFD [ntoskrnl.exe]
ntoskrnl.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x80683E90-->80510DC4 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x80683E94-->804D9A3C [ntoskrnl.exe]
ntoskrnl.exe-->KeI386Call16BitFunction, Type: EAT modification 0x80683E98-->804D9898 [ntoskrnl.exe]
ntoskrnl.exe-->Kei386EoiHelper, Type: EAT modification 0x8068370C-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x80683E9C-->80537E0A [ntoskrnl.exe]
ntoskrnl.exe-->KeI386GetLid, Type: EAT modification 0x80683EA0-->80537AFF [ntoskrnl.exe]
ntoskrnl.exe-->KeI386MachineType, Type: EAT modification 0x80683EA4-->8055BA84 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x80683EA8-->80537D9F [ntoskrnl.exe]
ntoskrnl.exe-->KeI386ReleaseLid, Type: EAT modification 0x80683EAC-->80537C7B [ntoskrnl.exe]
ntoskrnl.exe-->KeI386SetGdtSelector, Type: EAT modification 0x80683EB0-->806664DA [ntoskrnl.exe]
ntoskrnl.exe-->KeIcacheFlushCount, Type: EAT modification 0x80683EB4-->8055BA58 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeApc, Type: EAT modification 0x80683EB8-->804E5C99 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x80683EBC-->80506671 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeDpc, Type: EAT modification 0x80683EC0-->804E7DB8 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeEvent, Type: EAT modification 0x80683EC4-->804E7DE6 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeInterrupt, Type: EAT modification 0x80683EC8-->8050A082 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutant, Type: EAT modification 0x80683ECC-->804FA804 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutex, Type: Inline - RelativeJump 0x8051243B-->8052ACC7 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutex, Type: EAT modification 0x80683ED0-->80518BE3 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeQueue, Type: EAT modification 0x80683ED4-->804FE890 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeSemaphore, Type: EAT modification 0x80683ED8-->804E88F1 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeSpinLock, Type: EAT modification 0x80683EDC-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeTimer, Type: EAT modification 0x80683EE0-->804EC4FB [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeTimerEx, Type: EAT modification 0x80683EE4-->804EC513 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x80683EE8-->804E5F99 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertDeviceQueue, Type: EAT modification 0x80683EEC-->804E605E [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertHeadQueue, Type: EAT modification 0x80683EF0-->8051AFA3 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueue, Type: EAT modification 0x80683EF4-->804E5AB9 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueueApc, Type: EAT modification 0x80683EF8-->804E5CEF [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueueDpc, Type: EAT modification 0x80683EFC-->804D968D [ntoskrnl.exe]
ntoskrnl.exe-->KeIsAttachedProcess, Type: EAT modification 0x80683F00-->80509CD9 [ntoskrnl.exe]
ntoskrnl.exe-->KeIsExecutingDpc, Type: EAT modification 0x80683F04-->804DB63A [ntoskrnl.exe]
ntoskrnl.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x80683F08-->804D9604 [ntoskrnl.exe]
ntoskrnl.exe-->KeLoaderBlock, Type: EAT modification 0x80683F0C-->8055BA5C [ntoskrnl.exe]
ntoskrnl.exe-->KeNumberProcessors, Type: EAT modification 0x80683F10-->8055BA60 [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterrupt, Type: EAT modification 0x80683F14-->804E28EE [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterruptWithSource, Type: Inline - RelativeCall 0x804E3482-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x80683F18-->804E28F6 [ntoskrnl.exe]
ntoskrnl.exe-->KePulseEvent, Type: EAT modification 0x80683F1C-->80515CB3 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryActiveProcessors, Type: EAT modification 0x80683F20-->805B623F [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryInterruptTime, Type: EAT modification 0x80683F24-->804E5C65 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryPriorityThread, Type: EAT modification 0x80683F28-->80538084 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryRuntimeThread, Type: EAT modification 0x80683F2C-->805150DC [ntoskrnl.exe]
ntoskrnl.exe-->KeQuerySystemTime, Type: Inline - RelativeCall 0x804E3BB5-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeQuerySystemTime, Type: EAT modification 0x80683F30-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTickCount, Type: Inline - RelativeJump 0x804EDC2E-->804EDC28 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTickCount, Type: EAT modification 0x80683F34-->804ED995 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTimeIncrement, Type: EAT modification 0x80683F38-->804E5A3E [ntoskrnl.exe]
ntoskrnl.exe-->KeRaiseUserException, Type: EAT modification 0x80683F3C-->805383C4 [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateEvent, Type: Inline - PushRet 0x804E42CB-->CFB80008 [unknown_code_page]
ntoskrnl.exe-->KeReadStateEvent, Type: EAT modification 0x80683F40-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateMutant, Type: EAT modification 0x80683F44-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateMutex, Type: EAT modification 0x80683F48-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateQueue, Type: EAT modification 0x80683F4C-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateSemaphore, Type: EAT modification 0x80683F50-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateTimer, Type: EAT modification 0x80683F54-->804E6C19 [ntoskrnl.exe]
ntoskrnl.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x80683F58-->8050DB2A [ntoskrnl.exe]
ntoskrnl.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x80683F5C-->8050E119 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x806836D8-->804E2550 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x80683F60-->80536476 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseMutant, Type: EAT modification 0x80683F64-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseMutex, Type: EAT modification 0x80683F68-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSemaphore, Type: EAT modification 0x80683F6C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSpinLockFromDpcLevel, Type: Inline - RelativeJump 0x804DA5EF-->804DA603 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x80683F70-->804E246C [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x80683F74-->804E6020 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x80683F78-->80537F0F [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveDeviceQueue, Type: EAT modification 0x80683F7C-->804E5FE4 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x80683F80-->80537F84 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveQueue, Type: EAT modification 0x80683F84-->804E21B4 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveQueueDpc, Type: EAT modification 0x80683F88-->80514F93 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x80683F8C-->8062A382 [ntoskrnl.exe]
ntoskrnl.exe-->KeResetEvent, Type: EAT modification 0x80683F90-->804E8525 [ntoskrnl.exe]
ntoskrnl.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x80683F94-->804F44A2 [ntoskrnl.exe]
ntoskrnl.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x80683F98-->80506DBF [ntoskrnl.exe]
ntoskrnl.exe-->KeRundownQueue, Type: EAT modification 0x80683F9C-->804FE9AC [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: Inline - RelativeCall 0x804F0D9B-->804EA9EB [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: Inline - RelativeJump 0x804F0DA3-->80507AFA [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: EAT modification 0x80683FA0-->804F4385 [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveStateForHibernate, Type: EAT modification 0x80683FA4-->8053849F [ntoskrnl.exe]
ntoskrnl.exe-->KeServiceDescriptorTable, Type: EAT modification 0x80683FA8-->80562520 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetAffinityThread, Type: EAT modification 0x80683FAC-->805188C3 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetBasePriorityThread, Type: EAT modification 0x80683FB0-->80514FD4 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x80683FB4-->80536367 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetEvent, Type: EAT modification 0x80683FB8-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetEventBoostPriority, Type: EAT modification 0x80683FBC-->804E68BC [ntoskrnl.exe]
ntoskrnl.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x80683FC0-->80519874 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetImportanceDpc, Type: EAT modification 0x80683FC4-->804EC82B [ntoskrnl.exe]
ntoskrnl.exe-->KeSetKernelStackSwapEnable, Type: EAT modification 0x80683FC8-->804F45DC [ntoskrnl.exe]
ntoskrnl.exe-->KeSetPriorityThread, Type: EAT modification 0x80683FCC-->804EC21C [ntoskrnl.exe]
ntoskrnl.exe-->KeSetProfileIrql, Type: EAT modification 0x80683FD0-->806B4D76 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x80683FD4-->80506D58 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x80683FD8-->80509693 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimeIncrement, Type: EAT modification 0x80683FDC-->80510D87 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimer, Type: EAT modification 0x80683FE0-->804E216F [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimerEx, Type: EAT modification 0x80683FE4-->804E210E [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimeUpdateNotifyRoutine, Type: EAT modification 0x806836DC-->8062A3EF [ntoskrnl.exe]
ntoskrnl.exe-->KeStackAttachProcess, Type: EAT modification 0x80683FE8-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe-->KeSynchronizeExecution, Type: EAT modification 0x80683FEC-->804DB68A [ntoskrnl.exe]
ntoskrnl.exe-->KeTerminateThread, Type: EAT modification 0x80683FF0-->804EC32A [ntoskrnl.exe]
ntoskrnl.exe-->KeTickCount, Type: EAT modification 0x80683FF4-->8055A000 [ntoskrnl.exe]
ntoskrnl.exe-->KeUnstackDetachProcess, Type: Inline - RelativeCall 0x804F14F6-->804F1580 [ntoskrnl.exe]
ntoskrnl.exe-->KeUnstackDetachProcess, Type: EAT modification 0x80683FF8-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateRunTime, Type: Inline - RelativeCall 0x804E3346-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateRunTime, Type: EAT modification 0x80683FFC-->804E2794 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateSystemTime, Type: EAT modification 0x80684000-->804E2608 [ntoskrnl.exe]
ntoskrnl.exe-->KeUserModeCallback, Type: EAT modification 0x80684004-->8056F133 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x80684008-->804E1A33 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForMutexObject, Type: EAT modification 0x8068400C-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForSingleObject, Type: EAT modification 0x80684010-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe-->KiAcquireSpinLock, Type: EAT modification 0x806836E8-->804E2478 [ntoskrnl.exe]
ntoskrnl.exe-->KiBugCheckData, Type: EAT modification 0x80684014-->80562EC0 [ntoskrnl.exe]
ntoskrnl.exe-->KiCoprocessorError, Type: EAT modification 0x80684018-->804E114B [ntoskrnl.exe]
ntoskrnl.exe-->KiDeliverApc, Type: EAT modification 0x8068401C-->804DCE01 [ntoskrnl.exe]
ntoskrnl.exe-->KiDispatchInterrupt, Type: Inline - RelativeJump 0x804DB880-->804DB87F [ntoskrnl.exe]

ntoskrnl.exe-->KiDispatchInterrupt, Type: EAT modification 0x80684020-->804DC862 [ntoskrnl.exe]
ntoskrnl.exe-->KiEnableTimerWatchdog, Type: EAT modification 0x80684024-->8055BA78 [ntoskrnl.exe]
ntoskrnl.exe-->Kii386SpinOnSpinLock, Type: EAT modification 0x80683710-->804DB61F [ntoskrnl.exe]
ntoskrnl.exe-->KiIpiServiceRoutine, Type: EAT modification 0x80684028-->804D9D1E [ntoskrnl.exe]
ntoskrnl.exe-->KiReleaseSpinLock, Type: EAT modification 0x806836EC-->804E2498 [ntoskrnl.exe]
ntoskrnl.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x8068402C-->804DBAF4 [ntoskrnl.exe]
ntoskrnl.exe-->LdrAccessResource, Type: EAT modification 0x80684030-->805DE2A9 [ntoskrnl.exe]
ntoskrnl.exe-->LdrEnumResources, Type: EAT modification 0x80684034-->80638B08 [ntoskrnl.exe]
ntoskrnl.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x80684038-->805B5A5F [ntoskrnl.exe]
ntoskrnl.exe-->LdrFindResource_U, Type: EAT modification 0x8068403C-->805B8648 [ntoskrnl.exe]
ntoskrnl.exe-->LpcPortObjectType, Type: EAT modification 0x80684040-->80562F08 [ntoskrnl.exe]
ntoskrnl.exe-->LpcRequestPort, Type: EAT modification 0x80684044-->8059531E [ntoskrnl.exe]
ntoskrnl.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x80684048-->8059E237 [ntoskrnl.exe]
ntoskrnl.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x8068404C-->80651D70 [ntoskrnl.exe]
ntoskrnl.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x80684050-->80651E13 [ntoskrnl.exe]
ntoskrnl.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x80684054-->805EB39D [ntoskrnl.exe]
ntoskrnl.exe-->LsaLogonUser, Type: EAT modification 0x80684058-->80651C76 [ntoskrnl.exe]
ntoskrnl.exe-->LsaLookupAuthenticationPackage, Type: EAT modification 0x8068405C-->80651BC8 [ntoskrnl.exe]
ntoskrnl.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x80684060-->80651A2F [ntoskrnl.exe]
ntoskrnl.exe-->mbstowcs, Type: EAT modification 0x80684CB8-->8054B59C [ntoskrnl.exe]
ntoskrnl.exe-->mbtowc, Type: EAT modification 0x80684CBC-->804FCFAF [ntoskrnl.exe]
ntoskrnl.exe-->memchr, Type: EAT modification 0x80684CC0-->804DA9DB [ntoskrnl.exe]
ntoskrnl.exe-->memcpy, Type: EAT modification 0x80684CC4-->804DAA82 [ntoskrnl.exe]
ntoskrnl.exe-->memmove, Type: EAT modification 0x80684CC8-->804DADC5 [ntoskrnl.exe]
ntoskrnl.exe-->memset, Type: EAT modification 0x80684CCC-->804DB105 [ntoskrnl.exe]
ntoskrnl.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x80684064-->80567944 [ntoskrnl.exe]
ntoskrnl.exe-->MmAddPhysicalMemory, Type: EAT modification 0x80684068-->8066AC0B [ntoskrnl.exe]
ntoskrnl.exe-->MmAddVerifierThunks, Type: EAT modification 0x8068406C-->8062BAF4 [ntoskrnl.exe]
ntoskrnl.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x80684070-->8066AC3B [ntoskrnl.exe]
ntoskrnl.exe-->MmAdvanceMdl, Type: EAT modification 0x80684074-->8053AB13 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x80684078-->8050C3E2 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x8068407C-->80504DD2 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateMappingAddress, Type: EAT modification 0x80684080-->805C5B3D [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x80684084-->8062CC8A [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x80684088-->8066586D [ntoskrnl.exe]
ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x8068408C-->804EDEBC [ntoskrnl.exe]
ntoskrnl.exe-->MmCanFileBeTruncated, Type: EAT modification 0x80684090-->804F719D [ntoskrnl.exe]
ntoskrnl.exe-->MmCommitSessionMappedView, Type: EAT modification 0x80684094-->805053E8 [ntoskrnl.exe]
ntoskrnl.exe-->MmCreateMdl, Type: EAT modification 0x80684098-->804FAA38 [ntoskrnl.exe]
ntoskrnl.exe-->MmCreateSection, Type: EAT modification 0x8068409C-->804E1CC0 [ntoskrnl.exe]
ntoskrnl.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x806840A0-->804FAC31 [ntoskrnl.exe]
ntoskrnl.exe-->MmFlushImageSection, Type: EAT modification 0x806840A4-->804F710E [ntoskrnl.exe]
ntoskrnl.exe-->MmForceSectionClosed, Type: EAT modification 0x806840A8-->80500F48 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeContiguousMemory, Type: EAT modification 0x806840AC-->80504F19 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x806840B0-->8053B0C8 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeMappingAddress, Type: EAT modification 0x806840B4-->8062C8DD [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x806840B8-->8062CDBB [ntoskrnl.exe]
ntoskrnl.exe-->MmFreePagesFromMdl, Type: EAT modification 0x806840BC-->8066B0FF [ntoskrnl.exe]
ntoskrnl.exe-->MmGetPhysicalAddress, Type: EAT modification 0x806840C0-->80505086 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x806840C4-->80669CF7 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x806840C8-->805C0E58 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x806840CC-->8053B0E8 [ntoskrnl.exe]
ntoskrnl.exe-->MmGrowKernelStack, Type: EAT modification 0x806840D0-->804FA101 [ntoskrnl.exe]
ntoskrnl.exe-->MmHighestUserAddress, Type: EAT modification 0x806840D4-->80567EDC [ntoskrnl.exe]
ntoskrnl.exe-->MmIsAddressValid, Type: EAT modification 0x806840D8-->804E1F76 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsDriverVerifying, Type: Inline - PushRet 0x8050BD9C-->C7470010 [unknown_code_page]
ntoskrnl.exe-->MmIsDriverVerifying, Type: EAT modification 0x806840DC-->8050E225 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x806840E0-->8053CF57 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsRecursiveIoFault, Type: Inline - RelativeJump 0x80536CD3-->80536CE1 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x806840E4-->8053B195 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x806840E8-->80509675 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsVerifierEnabled, Type: EAT modification 0x806840EC-->805B84D1 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableDataSection, Type: EAT modification 0x806840F0-->805E7DA9 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableImageSection, Type: EAT modification 0x806840F4-->805E7DA9 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x806840F8-->805E09D2 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapIoSpace, Type: EAT modification 0x806840FC-->8050B5CA [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPages, Type: EAT modification 0x80684100-->804F97B4 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x80684104-->804EDF4C [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x80684108-->8053A6E9 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x8068410C-->8053B1BB [ntoskrnl.exe]
ntoskrnl.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x80684110-->8066B226 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapVideoDisplay, Type: EAT modification 0x80684114-->805C5993 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x80684118-->805E3103 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x8068411C-->8062D687 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewOfSection, Type: EAT modification 0x80684120-->8057A468 [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x80684124-->8062B9AB [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsGood, Type: Inline - RelativeJump 0x8066222D-->80662217 [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x80684128-->80669B6D [ntoskrnl.exe]
ntoskrnl.exe-->MmPageEntireDriver, Type: EAT modification 0x8068412C-->805DC76C [ntoskrnl.exe]
ntoskrnl.exe-->MmPrefetchPages, Type: EAT modification 0x80684130-->8059AB16 [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockPages, Type: EAT modification 0x80684134-->804F6BFF [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x80684138-->8062CE16 [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x8068413C-->8050863E [ntoskrnl.exe]
ntoskrnl.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x80684140-->8053AD4F [ntoskrnl.exe]
ntoskrnl.exe-->MmQuerySystemSize, Type: EAT modification 0x80684144-->8050896A [ntoskrnl.exe]
ntoskrnl.exe-->MmRemovePhysicalMemory, Type: Inline - RelativeJump 0x80623B43-->80623B51 [ntoskrnl.exe]
ntoskrnl.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x80684148-->8062B9CF [ntoskrnl.exe]
ntoskrnl.exe-->MmResetDriverPaging, Type: EAT modification 0x8068414C-->805DC83F [ntoskrnl.exe]
ntoskrnl.exe-->MmSectionObjectType, Type: EAT modification 0x80684150-->80567C40 [ntoskrnl.exe]
ntoskrnl.exe-->MmSecureVirtualMemory, Type: EAT modification 0x80684154-->80571DB6 [ntoskrnl.exe]
ntoskrnl.exe-->MmSetAddressRangeModified, Type: EAT modification 0x80684158-->804EF03B [ntoskrnl.exe]
ntoskrnl.exe-->MmSetBankedSection, Type: EAT modification 0x8068415C-->8062C991 [ntoskrnl.exe]
ntoskrnl.exe-->MmSizeOfMdl, Type: Inline - RelativeCall 0x804F7F4D-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe-->MmSizeOfMdl, Type: EAT modification 0x80684160-->804FACC1 [ntoskrnl.exe]
ntoskrnl.exe-->MmSystemRangeStart, Type: EAT modification 0x80684164-->80567ED8 [ntoskrnl.exe]
ntoskrnl.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x80684168-->8053DBAF [ntoskrnl.exe]
ntoskrnl.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x8068416C-->8051A1AB [ntoskrnl.exe]
ntoskrnl.exe-->MmUnlockPages, Type: EAT modification 0x80684170-->804F6EB5 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapIoSpace, Type: EAT modification 0x80684174-->8050B721 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapLockedPages, Type: EAT modification 0x80684178-->804EE0B8 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapReservedMapping, Type: EAT modification 0x8068417C-->8053A9B6 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x80684180-->805C59B2 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x80684184-->805E2E4C [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x80684188-->8062D6B4 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewOfSection, Type: EAT modification 0x8068418C-->8057C697 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x80684190-->80571D9E [ntoskrnl.exe]
ntoskrnl.exe-->MmUserProbeAddress, Type: EAT modification 0x80684194-->80567ED4 [ntoskrnl.exe]
ntoskrnl.exe-->NlsAnsiCodePage, Type: EAT modification 0x80684198-->8069A4F0 [ntoskrnl.exe]
ntoskrnl.exe-->NlsLeadByteInfo, Type: EAT modification 0x8068419C-->8056C4BC [ntoskrnl.exe]
ntoskrnl.exe-->NlsMbCodePageTag, Type: EAT modification 0x806841A0-->8069A508 [ntoskrnl.exe]
ntoskrnl.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x806841A4-->8069A720 [ntoskrnl.exe]
ntoskrnl.exe-->NlsOemCodePage, Type: EAT modification 0x806841A8-->8069A4F4 [ntoskrnl.exe]
ntoskrnl.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x806841AC-->8056C4C0 [ntoskrnl.exe]
ntoskrnl.exe-->NtAddAtom, Type: EAT modification 0x806841B0-->8057FA34 [ntoskrnl.exe]
ntoskrnl.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x806841B4-->80589C03 [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x806841B8-->805E28DD [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateUuids, Type: EAT modification 0x806841BC-->805DE611 [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x806841C0-->80570BC5 [ntoskrnl.exe]
ntoskrnl.exe-->NtBuildNumber, Type: EAT modification 0x806841C4-->805530E8 [ntoskrnl.exe]
ntoskrnl.exe-->NtCallbackReturn, Type: Inline - RelativeJump 0x804E2CD2-->804E2D17 [ntoskrnl.exe]
ntoskrnl.exe-->NtClearEvent, Type: Inline - RelativeJump 0x80569682-->80569689 [ntoskrnl.exe]
ntoskrnl.exe-->NtClose, Type: EAT modification 0x806841C8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe-->NtConnectPort, Type: EAT modification 0x806841CC-->80584D73 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateEvent, Type: EAT modification 0x806841D0-->805744F6 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: EAT modification 0x806841D4-->80573DFB [ntoskrnl.exe]
ntoskrnl.exe-->NtCreatePort, Type: Inline - RelativeCall 0x80597611-->8056C3D1 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSection, Type: EAT modification 0x806841D8-->8056DB66 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSemaphore, Type: Inline - RelativeJump 0x80572631-->805726BD [ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteAtom, Type: EAT modification 0x806841DC-->8058771C [ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteFile, Type: EAT modification 0x806841E0-->805DB33C [ntoskrnl.exe]
ntoskrnl.exe-->NtDeviceIoControlFile, Type: EAT modification 0x806841E4-->8058D747 [ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateObject, Type: EAT modification 0x806841E8-->8057EDE5 [ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateToken, Type: EAT modification 0x806841EC-->8058C373 [ntoskrnl.exe]
ntoskrnl.exe-->NtFindAtom, Type: EAT modification 0x806841F0-->805E480C [ntoskrnl.exe]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: EAT modification 0x806841F4-->805710BF [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Inline - RelativeJump 0x8057AC9C-->8057B57D [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Inline - RelativeJump 0x8057ACA4-->80579755 [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: EAT modification 0x806841F8-->8058274A [ntoskrnl.exe]
ntoskrnl.exe-->NtGlobalFlag, Type: EAT modification 0x806841FC-->805607EC [ntoskrnl.exe]
ntoskrnl.exe-->NtInitializeRegistry, Type: Inline - RelativeJump 0x805A80EA-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe-->NtInitiatePowerAction, Type: Inline - RelativeJump 0x8062C2AC-->8062C2B2 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockFile, Type: EAT modification 0x80684200-->80587AE9 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Inline - RelativeJump 0x805D0F98-->805A8085 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Inline - RelativeJump 0x805D0FA1-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe-->NtMakePermanentObject, Type: EAT modification 0x80684204-->805E7AE2 [ntoskrnl.exe]
ntoskrnl.exe-->NtMapViewOfSection, Type: EAT modification 0x80684208-->8057A879 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x8068420C-->80587D80 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeCall 0x8058EAA0-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x8058EAA9-->80574322 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x8058EAAE-->80599DFC [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeCall 0x8058EB69-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeJump 0x8058EB72-->8057F2BF [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeJump 0x8058EB77-->805AFC1C [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenEventPair, Type: Inline - RelativeJump 0x8064957F-->80649536 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenFile, Type: EAT modification 0x80684210-->80579CF1 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Inline - RelativeJump 0x8059540D-->8059678E [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Inline - RelativeJump 0x80595413-->805EA1C3 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcess, Type: EAT modification 0x80684214-->8057F592 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessToken, Type: EAT modification 0x80684218-->80578148 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x8068421C-->8057809F [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThread, Type: EAT modification 0x80684220-->80584849 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadToken, Type: EAT modification 0x80684224-->805746D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x80684228-->805745CF [ntoskrnl.exe]
ntoskrnl.exe-->NtPrivilegedServiceAuditAlarm, Type: Inline - RelativeJump 0x805AA8D4-->805D92D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump 0x8057EC95-->8057EC6B [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: EAT modification 0x8068422C-->8057B814 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEaFile, Type: EAT modification 0x80684230-->8062164C [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEvent, Type: Inline - RelativeJump 0x80589EBC-->80589ECE [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationAtom, Type: EAT modification 0x80684234-->805B065E [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: Inline - RelativeJump 0x80572E51-->80572E42 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: EAT modification 0x80684238-->8057AB98 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: Inline - RelativeJump 0x8056DD1F-->8056DD45 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: EAT modification 0x8068423C-->805747B6 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationThread, Type: EAT modification 0x80684240-->80576860 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationToken, Type: EAT modification 0x80684244-->80576F36 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Inline - PushRet 0x80567344-->9822D25A [unknown_code_page]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Inline - RelativeJump 0x8056734F-->80567359 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPortInformationProcess, Type: Inline - RelativeJump 0x8062D845-->8062D85D [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x80684248-->80621F03 [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySecurityObject, Type: EAT modification 0x8068424C-->805DFD3E [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySymbolicLinkObject, Type: Inline - RelativeJump 0x80589B76-->80589E54 [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemInformation, Type: EAT modification 0x80684250-->8058B41A [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemTime, Type: Inline - RelativeJump 0x8058A5B6-->805EB5D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x80684254-->8057A03C [ntoskrnl.exe]
ntoskrnl.exe-->NtRaiseException, Type: Inline - RelativeJump 0x804E206A-->804E2068 [ntoskrnl.exe]
ntoskrnl.exe-->NtReadFile, Type: EAT modification 0x80684258-->8057495D [ntoskrnl.exe]
ntoskrnl.exe-->NtReleaseMutant, Type: Inline - RelativeJump 0x80566490-->80566499 [ntoskrnl.exe]
ntoskrnl.exe-->NtRemoveProcessDebug, Type: Inline - RelativeJump 0x8065B62B-->8065B66E [ntoskrnl.exe]
ntoskrnl.exe-->NtRequestPort, Type: EAT modification 0x8068425C-->805E33BE [ntoskrnl.exe]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x80684260-->8057CD93 [ntoskrnl.exe]
ntoskrnl.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8064F0EC-->8064F0F2 [ntoskrnl.exe]
ntoskrnl.exe-->NtSecureConnectPort, Type: Inline - RelativeJump 0x805888DD-->805E62D4 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetEaFile, Type: EAT modification 0x80684264-->80621B91 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetEvent, Type: EAT modification 0x80684268-->80570634 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Inline - RelativeCall 0x8064988C-->80649352 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Inline - RelativeJump 0x80649892-->80649869 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationFile, Type: EAT modification 0x8068426C-->8058A47C [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationProcess, Type: EAT modification 0x80684270-->80574B1F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationThread, Type: EAT modification 0x80684274-->80576AB3 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x80684278-->80621ED9 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetSecurityObject, Type: EAT modification 0x8068427C-->805DFB3F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeJump 0x80617B1B-->8057275F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeJump 0x80617B25-->80572626 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeCall 0x80617B2A-->80570360 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x80684280-->80622417 [ntoskrnl.exe]
ntoskrnl.exe-->NtShutdownSystem, Type: EAT modification 0x80684284-->8064E8EB [ntoskrnl.exe]
ntoskrnl.exe-->NtSignalAndWaitForSingleObject, Type: Inline - RelativeJump 0x805173A1-->80517452 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateJobObject, Type: Inline - RelativeJump 0x80630579-->806305F6 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA71-->8057B034 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeCall 0x8057BA76-->80573C38 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA7B-->8056D095 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA8B-->8057B9B6 [ntoskrnl.exe]
ntoskrnl.exe-->NtTraceEvent, Type: EAT modification 0x80684288-->805499E0 [ntoskrnl.exe]
ntoskrnl.exe-->NtUnlockFile, Type: EAT modification 0x8068428C-->80587C49 [ntoskrnl.exe]
ntoskrnl.exe-->NtVdmControl, Type: EAT modification 0x80684290-->805B3552 [ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForSingleObject, Type: Inline - PushRet 0x8056618A-->9822CEC6 [unknown_code_page]
ntoskrnl.exe-->NtWaitForSingleObject, Type: EAT modification 0x80684294-->8056DF62 [ntoskrnl.exe]
ntoskrnl.exe-->NtWriteFile, Type: EAT modification 0x80684298-->8058A6FD [ntoskrnl.exe]
ntoskrnl.exe-->ObAssignSecurity, Type: EAT modification 0x8068429C-->80575777 [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckCreateObjectAccess, Type: Inline - RelativeCall 0x8058DD06-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x806842A0-->8058858B [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckObjectAccess, Type: EAT modification 0x806842A4-->8056DD78 [ntoskrnl.exe]
ntoskrnl.exe-->ObCloseHandle, Type: EAT modification 0x806842A8-->80571730 [ntoskrnl.exe]
ntoskrnl.exe-->ObCreateObject, Type: EAT modification 0x806842AC-->8056D525 [ntoskrnl.exe]
ntoskrnl.exe-->ObCreateObjectType, Type: EAT modification 0x806842B0-->805CBC4E [ntoskrnl.exe]
ntoskrnl.exe-->ObDereferenceObject, Type: EAT modification 0x806842B4-->80541089 [ntoskrnl.exe]
ntoskrnl.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x806842B8-->8056D963 [ntoskrnl.exe]
ntoskrnl.exe-->ObfDereferenceObject, Type: EAT modification 0x806836F0-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe-->ObFindHandleForObject, Type: EAT modification 0x806842BC-->805E859F [ntoskrnl.exe]
ntoskrnl.exe-->ObfReferenceObject, Type: EAT modification 0x806836F4-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe-->ObGetObjectSecurity, Type: EAT modification 0x806842C0-->8056C287 [ntoskrnl.exe]
ntoskrnl.exe-->ObInsertObject, Type: EAT modification 0x806842C4-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x806842C8-->80541121 [ntoskrnl.exe]
ntoskrnl.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x806842CC-->805755A8 [ntoskrnl.exe]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: EAT modification 0x806842D0-->805E74E6 [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByName, Type: EAT modification 0x806842D4-->8057010D [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByPointer, Type: Inline - RelativeCall 0x8056DC57-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByPointer, Type: EAT modification 0x806842D8-->80577F90 [ntoskrnl.exe]
ntoskrnl.exe-->ObQueryNameString, Type: EAT modification 0x806842DC-->8058F2D9 [ntoskrnl.exe]
ntoskrnl.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x806842E0-->80589506 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x806842E4-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByName, Type: EAT modification 0x806842E8-->80597466 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x806842EC-->804EA5A1 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x806842F0-->8059DD71 [ntoskrnl.exe]
ntoskrnl.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x806842F4-->8056C241 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetHandleAttributes, Type: EAT modification 0x806842F8-->80595862 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x806842FC-->8059EE92 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x80684300-->805DFBEF [ntoskrnl.exe]
ntoskrnl.exe-->PfxFindPrefix, Type: EAT modification 0x80684304-->80639DD3 [ntoskrnl.exe]
ntoskrnl.exe-->PfxInitialize, Type: EAT modification 0x80684308-->806399CC [ntoskrnl.exe]
ntoskrnl.exe-->PfxInsertPrefix, Type: EAT modification 0x8068430C-->80639CE9 [ntoskrnl.exe]
ntoskrnl.exe-->PfxRemovePrefix, Type: EAT modification 0x80684310-->806399EF [ntoskrnl.exe]
ntoskrnl.exe-->PoCallDriver, Type: EAT modification 0x80684314-->805072A3 [ntoskrnl.exe]
ntoskrnl.exe-->PoCancelDeviceNotify, Type: EAT modification 0x80684318-->805411A0 [ntoskrnl.exe]
ntoskrnl.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x8068431C-->805C5BB2 [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x80684320-->8050565D [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x80684324-->8054169B [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterSystemState, Type: EAT modification 0x80684328-->805192E1 [ntoskrnl.exe]
ntoskrnl.exe-->PoRequestPowerIrp, Type: EAT modification 0x8068432C-->80507355 [ntoskrnl.exe]
ntoskrnl.exe-->PoRequestShutdownEvent, Type: EAT modification 0x80684330-->805B3D76 [ntoskrnl.exe]
ntoskrnl.exe-->PoSetHiberRange, Type: EAT modification 0x80684334-->8066DF9A [ntoskrnl.exe]
ntoskrnl.exe-->PoSetPowerState, Type: EAT modification 0x80684338-->80507E25 [ntoskrnl.exe]
ntoskrnl.exe-->PoSetSystemState, Type: EAT modification 0x8068433C-->8051A4A5 [ntoskrnl.exe]
ntoskrnl.exe-->PoShutdownBugCheck, Type: Inline - RelativeJump 0x8062B429-->8062B413 [ntoskrnl.exe]
ntoskrnl.exe-->PoShutdownBugCheck, Type: EAT modification 0x80684340-->80632E7F [ntoskrnl.exe]
ntoskrnl.exe-->PoStartNextPowerIrp, Type: EAT modification 0x80684344-->80507169 [ntoskrnl.exe]
ntoskrnl.exe-->PoUnregisterSystemState, Type: EAT modification 0x80684348-->80518BBE [ntoskrnl.exe]
ntoskrnl.exe-->ProbeForRead, Type: EAT modification 0x8068434C-->805838BB [ntoskrnl.exe]
ntoskrnl.exe-->ProbeForWrite, Type: EAT modification 0x80684350-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe-->PsAssignImpersonationToken, Type: Inline - RelativeJump 0x80575872-->805D8F3A [ntoskrnl.exe]
ntoskrnl.exe-->PsAssignImpersonationToken, Type: EAT modification 0x80684354-->80580B55 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargePoolQuota, Type: EAT modification 0x80684358-->804F4784 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessNonPagedPoolQuota, Type: Inline - RelativeJump 0x804EB2AB-->804EB4E2 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x8068435C-->804F07EB [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x80684360-->804F6327 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x80684364-->804E8847 [ntoskrnl.exe]
ntoskrnl.exe-->PsCreateSystemProcess, Type: EAT modification 0x80684368-->806357FB [ntoskrnl.exe]
ntoskrnl.exe-->PsCreateSystemThread, Type: EAT modification 0x8068436C-->805762A6 [ntoskrnl.exe]
ntoskrnl.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x80684370-->80635413 [ntoskrnl.exe]
ntoskrnl.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x80684374-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->PsDisableImpersonation, Type: EAT modification 0x80684378-->80584F4A [ntoskrnl.exe]
ntoskrnl.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x8068437C-->805B92EF [ntoskrnl.exe]
ntoskrnl.exe-->PsGetContextThread, Type: EAT modification 0x80684380-->80635837 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcess, Type: EAT modification 0x80684384-->804E5E36 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcessId, Type: EAT modification 0x80684388-->804E6997 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x8068438C-->804EA489 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThread, Type: EAT modification 0x80684390-->804E5DA7 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadId, Type: EAT modification 0x80684394-->804E83EE [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x80684398-->8051917D [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x8068439C-->80542D19 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x806843A0-->80542D30 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobLock, Type: EAT modification 0x806843A4-->80542C23 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobSessionId, Type: EAT modification 0x806843A8-->80542C3C [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x806843AC-->80509627 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x806843B0-->80513374 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessDebugPort, Type: Inline - RelativeJump 0x80502C51-->8051EA6E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessDebugPort, Type: EAT modification 0x806843B4-->80503940 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x806843B8-->80635D17 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitStatus, Type: EAT modification 0x806843BC-->80542C73 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitTime, Type: EAT modification 0x806843C0-->8059DDB6 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessId, Type: EAT modification 0x806843C4-->804FA911 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessImageFileName, Type: EAT modification 0x806843C8-->8051338B [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x806843CC-->804FF78E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessJob, Type: EAT modification 0x806843D0-->804F41F3 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPeb, Type: Inline - RelativeJump 0x804E7413-->804E7427 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPeb, Type: EAT modification 0x806843D4-->804EA4C8 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x806843D8-->80542CBF [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x806843DC-->804FA3E6 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x806843E0-->8059E255 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSessionId, Type: Inline - RelativeJump 0x804FA95D-->804F0B40 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSessionId, Type: EAT modification 0x806843E4-->804FE25E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessWin32Process, Type: EAT modification 0x806843E8-->804E6BCA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x806843EC-->804F41DC [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x806843F0-->804EA180 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: Inline - RelativeCall 0x805082C8-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: Inline - RelativeJump 0x805082CE-->805082AD [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x806843F4-->80508BDA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadId, Type: EAT modification 0x806843F8-->804E7D5F [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadProcess, Type: EAT modification 0x806843FC-->804E8400 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadProcessId, Type: EAT modification 0x80684400-->804E7D48 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadSessionId, Type: EAT modification 0x80684404-->8057D6A9 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadTeb, Type: EAT modification 0x80684408-->804F0A40 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x8068440C-->804E6BCA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetVersion, Type: EAT modification 0x80684410-->80542BB2 [ntoskrnl.exe]
ntoskrnl.exe-->PsImpersonateClient, Type: EAT modification 0x80684414-->80580C82 [ntoskrnl.exe]
ntoskrnl.exe-->PsInitialSystemProcess, Type: EAT modification 0x80684418-->80569754 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x8068441C-->80635CF5 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsSystemThread, Type: EAT modification 0x80684420-->80514E6B [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadImpersonating, Type: EAT modification 0x80684424-->80635D90 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadTerminating, Type: Inline - RelativeJump 0x804E6ED7-->80521FD2 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadTerminating, Type: EAT modification 0x80684428-->804F1725 [ntoskrnl.exe]
ntoskrnl.exe-->PsJobType, Type: EAT modification 0x8068442C-->805696E0 [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x80684430-->8057F50F [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x80684434-->8057CC54 [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x80684438-->8057D6C5 [ntoskrnl.exe]
ntoskrnl.exe-->PsProcessType, Type: EAT modification 0x8068443C-->80569758 [ntoskrnl.exe]
ntoskrnl.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x80684440-->8056C2A5 [ntoskrnl.exe]
ntoskrnl.exe-->PsReferencePrimaryToken, Type: EAT modification 0x80684444-->8056C967 [ntoskrnl.exe]
ntoskrnl.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x80684448-->806355E0 [ntoskrnl.exe]
ntoskrnl.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x8068444C-->80635707 [ntoskrnl.exe]
ntoskrnl.exe-->PsRestoreImpersonation, Type: EAT modification 0x80684450-->8058501F [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnPoolQuota, Type: EAT modification 0x80684454-->804E86F5 [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x80684458-->804F1429 [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x8068445C-->804F60B9 [ntoskrnl.exe]
ntoskrnl.exe-->PsRevertThreadToSelf, Type: EAT modification 0x80684460-->80580BF1 [ntoskrnl.exe]
ntoskrnl.exe-->PsRevertToSelf, Type: EAT modification 0x80684464-->805B1467 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetContextThread, Type: EAT modification 0x80684468-->80635ACF [ntoskrnl.exe]
ntoskrnl.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x8068446C-->8063549F [ntoskrnl.exe]
ntoskrnl.exe-->PsSetCreateThreadNotifyRoutine, Type: EAT modification 0x80684470-->80635577 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x80684474-->80635D3D [ntoskrnl.exe]
ntoskrnl.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x80684478-->805B9406 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x8068447C-->80635695 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x80684480-->80571E63 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x80684484-->80635D5C [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x80684488-->805E6086 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWin32Process, Type: Inline - RelativeJump 0x8057FD2C-->8057FD3A [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWin32Process, Type: EAT modification 0x8068448C-->80592812 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWindowStation, Type: EAT modification 0x80684490-->80592DC5 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadHardErrorsAreDisabled, Type: Inline - RelativeJump 0x805082F3-->805214D1 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x80684494-->80508BF8 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadWin32Thread, Type: Inline - RelativeJump 0x8057BD31-->8057BCFB [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x80684498-->8059583E [ntoskrnl.exe]
ntoskrnl.exe-->PsTerminateSystemThread, Type: EAT modification 0x8068449C-->80583248 [ntoskrnl.exe]
ntoskrnl.exe-->PsThreadType, Type: EAT modification 0x806844A0-->8056975C [ntoskrnl.exe]
ntoskrnl.exe-->qsort, Type: Inline - PushRet 0x8050844F-->90900008 [unknown_code_page]
ntoskrnl.exe-->qsort, Type: EAT modification 0x80684CD0-->8050B1B4 [ntoskrnl.exe]
ntoskrnl.exe-->rand, Type: EAT modification 0x80684CD4-->8054B68A [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x806844A4-->804DA0AA [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806844A8-->804DA0E2 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806844AC-->804DA0C6 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x806844B0-->804DA086 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x806844B4-->804DA09E [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x806844B8-->804DA092 [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x806844BC-->805C1474 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: EAT modification 0x806844C0-->805852BE [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x806844C4-->805B1BD3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAce, Type: EAT modification 0x806844C8-->805D337A [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x806844CC-->80570802 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddRange, Type: EAT modification 0x806844D0-->805C1EFB [ntoskrnl.exe]
ntoskrnl.exe-->RtlAllocateHeap, Type: EAT modification 0x806844D4-->8057D7CA [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x806844D8-->80582233 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeSize, Type: Inline - DirectCall 0x80633AE2-->804D811C [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x806844DC-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x806844E0-->8058DB92 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendAsciizToString, Type: EAT modification 0x806844E4-->8063C09F [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendStringToString, Type: EAT modification 0x806844E8-->805D3077 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x806844EC-->804F7BCC [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendUnicodeToString, Type: EAT modification 0x806844F0-->804F5F19 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAllAccessesGranted, Type: Inline - RelativeJump 0x80566A0F-->80566A19 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x806844F4-->8056EF85 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x806844F8-->8058B2F6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreBitsClear, Type: EAT modification 0x806844FC-->804F8F41 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreBitsSet, Type: EAT modification 0x80684500-->804F9056 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAssert, Type: EAT modification 0x80684504-->805436B0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCaptureContext, Type: EAT modification 0x80684508-->804DC152 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x8068450C-->805436DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlCharToInteger, Type: EAT modification 0x80684510-->8063C903 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCheckRegistryKey, Type: EAT modification 0x80684514-->805B6595 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearAllBits, Type: EAT modification 0x80684518-->80513EB1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearBit, Type: EAT modification 0x8068451C-->80542FE9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearBits, Type: EAT modification 0x80684520-->804EA9A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareMemory, Type: EAT modification 0x80684524-->804E5080 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x80684528-->804E50D0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareString, Type: Inline - RelativeJump 0x80634174-->80634185 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareString, Type: EAT modification 0x8068452C-->8063BFEB [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareUnicodeString, Type: EAT modification 0x80684530-->80574887 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompressBuffer, Type: EAT modification 0x80684534-->80671217 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompressChunks, Type: EAT modification 0x80684538-->8063D447 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x8068453C-->804DBE04 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x80684540-->8058E317 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x80684544-->804DBE0C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyLuid, Type: EAT modification 0x80684548-->805AC48C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyRangeList, Type: Inline - RelativeJump 0x805C3EDE-->805C3EE4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyRangeList, Type: EAT modification 0x8068454C-->805BC474 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopySid, Type: EAT modification 0x80684550-->8056FE2C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyString, Type: EAT modification 0x80684554-->8050D6C1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyUnicodeString, Type: EAT modification 0x80684558-->804F2DB1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateAcl, Type: EAT modification 0x8068455C-->8057545D [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateAtomTable, Type: EAT modification 0x80684560-->805D31B6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateHeap, Type: EAT modification 0x80684564-->805ABBBF [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateRegistryKey, Type: EAT modification 0x80684568-->805B66DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x8068456C-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x80684570-->8063D944 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateUnicodeString, Type: EAT modification 0x80684574-->805CF6E5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x80684578-->80638D96 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressBuffer, Type: Inline - PushRet 0x806352AE-->8139C033 [unknown_code_page]
ntoskrnl.exe-->RtlDecompressBuffer, Type: EAT modification 0x8068457C-->8063D129 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressChunks, Type: EAT modification 0x80684580-->8063D27E [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressFragment, Type: EAT modification 0x80684584-->805DD2DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlDelete, Type: EAT modification 0x80684588-->804F2FC1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteAce, Type: EAT modification 0x8068458C-->805C5CA3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x80684590-->8057D741 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x80684594-->80513757 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x80684598-->804FC1E2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteNoSplay, Type: EAT modification 0x8068459C-->805147B9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x806845A0-->805BC674 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteRange, Type: EAT modification 0x806845A4-->8063A442 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x806845A8-->805C2D41 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDescribeChunk, Type: EAT modification 0x806845AC-->8063D1A1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDestroyAtomTable, Type: EAT modification 0x806845B0-->8063A087 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDestroyHeap, Type: EAT modification 0x806845B4-->8063A7FF [ntoskrnl.exe]
ntoskrnl.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x806845B8-->8063B7C7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEmptyAtomTable, Type: EAT modification 0x806845BC-->8063A149 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x806845C0-->804DBBE3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x806845C4-->804DBBFB [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x806845C8-->804DBBEF [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x806845CC-->80543A17 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x806845D0-->80500A83 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableLikeADirectory, Type: EAT modification 0x806845D4-->80543BEB [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x806845D8-->804FBA9D [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: EAT modification 0x806845DC-->80500AA8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualLuid, Type: EAT modification 0x806845E0-->8063C151 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualSid, Type: EAT modification 0x806845E4-->80573938 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualString, Type: EAT modification 0x806845E8-->8050372A [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualUnicodeString, Type: EAT modification 0x806845EC-->8056C684 [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: EAT modification 0x806845F0-->804DBD08 [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x806845F4-->804DBC1B [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x806845F8-->804DBC78 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFillMemory, Type: EAT modification 0x806845FC-->804E5100 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFillMemoryUlong, Type: EAT modification 0x80684600-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearBits, Type: EAT modification 0x80684604-->804F044D [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x80684608-->804F0AA8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearRuns, Type: EAT modification 0x8068460C-->80503A42 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindFirstRunClear, Type: EAT modification 0x80684610-->80543481 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLastBackwardRunClear, Type: EAT modification 0x80684614-->805035B1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x80684618-->80511437 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLongestRunClear, Type: EAT modification 0x8068461C-->80543329 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindMessage, Type: EAT modification 0x80684620-->805DE2C1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x80684624-->80543388 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x80684628-->80513474 [ntoskrnl.exe]

ntoskrnl.exe-->RtlFindRange, Type: EAT modification 0x8068462C-->805C2338 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindSetBits, Type: EAT modification 0x80684630-->8054305F [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x80684634-->80543447 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x80684638-->805964BE [ntoskrnl.exe]
ntoskrnl.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x8068463C-->8058E485 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeAnsiString, Type: EAT modification 0x80684640-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeHeap, Type: EAT modification 0x80684644-->8057D392 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeOemString, Type: EAT modification 0x80684648-->805E5654 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeRangeList, Type: EAT modification 0x8068464C-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeUnicodeString, Type: EAT modification 0x80684650-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x80684658-->80588A90 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetAce, Type: EAT modification 0x8068465C-->805AEF9A [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetCallersAddress, Type: EAT modification 0x80684660-->804DA198 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x80684664-->80665146 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x80684668-->805B1763 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x8068466C-->8058B3F2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetElementGenericTable, Type: EAT modification 0x80684670-->80543960 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x80684674-->80543ADB [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetFirstRange, Type: EAT modification 0x80684678-->8059DC4A [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x8068467C-->805BBF77 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetNextRange, Type: EAT modification 0x80684680-->8059DBE0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x80684684-->805E3E91 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x80684688-->805BBF35 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: EAT modification 0x8068468C-->805BBF00 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x80684690-->8063DF91 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetVersion, Type: EAT modification 0x80684694-->805D7F67 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGUIDFromString, Type: EAT modification 0x80684654-->805A02D4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlHashUnicodeString, Type: EAT modification 0x80684698-->80589617 [ntoskrnl.exe]
ntoskrnl.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x8068469C-->804FE293 [ntoskrnl.exe]
ntoskrnl.exe-->RtlImageNtHeader, Type: EAT modification 0x806846A0-->804FA366 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitAnsiString, Type: EAT modification 0x806846A4-->804DA26D [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitCodePageTable, Type: EAT modification 0x806846A8-->805CD087 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeBitMap, Type: EAT modification 0x806846B4-->8057BF4E [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeGenericTable, Type: EAT modification 0x806846B8-->80509716 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x806846BC-->804FF7A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeRangeList, Type: EAT modification 0x806846C0-->805CFA97 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeSid, Type: EAT modification 0x806846C4-->80588972 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x806846C8-->805BDBE1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitString, Type: EAT modification 0x806846AC-->804DA235 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitUnicodeString, Type: EAT modification 0x806846B0-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTable, Type: EAT modification 0x806846CC-->804FBB74 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x806846D0-->80519427 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x806846D4-->804FBB35 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x806846D8-->804FBC0B [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x806846DC-->80593C1E [ntoskrnl.exe]
ntoskrnl.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x806846E0-->8063CE0D [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToChar, Type: EAT modification 0x806846E4-->8058F1EF [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToUnicode, Type: EAT modification 0x806846E8-->8058E5C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x806846EC-->8058DCB5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInvertRangeList, Type: EAT modification 0x806846F0-->8063A580 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x806846F4-->8054416D [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x806846F8-->805441BB [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x806846FC-->80544620 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x80684700-->805445C2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x80684704-->80544C33 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x80684708-->80544E47 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x8068470C-->8054555B [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x80684710-->8050BC50 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x80684714-->80543E59 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x80684718-->80544088 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringExW, Type: EAT modification 0x8068471C-->805444CD [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x80684720-->80544262 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x80684724-->805446C8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x80684728-->805449EE [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x8068472C-->805452EA [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x80684730-->80544FE7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x80684734-->80543943 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x80684738-->80506658 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x8068473C-->8063DC9E [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsRangeAvailable, Type: EAT modification 0x80684740-->805C805C [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x80684744-->8063DB5A [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x80684748-->804DBBCF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x8068474C-->804DBDB0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x80684750-->805456DF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x80684754-->804DBDDC [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x80684758-->804DBD60 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x8068475C-->804DBD88 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x80684760-->804DBDF0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthRequiredSid, Type: EAT modification 0x80684764-->80581CA2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x80684768-->805753C9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSid, Type: Inline - RelativeJump 0x8059B50E-->8059B534 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSid, Type: EAT modification 0x8068476C-->805DF5CA [ntoskrnl.exe]
ntoskrnl.exe-->RtlLockBootStatusData, Type: EAT modification 0x80684770-->8063DE28 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x80684774-->8057D5FC [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x80684778-->805137F4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x8068477C-->805152BA [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x80684780-->805137AF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x80684784-->804F5BDE [ntoskrnl.exe]
ntoskrnl.exe-->RtlMapGenericMask, Type: EAT modification 0x80684788-->8056FDCA [ntoskrnl.exe]
ntoskrnl.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x8068478C-->805191D2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMergeRangeLists, Type: EAT modification 0x80684790-->8063A352 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMoveMemory, Type: EAT modification 0x80684794-->804E51C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x80684798-->80571F11 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x8068479C-->805E9A23 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x806847A0-->80639C52 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNtStatusToDosError, Type: EAT modification 0x806847A4-->805835E0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x806847A8-->805173A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberGenericTableElements, Type: EAT modification 0x806847AC-->804FBADF [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x806847B0-->80506621 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberOfClearBits, Type: EAT modification 0x806847B4-->80503664 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberOfSetBits, Type: EAT modification 0x806847B8-->80513D7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x806847BC-->8063BD83 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x806847C0-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x806847C4-->805E37D2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemToUnicodeN, Type: EAT modification 0x806847C8-->805E36C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x806847CC-->805D3109 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x806836F8-->804E5531 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefixString, Type: EAT modification 0x806847D0-->805B6329 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x806847D4-->805E686C [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x806847D8-->8057208F [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryRegistryValues, Type: EAT modification 0x806847DC-->8059B907 [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x806847E0-->805D0463 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRaiseException, Type: EAT modification 0x806847E4-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRandom, Type: EAT modification 0x806847E8-->80591915 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRandomEx, Type: EAT modification 0x806847EC-->8054576F [ntoskrnl.exe]
ntoskrnl.exe-->RtlRealPredecessor, Type: EAT modification 0x806847F0-->805438DF [ntoskrnl.exe]
ntoskrnl.exe-->RtlRealSuccessor, Type: EAT modification 0x806847F4-->804F173E [ntoskrnl.exe]
ntoskrnl.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x806847F8-->80593D1F [ntoskrnl.exe]
ntoskrnl.exe-->RtlReserveChunk, Type: EAT modification 0x806847FC-->8063D20E [ntoskrnl.exe]
ntoskrnl.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x80684800-->80500ECC [ntoskrnl.exe]
ntoskrnl.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x80684804-->8054582C [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x8068480C-->805BEC83 [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x80684808-->80639E8B [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetAllBits, Type: EAT modification 0x80684810-->8050BA7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetBit, Type: EAT modification 0x80684814-->804F0BC5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetBits, Type: EAT modification 0x80684818-->804F03FD [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x8068481C-->80585052 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetGroupSecurityDescriptor, Type: EAT modification 0x80684820-->805D347C [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x80684824-->805DFC36 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x80684828-->805D34C6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x8068482C-->8063D00B [ntoskrnl.exe]
ntoskrnl.exe-->RtlSizeHeap, Type: EAT modification 0x80684830-->8063A8E2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSplay, Type: EAT modification 0x80684834-->804F345D [ntoskrnl.exe]
ntoskrnl.exe-->RtlStringFromGUID, Type: EAT modification 0x80684838-->8059CA05 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x8068483C-->8063C124 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubAuthoritySid, Type: EAT modification 0x80684840-->805DC816 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubtreePredecessor, Type: EAT modification 0x80684844-->804FC4A6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x80684848-->805438A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTestBit, Type: EAT modification 0x8068484C-->8054301F [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x80684850-->80506F79 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x80684854-->8063E0A1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x80684858-->8054586B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x8068485C-->805457E1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToTimeFields, Type: EAT modification 0x80684860-->8050A933 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x80684864-->80545EF7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x80684868-->80545B1A [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x8068486C-->80545C0B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x80684870-->80545A8B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x80684874-->80545CF3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x80684878-->80545ECD [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x8068487C-->80545EE2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x80684880-->80545CA4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUlongByteSwap, Type: EAT modification 0x806836FC-->804DBBAC [ntoskrnl.exe]
ntoskrnl.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x80683700-->804DBBBC [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x80684884-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x80684888-->8058C6CD [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x8068488C-->805899A0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: EAT modification 0x80684890-->805E4C39 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x80684894-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemString, Type: Inline - RelativeCall 0x8059EF9D-->8059EE92 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x80684898-->805E2C84 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x8068489C-->80638F81 [ntoskrnl.exe]



ntoskrnl.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x806848A0-->8058C523 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x806848A4-->805E9B8A [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - PushRet 0x80591F25-->F4A66EE8 [unknown_code_page]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - RelativeCall 0x80591F26-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - RelativeJump 0x80591F2B-->80591F42 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: EAT modification 0x806848A8-->80589725 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnlockBootStatusData, Type: EAT modification 0x806848AC-->8063DF46 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnwind, Type: EAT modification 0x806848B0-->804FD281 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x806848B4-->8056EFB0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x806848B8-->80570494 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x806848BC-->8063BCB9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x806848C0-->8063BE4C [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x806848C4-->805E55AA [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x806848C8-->80639137 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x806848CC-->805D2201 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x806848D0-->805E4F7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpperChar, Type: EAT modification 0x806848D4-->805A3DDB [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpperString, Type: EAT modification 0x806848D8-->805C80F6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUshortByteSwap, Type: EAT modification 0x80683704-->804DBB9C [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x806848DC-->805B1C60 [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x806848E0-->805DD1A3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidSid, Type: EAT modification 0x806848E4-->8057537B [ntoskrnl.exe]
ntoskrnl.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x806848E8-->80509AEC [ntoskrnl.exe]
ntoskrnl.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x806848EC-->80534DE2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlWalkFrameChain, Type: EAT modification 0x806848F0-->80519648 [ntoskrnl.exe]
ntoskrnl.exe-->RtlWriteRegistryValue, Type: EAT modification 0x806848F4-->805B61D7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x80684900-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x80684904-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x80684908-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x8068490C-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroHeap, Type: Inline - RelativeJump 0x806327E7-->80632850 [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroHeap, Type: EAT modification 0x806848F8-->8063A621 [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroMemory, Type: EAT modification 0x806848FC-->804E5190 [ntoskrnl.exe]
ntoskrnl.exe-->SeAccessCheck, Type: EAT modification 0x80684910-->8056C2C7 [ntoskrnl.exe]
ntoskrnl.exe-->SeAppendPrivileges, Type: EAT modification 0x80684914-->8058AF21 [ntoskrnl.exe]
ntoskrnl.exe-->SeAssignSecurity, Type: EAT modification 0x80684918-->805751E4 [ntoskrnl.exe]
ntoskrnl.exe-->SeAssignSecurityEx, Type: EAT modification 0x8068491C-->80640060 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x80684920-->806409AB [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileEvents, Type: EAT modification 0x80684924-->80642051 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x80684928-->80579876 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x8068492C-->80641FCC [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingHardLinkEvents, Type: EAT modification 0x80684930-->806420A9 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x80684934-->80642112 [ntoskrnl.exe]
ntoskrnl.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x80684938-->80581D5F [ntoskrnl.exe]
ntoskrnl.exe-->SeCaptureSubjectContext, Type: EAT modification 0x8068493C-->80573991 [ntoskrnl.exe]
ntoskrnl.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x80684940-->80641A66 [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateAccessState, Type: Inline - DirectCall 0x805641C3-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->SeCreateAccessState, Type: Inline - PushRet 0x805641C5-->982491FE [unknown_code_page]
ntoskrnl.exe-->SeCreateAccessState, Type: EAT modification 0x80684944-->8056CA6B [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateClientSecurity, Type: EAT modification 0x80684948-->80581387 [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x8068494C-->805E60E4 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeassignSecurity, Type: EAT modification 0x80684950-->805884D4 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeleteAccessState, Type: EAT modification 0x80684954-->8056CAC8 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x80684958-->80641AB3 [ntoskrnl.exe]
ntoskrnl.exe-->SeExports, Type: EAT modification 0x8068495C-->8069AD50 [ntoskrnl.exe]
ntoskrnl.exe-->SeFilterToken, Type: EAT modification 0x80684960-->8063FBBC [ntoskrnl.exe]
ntoskrnl.exe-->SeFreePrivileges, Type: Inline - RelativeJump 0x8057844E-->80578485 [ntoskrnl.exe]
ntoskrnl.exe-->SeFreePrivileges, Type: EAT modification 0x80684964-->80581CCE [ntoskrnl.exe]
ntoskrnl.exe-->SeImpersonateClient, Type: EAT modification 0x80684968-->80642926 [ntoskrnl.exe]
ntoskrnl.exe-->SeImpersonateClientEx, Type: EAT modification 0x8068496C-->8058145E [ntoskrnl.exe]
ntoskrnl.exe-->SeLockSubjectContext, Type: EAT modification 0x80684970-->8056C39C [ntoskrnl.exe]
ntoskrnl.exe-->SeMarkLogonSessionForTerminationNotification, Type: EAT modification 0x80684974-->80642D87 [ntoskrnl.exe]
ntoskrnl.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x80684978-->8056DCB2 [ntoskrnl.exe]
ntoskrnl.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x8068497C-->8064236F [ntoskrnl.exe]
ntoskrnl.exe-->SePrivilegeCheck, Type: EAT modification 0x80684980-->805738F5 [ntoskrnl.exe]
ntoskrnl.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x80684984-->8058AE40 [ntoskrnl.exe]
ntoskrnl.exe-->SePublicDefaultDacl, Type: EAT modification 0x80684988-->8069AC50 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x8068498C-->80582C58 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryInformationToken, Type: Inline - PushRet 0x805837CE-->90900008 [unknown_code_page]
ntoskrnl.exe-->SeQueryInformationToken, Type: Inline - RelativeCall 0x805837D1-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryInformationToken, Type: EAT modification 0x80684990-->8058FB61 [ntoskrnl.exe]
ntoskrnl.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x80684994-->805734CB [ntoskrnl.exe]
ntoskrnl.exe-->SeQuerySessionIdToken, Type: EAT modification 0x80684998-->805830D2 [ntoskrnl.exe]
ntoskrnl.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x8068499C-->805D9A0D [ntoskrnl.exe]
ntoskrnl.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x806849A0-->80575533 [ntoskrnl.exe]
ntoskrnl.exe-->SeReleaseSubjectContext, Type: EAT modification 0x806849A4-->8056CA9C [ntoskrnl.exe]
ntoskrnl.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x806849A8-->80579651 [ntoskrnl.exe]
ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x806849AC-->805DFAD7 [ntoskrnl.exe]
ntoskrnl.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x806849B0-->8064308F [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: Inline - RelativeJump 0x80571943-->80571A3F [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: Inline - RelativeJump 0x8057194F-->80571ABA [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x806849B4-->8057898F [ntoskrnl.exe]
ntoskrnl.exe-->SeSystemDefaultDacl, Type: EAT modification 0x806849B8-->8069AC60 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x806849BC-->805811E9 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsAdmin, Type: EAT modification 0x806849C0-->806430DF [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsRestricted, Type: EAT modification 0x806849C4-->8056FD90 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x806849C8-->80592F94 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenObjectType, Type: EAT modification 0x806849CC-->8069AEE0 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenType, Type: EAT modification 0x806849D0-->80573A3F [ntoskrnl.exe]
ntoskrnl.exe-->SeUnlockSubjectContext, Type: EAT modification 0x806849D4-->8056C3D1 [ntoskrnl.exe]
ntoskrnl.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x806849D8-->80642CC0 [ntoskrnl.exe]
ntoskrnl.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x806849DC-->80583CA1 [ntoskrnl.exe]
ntoskrnl.exe-->sprintf, Type: EAT modification 0x80684CD8-->8050621E [ntoskrnl.exe]
ntoskrnl.exe-->srand, Type: EAT modification 0x80684CDC-->8054B671 [ntoskrnl.exe]
ntoskrnl.exe-->strcat, Type: EAT modification 0x80684CE0-->804DB16D [ntoskrnl.exe]
ntoskrnl.exe-->strchr, Type: EAT modification 0x80684CE4-->804E596B [ntoskrnl.exe]
ntoskrnl.exe-->strcmp, Type: EAT modification 0x80684CE8-->804DB253 [ntoskrnl.exe]
ntoskrnl.exe-->strcpy, Type: EAT modification 0x80684CEC-->804DB15D [ntoskrnl.exe]
ntoskrnl.exe-->strlen, Type: Inline - RelativeJump 0x804DA292-->804DA29D [ntoskrnl.exe]
ntoskrnl.exe-->strlen, Type: EAT modification 0x80684CF0-->804DB2D8 [ntoskrnl.exe]
ntoskrnl.exe-->strncat, Type: EAT modification 0x80684CF4-->804DB353 [ntoskrnl.exe]
ntoskrnl.exe-->strncmp, Type: EAT modification 0x80684CF8-->804DB478 [ntoskrnl.exe]
ntoskrnl.exe-->strncpy, Type: EAT modification 0x80684CFC-->804DB4B0 [ntoskrnl.exe]
ntoskrnl.exe-->strrchr, Type: EAT modification 0x80684D00-->804DB5B0 [ntoskrnl.exe]
ntoskrnl.exe-->strspn, Type: EAT modification 0x80684D04-->804DB5D7 [ntoskrnl.exe]
ntoskrnl.exe-->strstr, Type: EAT modification 0x80684D08-->804E58DC [ntoskrnl.exe]
ntoskrnl.exe-->swprintf, Type: EAT modification 0x80684D0C-->804FCA51 [ntoskrnl.exe]
ntoskrnl.exe-->tolower, Type: EAT modification 0x80684D10-->80512529 [ntoskrnl.exe]
ntoskrnl.exe-->toupper, Type: EAT modification 0x80684D14-->80507C85 [ntoskrnl.exe]
ntoskrnl.exe-->towlower, Type: EAT modification 0x80684D18-->8054B75A [ntoskrnl.exe]
ntoskrnl.exe-->towupper, Type: EAT modification 0x80684D1C-->8054B782 [ntoskrnl.exe]
ntoskrnl.exe-->vDbgPrintEx, Type: EAT modification 0x80684D20-->80542F23 [ntoskrnl.exe]
ntoskrnl.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x80684D24-->80501E10 [ntoskrnl.exe]
ntoskrnl.exe-->VerSetConditionMask, Type: EAT modification 0x806849E0-->80509A7D [ntoskrnl.exe]
ntoskrnl.exe-->VfFailDeviceNode, Type: EAT modification 0x806849E4-->805477D3 [ntoskrnl.exe]
ntoskrnl.exe-->VfFailDriver, Type: EAT modification 0x806849E8-->80547857 [ntoskrnl.exe]
ntoskrnl.exe-->VfFailSystemBIOS, Type: EAT modification 0x806849EC-->80547814 [ntoskrnl.exe]
ntoskrnl.exe-->VfIsVerificationEnabled, Type: EAT modification 0x806849F0-->80511626 [ntoskrnl.exe]
ntoskrnl.exe-->vsprintf, Type: Inline - RelativeJump 0x80508277-->80508299 [ntoskrnl.exe]
ntoskrnl.exe-->vsprintf, Type: EAT modification 0x80684D28-->8050B8CA [ntoskrnl.exe]
ntoskrnl.exe-->wcscat, Type: EAT modification 0x80684D2C-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe-->wcschr, Type: EAT modification 0x80684D30-->804FE23A [ntoskrnl.exe]
ntoskrnl.exe-->wcscmp, Type: EAT modification 0x80684D34-->804EA0FD [ntoskrnl.exe]
ntoskrnl.exe-->wcscpy, Type: EAT modification 0x80684D38-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe-->wcscspn, Type: EAT modification 0x80684D3C-->8054B7B8 [ntoskrnl.exe]
ntoskrnl.exe-->wcslen, Type: EAT modification 0x80684D40-->804EA4A9 [ntoskrnl.exe]
ntoskrnl.exe-->wcsncat, Type: EAT modification 0x80684D44-->80509161 [ntoskrnl.exe]
ntoskrnl.exe-->wcsncmp, Type: EAT modification 0x80684D48-->805012EC [ntoskrnl.exe]
ntoskrnl.exe-->wcsncpy, Type: EAT modification 0x80684D4C-->804FC693 [ntoskrnl.exe]
ntoskrnl.exe-->wcsrchr, Type: EAT modification 0x80684D50-->805062C6 [ntoskrnl.exe]
ntoskrnl.exe-->wcsspn, Type: EAT modification 0x80684D54-->8054B828 [ntoskrnl.exe]
ntoskrnl.exe-->wcsstr, Type: EAT modification 0x80684D58-->804FF706 [ntoskrnl.exe]
ntoskrnl.exe-->wcstombs, Type: EAT modification 0x80684D5C-->8054B884 [ntoskrnl.exe]
ntoskrnl.exe-->wctomb, Type: EAT modification 0x80684D60-->80506272 [ntoskrnl.exe]
ntoskrnl.exe-->WmiFlushTrace, Type: EAT modification 0x80684A0C-->8064678F [ntoskrnl.exe]
ntoskrnl.exe-->WmiGetClock, Type: EAT modification 0x80683708-->805490A4 [ntoskrnl.exe]
ntoskrnl.exe-->WmiQueryTrace, Type: EAT modification 0x80684A10-->80645EC3 [ntoskrnl.exe]
ntoskrnl.exe-->WmiQueryTraceInformation, Type: EAT modification 0x80684A14-->8064681C [ntoskrnl.exe]
ntoskrnl.exe-->WmiStartTrace, Type: EAT modification 0x80684A18-->80646CAB [ntoskrnl.exe]
ntoskrnl.exe-->WmiStopTrace, Type: EAT modification 0x80684A1C-->80645EEF [ntoskrnl.exe]
ntoskrnl.exe-->WmiTraceMessage, Type: EAT modification 0x80684A20-->805499B7 [ntoskrnl.exe]
ntoskrnl.exe-->WmiTraceMessageVa, Type: EAT modification 0x80684A24-->805496DB [ntoskrnl.exe]
ntoskrnl.exe-->WmiUpdateTrace, Type: EAT modification 0x80684A28-->8064610C [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x806849F4-->804DA13A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806849F8-->804DA17A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806849FC-->804DA15A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x80684A00-->804DA0FE [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x80684A04-->804DA126 [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x80684A08-->804DA112 [ntoskrnl.exe]
ntoskrnl.exe-->XIPDispatch, Type: EAT modification 0x80684A2C-->8054AF97 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x80684A30-->804E32CA [ntoskrnl.exe]
ntoskrnl.exe-->ZwAddBootEntry, Type: Inline - RelativeJump 0x804DC775-->804DC758 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAddBootEntry, Type: EAT modification 0x80684A34-->804E3356 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x80684A38-->804E337E [ntoskrnl.exe]
ntoskrnl.exe-->ZwAlertThread, Type: EAT modification 0x80684A3C-->804E33A6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x80684A40-->804E33F6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x80684A44-->804E341E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCancelIoFile, Type: EAT modification 0x80684A48-->804E345A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCancelTimer, Type: EAT modification 0x80684A4C-->804E346E [ntoskrnl.exe]
ntoskrnl.exe-->ZwClearEvent, Type: Inline - RelativeJump 0x804DC89F-->804DC91B [ntoskrnl.exe]
ntoskrnl.exe-->ZwClearEvent, Type: EAT modification 0x80684A50-->804E3482 [ntoskrnl.exe]
ntoskrnl.exe-->ZwClose, Type: Inline - RelativeJump 0x804DC8B0-->804DC91C [ntoskrnl.exe]
ntoskrnl.exe-->ZwClose, Type: EAT modification 0x80684A54-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x80684A58-->804E34AA [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: Inline - RelativeCall 0x804DC928-->804EA3B7 [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: Inline - RelativeJump 0x804DC92F-->804DC8D5 [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: EAT modification 0x80684A5C-->804E350E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: Inline - RelativeJump 0x804DC969-->804DCAF2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: Inline - RelativeJump 0x804DC970-->804DCAC9 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x80684A60-->804E354A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateEvent, Type: Inline - RelativeJump 0x804DC97D-->804DCAA4 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateEvent, Type: EAT modification 0x80684A64-->804E355E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateFile, Type: EAT modification 0x80684A68-->804E3586 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateJobObject, Type: EAT modification 0x80684A6C-->804E35AE [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateKey, Type: EAT modification 0x80684A70-->804E35D6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSection, Type: EAT modification 0x80684A74-->804E368A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSymbolicLinkObject, Type: Inline - RelativeJump 0x804DCAD1-->804DC97D [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x80684A78-->804E36B2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateTimer, Type: EAT modification 0x80684A7C-->804E36DA [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteBootEntry, Type: EAT modification 0x80684A80-->804E3766 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteFile, Type: EAT modification 0x80684A84-->804E377A [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteKey, Type: EAT modification 0x80684A88-->804E378E [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteValueKey, Type: EAT modification 0x80684A8C-->804E37B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x80684A90-->804E37CA [ntoskrnl.exe]
ntoskrnl.exe-->ZwDisplayString, Type: Inline - RelativeJump 0x804DCBF8-->804DCC0B [ntoskrnl.exe]
ntoskrnl.exe-->ZwDisplayString, Type: EAT modification 0x80684A94-->804E37DE [ntoskrnl.exe]
ntoskrnl.exe-->ZwDuplicateObject, Type: EAT modification 0x80684A98-->804E37F2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDuplicateToken, Type: EAT modification 0x80684A9C-->804E3806 [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateBootEntries, Type: Inline - RelativeJump 0x804DCC37-->804DCC7A [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x80684AA0-->804E381A [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateKey, Type: EAT modification 0x80684AA4-->804E382E [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateValueKey, Type: Inline - RelativeJump 0x804DCC70-->804DCC77 [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateValueKey, Type: EAT modification 0x80684AA8-->804E3856 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: Inline - RelativeJump 0x804DCCD4-->804DCD5F [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: Inline - RelativeJump 0x804DCCDA-->804DCD56 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: EAT modification 0x80684AAC-->804E38BA [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushKey, Type: Inline - RelativeJump 0x804DCCEB-->804DCD51 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushKey, Type: EAT modification 0x80684AB0-->804E38CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x80684AB4-->804E38E2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFreeVirtualMemory, Type: Inline - RelativeJump 0x804DCD38-->804DCCDE [ntoskrnl.exe]
ntoskrnl.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x80684AB8-->804E391E [ntoskrnl.exe]
ntoskrnl.exe-->ZwFsControlFile, Type: EAT modification 0x80684ABC-->804E3932 [ntoskrnl.exe]
ntoskrnl.exe-->ZwInitiatePowerAction, Type: EAT modification 0x80684AC0-->804E39E6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwIsProcessInJob, Type: EAT modification 0x80684AC4-->804E39FA [ntoskrnl.exe]
ntoskrnl.exe-->ZwLoadDriver, Type: EAT modification 0x80684AC8-->804E3A36 [ntoskrnl.exe]
ntoskrnl.exe-->ZwLoadKey, Type: EAT modification 0x80684ACC-->804E3A4A [ntoskrnl.exe]
ntoskrnl.exe-->ZwMakeTemporaryObject, Type: Inline - RelativeJump 0x804DCEF4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x80684AD0-->804E3AD6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMapViewOfSection, Type: Inline - RelativeJump 0x804DCF30-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMapViewOfSection, Type: EAT modification 0x80684AD4-->804E3B12 [ntoskrnl.exe]
ntoskrnl.exe-->ZwNotifyChangeKey, Type: Inline - RelativeJump 0x804DCF6C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwNotifyChangeKey, Type: EAT modification 0x80684AD8-->804E3B4E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenDirectoryObject, Type: Inline - RelativeJump 0x804DCF94-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x80684ADC-->804E3B76 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenEvent, Type: Inline - RelativeJump 0x804DCFA8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenEvent, Type: EAT modification 0x80684AE0-->804E3B8A [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenFile, Type: Inline - RelativeJump 0x804DCFD0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenFile, Type: EAT modification 0x80684AE4-->804E3BB2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenJobObject, Type: Inline - RelativeJump 0x804DCFF8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenJobObject, Type: EAT modification 0x80684AE8-->804E3BDA [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenKey, Type: Inline - RelativeJump 0x804DD00C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenKey, Type: EAT modification 0x80684AEC-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcess, Type: Inline - RelativeJump 0x804DD048-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcess, Type: EAT modification 0x80684AF0-->804E3C2A [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessToken, Type: Inline - RelativeJump 0x804DD05C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessToken, Type: EAT modification 0x80684AF4-->804E3C3E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessTokenEx, Type: Inline - RelativeJump 0x804DD070-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x80684AF8-->804E3C52 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSection, Type: Inline - RelativeJump 0x804DD084-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSection, Type: EAT modification 0x80684AFC-->804E3C66 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSymbolicLinkObject, Type: Inline - RelativeJump 0x804DD0AC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x80684B00-->804E3C8E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThread, Type: Inline - RelativeJump 0x804DD0C0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThread, Type: EAT modification 0x80684B04-->804E3CA2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadToken, Type: Inline - RelativeJump 0x804DD0D4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadToken, Type: EAT modification 0x80684B08-->804E3CB6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadTokenEx, Type: Inline - RelativeJump 0x804DD0E8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x80684B0C-->804E3CCA [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenTimer, Type: Inline - RelativeJump 0x804DD0FC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenTimer, Type: EAT modification 0x80684B10-->804E3CDE [ntoskrnl.exe]
ntoskrnl.exe-->ZwPowerInformation, Type: Inline - RelativeJump 0x804DD124-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPowerInformation, Type: EAT modification 0x80684B14-->804E3D06 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPulseEvent, Type: Inline - RelativeJump 0x804DD188-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPulseEvent, Type: EAT modification 0x80684B18-->804E3D6A [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootEntryOrder, Type: Inline - RelativeJump 0x804DD1B0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x80684B1C-->804E3D92 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootOptions, Type: Inline - RelativeJump 0x804DD1C4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootOptions, Type: EAT modification 0x80684B20-->804E3DA6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultLocale, Type: Inline - RelativeJump 0x804DD1EC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x80684B24-->804E3DCE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultUILanguage, Type: Inline - RelativeJump 0x804DD200-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultUILanguage, Type: EAT modification

0x80684B28-->804E3DE2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryFile, Type: Inline - RelativeJump 0x804DD214-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x80684B2C-->804E3DF6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryObject, Type: Inline - RelativeJump 0x804DD228-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x80684B30-->804E3E0A [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryEaFile, Type: Inline - RelativeJump 0x804DD23C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryEaFile, Type: EAT modification 0x80684B34-->804E3E1E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryFullAttributesFile, Type: Inline - RelativeJump 0x804DD264-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x80684B38-->804E3E46 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationFile, Type: Inline - RelativeJump 0x804DD28C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationFile, Type: EAT modification 0x80684B3C-->804E3E6E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationJobObject, Type: Inline - RelativeJump 0x804DD2A0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x80684B40-->804E3E82 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationProcess, Type: Inline - RelativeJump 0x804DD2C8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationProcess, Type: EAT modification 0x80684B44-->804E3EAA [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationThread, Type: Inline - RelativeJump 0x804DD2DC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationThread, Type: EAT modification 0x80684B48-->804E3EBE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationToken, Type: Inline - RelativeJump 0x804DD2F0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationToken, Type: EAT modification 0x80684B4C-->804E3ED2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInstallUILanguage, Type: Inline - RelativeJump 0x804DD304-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x80684B50-->804E3EE6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryKey, Type: Inline - RelativeJump 0x804DD340-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryKey, Type: EAT modification 0x80684B54-->804E3F22 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryObject, Type: Inline - RelativeJump 0x804DD37C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryObject, Type: EAT modification 0x80684B58-->804E3F5E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySection, Type: Inline - RelativeJump 0x804DD3CC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySection, Type: EAT modification 0x80684B5C-->804E3FAE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySecurityObject, Type: Inline - RelativeJump 0x804DD3E0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySecurityObject, Type: EAT modification 0x80684B60-->804E3FC2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySymbolicLinkObject, Type: Inline - RelativeJump 0x804DD408-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x80684B64-->804E3FEA [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySystemInformation, Type: Inline - RelativeJump 0x804DD444-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySystemInformation, Type: EAT modification 0x80684B68-->804E4026 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryValueKey, Type: Inline - RelativeJump 0x804DD494-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryValueKey, Type: EAT modification 0x80684B6C-->804E4076 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryVolumeInformationFile, Type: Inline - RelativeJump 0x804DD4BC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x80684B70-->804E409E [ntoskrnl.exe]
ntoskrnl.exe-->ZwReadFile, Type: Inline - RelativeJump 0x804DD50C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwReadFile, Type: EAT modification 0x80684B74-->804E40EE [ntoskrnl.exe]
ntoskrnl.exe-->ZwReplaceKey, Type: Inline - RelativeJump 0x804DD5D4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwReplaceKey, Type: EAT modification 0x80684B78-->804E41B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwRequestWaitReplyPort, Type: Inline - RelativeJump 0x804DD660-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x80684B7C-->804E4242 [ntoskrnl.exe]
ntoskrnl.exe-->ZwResetEvent, Type: EAT modification 0x80684B80-->804E426A [ntoskrnl.exe]
ntoskrnl.exe-->ZwRestoreKey, Type: EAT modification 0x80684B84-->804E4292 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSaveKey, Type: EAT modification 0x80684B88-->804E42CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSaveKeyEx, Type: EAT modification 0x80684B8C-->804E42E2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootEntryOrder, Type: Inline - RelativeJump 0x804DD73C-->804DD841 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x80684B90-->804E431E [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootOptions, Type: Inline - RelativeJump 0x804DD750-->804DD76A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootOptions, Type: EAT modification 0x80684B94-->804E4332 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetDefaultLocale, Type: EAT modification 0x80684B98-->804E4382 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x80684B9C-->804E4396 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetEaFile, Type: EAT modification 0x80684BA0-->804E43AA [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetEvent, Type: EAT modification 0x80684BA4-->804E43BE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationFile, Type: EAT modification 0x80684BA8-->804E4422 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationJobObject, Type: EAT modification 0x80684BAC-->804E4436 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationObject, Type: Inline - RelativeJump 0x804DD87C-->804DEF1A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationObject, Type: EAT modification 0x80684BB0-->804E445E [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationProcess, Type: Inline - RelativeJump 0x804DD890-->804DD870 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationProcess, Type: EAT modification 0x80684BB4-->804E4472 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationThread, Type: EAT modification 0x80684BB8-->804E4486 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSecurityObject, Type: Inline - RelativeJump 0x804DD94C-->804DD682 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSecurityObject, Type: EAT modification 0x80684BBC-->804E4526 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSystemInformation, Type: EAT modification 0x80684BC0-->804E4562 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSystemTime, Type: EAT modification 0x80684BC4-->804E458A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetTimer, Type: Inline - RelativeJump 0x804DD9D0-->804DDA1B [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetTimer, Type: EAT modification 0x80684BC8-->804E45B2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetValueKey, Type: EAT modification 0x80684BCC-->804E45EE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x80684BD0-->804E4602 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTerminateJobObject, Type: EAT modification 0x80684BD4-->804E46A2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTerminateProcess, Type: EAT modification 0x80684BD8-->804E46B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTranslateFilePath, Type: EAT modification 0x80684BDC-->804E4706 [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnloadDriver, Type: EAT modification 0x80684BE0-->804E471A [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnloadKey, Type: EAT modification 0x80684BE4-->804E472E [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x80684BE8-->804E477E [ntoskrnl.exe]
ntoskrnl.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x80684BEC-->804E47BA [ntoskrnl.exe]
ntoskrnl.exe-->ZwWaitForSingleObject, Type: EAT modification 0x80684BF0-->804E47CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwWriteFile, Type: EAT modification 0x80684BF4-->804E480A [ntoskrnl.exe]
ntoskrnl.exe-->ZwYieldExecution, Type: EAT modification 0x80684BF8-->804E485A [ntoskrnl.exe]
ntoskrnl.exe-->_abnormal_termination, Type: EAT modification 0x80684C08-->804E30C4 [ntoskrnl.exe]
ntoskrnl.exe-->_alldiv, Type: EAT modification 0x80684C0C-->804DA42D [ntoskrnl.exe]
ntoskrnl.exe-->_alldvrm, Type: EAT modification 0x80684C10-->804DA4D7 [ntoskrnl.exe]
ntoskrnl.exe-->_allmul, Type: EAT modification 0x80684C14-->804DA5B6 [ntoskrnl.exe]
ntoskrnl.exe-->_alloca_probe, Type: Inline - RelativeJump 0x804D959C-->804D95A2 [ntoskrnl.exe]
ntoskrnl.exe-->_alloca_probe, Type: EAT modification 0x80684C18-->804DA5EA [ntoskrnl.exe]
ntoskrnl.exe-->_allrem, Type: EAT modification 0x80684C1C-->804DA627 [ntoskrnl.exe]
ntoskrnl.exe-->_allshl, Type: EAT modification 0x80684C20-->804DA6DB [ntoskrnl.exe]
ntoskrnl.exe-->_allshr, Type: EAT modification 0x80684C24-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe-->_aulldiv, Type: EAT modification 0x80684C28-->804DA71B [ntoskrnl.exe]
ntoskrnl.exe-->_aulldvrm, Type: EAT modification 0x80684C2C-->804DA783 [ntoskrnl.exe]
ntoskrnl.exe-->_aullrem, Type: EAT modification 0x80684C30-->804DA818 [ntoskrnl.exe]
ntoskrnl.exe-->_aullshr, Type: EAT modification 0x80684C34-->804DA88D [ntoskrnl.exe]
ntoskrnl.exe-->_CIcos, Type: EAT modification 0x80684BFC-->804E5773 [ntoskrnl.exe]
ntoskrnl.exe-->_CIsin, Type: EAT modification 0x80684C00-->804E582C [ntoskrnl.exe]
ntoskrnl.exe-->_CIsqrt, Type: EAT modification 0x80684C04-->804E2BCC [ntoskrnl.exe]
ntoskrnl.exe-->_except_handler2, Type: EAT modification 0x80684C38-->804DA8B4 [ntoskrnl.exe]
ntoskrnl.exe-->_except_handler3, Type: EAT modification 0x80684C3C-->804E2EF8 [ntoskrnl.exe]
ntoskrnl.exe-->_global_unwind2, Type: EAT modification 0x80684C40-->804E2FF9 [ntoskrnl.exe]
ntoskrnl.exe-->_itoa, Type: EAT modification 0x80684C44-->8054B13A [ntoskrnl.exe]
ntoskrnl.exe-->_itow, Type: EAT modification 0x80684C48-->8054B1CA [ntoskrnl.exe]
ntoskrnl.exe-->_local_unwind2, Type: EAT modification 0x80684C4C-->804E3054 [ntoskrnl.exe]
ntoskrnl.exe-->_purecall, Type: EAT modification 0x80684C50-->8054AF1F [ntoskrnl.exe]
ntoskrnl.exe-->_snprintf, Type: EAT modification 0x80684C54-->8050A866 [ntoskrnl.exe]
ntoskrnl.exe-->_snwprintf, Type: EAT modification 0x80684C58-->80515305 [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: Inline - RelativeCall 0x80501B1C-->804E116B [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: Inline - RelativeJump 0x80501B23-->8052200E [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: EAT modification 0x80684C5C-->805198E9 [ntoskrnl.exe]
ntoskrnl.exe-->_strlwr, Type: EAT modification 0x80684C60-->8054B212 [ntoskrnl.exe]
ntoskrnl.exe-->_strnicmp, Type: EAT modification 0x80684C64-->804FBA2E [ntoskrnl.exe]
ntoskrnl.exe-->_strnset, Type: EAT modification 0x80684C68-->804DA962 [ntoskrnl.exe]
ntoskrnl.exe-->_strrev, Type: EAT modification 0x80684C6C-->804DA98B [ntoskrnl.exe]
ntoskrnl.exe-->_strset, Type: EAT modification 0x80684C70-->804DA9BB [ntoskrnl.exe]
ntoskrnl.exe-->_strupr, Type: EAT modification 0x80684C74-->805116E6 [ntoskrnl.exe]
ntoskrnl.exe-->_vsnprintf, Type: EAT modification 0x80684C78-->80501AB8 [ntoskrnl.exe]
ntoskrnl.exe-->_vsnwprintf, Type: EAT modification 0x80684C7C-->8054B274 [ntoskrnl.exe]
ntoskrnl.exe-->_wcsicmp, Type: EAT modification 0x80684C80-->804E8120 [ntoskrnl.exe]
ntoskrnl.exe-->_wcslwr, Type: EAT modification 0x80684C84-->8054B2FA [ntoskrnl.exe]
ntoskrnl.exe-->_wcsnicmp, Type: EAT modification 0x80684C88-->804FC53A [ntoskrnl.exe]
ntoskrnl.exe-->_wcsnset, Type: EAT modification 0x80684C8C-->8054B33C [ntoskrnl.exe]
ntoskrnl.exe-->_wcsrev, Type: EAT modification 0x80684C90-->8054B372 [ntoskrnl.exe]
ntoskrnl.exe-->_wcsupr, Type: EAT modification 0x80684C94-->8050B59C [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB4DDC428-->F795E16D [IPVNMon.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB4DDC454-->F795E0B3 [IPVNMon.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB4DDC460-->F795DBC4 [IPVNMon.sys]
tcpip.sys-->ntoskrnl.exe-->DbgBreakPoint, Type: IAT modification 0xB4DDC574-->804E2A66 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->DbgPrint, Type: IAT modification 0xB4DDC63C-->80501F09 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xB4DDC68C-->80551005 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: IAT modification 0xB4DDC6A8-->804F3C7E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExCreateCallback, Type: IAT modification 0xB4DDC59C-->805BBD83 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xB4DDC4B4-->8054AA43 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExfInterlockedAddUlong, Type: IAT modification 0xB4DDC660-->804E55BC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: IAT modification 0xB4DDC66C-->804E5620 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xB4DDC6A4-->805511E6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xB4DDC4CC-->80508A20 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExIsProcessorFeaturePresent, Type: IAT modification 0xB4DDC4E4-->8050BAB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: IAT modification 0xB4DDC600-->804F9AA0 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExNotifyCallback, Type: IAT modification 0xB4DDC598-->80519120 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xB4DDC4DC-->804E131F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xB4DDC4E0-->804E1343 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xB4DDC654-->804E81D7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xB4DDC5C0-->804EDDB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xB4DDC51C-->80518674 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xB4DDC488-->805A170C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xB4DDC530-->805D2EFF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xB4DDC5EC-->80505760 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xB4DDC4B0-->805D7E64 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xB4DDC518-->804E13B9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xB4DDC65C-->804E17CF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoFileObjectType, Type: IAT modification 0xB4DDC5B8-->80560D58 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xB4DDC668-->804EDE66 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetCurrentProcess, Type: IAT modification 0xB4DDC560-->804E5E36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xB4DDC520-->805E3B29 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xB4DDC4FC-->80579683 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoRaiseInformationalHardError, Type: IAT modification 0xB4DDC69C-->805324C7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xB4DDC658-->804E81BD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoWMIRegistrationControl, Type: IAT modification 0xB4DDC55C-->805A218B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xB4DDC6C0-->8053769F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeCancelTimer, Type: IAT modification 0xB4DDC690-->804E61C5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeClearEvent, Type: IAT modification 0xB4DDC694-->804E5AA4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xB4DDC4B8-->804E14F6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeEnterCriticalRegion, Type: IAT modification 0xB4DDC4A4-->804D95F2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xB4DDC6B8-->804E2427 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xB4DDC6BC-->804E2468 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeDpc, Type: IAT modification 0xB4DDC4C8-->804E7DB8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xB4DDC6A0-->804E7DE6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeMutex, Type: IAT modification 0xB4DDC5D8-->80518BE3 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xB4DDC6AC-->804E2417 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeTimer, Type: IAT modification 0xB4DDC4C4-->804EC4FB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeTimerEx, Type: IAT modification 0xB4DDC564-->804EC513 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeLeaveCriticalRegion, Type: IAT modification 0xB4DDC4A0-->804D9604 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeNumberProcessors, Type: IAT modification 0xB4DDC678-->8055BA60 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQueryInterruptTime, Type: IAT modification 0xB4DDC56C-->804E5C65 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xB4DDC6B4-->804D95AF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQueryTimeIncrement, Type: IAT modification 0xB4DDC4A8-->804E5A3E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeReadStateEvent, Type: IAT modification 0xB4DDC5E8-->804E5DBB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeReleaseMutex, Type: IAT modification 0xB4DDC5E4-->804E8508 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeResetEvent, Type: IAT modification 0xB4DDC650-->804E8525 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xB4DDC4AC-->804E20A9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: IAT modification 0xB4DDC578-->80509693 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetTimerEx, Type: IAT modification 0xB4DDC4C0-->804E210E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xB4DDC6C8-->8055A000 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xB4DDC5E0-->804DC400 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xB4DDC640-->804DADC5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: IAT modification 0xB4DDC6CC-->804EDEBC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: IAT modification 0xB4DDC5DC-->80509675 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmLockPagableDataSection, Type: IAT modification 0xB4DDC680-->805E7DA9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: IAT modification 0xB4DDC4D0-->805E09D2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xB4DDC674-->804F97B4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: IAT modification 0xB4DDC664-->804EDF4C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmProbeAndLockPages, Type: IAT modification 0xB4DDC5BC-->804F6BFF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmQuerySystemSize, Type: IAT modification 0xB4DDC614-->8050896A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmUnlockPagableImageSection, Type: IAT modification 0xB4DDC684-->8051A1AB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmUnlockPages, Type: IAT modification 0xB4DDC5A4-->804F6EB5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObDereferenceSecurityDescriptor, Type: IAT modification 0xB4DDC58C-->8056D963 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xB4DDC524-->804E1930 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xB4DDC5CC-->804DA06B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObGetObjectSecurity, Type: IAT modification 0xB4DDC514-->8056C287 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObLogSecurityDescriptor, Type: IAT modification 0xB4DDC5B0-->805755A8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObReferenceObjectByHandle, Type: IAT modification 0xB4DDC5A0-->8056C559 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObReleaseObjectSecurity, Type: IAT modification 0xB4DDC500-->8056C241 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: IAT modification 0xB4DDC53C-->805DFBEF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ProbeForWrite, Type: IAT modification 0xB4DDC5C8-->8056E89F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->PsGetCurrentProcess, Type: IAT modification 0xB4DDC5D0-->804E5E36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->PsGetCurrentProcessId, Type: IAT modification 0xB4DDC590-->804E6997 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: IAT modification 0xB4DDC4E8-->805852BE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAddAce, Type: IAT modification 0xB4DDC528-->805D337A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: IAT modification 0xB4DDC698-->8058DB92 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xB4DDC648-->804F7BCC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAppendUnicodeToString, Type: IAT modification 0xB4DDC608-->804F5F19 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAreBitsSet, Type: IAT modification 0xB4DDC62C-->804F9056 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlClearAllBits, Type: IAT modification 0xB4DDC620-->80513EB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlClearBits, Type: IAT modification 0xB4DDC630-->804EA9A5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCompareMemory, Type: IAT modification 0xB4DDC688-->804E5080 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCompareUnicodeString, Type: IAT modification 0xB4DDC618-->80574887 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xB4DDC644-->804F2DB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCreateAcl, Type: IAT modification 0xB4DDC4EC-->8057545D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: IAT modification 0xB4DDC510-->8056FC49 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: IAT modification 0xB4DDC568-->804DBD08 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlExtendedMagicDivide, Type: IAT modification 0xB4DDC604-->804DBC78 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlFindClearBitsAndSet, Type: IAT modification 0xB4DDC634-->804F0AA8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlFindClearRuns, Type: IAT modification 0xB4DDC638-->80503A42 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetAce, Type: IAT modification 0xB4DDC52C-->805AEF9A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: IAT modification 0xB4DDC550-->805B1763 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: IAT modification 0xB4DDC548-->805BBF77 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: IAT modification 0xB4DDC54C-->805BBF35 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: IAT modification 0xB4DDC544-->805BBF00 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitializeBitMap, Type: IAT modification 0xB4DDC61C-->8057BF4E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitializeSid, Type: IAT modification 0xB4DDC534-->80588972 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xB4DDC670-->804DA2A5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlIpv4StringToAddressW, Type: IAT modification 0xB4DDC5F8-->8050BC50 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthRequiredSid, Type: IAT modification 0xB4DDC538-->80581CA2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: IAT modification 0xB4DDC508-->805753C9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthSid, Type: IAT modification 0xB4DDC4F0-->805DF5CA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlMapGenericMask, Type: IAT modification 0xB4DDC4F8-->8056FDCA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlPrefetchMemoryNonTemporal, Type: IAT modification 0xB4DDC5D4-->804E5531 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->absoƖute, Type: IAT modification 0xB4DDC540-->805BEC83 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetBit, Type: IAT modification 0xB4DDC57C-->804F0BC5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetBits, Type: IAT modification 0xB4DDC624-->804F03FD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: IAT modification 0xB4DDC50C-->80585052 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSubAuthoritySid, Type: IAT modification 0xB4DDC6C4-->805DC816 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlTimeToTimeFields, Type: IAT modification 0xB4DDC5FC-->8050A933 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: IAT modification 0xB4DDC67C-->8058C6CD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: IAT modification 0xB4DDC5F4-->805E4C39 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlVerifyVersionInfo, Type: IAT modification 0xB4DDC554-->80509AEC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlWalkFrameChain, Type: IAT modification 0xB4DDC594-->80519648 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xB4DDC584-->8056C2C7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAppendPrivileges, Type: IAT modification 0xB4DDC5AC-->8058AF21 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAssignSecurity, Type: IAT modification 0xB4DDC5B4-->805751E4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xB4DDC4F4-->8069AD50 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeFreePrivileges, Type: IAT modification 0xB4DDC5A8-->80581CCE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xB4DDC588-->8056C39C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: IAT modification 0xB4DDC504-->805DFAD7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xB4DDC580-->8056C3D1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->VerSetConditionMask, Type: IAT modification 0xB4DDC558-->80509A7D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcschr, Type: IAT modification 0xB4DDC498-->804FE23A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcscpy, Type: IAT modification 0xB4DDC490-->804F36E9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xB4DDC628-->804EA4A9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcsncpy, Type: IAT modification 0xB4DDC494-->804FC693 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xB4DDC60C-->804E3496 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwCreateFile, Type: IAT modification 0xB4DDC6D4-->804E3586 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwDeviceIoControlFile, Type: IAT modification 0xB4DDC6D0-->804E37CA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwEnumerateValueKey, Type: IAT modification 0xB4DDC5F0-->804E3856 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwLoadDriver, Type: IAT modification 0xB4DDC64C-->804E3A36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xB4DDC4BC-->804E3BEE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwQueryValueKey, Type: IAT modification 0xB4DDC4D4-->804E4076 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwSetInformationThread, Type: IAT modification 0xB4DDC49C-->804E4486 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwSetValueKey, Type: IAT modification 0xB4DDC4D8-->804E45EE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xB4DDC6B0-->804DA42D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xB4DDC610-->804DA5B6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_aulldiv, Type: IAT modification 0xB4DDC570-->804DA71B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xB4DDC5C4-->804E2EF8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_wcsicmp, Type: IAT modification 0xB4DDC48C-->804E8120 [ntoskrnl.exe]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF758CB4C-->F795E16D [IPVNMon.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF758CB3C-->F795E0B3 [IPVNMon.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF758CB28-->F795DBC4 [IPVNMon.sys]
wanarp.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xF758CBF0-->80551005 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xF758CB84-->8054AA43 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xF758CBF8-->805511E6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xF758CB7C-->80508A20 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xF758CBE0-->804DA3FC [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xF758CBC8-->804E131F [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xF758CBC4-->804E1343 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xF758CB78-->804E81D7 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xF758CBB0-->80518674 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xF758CC08-->805A170C [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xF758CBBC-->805D2EFF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xF758CB80-->80505760 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xF758CBC0-->805D7E64 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xF758CBB4-->804E13B9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xF758CB70-->804E17CF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xF758CBD0-->804EDE66 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xF758CBA4-->805E3B29 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xF758CB74-->804E81BD [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xF758CB9C-->8053769F [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xF758CBB8-->804E14F6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xF758CBFC-->804E2427 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xF758CC00-->804E2468 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xF758CBE4-->804E7DE6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xF758CBF4-->804E2417 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xF758CC0C-->804D95AF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xF758CBEC-->804E20A9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xF758CB98-->8055A000 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xF758CBE8-->804DC400 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xF758CBCC-->804F97B4 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xF758CBAC-->804E1930 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xF758CBA8-->804DA06B [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xF758CB8C-->804F7BCC [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xF758CB90-->804F2DB1 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xF758CBD8-->804DA2A5 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: IAT modification 0xF758CBD4-->80570494 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->swprintf, Type: IAT modification 0xF758CB94-->804FCA51 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xF758CBDC-->804EA4A9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xF758CB88-->804E3496 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xF758CBA0-->804E3BEE [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xF758CC04-->804DA42D [ntoskrnl.exe]
[1252]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1252]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[208]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[208]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[208]explorer.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001228-->00000000 [iphook32.dll]
[208]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[208]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[208]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[208]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[208]explorer.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7C9C1488-->00000000 [iphook32.dll]
[208]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[208]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [iphook32.dll]
[208]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

WOW I hope you really wanted all of that..... The computer is working much better. I now get an error message "Generic Host Process for Win32 Services"

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 04.09.10 by jpshortstuff
Log created at 21:24 on 10/12/2010 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [22:21 10/09/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a---- 96512 bytes [14:52 11/04/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 96512 bytes [13:00 03/09/2002] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-= EOF =-

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\ERDNT\cache\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\ServicePackFiles\i386\atapi.sys

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-12-11.01 - Owner 12/11/2010 10:16:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.816 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\kb.dll

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\ERDNT\cache\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 06:02 . 2010-12-11 06:02 -------- d-----w- c:\program files\Common Files\Java
2010-12-11 06:02 . 2010-09-15 12:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-10 03:07 . 2010-12-10 03:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-12-10 03:07 . 2010-12-10 03:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-12-10 02:56 . 2010-12-10 02:56 -------- d-----w- c:\program files\7-Zip
2010-12-07 03:18 . 2010-12-08 15:29 0 ----a-w- c:\windows\Kyuya.bin
2010-12-07 03:18 . 2010-12-07 03:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 23:30 . 2010-11-02 02:00 155567790 ----a-w- C:\cookn9-42994.exe
2010-09-18 19:23 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 13:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 10:29 . 2010-04-10 16:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_14.52.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 06:51 . 2007-11-07 06:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 06:51 . 2007-11-07 06:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 09:07 . 2009-07-12 09:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 09:19 . 2009-07-12 09:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-12-11 18:13 . 2010-12-11 18:13 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2002-09-03 13:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2002-09-03 13:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2010-12-11 06:09 . 2009-01-10 00:18 27136 c:\windows\system32\ReinstallBackups\0018\DriverFiles\RimSerial.sys
+ 2010-03-31 07:16 . 2010-03-31 07:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 1980-01-01 00:00 . 2010-12-11 06:10 71732 c:\windows\system32\perfc009.dat
- 1980-01-01 00:00 . 2010-03-16 03:19 71732 c:\windows\system32\perfc009.dat
+ 2009-11-07 08:07 . 2009-11-07 08:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 05:17 . 2009-11-06 05:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2002-09-03 13:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2002-09-03 13:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2010-07-14 22:14 . 2010-04-20 03:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-14 22:14 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2009-06-22 00:42 . 2010-04-20 03:47 41984 c:\windows\system32\drivers\usbaapl.sys
+ 2010-05-18 23:35 . 2010-05-18 23:35 91424 c:\windows\system32\dnssd.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2002-09-03 13:00 . 2004-08-04 05:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2002-09-03 13:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2002-09-03 13:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 01:19 . 2003-02-21 01:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-10-16 09:54 . 2010-10-16 09:54 21504 c:\windows\Installer\a31e39b.msi
+ 2010-08-01 20:46 . 2010-08-01 20:46 38400 c:\windows\Installer\19a2912a.msi
+ 2010-05-13 12:54 . 2010-05-13 12:54 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 69632 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-08-01 20:47 . 2010-09-29 10:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2010-04-16 00:54 . 2010-04-16 00:54 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-10-06 10:02 . 2010-10-06 10:02 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e4fb287c\System.Drawing.Design.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_74c68084\CustomMarshalers.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 10:16 . 2010-08-12 10:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 10:15 . 2010-08-12 10:15 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 10:21 . 2010-08-12 10:21 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 10:02 . 2008-04-14 00:11 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-05-26 10:00 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 10:00 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 10:14 . 2008-04-14 00:11 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-04-14 04:50 . 2008-04-14 00:11 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-09-15 10:08 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-10-14 10:07 . 2008-04-14 00:12 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-09-29 10:01 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-29 10:01 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-08-11 23:51 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-15 04:37 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-15 17:43 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
- 2004-04-01 04:15 . 2010-03-10 11:00 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-10-06 10:05 . 2010-10-06 10:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-14 10:16 . 2009-10-14 10:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-15 10:07 . 2008-05-03 11:55 2560

c:\windows\$NtUninstallKB982802$\xpsp4res.dll
+ 2010-10-14 10:02 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-14 10:07 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2010-10-14 04:54 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2002-09-03 13:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2002-09-03 13:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2002-09-03 13:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
- 2002-09-03 13:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2002-09-03 13:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2002-09-03 13:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2002-09-03 13:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2002-09-03 13:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2004-04-15 19:08 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2010-03-31 07:10 . 2010-03-31 07:10 295264 c:\windows\system32\PresentationHost.exe
+ 1980-01-01 00:00 . 2010-12-11 06:10 442466 c:\windows\system32\perfh009.dat
- 1980-01-01 00:00 . 2010-03-16 03:19 442466 c:\windows\system32\perfh009.dat
+ 2009-11-07 08:07 . 2009-11-07 08:07 297808 c:\windows\system32\mscoree.dll
- 2004-02-22 08:11 . 2004-08-04 07:56 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-02-22 08:11 . 2010-04-05 18:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-12-11 06:02 . 2010-09-15 12:50 153376 c:\windows\system32\javaws.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 153376 c:\windows\system32\javaws.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 145184 c:\windows\system32\javaw.exe
+ 2010-12-11 06:02 . 2010-09-15 12:50 145184 c:\windows\system32\javaw.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 145184 c:\windows\system32\java.exe
+ 2010-12-11 06:02 . 2010-09-15 12:50 145184 c:\windows\system32\java.exe
+ 2004-06-07 21:19 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2004-02-21 22:08 . 2010-10-14 10:24 247904 c:\windows\system32\FNTCACHE.DAT
- 2004-02-21 22:08 . 2009-11-11 11:20 247904 c:\windows\system32\FNTCACHE.DAT
+ 2002-09-03 13:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2002-09-03 13:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2002-09-03 13:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-05-18 23:35 . 2010-05-18 23:35 107808 c:\windows\system32\dns-sd.exe
+ 2004-08-04 07:56 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 08:32 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-11-11 20:14 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-04-05 18:54 . 2010-04-05 18:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-14 08:13 . 2010-09-18 19:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-14 04:59 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2010-10-14 04:59 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2002-09-03 13:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2008-08-20 14:22 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-07-14 11:48 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-10-14 04:59 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2002-09-03 13:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2002-09-03 13:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2002-09-03 13:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2002-09-03 13:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2004-02-22 04:13 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2004-02-22 04:13 . 2008-04-14 00:12 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
+ 2010-03-31 07:16 . 2010-03-31 07:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 19:22 . 2010-02-09 19:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 06:51 . 2009-08-08 06:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\dcd5792.msp
+ 2010-09-24 04:02 . 2010-09-24 04:02 798208 c:\windows\Installer\34053a5.msp
+ 2010-12-11 06:06 . 2010-12-11 06:06 228352 c:\windows\Installer\320fde3.msi
+ 2010-12-11 06:02 . 2010-12-11 06:02 180224 c:\windows\Installer\320fdde.msi
+ 2010-07-14 22:12 . 2010-07-14 22:12 807424 c:\windows\Installer\17fcaa9.msi
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2010-07-14 22:21 . 2010-07-14 22:21 372736 c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-09-23 02:10 . 2010-09-23 02:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2008-11-11 20:14 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-10-06 10:02 . 2010-10-06 10:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d7078a6e\System.Drawing.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b03bcc04\System.Drawing.Design.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7bf9142d\CustomMarshalers.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 10:20 . 2010-08-12 10:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 10:22 . 2010-08-12 10:22 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-08-12 10:17 . 2010-08-12 10:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 10:22 . 2010-08-12 10:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-10-06 10:09 . 2010-10-06 10:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-08-12 10:17 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys
+ 2010-08-12 10:17 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2010-08-12 10:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-05-26 10:00 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 10:00 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-08-12 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-08-12 10:08 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-04-15 10:35 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-15 10:35 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-15 10:35 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-10 10:20 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-10 10:20 . 2008-04-14 00:09 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-10-14 10:06 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2010-10-14 10:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
+ 2010-10-14 10:06 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2010-04-15 10:45 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-15 10:45 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-10 10:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-10 10:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-06-10 10:15 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-10 10:15 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-04-14 04:50 . 2008-04-14 00:12 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-12 10:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 10:02 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-15 10:22 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-15 10:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-15 10:22 . 2008-04-14 00:11 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-04-15 10:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-15 10:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-09-15 10:08 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-09-15 10:08 . 2004-08-04 07:56 384512 c:\windows\$NtUninstallKB975558_WM8$\mp4sdmod.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2010-10-14 10:08 . 2006-10-14 08:13 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll
+ 2010-10-14 10:08 . 2008-04-14 00:11 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll
+ 2010-10-14 10:08 . 2002-09-03 13:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll
+ 2010-10-14 10:07 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2010-10-14 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2010-10-14 10:02 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys
+ 2010-10-14 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2008-04-14 00:11 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2279986$\atmfd.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-15 10:04 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-15 10:04 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
+ 2010-09-29 10:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-29 10:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-09-15 10:02 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-09-15 10:07 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-08-12 10:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe
+ 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-08-12 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-08-12 10:17 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-08-12 10:17 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-08-11 23:51 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2010-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-08-12 10:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981957\update\updspapi.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981957\update\update.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981957\spuninst.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-09-15 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-09-15 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-08-12 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-15 10:45 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-15 04:37 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-06-10 10:20 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-10 10:20 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-10 10:20 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2010-10-14 10:07 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2010-04-15 10:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-15 10:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-06-10 10:18 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-10 10:18 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-10 10:18 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-10 10:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-10 10:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 10:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-15 10:32 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-15 10:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-10 10:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-10 10:14 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
+ 2010-10-14 10:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe
+ 2010-10-14 04:59 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe
+ 2010-10-14 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe
+ 2010-10-14 04:54 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-09-15 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2010-08-04 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-04 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-14 10:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2279986\update\updspapi.dll
+ 2010-10-14 10:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2279986\update\update.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2279986\spuninst.exe
+ 2010-09-01 11:48 . 2010-09-01 11:48 285824 c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-09-15 10:08 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-15 10:04 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-15 10:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-14 11:48 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2160329\update\update.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2160329\spuninst.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-08-12 10:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe

+ 2010-10-14 04:59 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2002-09-03 13:00 . 2010-04-03 13:39 2377576 c:\windows\system32\WMVCore.dll
+ 2003-09-17 08:25 . 2010-08-25 14:23 5541888 c:\windows\system32\wmp.dll
+ 2002-09-03 13:00 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
+ 2009-06-22 00:42 . 2010-04-20 03:47 3062048 c:\windows\system32\usbaaplrc.dll
+ 2004-07-14 15:40 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-02-22 08:44 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2004-02-22 08:44 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-04-15 19:08 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2002-09-03 13:00 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2002-09-03 13:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2002-09-03 13:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2010-07-14 22:14 . 2010-04-20 03:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-14 22:14 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2002-09-03 13:00 . 2010-04-03 13:39 2377576 c:\windows\system32\dllcache\WMVCore.dll
+ 2003-09-17 08:25 . 2010-08-25 14:23 5541888 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-15 08:31 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 08:31 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 08:31 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-11 20:14 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-11 20:14 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-08-12 09:31 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-12 09:31 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
- 2010-03-10 10:43 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 10:43 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-11-07 08:06 . 2009-11-07 08:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 16:44 . 2010-09-22 16:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 12:32 . 2010-03-23 12:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 06:51 . 2009-08-08 06:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 09:25 . 2010-09-23 09:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 07:43 . 2008-05-28 07:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-08-18 17:19 . 2010-08-18 17:19 8400896 c:\windows\Installer\e726cd5.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\dcd579e.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\dcd579d.msp
+ 2010-01-11 23:35 . 2010-01-11 23:35 4480000 c:\windows\Installer\6045e416.msp
+ 2010-10-05 00:00 . 2010-10-05 00:00 7973888 c:\windows\Installer\48c10bc.msp
+ 2010-02-26 13:09 . 2010-02-26 13:09 8300544 c:\windows\Installer\46af360.msp
+ 2010-08-09 23:44 . 2010-08-09 23:44 3778048 c:\windows\Installer\46699209.msp
+ 2010-08-27 20:36 . 2010-08-27 20:36 2807296 c:\windows\Installer\466991f6.msp
+ 2010-04-16 04:39 . 2010-04-16 04:39 9472000 c:\windows\Installer\3b98dd8.msi
+ 2010-09-23 14:39 . 2010-09-23 14:39 4265472 c:\windows\Installer\340539e.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\320fdc7.msp
+ 2010-12-11 05:57 . 2010-12-11 05:57 3940864 c:\windows\Installer\320fdb4.msi
+ 2010-05-24 20:54 . 2010-05-24 20:54 6704640 c:\windows\Installer\27d4924.msp
+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\192bdf41.msp
+ 2010-06-29 23:01 . 2010-06-29 23:01 8404992 c:\windows\Installer\1856a902.msp
+ 2010-07-14 22:21 . 2010-07-14 22:21 4820480 c:\windows\Installer\17fd336.msi
+ 2010-07-14 22:14 . 2010-07-14 22:14 3089408 c:\windows\Installer\17fcb14.msi
+ 2010-07-14 22:13 . 2010-07-14 22:13 1984000 c:\windows\Installer\17fcae1.msi
+ 2010-09-26 12:59 . 2010-09-26 12:59 1223680 c:\windows\Installer\1765dd43.msi
+ 2010-09-16 11:08 . 2010-09-16 11:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2008-10-15 08:31 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 08:31 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-06 10:02 . 2010-10-06 10:02 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fcfc5ab8\System.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2e76303c\System.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7952d5c4\System.Xml.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_58a5ecf3\System.Xml.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_112292c9\System.Windows.Forms.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_045c9557\System.Windows.Forms.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6f58764e\System.Drawing.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fb280e14\System.Design.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4d98f055\System.Design.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1b9a5f4d\mscorlib.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_14677707\mscorlib.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-06 10:09 . 2010-10-06 10:09 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-21 10:26 . 2009-08-21 10:26 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-06 10:07 . 2010-10-06 10:07 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:04 . 2009-10-14 10:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:04 . 2009-10-14 10:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 10:03 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-10-14 10:03 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB981957$\win32k.sys
+ 2010-08-12 10:15 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-08-12 10:15 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-08-12 10:15 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-08-12 10:15 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-10-14 10:06 . 2008-04-14 00:12 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll
+ 2010-04-15 10:45 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-15 10:45 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-15 10:45 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-15 10:45 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-10 10:18 . 2009-08-14 13:21 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-10 10:15 . 2009-05-20 19:24 2373504 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 10:02 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-10 10:14 . 2009-11-27 17:11 1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-10-14 10:08 . 2008-04-14 00:11 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll
+ 2010-10-14 10:07 . 2009-07-13 17:08 5537792 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
+ 2010-08-04 10:02 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-08-12 10:09 . 2010-05-02 05:22 1851264 c:\windows\$NtUninstallKB2160329$\win32k.sys
+ 2010-08-12 10:14 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-08-11 23:50 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-08-31 13:38 . 2010-08-31 13:38 1861888 c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys
+ 2010-08-11 23:51 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-08-11 23:51 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 14:14 . 2010-04-28 14:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-08-11 23:51 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2010-04-15 04:37 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-15 04:37 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-15 04:37 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-15 04:37 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-06-24 02:14 . 2010-06-24 02:14 1861120 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
+ 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2005-05-11 02:15 . 2010-11-11 11:00 35758536 c:\windows\system32\MRT.exe
+ 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-09-24 21:08 . 2010-09-24 21:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-08-18 17:12 . 2010-08-18 17:12 17516032 c:\windows\Installer\e726cc2.msp
+ 2010-04-02 19:30 . 2010-04-02 19:30 17456640 c:\windows\Installer\dcd57c9.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 14599680 c:\windows\Installer\dcd57ac.msp
+ 2010-04-16 04:34 . 2010-04-16 04:34 17510912 c:\windows\Installer\dcd5787.msp
+ 2010-09-14 10:01 . 2010-09-14 10:01 20303872 c:\windows\Installer\413dda79.msp
+ 2010-09-24 14:08 . 2010-09-24 14:08 17518080 c:\windows\Installer\3405395.msp
+ 2010-12-11 06:08 . 2010-12-11 06:08 24010752 c:\windows\Installer\320fe24.msi
+ 2010-09-29 10:02 . 2010-09-29 10:02 20303872 c:\windows\Installer\2639eb0a.msp
+ 2010-08-01 20:46 . 2010-08-01 20:46 20242432 c:\windows\Installer\19a29130.msp
+ 2010-03-31 08:23 . 2010-03-31 08:23 15638528 c:\windows\Installer\192bdf4d.msp
+ 2010-05-19 20:08 . 2010-05-19 20:08 11408896 c:\windows\Installer\1856a8ef.msp
+ 2010-06-29 06:46 . 2010-06-29 06:46 17512960 c:\windows\Installer\1856a8e5.msp
+ 2010-08-12 10:19 . 2010-08-12 10:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-06 10:08 . 2010-10-06 10:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 10:16 . 2010-08-12 10:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 10:14 . 2010-08-12 10:14 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"User Space Manager"="c:\program files\Intel\LDCM\Bin\USM.exe" [2002-05-02 20563]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-02-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-12 86016]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2005-01-15 385024]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2005-05-09 86016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-3-7 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\LDCM\\BIN\\USM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cook'n9\\Cook'n.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 9:09 PM 64160]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [5/5/2009 5:19 AM 616408]
R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\cismbios.sys [2/21/2004 8:45 PM 9978]
R2 Intel Bootstrap Agent;Intel Bootstrap Agent;c:\program files\Intel\BootStrap Agent\bsa.exe [2/21/2004 8:45 PM 65536]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2/21/2004 8:48 PM 6736]
S2 gupdate1c9a6b15c4c2a8c;Google Update Service (gupdate1c9a6b15c4c2a8c);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 7:35 PM 133104]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 1029456]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:08]

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://fredmeyer.storefront.com/images/global/activex/SFImageUpload1_8.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD600BB-53CAA1 rev.17.07W17 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A263555]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2697b0]; MOV EAX, [0x8a26982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A281AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006d[0x8A285EB0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A284D98]
\Driver\atapi[0x8A2AD030] -> IRP_MJ_CREATE -> 0x8A263555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD600BB-53CAA1______________________17.07W17#4457572d414d4638323133393839_037_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A26339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
Completion time: 2010-12-11 10:41:13
ComboFix-quarantined-files.txt 2010-12-11 18:41
ComboFix2.txt 2010-12-09 04:06
ComboFix3.txt 2010-04-11 14:54
ComboFix4.txt 2009-03-16 15:08

Pre-Run: 8,789,316,608 bytes free
Post-Run: 9,640,254,976 bytes free

- - End Of File - - F8C5F56143F080591179CB359A7274BD

Hmm.

Please run TDSSKiller one more time and post the new log.

How do I do that? I don't think I have ran than yet...

Thanks.

Hello.

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

2010/12/12 06:10:21.0734 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/12 06:10:21.0734 ================================================================================
2010/12/12 06:10:21.0734 SystemInfo:
2010/12/12 06:10:21.0734
2010/12/12 06:10:21.0734 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/12 06:10:21.0734 Product type: Workstation
2010/12/12 06:10:21.0734 ComputerName: GATEWAY-0R10EG5
2010/12/12 06:10:21.0734 UserName: Owner
2010/12/12 06:10:21.0734 Windows directory: C:\WINDOWS
2010/12/12 06:10:21.0734 System windows directory: C:\WINDOWS
2010/12/12 06:10:21.0734 Processor architecture: Intel x86
2010/12/12 06:10:21.0734 Number of processors: 2
2010/12/12 06:10:21.0734 Page size: 0x1000
2010/12/12 06:10:21.0734 Boot type: Normal boot
2010/12/12 06:10:21.0734 ================================================================================
2010/12/12 06:10:22.0187 Initialize success
2010/12/12 06:10:27.0906 ================================================================================
2010/12/12 06:10:27.0921 Scan started
2010/12/12 06:10:27.0921 Mode: Manual;
2010/12/12 06:10:27.0921 ================================================================================
2010/12/12 06:10:29.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/12 06:10:29.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/12 06:10:29.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/12 06:10:29.0796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/12 06:10:30.0015 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/12 06:10:30.0546 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/12 06:10:30.0859 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/12 06:10:31.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/12 06:10:31.0156 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/12 06:10:31.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/12 06:10:31.0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/12 06:10:31.0609 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
2010/12/12 06:10:31.0687 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2010/12/12 06:10:31.0859 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/12 06:10:32.0078 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
2010/12/12 06:10:32.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/12 06:10:32.0468 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/12/12 06:10:32.0500 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/12/12 06:10:32.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/12 06:10:33.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/12 06:10:33.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/12 06:10:33.0421 Cdr4_xp (c1762eb422119f2cf4a32ef72dc2815f) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/12 06:10:33.0546 Cdralw2k (8dc7e0c2c409cb3f3b7fa45fc7ea852a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/12 06:10:33.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/12 06:10:33.0843 cdudf_xp (a664412d09991120e103a6ad9f22ffc8) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/12/12 06:10:34.0140 CiSmBios (6f147c47a818acaea5ab03743e63830f) C:\WINDOWS\system32\drivers\CiSmBios.sys
2010/12/12 06:10:34.0640 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/12 06:10:34.0843 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/12 06:10:35.0000 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/12 06:10:35.0140 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/12 06:10:35.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/12 06:10:35.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/12 06:10:35.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/12 06:10:35.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/12 06:10:36.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/12 06:10:36.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/12 06:10:36.0328 dvd_2K (f5a93af20fc1cecd85cb7d64453015e5) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/12/12 06:10:36.0421 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/12 06:10:36.0546 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/12 06:10:36.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/12 06:10:36.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/12 06:10:36.0953 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/12 06:10:37.0125 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/12 06:10:37.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/12 06:10:37.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/12 06:10:37.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/12 06:10:37.0703 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/12 06:10:37.0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/12 06:10:37.0921 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/12 06:10:38.0109 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/12 06:10:38.0296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/12 06:10:38.0468 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/12 06:10:38.0562 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/12 06:10:38.0640 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/12 06:10:38.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/12 06:10:39.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/12 06:10:39.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/12 06:10:39.0531 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/12 06:10:39.0687 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/12 06:10:39.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/12 06:10:39.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/12 06:10:40.0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/12 06:10:40.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/12 06:10:40.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/12 06:10:40.0578 IPVNMon (0b46016d4df29ff99edb33fadb643cbb) C:\WINDOWS\system32\drivers\IPVNMon.sys
2010/12/12 06:10:40.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/12 06:10:40.0828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/12 06:10:41.0062 itchfltr (51205dab5a3671d3e805f4981aa758b6) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2010/12/12 06:10:41.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/12 06:10:41.0375 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/12 06:10:41.0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/12 06:10:41.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/12 06:10:41.0781 l8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
2010/12/12 06:10:42.0000 Lbd (52320254d74ea11b6f129e7df1016975) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/12 06:10:42.0250 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2010/12/12 06:10:42.0343 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2010/12/12 06:10:42.0500 mmc_2K (c2d1d3d62b22e81297c589bca7de5e66) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/12/12 06:10:42.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/12 06:10:42.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/12 06:10:42.0875 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/12 06:10:43.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/12 06:10:43.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/12 06:10:43.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/12 06:10:43.0453 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/12 06:10:43.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/12 06:10:43.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/12 06:10:44.0000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/12 06:10:44.0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/12 06:10:44.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/12 06:10:44.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/12 06:10:44.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/12 06:10:44.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/12 06:10:44.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/12 06:10:45.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/12 06:10:45.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/12 06:10:45.0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/12 06:10:45.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/12 06:10:45.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/12 06:10:45.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/12 06:10:45.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/12 06:10:46.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/12 06:10:46.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/12 06:10:46.0593 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/12 06:10:46.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/12 06:10:47.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/12 06:10:47.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/12 06:10:47.0375 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/12 06:10:47.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/12 06:10:47.0625 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/12 06:10:47.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/12 06:10:48.0015 PcdrNt (231f133b4a5a04307abd95cac80fd063) C:\WINDOWS\System32\drivers\PcdrNt.sys
2010/12/12 06:10:48.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/12 06:10:48.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/12 06:10:48.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/12 06:10:49.0093 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/12/12 06:10:49.0343 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/12 06:10:49.0531 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/12 06:10:49.0671 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/12 06:10:49.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/12 06:10:49.0984 pwd_2k (d43e18f4c48f469b064b6105daffe5a1) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/12/12 06:10:50.0109 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/12 06:10:50.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/12 06:10:50.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/12 06:10:50.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/12 06:10:50.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/12 06:10:51.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/12 06:10:51.0218 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/12 06:10:51.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/12 06:10:51.0578 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/12 06:10:51.0796 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/12 06:10:51.0921 RioPNP (ace39b5ee46094f8f0c61fa4ceda9f18) C:\WINDOWS\system32\drivers\RioPNP.sys
2010/12/12 06:10:52.0093 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/12 06:10:52.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/12 06:10:52.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/12 06:10:52.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/12 06:10:52.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/12 06:10:53.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/12 06:10:53.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/12 06:10:53.0296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/12 06:10:53.0484 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/12 06:10:53.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/12 06:10:53.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/12 06:10:54.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/12 06:10:54.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/12 06:10:54.0593 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/12 06:10:54.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/12 06:10:54.0906 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/12 06:10:55.0031 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/12 06:10:55.0250 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/12 06:10:55.0390 UdfReadr_xp (38f35f42c149379434c7cac40b974728) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/12/12 06:10:55.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/12 06:10:55.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/12 06:10:55.0953 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/12 06:10:56.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/12 06:10:56.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/12 06:10:56.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/12 06:10:56.0375 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/12 06:10:56.0531 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/12 06:10:56.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/12 06:10:56.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/12 06:10:56.0859 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/12/12 06:10:57.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/12 06:10:57.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/12 06:10:57.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/12 06:10:57.0609 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/12 06:10:57.0828 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/12 06:10:57.0921 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/12 06:10:57.0937 ================================================================================
2010/12/12 06:10:57.0937 Scan finished
2010/12/12 06:10:57.0937 ================================================================================
2010/12/12 06:10:57.0953 Detected object count: 1
2010/12/12 06:11:46.0718 \HardDisk0 - will be cured after reboot
2010/12/12 06:11:46.0718 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=90dc22688c530b4d86bacac376a89050
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-13 03:48:22
# local_time=2010-12-12 07:48:22 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 54876170 54876170 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114157
# found=6
# cleaned=6
# scan_time=15907
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Adobe\plugs\KB296744296.exe.vir a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\dapdr32.dll.vir a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\kb.dll.vir Win32/Bamital.EX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP4\A0001519.exe a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP4\A0001521.dll a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP5\A0002443.dll Win32/Bamital.EX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?

Done! Yes it seems to be working better now. Thank you!!!

Is there anything else I should Do?

I am using windows internet explore 8. Should I swith to Google Chrome?

Yes, I highly recommend Chrome.

Thanks for all of your help!