Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Wed 08 Dec 2010, 3:14 pm

First topic message reminder :

I love this web site but I hate when I have to use it.... I have been here a couple of times and you have helped solve both problems. This time my desktop running Windows XP is down. I think I have a a virus called tr/crypt.zpack.gen. I use AVIRA and the virus keeps popping up and wont go away. I am now getting an error message "critical error damaged hard drive clusters detected. private data is at risk" and the computer locks up. reboot and the same thing...

HELP

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down


Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:46 pm


ntoskrnl.exe+0x000BF768, Type: Inline - RelativeJump 0x80596768-->8059681F [ntoskrnl.exe]
ntoskrnl.exe+0x000BF839, Type: Inline - RelativeJump 0x80596839-->80596718 [ntoskrnl.exe]
ntoskrnl.exe+0x000BF961, Type: Inline - RelativeJump 0x80596961-->8059693B [ntoskrnl.exe]
ntoskrnl.exe+0x000BF9CA, Type: Inline - RelativeJump 0x805969CA-->8059DECF [ntoskrnl.exe]
ntoskrnl.exe+0x000BF9D8, Type: Inline - RelativeJump 0x805969D8-->805E822C [ntoskrnl.exe]
ntoskrnl.exe+0x000BFA83, Type: Inline - RelativeCall 0x80596A83-->8056D525 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFA90, Type: Inline - RelativeJump 0x80596A90-->805F9BBE [ntoskrnl.exe]
ntoskrnl.exe+0x000BFBE8, Type: Inline - RelativeJump 0x80596BE8-->80584D9B [ntoskrnl.exe]
ntoskrnl.exe+0x000BFCD4, Type: Inline - RelativeCall 0x80596CD4-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD0C, Type: Inline - RelativeCall 0x80596D0C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD26, Type: Inline - RelativeJump 0x80596D26-->80596D37 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD3E, Type: Inline - RelativeJump 0x80596D3E-->80596D2F [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD4F, Type: Inline - RelativeJump 0x80596D4F-->805F9C6E [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD55, Type: Inline - RelativeCall 0x80596D55-->80596E4F [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD63, Type: Inline - RelativeJump 0x80596D63-->805F9D17 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD6C, Type: Inline - RelativeJump 0x80596D6C-->805F9CFA [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD7C, Type: Inline - RelativeJump 0x80596D7C-->805F9C95 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFD8C, Type: Inline - RelativeJump 0x80596D8C-->80596DCB [ntoskrnl.exe]
ntoskrnl.exe+0x000BFDE8, Type: Inline - RelativeCall 0x80596DE8-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFDEF, Type: Inline - RelativeJump 0x80596DEF-->80596E39 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFE7A, Type: Inline - RelativeJump 0x80596E7A-->805F9ADC [ntoskrnl.exe]
ntoskrnl.exe+0x000BFEEC, Type: Inline - RelativeJump 0x80596EEC-->80596F0B [ntoskrnl.exe]
ntoskrnl.exe+0x000BFEF9, Type: Inline - PushRet 0x80596EF9-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000BFF35, Type: Inline - RelativeCall 0x80596F35-->804E88F1 [ntoskrnl.exe]
ntoskrnl.exe+0x000BFF78, Type: Inline - RelativeJump 0x80596F78-->80596F92 [ntoskrnl.exe]
ntoskrnl.exe+0x000C027E, Type: Inline - RelativeCall 0x8059727E-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x000C0499, Type: Inline - RelativeJump 0x80597499-->805FEF4F [ntoskrnl.exe]
ntoskrnl.exe+0x000C058B, Type: Inline - RelativeCall 0x8059758B-->80631636 [ntoskrnl.exe]
ntoskrnl.exe+0x000C064D, Type: Inline - RelativeJump 0x8059764D-->8059768E [ntoskrnl.exe]
ntoskrnl.exe+0x000C07AE, Type: Inline - RelativeCall 0x805977AE-->80580297 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0848, Type: Inline - RelativeJump 0x80597848-->8059784C [ntoskrnl.exe]
ntoskrnl.exe+0x000C0852, Type: Inline - DirectCall 0x80597852-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C0858, Type: Inline - RelativeJump 0x80597858-->80597834 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0891, Type: Inline - RelativeJump 0x80597891-->8059789D [ntoskrnl.exe]
ntoskrnl.exe+0x000C0906, Type: Inline - RelativeJump 0x80597906-->80597921 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0919, Type: Inline - RelativeJump 0x80597919-->8059791D [ntoskrnl.exe]
ntoskrnl.exe+0x000C096D, Type: Inline - RelativeJump 0x8059796D-->80619307 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0AD4, Type: Inline - RelativeJump 0x80597AD4-->80597AF6 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0B71, Type: Inline - RelativeJump 0x80597B71-->80618FAB [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DB8, Type: Inline - RelativeJump 0x80597DB8-->80597E7F [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DCB, Type: Inline - RelativeJump 0x80597DCB-->80597D7E [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DD6, Type: Inline - RelativeJump 0x80597DD6-->80597D6B [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DDA, Type: Inline - RelativeCall 0x80597DDA-->805E3DE7 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DE3, Type: Inline - RelativeJump 0x80597DE3-->80597F2F [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DEB, Type: Inline - RelativeCall 0x80597DEB-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x000C0DF3, Type: Inline - PushRet 0x80597DF3-->90900014 [unknown_code_page]
ntoskrnl.exe+0x000C0F5E, Type: Inline - RelativeCall 0x80597F5E-->80597F75 [ntoskrnl.exe]
ntoskrnl.exe+0x000C0F63, Type: Inline - RelativeJump 0x80597F63-->80597DEE [ntoskrnl.exe]
ntoskrnl.exe+0x000C0FA8, Type: Inline - RelativeJump 0x80597FA8-->80598059 [ntoskrnl.exe]
ntoskrnl.exe+0x000C11B5, Type: Inline - RelativeJump 0x805981B5-->805981BF [ntoskrnl.exe]
ntoskrnl.exe+0x000C12B6, Type: Inline - RelativeJump 0x805982B6-->805DC66A [ntoskrnl.exe]
ntoskrnl.exe+0x000C12BC, Type: Inline - RelativeJump 0x805982BC-->80617FF6 [ntoskrnl.exe]
ntoskrnl.exe+0x000C12CE, Type: Inline - RelativeJump 0x805982CE-->805982DB [ntoskrnl.exe]
ntoskrnl.exe+0x000C1503, Type: Inline - RelativeJump 0x80598503-->8059851E [ntoskrnl.exe]
ntoskrnl.exe+0x000C1538, Type: Inline - RelativeJump 0x80598538-->8059866B [ntoskrnl.exe]
ntoskrnl.exe+0x000C1674, Type: Inline - RelativeJump 0x80598674-->8061825D [ntoskrnl.exe]
ntoskrnl.exe+0x000C167C, Type: Inline - RelativeCall 0x8059867C-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x000C1685, Type: Inline - RelativeJump 0x80598685-->8061825D [ntoskrnl.exe]
ntoskrnl.exe+0x000C16CD, Type: Inline - RelativeJump 0x805986CD-->80599A7E [ntoskrnl.exe]
ntoskrnl.exe+0x000C16D7, Type: Inline - RelativeCall 0x805986D7-->80598562 [ntoskrnl.exe]
ntoskrnl.exe+0x000C16DC, Type: Inline - RelativeJump 0x805986DC-->80618246 [ntoskrnl.exe]
ntoskrnl.exe+0x000C19DB, Type: Inline - RelativeJump 0x805989DB-->80598876 [ntoskrnl.exe]
ntoskrnl.exe+0x000C19EC, Type: Inline - RelativeJump 0x805989EC-->80598876 [ntoskrnl.exe]
ntoskrnl.exe+0x000C19F8, Type: Inline - RelativeJump 0x805989F8-->80617602 [ntoskrnl.exe]
ntoskrnl.exe+0x000C1D17, Type: Inline - RelativeCall 0x80598D17-->8058012A [ntoskrnl.exe]
ntoskrnl.exe+0x000C1D1D, Type: Inline - RelativeCall 0x80598D1D-->80598DB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000C1D60, Type: Inline - RelativeJump 0x80598D60-->8061A62C [ntoskrnl.exe]
ntoskrnl.exe+0x000C1D6B, Type: Inline - RelativeCall 0x80598D6B-->80570314 [ntoskrnl.exe]
ntoskrnl.exe+0x000C1E5A, Type: Inline - RelativeCall 0x80598E5A-->8059922A [ntoskrnl.exe]
ntoskrnl.exe+0x000C2032, Type: Inline - RelativeJump 0x80599032-->805D624C [ntoskrnl.exe]
ntoskrnl.exe+0x000C2042, Type: Inline - RelativeJump 0x80599042-->80580145 [ntoskrnl.exe]
ntoskrnl.exe+0x000C204D, Type: Inline - DirectCall 0x8059904D-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C2051, Type: Inline - RelativeJump 0x80599051-->80580145 [ntoskrnl.exe]
ntoskrnl.exe+0x000C205F, Type: Inline - RelativeJump 0x8059905F-->80599134 [ntoskrnl.exe]
ntoskrnl.exe+0x000C20E0, Type: Inline - DirectCall 0x805990E0-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C20E3, Type: Inline - RelativeJump 0x805990E3-->8059884D [ntoskrnl.exe]
ntoskrnl.exe+0x000C213E, Type: Inline - RelativeJump 0x8059913E-->80599170 [ntoskrnl.exe]
ntoskrnl.exe+0x000C214E, Type: Inline - RelativeJump 0x8059914E-->805990A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000C218A, Type: Inline - RelativeCall 0x8059918A-->80597C02 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2190, Type: Inline - RelativeJump 0x80599190-->80597C96 [ntoskrnl.exe]
ntoskrnl.exe+0x000C21BF, Type: Inline - RelativeJump 0x805991BF-->805991E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000C21E3, Type: Inline - RelativeJump 0x805991E3-->8057FE6C [ntoskrnl.exe]
ntoskrnl.exe+0x000C21F1, Type: Inline - RelativeJump 0x805991F1-->8057FED2 [ntoskrnl.exe]
ntoskrnl.exe+0x000C21FB, Type: Inline - RelativeCall 0x805991FB-->8057BF6A [ntoskrnl.exe]
ntoskrnl.exe+0x000C2200, Type: Inline - RelativeJump 0x80599200-->80573236 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2205, Type: Inline - RelativeJump 0x80599205-->8057559E [ntoskrnl.exe]
ntoskrnl.exe+0x000C2210, Type: Inline - RelativeJump 0x80599210-->80586B2A [ntoskrnl.exe]
ntoskrnl.exe+0x000C221C, Type: Inline - DirectCall 0x8059921C-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C2220, Type: Inline - RelativeJump 0x80599220-->80598919 [ntoskrnl.exe]
ntoskrnl.exe+0x000C22F2, Type: Inline - RelativeCall 0x805992F2-->8057316B [ntoskrnl.exe]
ntoskrnl.exe+0x000C267A, Type: Inline - RelativeCall 0x8059967A-->80599586 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2687, Type: Inline - RelativeJump 0x80599687-->8061AF14 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2702, Type: Inline - RelativeJump 0x80599702-->80599718 [ntoskrnl.exe]
ntoskrnl.exe+0x000C271B, Type: Inline - PushRet 0x8059971B-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000C2898, Type: Inline - DirectCall 0x80599898-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C28A0, Type: Inline - DirectCall 0x805998A0-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C28A6, Type: Inline - RelativeJump 0x805998A6-->805993E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2C5C, Type: Inline - RelativeJump 0x80599C5C-->806148F3 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2F8C, Type: Inline - RelativeCall 0x80599F8C-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2FB6, Type: Inline - RelativeCall 0x80599FB6-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2FC8, Type: Inline - RelativeCall 0x80599FC8-->804E7DB8 [ntoskrnl.exe]
ntoskrnl.exe+0x000C2FE0, Type: Inline - RelativeCall 0x80599FE0-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x000C3083, Type: Inline - RelativeJump 0x8059A083-->805E8321 [ntoskrnl.exe]
ntoskrnl.exe+0x000C309A, Type: Inline - RelativeJump 0x8059A09A-->805E8321 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3158, Type: Inline - RelativeJump 0x8059A158-->8059A340 [ntoskrnl.exe]
ntoskrnl.exe+0x000C330E, Type: Inline - RelativeCall 0x8059A30E-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3616, Type: Inline - RelativeJump 0x8059A616-->8059A62B [ntoskrnl.exe]
ntoskrnl.exe+0x000C365C, Type: Inline - RelativeJump 0x8059A65C-->80614746 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3668, Type: Inline - RelativeJump 0x8059A668-->8059A84D [ntoskrnl.exe]
ntoskrnl.exe+0x000C36A0, Type: Inline - RelativeJump 0x8059A6A0-->8059A844 [ntoskrnl.exe]
ntoskrnl.exe+0x000C36AD, Type: Inline - RelativeJump 0x8059A6AD-->8059A844 [ntoskrnl.exe]
ntoskrnl.exe+0x000C36B7, Type: Inline - RelativeJump 0x8059A6B7-->8059A844 [ntoskrnl.exe]
ntoskrnl.exe+0x000C38AA, Type: Inline - RelativeJump 0x8059A8AA-->806148A0 [ntoskrnl.exe]
ntoskrnl.exe+0x000C38B3, Type: Inline - RelativeJump 0x8059A8B3-->806148A0 [ntoskrnl.exe]
ntoskrnl.exe+0x000C38C1, Type: Inline - RelativeJump 0x8059A8C1-->FF570003 [unknown_code_page]
ntoskrnl.exe+0x000C38CE, Type: Inline - RelativeCall 0x8059A8CE-->8059A8F7 [ntoskrnl.exe]
ntoskrnl.exe+0x000C390B, Type: Inline - RelativeJump 0x8059A90B-->8059AAFE [ntoskrnl.exe]
ntoskrnl.exe+0x000C3C24, Type: Inline - RelativeJump 0x8059AC24-->8059ABBB [ntoskrnl.exe]
ntoskrnl.exe+0x000C3C52, Type: Inline - RelativeJump 0x8059AC52-->8059ABC1 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3C5E, Type: Inline - RelativeJump 0x8059AC5E-->8059AC30 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3C66, Type: Inline - RelativeCall 0x8059AC66-->804FA6BF [ntoskrnl.exe]
ntoskrnl.exe+0x000C3C6C, Type: Inline - RelativeJump 0x8059AC6C-->8059ACFB [ntoskrnl.exe]
ntoskrnl.exe+0x000C3C73, Type: Inline - RelativeJump 0x8059AC73-->8059ABB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3CD5, Type: Inline - RelativeCall 0x8059ACD5-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3CDE, Type: Inline - RelativeJump 0x8059ACDE-->805FD1B5 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3CEB, Type: Inline - RelativeJump 0x8059ACEB-->8059AC60 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3E14, Type: Inline - RelativeJump 0x8059AE14-->8059AC73 [ntoskrnl.exe]
ntoskrnl.exe+0x000C3E1D, Type: Inline - RelativeJump 0x8059AE1D-->8059AE2C [ntoskrnl.exe]
ntoskrnl.exe+0x000C3F80, Type: Inline - RelativeJump 0x8059AF80-->8059B3D3 [ntoskrnl.exe]
ntoskrnl.exe+0x000C408E, Type: Inline - RelativeJump 0x8059B08E-->8059B098 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4163, Type: Inline - RelativeJump 0x8059B163-->80614A8A [ntoskrnl.exe]
ntoskrnl.exe+0x000C41C0, Type: Inline - RelativeJump 0x8059B1C0-->80614A94 [ntoskrnl.exe]
ntoskrnl.exe+0x000C428A, Type: Inline - RelativeCall 0x8059B28A-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4299, Type: Inline - PushRet 0x8059B299-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000C44BC, Type: Inline - RelativeJump 0x8059B4BC-->8059B052 [ntoskrnl.exe]
ntoskrnl.exe+0x000C44C1, Type: Inline - RelativeCall 0x8059B4C1-->8059B2A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000C44C7, Type: Inline - RelativeJump 0x8059B4C7-->8059072D [ntoskrnl.exe]
ntoskrnl.exe+0x000C4786, Type: Inline - PushRet 0x8059B786-->FF810008 [unknown_code_page]
ntoskrnl.exe+0x000C49CA, Type: Inline - RelativeCall 0x8059B9CA-->804E4076 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4A1E, Type: Inline - RelativeJump 0x8059BA1E-->8059BA2C [ntoskrnl.exe]
ntoskrnl.exe+0x000C4C3D, Type: Inline - RelativeJump 0x8059BC3D-->805B536F [ntoskrnl.exe]
ntoskrnl.exe+0x000C4DEA, Type: Inline - RelativeJump 0x8059BDEA-->8059BDF0 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F16, Type: Inline - RelativeJump 0x8059BF16-->8059BF1C [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F3E, Type: Inline - RelativeJump 0x8059BF3E-->8059BF44 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F6D, Type: Inline - RelativeJump 0x8059BF6D-->8059BF76 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F72, Type: Inline - RelativeJump 0x8059BF72-->8059BF78 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F74, Type: Inline - RelativeJump 0x8059BF74-->8059BF82 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F82, Type: Inline - RelativeJump 0x8059BF82-->8059BF8C [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F8E, Type: Inline - RelativeJump 0x8059BF8E-->8059BF94 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4F90, Type: Inline - RelativeJump 0x8059BF90-->8059BF96 [ntoskrnl.exe]
ntoskrnl.exe+0x000C4FA4, Type: Inline - RelativeJump 0x8059BFA4-->8059BFAA [ntoskrnl.exe]
ntoskrnl.exe+0x000C523C, Type: Inline - RelativeCall 0x8059C23C-->80535BE7 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5473, Type: Inline - RelativeJump 0x8059C473-->8059D4F8 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5673, Type: Inline - RelativeJump 0x8059C673-->805F364E [ntoskrnl.exe]
ntoskrnl.exe+0x000C5822, Type: Inline - RelativeCall 0x8059C822-->8059C922 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5B0C, Type: Inline - RelativeJump 0x8059CB0C-->8059CB22 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5B42, Type: Inline - RelativeJump 0x8059CB42-->8059CB58 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5B4B, Type: Inline - PushRet 0x8059CB4B-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000C5BF4, Type: Inline - RelativeJump 0x8059CBF4-->8059CBA2 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5BFA, Type: Inline - RelativeJump 0x8059CBFA-->8059CC14 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5C63, Type: Inline - RelativeJump 0x8059CC63-->8059CC73 [ntoskrnl.exe]
ntoskrnl.exe+0x000C5C77, Type: Inline - RelativeJump 0x8059CC77-->8061BBDC [ntoskrnl.exe]
ntoskrnl.exe+0x000C5CAA, Type: Inline - RelativeJump 0x8059CCAA-->8059CCAC [ntoskrnl.exe]
ntoskrnl.exe+0x000C5DC3, Type: Inline - RelativeJump 0x8059CDC3-->805E0B3B [ntoskrnl.exe]
ntoskrnl.exe+0x000C5F9A, Type: Inline - RelativeJump 0x8059CF9A-->8059CFA6 [ntoskrnl.exe]
ntoskrnl.exe+0x000C615D, Type: Inline - RelativeJump 0x8059D15D-->8059D185 [ntoskrnl.exe]
ntoskrnl.exe+0x000C61CE, Type: Inline - RelativeJump 0x8059D1CE-->8059D1D4 [ntoskrnl.exe]
ntoskrnl.exe+0x000C61D0, Type: Inline - RelativeJump 0x8059D1D0-->8059D1D6 [ntoskrnl.exe]
ntoskrnl.exe+0x000C61DA, Type: Inline - RelativeJump 0x8059D1DA-->8059D1EC [ntoskrnl.exe]
ntoskrnl.exe+0x000C61EE, Type: Inline - RelativeJump 0x8059D1EE-->8059D1FC [ntoskrnl.exe]
ntoskrnl.exe+0x000C622C, Type: Inline - RelativeJump 0x8059D22C-->8059D236 [ntoskrnl.exe]
ntoskrnl.exe+0x000C623F, Type: Inline - RelativeJump 0x8059D23F-->8059D28F [ntoskrnl.exe]
ntoskrnl.exe+0x000C62B2, Type: Inline - DirectCall 0x8059D2B2-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000C62B9, Type: Inline - RelativeJump 0x8059D2B9-->805D7DC8 [ntoskrnl.exe]
ntoskrnl.exe+0x000C6583, Type: Inline - RelativeJump 0x8059D583-->805DC3BD [ntoskrnl.exe]
ntoskrnl.exe+0x000C6649, Type: Inline - RelativeJump 0x8059D649-->8059D623 [ntoskrnl.exe]
ntoskrnl.exe+0x000C67A9, Type: Inline - RelativeJump 0x8059D7A9-->8060879C [ntoskrnl.exe]
ntoskrnl.exe+0x000C67B8, Type: Inline - RelativeJump 0x8059D7B8-->8059D7C2 [ntoskrnl.exe]
ntoskrnl.exe+0x000C69C2, Type: Inline - RelativeJump 0x8059D9C2-->8059D9D5 [ntoskrnl.exe]
ntoskrnl.exe+0x000C6BB0, Type: Inline - RelativeJump 0x8059DBB0-->8059DBD4 [ntoskrnl.exe]
ntoskrnl.exe+0x000C6BBF, Type: Inline - RelativeCall 0x8059DBBF-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x000C6CD2, Type: Inline - RelativeJump 0x8059DCD2-->8059DC30 [ntoskrnl.exe]
ntoskrnl.exe+0x000C7228, Type: Inline - PushRet 0x8059E228-->90900010 [unknown_code_page]
ntoskrnl.exe+0x000C72B3, Type: Inline - RelativeJump 0x8059E2B3-->805EE903 [ntoskrnl.exe]
ntoskrnl.exe+0x000C72B9, Type: Inline - RelativeJump 0x8059E2B9-->8059F122 [ntoskrnl.exe]
ntoskrnl.exe+0x000C78C6, Type: Inline - RelativeJump 0x8059E8C6-->8057702D [ntoskrnl.exe]
ntoskrnl.exe+0x000C7A4D, Type: Inline - RelativeJump 0x8059EA4D-->8059EA5B [ntoskrnl.exe]
ntoskrnl.exe+0x000C7B04, Type: Inline - RelativeJump 0x8059EB04-->8059EB0A [ntoskrnl.exe]
ntoskrnl.exe+0x000C7B06, Type: Inline - RelativeJump 0x8059EB06-->8059EB10 [ntoskrnl.exe]
ntoskrnl.exe+0x000C7D9D, Type: Inline - RelativeCall 0x8059ED9D-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x000C7DB2, Type: Inline - RelativeJump 0x8059EDB2-->805B0369 [ntoskrnl.exe]
ntoskrnl.exe+0x000C7DBC, Type: Inline - RelativeCall 0x8059EDBC-->80596F10 [ntoskrnl.exe]
ntoskrnl.exe+0x000C7DFA, Type: Inline - RelativeJump 0x8059EDFA-->805F9F6B [ntoskrnl.exe]
ntoskrnl.exe+0x000C7E66, Type: Inline - PushRet 0x8059EE66-->90900018 [unknown_code_page]
ntoskrnl.exe+0x000C7FAE, Type: Inline - RelativeJump 0x8059EFAE-->8056FED5 [ntoskrnl.exe]
ntoskrnl.exe+0x000C7FB3, Type: Inline - RelativeCall 0x8059EFB3-->8059EFD2 [ntoskrnl.exe]
ntoskrnl.exe+0x000C7FBE, Type: Inline - RelativeJump 0x8059EFBE-->805DF984 [ntoskrnl.exe]
ntoskrnl.exe+0x000C80AD, Type: Inline - RelativeJump 0x8059F0AD-->8057F62F [ntoskrnl.exe]
ntoskrnl.exe+0x000C8581, Type: Inline - RelativeJump 0x8059F581-->80610831 [ntoskrnl.exe]
ntoskrnl.exe+0x000C86D0, Type: Inline - PushRet 0x8059F6D0-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000C878D, Type: Inline - PushRet 0x8059F78D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x000C87A4, Type: Inline - RelativeCall 0x8059F7A4-->80514EA5 [ntoskrnl.exe]
ntoskrnl.exe+0x000C87B6, Type: Inline - RelativeJump 0x8059F7B6-->805CC538 [ntoskrnl.exe]
ntoskrnl.exe+0x000C87C2, Type: Inline - RelativeJump 0x8059F7C2-->80610956 [ntoskrnl.exe]
ntoskrnl.exe+0x000C88DD, Type: Inline - RelativeJump 0x8059F8DD-->80610126 [ntoskrnl.exe]
ntoskrnl.exe+0x000C88E3, Type: Inline - RelativeCall 0x8059F8E3-->8059F963 [ntoskrnl.exe]
ntoskrnl.exe+0x000C899E, Type: Inline - RelativeJump 0x8059F99E-->8059F9BD [ntoskrnl.exe]
ntoskrnl.exe+0x000C8A90, Type: Inline - RelativeJump 0x8059FA90-->806111DA [ntoskrnl.exe]
ntoskrnl.exe+0x000C8A99, Type: Inline - RelativeJump 0x8059FA99-->80611205 [ntoskrnl.exe]
ntoskrnl.exe+0x000C8C4D, Type: Inline - RelativeJump 0x8059FC4D-->8060F925 [ntoskrnl.exe]
ntoskrnl.exe+0x000C8DBD, Type: Inline - RelativeJump 0x8059FDBD-->8059FD96 [ntoskrnl.exe]
ntoskrnl.exe+0x000C8F2A, Type: Inline - RelativeCall 0x8059FF2A-->805E45AB [ntoskrnl.exe]
ntoskrnl.exe+0x000C8F2F, Type: Inline - RelativeJump 0x8059FF2F-->805A0092 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9285, Type: Inline - RelativeJump 0x805A0285-->805A02DF [ntoskrnl.exe]
ntoskrnl.exe+0x000C92A8, Type: Inline - RelativeJump 0x805A02A8-->805A0383 [ntoskrnl.exe]
ntoskrnl.exe+0x000C92BE, Type: Inline - RelativeJump 0x805A02BE-->8060A043 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9319, Type: Inline - RelativeCall 0x805A0319-->805A0357 [ntoskrnl.exe]
ntoskrnl.exe+0x000C948C, Type: Inline - RelativeJump 0x805A048C-->8059D4C0 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9493, Type: Inline - RelativeJump 0x805A0493-->805A060A [ntoskrnl.exe]
ntoskrnl.exe+0x000C9576, Type: Inline - RelativeJump 0x805A0576-->805A0569 [ntoskrnl.exe]
ntoskrnl.exe+0x000C95E5, Type: Inline - RelativeJump 0x805A05E5-->805A0493 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9658, Type: Inline - RelativeJump 0x805A0658-->805A05DD [ntoskrnl.exe]
ntoskrnl.exe+0x000C966F, Type: Inline - RelativeCall 0x805A066F-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9677, Type: Inline - RelativeJump 0x805A0677-->805A089F [ntoskrnl.exe]
ntoskrnl.exe+0x000C9696, Type: Inline - RelativeCall 0x805A0696-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000C97DC, Type: Inline - RelativeCall 0x805A07DC-->805A04BA [ntoskrnl.exe]
ntoskrnl.exe+0x000C9954, Type: Inline - RelativeCall 0x805A0954-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9992, Type: Inline - RelativeJump 0x805A0992-->805A09EA [ntoskrnl.exe]
ntoskrnl.exe+0x000C9996, Type: Inline - RelativeCall 0x805A0996-->805E3A0D [ntoskrnl.exe]
ntoskrnl.exe+0x000C99A6, Type: Inline - RelativeJump 0x805A09A6-->805A09E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000C99AF, Type: Inline - RelativeJump 0x805A09AF-->805A09C1 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9A32, Type: Inline - RelativeJump 0x805A0A32-->805A0A38 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9A70, Type: Inline - RelativeJump 0x805A0A70-->805A0A7A [ntoskrnl.exe]
ntoskrnl.exe+0x000C9B5E, Type: Inline - RelativeJump 0x805A0B5E-->805A0B81 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9CFF, Type: Inline - RelativeCall 0x805A0CFF-->805A0CB1 [ntoskrnl.exe]
ntoskrnl.exe+0x000C9D12, Type: Inline - RelativeJump 0x805A0D12-->805A0D1D [ntoskrnl.exe]
ntoskrnl.exe+0x000CA2AC, Type: Inline - RelativeJump 0x805A12AC-->805A12BE [ntoskrnl.exe]
ntoskrnl.exe+0x000CA2B2, Type: Inline - RelativeCall 0x805A12B2-->805A10D2 [ntoskrnl.exe]
ntoskrnl.exe+0x000CA2B9, Type: Inline - RelativeJump 0x805A12B9-->805A12CB [ntoskrnl.exe]
ntoskrnl.exe+0x000CA39F, Type: Inline - RelativeJump 0x805A139F-->805A1405 [ntoskrnl.exe]
ntoskrnl.exe+0x000CA3D6, Type: Inline - RelativeJump 0x805A13D6-->805D4DA8 [ntoskrnl.exe]
ntoskrnl.exe+0x000CA3DD, Type: Inline - RelativeJump 0x805A13DD-->805D4DA9 [ntoskrnl.exe]
ntoskrnl.exe+0x000CA4B9, Type: Inline - RelativeJump 0x805A14B9-->805A14BB [ntoskrnl.exe]
ntoskrnl.exe+0x000CA81F, Type: Inline - PushRet 0x805A181F-->A9E68C0F [unknown_code_page]
ntoskrnl.exe+0x000CA822, Type: Inline - RelativeJump 0x805A1822-->805BC20E [ntoskrnl.exe]
ntoskrnl.exe+0x000CA98F, Type: Inline - RelativeCall 0x805A198F-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x000CAA8F, Type: Inline - RelativeJump 0x805A1A8F-->8059CB4E [ntoskrnl.exe]
ntoskrnl.exe+0x000CAA9F, Type: Inline - RelativeJump 0x805A1A9F-->805A0C25 [ntoskrnl.exe]
ntoskrnl.exe+0x000CAAA7, Type: Inline - RelativeJump 0x805A1AA7-->805A0C68 [ntoskrnl.exe]
ntoskrnl.exe+0x000CAB93, Type: Inline - RelativeJump 0x805A1B93-->805F10EB [ntoskrnl.exe]
ntoskrnl.exe+0x000CAC0E, Type: Inline - RelativeJump 0x805A1C0E-->805A1C1A [ntoskrnl.exe]
ntoskrnl.exe+0x000CACC2, Type: Inline - RelativeJump 0x805A1CC2-->8057951D [ntoskrnl.exe]
ntoskrnl.exe+0x000CADC5, Type: Inline - RelativeJump 0x805A1DC5-->805A1DE1 [ntoskrnl.exe]
ntoskrnl.exe+0x000CAE93, Type: Inline - RelativeJump 0x805A1E93-->805A595D [ntoskrnl.exe]
ntoskrnl.exe+0x000CAEA9, Type: Inline - RelativeJump 0x805A1EA9-->805A595D [ntoskrnl.exe]
ntoskrnl.exe+0x000CAF25, Type: Inline - RelativeJump 0x805A1F25-->805A1E24 [ntoskrnl.exe]
ntoskrnl.exe+0x000CAF2A, Type: Inline - RelativeJump 0x805A1F2A-->805A1E30 [ntoskrnl.exe]
ntoskrnl.exe+0x000CAF31, Type: Inline - RelativeJump 0x805A1F31-->805A1E1A [ntoskrnl.exe]
ntoskrnl.exe+0x000CAFDD, Type: Inline - RelativeJump 0x805A1FDD-->805A2698 [ntoskrnl.exe]
ntoskrnl.exe+0x000CB1D0, Type: Inline - RelativeJump 0x805A21D0-->805A21DE [ntoskrnl.exe]
ntoskrnl.exe+0x000CB354, Type: Inline - RelativeJump 0x805A2354-->805AD335 [ntoskrnl.exe]
ntoskrnl.exe+0x000CB48A, Type: Inline - RelativeJump 0x805A248A-->805A2490 [ntoskrnl.exe]
ntoskrnl.exe+0x000CB494, Type: Inline - RelativeJump 0x805A2494-->805A249A [ntoskrnl.exe]
ntoskrnl.exe+0x000CB4A0, Type: Inline - RelativeJump 0x805A24A0-->805A24A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CB8E9, Type: Inline - RelativeJump 0x805A28E9-->805A28F7 [ntoskrnl.exe]
ntoskrnl.exe+0x000CB984, Type: Inline - RelativeCall 0x805A2984-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000CB9F6, Type: Inline - RelativeJump 0x805A29F6-->805A28AC [ntoskrnl.exe]
ntoskrnl.exe+0x000CBB36, Type: Inline - RelativeJump 0x805A2B36-->805A2B48 [ntoskrnl.exe]
ntoskrnl.exe+0x000CBC48, Type: Inline - RelativeJump 0x805A2C48-->805A2C3E [ntoskrnl.exe]
ntoskrnl.exe+0x000CBD76, Type: Inline - RelativeJump 0x805A2D76-->805A2D70 [ntoskrnl.exe]
ntoskrnl.exe+0x000CC0C0, Type: Inline - RelativeJump 0x805A30C0-->805A30C6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CC292, Type: Inline - RelativeJump 0x805A3292-->805A32AC [ntoskrnl.exe]
ntoskrnl.exe+0x000CC2EC, Type: Inline - RelativeJump 0x805A32EC-->805A32F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CC3E6, Type: Inline - RelativeJump 0x805A33E6-->805A33EC [ntoskrnl.exe]
ntoskrnl.exe+0x000CC5FC, Type: Inline - RelativeJump 0x805A35FC-->805A3FEC [ntoskrnl.exe]
ntoskrnl.exe+0x000CC7EA, Type: Inline - RelativeJump 0x805A37EA-->805A3859 [ntoskrnl.exe]
ntoskrnl.exe+0x000CC831, Type: Inline - RelativeJump 0x805A3831-->805A386D [ntoskrnl.exe]
ntoskrnl.exe+0x000CC842, Type: Inline - RelativeJump 0x805A3842-->805A38B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000CCC3F, Type: Inline - RelativeJump 0x805A3C3F-->805A3C55 [ntoskrnl.exe]
ntoskrnl.exe+0x000CCC48, Type: Inline - RelativeCall 0x805A3C48-->805A3B8A [ntoskrnl.exe]
ntoskrnl.exe+0x000CCC50, Type: Inline - PushRet 0x805A3C50-->FF560014 [unknown_code_page]
ntoskrnl.exe+0x000CCC5A, Type: Inline - RelativeCall 0x805A3C5A-->8057A2C8 [ntoskrnl.exe]
ntoskrnl.exe+0x000CCC60, Type: Inline - RelativeJump 0x805A3C60-->805A3C7C [ntoskrnl.exe]
ntoskrnl.exe+0x000CCCE9, Type: Inline - RelativeJump 0x805A3CE9-->805A8FEA [ntoskrnl.exe]
ntoskrnl.exe+0x000CCDD7, Type: Inline - RelativeJump 0x805A3DD7-->80608964 [ntoskrnl.exe]
ntoskrnl.exe+0x000CCF74, Type: Inline - RelativeJump 0x805A3F74-->805A3B6D [ntoskrnl.exe]
ntoskrnl.exe+0x000CCF82, Type: Inline - RelativeJump 0x805A3F82-->805A3B6D [ntoskrnl.exe]
ntoskrnl.exe+0x000CD023, Type: Inline - RelativeJump 0x805A4023-->805A4089 [ntoskrnl.exe]
ntoskrnl.exe+0x000CD1FA, Type: Inline - RelativeCall 0x805A41FA-->805E3955 [ntoskrnl.exe]
ntoskrnl.exe+0x000CD35B, Type: Inline - RelativeCall 0x805A435B-->805E3A7B [ntoskrnl.exe]
ntoskrnl.exe+0x000CD367, Type: Inline - RelativeJump 0x805A4367-->805A43A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CD40C, Type: Inline - RelativeJump 0x805A440C-->805A4412 [ntoskrnl.exe]
ntoskrnl.exe+0x000CD54F, Type: Inline - PushRet 0x805A454F-->C033000C [unknown_code_page]
ntoskrnl.exe+0x000CD820, Type: Inline - RelativeCall 0x805A4820-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000CD834, Type: Inline - RelativeJump 0x805A4834-->805A4856 [ntoskrnl.exe]
ntoskrnl.exe+0x000CD84D, Type: Inline - RelativeJump 0x805A484D-->805A4867 [ntoskrnl.exe]
ntoskrnl.exe+0x000CDC40, Type: Inline - RelativeCall 0x805A4C40-->804F0C11 [ntoskrnl.exe]
ntoskrnl.exe+0x000CDE39, Type: Inline - RelativeJump 0x805A4E39-->805B28D7 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE09F, Type: Inline - RelativeJump 0x805A509F-->805A50A8 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE0A4, Type: Inline - RelativeJump 0x805A50A4-->805A50AA [ntoskrnl.exe]
ntoskrnl.exe+0x000CE27A, Type: Inline - RelativeJump 0x805A527A-->805A533D [ntoskrnl.exe]
ntoskrnl.exe+0x000CE38A, Type: Inline - RelativeCall 0x805A538A-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE393, Type: Inline - RelativeCall 0x805A5393-->805A32C8 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE4DB, Type: Inline - RelativeCall 0x805A54DB-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE50F, Type: Inline - RelativeCall 0x805A550F-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE61D, Type: Inline - PushRet 0x805A561D-->FF688D8B [unknown_code_page]
ntoskrnl.exe+0x000CE627, Type: Inline - RelativeJump 0x805A5627-->805F1983 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6B6, Type: Inline - RelativeJump 0x805A56B6-->805A56CA [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6BF, Type: Inline - RelativeCall 0x805A56BF-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6C6, Type: Inline - RelativeJump 0x805A56C6-->805A56DE [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6DA, Type: Inline - RelativeJump 0x805A56DA-->805A56EC [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6E2, Type: Inline - RelativeCall 0x805A56E2-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6E8, Type: Inline - RelativeJump 0x805A56E8-->805A56FA [ntoskrnl.exe]
ntoskrnl.exe+0x000CE6EF, Type: Inline - RelativeJump 0x805A56EF-->805A569D [ntoskrnl.exe]
ntoskrnl.exe+0x000CE774, Type: Inline - RelativeJump 0x805A5774-->805F6111 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE83F, Type: Inline - RelativeJump 0x805A583F-->805A5845 [ntoskrnl.exe]
ntoskrnl.exe+0x000CE90B, Type: Inline - RelativeJump 0x805A590B-->805F8513 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEA19, Type: Inline - RelativeJump 0x805A5A19-->805A5A43 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEA2C, Type: Inline - RelativeJump 0x805A5A2C-->805A5AB8 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEDC1, Type: Inline - RelativeJump 0x805A5DC1-->805A8CF6 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEDC9, Type: Inline - RelativeJump 0x805A5DC9-->805A5DD4 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEDE0, Type: Inline - RelativeJump 0x805A5DE0-->805A5DEC [ntoskrnl.exe]
ntoskrnl.exe+0x000CEDF4, Type: Inline - RelativeJump 0x805A5DF4-->805A5DFA [ntoskrnl.exe]
ntoskrnl.exe+0x000CEE16, Type: Inline - RelativeJump 0x805A5E16-->805A5E1C [ntoskrnl.exe]
ntoskrnl.exe+0x000CEE18, Type: Inline - RelativeJump 0x805A5E18-->805A5E1E [ntoskrnl.exe]
ntoskrnl.exe+0x000CEEA8, Type: Inline - RelativeJump 0x805A5EA8-->805A5EAE [ntoskrnl.exe]
ntoskrnl.exe+0x000CEEAA, Type: Inline - RelativeJump 0x805A5EAA-->805A5EB0 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEEAE, Type: Inline - RelativeJump 0x805A5EAE-->805A5EB4 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEEB6, Type: Inline - RelativeJump 0x805A5EB6-->805A5EBC [ntoskrnl.exe]
ntoskrnl.exe+0x000CEEBA, Type: Inline - RelativeJump 0x805A5EBA-->805A5EC0 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEEBC, Type: Inline - RelativeJump 0x805A5EBC-->805A5EC2 [ntoskrnl.exe]
ntoskrnl.exe+0x000CEFF9, Type: Inline - RelativeJump 0x805A5FF9-->805A5FE3 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF00F, Type: Inline - RelativeJump 0x805A600F-->805B5F7F [ntoskrnl.exe]
ntoskrnl.exe+0x000CF14E, Type: Inline - RelativeCall 0x805A614E-->805E3A0D [ntoskrnl.exe]
ntoskrnl.exe+0x000CF15A, Type: Inline - RelativeJump 0x805A615A-->805F47D7 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF164, Type: Inline - RelativeCall 0x805A6164-->805A714A [ntoskrnl.exe]
ntoskrnl.exe+0x000CF2EA, Type: Inline - RelativeCall 0x805A62EA-->805A7F46 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF434, Type: Inline - RelativeJump 0x805A6434-->805A6648 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF6A8, Type: Inline - RelativeJump 0x805A66A8-->805A66AE [ntoskrnl.exe]
ntoskrnl.exe+0x000CF744, Type: Inline - RelativeJump 0x805A6744-->805F57F0 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF81E, Type: Inline - RelativeJump 0x805A681E-->805A6834 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF88E, Type: Inline - RelativeCall 0x805A688E-->80505FEE [ntoskrnl.exe]
ntoskrnl.exe+0x000CF8A1, Type: Inline - RelativeJump 0x805A68A1-->805F5862 [ntoskrnl.exe]
ntoskrnl.exe+0x000CF928, Type: Inline - RelativeJump 0x805A6928-->805A68F2 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFA29, Type: Inline - RelativeCall 0x805A6A29-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFA58, Type: Inline - RelativeCall 0x805A6A58-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFA66, Type: Inline - RelativeJump 0x805A6A66-->805F5CAE [ntoskrnl.exe]
ntoskrnl.exe+0x000CFAFA, Type: Inline - RelativeJump 0x805A6AFA-->805F5D64 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFBD3, Type: Inline - RelativeCall 0x805A6BD3-->805A5AE2 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFC17, Type: Inline - RelativeCall 0x805A6C17-->805A7968 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFE1B, Type: Inline - RelativeJump 0x805A6E1B-->805A8D02 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFE60, Type: Inline - RelativeJump 0x805A6E60-->805A6E26 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFE64, Type: Inline - PushRet 0x805A6E64-->90900010 [unknown_code_page]
ntoskrnl.exe+0x000CFF88, Type: Inline - RelativeJump 0x805A6F88-->805A6FD3 [ntoskrnl.exe]
ntoskrnl.exe+0x000CFF98, Type: Inline - RelativeCall 0x805A6F98-->805E3955 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0077, Type: Inline - RelativeCall 0x805A7077-->805A5C23 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0226, Type: Inline - RelativeCall 0x805A7226-->805A6CD9 [ntoskrnl.exe]
ntoskrnl.exe+0x000D022B, Type: Inline - RelativeJump 0x805A722B-->805A723F [ntoskrnl.exe]
ntoskrnl.exe+0x000D023B, Type: Inline - PushRet 0x805A723B-->8D530004 [unknown_code_page]
ntoskrnl.exe+0x000D0454, Type: Inline - RelativeJump 0x805A7454-->805F4350 [ntoskrnl.exe]
ntoskrnl.exe+0x000D066D, Type: Inline - PushRet 0x805A766D-->90900010 [unknown_code_page]
ntoskrnl.exe+0x000D072A, Type: Inline - RelativeCall 0x805A772A-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x000D0734, Type: Inline - PushRet 0x805A7734-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000D0738, Type: Inline - RelativeJump 0x805A7738-->805A77E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0750, Type: Inline - RelativeJump 0x805A7750-->805A77E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0759, Type: Inline - RelativeJump 0x805A7759-->805A77E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D07A2, Type: Inline - RelativeJump 0x805A77A2-->805A77BC [ntoskrnl.exe]
ntoskrnl.exe+0x000D07E6, Type: Inline - RelativeJump 0x805A77E6-->805A77E0 [ntoskrnl.exe]
ntoskrnl.exe+0x000D083F, Type: Inline - RelativeCall 0x805A783F-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0845, Type: Inline - RelativeJump 0x805A7845-->805A4337 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0C8F, Type: Inline - RelativeJump 0x805A7C8F-->805A7C98 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0D64, Type: Inline - RelativeJump 0x805A7D64-->805A7D56 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0E25, Type: Inline - RelativeJump 0x805A7E25-->805A7E78 [ntoskrnl.exe]
ntoskrnl.exe+0x000D0F0A, Type: Inline - RelativeJump 0x805A7F0A-->805A7F8D [ntoskrnl.exe]
ntoskrnl.exe+0x000D10DC, Type: Inline - RelativeJump 0x805A80DC-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1205, Type: Inline - RelativeJump 0x805A8205-->8059C17C [ntoskrnl.exe]
ntoskrnl.exe+0x000D1211, Type: Inline - RelativeJump 0x805A8211-->805A81F7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D121C, Type: Inline - RelativeJump 0x805A821C-->8059C186 [ntoskrnl.exe]
ntoskrnl.exe+0x000D12FE, Type: Inline - RelativeJump 0x805A82FE-->805A8300 [ntoskrnl.exe]
ntoskrnl.exe+0x000D141F, Type: Inline - PushRet 0x805A841F-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000D14E6, Type: Inline - RelativeJump 0x805A84E6-->805A8530 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1521, Type: Inline - PushRet 0x805A8521-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000D1559, Type: Inline - RelativeJump 0x805A8559-->805A854F [ntoskrnl.exe]
ntoskrnl.exe+0x000D172F, Type: Inline - RelativeCall 0x805A872F-->80514EA5 [ntoskrnl.exe]
ntoskrnl.exe+0x000D197A, Type: Inline - RelativeJump 0x805A897A-->805A8986 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1A29, Type: Inline - RelativeCall 0x805A8A29-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1C1A, Type: Inline - RelativeJump 0x805A8C1A-->805A8BEC [ntoskrnl.exe]
ntoskrnl.exe+0x000D1D4E, Type: Inline - RelativeJump 0x805A8D4E-->805A5E3A [ntoskrnl.exe]
ntoskrnl.exe+0x000D1D59, Type: Inline - RelativeJump 0x805A8D59-->805A8D64 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1D8B, Type: Inline - RelativeCall 0x805A8D8B-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1D92, Type: Inline - RelativeCall 0x805A8D92-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1D9A, Type: Inline - RelativeJump 0x805A8D9A-->805A6616 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1D9F, Type: Inline - RelativeJump 0x805A8D9F-->805A6759 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1ED4, Type: Inline - RelativeJump 0x805A8ED4-->805A8ECA [ntoskrnl.exe]
ntoskrnl.exe+0x000D1F4C, Type: Inline - RelativeJump 0x805A8F4C-->805A8F60 [ntoskrnl.exe]
ntoskrnl.exe+0x000D1F65, Type: Inline - RelativeJump 0x805A8F65-->805A8E9A [ntoskrnl.exe]
ntoskrnl.exe+0x000D21C4, Type: Inline - RelativeJump 0x805A91C4-->805FBE8D [ntoskrnl.exe]
ntoskrnl.exe+0x000D24A9, Type: Inline - RelativeJump 0x805A94A9-->805A9410 [ntoskrnl.exe]
ntoskrnl.exe+0x000D2564, Type: Inline - RelativeJump 0x805A9564-->805FB4AD [ntoskrnl.exe]
ntoskrnl.exe+0x000D256D, Type: Inline - RelativeJump 0x805A956D-->805FB4AD [ntoskrnl.exe]
ntoskrnl.exe+0x000D25D8, Type: Inline - RelativeJump 0x805A95D8-->805946AF [ntoskrnl.exe]
ntoskrnl.exe+0x000D26CB, Type: Inline - PushRet 0x805A96CB-->90900014 [unknown_code_page]
ntoskrnl.exe+0x000D271D, Type: Inline - RelativeJump 0x805A971D-->80613A02 [ntoskrnl.exe]
ntoskrnl.exe+0x000D272C, Type: Inline - RelativeJump 0x805A972C-->805A973F [ntoskrnl.exe]
ntoskrnl.exe+0x000D27E8, Type: Inline - RelativeJump 0x805A97E8-->805A97F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D27FA, Type: Inline - PushRet 0x805A97FA-->90900014 [unknown_code_page]
ntoskrnl.exe+0x000D286F, Type: Inline - RelativeJump 0x805A986F-->805A987D [ntoskrnl.exe]
ntoskrnl.exe+0x000D2A2E, Type: Inline - RelativeJump 0x805A9A2E-->805A9A3C [ntoskrnl.exe]
ntoskrnl.exe+0x000D2AEC, Type: Inline - RelativeCall 0x805A9AEC-->805A4B2D [ntoskrnl.exe]
ntoskrnl.exe+0x000D2B04, Type: Inline - RelativeJump 0x805A9B04-->805A9B16 [ntoskrnl.exe]
ntoskrnl.exe+0x000D2B56, Type: Inline - RelativeCall 0x805A9B56-->805A4DCA [ntoskrnl.exe]
ntoskrnl.exe+0x000D2B9E, Type: Inline - RelativeCall 0x805A9B9E-->805A9AA0 [ntoskrnl.exe]
ntoskrnl.exe+0x000D2D58, Type: Inline - DirectCall 0x805A9D58-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000D2FB8, Type: Inline - RelativeCall 0x805A9FB8-->804E368A [ntoskrnl.exe]
ntoskrnl.exe+0x000D2FC6, Type: Inline - RelativeJump 0x805A9FC6-->805AA0A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D304D, Type: Inline - RelativeJump 0x805AA04D-->805C5F1D [ntoskrnl.exe]
ntoskrnl.exe+0x000D3083, Type: Inline - RelativeCall 0x805AA083-->804E477E [ntoskrnl.exe]
ntoskrnl.exe+0x000D3088, Type: Inline - RelativeCall 0x805AA088-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x000D3091, Type: Inline - RelativeJump 0x805AA091-->805C5ED1 [ntoskrnl.exe]
ntoskrnl.exe+0x000D318B, Type: Inline - RelativeJump 0x805AA18B-->805AA1B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D3250, Type: Inline - RelativeJump 0x805AA250-->805D8BA0 [ntoskrnl.exe]
ntoskrnl.exe+0x000D34A0, Type: Inline - RelativeJump 0x805AA4A0-->805D8C9A [ntoskrnl.exe]
ntoskrnl.exe+0x000D34A9, Type: Inline - RelativeJump 0x805AA4A9-->805AA4BB [ntoskrnl.exe]
ntoskrnl.exe+0x000D34B0, Type: Inline - RelativeCall 0x805AA4B0-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe+0x000D34B7, Type: Inline - RelativeJump 0x805AA4B7-->805B0D66 [ntoskrnl.exe]
ntoskrnl.exe+0x000D356F, Type: Inline - RelativeJump 0x805AA56F-->8ACEA5B3 [unknown_code_page]
ntoskrnl.exe+0x000D3575, Type: Inline - RelativeCall 0x805AA575-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe+0x000D364F, Type: Inline - RelativeJump 0x805AA64F-->805AA2AA [ntoskrnl.exe]
ntoskrnl.exe+0x000D392C, Type: Inline - RelativeJump 0x805AA92C-->805AA8D3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D39EF, Type: Inline - RelativeJump 0x805AA9EF-->80610395 [ntoskrnl.exe]
ntoskrnl.exe+0x000D3C52, Type: Inline - RelativeJump 0x805AAC52-->805AAC87 [ntoskrnl.exe]
ntoskrnl.exe+0x000D3F36, Type: Inline - RelativeJump 0x805AAF36-->805AF38E [ntoskrnl.exe]
ntoskrnl.exe+0x000D3F4C, Type: Inline - RelativeJump 0x805AAF4C-->805AF38E [ntoskrnl.exe]
ntoskrnl.exe+0x000D3F9D, Type: Inline - RelativeJump 0x805AAF9D-->805AAFAF [ntoskrnl.exe]
ntoskrnl.exe+0x000D3FD7, Type: Inline - RelativeCall 0x805AAFD7-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000D3FE2, Type: Inline - RelativeCall 0x805AAFE2-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x000D405B, Type: Inline - RelativeJump 0x805AB05B-->805AB0B5 [ntoskrnl.exe]
ntoskrnl.exe+0x000D406F, Type: Inline - RelativeCall 0x805AB06F-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4124, Type: Inline - RelativeCall 0x805AB124-->805A1115 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4129, Type: Inline - RelativeCall 0x805AB129-->805E7146 [ntoskrnl.exe]
ntoskrnl.exe+0x000D413E, Type: Inline - RelativeJump 0x805AB13E-->80606918 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4220, Type: Inline - RelativeJump 0x805AB220-->805AB230 [ntoskrnl.exe]
ntoskrnl.exe+0x000D43DC, Type: Inline - RelativeJump 0x805AB3DC-->805AB3FA [ntoskrnl.exe]
ntoskrnl.exe+0x000D43DF, Type: Inline - RelativeJump 0x805AB3DF-->80606A71 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4534, Type: Inline - RelativeJump 0x805AB534-->805AB542 [ntoskrnl.exe]
ntoskrnl.exe+0x000D45D4, Type: Inline - RelativeJump 0x805AB5D4-->805AB5B2 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4719, Type: Inline - RelativeJump 0x805AB719-->805AB73D [ntoskrnl.exe]
ntoskrnl.exe+0x000D474E, Type: Inline - RelativeJump 0x805AB74E-->805AB778 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4767, Type: Inline - RelativeCall 0x805AB767-->805AB415 [ntoskrnl.exe]
ntoskrnl.exe+0x000D476F, Type: Inline - RelativeJump 0x805AB76F-->805AB0D0 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4774, Type: Inline - RelativeCall 0x805AB774-->805AB322 [ntoskrnl.exe]
ntoskrnl.exe+0x000D477C, Type: Inline - RelativeJump 0x805AB77C-->805AB0D0 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4781, Type: Inline - RelativeJump 0x805AB781-->805AAFB1 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4789, Type: Inline - RelativeJump 0x805AB789-->805AAE60 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4793, Type: Inline - RelativeJump 0x805AB793-->805933E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D479B, Type: Inline - RelativeJump 0x805AB79B-->805933E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4832, Type: Inline - RelativeCall 0x805AB832-->80576D74 [ntoskrnl.exe]
ntoskrnl.exe+0x000D48B9, Type: Inline - RelativeCall 0x805AB8B9-->805AB8F4 [ntoskrnl.exe]
ntoskrnl.exe+0x000D490D, Type: Inline - RelativeCall 0x805AB90D-->804DA5B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4A28, Type: Inline - PushRet 0x805ABA28-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000D4CBC, Type: Inline - RelativeJump 0x805ABCBC-->806080EE [ntoskrnl.exe]
ntoskrnl.exe+0x000D4CE8, Type: Inline - RelativeJump 0x805ABCE8-->80608102 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4CF3, Type: Inline - RelativeJump 0x805ABCF3-->805D890A [ntoskrnl.exe]
ntoskrnl.exe+0x000D4CFC, Type: Inline - RelativeJump 0x805ABCFC-->8060812D [ntoskrnl.exe]
ntoskrnl.exe+0x000D4D05, Type: Inline - RelativeJump 0x805ABD05-->805ABF09 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4D0E, Type: Inline - RelativeJump 0x805ABD0E-->805D890A [ntoskrnl.exe]
ntoskrnl.exe+0x000D4D19, Type: Inline - RelativeJump 0x805ABD19-->805D890A [ntoskrnl.exe]
ntoskrnl.exe+0x000D4EB1, Type: Inline - RelativeJump 0x805ABEB1-->806081D1 [ntoskrnl.exe]
ntoskrnl.exe+0x000D4ED7, Type: Inline - PushRet 0x805ABED7-->FDE80005 [unknown_code_page]
ntoskrnl.exe+0x000D5131, Type: Inline - RelativeCall 0x805AC131-->805AC390 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5306, Type: Inline - RelativeJump 0x805AC306-->805AC30E [ntoskrnl.exe]
ntoskrnl.exe+0x000D53F2, Type: Inline - RelativeJump 0x805AC3F2-->8060D423 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5404, Type: Inline - RelativeJump 0x805AC404-->805AC422 [ntoskrnl.exe]
ntoskrnl.exe+0x000D54DE, Type: Inline - RelativeJump 0x805AC4DE-->8060D30A [ntoskrnl.exe]
ntoskrnl.exe+0x000D55E7, Type: Inline - RelativeJump 0x805AC5E7-->805AC610 [ntoskrnl.exe]
ntoskrnl.exe+0x000D576D, Type: Inline - RelativeJump 0x805AC76D-->805AC7D3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5A23, Type: Inline - RelativeJump 0x805ACA23-->8060DC92 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5C7B, Type: Inline - RelativeJump 0x805ACC7B-->805ACC91 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5DBD, Type: Inline - RelativeJump 0x805ACDBD-->805ACD96 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5DC3, Type: Inline - RelativeCall 0x805ACDC3-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x000D5DD3, Type: Inline - RelativeJump 0x805ACDD3-->8060E2C3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5F20, Type: Inline - RelativeCall 0x805ACF20-->804E41DE [ntoskrnl.exe]
ntoskrnl.exe+0x000D5F25, Type: Inline - RelativeJump 0x805ACF25-->805ACF93 [ntoskrnl.exe]
ntoskrnl.exe+0x000D5F2D, Type: Inline - RelativeJump 0x805ACF2D-->805ACF9B [ntoskrnl.exe]
ntoskrnl.exe+0x000D5FE1, Type: Inline - RelativeJump 0x805ACFE1-->805AEDD0 [ntoskrnl.exe]
ntoskrnl.exe+0x000D611C, Type: Inline - RelativeJump 0x805AD11C-->805AD12A [ntoskrnl.exe]
ntoskrnl.exe+0x000D6212, Type: Inline - RelativeJump 0x805AD212-->805FC040 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6250, Type: Inline - RelativeJump 0x805AD250-->805F6BA2 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6282, Type: Inline - RelativeJump 0x805AD282-->805F6BAC [ntoskrnl.exe]
ntoskrnl.exe+0x000D6356, Type: Inline - RelativeJump 0x805AD356-->805AD364 [ntoskrnl.exe]
ntoskrnl.exe+0x000D63F9, Type: Inline - RelativeCall 0x805AD3F9-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6579, Type: Inline - RelativeCall 0x805AD579-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D677E, Type: Inline - RelativeJump 0x805AD77E-->805AE938 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6846, Type: Inline - RelativeJump 0x805AD846-->805AD856 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6874, Type: Inline - RelativeCall 0x805AD874-->8059CED9 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6882, Type: Inline - RelativeJump 0x805AD882-->805F5EB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D688A, Type: Inline - RelativeJump 0x805AD88A-->805AD8A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000D68D6, Type: Inline - RelativeJump 0x805AD8D6-->805F6171 [ntoskrnl.exe]
ntoskrnl.exe+0x000D68DC, Type: Inline - RelativeJump 0x805AD8DC-->805F6183 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6AC0, Type: Inline - RelativeJump 0x805ADAC0-->805ADACE [ntoskrnl.exe]
ntoskrnl.exe+0x000D6BED, Type: Inline - RelativeCall 0x805ADBED-->805ADBA4 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6BF2, Type: Inline - RelativeJump 0x805ADBF2-->805ADC15 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6C5C, Type: Inline - RelativeCall 0x805ADC5C-->810B5CEC [unknown_code_page]
ntoskrnl.exe+0x000D6C6F, Type: Inline - RelativeJump 0x805ADC6F-->805ADC29 [ntoskrnl.exe]
ntoskrnl.exe+0x000D6DB0, Type: Inline - RelativeJump 0x805ADDB0-->805F7FB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D719D, Type: Inline - PushRet 0x805AE19D-->8B665D74 [unknown_code_page]
ntoskrnl.exe+0x000D71A1, Type: Inline - RelativeJump 0x805AE1A1-->805AE204 [ntoskrnl.exe]
ntoskrnl.exe+0x000D71DD, Type: Inline - RelativeJump 0x805AE1DD-->805AE21F [ntoskrnl.exe]
ntoskrnl.exe+0x000D7213, Type: Inline - RelativeJump 0x805AE213-->805AE187 [ntoskrnl.exe]
ntoskrnl.exe+0x000D730C, Type: Inline - RelativeJump 0x805AE30C-->805F6264 [ntoskrnl.exe]
ntoskrnl.exe+0x000D7420, Type: Inline - RelativeCall 0x805AE420-->805A27A7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D742D, Type: Inline - PushRet 0x805AE42D-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000D7468, Type: Inline - PushRet 0x805AE468-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000D75A4, Type: Inline - PushRet 0x805AE5A4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000D77C1, Type: Inline - RelativeJump 0x805AE7C1-->805AE7CF [ntoskrnl.exe]
ntoskrnl.exe+0x000D7A6D, Type: Inline - RelativeJump 0x805AEA6D-->805AEAFD [ntoskrnl.exe]
ntoskrnl.exe+0x000D7BFF, Type: Inline - RelativeJump 0x805AEBFF-->805AEC0A [ntoskrnl.exe]
ntoskrnl.exe+0x000D7C9E, Type: Inline - PushRet 0x805AEC9E-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000D7D29, Type: Inline - RelativeJump 0x805AED29-->805F6AB3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D7D2F, Type: Inline - RelativeJump 0x805AED2F-->805F6AD4 [ntoskrnl.exe]
ntoskrnl.exe+0x000D7EDF, Type: Inline - RelativeJump 0x805AEEDF-->805F19E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8130, Type: Inline - RelativeJump 0x805AF130-->805AF136 [ntoskrnl.exe]
ntoskrnl.exe+0x000D813A, Type: Inline - RelativeJump 0x805AF13A-->805AF144 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8144, Type: Inline - RelativeJump 0x805AF144-->805AF14A [ntoskrnl.exe]
ntoskrnl.exe+0x000D8146, Type: Inline - RelativeJump 0x805AF146-->805AF14C [ntoskrnl.exe]
ntoskrnl.exe+0x000D815C, Type: Inline - RelativeJump 0x805AF15C-->805AF166 [ntoskrnl.exe]
ntoskrnl.exe+0x000D822E, Type: Inline - RelativeCall 0x805AF22E-->804F2F15 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8293, Type: Inline - RelativeJump 0x805AF293-->805AF2A1 [ntoskrnl.exe]
ntoskrnl.exe+0x000D82E1, Type: Inline - RelativeCall 0x805AF2E1-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000D82ED, Type: Inline - RelativeJump 0x805AF2ED-->80574C34 [ntoskrnl.exe]
ntoskrnl.exe+0x000D82F4, Type: Inline - RelativeJump 0x805AF2F4-->805A948A [ntoskrnl.exe]
ntoskrnl.exe+0x000D83CA, Type: Inline - RelativeCall 0x805AF3CA-->80684031 [ntoskrnl.exe]
ntoskrnl.exe+0x000D83D3, Type: Inline - RelativeJump 0x805AF3D3-->805E4301 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8402, Type: Inline - RelativeJump 0x805AF402-->805AF422 [ntoskrnl.exe]
ntoskrnl.exe+0x000D866C, Type: Inline - RelativeJump 0x805AF66C-->806101CB [ntoskrnl.exe]
ntoskrnl.exe+0x000D8679, Type: Inline - RelativeCall 0x805AF679-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe+0x000D86C4, Type: Inline - RelativeJump 0x805AF6C4-->805D92BB [ntoskrnl.exe]
ntoskrnl.exe+0x000D878A, Type: Inline - RelativeJump 0x805AF78A-->805AF7A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000D87BD, Type: Inline - RelativeJump 0x805AF7BD-->805AF7EE [ntoskrnl.exe]
ntoskrnl.exe+0x000D88FF, Type: Inline - RelativeJump 0x805AF8FF-->805AF90D [ntoskrnl.exe]
ntoskrnl.exe+0x000D8993, Type: Inline - RelativeJump 0x805AF993-->805F9B82 [ntoskrnl.exe]
ntoskrnl.exe+0x000D89A5, Type: Inline - RelativeJump 0x805AF9A5-->805E6056 [ntoskrnl.exe]
ntoskrnl.exe+0x000D89AC, Type: Inline - RelativeJump 0x805AF9AC-->80596A55 [ntoskrnl.exe]
ntoskrnl.exe+0x000D89B8, Type: Inline - RelativeJump 0x805AF9B8-->805F9BF3 [ntoskrnl.exe]
ntoskrnl.exe+0x000D89BF, Type: Inline - RelativeJump 0x805AF9BF-->80596BC7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8AC3, Type: Inline - RelativeJump 0x805AFAC3-->805AFAAD [ntoskrnl.exe]
ntoskrnl.exe+0x000D8B82, Type: Inline - RelativeJump 0x805AFB82-->804E39D2 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8C59, Type: Inline - RelativeJump 0x805AFC59-->805AFC43 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8C69, Type: Inline - RelativeCall 0x805AFC69-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8C6E, Type: Inline - RelativeJump 0x805AFC6E-->80574C34 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8C81, Type: Inline - RelativeJump 0x805AFC81-->8060458E [ntoskrnl.exe]
ntoskrnl.exe+0x000D8C8C, Type: Inline - RelativeJump 0x805AFC8C-->80574C2D [ntoskrnl.exe]
ntoskrnl.exe+0x000D8CAF, Type: Inline - RelativeJump 0x805AFCAF-->805AC5D1 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8D0C, Type: Inline - RelativeJump 0x805AFD0C-->805AFCF6 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8E67, Type: Inline - RelativeJump 0x805AFE67-->805AC1E5 [ntoskrnl.exe]
ntoskrnl.exe+0x000D8EB9, Type: Inline - RelativeJump 0x805AFEB9-->8057F0F9 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9034, Type: Inline - RelativeCall 0x805B0034-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe+0x000D903A, Type: Inline - RelativeJump 0x805B003A-->805B0030 [ntoskrnl.exe]
ntoskrnl.exe+0x000D90F1, Type: Inline - RelativeJump 0x805B00F1-->806031DD [ntoskrnl.exe]
ntoskrnl.exe+0x000D90FD, Type: Inline - RelativeCall 0x805B00FD-->80512C69 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9105, Type: Inline - RelativeJump 0x805B0105-->805E0E66 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9140, Type: Inline - RelativeJump 0x805B0140-->8058D3C7 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9155, Type: Inline - RelativeJump 0x805B0155-->8058D41E [ntoskrnl.exe]
ntoskrnl.exe+0x000D9208, Type: Inline - RelativeJump 0x805B0208-->805E77BD [ntoskrnl.exe]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:47 pm


ntoskrnl.exe+0x000D9210, Type: Inline - RelativeCall 0x805B0210-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9420, Type: Inline - RelativeJump 0x805B0420-->80574A66 [ntoskrnl.exe]
ntoskrnl.exe+0x000D942A, Type: Inline - RelativeJump 0x805B042A-->80574A72 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9436, Type: Inline - RelativeJump 0x805B0436-->8057AFF5 [ntoskrnl.exe]
ntoskrnl.exe+0x000D943B, Type: Inline - RelativeJump 0x805B043B-->8057B741 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9530, Type: Inline - RelativeCall 0x805B0530-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9917, Type: Inline - RelativeJump 0x805B0917-->805B093F [ntoskrnl.exe]
ntoskrnl.exe+0x000D99EA, Type: Inline - RelativeJump 0x805B09EA-->805B09FC [ntoskrnl.exe]
ntoskrnl.exe+0x000D99FA, Type: Inline - RelativeCall 0x805B09FA-->8051879F [ntoskrnl.exe]
ntoskrnl.exe+0x000D9AF7, Type: Inline - RelativeJump 0x805B0AF7-->805B0AC5 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9B95, Type: Inline - RelativeJump 0x805B0B95-->805B0B7B [ntoskrnl.exe]
ntoskrnl.exe+0x000D9E14, Type: Inline - RelativeJump 0x805B0E14-->805B0E22 [ntoskrnl.exe]
ntoskrnl.exe+0x000D9FF8, Type: Inline - RelativeJump 0x805B0FF8-->805B0F2E [ntoskrnl.exe]
ntoskrnl.exe+0x000DA004, Type: Inline - RelativeJump 0x805B1004-->805B100E [ntoskrnl.exe]
ntoskrnl.exe+0x000DA127, Type: Inline - RelativeCall 0x805B1127-->804FCA51 [ntoskrnl.exe]
ntoskrnl.exe+0x000DA140, Type: Inline - RelativeCall 0x805B1140-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000DA173, Type: Inline - DirectCall 0x805B1173-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000DA292, Type: Inline - RelativeJump 0x805B1292-->805B12A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DA299, Type: Inline - RelativeJump 0x805B1299-->805A103E [ntoskrnl.exe]
ntoskrnl.exe+0x000DA2A7, Type: Inline - RelativeJump 0x805B12A7-->805B12C5 [ntoskrnl.exe]
ntoskrnl.exe+0x000DA2B7, Type: Inline - RelativeJump 0x805B12B7-->805B12CD [ntoskrnl.exe]
ntoskrnl.exe+0x000DA4E1, Type: Inline - RelativeJump 0x805B14E1-->805B14AE [ntoskrnl.exe]
ntoskrnl.exe+0x000DA4F2, Type: Inline - RelativeJump 0x805B14F2-->8058CB65 [ntoskrnl.exe]
ntoskrnl.exe+0x000DA4F8, Type: Inline - RelativeJump 0x805B14F8-->805FCC32 [ntoskrnl.exe]
ntoskrnl.exe+0x000DA570, Type: Inline - RelativeJump 0x805B1570-->805B159A [ntoskrnl.exe]
ntoskrnl.exe+0x000DA9C1, Type: Inline - RelativeJump 0x805B19C1-->805BF5E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DAD24, Type: Inline - RelativeJump 0x805B1D24-->805B1E31 [ntoskrnl.exe]
ntoskrnl.exe+0x000DAD2F, Type: Inline - RelativeJump 0x805B1D2F-->805B1E31 [ntoskrnl.exe]
ntoskrnl.exe+0x000DAE10, Type: Inline - RelativeCall 0x805B1E10-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DAFA2, Type: Inline - RelativeCall 0x805B1FA2-->804F16BE [ntoskrnl.exe]
ntoskrnl.exe+0x000DAFAE, Type: Inline - RelativeJump 0x805B1FAE-->805B1FE3 [ntoskrnl.exe]
ntoskrnl.exe+0x000DAFB8, Type: Inline - RelativeJump 0x805B1FB8-->805B1FDC [ntoskrnl.exe]
ntoskrnl.exe+0x000DAFC4, Type: Inline - RelativeCall 0x805B1FC4-->805B1F6B [ntoskrnl.exe]
ntoskrnl.exe+0x000DAFD0, Type: Inline - RelativeJump 0x805B1FD0-->80610820 [ntoskrnl.exe]
ntoskrnl.exe+0x000DAFFA, Type: Inline - RelativeCall 0x805B1FFA-->805B202A [ntoskrnl.exe]
ntoskrnl.exe+0x000DB040, Type: Inline - RelativeJump 0x805B2040-->805B2063 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB055, Type: Inline - RelativeJump 0x805B2055-->805B2083 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB066, Type: Inline - RelativeJump 0x805B2066-->8060F79C [ntoskrnl.exe]
ntoskrnl.exe+0x000DB0FF, Type: Inline - RelativeJump 0x805B20FF-->806161B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB104, Type: Inline - RelativeJump 0x805B2104-->805E22FE [ntoskrnl.exe]
ntoskrnl.exe+0x000DB130, Type: Inline - RelativeJump 0x805B2130-->805E232B [ntoskrnl.exe]
ntoskrnl.exe+0x000DB13F, Type: Inline - RelativeJump 0x805B213F-->805E1FB1 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB148, Type: Inline - RelativeCall 0x805B2148-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB14D, Type: Inline - RelativeJump 0x805B214D-->805B21CA [ntoskrnl.exe]
ntoskrnl.exe+0x000DB160, Type: Inline - RelativeJump 0x805B2160-->806160A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB45A, Type: Inline - RelativeJump 0x805B245A-->80605AD0 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB638, Type: Inline - RelativeCall 0x805B2638-->804E33F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB641, Type: Inline - RelativeJump 0x805B2641-->805B271A [ntoskrnl.exe]
ntoskrnl.exe+0x000DB6DB, Type: Inline - RelativeJump 0x805B26DB-->805B26DD [ntoskrnl.exe]
ntoskrnl.exe+0x000DB6DE, Type: Inline - RelativeJump 0x805B26DE-->805B26F4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB817, Type: Inline - RelativeJump 0x805B2817-->805F0FC9 [ntoskrnl.exe]
ntoskrnl.exe+0x000DB823, Type: Inline - RelativeJump 0x805B2823-->805B282F [ntoskrnl.exe]
ntoskrnl.exe+0x000DB8D1, Type: Inline - RelativeJump 0x805B28D1-->805B28D9 [ntoskrnl.exe]
ntoskrnl.exe+0x000DBB7C, Type: Inline - RelativeJump 0x805B2B7C-->805B2BA2 [ntoskrnl.exe]
ntoskrnl.exe+0x000DBB8E, Type: Inline - RelativeJump 0x805B2B8E-->805B2B9B [ntoskrnl.exe]
ntoskrnl.exe+0x000DBC46, Type: Inline - RelativeJump 0x805B2C46-->805FEB4A [ntoskrnl.exe]
ntoskrnl.exe+0x000DBC50, Type: Inline - RelativeJump 0x805B2C50-->805B3210 [ntoskrnl.exe]
ntoskrnl.exe+0x000DBDC1, Type: Inline - RelativeJump 0x805B2DC1-->805B2DD5 [ntoskrnl.exe]
ntoskrnl.exe+0x000DBEE4, Type: Inline - RelativeJump 0x805B2EE4-->805B2CA5 [ntoskrnl.exe]
ntoskrnl.exe+0x000DBEF6, Type: Inline - RelativeJump 0x805B2EF6-->805FE9B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000DBF2D, Type: Inline - RelativeJump 0x805B2F2D-->805FE9FA [ntoskrnl.exe]
ntoskrnl.exe+0x000DC021, Type: Inline - RelativeJump 0x805B3021-->805B3048 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC071, Type: Inline - RelativeJump 0x805B3071-->805FEA72 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC07E, Type: Inline - RelativeCall 0x805B307E-->805B2EF4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC121, Type: Inline - RelativeCall 0x805B3121-->805ACFF7 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC1BF, Type: Inline - RelativeJump 0x805B31BF-->805B64DD [ntoskrnl.exe]
ntoskrnl.exe+0x000DC2A4, Type: Inline - PushRet 0x805B32A4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000DC2F0, Type: Inline - RelativeJump 0x805B32F0-->805FEAE9 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC2FA, Type: Inline - RelativeJump 0x805B32FA-->805B330A [ntoskrnl.exe]
ntoskrnl.exe+0x000DC330, Type: Inline - RelativeCall 0x805B3330-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC33D, Type: Inline - PushRet 0x805B333D-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000DC3F2, Type: Inline - RelativeCall 0x805B33F2-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC44F, Type: Inline - RelativeCall 0x805B344F-->80506D58 [ntoskrnl.exe]
ntoskrnl.exe+0x000DC97E, Type: Inline - RelativeJump 0x805B397E-->805B3ABA [ntoskrnl.exe]
ntoskrnl.exe+0x000DCC4C, Type: Inline - RelativeJump 0x805B3C4C-->805B3C52 [ntoskrnl.exe]
ntoskrnl.exe+0x000DCC5E, Type: Inline - RelativeJump 0x805B3C5E-->805B3C64 [ntoskrnl.exe]
ntoskrnl.exe+0x000DCC6A, Type: Inline - RelativeJump 0x805B3C6A-->805B3C70 [ntoskrnl.exe]
ntoskrnl.exe+0x000DCC6C, Type: Inline - RelativeJump 0x805B3C6C-->805B3C7A [ntoskrnl.exe]
ntoskrnl.exe+0x000DCDE1, Type: Inline - RelativeJump 0x805B3DE1-->805F9ACB [ntoskrnl.exe]
ntoskrnl.exe+0x000DCEED, Type: Inline - RelativeJump 0x805B3EED-->805FDDB3 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD02D, Type: Inline - DirectCall 0x805B402D-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD035, Type: Inline - RelativeJump 0x805B4035-->805FDD1B [ntoskrnl.exe]
ntoskrnl.exe+0x000DD042, Type: Inline - RelativeJump 0x805B4042-->805FDDA2 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD1D8, Type: Inline - RelativeJump 0x805B41D8-->805B4128 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD424, Type: Inline - RelativeJump 0x805B4424-->805B442A [ntoskrnl.exe]
ntoskrnl.exe+0x000DD565, Type: Inline - RelativeJump 0x805B4565-->805B4574 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD57E, Type: Inline - RelativeJump 0x805B457E-->805B4584 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD582, Type: Inline - RelativeJump 0x805B4582-->805B458E [ntoskrnl.exe]
ntoskrnl.exe+0x000DD58E, Type: Inline - RelativeJump 0x805B458E-->805B4594 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD5B0, Type: Inline - RelativeJump 0x805B45B0-->805B45BA [ntoskrnl.exe]
ntoskrnl.exe+0x000DD65E, Type: Inline - RelativeJump 0x805B465E-->805B4664 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD668, Type: Inline - RelativeJump 0x805B4668-->805B466E [ntoskrnl.exe]
ntoskrnl.exe+0x000DD66E, Type: Inline - RelativeJump 0x805B466E-->805B4674 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD688, Type: Inline - RelativeJump 0x805B4688-->805B468E [ntoskrnl.exe]
ntoskrnl.exe+0x000DD6B2, Type: Inline - RelativeJump 0x805B46B2-->805B46B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD732, Type: Inline - RelativeJump 0x805B4732-->805B4738 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD738, Type: Inline - RelativeJump 0x805B4738-->805B473E [ntoskrnl.exe]
ntoskrnl.exe+0x000DD740, Type: Inline - RelativeJump 0x805B4740-->805B4746 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD742, Type: Inline - RelativeJump 0x805B4742-->805B4748 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD768, Type: Inline - RelativeJump 0x805B4768-->805B4772 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD770, Type: Inline - RelativeJump 0x805B4770-->805B477A [ntoskrnl.exe]
ntoskrnl.exe+0x000DD7AE, Type: Inline - RelativeJump 0x805B47AE-->805B47B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD7DA, Type: Inline - RelativeJump 0x805B47DA-->805B47E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD7F0, Type: Inline - RelativeJump 0x805B47F0-->805B47F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD85E, Type: Inline - RelativeJump 0x805B485E-->805B4864 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD8AA, Type: Inline - RelativeJump 0x805B48AA-->805B48B0 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD8BE, Type: Inline - RelativeJump 0x805B48BE-->805B48C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD93C, Type: Inline - RelativeJump 0x805B493C-->805B4942 [ntoskrnl.exe]
ntoskrnl.exe+0x000DD93E, Type: Inline - RelativeJump 0x805B493E-->805B494A [ntoskrnl.exe]
ntoskrnl.exe+0x000DD9F8, Type: Inline - RelativeJump 0x805B49F8-->805B49FE [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA08, Type: Inline - RelativeJump 0x805B4A08-->805B4A0E [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA0C, Type: Inline - RelativeJump 0x805B4A0C-->805B4A12 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA14, Type: Inline - RelativeJump 0x805B4A14-->805B4A1A [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA16, Type: Inline - RelativeJump 0x805B4A16-->805B4A1C [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA1A, Type: Inline - RelativeJump 0x805B4A1A-->805B4A20 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA30, Type: Inline - RelativeJump 0x805B4A30-->805B4A36 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA38, Type: Inline - RelativeJump 0x805B4A38-->805B4A3E [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA3A, Type: Inline - RelativeJump 0x805B4A3A-->805B4A40 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDA3E, Type: Inline - RelativeJump 0x805B4A3E-->805B4A44 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDCC8, Type: Inline - RelativeJump 0x805B4CC8-->805B4BB0 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDDF8, Type: Inline - RelativeJump 0x805B4DF8-->805B4F80 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDE33, Type: Inline - RelativeCall 0x805B4E33-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDE3F, Type: Inline - RelativeJump 0x805B4E3F-->805C4073 [ntoskrnl.exe]
ntoskrnl.exe+0x000DDEA7, Type: Inline - RelativeCall 0x805B4EA7-->804F5F19 [ntoskrnl.exe]
ntoskrnl.exe+0x000DE08A, Type: Inline - RelativeJump 0x805B508A-->805B438A [ntoskrnl.exe]
ntoskrnl.exe+0x000DE092, Type: Inline - RelativeJump 0x805B5092-->805B43BB [ntoskrnl.exe]
ntoskrnl.exe+0x000DE097, Type: Inline - RelativeJump 0x805B5097-->805B43A0 [ntoskrnl.exe]
ntoskrnl.exe+0x000DE09F, Type: Inline - RelativeJump 0x805B509F-->805B43BB [ntoskrnl.exe]
ntoskrnl.exe+0x000DE383, Type: Inline - RelativeCall 0x805B5383-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000DE388, Type: Inline - RelativeJump 0x805B5388-->805B578F [ntoskrnl.exe]
ntoskrnl.exe+0x000DE6CD, Type: Inline - RelativeCall 0x805B56CD-->804EA5A1 [ntoskrnl.exe]
ntoskrnl.exe+0x000DE6D5, Type: Inline - RelativeJump 0x805B56D5-->805B5758 [ntoskrnl.exe]
ntoskrnl.exe+0x000DE82D, Type: Inline - RelativeCall 0x805B582D-->EBC00000 [unknown_code_page]
ntoskrnl.exe+0x000DE83A, Type: Inline - RelativeJump 0x805B583A-->805B585A [ntoskrnl.exe]
ntoskrnl.exe+0x000DE9F8, Type: Inline - RelativeCall 0x805B59F8-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DE9FD, Type: Inline - RelativeCall 0x805B59FD-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEA05, Type: Inline - RelativeJump 0x805B5A05-->8060FBFE [ntoskrnl.exe]
ntoskrnl.exe+0x000DEA11, Type: Inline - RelativeCall 0x805B5A11-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEA1F, Type: Inline - RelativeJump 0x805B5A1F-->805B59EF [ntoskrnl.exe]
ntoskrnl.exe+0x000DEA2C, Type: Inline - RelativeJump 0x805B5A2C-->805B5A32 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEA89, Type: Inline - RelativeCall 0x805B5A89-->805B5A99 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEA8F, Type: Inline - RelativeJump 0x805B5A8F-->8058E8BF [ntoskrnl.exe]
ntoskrnl.exe+0x000DEB5C, Type: Inline - RelativeJump 0x805B5B5C-->805B5B96 [ntoskrnl.exe]
ntoskrnl.exe+0x000DECC2, Type: Inline - RelativeCall 0x805B5CC2-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x000DED2C, Type: Inline - RelativeCall 0x805B5D2C-->804E4076 [ntoskrnl.exe]
ntoskrnl.exe+0x000DED3E, Type: Inline - RelativeJump 0x805B5D3E-->805F4F30 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEE88, Type: Inline - RelativeJump 0x805B5E88-->805B5E8E [ntoskrnl.exe]
ntoskrnl.exe+0x000DEE92, Type: Inline - RelativeJump 0x805B5E92-->805B5E98 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEEA6, Type: Inline - RelativeJump 0x805B5EA6-->805B5EAC [ntoskrnl.exe]
ntoskrnl.exe+0x000DEF3E, Type: Inline - RelativeJump 0x805B5F3E-->805B5F44 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEF9A, Type: Inline - RelativeJump 0x805B5F9A-->805A3059 [ntoskrnl.exe]
ntoskrnl.exe+0x000DEFB4, Type: Inline - RelativeJump 0x805B5FB4-->805B5FC2 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF169, Type: Inline - RelativeJump 0x805B6169-->8059BAAB [ntoskrnl.exe]
ntoskrnl.exe+0x000DF173, Type: Inline - RelativeCall 0x805B6173-->8059B878 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF18B, Type: Inline - RelativeJump 0x805B618B-->8059B8CB [ntoskrnl.exe]
ntoskrnl.exe+0x000DF2DF, Type: Inline - RelativeJump 0x805B62DF-->80605236 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF3C0, Type: Inline - RelativeCall 0x805B63C0-->804FE293 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF3C9, Type: Inline - RelativeJump 0x805B63C9-->805B647F [ntoskrnl.exe]
ntoskrnl.exe+0x000DF485, Type: Inline - RelativeCall 0x805B6485-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF58B, Type: Inline - RelativeJump 0x805B658B-->80609EE1 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF671, Type: Inline - RelativeJump 0x805B6671-->805DECDF [ntoskrnl.exe]
ntoskrnl.exe+0x000DF85D, Type: Inline - RelativeJump 0x805B685D-->805B6843 [ntoskrnl.exe]
ntoskrnl.exe+0x000DF9EA, Type: Inline - RelativeJump 0x805B69EA-->805B69F0 [ntoskrnl.exe]
ntoskrnl.exe+0x000DFAD4, Type: Inline - PushRet 0x805B6AD4-->858D0008 [unknown_code_page]
ntoskrnl.exe+0x000DFD38, Type: Inline - RelativeJump 0x805B6D38-->805B6D1D [ntoskrnl.exe]
ntoskrnl.exe+0x000E009D, Type: Inline - PushRet 0x805B709D-->90900014 [unknown_code_page]
ntoskrnl.exe+0x000E0200, Type: Inline - RelativeCall 0x805B7200-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x000E02AE, Type: Inline - RelativeCall 0x805B72AE-->D15B72B0 [unknown_code_page]
ntoskrnl.exe+0x000E030C, Type: Inline - RelativeCall 0x805B730C-->805B6FEE [ntoskrnl.exe]
ntoskrnl.exe+0x000E03BE, Type: Inline - RelativeCall 0x805B73BE-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x000E03F0, Type: Inline - RelativeCall 0x805B73F0-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x000E0452, Type: Inline - RelativeJump 0x805B7452-->805B745C [ntoskrnl.exe]
ntoskrnl.exe+0x000E0467, Type: Inline - RelativeJump 0x805B7467-->805B7470 [ntoskrnl.exe]
ntoskrnl.exe+0x000E05F7, Type: Inline - RelativeJump 0x805B75F7-->805B75D0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0715, Type: Inline - RelativeJump 0x805B7715-->805B99B2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E071A, Type: Inline - RelativeCall 0x805B771A-->8062134B [ntoskrnl.exe]
ntoskrnl.exe+0x000E0721, Type: Inline - RelativeJump 0x805B7721-->805B0C3B [ntoskrnl.exe]
ntoskrnl.exe+0x000E0726, Type: Inline - RelativeCall 0x805B7726-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E09AC, Type: Inline - RelativeJump 0x805B79AC-->805B79B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0AC8, Type: Inline - RelativeCall 0x805B7AC8-->80588972 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0AD5, Type: Inline - RelativeJump 0x805B7AD5-->805B7CDC [ntoskrnl.exe]
ntoskrnl.exe+0x000E0B80, Type: Inline - RelativeCall 0x805B7B80-->8057545D [ntoskrnl.exe]
ntoskrnl.exe+0x000E0B86, Type: Inline - RelativeJump 0x805B7B86-->806189B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0C29, Type: Inline - RelativeCall 0x805B7C29-->805AEF9A [ntoskrnl.exe]
ntoskrnl.exe+0x000E0C3E, Type: Inline - RelativeCall 0x805B7C3E-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0C71, Type: Inline - RelativeJump 0x805B7C71-->806189C0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0DC3, Type: Inline - RelativeJump 0x805B7DC3-->805B7E02 [ntoskrnl.exe]
ntoskrnl.exe+0x000E0E66, Type: Inline - PushRet 0x805B7E66-->83660004 [unknown_code_page]
ntoskrnl.exe+0x000E0EA7, Type: Inline - RelativeJump 0x805B7EA7-->805B7EBC [ntoskrnl.exe]
ntoskrnl.exe+0x000E0EB9, Type: Inline - RelativeJump 0x805B7EB9-->805B7EC4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1158, Type: Inline - RelativeJump 0x805B8158-->805B815E [ntoskrnl.exe]
ntoskrnl.exe+0x000E115A, Type: Inline - RelativeJump 0x805B815A-->805B8160 [ntoskrnl.exe]
ntoskrnl.exe+0x000E115C, Type: Inline - RelativeJump 0x805B815C-->805B8162 [ntoskrnl.exe]
ntoskrnl.exe+0x000E119C, Type: Inline - RelativeJump 0x805B819C-->805B81A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E119E, Type: Inline - RelativeJump 0x805B819E-->805B81A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E11A0, Type: Inline - RelativeJump 0x805B81A0-->805B81A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000E11A2, Type: Inline - RelativeJump 0x805B81A2-->805B81A8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1285, Type: Inline - RelativeJump 0x805B8285-->805B8293 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1298, Type: Inline - RelativeJump 0x805B8298-->80616B9F [ntoskrnl.exe]
ntoskrnl.exe+0x000E131C, Type: Inline - RelativeCall 0x805B831C-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E132F, Type: Inline - RelativeCall 0x805B832F-->805D3077 [ntoskrnl.exe]
ntoskrnl.exe+0x000E13F6, Type: Inline - RelativeCall 0x805B83F6-->805D5CFD [ntoskrnl.exe]
ntoskrnl.exe+0x000E1468, Type: Inline - RelativeCall 0x805B8468-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x000E156C, Type: Inline - RelativeJump 0x805B856C-->805B8582 [ntoskrnl.exe]
ntoskrnl.exe+0x000E163A, Type: Inline - RelativeJump 0x805B863A-->805DE24C [ntoskrnl.exe]
ntoskrnl.exe+0x000E1652, Type: Inline - RelativeCall 0x805B8652-->805DDF9B [ntoskrnl.exe]
ntoskrnl.exe+0x000E1664, Type: Inline - RelativeJump 0x805B8664-->805B6518 [ntoskrnl.exe]
ntoskrnl.exe+0x000E169B, Type: Inline - RelativeJump 0x805B869B-->80578827 [ntoskrnl.exe]
ntoskrnl.exe+0x000E183E, Type: Inline - RelativeCall 0x805B883E-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E190C, Type: Inline - RelativeCall 0x805B890C-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1986, Type: Inline - RelativeCall 0x805B8986-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1A54, Type: Inline - DirectCall 0x805B8A54-->8056EC40 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1BBF, Type: Inline - RelativeJump 0x805B8BBF-->805B8BC8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1BCC, Type: Inline - RelativeJump 0x805B8BCC-->805B8BD2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1BD2, Type: Inline - RelativeJump 0x805B8BD2-->805B8BD8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1BDF, Type: Inline - RelativeJump 0x805B8BDF-->805B8BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1BF0, Type: Inline - RelativeJump 0x805B8BF0-->805B8BFA [ntoskrnl.exe]
ntoskrnl.exe+0x000E1C22, Type: Inline - RelativeJump 0x805B8C22-->805B8C28 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1CFB, Type: Inline - RelativeJump 0x805B8CFB-->805B8CF5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1D4C, Type: Inline - RelativeJump 0x805B8D4C-->805B8D4C [ntoskrnl.exe]
ntoskrnl.exe+0x000E1EBE, Type: Inline - RelativeCall 0x805B8EBE-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1ED0, Type: Inline - RelativeJump 0x805B8ED0-->805FC6B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E1FD9, Type: Inline - RelativeCall 0x805B8FD9-->805B8D0B [ntoskrnl.exe]
ntoskrnl.exe+0x000E2156, Type: Inline - RelativeJump 0x805B9156-->805B9207 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2160, Type: Inline - RelativeCall 0x805B9160-->8050BA7D [ntoskrnl.exe]
ntoskrnl.exe+0x000E237F, Type: Inline - RelativeJump 0x805B937F-->80603E72 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2478, Type: Inline - RelativeCall 0x805B9478-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E26ED, Type: Inline - RelativeCall 0x805B96ED-->804E5658 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2700, Type: Inline - RelativeJump 0x805B9700-->805B92D8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E27B2, Type: Inline - RelativeCall 0x805B97B2-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000E288B, Type: Inline - RelativeCall 0x805B988B-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2A0E, Type: Inline - RelativeJump 0x805B9A0E-->805B0BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2A9F, Type: Inline - RelativeCall 0x805B9A9F-->805B9AAF [ntoskrnl.exe]
ntoskrnl.exe+0x000E2AA5, Type: Inline - RelativeJump 0x805B9AA5-->805B0B38 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2BB1, Type: Inline - RelativeCall 0x805B9BB1-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x000E2D5E, Type: Inline - RelativeJump 0x805B9D5E-->805B9EE7 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2D67, Type: Inline - RelativeJump 0x805B9D67-->805B9E95 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2D70, Type: Inline - RelativeJump 0x805B9D70-->805B9EE0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2DAA, Type: Inline - RelativeJump 0x805B9DAA-->805B9EE7 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2E06, Type: Inline - RelativeJump 0x805B9E06-->805B9E26 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2E16, Type: Inline - RelativeJump 0x805B9E16-->805B9EE0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2E3D, Type: Inline - RelativeCall 0x805B9E3D-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000E2E45, Type: Inline - RelativeJump 0x805B9E45-->806022DD [ntoskrnl.exe]
ntoskrnl.exe+0x000E30BC, Type: Inline - RelativeCall 0x805BA0BC-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E30D0, Type: Inline - RelativeCall 0x805BA0D0-->DE5E0B25 [unknown_code_page]
ntoskrnl.exe+0x000E3131, Type: Inline - RelativeJump 0x805BA131-->805BA116 [ntoskrnl.exe]
ntoskrnl.exe+0x000E33FA, Type: Inline - RelativeJump 0x805BA3FA-->805BA400 [ntoskrnl.exe]
ntoskrnl.exe+0x000E35CF, Type: Inline - RelativeCall 0x805BA5CF-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x000E365C, Type: Inline - RelativeJump 0x805BA65C-->805BAB91 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3673, Type: Inline - RelativeJump 0x805BA673-->805BA685 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3787, Type: Inline - RelativeCall 0x805BA787-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3834, Type: Inline - DirectCall 0x805BA834-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000E38AA, Type: Inline - RelativeCall 0x805BA8AA-->80579B92 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3B75, Type: Inline - RelativeJump 0x805BAB75-->805BAB5F [ntoskrnl.exe]
ntoskrnl.exe+0x000E3B7C, Type: Inline - RelativeJump 0x805BAB7C-->805FBAA3 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3B85, Type: Inline - RelativeJump 0x805BAB85-->805FBAAC [ntoskrnl.exe]
ntoskrnl.exe+0x000E3B8A, Type: Inline - RelativeJump 0x805BAB8A-->805BAB5E [ntoskrnl.exe]
ntoskrnl.exe+0x000E3BE9, Type: Inline - RelativeJump 0x805BABE9-->805BABF7 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3C65, Type: Inline - RelativeJump 0x805BAC65-->805BAC73 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3CC6, Type: Inline - RelativeCall 0x805BACC6-->8050CB3C [ntoskrnl.exe]
ntoskrnl.exe+0x000E3D3A, Type: Inline - RelativeJump 0x805BAD3A-->805FC722 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3D8B, Type: Inline - RelativeCall 0x805BAD8B-->805868A3 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3DE8, Type: Inline - RelativeJump 0x805BADE8-->805BADEE [ntoskrnl.exe]
ntoskrnl.exe+0x000E3DF0, Type: Inline - RelativeJump 0x805BADF0-->805BADF6 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3DF2, Type: Inline - RelativeJump 0x805BADF2-->805BADF8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3DF4, Type: Inline - RelativeJump 0x805BADF4-->805BADFA [ntoskrnl.exe]
ntoskrnl.exe+0x000E3DFA, Type: Inline - RelativeJump 0x805BADFA-->805BAE00 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3EF9, Type: Inline - RelativeJump 0x805BAEF9-->805BB042 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3F4C, Type: Inline - RelativeJump 0x805BAF4C-->80616C47 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3F52, Type: Inline - RelativeJump 0x805BAF52-->80616C47 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3FAF, Type: Inline - RelativeJump 0x805BAFAF-->80616C88 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3FBA, Type: Inline - RelativeCall 0x805BAFBA-->805863A0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E3FBF, Type: Inline - RelativeJump 0x805BAFBF-->80616CED [ntoskrnl.exe]
ntoskrnl.exe+0x000E413B, Type: Inline - RelativeJump 0x805BB13B-->805EF099 [ntoskrnl.exe]
ntoskrnl.exe+0x000E414C, Type: Inline - PushRet 0x805BB14C-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000E41FE, Type: Inline - RelativeCall 0x805BB1FE-->8050CEAF [ntoskrnl.exe]
ntoskrnl.exe+0x000E4204, Type: Inline - RelativeJump 0x805BB204-->805BA3EC [ntoskrnl.exe]
ntoskrnl.exe+0x000E4310, Type: Inline - RelativeCall 0x805BB310-->804E37CA [ntoskrnl.exe]
ntoskrnl.exe+0x000E43C5, Type: Inline - RelativeJump 0x805BB3C5-->805BB3E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4446, Type: Inline - RelativeCall 0x805BB446-->804FAA38 [ntoskrnl.exe]
ntoskrnl.exe+0x000E46E4, Type: Inline - RelativeJump 0x805BB6E4-->805BB6EA [ntoskrnl.exe]
ntoskrnl.exe+0x000E46E6, Type: Inline - RelativeJump 0x805BB6E6-->805BB6EC [ntoskrnl.exe]
ntoskrnl.exe+0x000E46E8, Type: Inline - RelativeJump 0x805BB6E8-->805BB6EE [ntoskrnl.exe]
ntoskrnl.exe+0x000E46FE, Type: Inline - RelativeJump 0x805BB6FE-->805BB704 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4700, Type: Inline - RelativeJump 0x805BB700-->805BB706 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4702, Type: Inline - RelativeJump 0x805BB702-->805BB708 [ntoskrnl.exe]
ntoskrnl.exe+0x000E470C, Type: Inline - RelativeJump 0x805BB70C-->805BB712 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4710, Type: Inline - RelativeJump 0x805BB710-->805BB716 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4716, Type: Inline - RelativeJump 0x805BB716-->805BB71C [ntoskrnl.exe]
ntoskrnl.exe+0x000E471E, Type: Inline - RelativeJump 0x805BB71E-->805BB724 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4720, Type: Inline - RelativeJump 0x805BB720-->805BB726 [ntoskrnl.exe]
ntoskrnl.exe+0x000E472A, Type: Inline - RelativeJump 0x805BB72A-->805BB730 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4734, Type: Inline - RelativeJump 0x805BB734-->805BB73A [ntoskrnl.exe]
ntoskrnl.exe+0x000E4762, Type: Inline - RelativeJump 0x805BB762-->805BB768 [ntoskrnl.exe]
ntoskrnl.exe+0x000E477A, Type: Inline - RelativeJump 0x805BB77A-->805BB794 [ntoskrnl.exe]
ntoskrnl.exe+0x000E47AF, Type: Inline - RelativeJump 0x805BB7AF-->805BB7C0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4816, Type: Inline - RelativeJump 0x805BB816-->805EF182 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4821, Type: Inline - RelativeJump 0x805BB821-->805BB836 [ntoskrnl.exe]
ntoskrnl.exe+0x000E496C, Type: Inline - RelativeJump 0x805BB96C-->805F54D1 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4972, Type: Inline - RelativeCall 0x805BB972-->805A8C53 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4978, Type: Inline - RelativeCall 0x805BB978-->805A2E23 [ntoskrnl.exe]
ntoskrnl.exe+0x000E4980, Type: Inline - PushRet 0x805BB980-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000E4D10, Type: Inline - RelativeJump 0x805BBD10-->805C3B7D [ntoskrnl.exe]
ntoskrnl.exe+0x000E4DC9, Type: Inline - RelativeJump 0x805BBDC9-->805BBDCB [ntoskrnl.exe]
ntoskrnl.exe+0x000E4F2A, Type: Inline - PushRet 0x805BBF2A-->90900010 [unknown_code_page]
ntoskrnl.exe+0x000E501A, Type: Inline - RelativeJump 0x805BC01A-->805ED624 [ntoskrnl.exe]
ntoskrnl.exe+0x000E5022, Type: Inline - RelativeCall 0x805BC022-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000E5197, Type: Inline - RelativeJump 0x805BC197-->805B4BBC [ntoskrnl.exe]
ntoskrnl.exe+0x000E519C, Type: Inline - RelativeJump 0x805BC19C-->805B4CC0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E554D, Type: Inline - RelativeJump 0x805BC54D-->805BC55E [ntoskrnl.exe]
ntoskrnl.exe+0x000E574C, Type: Inline - RelativeCall 0x805BC74C-->804E45EE [ntoskrnl.exe]
ntoskrnl.exe+0x000E5931, Type: Inline - RelativeCall 0x805BC931-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000E5949, Type: Inline - RelativeJump 0x805BC949-->805C41DA [ntoskrnl.exe]
ntoskrnl.exe+0x000E5B50, Type: Inline - RelativeJump 0x805BCB50-->805BCB56 [ntoskrnl.exe]
ntoskrnl.exe+0x000E5BFE, Type: Inline - RelativeCall 0x805BCBFE-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x000E5C39, Type: Inline - RelativeCall 0x805BCC39-->805E3A7B [ntoskrnl.exe]
ntoskrnl.exe+0x000E5C80, Type: Inline - RelativeJump 0x805BCC80-->805BCC95 [ntoskrnl.exe]
ntoskrnl.exe+0x000E5CB4, Type: Inline - RelativeJump 0x805BCCB4-->805BCCBE [ntoskrnl.exe]
ntoskrnl.exe+0x000E5FEF, Type: Inline - RelativeJump 0x805BCFEF-->805BD011 [ntoskrnl.exe]
ntoskrnl.exe+0x000E60E8, Type: Inline - RelativeJump 0x805BD0E8-->805BD0FC [ntoskrnl.exe]
ntoskrnl.exe+0x000E6332, Type: Inline - RelativeJump 0x805BD332-->805F3DB9 [ntoskrnl.exe]
ntoskrnl.exe+0x000E633F, Type: Inline - RelativeJump 0x805BD33F-->805BD365 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6342, Type: Inline - RelativeJump 0x805BD342-->805BD364 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6349, Type: Inline - RelativeJump 0x805BD349-->805BD35F [ntoskrnl.exe]
ntoskrnl.exe+0x000E67B6, Type: Inline - RelativeJump 0x805BD7B6-->805BBC8A [ntoskrnl.exe]
ntoskrnl.exe+0x000E67C1, Type: Inline - RelativeCall 0x805BD7C1-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000E68F4, Type: Inline - RelativeJump 0x805BD8F4-->805BD8FA [ntoskrnl.exe]
ntoskrnl.exe+0x000E697A, Type: Inline - RelativeJump 0x805BD97A-->805BD980 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6982, Type: Inline - RelativeJump 0x805BD982-->805BD988 [ntoskrnl.exe]
ntoskrnl.exe+0x000E69BD, Type: Inline - RelativeCall 0x805BD9BD-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x000E69D9, Type: Inline - RelativeJump 0x805BD9D9-->805BD99F [ntoskrnl.exe]
ntoskrnl.exe+0x000E6A9A, Type: Inline - RelativeJump 0x805BDA9A-->805BDAA4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6BBE, Type: Inline - RelativeJump 0x805BDBBE-->805BDBC8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6BF2, Type: Inline - PushRet 0x805BDBF2-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000E6CBD, Type: Inline - RelativeJump 0x805BDCBD-->805BC684 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6CCD, Type: Inline - RelativeJump 0x805BDCCD-->805AEF17 [ntoskrnl.exe]
ntoskrnl.exe+0x000E6D6E, Type: Inline - RelativeJump 0x805BDD6E-->805BDDDC [ntoskrnl.exe]
ntoskrnl.exe+0x000E7092, Type: Inline - RelativeJump 0x805BE092-->805BE098 [ntoskrnl.exe]
ntoskrnl.exe+0x000E710F, Type: Inline - RelativeJump 0x805BE10F-->805BE4FC [ntoskrnl.exe]
ntoskrnl.exe+0x000E711D, Type: Inline - RelativeJump 0x805BE11D-->805BE40B [ntoskrnl.exe]
ntoskrnl.exe+0x000E712C, Type: Inline - RelativeJump 0x805BE12C-->805BE126 [ntoskrnl.exe]
ntoskrnl.exe+0x000E72B4, Type: Inline - RelativeJump 0x805BE2B4-->805BE351 [ntoskrnl.exe]
ntoskrnl.exe+0x000E72DD, Type: Inline - RelativeJump 0x805BE2DD-->805BE355 [ntoskrnl.exe]
ntoskrnl.exe+0x000E7318, Type: Inline - RelativeJump 0x805BE318-->805BE34E [ntoskrnl.exe]
ntoskrnl.exe+0x000E734E, Type: Inline - PushRet 0x805BE34E-->90900014 [unknown_code_page]
ntoskrnl.exe+0x000E73E4, Type: Inline - RelativeJump 0x805BE3E4-->805F6EBA [ntoskrnl.exe]
ntoskrnl.exe+0x000E73F8, Type: Inline - RelativeJump 0x805BE3F8-->805BE47D [ntoskrnl.exe]
ntoskrnl.exe+0x000E7410, Type: Inline - RelativeJump 0x805BE410-->805BE466 [ntoskrnl.exe]
ntoskrnl.exe+0x000E74CB, Type: Inline - RelativeJump 0x805BE4CB-->805BD18D [ntoskrnl.exe]
ntoskrnl.exe+0x000E74D0, Type: Inline - RelativeCall 0x805BE4D0-->805A8288 [ntoskrnl.exe]
ntoskrnl.exe+0x000E77E4, Type: Inline - RelativeJump 0x805BE7E4-->805BEE31 [ntoskrnl.exe]
ntoskrnl.exe+0x000E78DE, Type: Inline - RelativeJump 0x805BE8DE-->805EE502 [ntoskrnl.exe]
ntoskrnl.exe+0x000E7AB2, Type: Inline - RelativeJump 0x805BEAB2-->805EE327 [ntoskrnl.exe]
ntoskrnl.exe+0x000E7B50, Type: Inline - RelativeJump 0x805BEB50-->805EE35E [ntoskrnl.exe]
ntoskrnl.exe+0x000E7B60, Type: Inline - RelativeJump 0x805BEB60-->805BE8BD [ntoskrnl.exe]
ntoskrnl.exe+0x000E7B6A, Type: Inline - RelativeJump 0x805BEB6A-->805BEB83 [ntoskrnl.exe]
ntoskrnl.exe+0x000E7DE4, Type: Inline - RelativeJump 0x805BEDE4-->8060F2D5 [ntoskrnl.exe]
ntoskrnl.exe+0x000E7DF5, Type: Inline - RelativeJump 0x805BEDF5-->805C860A [ntoskrnl.exe]
ntoskrnl.exe+0x000E7E52, Type: Inline - RelativeJump 0x805BEE52-->805BE8BD [ntoskrnl.exe]
ntoskrnl.exe+0x000E7FA0, Type: Inline - RelativeJump 0x805BEFA0-->805BEFA6 [ntoskrnl.exe]
ntoskrnl.exe+0x000E7FB8, Type: Inline - RelativeJump 0x805BEFB8-->805BEFC2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E826A, Type: Inline - RelativeJump 0x805BF26A-->805C0EDD [ntoskrnl.exe]
ntoskrnl.exe+0x000E8270, Type: Inline - RelativeJump 0x805BF270-->805C0EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8400, Type: Inline - RelativeJump 0x805BF400-->805BF406 [ntoskrnl.exe]
ntoskrnl.exe+0x000E840F, Type: Inline - RelativeJump 0x805BF40F-->805BF41E [ntoskrnl.exe]
ntoskrnl.exe+0x000E8762, Type: Inline - RelativeCall 0x805BF762-->805C14C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E876E, Type: Inline - RelativeJump 0x805BF76E-->805C10C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8958, Type: Inline - RelativeJump 0x805BF958-->805BF97E [ntoskrnl.exe]
ntoskrnl.exe+0x000E8B47, Type: Inline - RelativeJump 0x805BFB47-->8059F60D [ntoskrnl.exe]
ntoskrnl.exe+0x000E8B94, Type: Inline - RelativeJump 0x805BFB94-->805BFB82 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8C70, Type: Inline - RelativeJump 0x805BFC70-->805BFBB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8C78, Type: Inline - RelativeJump 0x805BFC78-->805BFC04 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8CBA, Type: Inline - RelativeJump 0x805BFCBA-->805C0E4E [ntoskrnl.exe]
ntoskrnl.exe+0x000E8D69, Type: Inline - RelativeJump 0x805BFD69-->805BFDAA [ntoskrnl.exe]
ntoskrnl.exe+0x000E8E5E, Type: Inline - RelativeJump 0x805BFE5E-->805BFE70 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8ED8, Type: Inline - RelativeJump 0x805BFED8-->805BFEDE [ntoskrnl.exe]
ntoskrnl.exe+0x000E8EDA, Type: Inline - RelativeJump 0x805BFEDA-->805BFEE0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8EDE, Type: Inline - RelativeJump 0x805BFEDE-->805BFEE4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E8EEC, Type: Inline - RelativeJump 0x805BFEEC-->805BFEF2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E93B0, Type: Inline - RelativeCall 0x805C03B0-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000E93B7, Type: Inline - RelativeJump 0x805C03B7-->805C03C3 [ntoskrnl.exe]
ntoskrnl.exe+0x000E93C2, Type: Inline - RelativeJump 0x805C03C2-->805C0CF8 [ntoskrnl.exe]
ntoskrnl.exe+0x000E93C8, Type: Inline - RelativeJump 0x805C03C8-->805C03E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9431, Type: Inline - RelativeCall 0x805C0431-->804FCA51 [ntoskrnl.exe]
ntoskrnl.exe+0x000E94AC, Type: Inline - RelativeCall 0x805C04AC-->805C035D [ntoskrnl.exe]
ntoskrnl.exe+0x000E94B2, Type: Inline - RelativeJump 0x805C04B2-->805C0480 [ntoskrnl.exe]
ntoskrnl.exe+0x000E94BF, Type: Inline - RelativeJump 0x805C04BF-->805C0509 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9553, Type: Inline - RelativeJump 0x805C0553-->805C055C [ntoskrnl.exe]
ntoskrnl.exe+0x000E9565, Type: Inline - RelativeJump 0x805C0565-->805C056E [ntoskrnl.exe]
ntoskrnl.exe+0x000E959C, Type: Inline - RelativeCall 0x805C059C-->805E3B29 [ntoskrnl.exe]
ntoskrnl.exe+0x000E95A4, Type: Inline - RelativeJump 0x805C05A4-->805EE0B0 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9624, Type: Inline - PushRet 0x805C0624-->958B0004 [unknown_code_page]
ntoskrnl.exe+0x000E962E, Type: Inline - RelativeJump 0x805C062E-->805C077E [ntoskrnl.exe]
ntoskrnl.exe+0x000E963D, Type: Inline - RelativeJump 0x805C063D-->805C0790 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9670, Type: Inline - RelativeCall 0x805C0670-->805E3B29 [ntoskrnl.exe]
ntoskrnl.exe+0x000E975C, Type: Inline - RelativeJump 0x805C075C-->805EE04E [ntoskrnl.exe]
ntoskrnl.exe+0x000E987E, Type: Inline - RelativeCall 0x805C087E-->8058DB92 [ntoskrnl.exe]
ntoskrnl.exe+0x000E992A, Type: Inline - RelativeCall 0x805C092A-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9AC7, Type: Inline - RelativeCall 0x805C0AC7-->805C035D [ntoskrnl.exe]
ntoskrnl.exe+0x000E9AD5, Type: Inline - RelativeJump 0x805C0AD5-->805EE64E [ntoskrnl.exe]
ntoskrnl.exe+0x000E9ADB, Type: Inline - RelativeJump 0x805C0ADB-->805C0AEB [ntoskrnl.exe]
ntoskrnl.exe+0x000E9BCE, Type: Inline - RelativeJump 0x805C0BCE-->805C0BD4 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9C0A, Type: Inline - RelativeJump 0x805C0C0A-->805C0C10 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9C58, Type: Inline - RelativeJump 0x805C0C58-->805C0C5E [ntoskrnl.exe]
ntoskrnl.exe+0x000E9C60, Type: Inline - RelativeJump 0x805C0C60-->805C0C66 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9C6C, Type: Inline - RelativeJump 0x805C0C6C-->805C0C76 [ntoskrnl.exe]
ntoskrnl.exe+0x000E9DB3, Type: Inline - RelativeJump 0x805C0DB3-->805C0DBC [ntoskrnl.exe]
ntoskrnl.exe+0x000EA338, Type: Inline - RelativeJump 0x805C1338-->805C1340 [ntoskrnl.exe]
ntoskrnl.exe+0x000EA382, Type: Inline - RelativeCall 0x805C1382-->804E17CF [ntoskrnl.exe]
ntoskrnl.exe+0x000EA486, Type: Inline - RelativeCall 0x805C1486-->805C1415 [ntoskrnl.exe]
ntoskrnl.exe+0x000EA59C, Type: Inline - RelativeJump 0x805C159C-->80610B9C [ntoskrnl.exe]
ntoskrnl.exe+0x000EA5A5, Type: Inline - RelativeJump 0x805C15A5-->80610AD9 [ntoskrnl.exe]
ntoskrnl.exe+0x000EA62A, Type: Inline - RelativeJump 0x805C162A-->805C1640 [ntoskrnl.exe]
ntoskrnl.exe+0x000EA720, Type: Inline - RelativeJump 0x805C1720-->805C1726 [ntoskrnl.exe]
ntoskrnl.exe+0x000EA773, Type: Inline - RelativeJump 0x805C1773-->805C179D [ntoskrnl.exe]
ntoskrnl.exe+0x000EA78A, Type: Inline - RelativeJump 0x805C178A-->805D8034 [ntoskrnl.exe]
ntoskrnl.exe+0x000EABDB, Type: Inline - RelativeJump 0x805C1BDB-->805C1E37 [ntoskrnl.exe]
ntoskrnl.exe+0x000EABE2, Type: Inline - RelativeJump 0x805C1BE2-->805C1E41 [ntoskrnl.exe]
ntoskrnl.exe+0x000EAEB8, Type: Inline - RelativeJump 0x805C1EB8-->805C1F31 [ntoskrnl.exe]
ntoskrnl.exe+0x000EAEBC, Type: Inline - RelativeJump 0x805C1EBC-->805C1EF6 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB02B, Type: Inline - RelativeJump 0x805C202B-->805C38BD [ntoskrnl.exe]
ntoskrnl.exe+0x000EB034, Type: Inline - RelativeJump 0x805C2034-->805C2003 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB080, Type: Inline - RelativeCall 0x805C2080-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB112, Type: Inline - RelativeJump 0x805C2112-->805F7205 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB2F8, Type: Inline - RelativeJump 0x805C22F8-->805C2307 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB303, Type: Inline - RelativeJump 0x805C2303-->805C231B [ntoskrnl.exe]
ntoskrnl.exe+0x000EB3B2, Type: Inline - RelativeJump 0x805C23B2-->805C23C1 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB547, Type: Inline - RelativeJump 0x805C2547-->805F714F [ntoskrnl.exe]
ntoskrnl.exe+0x000EB55A, Type: Inline - RelativeJump 0x805C255A-->805C374A [ntoskrnl.exe]
ntoskrnl.exe+0x000EB560, Type: Inline - RelativeJump 0x805C2560-->805F7176 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB56B, Type: Inline - PushRet 0x805C256B-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000EB684, Type: Inline - RelativeJump 0x805C2684-->805C275B [ntoskrnl.exe]
ntoskrnl.exe+0x000EB6D0, Type: Inline - RelativeCall 0x805C26D0-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000EB8C7, Type: Inline - RelativeJump 0x805C28C7-->805C2872 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBA02, Type: Inline - RelativeJump 0x805C2A02-->805D0B99 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBA0B, Type: Inline - RelativeJump 0x805C2A0B-->805C2A29 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBA1C, Type: Inline - RelativeJump 0x805C2A1C-->805C800B [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB0F, Type: Inline - RelativeJump 0x805C2B0F-->80607429 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB1A, Type: Inline - RelativeCall 0x805C2B1A-->805C2948 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB2D, Type: Inline - RelativeCall 0x805C2B2D-->805C2AC3 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB38, Type: Inline - RelativeJump 0x805C2B38-->805BC570 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB40, Type: Inline - RelativeJump 0x805C2B40-->8059DCDE [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB48, Type: Inline - RelativeJump 0x805C2B48-->805C29A7 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBB52, Type: Inline - RelativeJump 0x805C2B52-->805C2A5B [ntoskrnl.exe]
ntoskrnl.exe+0x000EBCA8, Type: Inline - RelativeJump 0x805C2CA8-->805C35E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBD76, Type: Inline - RelativeJump 0x805C2D76-->805C2D8A [ntoskrnl.exe]
ntoskrnl.exe+0x000EBE3C, Type: Inline - RelativeCall 0x805C2E3C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000EBE55, Type: Inline - RelativeJump 0x805C2E55-->805C7164 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC24A, Type: Inline - RelativeJump 0x805C324A-->80617DC3 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC381, Type: Inline - RelativeJump 0x805C3381-->805C3385 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC3D5, Type: Inline - RelativeJump 0x805C33D5-->805C33E9 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC45B, Type: Inline - RelativeCall 0x805C345B-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x000EC4CF, Type: Inline - RelativeJump 0x805C34CF-->805C34EB [ntoskrnl.exe]
ntoskrnl.exe+0x000EC4DF, Type: Inline - RelativeJump 0x805C34DF-->8059C242 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC4E7, Type: Inline - RelativeJump 0x805C34E7-->8059C026 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC4F5, Type: Inline - RelativeCall 0x805C34F5-->805C2DF1 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC4FD, Type: Inline - RelativeJump 0x805C34FD-->805BD2B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000EC522, Type: Inline - RelativeJump 0x805C3522-->805C31CF [ntoskrnl.exe]
ntoskrnl.exe+0x000EC584, Type: Inline - RelativeJump 0x805C3584-->805BC8FF [ntoskrnl.exe]
ntoskrnl.exe+0x000EC594, Type: Inline - RelativeJump 0x805C3594-->805C357A [ntoskrnl.exe]
ntoskrnl.exe+0x000EC67F, Type: Inline - RelativeJump 0x805C367F-->805C3BEC [ntoskrnl.exe]
ntoskrnl.exe+0x000EC68E, Type: Inline - RelativeJump 0x805C368E-->805C3699 [ntoskrnl.exe]
ntoskrnl.exe+0x000ECAE6, Type: Inline - RelativeJump 0x805C3AE6-->805C3B46 [ntoskrnl.exe]
ntoskrnl.exe+0x000ECBDD, Type: Inline - RelativeJump 0x805C3BDD-->805C3B6F [ntoskrnl.exe]
ntoskrnl.exe+0x000ECC64, Type: Inline - RelativeJump 0x805C3C64-->805C4B04 [ntoskrnl.exe]
ntoskrnl.exe+0x000ECECC, Type: Inline - RelativeJump 0x805C3ECC-->805C3ED8 [ntoskrnl.exe]
ntoskrnl.exe+0x000ECFCB, Type: Inline - RelativeCall 0x805C3FCB-->804EA45A [ntoskrnl.exe]
ntoskrnl.exe+0x000ED015, Type: Inline - DirectCall 0x805C4015-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED01D, Type: Inline - RelativeJump 0x805C401D-->805BBD21 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED02A, Type: Inline - DirectCall 0x805C402A-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000ED035, Type: Inline - PushRet 0x805C4035-->8BD6FF80 [unknown_code_page]
ntoskrnl.exe+0x000ED036, Type: Inline - DirectCall 0x805C4036-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED05A, Type: Inline - RelativeJump 0x805C405A-->805B4D12 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED246, Type: Inline - RelativeJump 0x805C4246-->8059C1D6 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED253, Type: Inline - RelativeJump 0x805C4253-->805C425B [ntoskrnl.exe]
ntoskrnl.exe+0x000ED2E9, Type: Inline - RelativeJump 0x805C42E9-->805C4303 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED2F2, Type: Inline - RelativeJump 0x805C42F2-->805C42F0 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED551, Type: Inline - RelativeJump 0x805C4551-->805C4583 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED6D4, Type: Inline - RelativeJump 0x805C46D4-->805C46E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000ED6E7, Type: Inline - RelativeJump 0x805C46E7-->805C87AF [ntoskrnl.exe]
ntoskrnl.exe+0x000ED7D0, Type: Inline - RelativeJump 0x805C47D0-->805C475A [ntoskrnl.exe]
ntoskrnl.exe+0x000EDCD1, Type: Inline - RelativeCall 0x805C4CD1-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000EDCD7, Type: Inline - RelativeJump 0x805C4CD7-->805A5815 [ntoskrnl.exe]
ntoskrnl.exe+0x000EDF33, Type: Inline - RelativeJump 0x805C4F33-->805C4F3D [ntoskrnl.exe]
ntoskrnl.exe+0x000EDF38, Type: Inline - RelativeJump 0x805C4F38-->805C53AC [ntoskrnl.exe]
ntoskrnl.exe+0x000EDFB1, Type: Inline - RelativeJump 0x805C4FB1-->805C4E48 [ntoskrnl.exe]
ntoskrnl.exe+0x000EDFB9, Type: Inline - RelativeJump 0x805C4FB9-->805C4E48 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE168, Type: Inline - RelativeCall 0x805C5168-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE19F, Type: Inline - RelativeJump 0x805C519F-->805C51B1 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE224, Type: Inline - RelativeJump 0x805C5224-->805C5248 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE35A, Type: Inline - RelativeJump 0x805C535A-->805C4E5E [ntoskrnl.exe]
ntoskrnl.exe+0x000EE367, Type: Inline - RelativeJump 0x805C5367-->805C4F96 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE36C, Type: Inline - RelativeJump 0x805C536C-->805C5397 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE3AA, Type: Inline - RelativeJump 0x805C53AA-->805C4F32 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE5DE, Type: Inline - RelativeJump 0x805C55DE-->805C5616 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE786, Type: Inline - RelativeJump 0x805C5786-->805C5790 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE875, Type: Inline - RelativeJump 0x805C5875-->805AA5B3 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE883, Type: Inline - RelativeJump 0x805C5883-->805CE959 [ntoskrnl.exe]
ntoskrnl.exe+0x000EE893, Type: Inline - RelativeJump 0x805C5893-->805CE959 [ntoskrnl.exe]
ntoskrnl.exe+0x000EEA38, Type: Inline - RelativeJump 0x805C5A38-->805C5A4E [ntoskrnl.exe]
ntoskrnl.exe+0x000EEA49, Type: Inline - RelativeCall 0x805C5A49-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000EEA51, Type: Inline - RelativeJump 0x805C5A51-->805A4468 [ntoskrnl.exe]
ntoskrnl.exe+0x000EEAB5, Type: Inline - RelativeCall 0x805C5AB5-->8056D525 [ntoskrnl.exe]
ntoskrnl.exe+0x000EEAC3, Type: Inline - RelativeJump 0x805C5AC3-->805C5B37 [ntoskrnl.exe]
ntoskrnl.exe+0x000EEBCD, Type: Inline - RelativeJump 0x805C5BCD-->805C5BFE [ntoskrnl.exe]
ntoskrnl.exe+0x000EEE45, Type: Inline - RelativeCall 0x805C5E45-->805BBF35 [ntoskrnl.exe]
ntoskrnl.exe+0x000EF0BD, Type: Inline - RelativeJump 0x805C60BD-->805FCA8A [ntoskrnl.exe]
ntoskrnl.exe+0x000EF454, Type: Inline - RelativeJump 0x805C6454-->805C64A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000EF6D8, Type: Inline - RelativeJump 0x805C66D8-->805C66E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000EF77D, Type: Inline - RelativeCall 0x805C677D-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x000EF782, Type: Inline - RelativeJump 0x805C6782-->805C67D4 [ntoskrnl.exe]
ntoskrnl.exe+0x000EF804, Type: Inline - RelativeJump 0x805C6804-->805C680A [ntoskrnl.exe]
ntoskrnl.exe+0x000EF836, Type: Inline - RelativeJump 0x805C6836-->805C6840 [ntoskrnl.exe]
ntoskrnl.exe+0x000EF9BC, Type: Inline - RelativeJump 0x805C69BC-->805CCB31 [ntoskrnl.exe]
ntoskrnl.exe+0x000EFB11, Type: Inline - RelativeJump 0x805C6B11-->805C6BB3 [ntoskrnl.exe]
ntoskrnl.exe+0x000EFD35, Type: Inline - RelativeCall 0x805C6D35-->804EA4A9 [ntoskrnl.exe]
ntoskrnl.exe+0x000EFE6F, Type: Inline - RelativeJump 0x805C6E6F-->805C6E71 [ntoskrnl.exe]
ntoskrnl.exe+0x000EFEDA, Type: Inline - RelativeJump 0x805C6EDA-->8059C1D6 [ntoskrnl.exe]
ntoskrnl.exe+0x000EFF84, Type: Inline - RelativeJump 0x805C6F84-->805C6F8A [ntoskrnl.exe]
ntoskrnl.exe+0x000EFF8C, Type: Inline - RelativeJump 0x805C6F8C-->805C6F92 [ntoskrnl.exe]
ntoskrnl.exe+0x000EFFC0, Type: Inline - RelativeJump 0x805C6FC0-->805C6FCA [ntoskrnl.exe]
ntoskrnl.exe+0x000F017C, Type: Inline - RelativeJump 0x805C717C-->805C2F11 [ntoskrnl.exe]
ntoskrnl.exe+0x000F0187, Type: Inline - RelativeJump 0x805C7187-->805C52A1 [ntoskrnl.exe]
ntoskrnl.exe+0x000F036C, Type: Inline - RelativeJump 0x805C736C-->805A200F [ntoskrnl.exe]
ntoskrnl.exe+0x000F0378, Type: Inline - RelativeJump 0x805C7378-->805A1E63 [ntoskrnl.exe]
ntoskrnl.exe+0x000F0703, Type: Inline - RelativeCall 0x805C7703-->805A19AE [ntoskrnl.exe]
ntoskrnl.exe+0x000F0E17, Type: Inline - RelativeJump 0x805C7E17-->805AA51A [ntoskrnl.exe]
ntoskrnl.exe+0x000F0EAF, Type: Inline - RelativeJump 0x805C7EAF-->805DE2B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F0EBF, Type: Inline - RelativeJump 0x805C7EBF-->805DE0EB [ntoskrnl.exe]
ntoskrnl.exe+0x000F0F00, Type: Inline - RelativeJump 0x805C7F00-->805C7F5E [ntoskrnl.exe]
ntoskrnl.exe+0x000F15E7, Type: Inline - RelativeJump 0x805C85E7-->805C85FB [ntoskrnl.exe]
ntoskrnl.exe+0x000F1785, Type: Inline - RelativeJump 0x805C8785-->806136A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1796, Type: Inline - RelativeJump 0x805C8796-->805C87A8 [ntoskrnl.exe]
ntoskrnl.exe+0x000F17A1, Type: Inline - RelativeJump 0x805C87A1-->805C87AF [ntoskrnl.exe]
ntoskrnl.exe+0x000F17A4, Type: Inline - PushRet 0x805C87A4-->C0330004 [unknown_code_page]
ntoskrnl.exe+0x000F17AB, Type: Inline - RelativeJump 0x805C87AB-->805C87A9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F17CF, Type: Inline - RelativeJump 0x805C87CF-->805BCD2B [ntoskrnl.exe]
ntoskrnl.exe+0x000F19BD, Type: Inline - RelativeJump 0x805C89BD-->805C89E9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F19C5, Type: Inline - RelativeJump 0x805C89C5-->805C4983 [ntoskrnl.exe]
ntoskrnl.exe+0x000F19CC, Type: Inline - RelativeJump 0x805C89CC-->805C4ADC [ntoskrnl.exe]
ntoskrnl.exe+0x000F19D3, Type: Inline - RelativeJump 0x805C89D3-->805C4A3E [ntoskrnl.exe]
ntoskrnl.exe+0x000F19DE, Type: Inline - RelativeJump 0x805C89DE-->805C4A38 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1A14, Type: Inline - RelativeCall 0x805C8A14-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1A7F, Type: Inline - RelativeCall 0x805C8A7F-->8057BF6A [ntoskrnl.exe]
ntoskrnl.exe+0x000F1A96, Type: Inline - RelativeJump 0x805C8A96-->805C8ADD [ntoskrnl.exe]
ntoskrnl.exe+0x000F1B60, Type: Inline - RelativeJump 0x805C8B60-->805C8B76 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1B74, Type: Inline - RelativeJump 0x805C8B74-->805C8B7A [ntoskrnl.exe]
ntoskrnl.exe+0x000F1B76, Type: Inline - RelativeJump 0x805C8B76-->805C8B80 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1B91, Type: Inline - RelativeJump 0x805C8B91-->805D619B [ntoskrnl.exe]
ntoskrnl.exe+0x000F1BA0, Type: Inline - RelativeJump 0x805C8BA0-->805C8C33 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1C64, Type: Inline - RelativeCall 0x805C8C64-->80598F0A [ntoskrnl.exe]
ntoskrnl.exe+0x000F1C6F, Type: Inline - RelativeJump 0x805C8C6F-->805C8C99 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1CD2, Type: Inline - RelativeJump 0x805C8CD2-->805C8CEC [ntoskrnl.exe]
ntoskrnl.exe+0x000F1CEA, Type: Inline - RelativeJump 0x805C8CEA-->806189E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1CF5, Type: Inline - RelativeJump 0x805C8CF5-->806189EF [ntoskrnl.exe]
ntoskrnl.exe+0x000F1DF8, Type: Inline - RelativeJump 0x805C8DF8-->805C8E02 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1E7C, Type: Inline - RelativeJump 0x805C8E7C-->805C8E86 [ntoskrnl.exe]
ntoskrnl.exe+0x000F1FE0, Type: Inline - RelativeJump 0x805C8FE0-->805C8FF4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F28AF, Type: Inline - RelativeJump 0x805C98AF-->805C99C9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F2990, Type: Inline - RelativeJump 0x805C9990-->805C99C3 [ntoskrnl.exe]
ntoskrnl.exe+0x000F2B0F, Type: Inline - RelativeJump 0x805C9B0F-->805C9B24 [ntoskrnl.exe]
ntoskrnl.exe+0x000F2D97, Type: Inline - RelativeJump 0x805C9D97-->805C9D6B [ntoskrnl.exe]
ntoskrnl.exe+0x000F2DAC, Type: Inline - RelativeJump 0x805C9DAC-->805C9D6B [ntoskrnl.exe]
ntoskrnl.exe+0x000F2DC2, Type: Inline - RelativeJump 0x805C9DC2-->805C9E3F [ntoskrnl.exe]
ntoskrnl.exe+0x000F2DCE, Type: Inline - RelativeJump 0x805C9DCE-->805C9DF1 [ntoskrnl.exe]
ntoskrnl.exe+0x000F2DF2, Type: Inline - RelativeJump 0x805C9DF2-->805C9E2F [ntoskrnl.exe]
ntoskrnl.exe+0x000F2DFE, Type: Inline - RelativeJump 0x805C9DFE-->805C9DD4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F2E08, Type: Inline - RelativeCall 0x805C9E08-->805C9E5B [ntoskrnl.exe]
ntoskrnl.exe+0x000F2F67, Type: Inline - RelativeJump 0x805C9F67-->805C9F78 [ntoskrnl.exe]
ntoskrnl.exe+0x000F2FBA, Type: Inline - RelativeJump 0x805C9FBA-->805CA0CE [ntoskrnl.exe]
ntoskrnl.exe+0x000F2FC3, Type: Inline - RelativeJump 0x805C9FC3-->805CA10D [ntoskrnl.exe]
ntoskrnl.exe+0x000F2FC8, Type: Inline - RelativeJump 0x805C9FC8-->805CA0CE [ntoskrnl.exe]
ntoskrnl.exe+0x000F2FFC, Type: Inline - RelativeCall 0x805C9FFC-->805CA47A [ntoskrnl.exe]
ntoskrnl.exe+0x000F307F, Type: Inline - RelativeJump 0x805CA07F-->805CA09C [ntoskrnl.exe]
ntoskrnl.exe+0x000F3289, Type: Inline - RelativeJump 0x805CA289-->805CA2A3 [ntoskrnl.exe]
ntoskrnl.exe+0x000F32AE, Type: Inline - RelativeJump 0x805CA2AE-->805CA2BE [ntoskrnl.exe]
ntoskrnl.exe+0x000F32D9, Type: Inline - RelativeJump 0x805CA2D9-->805CA186 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3339, Type: Inline - RelativeJump 0x805CA339-->805CA46E [ntoskrnl.exe]
ntoskrnl.exe+0x000F3350, Type: Inline - RelativeJump 0x805CA350-->805CA363 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3408, Type: Inline - RelativeJump 0x805CA408-->805CA41D [ntoskrnl.exe]
ntoskrnl.exe+0x000F342E, Type: Inline - RelativeJump 0x805CA42E-->805CA448 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3476, Type: Inline - RelativeJump 0x805CA476-->805CA463 [ntoskrnl.exe]
ntoskrnl.exe+0x000F34D6, Type: Inline - PushRet 0x805CA4D6-->F710468B [unknown_code_page]
ntoskrnl.exe+0x000F3540, Type: Inline - RelativeJump 0x805CA540-->805CA563 [ntoskrnl.exe]
ntoskrnl.exe+0x000F355E, Type: Inline - PushRet 0x805CA55E-->FBEBC033 [unknown_code_page]
ntoskrnl.exe+0x000F355F, Type: Inline - RelativeJump 0x805CA55F-->805CA562 [ntoskrnl.exe]
ntoskrnl.exe+0x000F357E, Type: Inline - RelativeJump 0x805CA57E-->805CA589 [ntoskrnl.exe]
ntoskrnl.exe+0x000F35A8, Type: Inline - PushRet 0x805CA5A8-->FBEBC033 [unknown_code_page]
ntoskrnl.exe+0x000F35A9, Type: Inline - RelativeJump 0x805CA5A9-->805CA5AC [ntoskrnl.exe]
ntoskrnl.exe+0x000F37D2, Type: Inline - RelativeJump 0x805CA7D2-->805CA9D7 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3A97, Type: Inline - RelativeJump 0x805CAA97-->805CAB2F [ntoskrnl.exe]
ntoskrnl.exe+0x000F3AE3, Type: Inline - RelativeJump 0x805CAAE3-->805CAB1F [ntoskrnl.exe]
ntoskrnl.exe+0x000F3B61, Type: Inline - RelativeJump 0x805CAB61-->805CAB49 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3E17, Type: Inline - RelativeJump 0x805CAE17-->805CF735 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3E29, Type: Inline - RelativeJump 0x805CAE29-->805CADFF [ntoskrnl.exe]
ntoskrnl.exe+0x000F3EB4, Type: Inline - RelativeJump 0x805CAEB4-->805CAEBA [ntoskrnl.exe]
ntoskrnl.exe+0x000F3EBE, Type: Inline - RelativeJump 0x805CAEBE-->805CAEC4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3ECA, Type: Inline - RelativeJump 0x805CAECA-->805CAED0 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3ED0, Type: Inline - RelativeJump 0x805CAED0-->805CAED6 [ntoskrnl.exe]
ntoskrnl.exe+0x000F3ED4, Type: Inline - RelativeJump 0x805CAED4-->805CAEDA [ntoskrnl.exe]
ntoskrnl.exe+0x000F3ED6, Type: Inline - RelativeJump 0x805CAED6-->805CAEDC [ntoskrnl.exe]
ntoskrnl.exe+0x000F40FA, Type: Inline - RelativeJump 0x805CB0FA-->805CB100 [ntoskrnl.exe]
ntoskrnl.exe+0x000F43EF, Type: Inline - RelativeCall 0x805CB3EF-->805CB7E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F44F6, Type: Inline - RelativeJump 0x805CB4F6-->805CB505 [ntoskrnl.exe]
ntoskrnl.exe+0x000F4506, Type: Inline - RelativeJump 0x805CB506-->805CB505 [ntoskrnl.exe]
ntoskrnl.exe+0x000F4519, Type: Inline - RelativeJump 0x805CB519-->805CB52B [ntoskrnl.exe]
ntoskrnl.exe+0x000F4523, Type: Inline - RelativeJump 0x805CB523-->805CB514 [ntoskrnl.exe]
ntoskrnl.exe+0x000F456D, Type: Inline - RelativeJump 0x805CB56D-->8061812C [ntoskrnl.exe]
ntoskrnl.exe+0x000F45FB, Type: Inline - RelativeJump 0x805CB5FB-->805CB627 [ntoskrnl.exe]
ntoskrnl.exe+0x000F4E38, Type: Inline - RelativeJump 0x805CBE38-->805CBE48 [ntoskrnl.exe]
ntoskrnl.exe+0x000F4F88, Type: Inline - RelativeJump 0x805CBF88-->805CBF6E [ntoskrnl.exe]
ntoskrnl.exe+0x000F4FA0, Type: Inline - RelativeJump 0x805CBFA0-->805CBE8B [ntoskrnl.exe]
ntoskrnl.exe+0x000F4FB0, Type: Inline - RelativeJump 0x805CBFB0-->805CC035 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5034, Type: Inline - RelativeJump 0x805CC034-->805CC01F [ntoskrnl.exe]
ntoskrnl.exe+0x000F50E3, Type: Inline - RelativeJump 0x805CC0E3-->805CC150 [ntoskrnl.exe]
ntoskrnl.exe+0x000F52D1, Type: Inline - RelativeCall 0x805CC2D1-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000F52DB, Type: Inline - RelativeJump 0x805CC2DB-->805CC3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5346, Type: Inline - RelativeJump 0x805CC346-->805CC34C [ntoskrnl.exe]
ntoskrnl.exe+0x000F5350, Type: Inline - RelativeJump 0x805CC350-->805CC356 [ntoskrnl.exe]
ntoskrnl.exe+0x000F536E, Type: Inline - RelativeJump 0x805CC36E-->805CC374 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5458, Type: Inline - RelativeJump 0x805CC458-->805CC472 [ntoskrnl.exe]
ntoskrnl.exe+0x000F58B5, Type: Inline - RelativeJump 0x805CC8B5-->805EED18 [ntoskrnl.exe]
ntoskrnl.exe+0x000F58BB, Type: Inline - RelativeJump 0x805CC8BB-->805EED34 [ntoskrnl.exe]
ntoskrnl.exe+0x000F58E2, Type: Inline - RelativeJump 0x805CC8E2-->805EED44 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5960, Type: Inline - RelativeJump 0x805CC960-->805EED4F [ntoskrnl.exe]
ntoskrnl.exe+0x000F5A5E, Type: Inline - RelativeJump 0x805CCA5E-->805CCAC9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5B80, Type: Inline - RelativeJump 0x805CCB80-->805CCBF4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5BB2, Type: Inline - RelativeCall 0x805CCBB2-->805E3B29 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5CDA, Type: Inline - RelativeCall 0x805CCCDA-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5CE3, Type: Inline - RelativeJump 0x805CCCE3-->805CCD70 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5D9C, Type: Inline - RelativeJump 0x805CCD9C-->805EE87E [ntoskrnl.exe]
ntoskrnl.exe+0x000F5DA8, Type: Inline - RelativeCall 0x805CCDA8-->805CCC9F [ntoskrnl.exe]
ntoskrnl.exe+0x000F5DB4, Type: Inline - RelativeJump 0x805CCDB4-->805EE894 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5DBC, Type: Inline - RelativeJump 0x805CCDBC-->805CCE10 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5E72, Type: Inline - RelativeCall 0x805CCE72-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5E8A, Type: Inline - RelativeCall 0x805CCE8A-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5E9A, Type: Inline - PushRet 0x805CCE9A-->90900014 [unknown_code_page]
ntoskrnl.exe+0x000F5ED6, Type: Inline - RelativeJump 0x805CCED6-->805CCEF5 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5EE0, Type: Inline - RelativeJump 0x805CCEE0-->805EE8AF [ntoskrnl.exe]
ntoskrnl.exe+0x000F5F0E, Type: Inline - RelativeJump 0x805CCF0E-->805CCF76 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5F14, Type: Inline - RelativeCall 0x805CCF14-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x000F5F25, Type: Inline - RelativeJump 0x805CCF25-->805CCF76 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5F5C, Type: Inline - RelativeCall 0x805CCF5C-->80570314 [ntoskrnl.exe]
ntoskrnl.exe+0x000F5F63, Type: Inline - RelativeCall 0x805CCF63-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000F6044, Type: Inline - RelativeJump 0x805CD044-->805F6DA0 [ntoskrnl.exe]
ntoskrnl.exe+0x000F606A, Type: Inline - RelativeJump 0x805CD06A-->805CD07F [ntoskrnl.exe]
ntoskrnl.exe+0x000F6074, Type: Inline - RelativeCall 0x805CD074-->805C7EE3 [ntoskrnl.exe]
ntoskrnl.exe+0x000F607D, Type: Inline - PushRet 0x805CD07D-->90900010 [unknown_code_page]
ntoskrnl.exe+0x000F60E8, Type: Inline - RelativeJump 0x805CD0E8-->805CD11D [ntoskrnl.exe]
ntoskrnl.exe+0x000F618A, Type: Inline - RelativeJump 0x805CD18A-->805CD19E [ntoskrnl.exe]
ntoskrnl.exe+0x000F619A, Type: Inline - RelativeJump 0x805CD19A-->805C7411 [ntoskrnl.exe]
ntoskrnl.exe+0x000F61AD, Type: Inline - RelativeCall 0x805CD1AD-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x000F61B7, Type: Inline - RelativeJump 0x805CD1B7-->805F6DF0 [ntoskrnl.exe]
ntoskrnl.exe+0x000F63D2, Type: Inline - RelativeCall 0x805CD3D2-->805D581B [ntoskrnl.exe]
ntoskrnl.exe+0x000F63E7, Type: Inline - RelativeJump 0x805CD3E7-->805D580D [ntoskrnl.exe]
ntoskrnl.exe+0x000F66E9, Type: Inline - RelativeCall 0x805CD6E9-->805D05AD [ntoskrnl.exe]
ntoskrnl.exe+0x000F66EE, Type: Inline - RelativeCall 0x805CD6EE-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x000F6756, Type: Inline - RelativeJump 0x805CD756-->805CD85D [ntoskrnl.exe]
ntoskrnl.exe+0x000F68D4, Type: Inline - RelativeCall 0x805CD8D4-->805CBFC9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F68DD, Type: Inline - RelativeJump 0x805CD8DD-->805F7052 [ntoskrnl.exe]
ntoskrnl.exe+0x000F68E5, Type: Inline - RelativeCall 0x805CD8E5-->805CBFC9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F68F2, Type: Inline - RelativeJump 0x805CD8F2-->805CD88C [ntoskrnl.exe]
ntoskrnl.exe+0x000F693B, Type: Inline - RelativeCall 0x805CD93B-->80505FEE [ntoskrnl.exe]
ntoskrnl.exe+0x000F695A, Type: Inline - RelativeCall 0x805CD95A-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x000F6961, Type: Inline - RelativeJump 0x805CD961-->805CD8FA [ntoskrnl.exe]
ntoskrnl.exe+0x000F698A, Type: Inline - RelativeCall 0x805CD98A-->81F2C1E0 [unknown_code_page]
ntoskrnl.exe+0x000F6A50, Type: Inline - DirectJump 0x805CDA50-->FFFFFFFF [unknown_code_page]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:48 pm

ntoskrnl.exe+0x000F6A62, Type: Inline - RelativeCall 0x805CDA62-->806664DA [ntoskrnl.exe]
ntoskrnl.exe+0x000F6CA6, Type: Inline - RelativeJump 0x805CDCA6-->805CDCAC [ntoskrnl.exe]
ntoskrnl.exe+0x000F6CB2, Type: Inline - RelativeJump 0x805CDCB2-->805CDCC0 [ntoskrnl.exe]
ntoskrnl.exe+0x000F6CCE, Type: Inline - RelativeJump 0x805CDCCE-->805CDCD4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F6CDA, Type: Inline - RelativeJump 0x805CDCDA-->805CDCE8 [ntoskrnl.exe]
ntoskrnl.exe+0x000F6DF0, Type: Inline - RelativeJump 0x805CDDF0-->805CDE00 [ntoskrnl.exe]
ntoskrnl.exe+0x000F6E0C, Type: Inline - RelativeJump 0x805CDE0C-->805CDE12 [ntoskrnl.exe]
ntoskrnl.exe+0x000F721E, Type: Inline - RelativeCall 0x805CE21E-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000F728E, Type: Inline - RelativeCall 0x805CE28E-->80506B28 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7320, Type: Inline - RelativeJump 0x805CE320-->805CDF4B [ntoskrnl.exe]
ntoskrnl.exe+0x000F7443, Type: Inline - RelativeJump 0x805CE443-->805CE45E [ntoskrnl.exe]
ntoskrnl.exe+0x000F7524, Type: Inline - RelativeJump 0x805CE524-->805F7517 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7532, Type: Inline - RelativeCall 0x805CE532-->805CBFC9 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7540, Type: Inline - RelativeCall 0x805CE540-->80505FEE [ntoskrnl.exe]
ntoskrnl.exe+0x000F7546, Type: Inline - RelativeJump 0x805CE546-->805CE6E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000F754E, Type: Inline - RelativeJump 0x805CE54E-->805CE52B [ntoskrnl.exe]
ntoskrnl.exe+0x000F75AF, Type: Inline - RelativeCall 0x805CE5AF-->805CB43C [ntoskrnl.exe]
ntoskrnl.exe+0x000F766B, Type: Inline - RelativeJump 0x805CE66B-->805CE659 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7676, Type: Inline - RelativeJump 0x805CE676-->805CE732 [ntoskrnl.exe]
ntoskrnl.exe+0x000F767F, Type: Inline - RelativeJump 0x805CE67F-->805F73E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000F77B1, Type: Inline - RelativeCall 0x805CE7B1-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7901, Type: Inline - RelativeJump 0x805CE901-->805CE911 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7914, Type: Inline - RelativeJump 0x805CE914-->805CE94B [ntoskrnl.exe]
ntoskrnl.exe+0x000F7924, Type: Inline - RelativeJump 0x805CE924-->805AA2AA [ntoskrnl.exe]
ntoskrnl.exe+0x000F7972, Type: Inline - RelativeJump 0x805CE972-->805AC5EB [ntoskrnl.exe]
ntoskrnl.exe+0x000F7AE6, Type: Inline - RelativeJump 0x805CEAE6-->805CEAFE [ntoskrnl.exe]
ntoskrnl.exe+0x000F7B02, Type: Inline - RelativeJump 0x805CEB02-->805CEB12 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7B0E, Type: Inline - RelativeJump 0x805CEB0E-->805CEBB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7B18, Type: Inline - RelativeJump 0x805CEB18-->805CEB33 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7B2E, Type: Inline - RelativeJump 0x805CEB2E-->805CEBBB [ntoskrnl.exe]
ntoskrnl.exe+0x000F7BD6, Type: Inline - RelativeJump 0x805CEBD6-->805CEC81 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7BE0, Type: Inline - RelativeJump 0x805CEBE0-->805CEC0C [ntoskrnl.exe]
ntoskrnl.exe+0x000F7BF1, Type: Inline - RelativeJump 0x805CEBF1-->805CEC07 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7D12, Type: Inline - RelativeJump 0x805CED12-->805CED27 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7E0C, Type: Inline - RelativeCall 0x805CEE0C-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7E89, Type: Inline - RelativeJump 0x805CEE89-->805CEE96 [ntoskrnl.exe]
ntoskrnl.exe+0x000F7F62, Type: Inline - RelativeJump 0x805CEF62-->805CEFDE [ntoskrnl.exe]
ntoskrnl.exe+0x000F8002, Type: Inline - RelativeJump 0x805CF002-->805CF019 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8014, Type: Inline - RelativeJump 0x805CF014-->805CF02E [ntoskrnl.exe]
ntoskrnl.exe+0x000F8022, Type: Inline - RelativeJump 0x805CF022-->805CF02E [ntoskrnl.exe]
ntoskrnl.exe+0x000F802C, Type: Inline - RelativeCall 0x805CF02C-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000F807D, Type: Inline - RelativeJump 0x805CF07D-->805CF09E [ntoskrnl.exe]
ntoskrnl.exe+0x000F8088, Type: Inline - RelativeJump 0x805CF088-->805CF09E [ntoskrnl.exe]
ntoskrnl.exe+0x000F8125, Type: Inline - RelativeJump 0x805CF125-->805CF1A7 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8139, Type: Inline - RelativeJump 0x805CF139-->805CF1E5 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8174, Type: Inline - RelativeJump 0x805CF174-->805CF1E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000F818C, Type: Inline - RelativeJump 0x805CF18C-->805CF1CC [ntoskrnl.exe]
ntoskrnl.exe+0x000F822C, Type: Inline - RelativeJump 0x805CF22C-->805CF27D [ntoskrnl.exe]
ntoskrnl.exe+0x000F8264, Type: Inline - RelativeCall 0x805CF264-->80581387 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8576, Type: Inline - RelativeJump 0x805CF576-->805CF585 [ntoskrnl.exe]
ntoskrnl.exe+0x000F87A6, Type: Inline - RelativeJump 0x805CF7A6-->80613CE2 [ntoskrnl.exe]
ntoskrnl.exe+0x000F88D2, Type: Inline - RelativeJump 0x805CF8D2-->805CF8D8 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8992, Type: Inline - RelativeJump 0x805CF992-->805CF9A8 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8CE4, Type: Inline - RelativeCall 0x805CFCE4-->805E3A7B [ntoskrnl.exe]
ntoskrnl.exe+0x000F8D2C, Type: Inline - RelativeCall 0x805CFD2C-->805D3077 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8E09, Type: Inline - RelativeJump 0x805CFE09-->805CFE27 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8EB0, Type: Inline - RelativeJump 0x805CFEB0-->805CFEB6 [ntoskrnl.exe]
ntoskrnl.exe+0x000F8F60, Type: Inline - RelativeJump 0x805CFF60-->805F8B94 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9282, Type: Inline - RelativeJump 0x805D0282-->805D0284 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9337, Type: Inline - RelativeJump 0x805D0337-->805D0357 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9350, Type: Inline - RelativeJump 0x805D0350-->8060DC28 [ntoskrnl.exe]
ntoskrnl.exe+0x000F93FC, Type: Inline - RelativeCall 0x805D03FC-->805D0420 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9402, Type: Inline - RelativeJump 0x805D0402-->80590299 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9407, Type: Inline - RelativeJump 0x805D0407-->80590286 [ntoskrnl.exe]
ntoskrnl.exe+0x000F940E, Type: Inline - RelativeJump 0x805D040E-->80590348 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9416, Type: Inline - RelativeJump 0x805D0416-->8059051C [ntoskrnl.exe]
ntoskrnl.exe+0x000F959E, Type: Inline - RelativeJump 0x805D059E-->805D05A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9752, Type: Inline - RelativeJump 0x805D0752-->805D075C [ntoskrnl.exe]
ntoskrnl.exe+0x000F97AA, Type: Inline - RelativeJump 0x805D07AA-->805D07B0 [ntoskrnl.exe]
ntoskrnl.exe+0x000F98A0, Type: Inline - RelativeJump 0x805D08A0-->805D08A6 [ntoskrnl.exe]
ntoskrnl.exe+0x000F98F8, Type: Inline - RelativeJump 0x805D08F8-->805D08FE [ntoskrnl.exe]
ntoskrnl.exe+0x000F98FA, Type: Inline - RelativeJump 0x805D08FA-->805D0900 [ntoskrnl.exe]
ntoskrnl.exe+0x000F993E, Type: Inline - RelativeJump 0x805D093E-->805D0944 [ntoskrnl.exe]
ntoskrnl.exe+0x000F996B, Type: Inline - RelativeJump 0x805D096B-->805D0982 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9AA8, Type: Inline - RelativeJump 0x805D0AA8-->805A6B70 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9B46, Type: Inline - RelativeJump 0x805D0B46-->805A6C25 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9B4B, Type: Inline - RelativeJump 0x805D0B4B-->805C29A7 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9B57, Type: Inline - RelativeJump 0x805D0B57-->805C2A51 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9B78, Type: Inline - RelativeJump 0x805D0B78-->805C29F3 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9B8F, Type: Inline - RelativeJump 0x805D0B8F-->805C2A32 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9B99, Type: Inline - RelativeJump 0x805D0B99-->805C2A0B [ntoskrnl.exe]
ntoskrnl.exe+0x000F9C3C, Type: Inline - RelativeCall 0x805D0C3C-->805E3A0D [ntoskrnl.exe]
ntoskrnl.exe+0x000F9C49, Type: Inline - RelativeCall 0x805D0C49-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9CA4, Type: Inline - RelativeJump 0x805D0CA4-->805D0CBF [ntoskrnl.exe]
ntoskrnl.exe+0x000F9CBC, Type: Inline - RelativeJump 0x805D0CBC-->805D0CA2 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9DFA, Type: Inline - RelativeJump 0x805D0DFA-->805D0E04 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9E32, Type: Inline - RelativeJump 0x805D0E32-->805D0E40 [ntoskrnl.exe]
ntoskrnl.exe+0x000F9E46, Type: Inline - RelativeJump 0x805D0E46-->805D0E4C [ntoskrnl.exe]
ntoskrnl.exe+0x000FA037, Type: Inline - RelativeJump 0x805D1037-->805D1021 [ntoskrnl.exe]
ntoskrnl.exe+0x000FA0CF, Type: Inline - RelativeJump 0x805D10CF-->806062AA [ntoskrnl.exe]
ntoskrnl.exe+0x000FA511, Type: Inline - RelativeJump 0x805D1511-->805D19FF [ntoskrnl.exe]
ntoskrnl.exe+0x000FA5C6, Type: Inline - RelativeCall 0x805D15C6-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x000FA5CD, Type: Inline - PushRet 0x805D15CD-->90909090 [unknown_code_page]
ntoskrnl.exe+0x000FA9D5, Type: Inline - RelativeJump 0x805D19D5-->805D1433 [ntoskrnl.exe]
ntoskrnl.exe+0x000FA9DF, Type: Inline - RelativeCall 0x805D19DF-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x000FA9EC, Type: Inline - RelativeJump 0x805D19EC-->805D19FD [ntoskrnl.exe]
ntoskrnl.exe+0x000FB007, Type: Inline - RelativeJump 0x805D2007-->805D208E [ntoskrnl.exe]
ntoskrnl.exe+0x000FB3A2, Type: Inline - RelativeCall 0x805D23A2-->804E14F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000FB5D4, Type: Inline - PushRet 0x805D25D4-->E8805086 [unknown_code_page]
ntoskrnl.exe+0x000FB97B, Type: Inline - RelativeJump 0x805D297B-->805D2955 [ntoskrnl.exe]
ntoskrnl.exe+0x000FB982, Type: Inline - RelativeJump 0x805D2982-->805D2950 [ntoskrnl.exe]
ntoskrnl.exe+0x000FB989, Type: Inline - RelativeCall 0x805D2989-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x000FB991, Type: Inline - RelativeJump 0x805D2991-->805831B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000FBA02, Type: Inline - RelativeJump 0x805D2A02-->8059A535 [ntoskrnl.exe]
ntoskrnl.exe+0x000FBB73, Type: Inline - RelativeJump 0x805D2B73-->80618AA4 [ntoskrnl.exe]
ntoskrnl.exe+0x000FBCDF, Type: Inline - RelativeJump 0x805D2CDF-->805ED0CA [ntoskrnl.exe]
ntoskrnl.exe+0x000FBCEE, Type: Inline - RelativeJump 0x805D2CEE-->805D2CF8 [ntoskrnl.exe]
ntoskrnl.exe+0x000FBD0A, Type: Inline - RelativeJump 0x805D2D0A-->805D2D04 [ntoskrnl.exe]
ntoskrnl.exe+0x000FBF97, Type: Inline - RelativeCall 0x805D2F97-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x000FBF9C, Type: Inline - RelativeJump 0x805D2F9C-->8059B8CB [ntoskrnl.exe]
ntoskrnl.exe+0x000FC027, Type: Inline - RelativeJump 0x805D3027-->805D2FBC [ntoskrnl.exe]
ntoskrnl.exe+0x000FC03E, Type: Inline - RelativeCall 0x805D303E-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC044, Type: Inline - RelativeJump 0x805D3044-->8059B8EC [ntoskrnl.exe]
ntoskrnl.exe+0x000FC20D, Type: Inline - RelativeJump 0x805D320D-->805D3212 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC2D0, Type: Inline - RelativeJump 0x805D32D0-->805C59D0 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC460, Type: Inline - RelativeJump 0x805D3460-->805D3476 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC4D7, Type: Inline - RelativeJump 0x805D34D7-->80608C02 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC4E3, Type: Inline - RelativeJump 0x805D34E3-->80608C0C [ntoskrnl.exe]
ntoskrnl.exe+0x000FC4ED, Type: Inline - PushRet 0x805D34ED-->C0320010 [unknown_code_page]
ntoskrnl.exe+0x000FC56E, Type: Inline - RelativeCall 0x805D356E-->804E5658 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC735, Type: Inline - RelativeJump 0x805D3735-->8060C0E3 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC73D, Type: Inline - RelativeJump 0x805D373D-->805D3755 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC74A, Type: Inline - RelativeJump 0x805D374A-->805D3758 [ntoskrnl.exe]
ntoskrnl.exe+0x000FC7F9, Type: Inline - RelativeJump 0x805D37F9-->8060C14A [ntoskrnl.exe]
ntoskrnl.exe+0x000FC89E, Type: Inline - RelativeJump 0x805D389E-->805D38AC [ntoskrnl.exe]
ntoskrnl.exe+0x000FC8AD, Type: Inline - RelativeCall 0x805D38AD-->80582C58 [ntoskrnl.exe]
ntoskrnl.exe+0x000FCB19, Type: Inline - DirectJump 0x805D3B19-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000FCBA6, Type: Inline - RelativeJump 0x805D3BA6-->805C861D [ntoskrnl.exe]
ntoskrnl.exe+0x000FCC41, Type: Inline - RelativeCall 0x805D3C41-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x000FCC82, Type: Inline - RelativeJump 0x805D3C82-->805D3DAA [ntoskrnl.exe]
ntoskrnl.exe+0x000FCC90, Type: Inline - RelativeJump 0x805D3C90-->805C865B [ntoskrnl.exe]
ntoskrnl.exe+0x000FCDB6, Type: Inline - DirectCall 0x805D3DB6-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000FCEA2, Type: Inline - RelativeJump 0x805D3EA2-->805D3F0C [ntoskrnl.exe]
ntoskrnl.exe+0x000FD1C5, Type: Inline - RelativeJump 0x805D41C5-->805D4246 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD4FE, Type: Inline - RelativeJump 0x805D44FE-->80618592 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD63A, Type: Inline - RelativeJump 0x805D463A-->8061530D [ntoskrnl.exe]
ntoskrnl.exe+0x000FD695, Type: Inline - RelativeJump 0x805D4695-->80615332 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD89C, Type: Inline - RelativeCall 0x805D489C-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD944, Type: Inline - RelativeJump 0x805D4944-->805D49FE [ntoskrnl.exe]
ntoskrnl.exe+0x000FD94D, Type: Inline - RelativeJump 0x805D494D-->805D49FE [ntoskrnl.exe]
ntoskrnl.exe+0x000FD9A7, Type: Inline - RelativeJump 0x805D49A7-->805D49B1 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD9E1, Type: Inline - RelativeJump 0x805D49E1-->80602000 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD9EB, Type: Inline - RelativeJump 0x805D49EB-->80602030 [ntoskrnl.exe]
ntoskrnl.exe+0x000FD9F4, Type: Inline - PushRet 0x805D49F4-->FF330008 [unknown_code_page]
ntoskrnl.exe+0x000FDAE1, Type: Inline - RelativeCall 0x805D4AE1-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDBAD, Type: Inline - RelativeJump 0x805D4BAD-->8060D74B [ntoskrnl.exe]
ntoskrnl.exe+0x000FDBBC, Type: Inline - RelativeJump 0x805D4BBC-->8058D5C8 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDBE8, Type: Inline - RelativeJump 0x805D4BE8-->805D4BF4 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDBF7, Type: Inline - RelativeJump 0x805D4BF7-->805D4C00 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDC02, Type: Inline - RelativeJump 0x805D4C02-->805D4C0E [ntoskrnl.exe]
ntoskrnl.exe+0x000FDC0E, Type: Inline - RelativeJump 0x805D4C0E-->805D4C18 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDC9D, Type: Inline - RelativeJump 0x805D4C9D-->8060B5FF [ntoskrnl.exe]
ntoskrnl.exe+0x000FDCB6, Type: Inline - RelativeJump 0x805D4CB6-->8060B609 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDCC1, Type: Inline - RelativeJump 0x805D4CC1-->80581707 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDDC0, Type: Inline - RelativeJump 0x805D4DC0-->8058E8CD [ntoskrnl.exe]
ntoskrnl.exe+0x000FDDCA, Type: Inline - RelativeJump 0x805D4DCA-->8058B4C1 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDDCF, Type: Inline - RelativeJump 0x805D4DCF-->80585F89 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDE37, Type: Inline - RelativeCall 0x805D4E37-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDE70, Type: Inline - RelativeJump 0x805D4E70-->805DEACE [ntoskrnl.exe]
ntoskrnl.exe+0x000FDEBE, Type: Inline - RelativeJump 0x805D4EBE-->8061AC2A [ntoskrnl.exe]
ntoskrnl.exe+0x000FDEC3, Type: Inline - RelativeJump 0x805D4EC3-->805D5120 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDECD, Type: Inline - RelativeJump 0x805D4ECD-->805D5120 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDED7, Type: Inline - RelativeJump 0x805D4ED7-->8061B5AF [ntoskrnl.exe]
ntoskrnl.exe+0x000FDFDC, Type: Inline - RelativeJump 0x805D4FDC-->80619288 [ntoskrnl.exe]
ntoskrnl.exe+0x000FDFE9, Type: Inline - RelativeJump 0x805D4FE9-->80619288 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE086, Type: Inline - RelativeJump 0x805D5086-->805D508C [ntoskrnl.exe]
ntoskrnl.exe+0x000FE114, Type: Inline - RelativeJump 0x805D5114-->8061B59F [ntoskrnl.exe]
ntoskrnl.exe+0x000FE120, Type: Inline - RelativeJump 0x805D5120-->8061B63D [ntoskrnl.exe]
ntoskrnl.exe+0x000FE1CA, Type: Inline - RelativeJump 0x805D51CA-->805D5224 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE1D9, Type: Inline - RelativeJump 0x805D51D9-->805D5201 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE1E3, Type: Inline - RelativeJump 0x805D51E3-->805D51ED [ntoskrnl.exe]
ntoskrnl.exe+0x000FE1F2, Type: Inline - RelativeJump 0x805D51F2-->8061B749 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE28B, Type: Inline - RelativeJump 0x805D528B-->805D52B5 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE2D9, Type: Inline - RelativeJump 0x805D52D9-->805C8D2D [ntoskrnl.exe]
ntoskrnl.exe+0x000FE4D8, Type: Inline - RelativeJump 0x805D54D8-->805D54F8 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE51B, Type: Inline - RelativeCall 0x805D551B-->804DBE15 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE7F5, Type: Inline - RelativeCall 0x805D57F5-->805D5EB7 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE7FA, Type: Inline - RelativeJump 0x805D57FA-->80618188 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE84F, Type: Inline - RelativeJump 0x805D584F-->805D5859 [ntoskrnl.exe]
ntoskrnl.exe+0x000FE87C, Type: Inline - RelativeJump 0x805D587C-->805D588A [ntoskrnl.exe]
ntoskrnl.exe+0x000FE92E, Type: Inline - RelativeJump 0x805D592E-->805D592B [ntoskrnl.exe]
ntoskrnl.exe+0x000FE939, Type: Inline - RelativeJump 0x805D5939-->8061B80C [ntoskrnl.exe]
ntoskrnl.exe+0x000FE93F, Type: Inline - RelativeJump 0x805D593F-->8061B819 [ntoskrnl.exe]
ntoskrnl.exe+0x000FEBA5, Type: Inline - RelativeJump 0x805D5BA5-->8061B24D [ntoskrnl.exe]
ntoskrnl.exe+0x000FEBB2, Type: Inline - RelativeCall 0x805D5BB2-->805D4F3A [ntoskrnl.exe]
ntoskrnl.exe+0x000FEBBC, Type: Inline - RelativeJump 0x805D5BBC-->8061B25E [ntoskrnl.exe]
ntoskrnl.exe+0x000FEBC7, Type: Inline - RelativeJump 0x805D5BC7-->8061B37B [ntoskrnl.exe]
ntoskrnl.exe+0x000FEC98, Type: Inline - RelativeJump 0x805D5C98-->805D5CA3 [ntoskrnl.exe]
ntoskrnl.exe+0x000FED08, Type: Inline - RelativeJump 0x805D5D08-->805D5D1E [ntoskrnl.exe]
ntoskrnl.exe+0x000FEF2E, Type: Inline - RelativeCall 0x805D5F2E-->805D68ED [ntoskrnl.exe]
ntoskrnl.exe+0x000FEF62, Type: Inline - RelativeJump 0x805D5F62-->8061AB97 [ntoskrnl.exe]
ntoskrnl.exe+0x000FEF6C, Type: Inline - RelativeJump 0x805D5F6C-->8061AB97 [ntoskrnl.exe]
ntoskrnl.exe+0x000FEFE5, Type: Inline - RelativeJump 0x805D5FE5-->805D6F52 [ntoskrnl.exe]
ntoskrnl.exe+0x000FF515, Type: Inline - RelativeCall 0x805D6515-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000FF94D, Type: Inline - RelativeCall 0x805D694D-->8058F2D9 [ntoskrnl.exe]
ntoskrnl.exe+0x000FF95F, Type: Inline - RelativeJump 0x805D695F-->805D69E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000FFA86, Type: Inline - RelativeJump 0x805D6A86-->805BAE55 [ntoskrnl.exe]
ntoskrnl.exe+0x000FFCBD, Type: Inline - RelativeJump 0x805D6CBD-->80619412 [ntoskrnl.exe]
ntoskrnl.exe+0x000FFCC5, Type: Inline - RelativeCall 0x805D6CC5-->804EA4A9 [ntoskrnl.exe]
ntoskrnl.exe+0x000FFEC5, Type: Inline - RelativeJump 0x805D6EC5-->805D6EDB [ntoskrnl.exe]
ntoskrnl.exe+0x00100666, Type: Inline - RelativeCall 0x805D7666-->805E3A7B [ntoskrnl.exe]
ntoskrnl.exe+0x0010066B, Type: Inline - RelativeJump 0x805D766B-->805D77D8 [ntoskrnl.exe]
ntoskrnl.exe+0x001008EC, Type: Inline - RelativeJump 0x805D78EC-->805D795A [ntoskrnl.exe]
ntoskrnl.exe+0x00100A33, Type: Inline - RelativeJump 0x805D7A33-->805D79FD [ntoskrnl.exe]
ntoskrnl.exe+0x00100AAA, Type: Inline - RelativeJump 0x805D7AAA-->805D7AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x00100CBE, Type: Inline - RelativeJump 0x805D7CBE-->805D7D7F [ntoskrnl.exe]
ntoskrnl.exe+0x00100CCB, Type: Inline - RelativeJump 0x805D7CCB-->805D7D7F [ntoskrnl.exe]
ntoskrnl.exe+0x00100D11, Type: Inline - RelativeJump 0x805D7D11-->805D797F [ntoskrnl.exe]
ntoskrnl.exe+0x00101038, Type: Inline - RelativeCall 0x805D8038-->805BFD51 [ntoskrnl.exe]
ntoskrnl.exe+0x00101041, Type: Inline - RelativeJump 0x805D8041-->805C176C [ntoskrnl.exe]
ntoskrnl.exe+0x00101049, Type: Inline - RelativeCall 0x805D8049-->805E440F [ntoskrnl.exe]
ntoskrnl.exe+0x001010F8, Type: Inline - RelativeJump 0x805D80F8-->805BFB5E [ntoskrnl.exe]
ntoskrnl.exe+0x00101165, Type: Inline - RelativeJump 0x805D8165-->805BFB4C [ntoskrnl.exe]
ntoskrnl.exe+0x001011D2, Type: Inline - RelativeJump 0x805D81D2-->805D81EC [ntoskrnl.exe]
ntoskrnl.exe+0x0010148E, Type: Inline - RelativeCall 0x805D848E-->805E3A7B [ntoskrnl.exe]
ntoskrnl.exe+0x0010157C, Type: Inline - RelativeCall 0x805D857C-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00101583, Type: Inline - RelativeJump 0x805D8583-->805F3747 [ntoskrnl.exe]
ntoskrnl.exe+0x0010159E, Type: Inline - RelativeJump 0x805D859E-->805D85AC [ntoskrnl.exe]
ntoskrnl.exe+0x001015B6, Type: Inline - RelativeJump 0x805D85B6-->805D85C8 [ntoskrnl.exe]
ntoskrnl.exe+0x001015FA, Type: Inline - RelativeJump 0x805D85FA-->805D8600 [ntoskrnl.exe]
ntoskrnl.exe+0x0010160E, Type: Inline - RelativeJump 0x805D860E-->805D861C [ntoskrnl.exe]
ntoskrnl.exe+0x0010161D, Type: Inline - RelativeJump 0x805D861D-->805D8636 [ntoskrnl.exe]
ntoskrnl.exe+0x001017C5, Type: Inline - RelativeJump 0x805D87C5-->805D87CA [ntoskrnl.exe]
ntoskrnl.exe+0x001017D3, Type: Inline - RelativeJump 0x805D87D3-->805D87DD [ntoskrnl.exe]
ntoskrnl.exe+0x0010184E, Type: Inline - RelativeJump 0x805D884E-->805D8A2A [ntoskrnl.exe]
ntoskrnl.exe+0x0010185B, Type: Inline - RelativeCall 0x805D885B-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00101865, Type: Inline - RelativeJump 0x805D8865-->805D8878 [ntoskrnl.exe]
ntoskrnl.exe+0x00101880, Type: Inline - RelativeJump 0x805D8880-->805D8886 [ntoskrnl.exe]
ntoskrnl.exe+0x0010191C, Type: Inline - RelativeCall 0x805D891C-->804E33F6 [ntoskrnl.exe]
ntoskrnl.exe+0x001019F7, Type: Inline - RelativeCall 0x805D89F7-->805D8959 [ntoskrnl.exe]
ntoskrnl.exe+0x00101A74, Type: Inline - RelativeJump 0x805D8A74-->805D8A76 [ntoskrnl.exe]
ntoskrnl.exe+0x00101AE0, Type: Inline - RelativeCall 0x805D8AE0-->805187D1 [ntoskrnl.exe]
ntoskrnl.exe+0x00101AF1, Type: Inline - RelativeJump 0x805D8AF1-->805D8B7C [ntoskrnl.exe]
ntoskrnl.exe+0x00101B7D, Type: Inline - RelativeJump 0x805D8B7D-->805D8B7F [ntoskrnl.exe]
ntoskrnl.exe+0x00101B80, Type: Inline - RelativeCall 0x805D8B80-->8051879F [ntoskrnl.exe]
ntoskrnl.exe+0x00101BDB, Type: Inline - RelativeJump 0x805D8BDB-->805AA266 [ntoskrnl.exe]
ntoskrnl.exe+0x00101CA9, Type: Inline - RelativeJump 0x805D8CA9-->8058B4D8 [ntoskrnl.exe]
ntoskrnl.exe+0x00101D99, Type: Inline - RelativeJump 0x805D8D99-->8060BBDC [ntoskrnl.exe]
ntoskrnl.exe+0x00101DAB, Type: Inline - RelativeCall 0x805D8DAB-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe+0x00101E73, Type: Inline - RelativeJump 0x805D8E73-->805D8E7D [ntoskrnl.exe]
ntoskrnl.exe+0x00101ED2, Type: Inline - RelativeJump 0x805D8ED2-->8059C236 [ntoskrnl.exe]
ntoskrnl.exe+0x00101F5C, Type: Inline - RelativeJump 0x805D8F5C-->80575882 [ntoskrnl.exe]
ntoskrnl.exe+0x001020B5, Type: Inline - RelativeJump 0x805D90B5-->805D911D [ntoskrnl.exe]
ntoskrnl.exe+0x001020BC, Type: Inline - RelativeJump 0x805D90BC-->8061BB85 [ntoskrnl.exe]
ntoskrnl.exe+0x00102215, Type: Inline - RelativeJump 0x805D9215-->8057B60F [ntoskrnl.exe]
ntoskrnl.exe+0x0010221C, Type: Inline - RelativeJump 0x805D921C-->8057B60F [ntoskrnl.exe]
ntoskrnl.exe+0x00102228, Type: Inline - RelativeJump 0x805D9228-->8057B60F [ntoskrnl.exe]
ntoskrnl.exe+0x00102234, Type: Inline - RelativeJump 0x805D9234-->805EF9E2 [ntoskrnl.exe]
ntoskrnl.exe+0x001022C4, Type: Inline - RelativeJump 0x805D92C4-->805AF6BB [ntoskrnl.exe]
ntoskrnl.exe+0x001022CD, Type: Inline - RelativeJump 0x805D92CD-->805AF6D1 [ntoskrnl.exe]
ntoskrnl.exe+0x00102422, Type: Inline - RelativeJump 0x805D9422-->8057AFF5 [ntoskrnl.exe]
ntoskrnl.exe+0x0010252D, Type: Inline - RelativeJump 0x805D952D-->805D9542 [ntoskrnl.exe]
ntoskrnl.exe+0x0010254A, Type: Inline - RelativeJump 0x805D954A-->805D955E [ntoskrnl.exe]
ntoskrnl.exe+0x0010267A, Type: Inline - RelativeJump 0x805D967A-->805D9680 [ntoskrnl.exe]
ntoskrnl.exe+0x001026A2, Type: Inline - RelativeJump 0x805D96A2-->805D96B2 [ntoskrnl.exe]
ntoskrnl.exe+0x001026CB, Type: Inline - RelativeCall 0x805D96CB-->805D95C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001026D5, Type: Inline - RelativeJump 0x805D96D5-->805DE43B [ntoskrnl.exe]
ntoskrnl.exe+0x001029A2, Type: Inline - RelativeJump 0x805D99A2-->805D99A8 [ntoskrnl.exe]
ntoskrnl.exe+0x001029A6, Type: Inline - RelativeJump 0x805D99A6-->805D99AC [ntoskrnl.exe]
ntoskrnl.exe+0x001029A8, Type: Inline - RelativeJump 0x805D99A8-->805D99B6 [ntoskrnl.exe]
ntoskrnl.exe+0x001029C2, Type: Inline - RelativeJump 0x805D99C2-->805D99C8 [ntoskrnl.exe]
ntoskrnl.exe+0x001029CE, Type: Inline - RelativeJump 0x805D99CE-->805D99D4 [ntoskrnl.exe]
ntoskrnl.exe+0x001029D6, Type: Inline - RelativeJump 0x805D99D6-->805D99DC [ntoskrnl.exe]
ntoskrnl.exe+0x001029E4, Type: Inline - RelativeJump 0x805D99E4-->805D99EE [ntoskrnl.exe]
ntoskrnl.exe+0x00102A9E, Type: Inline - RelativeJump 0x805D9A9E-->805D9AA4 [ntoskrnl.exe]
ntoskrnl.exe+0x00102BBB, Type: Inline - RelativeJump 0x805D9BBB-->80602AF1 [ntoskrnl.exe]
ntoskrnl.exe+0x00102BC4, Type: Inline - RelativeJump 0x805D9BC4-->80602AF8 [ntoskrnl.exe]
ntoskrnl.exe+0x00102C29, Type: Inline - RelativeCall 0x805D9C29-->805D9E44 [ntoskrnl.exe]
ntoskrnl.exe+0x00102C32, Type: Inline - RelativeCall 0x805D9C32-->805D9E44 [ntoskrnl.exe]
ntoskrnl.exe+0x00102C62, Type: Inline - RelativeJump 0x805D9C62-->805D9C6C [ntoskrnl.exe]
ntoskrnl.exe+0x00102CC3, Type: Inline - RelativeJump 0x805D9CC3-->80602B2F [ntoskrnl.exe]
ntoskrnl.exe+0x00102E66, Type: Inline - RelativeJump 0x805D9E66-->80602908 [ntoskrnl.exe]
ntoskrnl.exe+0x00102ECE, Type: Inline - RelativeJump 0x805D9ECE-->805D9EB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00102F76, Type: Inline - RelativeJump 0x805D9F76-->805D9F7C [ntoskrnl.exe]
ntoskrnl.exe+0x00102F78, Type: Inline - RelativeJump 0x805D9F78-->805D9F7E [ntoskrnl.exe]
ntoskrnl.exe+0x00103047, Type: Inline - RelativeCall 0x805DA047-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0010323C, Type: Inline - RelativeJump 0x805DA23C-->805D9B4B [ntoskrnl.exe]
ntoskrnl.exe+0x00103241, Type: Inline - RelativeJump 0x805DA241-->805E4114 [ntoskrnl.exe]
ntoskrnl.exe+0x00103410, Type: Inline - RelativeJump 0x805DA410-->805DA51F [ntoskrnl.exe]
ntoskrnl.exe+0x0010341F, Type: Inline - RelativeJump 0x805DA41F-->806195F2 [ntoskrnl.exe]
ntoskrnl.exe+0x00103428, Type: Inline - RelativeJump 0x805DA428-->80619610 [ntoskrnl.exe]
ntoskrnl.exe+0x00103733, Type: Inline - PushRet 0x805DA733-->FF560018 [unknown_code_page]
ntoskrnl.exe+0x00103736, Type: Inline - RelativeCall 0x805DA736-->805DA5D5 [ntoskrnl.exe]
ntoskrnl.exe+0x00103747, Type: Inline - RelativeJump 0x805DA747-->80619936 [ntoskrnl.exe]
ntoskrnl.exe+0x0010379C, Type: Inline - RelativeJump 0x805DA79C-->805DA7AE [ntoskrnl.exe]
ntoskrnl.exe+0x001037AB, Type: Inline - PushRet 0x805DA7AB-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0010386D, Type: Inline - RelativeJump 0x805DA86D-->805DA879 [ntoskrnl.exe]
ntoskrnl.exe+0x00103A1F, Type: Inline - RelativeCall 0x805DAA1F-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x00103A28, Type: Inline - RelativeJump 0x805DAA28-->805DB22E [ntoskrnl.exe]
ntoskrnl.exe+0x00103D19, Type: Inline - PushRet 0x805DAD19-->FEEC8589 [unknown_code_page]
ntoskrnl.exe+0x00103D21, Type: Inline - RelativeJump 0x805DAD21-->805DADC5 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E1E, Type: Inline - RelativeJump 0x805DAE1E-->805DAE24 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E20, Type: Inline - RelativeJump 0x805DAE20-->805DAE26 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E22, Type: Inline - RelativeJump 0x805DAE22-->805DAE28 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E30, Type: Inline - RelativeJump 0x805DAE30-->805DAE36 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E32, Type: Inline - RelativeJump 0x805DAE32-->805DAE38 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E3C, Type: Inline - RelativeJump 0x805DAE3C-->805DAE42 [ntoskrnl.exe]
ntoskrnl.exe+0x00103E4E, Type: Inline - RelativeJump 0x805DAE4E-->805DAE80 [ntoskrnl.exe]
ntoskrnl.exe+0x00104214, Type: Inline - RelativeJump 0x805DB214-->805DB211 [ntoskrnl.exe]
ntoskrnl.exe+0x00104224, Type: Inline - RelativeJump 0x805DB224-->805DAAAD [ntoskrnl.exe]
ntoskrnl.exe+0x00104235, Type: Inline - RelativeCall 0x805DB235-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x0010423E, Type: Inline - RelativeJump 0x805DB23E-->805DAB30 [ntoskrnl.exe]
ntoskrnl.exe+0x00104458, Type: Inline - RelativeJump 0x805DB458-->805DB43D [ntoskrnl.exe]
ntoskrnl.exe+0x001045DA, Type: Inline - RelativeJump 0x805DB5DA-->805DB5F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00104724, Type: Inline - RelativeJump 0x805DB724-->805F1AAC [ntoskrnl.exe]
ntoskrnl.exe+0x0010473A, Type: Inline - RelativeJump 0x805DB73A-->805DB744 [ntoskrnl.exe]
ntoskrnl.exe+0x00104789, Type: Inline - RelativeCall 0x805DB789-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00104880, Type: Inline - RelativeJump 0x805DB880-->805DB8A0 [ntoskrnl.exe]
ntoskrnl.exe+0x001048FD, Type: Inline - RelativeCall 0x805DB8FD-->8058F2D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0010490E, Type: Inline - RelativeJump 0x805DB90E-->805DBA71 [ntoskrnl.exe]
ntoskrnl.exe+0x0010492D, Type: Inline - RelativeJump 0x805DB92D-->805DB935 [ntoskrnl.exe]
ntoskrnl.exe+0x00104A76, Type: Inline - RelativeJump 0x805DBA76-->805DB922 [ntoskrnl.exe]
ntoskrnl.exe+0x00104A7C, Type: Inline - RelativeJump 0x805DBA7C-->805DB916 [ntoskrnl.exe]
ntoskrnl.exe+0x00104AA8, Type: Inline - RelativeJump 0x805DBAA8-->805E34A4 [ntoskrnl.exe]
ntoskrnl.exe+0x00104AAF, Type: Inline - RelativeJump 0x805DBAAF-->805F9332 [ntoskrnl.exe]
ntoskrnl.exe+0x00104ABA, Type: Inline - RelativeJump 0x805DBABA-->805E353E [ntoskrnl.exe]
ntoskrnl.exe+0x00104ABF, Type: Inline - RelativeCall 0x805DBABF-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00104AC6, Type: Inline - RelativeJump 0x805DBAC6-->805F93A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00104D71, Type: Inline - RelativeJump 0x805DBD71-->805D1187 [ntoskrnl.exe]
ntoskrnl.exe+0x001050BF, Type: Inline - RelativeCall 0x805DC0BF-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x001050C6, Type: Inline - RelativeCall 0x805DC0C6-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x001050CE, Type: Inline - PushRet 0x805DC0CE-->90900010 [unknown_code_page]
ntoskrnl.exe+0x00105297, Type: Inline - RelativeJump 0x805DC297-->805DC329 [ntoskrnl.exe]
ntoskrnl.exe+0x00105611, Type: Inline - RelativeJump 0x805DC611-->805DC65C [ntoskrnl.exe]
ntoskrnl.exe+0x00105629, Type: Inline - RelativeJump 0x805DC629-->805DC63B [ntoskrnl.exe]
ntoskrnl.exe+0x0010592E, Type: Inline - RelativeJump 0x805DC92E-->8057487A [ntoskrnl.exe]
ntoskrnl.exe+0x00105936, Type: Inline - RelativeCall 0x805DC936-->80590EF2 [ntoskrnl.exe]
ntoskrnl.exe+0x00105942, Type: Inline - RelativeJump 0x805DC942-->8057E24A [ntoskrnl.exe]
ntoskrnl.exe+0x00105A9F, Type: Inline - RelativeJump 0x805DCA9F-->805DCAC0 [ntoskrnl.exe]
ntoskrnl.exe+0x00105AB1, Type: Inline - RelativeJump 0x805DCAB1-->805E568D [ntoskrnl.exe]
ntoskrnl.exe+0x00105AB6, Type: Inline - RelativeJump 0x805DCAB6-->805E5276 [ntoskrnl.exe]
ntoskrnl.exe+0x00105AC1, Type: Inline - RelativeJump 0x805DCAC1-->805E5723 [ntoskrnl.exe]
ntoskrnl.exe+0x00105ACC, Type: Inline - RelativeJump 0x805DCACC-->805E52A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00105C91, Type: Inline - RelativeJump 0x805DCC91-->805DCCBA [ntoskrnl.exe]
ntoskrnl.exe+0x00105D0A, Type: Inline - RelativeCall 0x805DCD0A-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00105E64, Type: Inline - RelativeJump 0x805DCE64-->805DCEF2 [ntoskrnl.exe]
ntoskrnl.exe+0x00105E6D, Type: Inline - RelativeCall 0x805DCE6D-->8059CFAD [ntoskrnl.exe]
ntoskrnl.exe+0x00105F03, Type: Inline - RelativeJump 0x805DCF03-->80588016 [ntoskrnl.exe]
ntoskrnl.exe+0x00105F56, Type: Inline - RelativeJump 0x805DCF56-->805ED690 [ntoskrnl.exe]
ntoskrnl.exe+0x001060D8, Type: Inline - RelativeCall 0x805DD0D8-->805DD128 [ntoskrnl.exe]
ntoskrnl.exe+0x001060DD, Type: Inline - RelativeCall 0x805DD0DD-->805E440F [ntoskrnl.exe]
ntoskrnl.exe+0x001061B4, Type: Inline - RelativeJump 0x805DD1B4-->805DD1C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001063FE, Type: Inline - RelativeJump 0x805DD3FE-->805DD424 [ntoskrnl.exe]
ntoskrnl.exe+0x001064A4, Type: Inline - RelativeJump 0x805DD4A4-->805DD664 [ntoskrnl.exe]
ntoskrnl.exe+0x001067A8, Type: Inline - RelativeJump 0x805DD7A8-->805DD488 [ntoskrnl.exe]
ntoskrnl.exe+0x00106ADC, Type: Inline - RelativeJump 0x805DDADC-->805DDA90 [ntoskrnl.exe]
ntoskrnl.exe+0x00106FC4, Type: Inline - RelativeCall 0x805DDFC4-->804FE293 [ntoskrnl.exe]
ntoskrnl.exe+0x00106FCC, Type: Inline - RelativeJump 0x805DDFCC-->805B5A4C [ntoskrnl.exe]
ntoskrnl.exe+0x0010737D, Type: Inline - RelativeJump 0x805DE37D-->805DE0EB [ntoskrnl.exe]
ntoskrnl.exe+0x001073B0, Type: Inline - RelativeJump 0x805DE3B0-->805DE27E [ntoskrnl.exe]
ntoskrnl.exe+0x001073BD, Type: Inline - RelativeJump 0x805DE3BD-->805B8CF1 [ntoskrnl.exe]
ntoskrnl.exe+0x0010769F, Type: Inline - RelativeJump 0x805DE69F-->80612E4C [ntoskrnl.exe]
ntoskrnl.exe+0x0010782A, Type: Inline - RelativeJump 0x805DE82A-->805DE851 [ntoskrnl.exe]
ntoskrnl.exe+0x0010789C, Type: Inline - RelativeJump 0x805DE89C-->805DE882 [ntoskrnl.exe]
ntoskrnl.exe+0x001078DE, Type: Inline - RelativeJump 0x805DE8DE-->805DE84D [ntoskrnl.exe]
ntoskrnl.exe+0x001078E3, Type: Inline - RelativeJump 0x805DE8E3-->805DE9E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00107A5B, Type: Inline - RelativeJump 0x805DEA5B-->805DEA2D [ntoskrnl.exe]
ntoskrnl.exe+0x00107DFD, Type: Inline - RelativeJump 0x805DEDFD-->805EA8FC [ntoskrnl.exe]
ntoskrnl.exe+0x00107EBB, Type: Inline - RelativeCall 0x805DEEBB-->80585EBB [ntoskrnl.exe]
ntoskrnl.exe+0x001080D7, Type: Inline - RelativeJump 0x805DF0D7-->805DF111 [ntoskrnl.exe]
ntoskrnl.exe+0x001080E0, Type: Inline - RelativeJump 0x805DF0E0-->805DF0D6 [ntoskrnl.exe]
ntoskrnl.exe+0x001080E3, Type: Inline - RelativeJump 0x805DF0E3-->805DF0D7 [ntoskrnl.exe]
ntoskrnl.exe+0x001080F8, Type: Inline - RelativeCall 0x805DF0F8-->805DF15E [ntoskrnl.exe]
ntoskrnl.exe+0x00108352, Type: Inline - RelativeJump 0x805DF352-->805DF3AE [ntoskrnl.exe]
ntoskrnl.exe+0x00108367, Type: Inline - RelativeCall 0x805DF367-->8057BFA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00108371, Type: Inline - RelativeJump 0x805DF371-->8061B032 [ntoskrnl.exe]
ntoskrnl.exe+0x0010854C, Type: Inline - RelativeJump 0x805DF54C-->805DF564 [ntoskrnl.exe]
ntoskrnl.exe+0x001086E7, Type: Inline - DirectCall 0x805DF6E7-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x00108700, Type: Inline - RelativeCall 0x805DF700-->804F27B6 [ntoskrnl.exe]
ntoskrnl.exe+0x00108705, Type: Inline - RelativeCall 0x805DF705-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x001088E6, Type: Inline - RelativeJump 0x805DF8E6-->805D32B1 [ntoskrnl.exe]
ntoskrnl.exe+0x00108B80, Type: Inline - RelativeJump 0x805DFB80-->805DFB8E [ntoskrnl.exe]
ntoskrnl.exe+0x00108B97, Type: Inline - RelativeJump 0x805DFB97-->805DFBAD [ntoskrnl.exe]
ntoskrnl.exe+0x00108C45, Type: Inline - RelativeJump 0x805DFC45-->80608C84 [ntoskrnl.exe]
ntoskrnl.exe+0x00108D2B, Type: Inline - RelativeJump 0x805DFD2B-->805F1189 [ntoskrnl.exe]
ntoskrnl.exe+0x00108D91, Type: Inline - RelativeJump 0x805DFD91-->805DFD77 [ntoskrnl.exe]
ntoskrnl.exe+0x00108EF1, Type: Inline - RelativeJump 0x805DFEF1-->805FE27E [ntoskrnl.exe]
ntoskrnl.exe+0x00109038, Type: Inline - RelativeCall 0x805E0038-->804E14F6 [ntoskrnl.exe]
ntoskrnl.exe+0x0010903D, Type: Inline - RelativeJump 0x805E003D-->805EEA96 [ntoskrnl.exe]
ntoskrnl.exe+0x00109080, Type: Inline - PushRet 0x805E0080-->8B14745F [unknown_code_page]
ntoskrnl.exe+0x00109084, Type: Inline - RelativeJump 0x805E0084-->805E009F [ntoskrnl.exe]
ntoskrnl.exe+0x001093F9, Type: Inline - RelativeCall 0x805E03F9-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001093FF, Type: Inline - PushRet 0x805E03FF-->90900008 [unknown_code_page]
ntoskrnl.exe+0x0010972C, Type: Inline - RelativeJump 0x805E072C-->805E0776 [ntoskrnl.exe]
ntoskrnl.exe+0x00109780, Type: Inline - RelativeJump 0x805E0780-->80582BF4 [ntoskrnl.exe]
ntoskrnl.exe+0x00109785, Type: Inline - RelativeJump 0x805E0785-->805E74B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00109922, Type: Inline - RelativeJump 0x805E0922-->805E093F [ntoskrnl.exe]
ntoskrnl.exe+0x00109A93, Type: Inline - RelativeCall 0x805E0A93-->80573938 [ntoskrnl.exe]
ntoskrnl.exe+0x00109C70, Type: Inline - RelativeJump 0x805E0C70-->805E0C5A [ntoskrnl.exe]
ntoskrnl.exe+0x00109CC4, Type: Inline - RelativeCall 0x805E0CC4-->805966D9 [ntoskrnl.exe]
ntoskrnl.exe+0x00109CD3, Type: Inline - RelativeJump 0x805E0CD3-->805967DA [ntoskrnl.exe]
ntoskrnl.exe+0x00109CD8, Type: Inline - RelativeJump 0x805E0CD8-->8059672C [ntoskrnl.exe]
ntoskrnl.exe+0x00109CE9, Type: Inline - RelativeJump 0x805E0CE9-->805E0CF7 [ntoskrnl.exe]
ntoskrnl.exe+0x00109DE8, Type: Inline - RelativeJump 0x805E0DE8-->805E0D44 [ntoskrnl.exe]
ntoskrnl.exe+0x00109F82, Type: Inline - RelativeCall 0x805E0F82-->805E1B20 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A098, Type: Inline - RelativeCall 0x805E1098-->80513D7D [ntoskrnl.exe]
ntoskrnl.exe+0x0010A0A8, Type: Inline - RelativeJump 0x805E10A8-->805E3C24 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A0B0, Type: Inline - RelativeCall 0x805E10B0-->80585F2E [ntoskrnl.exe]
ntoskrnl.exe+0x0010A0C5, Type: Inline - RelativeJump 0x805E10C5-->80619CF4 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A0DD, Type: Inline - RelativeJump 0x805E10DD-->805E3C9C [ntoskrnl.exe]
ntoskrnl.exe+0x0010A0E3, Type: Inline - RelativeCall 0x805E10E3-->805E1B20 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A129, Type: Inline - RelativeCall 0x805E1129-->805E1C29 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A133, Type: Inline - RelativeJump 0x805E1133-->80619D3E [ntoskrnl.exe]
ntoskrnl.exe+0x0010A13B, Type: Inline - RelativeJump 0x805E113B-->805EABB1 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A145, Type: Inline - RelativeJump 0x805E1145-->80619D4B [ntoskrnl.exe]
ntoskrnl.exe+0x0010A238, Type: Inline - RelativeJump 0x805E1238-->80619A7E [ntoskrnl.exe]
ntoskrnl.exe+0x0010A243, Type: Inline - RelativeJump 0x805E1243-->805EAD09 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A40B, Type: Inline - RelativeJump 0x805E140B-->805E1291 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A4A7, Type: Inline - RelativeJump 0x805E14A7-->805E61E2 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A4BC, Type: Inline - RelativeJump 0x805E14BC-->805E14E5 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A4C4, Type: Inline - RelativeCall 0x805E14C4-->8057BFA3 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A4CE, Type: Inline - RelativeJump 0x805E14CE-->80619B1A [ntoskrnl.exe]
ntoskrnl.exe+0x0010A4D6, Type: Inline - RelativeJump 0x805E14D6-->805E61E2 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A4E1, Type: Inline - PushRet 0x805E14E1-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0010A517, Type: Inline - RelativeCall 0x805E1517-->804DBE15 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A51E, Type: Inline - RelativeJump 0x805E151E-->80619B49 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A5BB, Type: Inline - RelativeCall 0x805E15BB-->805E3C6F [ntoskrnl.exe]
ntoskrnl.exe+0x0010A5D3, Type: Inline - RelativeJump 0x805E15D3-->805E15EB [ntoskrnl.exe]
ntoskrnl.exe+0x0010A5D9, Type: Inline - RelativeCall 0x805E15D9-->805E3C6F [ntoskrnl.exe]
ntoskrnl.exe+0x0010A608, Type: Inline - RelativeCall 0x805E1608-->804DBE35 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A60D, Type: Inline - PushRet 0x805E160D-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0010A7BE, Type: Inline - RelativeJump 0x805E17BE-->805E17BF [ntoskrnl.exe]
ntoskrnl.exe+0x0010A7E6, Type: Inline - RelativeJump 0x805E17E6-->80616F6F [ntoskrnl.exe]
ntoskrnl.exe+0x0010A7EE, Type: Inline - PushRet 0x805E17EE-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0010A7F2, Type: Inline - RelativeJump 0x805E17F2-->80617124 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A807, Type: Inline - RelativeCall 0x805E1807-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A814, Type: Inline - PushRet 0x805E1814-->F33B0004 [unknown_code_page]
ntoskrnl.exe+0x0010A837, Type: Inline - RelativeJump 0x805E1837-->805E13F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0010A83C, Type: Inline - RelativeJump 0x805E183C-->805E13C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0010AAE1, Type: Inline - PushRet 0x805E1AE1-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0010AB56, Type: Inline - RelativeCall 0x805E1B56-->805E143A [ntoskrnl.exe]
ntoskrnl.exe+0x0010AB61, Type: Inline - RelativeCall 0x805E1B61-->804E9480 [ntoskrnl.exe]
ntoskrnl.exe+0x0010AB68, Type: Inline - RelativeJump 0x805E1B68-->805E1B83 [ntoskrnl.exe]
ntoskrnl.exe+0x0010ACF6, Type: Inline - RelativeJump 0x805E1CF6-->805E1DF1 [ntoskrnl.exe]
ntoskrnl.exe+0x0010AD7D, Type: Inline - RelativeJump 0x805E1D7D-->805E1D8B [ntoskrnl.exe]
ntoskrnl.exe+0x0010AE64, Type: Inline - RelativeJump 0x805E1E64-->805E1E49 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B477, Type: Inline - RelativeJump 0x805E2477-->80617340 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B4EF, Type: Inline - RelativeJump 0x805E24EF-->80607274 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B6A0, Type: Inline - RelativeJump 0x805E26A0-->805752D5 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B703, Type: Inline - RelativeJump 0x805E2703-->80571BBA [ntoskrnl.exe]
ntoskrnl.exe+0x0010B70E, Type: Inline - RelativeJump 0x805E270E-->80576D4B [ntoskrnl.exe]
ntoskrnl.exe+0x0010B7A3, Type: Inline - RelativeCall 0x805E27A3-->804EA2A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B7AC, Type: Inline - RelativeJump 0x805E27AC-->805E994F [ntoskrnl.exe]
ntoskrnl.exe+0x0010B7B8, Type: Inline - RelativeJump 0x805E27B8-->805E27C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B7D5, Type: Inline - RelativeJump 0x805E27D5-->805E27C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B7E4, Type: Inline - RelativeCall 0x805E27E4-->804DBE35 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B7EC, Type: Inline - RelativeJump 0x805E27EC-->80571C22 [ntoskrnl.exe]
ntoskrnl.exe+0x0010B982, Type: Inline - RelativeJump 0x805E2982-->8060BADE [ntoskrnl.exe]
ntoskrnl.exe+0x0010BC37, Type: Inline - RelativeJump 0x805E2C37-->8058ACAA [ntoskrnl.exe]
ntoskrnl.exe+0x0010BC43, Type: Inline - RelativeJump 0x805E2C43-->805E2C63 [ntoskrnl.exe]
ntoskrnl.exe+0x0010BF30, Type: Inline - RelativeCall 0x805E2F30-->805157B5 [ntoskrnl.exe]
ntoskrnl.exe+0x0010BF3A, Type: Inline - RelativeJump 0x805E2F3A-->805FD041 [ntoskrnl.exe]
ntoskrnl.exe+0x0010C184, Type: Inline - RelativeCall 0x805E3184-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0010C23B, Type: Inline - RelativeJump 0x805E323B-->805E326F [ntoskrnl.exe]
ntoskrnl.exe+0x0010C355, Type: Inline - RelativeJump 0x805E3355-->805E333B [ntoskrnl.exe]
ntoskrnl.exe+0x0010C538, Type: Inline - RelativeJump 0x805E3538-->805F931E [ntoskrnl.exe]
ntoskrnl.exe+0x0010C5EE, Type: Inline - RelativeCall 0x805E35EE-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0010C5F9, Type: Inline - RelativeCall 0x805E35F9-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0010C600, Type: Inline - PushRet 0x805E3600-->CF8B0008 [unknown_code_page]
ntoskrnl.exe+0x0010C603, Type: Inline - RelativeCall 0x805E3603-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0010C647, Type: Inline - RelativeJump 0x805E3647-->805E3659 [ntoskrnl.exe]
ntoskrnl.exe+0x0010C7F6, Type: Inline - RelativeJump 0x805E37F6-->80608829 [ntoskrnl.exe]
ntoskrnl.exe+0x0010C8D2, Type: Inline - DirectJump 0x805E38D2-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0010C8D5, Type: Inline - RelativeJump 0x805E38D5-->805E37BC [ntoskrnl.exe]
ntoskrnl.exe+0x0010CA69, Type: Inline - RelativeJump 0x805E3A69-->805E3A95 [ntoskrnl.exe]
ntoskrnl.exe+0x0010CC0A, Type: Inline - RelativeCall 0x805E3C0A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0010CC15, Type: Inline - RelativeJump 0x805E3C15-->805E10B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D141, Type: Inline - RelativeCall 0x805E4141-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D282, Type: Inline - RelativeJump 0x805E4282-->805E4364 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D28D, Type: Inline - RelativeJump 0x805E428D-->805A01B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D298, Type: Inline - RelativeJump 0x805E4298-->805E8892 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D37D, Type: Inline - RelativeJump 0x805E437D-->8061008F [ntoskrnl.exe]
ntoskrnl.exe+0x0010D386, Type: Inline - RelativeJump 0x805E4386-->80610071 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D435, Type: Inline - RelativeCall 0x805E4435-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D4D2, Type: Inline - RelativeJump 0x805E44D2-->805E4493 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D551, Type: Inline - RelativeJump 0x805E4551-->8060F94B [ntoskrnl.exe]
ntoskrnl.exe+0x0010D55E, Type: Inline - RelativeJump 0x805E455E-->8059E41A [ntoskrnl.exe]
ntoskrnl.exe+0x0010D565, Type: Inline - RelativeJump 0x805E4565-->805E000C [ntoskrnl.exe]
ntoskrnl.exe+0x0010D56C, Type: Inline - RelativeJump 0x805E456C-->8060F92F [ntoskrnl.exe]
ntoskrnl.exe+0x0010D5D5, Type: Inline - RelativeJump 0x805E45D5-->805E4638 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D736, Type: Inline - RelativeJump 0x805E4736-->8060483D [ntoskrnl.exe]
ntoskrnl.exe+0x0010D835, Type: Inline - RelativeCall 0x805E4835-->8057D695 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D83A, Type: Inline - RelativeJump 0x805E483A-->80613118 [ntoskrnl.exe]
ntoskrnl.exe+0x0010D876, Type: Inline - RelativeJump 0x805E4876-->8061312C [ntoskrnl.exe]
ntoskrnl.exe+0x0010D88C, Type: Inline - RelativeJump 0x805E488C-->805E4920 [ntoskrnl.exe]
ntoskrnl.exe+0x0010DB49, Type: Inline - RelativeJump 0x805E4B49-->80581F09 [ntoskrnl.exe]
ntoskrnl.exe+0x0010DBD8, Type: Inline - RelativeJump 0x805E4BD8-->805D7186 [ntoskrnl.exe]
ntoskrnl.exe+0x0010DDD6, Type: Inline - RelativeJump 0x805E4DD6-->8057DDD5 [ntoskrnl.exe]
ntoskrnl.exe+0x0010DF35, Type: Inline - RelativeJump 0x805E4F35-->805BF5EE [ntoskrnl.exe]
ntoskrnl.exe+0x0010DF96, Type: Inline - RelativeJump 0x805E4F96-->805E5479 [ntoskrnl.exe]
ntoskrnl.exe+0x0010DFD0, Type: Inline - DirectJump 0x805E4FD0-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0010E550, Type: Inline - RelativeJump 0x805E5550-->805E5132 [ntoskrnl.exe]
ntoskrnl.exe+0x0010E55B, Type: Inline - RelativeJump 0x805E555B-->805E5132 [ntoskrnl.exe]
ntoskrnl.exe+0x0010E828, Type: Inline - RelativeJump 0x805E5828-->805E5798 [ntoskrnl.exe]
ntoskrnl.exe+0x0010EB38, Type: Inline - RelativeJump 0x805E5B38-->80588ADB [ntoskrnl.exe]
ntoskrnl.exe+0x0010EBFC, Type: Inline - RelativeJump 0x805E5BFC-->805E5C12 [ntoskrnl.exe]
ntoskrnl.exe+0x0010ECCC, Type: Inline - RelativeJump 0x805E5CCC-->805E5CC6 [ntoskrnl.exe]
ntoskrnl.exe+0x0010EDE6, Type: Inline - RelativeCall 0x805E5DE6-->805E5F41 [ntoskrnl.exe]
ntoskrnl.exe+0x0010EDF2, Type: Inline - RelativeJump 0x805E5DF2-->805E5C49 [ntoskrnl.exe]
ntoskrnl.exe+0x0010EE75, Type: Inline - RelativeJump 0x805E5E75-->805E603F [ntoskrnl.exe]
ntoskrnl.exe+0x0010EF2A, Type: Inline - RelativeJump 0x805E5F2A-->805E5D4E [ntoskrnl.exe]
ntoskrnl.exe+0x0010EF42, Type: Inline - RelativeJump 0x805E5F42-->805E5FA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F066, Type: Inline - RelativeJump 0x805E6066-->805E6071 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F0BE, Type: Inline - RelativeCall 0x805E60BE-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0010F0CB, Type: Inline - RelativeJump 0x805E60CB-->8058D6BB [ntoskrnl.exe]
ntoskrnl.exe+0x0010F0D0, Type: Inline - RelativeJump 0x805E60D0-->8059559F [ntoskrnl.exe]
ntoskrnl.exe+0x0010F10A, Type: Inline - RelativeJump 0x805E610A-->805E611C [ntoskrnl.exe]
ntoskrnl.exe+0x0010F146, Type: Inline - RelativeJump 0x805E6146-->8060FEAD [ntoskrnl.exe]
ntoskrnl.exe+0x0010F30A, Type: Inline - RelativeJump 0x805E630A-->805E62C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F4D2, Type: Inline - RelativeJump 0x805E64D2-->805F9426 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F4D7, Type: Inline - RelativeCall 0x805E64D7-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F4DE, Type: Inline - RelativeJump 0x805E64DE-->80575657 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F653, Type: Inline - RelativeCall 0x805E6653-->804EF651 [ntoskrnl.exe]
ntoskrnl.exe+0x0010F7F0, Type: Inline - RelativeJump 0x805E67F0-->805ECCC2 [ntoskrnl.exe]
ntoskrnl.exe+0x0010FD4D, Type: Inline - RelativeJump 0x805E6D4D-->805E6CDF [ntoskrnl.exe]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:49 pm

ntoskrnl.exe+0x0010FED8, Type: Inline - DirectCall 0x805E6ED8-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0010FF05, Type: Inline - RelativeJump 0x805E6F05-->805E6ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x0010FFAB, Type: Inline - RelativeJump 0x805E6FAB-->8057EDCF [ntoskrnl.exe]
ntoskrnl.exe+0x0010FFB9, Type: Inline - RelativeJump 0x805E6FB9-->805E6FC1 [ntoskrnl.exe]
ntoskrnl.exe+0x0011003C, Type: Inline - RelativeCall 0x805E703C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x001100B1, Type: Inline - RelativeJump 0x805E70B1-->805A1936 [ntoskrnl.exe]
ntoskrnl.exe+0x001100C0, Type: Inline - RelativeJump 0x805E70C0-->805E4CD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00110434, Type: Inline - RelativeJump 0x805E7434-->805E746A [ntoskrnl.exe]
ntoskrnl.exe+0x00110678, Type: Inline - RelativeJump 0x805E7678-->8060124D [ntoskrnl.exe]
ntoskrnl.exe+0x00110685, Type: Inline - RelativeJump 0x805E7685-->805E7696 [ntoskrnl.exe]
ntoskrnl.exe+0x00110AC6, Type: Inline - RelativeJump 0x805E7AC6-->805E765B [ntoskrnl.exe]
ntoskrnl.exe+0x00110B75, Type: Inline - RelativeCall 0x805E7B75-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00110B84, Type: Inline - RelativeJump 0x805E7B84-->805E7B99 [ntoskrnl.exe]
ntoskrnl.exe+0x00110BD4, Type: Inline - RelativeJump 0x805E7BD4-->805E7BE2 [ntoskrnl.exe]
ntoskrnl.exe+0x00110EAF, Type: Inline - RelativeJump 0x805E7EAF-->8057704B [ntoskrnl.exe]
ntoskrnl.exe+0x00110F80, Type: Inline - RelativeJump 0x805E7F80-->805E7FD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00110F8E, Type: Inline - RelativeCall 0x805E7F8E-->B2E38E97 [unknown_code_page]
ntoskrnl.exe+0x00110F93, Type: Inline - RelativeJump 0x805E7F93-->805E7F9B [ntoskrnl.exe]
ntoskrnl.exe+0x00110FA5, Type: Inline - RelativeJump 0x805E7FA5-->805E7FBF [ntoskrnl.exe]
ntoskrnl.exe+0x001110A0, Type: Inline - RelativeJump 0x805E80A0-->80576C3B [ntoskrnl.exe]
ntoskrnl.exe+0x001112AD, Type: Inline - RelativeJump 0x805E82AD-->8058A7BC [ntoskrnl.exe]
ntoskrnl.exe+0x001112B2, Type: Inline - RelativeJump 0x805E82B2-->8058A80F [ntoskrnl.exe]
ntoskrnl.exe+0x001112B9, Type: Inline - RelativeJump 0x805E82B9-->8058A82D [ntoskrnl.exe]
ntoskrnl.exe+0x001112C3, Type: Inline - RelativeJump 0x805E82C3-->8058A83C [ntoskrnl.exe]
ntoskrnl.exe+0x001112EA, Type: Inline - RelativeCall 0x805E82EA-->8056CAC8 [ntoskrnl.exe]
ntoskrnl.exe+0x001112F6, Type: Inline - RelativeJump 0x805E82F6-->8057F70A [ntoskrnl.exe]
ntoskrnl.exe+0x00111301, Type: Inline - RelativeJump 0x805E8301-->805E8300 [ntoskrnl.exe]
ntoskrnl.exe+0x00111304, Type: Inline - RelativeJump 0x805E8304-->8057F62F [ntoskrnl.exe]
ntoskrnl.exe+0x0011132F, Type: Inline - RelativeJump 0x805E832F-->8059A51A [ntoskrnl.exe]
ntoskrnl.exe+0x00111338, Type: Inline - RelativeCall 0x805E8338-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011134C, Type: Inline - RelativeJump 0x805E834C-->8059A509 [ntoskrnl.exe]
ntoskrnl.exe+0x00111357, Type: Inline - RelativeCall 0x805E8357-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0011135F, Type: Inline - RelativeJump 0x805E835F-->805D29FC [ntoskrnl.exe]
ntoskrnl.exe+0x001113C2, Type: Inline - RelativeCall 0x805E83C2-->805E83D2 [ntoskrnl.exe]
ntoskrnl.exe+0x001113C8, Type: Inline - RelativeJump 0x805E83C8-->805E4301 [ntoskrnl.exe]
ntoskrnl.exe+0x00111505, Type: Inline - RelativeJump 0x805E8505-->805E8513 [ntoskrnl.exe]
ntoskrnl.exe+0x001118B8, Type: Inline - RelativeJump 0x805E88B8-->805E8856 [ntoskrnl.exe]
ntoskrnl.exe+0x001118D0, Type: Inline - RelativeJump 0x805E88D0-->805E4303 [ntoskrnl.exe]
ntoskrnl.exe+0x001119E8, Type: Inline - RelativeJump 0x805E89E8-->805E8A7C [ntoskrnl.exe]
ntoskrnl.exe+0x00111AA6, Type: Inline - RelativeJump 0x805E8AA6-->80604937 [ntoskrnl.exe]
ntoskrnl.exe+0x00111BC2, Type: Inline - RelativeCall 0x805E8BC2-->80592B80 [ntoskrnl.exe]
ntoskrnl.exe+0x00111EE2, Type: Inline - RelativeJump 0x805E8EE2-->80605D91 [ntoskrnl.exe]
ntoskrnl.exe+0x00111EF3, Type: Inline - RelativeJump 0x805E8EF3-->80605DC7 [ntoskrnl.exe]
ntoskrnl.exe+0x00111EFD, Type: Inline - RelativeCall 0x805E8EFD-->8056FF59 [ntoskrnl.exe]
ntoskrnl.exe+0x00111F0A, Type: Inline - RelativeJump 0x805E8F0A-->80605DE5 [ntoskrnl.exe]
ntoskrnl.exe+0x00111F22, Type: Inline - RelativeJump 0x805E8F22-->80605E00 [ntoskrnl.exe]
ntoskrnl.exe+0x00111F2E, Type: Inline - RelativeCall 0x805E8F2E-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x00111F34, Type: Inline - RelativeJump 0x805E8F34-->805E8F46 [ntoskrnl.exe]
ntoskrnl.exe+0x001122B7, Type: Inline - DirectJump 0x805E92B7-->FFFFF000 [unknown_code_page]
ntoskrnl.exe+0x0011238F, Type: Inline - RelativeJump 0x805E938F-->805B028E [ntoskrnl.exe]
ntoskrnl.exe+0x0011248B, Type: Inline - RelativeCall 0x805E948B-->804F6185 [ntoskrnl.exe]
ntoskrnl.exe+0x001124DE, Type: Inline - RelativeCall 0x805E94DE-->804DBE35 [ntoskrnl.exe]
ntoskrnl.exe+0x00112530, Type: Inline - RelativeJump 0x805E9530-->805FBBC0 [ntoskrnl.exe]
ntoskrnl.exe+0x00112584, Type: Inline - RelativeJump 0x805E9584-->805FBC03 [ntoskrnl.exe]
ntoskrnl.exe+0x00112598, Type: Inline - RelativeJump 0x805E9598-->805FBC0A [ntoskrnl.exe]
ntoskrnl.exe+0x001127B1, Type: Inline - RelativeJump 0x805E97B1-->8057A2EC [ntoskrnl.exe]
ntoskrnl.exe+0x001127BA, Type: Inline - RelativeCall 0x805E97BA-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x00112986, Type: Inline - RelativeJump 0x805E9986-->805E99CF [ntoskrnl.exe]
ntoskrnl.exe+0x001129DE, Type: Inline - RelativeJump 0x805E99DE-->805894B3 [ntoskrnl.exe]
ntoskrnl.exe+0x001129F1, Type: Inline - PushRet 0x805E99F1-->BEFFF90A [unknown_code_page]
ntoskrnl.exe+0x00112B2C, Type: Inline - RelativeJump 0x805E9B2C-->80607CD2 [ntoskrnl.exe]
ntoskrnl.exe+0x00112B39, Type: Inline - RelativeJump 0x805E9B39-->805E9B4B [ntoskrnl.exe]
ntoskrnl.exe+0x00112D04, Type: Inline - PushRet 0x805E9D04-->FB810004 [unknown_code_page]
ntoskrnl.exe+0x00112D0D, Type: Inline - RelativeJump 0x805E9D0D-->805E08F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00112D19, Type: Inline - RelativeJump 0x805E9D19-->805E08F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00112E7F, Type: Inline - RelativeCall 0x805E9E7F-->805E4C39 [ntoskrnl.exe]
ntoskrnl.exe+0x00112E86, Type: Inline - RelativeJump 0x805E9E86-->805707E0 [ntoskrnl.exe]
ntoskrnl.exe+0x00112F22, Type: Inline - RelativeJump 0x805E9F22-->8057088A [ntoskrnl.exe]
ntoskrnl.exe+0x00112F2F, Type: Inline - RelativeCall 0x805E9F2F-->80581CCE [ntoskrnl.exe]
ntoskrnl.exe+0x00112F35, Type: Inline - RelativeJump 0x805E9F35-->8057088A [ntoskrnl.exe]
ntoskrnl.exe+0x001130CB, Type: Inline - RelativeJump 0x805EA0CB-->805E145E [ntoskrnl.exe]
ntoskrnl.exe+0x001131CE, Type: Inline - RelativeJump 0x805EA1CE-->80595439 [ntoskrnl.exe]
ntoskrnl.exe+0x001131D3, Type: Inline - RelativeJump 0x805EA1D3-->805954C9 [ntoskrnl.exe]
ntoskrnl.exe+0x001131E1, Type: Inline - RelativeJump 0x805EA1E1-->805E663F [ntoskrnl.exe]
ntoskrnl.exe+0x001131E7, Type: Inline - RelativeJump 0x805EA1E7-->805ECC66 [ntoskrnl.exe]
ntoskrnl.exe+0x00113222, Type: Inline - RelativeJump 0x805EA222-->805ECE0D [ntoskrnl.exe]
ntoskrnl.exe+0x00113228, Type: Inline - RelativeJump 0x805EA228-->805EA23C [ntoskrnl.exe]
ntoskrnl.exe+0x00113230, Type: Inline - RelativeCall 0x805EA230-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00113238, Type: Inline - PushRet 0x805EA238-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00113246, Type: Inline - RelativeJump 0x805EA246-->805EA254 [ntoskrnl.exe]
ntoskrnl.exe+0x001132B3, Type: Inline - RelativeJump 0x805EA2B3-->805EA29A [ntoskrnl.exe]
ntoskrnl.exe+0x00113351, Type: Inline - RelativeJump 0x805EA351-->80589326 [ntoskrnl.exe]
ntoskrnl.exe+0x0011335C, Type: Inline - RelativeJump 0x805EA35C-->805FD720 [ntoskrnl.exe]
ntoskrnl.exe+0x00113591, Type: Inline - RelativeJump 0x805EA591-->805EA58A [ntoskrnl.exe]
ntoskrnl.exe+0x00113595, Type: Inline - RelativeCall 0x805EA595-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x001135EA, Type: Inline - RelativeJump 0x805EA5EA-->8060EEDF [ntoskrnl.exe]
ntoskrnl.exe+0x00113607, Type: Inline - RelativeJump 0x805EA607-->805EA625 [ntoskrnl.exe]
ntoskrnl.exe+0x00113697, Type: Inline - RelativeCall 0x805EA697-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00113884, Type: Inline - RelativeJump 0x805EA884-->805805C7 [ntoskrnl.exe]
ntoskrnl.exe+0x00113895, Type: Inline - RelativeJump 0x805EA895-->805FB09A [ntoskrnl.exe]
ntoskrnl.exe+0x001138D4, Type: Inline - RelativeCall 0x805EA8D4-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x001138D9, Type: Inline - RelativeJump 0x805EA8D9-->8056ECC4 [ntoskrnl.exe]
ntoskrnl.exe+0x001138DE, Type: Inline - RelativeJump 0x805EA8DE-->8056EE22 [ntoskrnl.exe]
ntoskrnl.exe+0x00113934, Type: Inline - RelativeJump 0x805EA934-->805DEFC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00113942, Type: Inline - RelativeJump 0x805EA942-->805881F9 [ntoskrnl.exe]
ntoskrnl.exe+0x00113A12, Type: Inline - RelativeJump 0x805EAA12-->805EAB8D [ntoskrnl.exe]
ntoskrnl.exe+0x00113A1D, Type: Inline - RelativeCall 0x805EAA1D-->80587586 [ntoskrnl.exe]
ntoskrnl.exe+0x00113A28, Type: Inline - PushRet 0x805EAA28-->C6810008 [unknown_code_page]
ntoskrnl.exe+0x00113A2E, Type: Inline - RelativeJump 0x805EAA2E-->805EAA46 [ntoskrnl.exe]
ntoskrnl.exe+0x00113B72, Type: Inline - RelativeCall 0x805EAB72-->805DEB01 [ntoskrnl.exe]
ntoskrnl.exe+0x00113B81, Type: Inline - PushRet 0x805EAB81-->C983000C [unknown_code_page]
ntoskrnl.exe+0x00113B88, Type: Inline - RelativeJump 0x805EAB88-->805EAB2B [ntoskrnl.exe]
ntoskrnl.exe+0x00113C5E, Type: Inline - RelativeJump 0x805EAC5E-->805EAC7F [ntoskrnl.exe]
ntoskrnl.exe+0x00113D34, Type: Inline - RelativeCall 0x805EAD34-->804EDEBC [ntoskrnl.exe]
ntoskrnl.exe+0x00113D39, Type: Inline - RelativeJump 0x805EAD39-->805EAC3F [ntoskrnl.exe]
ntoskrnl.exe+0x00113D6D, Type: Inline - RelativeJump 0x805EAD6D-->8060D8B1 [ntoskrnl.exe]
ntoskrnl.exe+0x00113D98, Type: Inline - RelativeCall 0x805EAD98-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x00113E0B, Type: Inline - RelativeJump 0x805EAE0B-->805EAE23 [ntoskrnl.exe]
ntoskrnl.exe+0x00113F37, Type: Inline - PushRet 0x805EAF37-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00114013, Type: Inline - RelativeJump 0x805EB013-->805EB062 [ntoskrnl.exe]
ntoskrnl.exe+0x00114182, Type: Inline - RelativeJump 0x805EB182-->80612A09 [ntoskrnl.exe]
ntoskrnl.exe+0x001141F2, Type: Inline - RelativeJump 0x805EB1F2-->805EB207 [ntoskrnl.exe]
ntoskrnl.exe+0x00114241, Type: Inline - RelativeJump 0x805EB241-->805EB27C [ntoskrnl.exe]
ntoskrnl.exe+0x00114295, Type: Inline - RelativeJump 0x805EB295-->805EB29C [ntoskrnl.exe]
ntoskrnl.exe+0x0011429A, Type: Inline - RelativeJump 0x805EB29A-->805EB6B3 [ntoskrnl.exe]
ntoskrnl.exe+0x00114429, Type: Inline - RelativeJump 0x805EB429-->80573358 [ntoskrnl.exe]
ntoskrnl.exe+0x00114435, Type: Inline - RelativeJump 0x805EB435-->805EB44B [ntoskrnl.exe]
ntoskrnl.exe+0x0011444A, Type: Inline - RelativeJump 0x805EB44A-->805FDF5D [ntoskrnl.exe]
ntoskrnl.exe+0x00114616, Type: Inline - RelativeJump 0x805EB616-->8058A5EB [ntoskrnl.exe]
ntoskrnl.exe+0x00114620, Type: Inline - RelativeJump 0x805EB620-->80585CE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00114673, Type: Inline - RelativeJump 0x805EB673-->805926BC [ntoskrnl.exe]
ntoskrnl.exe+0x00114755, Type: Inline - RelativeCall 0x805EB755-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0011475A, Type: Inline - RelativeJump 0x805EB75A-->805FACF1 [ntoskrnl.exe]
ntoskrnl.exe+0x00114765, Type: Inline - RelativeCall 0x805EB765-->804F07EB [ntoskrnl.exe]
ntoskrnl.exe+0x00114865, Type: Inline - RelativeJump 0x805EB865-->805FE0A3 [ntoskrnl.exe]
ntoskrnl.exe+0x001149F1, Type: Inline - RelativeJump 0x805EB9F1-->805EB36C [ntoskrnl.exe]
ntoskrnl.exe+0x001149FA, Type: Inline - RelativeJump 0x805EB9FA-->805EB36A [ntoskrnl.exe]
ntoskrnl.exe+0x00114C0E, Type: Inline - RelativeJump 0x805EBC0E-->805EBC20 [ntoskrnl.exe]
ntoskrnl.exe+0x00114C18, Type: Inline - RelativeCall 0x805EBC18-->8062AF3B [ntoskrnl.exe]
ntoskrnl.exe+0x00114C2C, Type: Inline - PushRet 0x805EBC2C-->B70F5755 [unknown_code_page]
ntoskrnl.exe+0x00114C4A, Type: Inline - RelativeJump 0x805EBC4A-->805EBC5C [ntoskrnl.exe]
ntoskrnl.exe+0x00114C54, Type: Inline - RelativeCall 0x805EBC54-->8062AF3B [ntoskrnl.exe]
ntoskrnl.exe+0x00114C68, Type: Inline - PushRet 0x805EBC68-->B70F5755 [unknown_code_page]
ntoskrnl.exe+0x00114D1A, Type: Inline - RelativeJump 0x805EBD1A-->805EBD2F [ntoskrnl.exe]
ntoskrnl.exe+0x00114D31, Type: Inline - RelativeJump 0x805EBD31-->805EBD10 [ntoskrnl.exe]
ntoskrnl.exe+0x00114FAE, Type: Inline - PushRet 0x805EBFAE-->8150FFF7 [unknown_code_page]
ntoskrnl.exe+0x0011500C, Type: Inline - RelativeJump 0x805EC00C-->805EC021 [ntoskrnl.exe]
ntoskrnl.exe+0x00115014, Type: Inline - RelativeJump 0x805EC014-->805EC021 [ntoskrnl.exe]
ntoskrnl.exe+0x00115023, Type: Inline - RelativeCall 0x805EC023-->80643B19 [ntoskrnl.exe]
ntoskrnl.exe+0x001150FC, Type: Inline - PushRet 0x805EC0FC-->E8535755 [unknown_code_page]
ntoskrnl.exe+0x001150FD, Type: Inline - RelativeCall 0x805EC0FD-->80644927 [ntoskrnl.exe]
ntoskrnl.exe+0x001152A7, Type: Inline - RelativeCall 0x805EC2A7-->806441A7 [ntoskrnl.exe]
ntoskrnl.exe+0x00115568, Type: Inline - RelativeCall 0x805EC568-->8053888A [ntoskrnl.exe]
ntoskrnl.exe+0x00115651, Type: Inline - DirectJump 0x805EC651-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0011565D, Type: Inline - RelativeJump 0x805EC65D-->805EC681 [ntoskrnl.exe]
ntoskrnl.exe+0x0011582C, Type: Inline - RelativeJump 0x805EC82C-->805EC7EA [ntoskrnl.exe]
ntoskrnl.exe+0x00115834, Type: Inline - RelativeJump 0x805EC834-->805EC859 [ntoskrnl.exe]
ntoskrnl.exe+0x00115B23, Type: Inline - RelativeCall 0x805ECB23-->804ECB18 [ntoskrnl.exe]
ntoskrnl.exe+0x00115BD1, Type: Inline - RelativeJump 0x805ECBD1-->805ECB8F [ntoskrnl.exe]
ntoskrnl.exe+0x00115BE4, Type: Inline - RelativeJump 0x805ECBE4-->8058B222 [ntoskrnl.exe]
ntoskrnl.exe+0x00115BE9, Type: Inline - RelativeJump 0x805ECBE9-->8058B249 [ntoskrnl.exe]
ntoskrnl.exe+0x00115C33, Type: Inline - RelativeJump 0x805ECC33-->805ECC47 [ntoskrnl.exe]
ntoskrnl.exe+0x00115C8A, Type: Inline - RelativeJump 0x805ECC8A-->805E676B [ntoskrnl.exe]
ntoskrnl.exe+0x00115D75, Type: Inline - RelativeJump 0x805ECD75-->805ECD83 [ntoskrnl.exe]
ntoskrnl.exe+0x00115E1E, Type: Inline - RelativeJump 0x805ECE1E-->805ECE31 [ntoskrnl.exe]
ntoskrnl.exe+0x00115EBB, Type: Inline - RelativeJump 0x805ECEBB-->8057BE9A [ntoskrnl.exe]
ntoskrnl.exe+0x00115EC3, Type: Inline - RelativeJump 0x805ECEC3-->8057BDAF [ntoskrnl.exe]
ntoskrnl.exe+0x00115F2B, Type: Inline - RelativeJump 0x805ECF2B-->8057C0EB [ntoskrnl.exe]
ntoskrnl.exe+0x00116087, Type: Inline - RelativeJump 0x805ED087-->805ED025 [ntoskrnl.exe]
ntoskrnl.exe+0x001161DF, Type: Inline - RelativeJump 0x805ED1DF-->8057233F [ntoskrnl.exe]
ntoskrnl.exe+0x00116454, Type: Inline - RelativeJump 0x805ED454-->8057C470 [ntoskrnl.exe]
ntoskrnl.exe+0x0011669D, Type: Inline - RelativeCall 0x805ED69D-->805312BF [ntoskrnl.exe]
ntoskrnl.exe+0x001166A7, Type: Inline - RelativeJump 0x805ED6A7-->805DCF8E [ntoskrnl.exe]
ntoskrnl.exe+0x00116783, Type: Inline - RelativeCall 0x805ED783-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00116C06, Type: Inline - RelativeJump 0x805EDC06-->805EDC14 [ntoskrnl.exe]
ntoskrnl.exe+0x0011713B, Type: Inline - RelativeCall 0x805EE13B-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00117141, Type: Inline - RelativeJump 0x805EE141-->805BE979 [ntoskrnl.exe]
ntoskrnl.exe+0x001171F1, Type: Inline - RelativeJump 0x805EE1F1-->805EE208 [ntoskrnl.exe]
ntoskrnl.exe+0x0011729A, Type: Inline - RelativeJump 0x805EE29A-->805EE2A4 [ntoskrnl.exe]
ntoskrnl.exe+0x001172BC, Type: Inline - RelativeJump 0x805EE2BC-->805EE2D0 [ntoskrnl.exe]
ntoskrnl.exe+0x00117456, Type: Inline - RelativeJump 0x805EE456-->805BEABB [ntoskrnl.exe]
ntoskrnl.exe+0x0011750C, Type: Inline - RelativeCall 0x805EE50C-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001175B4, Type: Inline - RelativeCall 0x805EE5B4-->804DA235 [ntoskrnl.exe]
ntoskrnl.exe+0x001178B5, Type: Inline - RelativeJump 0x805EE8B5-->805CCEE7 [ntoskrnl.exe]
ntoskrnl.exe+0x00117935, Type: Inline - RelativeCall 0x805EE935-->804F2864 [ntoskrnl.exe]
ntoskrnl.exe+0x0011793D, Type: Inline - RelativeCall 0x805EE93D-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe+0x00117945, Type: Inline - RelativeJump 0x805EE945-->8057BBE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0011798C, Type: Inline - RelativeJump 0x805EE98C-->805CE9CF [ntoskrnl.exe]
ntoskrnl.exe+0x00117CA4, Type: Inline - PushRet 0x805EECA4-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00117DC7, Type: Inline - RelativeCall 0x805EEDC7-->804DA5B6 [ntoskrnl.exe]
ntoskrnl.exe+0x00117E14, Type: Inline - PushRet 0x805EEE14-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00117EE4, Type: Inline - RelativeCall 0x805EEEE4-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00117EE9, Type: Inline - RelativeJump 0x805EEEE9-->80579F73 [ntoskrnl.exe]
ntoskrnl.exe+0x00117EEE, Type: Inline - RelativeJump 0x805EEEEE-->8057A027 [ntoskrnl.exe]
ntoskrnl.exe+0x00117EFD, Type: Inline - RelativeJump 0x805EEEFD-->8057A027 [ntoskrnl.exe]
ntoskrnl.exe+0x00117F4B, Type: Inline - RelativeJump 0x805EEF4B-->80580A59 [ntoskrnl.exe]
ntoskrnl.exe+0x00117F62, Type: Inline - PushRet 0x805EEF62-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0011808B, Type: Inline - RelativeCall 0x805EF08B-->805350C4 [ntoskrnl.exe]
ntoskrnl.exe+0x00118325, Type: Inline - RelativeCall 0x805EF325-->804E3BB2 [ntoskrnl.exe]
ntoskrnl.exe+0x0011838A, Type: Inline - RelativeJump 0x805EF38A-->805EF393 [ntoskrnl.exe]
ntoskrnl.exe+0x001188DE, Type: Inline - RelativeCall 0x805EF8DE-->80592765 [ntoskrnl.exe]
ntoskrnl.exe+0x001188EC, Type: Inline - RelativeJump 0x805EF8EC-->805D2502 [ntoskrnl.exe]
ntoskrnl.exe+0x00118A5B, Type: Inline - RelativeJump 0x805EFA5B-->805EFA6D [ntoskrnl.exe]
ntoskrnl.exe+0x00118B50, Type: Inline - PushRet 0x805EFB50-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00118CD1, Type: Inline - RelativeCall 0x805EFCD1


-->804E8782 [ntoskrnl.exe]
ntoskrnl.exe+0x00118D23, Type: Inline - RelativeJump 0x805EFD23-->805EFD47 [ntoskrnl.exe]
ntoskrnl.exe+0x00118E3C, Type: Inline - RelativeJump 0x805EFE3C-->805EFE81 [ntoskrnl.exe]
ntoskrnl.exe+0x00118E4F, Type: Inline - PushRet 0x805EFE4F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00118F0A, Type: Inline - RelativeCall 0x805EFF0A-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x00118F0F, Type: Inline - RelativeJump 0x805EFF0F-->8057B553 [ntoskrnl.exe]
ntoskrnl.exe+0x00118F14, Type: Inline - RelativeJump 0x805EFF14-->8057B4E2 [ntoskrnl.exe]
ntoskrnl.exe+0x00118F22, Type: Inline - RelativeJump 0x805EFF22-->805EFEDC [ntoskrnl.exe]
ntoskrnl.exe+0x00118FAB, Type: Inline - RelativeJump 0x805EFFAB-->805EFFBA [ntoskrnl.exe]
ntoskrnl.exe+0x00119386, Type: Inline - RelativeJump 0x805F0386-->805F0395 [ntoskrnl.exe]
ntoskrnl.exe+0x001194C3, Type: Inline - RelativeCall 0x805F04C3-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x001194CE, Type: Inline - RelativeJump 0x805F04CE-->8057A18F [ntoskrnl.exe]
ntoskrnl.exe+0x001194D3, Type: Inline - RelativeJump 0x805F04D3-->8057A196 [ntoskrnl.exe]
ntoskrnl.exe+0x001194E7, Type: Inline - RelativeJump 0x805F04E7-->805F0503 [ntoskrnl.exe]
ntoskrnl.exe+0x001195DB, Type: Inline - PushRet 0x805F05DB-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001195EC, Type: Inline - RelativeJump 0x805F05EC-->805F05AA [ntoskrnl.exe]
ntoskrnl.exe+0x001195FE, Type: Inline - RelativeJump 0x805F05FE-->8057A19F [ntoskrnl.exe]
ntoskrnl.exe+0x00119606, Type: Inline - RelativeJump 0x805F0606-->805749D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00119709, Type: Inline - RelativeCall 0x805F0709-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00119710, Type: Inline - RelativeJump 0x805F0710-->805F082C [ntoskrnl.exe]
ntoskrnl.exe+0x0011971B, Type: Inline - PushRet 0x805F071B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001197C4, Type: Inline - RelativeJump 0x805F07C4-->80574B00 [ntoskrnl.exe]
ntoskrnl.exe+0x001197D8, Type: Inline - PushRet 0x805F07D8-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0011981B, Type: Inline - RelativeJump 0x805F081B-->805F0801 [ntoskrnl.exe]
ntoskrnl.exe+0x00119ABE, Type: Inline - RelativeJump 0x805F0ABE-->805F0AE4 [ntoskrnl.exe]
ntoskrnl.exe+0x00119AC8, Type: Inline - RelativeJump 0x805F0AC8-->805F0ADD [ntoskrnl.exe]
ntoskrnl.exe+0x00119ADB, Type: Inline - RelativeJump 0x805F0ADB-->805F0AB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00119B9A, Type: Inline - RelativeCall 0x805F0B9A-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe+0x00119BA1, Type: Inline - RelativeJump 0x805F0BA1-->805D2780 [ntoskrnl.exe]
ntoskrnl.exe+0x00119BA6, Type: Inline - RelativeCall 0x805F0BA6-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00119C61, Type: Inline - RelativeJump 0x805F0C61-->805D2816 [ntoskrnl.exe]
ntoskrnl.exe+0x00119C7A, Type: Inline - RelativeJump 0x805F0C7A-->805D2823 [ntoskrnl.exe]
ntoskrnl.exe+0x00119C7F, Type: Inline - RelativeCall 0x805F0C7F-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00119C87, Type: Inline - RelativeJump 0x805F0C87-->805F0CFC [ntoskrnl.exe]
ntoskrnl.exe+0x00119D19, Type: Inline - RelativeJump 0x805F0D19-->805D2874 [ntoskrnl.exe]
ntoskrnl.exe+0x00119D34, Type: Inline - RelativeJump 0x805F0D34-->805D286B [ntoskrnl.exe]
ntoskrnl.exe+0x00119D3E, Type: Inline - RelativeJump 0x805F0D3E-->805F0D4F [ntoskrnl.exe]
ntoskrnl.exe+0x00119FCA, Type: Inline - RelativeJump 0x805F0FCA-->805F0FD1 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A080, Type: Inline - RelativeJump 0x805F1080-->805F108E [ntoskrnl.exe]
ntoskrnl.exe+0x0011A0E3, Type: Inline - RelativeJump 0x805F10E3-->805F10FC [ntoskrnl.exe]
ntoskrnl.exe+0x0011A121, Type: Inline - RelativeJump 0x805F1121-->E90002FE [unknown_code_page]
ntoskrnl.exe+0x0011A2DF, Type: Inline - PushRet 0x805F12DF-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0011A354, Type: Inline - RelativeJump 0x805F1354-->8058D707 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A385, Type: Inline - RelativeJump 0x805F1385-->805F139F [ntoskrnl.exe]
ntoskrnl.exe+0x0011A391, Type: Inline - RelativeJump 0x805F1391-->8058D733 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A399, Type: Inline - RelativeJump 0x805F1399-->8058D733 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A3A6, Type: Inline - RelativeJump 0x805F13A6-->805F138C [ntoskrnl.exe]
ntoskrnl.exe+0x0011A3F9, Type: Inline - RelativeJump 0x805F13F9-->8058272F [ntoskrnl.exe]
ntoskrnl.exe+0x0011A3FE, Type: Inline - RelativeJump 0x805F13FE-->80582715 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A40F, Type: Inline - RelativeJump 0x805F140F-->8058272F [ntoskrnl.exe]
ntoskrnl.exe+0x0011A4F6, Type: Inline - RelativeCall 0x805F14F6-->805CF6E5 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A535, Type: Inline - RelativeCall 0x805F1535-->805E8111 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A589, Type: Inline - RelativeCall 0x805F1589-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A58E, Type: Inline - RelativeJump 0x805F158E-->805F15A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A596, Type: Inline - RelativeCall 0x805F1596-->8062378F [ntoskrnl.exe]
ntoskrnl.exe+0x0011A676, Type: Inline - RelativeJump 0x805F1676-->EB5F0510 [unknown_code_page]
ntoskrnl.exe+0x0011A685, Type: Inline - RelativeCall 0x805F1685-->8058DB92 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A69E, Type: Inline - RelativeJump 0x805F169E-->8D000320 [unknown_code_page]
ntoskrnl.exe+0x0011A7DB, Type: Inline - RelativeJump 0x805F17DB-->805F17F9 [ntoskrnl.exe]
ntoskrnl.exe+0x0011A7F0, Type: Inline - RelativeJump 0x805F17F0-->805B8D8D [ntoskrnl.exe]
ntoskrnl.exe+0x0011A91D, Type: Inline - RelativeJump 0x805F191D-->805F18CF [ntoskrnl.exe]
ntoskrnl.exe+0x0011AA9B, Type: Inline - RelativeCall 0x805F1A9B-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0011AAB7, Type: Inline - RelativeJump 0x805F1AB7-->805BBC1B [ntoskrnl.exe]
ntoskrnl.exe+0x0011AABC, Type: Inline - RelativeCall 0x805F1ABC-->805BBBD5 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AAC1, Type: Inline - RelativeJump 0x805F1AC1-->805DBA45 [ntoskrnl.exe]
ntoskrnl.exe+0x0011ACDD, Type: Inline - RelativeJump 0x805F1CDD-->80579075 [ntoskrnl.exe]
ntoskrnl.exe+0x0011ACE3, Type: Inline - RelativeJump 0x805F1CE3-->80579075 [ntoskrnl.exe]
ntoskrnl.exe+0x0011ACED, Type: Inline - RelativeJump 0x805F1CED-->805F1C9F [ntoskrnl.exe]
ntoskrnl.exe+0x0011ACF5, Type: Inline - RelativeCall 0x805F1CF5-->80581CCE [ntoskrnl.exe]
ntoskrnl.exe+0x0011ACFD, Type: Inline - RelativeJump 0x805F1CFD-->8058D966 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AD02, Type: Inline - RelativeJump 0x805F1D02-->80579127 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AD53, Type: Inline - RelativeCall 0x805F1D53-->8062495E [ntoskrnl.exe]
ntoskrnl.exe+0x0011AD5A, Type: Inline - RelativeJump 0x805F1D5A-->805791E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AD65, Type: Inline - RelativeJump 0x805F1D65-->805F1D78 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AD6D, Type: Inline - RelativeJump 0x805F1D6D-->805F1D4F [ntoskrnl.exe]
ntoskrnl.exe+0x0011AD77, Type: Inline - RelativeJump 0x805F1D77-->805F1D55 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AF1A, Type: Inline - RelativeJump 0x805F1F1A-->8058DC3F [ntoskrnl.exe]
ntoskrnl.exe+0x0011AF1F, Type: Inline - RelativeCall 0x805F1F1F-->804F2F75 [ntoskrnl.exe]
ntoskrnl.exe+0x0011AF27, Type: Inline - RelativeJump 0x805F1F27-->8058DC7A [ntoskrnl.exe]
ntoskrnl.exe+0x0011AF2C, Type: Inline - RelativeJump 0x805F1F2C-->805F1CA3 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B27E, Type: Inline - RelativeJump 0x805F227E-->805DF5BB [ntoskrnl.exe]
ntoskrnl.exe+0x0011B283, Type: Inline - RelativeJump 0x805F2283-->805AEE7D [ntoskrnl.exe]
ntoskrnl.exe+0x0011B28D, Type: Inline - RelativeJump 0x805F228D-->805AFFA6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B2EC, Type: Inline - RelativeJump 0x805F22EC-->805B66B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B418, Type: Inline - RelativeCall 0x805F2418-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B424, Type: Inline - RelativeJump 0x805F2424-->805F2540 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B439, Type: Inline - RelativeJump 0x805F2439-->805F2453 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B440, Type: Inline - RelativeJump 0x805F2440-->805F2466 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B47D, Type: Inline - RelativeJump 0x805F247D-->805F2540 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B488, Type: Inline - RelativeCall 0x805F2488-->8057545D [ntoskrnl.exe]
ntoskrnl.exe+0x0011B4BC, Type: Inline - RelativeJump 0x805F24BC-->805F24CE [ntoskrnl.exe]
ntoskrnl.exe+0x0011B4D3, Type: Inline - RelativeCall 0x805F24D3-->80573938 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B4D9, Type: Inline - RelativeJump 0x805F24D9-->805F24F9 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B4EB, Type: Inline - RelativeCall 0x805F24EB-->805D337A [ntoskrnl.exe]
ntoskrnl.exe+0x0011B4F1, Type: Inline - RelativeJump 0x805F24F1-->805F2544 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B506, Type: Inline - RelativeCall 0x805F2506-->805B1BD3 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B512, Type: Inline - RelativeJump 0x805F2512-->805F2544 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B523, Type: Inline - RelativeJump 0x805F2523-->805F2544 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B52C, Type: Inline - RelativeJump 0x805F252C-->805F24DE [ntoskrnl.exe]
ntoskrnl.exe+0x0011B555, Type: Inline - RelativeCall 0x805F2555-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B55B, Type: Inline - RelativeJump 0x805F255B-->805B13B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B565, Type: Inline - RelativeJump 0x805F2565-->805C6D11 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B608, Type: Inline - RelativeCall 0x805F2608-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011B66F, Type: Inline - RelativeJump 0x805F266F-->805F2A0E [ntoskrnl.exe]
ntoskrnl.exe+0x0011B928, Type: Inline - RelativeJump 0x805F2928-->805F2A18 [ntoskrnl.exe]
ntoskrnl.exe+0x0011BA08, Type: Inline - RelativeJump 0x805F2A08-->805CE2DB [ntoskrnl.exe]
ntoskrnl.exe+0x0011BABD, Type: Inline - RelativeJump 0x805F2ABD-->805F2ACD [ntoskrnl.exe]
ntoskrnl.exe+0x0011BB6D, Type: Inline - RelativeCall 0x805F2B6D-->804E45EE [ntoskrnl.exe]
ntoskrnl.exe+0x0011BD15, Type: Inline - RelativeJump 0x805F2D15-->805F2D82 [ntoskrnl.exe]
ntoskrnl.exe+0x0011BDDA, Type: Inline - RelativeJump 0x805F2DDA-->805F2DF8 [ntoskrnl.exe]
ntoskrnl.exe+0x0011C1FE, Type: Inline - RelativeJump 0x805F31FE-->805F3204 [ntoskrnl.exe]
ntoskrnl.exe+0x0011C216, Type: Inline - RelativeJump 0x805F3216-->805F321C [ntoskrnl.exe]
ntoskrnl.exe+0x0011C224, Type: Inline - RelativeJump 0x805F3224-->805F322A [ntoskrnl.exe]
ntoskrnl.exe+0x0011C22C, Type: Inline - RelativeJump 0x805F322C-->805F3232 [ntoskrnl.exe]
ntoskrnl.exe+0x0011C24C, Type: Inline - RelativeJump 0x805F324C-->805F3256 [ntoskrnl.exe]
ntoskrnl.exe+0x0011C27E, Type: Inline - RelativeJump 0x805F327E-->805F3284 [ntoskrnl.exe]
ntoskrnl.exe+0x0011C296, Type: Inline - RelativeJump 0x805F3296-->805F32A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0011C29E, Type: Inline - RelativeJump 0x805F329E-->805F32AE [ntoskrnl.exe]
ntoskrnl.exe+0x0011C391, Type: Inline - RelativeJump 0x805F3391-->E75F2E6E [unknown_code_page]
ntoskrnl.exe+0x0011C8D5, Type: Inline - RelativeCall 0x805F38D5-->805B2480 [ntoskrnl.exe]
ntoskrnl.exe+0x0011CA00, Type: Inline - DirectCall 0x805F3A00-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0011CA02, Type: Inline - RelativeCall 0x805F3A02-->8059D23D [ntoskrnl.exe]
ntoskrnl.exe+0x0011CA0D, Type: Inline - RelativeJump 0x805F3A0D-->805F3A16 [ntoskrnl.exe]
ntoskrnl.exe+0x0011CA83, Type: Inline - RelativeJump 0x805F3A83-->805F3ACD [ntoskrnl.exe]
ntoskrnl.exe+0x0011CDD0, Type: Inline - RelativeCall 0x805F3DD0-->80532E00 [ntoskrnl.exe]
ntoskrnl.exe+0x0011CDD6, Type: Inline - RelativeJump 0x805F3DD6-->805F3DF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0011CE86, Type: Inline - RelativeJump 0x805F3E86-->805F3E7B [ntoskrnl.exe]
ntoskrnl.exe+0x0011D06A, Type: Inline - RelativeJump 0x805F406A-->805F407C [ntoskrnl.exe]
ntoskrnl.exe+0x0011D151, Type: Inline - RelativeJump 0x805F4151-->805C58E1 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D15B, Type: Inline - RelativeJump 0x805F415B-->805F4166 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D17C, Type: Inline - RelativeJump 0x805F417C-->805F41AC [ntoskrnl.exe]
ntoskrnl.exe+0x0011D22D, Type: Inline - RelativeJump 0x805F422D-->805F4243 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D45E, Type: Inline - RelativeCall 0x805F445E-->805E3A0D [ntoskrnl.exe]
ntoskrnl.exe+0x0011D471, Type: Inline - RelativeJump 0x805F4471-->805F4474 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D6BA, Type: Inline - RelativeCall 0x805F46BA-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D6C2, Type: Inline - RelativeJump 0x805F46C2-->805BE031 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D8D0, Type: Inline - DirectCall 0x805F48D0-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0011D8D9, Type: Inline - RelativeCall 0x805F48D9-->ECA4CD6B [unknown_code_page]
ntoskrnl.exe+0x0011D979, Type: Inline - RelativeJump 0x805F4979-->805F4993 [ntoskrnl.exe]
ntoskrnl.exe+0x0011D97C, Type: Inline - RelativeJump 0x805F497C-->805F49D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0011DA64, Type: Inline - RelativeCall 0x805F4A64-->804E378E [ntoskrnl.exe]
ntoskrnl.exe+0x0011DB52, Type: Inline - RelativeJump 0x805F4B52-->805F4B78 [ntoskrnl.exe]
ntoskrnl.exe+0x0011DBDD, Type: Inline - RelativeJump 0x805F4BDD-->805F4BF3 [ntoskrnl.exe]
ntoskrnl.exe+0x0011DD10, Type: Inline - RelativeJump 0x805F4D10-->805F4D16 [ntoskrnl.exe]
ntoskrnl.exe+0x0011DE54, Type: Inline - RelativeJump 0x805F4E54-->805A70D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0011DEEE, Type: Inline - RelativeCall 0x805F4EEE-->80507BED [ntoskrnl.exe]
ntoskrnl.exe+0x0011DEF7, Type: Inline - PushRet 0x805F4EF7-->8BFFFB20 [unknown_code_page]
ntoskrnl.exe+0x0011E04F, Type: Inline - RelativeJump 0x805F504F-->805F5068 [ntoskrnl.exe]
ntoskrnl.exe+0x0011E108, Type: Inline - RelativeJump 0x805F5108-->805F510E [ntoskrnl.exe]
ntoskrnl.exe+0x0011E158, Type: Inline - RelativeJump 0x805F5158-->805F515E [ntoskrnl.exe]
ntoskrnl.exe+0x0011E394, Type: Inline - RelativeJump 0x805F5394-->805D0F41 [ntoskrnl.exe]
ntoskrnl.exe+0x0011E4EE, Type: Inline - RelativeJump 0x805F54EE-->805A64A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0011E849, Type: Inline - RelativeJump 0x805F5849-->805F5859 [ntoskrnl.exe]
ntoskrnl.exe+0x0011E8F3, Type: Inline - RelativeCall 0x805F58F3-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0011E938, Type: Inline - RelativeJump 0x805F5938-->805F58F6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011EA83, Type: Inline - RelativeJump 0x805F5A83-->805F5ABD [ntoskrnl.exe]
ntoskrnl.exe+0x0011EAB9, Type: Inline - RelativeCall 0x805F5AB9-->80532E00 [ntoskrnl.exe]
ntoskrnl.exe+0x0011EBDA, Type: Inline - PushRet 0x805F5BDA-->EEBD50E8 [unknown_code_page]
ntoskrnl.exe+0x0011EBDB, Type: Inline - RelativeCall 0x805F5BDB-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0011EBE0, Type: Inline - RelativeJump 0x805F5BE0-->805A68CF [ntoskrnl.exe]
ntoskrnl.exe+0x0011EBE5, Type: Inline - RelativeJump 0x805F5BE5-->805A68DD [ntoskrnl.exe]
ntoskrnl.exe+0x0011EC7A, Type: Inline - DirectCall 0x805F5C7A-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x0011EC86, Type: Inline - RelativeJump 0x805F5C86-->805A69A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0011EC8B, Type: Inline - RelativeJump 0x805F5C8B-->805A69A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0011ED5D, Type: Inline - RelativeJump 0x805F5D5D-->805A6AE4 [ntoskrnl.exe]
ntoskrnl.exe+0x0011EECB, Type: Inline - RelativeCall 0x805F5ECB-->8062316B [ntoskrnl.exe]
ntoskrnl.exe+0x0011EEDE, Type: Inline - RelativeJump 0x805F5EDE-->805AD88A [ntoskrnl.exe]
ntoskrnl.exe+0x0011EEE5, Type: Inline - RelativeJump 0x805F5EE5-->805C31CF [ntoskrnl.exe]
ntoskrnl.exe+0x0011EEEF, Type: Inline - RelativeJump 0x805F5EEF-->805C31CF [ntoskrnl.exe]
ntoskrnl.exe+0x0011EEF9, Type: Inline - RelativeJump 0x805F5EF9-->805CC06E [ntoskrnl.exe]
ntoskrnl.exe+0x0011F171, Type: Inline - RelativeCall 0x805F6171-->80505FEE [ntoskrnl.exe]
ntoskrnl.exe+0x0011F17E, Type: Inline - RelativeJump 0x805F617E-->805AD934 [ntoskrnl.exe]
ntoskrnl.exe+0x0011F2AE, Type: Inline - RelativeJump 0x805F62AE-->805F626A [ntoskrnl.exe]
ntoskrnl.exe+0x0011F41D, Type: Inline - RelativeJump 0x805F641D-->805F6429 [ntoskrnl.exe]
ntoskrnl.exe+0x0011F425, Type: Inline - RelativeCall 0x805F6425-->806290A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011F53D, Type: Inline - RelativeJump 0x805F653D-->805F659B [ntoskrnl.exe]
ntoskrnl.exe+0x0011F57B, Type: Inline - RelativeJump 0x805F657B-->805F6588 [ntoskrnl.exe]
ntoskrnl.exe+0x0011F592, Type: Inline - RelativeCall 0x805F6592-->80532E00 [ntoskrnl.exe]
ntoskrnl.exe+0x0011F752, Type: Inline - RelativeJump 0x805F6752-->805F6765 [ntoskrnl.exe]
ntoskrnl.exe+0x0011F8BC, Type: Inline - RelativeJump 0x805F68BC-->805F68DA [ntoskrnl.exe]
ntoskrnl.exe+0x0011F8CA, Type: Inline - RelativeJump 0x805F68CA-->805AE369 [ntoskrnl.exe]
ntoskrnl.exe+0x0011FA8B, Type: Inline - RelativeJump 0x805F6A8B-->805AED54 [ntoskrnl.exe]
ntoskrnl.exe+0x0011FA97, Type: Inline - RelativeJump 0x805F6A97-->805AED54 [ntoskrnl.exe]
ntoskrnl.exe+0x0011FC4E, Type: Inline - RelativeJump 0x805F6C4E-->805C3945 [ntoskrnl.exe]
ntoskrnl.exe+0x0011FDB1, Type: Inline - RelativeJump 0x805F6DB1-->805CD04A [ntoskrnl.exe]
ntoskrnl.exe+0x0011FDBC, Type: Inline - RelativeCall 0x805F6DBC-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x0011FDD1, Type: Inline - RelativeJump 0x805F6DD1-->805BC2C4 [ntoskrnl.exe]
ntoskrnl.exe+0x0011FDD8, Type: Inline - RelativeJump 0x805F6DD8-->805BC2EA [ntoskrnl.exe]
ntoskrnl.exe+0x0011FDDD, Type: Inline - RelativeJump 0x805F6DDD-->805C2FCF [ntoskrnl.exe]
ntoskrnl.exe+0x0011FDE5, Type: Inline - RelativeJump 0x805F6DE5-->805CD16D [ntoskrnl.exe]
ntoskrnl.exe+0x0011FE18, Type: Inline - RelativeCall 0x805F6E18-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0011FE27, Type: Inline - RelativeJump 0x805F6E27-->805BC63B [ntoskrnl.exe]
ntoskrnl.exe+0x0011FE5B, Type: Inline - RelativeJump 0x805F6E5B-->805C1E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0011FE62, Type: Inline - RelativeJump 0x805F6E62-->805C743A [ntoskrnl.exe]
ntoskrnl.exe+0x0011FF2C, Type: Inline - RelativeJump 0x805F6F2C-->805F6F47 [ntoskrnl.exe]
ntoskrnl.exe+0x0012009C, Type: Inline - RelativeJump 0x805F709C-->805F706B [ntoskrnl.exe]
ntoskrnl.exe+0x001200B4, Type: Inline - RelativeJump 0x805F70B4-->805CD8F6 [ntoskrnl.exe]
ntoskrnl.exe+0x001200BF, Type: Inline - RelativeJump 0x805F70BF-->805CD89F [ntoskrnl.exe]
ntoskrnl.exe+0x001200C6, Type: Inline - RelativeCall 0x805F70C6-->805CBFC9 [ntoskrnl.exe]
ntoskrnl.exe+0x001200D3, Type: Inline - RelativeCall 0x805F70D3-->805BE35A [ntoskrnl.exe]
ntoskrnl.exe+0x001201CF, Type: Inline - RelativeJump 0x805F71CF-->805C1C71 [ntoskrnl.exe]
ntoskrnl.exe+0x0012043F, Type: Inline - RelativeJump 0x805F743F-->805F7445 [ntoskrnl.exe]
ntoskrnl.exe+0x00120541, Type: Inline - RelativeJump 0x805F7541-->805F7555 [ntoskrnl.exe]
ntoskrnl.exe+0x0012058F, Type: Inline - RelativeJump 0x805F758F-->805F759E [ntoskrnl.exe]
ntoskrnl.exe+0x001206DD, Type: Inline - RelativeCall 0x805F76DD-->805A59B6 [ntoskrnl.exe]
ntoskrnl.exe+0x001207C8, Type: Inline - RelativeJump 0x805F77C8-->805CFC53 [ntoskrnl.exe]
ntoskrnl.exe+0x001207F2, Type: Inline - RelativeCall 0x805F77F2-->805A5720 [ntoskrnl.exe]
ntoskrnl.exe+0x001207F7, Type: Inline - RelativeJump 0x805F77F7-->805F7805 [ntoskrnl.exe]
ntoskrnl.exe+0x001208E4, Type: Inline - RelativeJump 0x805F78E4-->805F78F3 [ntoskrnl.exe]
ntoskrnl.exe+0x001208EA, Type: Inline - RelativeCall 0x805F78EA-->804E37B6 [ntoskrnl.exe]
ntoskrnl.exe+0x00120AF3, Type: Inline - PushRet 0x805F7AF3-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00120B07, Type: Inline - RelativeJump 0x805F7B07-->805A1343 [ntoskrnl.exe]
ntoskrnl.exe+0x00120B24, Type: Inline - RelativeJump 0x805F7B24-->805A13FC [ntoskrnl.exe]
ntoskrnl.exe+0x00120B30, Type: Inline - RelativeJump 0x805F7B30-->805C76B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00120B3C, Type: Inline - RelativeJump 0x805F7B3C-->805C76B6 [ntoskrnl.exe]
ntoskrnl.exe+0x00120B50, Type: Inline - RelativeJump 0x805F7B50-->805C76B6 [ntoskrnl.exe]
ntoskrnl.exe+0x00120C1C, Type: Inline - RelativeJump 0x805F7C1C-->805F7C62 [ntoskrnl.exe]
ntoskrnl.exe+0x00120C2E, Type: Inline - RelativeJump 0x805F7C2E-->805F7C62 [ntoskrnl.exe]
ntoskrnl.exe+0x00120C94, Type: Inline - RelativeJump 0x805F7C94-->805F7D2E [ntoskrnl.exe]
ntoskrnl.exe+0x00120C9E, Type: Inline - RelativeJump 0x805F7C9E-->805ADCB1 [ntoskrnl.exe]
ntoskrnl.exe+0x00120CA4, Type: Inline - RelativeJump 0x805F7CA4-->805ADCB1 [ntoskrnl.exe]
ntoskrnl.exe+0x00120CD8, Type: Inline - RelativeJump 0x805F7CD8-->805F7CC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00120F28, Type: Inline - RelativeJump 0x805F7F28-->805F7F26 [ntoskrnl.exe]
ntoskrnl.exe+0x00120F92, Type: Inline - RelativeJump 0x805F7F92-->805F7F90 [ntoskrnl.exe]
ntoskrnl.exe+0x0012123B, Type: Inline - RelativeJump 0x805F823B-->805F8239 [ntoskrnl.exe]
ntoskrnl.exe+0x00121242, Type: Inline - RelativeJump 0x805F8242-->805F81FE [ntoskrnl.exe]
ntoskrnl.exe+0x00121266, Type: Inline - RelativeJump 0x805F8266-->805F8264 [ntoskrnl.exe]
ntoskrnl.exe+0x00121268, Type: Inline - RelativeCall 0x805F8268-->805AEA20 [ntoskrnl.exe]
ntoskrnl.exe+0x00121270, Type: Inline - RelativeCall 0x805F8270-->805AEC22 [ntoskrnl.exe]
ntoskrnl.exe+0x00121278, Type: Inline - RelativeJump 0x805F8278-->805F829C [ntoskrnl.exe]
ntoskrnl.exe+0x0012127E, Type: Inline - RelativeJump 0x805F827E-->805F826C [ntoskrnl.exe]
ntoskrnl.exe+0x001213EF, Type: Inline - RelativeJump 0x805F83EF-->805F83DD [ntoskrnl.exe]
ntoskrnl.exe+0x001213F8, Type: Inline - RelativeJump 0x805F83F8-->805F83EA [ntoskrnl.exe]
ntoskrnl.exe+0x0012166B, Type: Inline - RelativeJump 0x805F866B-->805F861D [ntoskrnl.exe]
ntoskrnl.exe+0x0012167E, Type: Inline - RelativeCall 0x805F867E-->80515305 [ntoskrnl.exe]
ntoskrnl.exe+0x001216FB, Type: Inline - PushRet 0x805F86FB-->FAA67EE9 [unknown_code_page]
ntoskrnl.exe+0x001216FC, Type: Inline - RelativeJump 0x805F86FC-->805A2D7F [ntoskrnl.exe]
ntoskrnl.exe+0x00121846, Type: Inline - RelativeJump 0x805F8846-->805C3EAA [ntoskrnl.exe]
ntoskrnl.exe+0x00121853, Type: Inline - DirectCall 0x805F8853-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x0012185D, Type: Inline - RelativeJump 0x805F885D-->805C3EAA [ntoskrnl.exe]
ntoskrnl.exe+0x0012189D, Type: Inline - RelativeCall 0x805F889D-->805E3A0D [ntoskrnl.exe]
ntoskrnl.exe+0x001219B3, Type: Inline - RelativeJump 0x805F89B3-->805CAFF3 [ntoskrnl.exe]
ntoskrnl.exe+0x001219B8, Type: Inline - RelativeJump 0x805F89B8-->805CB0D8 [ntoskrnl.exe]
ntoskrnl.exe+0x001219BD, Type: Inline - RelativeJump 0x805F89BD-->805CB1FA [ntoskrnl.exe]
ntoskrnl.exe+0x001219C2, Type: Inline - RelativeJump 0x805F89C2-->805F89E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00121B10, Type: Inline - RelativeCall 0x805F8B10-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00121B1E, Type: Inline - RelativeJump 0x805F8B1E-->805CFDD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00122089, Type: Inline - RelativeCall 0x805F9089-->804DADC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0012209A, Type: Inline - RelativeCall 0x805F909A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001222B2, Type: Inline - PushRet 0x805F92B2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00122304, Type: Inline - RelativeJump 0x805F9304-->805F92E0 [ntoskrnl.exe]
ntoskrnl.exe+0x00122443, Type: Inline - RelativeJump 0x805F9443-->8057D133 [ntoskrnl.exe]
ntoskrnl.exe+0x001224A3, Type: Inline - RelativeJump 0x805F94A3-->805F9696 [ntoskrnl.exe]
ntoskrnl.exe+0x00122706, Type: Inline - RelativeCall 0x805F9706-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00122784, Type: Inline - PushRet 0x805F9784-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001227FA, Type: Inline - RelativeJump 0x805F97FA-->805F97F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0012280D, Type: Inline - DirectCall 0x805F980D-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x00122817, Type: Inline - RelativeJump 0x805F9817-->805954BB [ntoskrnl.exe]
ntoskrnl.exe+0x0012281C, Type: Inline - RelativeCall 0x805F981C-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00122821, Type: Inline - RelativeJump 0x805F9821-->805967A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012284D, Type: Inline - RelativeJump 0x805F984D-->8059DFAA [ntoskrnl.exe]
ntoskrnl.exe+0x00122993, Type: Inline - RelativeJump 0x805F9993-->805F99B2 [ntoskrnl.exe]
ntoskrnl.exe+0x00122A11, Type: Inline - RelativeJump 0x805F9A11-->805F9885 [ntoskrnl.exe]
ntoskrnl.exe+0x00122A1F, Type: Inline - RelativeCall 0x805F9A1F-->8057677E [ntoskrnl.exe]
ntoskrnl.exe+0x00122A55, Type: Inline - RelativeCall 0x805F9A55-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00122A8D, Type: Inline - RelativeCall 0x805F9A8D-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe+0x00122A93, Type: Inline - RelativeJump 0x805F9A93-->8059E184 [ntoskrnl.exe]
ntoskrnl.exe+0x00122AA8, Type: Inline - RelativeCall 0x805F9AA8-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00122CFA, Type: Inline - RelativeJump 0x805F9CFA-->805F9D07 [ntoskrnl.exe]
ntoskrnl.exe+0x00122ECE, Type: Inline - RelativeJump 0x805F9ECE-->805F9EC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012301A, Type: Inline - RelativeCall 0x805FA01A-->8058145E [ntoskrnl.exe]
ntoskrnl.exe+0x00123024, Type: Inline - RelativeJump 0x805FA024-->805EB1C6 [ntoskrnl.exe]
ntoskrnl.exe+0x00123029, Type: Inline - DirectCall 0x805FA029-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x00123037, Type: Inline - RelativeJump 0x805FA037-->80585447 [ntoskrnl.exe]
ntoskrnl.exe+0x00123041, Type: Inline - DirectCall 0x805FA041-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x0012304F, Type: Inline - RelativeCall 0x805FA04F-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00123057, Type: Inline - RelativeCall 0x805FA057-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012305F, Type: Inline - RelativeJump 0x805FA05F-->80585460 [ntoskrnl.exe]
ntoskrnl.exe+0x00123069, Type: Inline - RelativeJump 0x805FA069-->805AF9F1 [ntoskrnl.exe]
ntoskrnl.exe+0x0012307D, Type: Inline - PushRet 0x805FA07D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012339B, Type: Inline - RelativeJump 0x805FA39B-->805766FA [ntoskrnl.exe]
ntoskrnl.exe+0x001233AB, Type: Inline - PushRet 0x805FA3AB-->8B5A036A [unknown_code_page]
ntoskrnl.exe+0x001233AC, Type: Inline - RelativeCall 0x805FA3AC-->8057677E [ntoskrnl.exe]
ntoskrnl.exe+0x001233B1, Type: Inline - RelativeJump 0x805FA3B1-->805FA3C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001233C5, Type: Inline - RelativeJump 0x805FA3C5-->805FA34A [ntoskrnl.exe]
ntoskrnl.exe+0x001233D9, Type: Inline - PushRet 0x805FA3D9-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00123452, Type: Inline - RelativeJump 0x805FA452-->80585755 [ntoskrnl.exe]
ntoskrnl.exe+0x00123457, Type: Inline - DirectCall 0x805FA457-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x00123465, Type: Inline - RelativeJump 0x805FA465-->80585786 [ntoskrnl.exe]
ntoskrnl.exe+0x001234AC, Type: Inline - RelativeCall 0x805FA4AC-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe+0x001234FF, Type: Inline - RelativeJump 0x805FA4FF-->805FA4FC [ntoskrnl.exe]
ntoskrnl.exe+0x0012350A, Type: Inline - RelativeCall 0x805FA50A-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x0012350F, Type: Inline - RelativeJump 0x805FA50F-->805FA474 [ntoskrnl.exe]
ntoskrnl.exe+0x0012353B, Type: Inline - RelativeJump 0x805FA53B-->805965BE [ntoskrnl.exe]
ntoskrnl.exe+0x0012398B, Type: Inline - RelativeCall 0x805FA98B-->8057F32A [ntoskrnl.exe]
ntoskrnl.exe+0x00123AC0, Type: Inline - RelativeCall 0x805FAAC0-->805E464B [ntoskrnl.exe]
ntoskrnl.exe+0x00123ACD, Type: Inline - RelativeJump 0x805FAACD-->805FAA2F [ntoskrnl.exe]
ntoskrnl.exe+0x00123D25, Type: Inline - RelativeJump 0x805FAD25-->805FACFB [ntoskrnl.exe]
ntoskrnl.exe+0x00123D2F, Type: Inline - RelativeJump 0x805FAD2F-->805FACED [ntoskrnl.exe]
ntoskrnl.exe+0x00123DF5, Type: Inline - RelativeJump 0x805FADF5-->805FADDB [ntoskrnl.exe]
ntoskrnl.exe+0x00123E0E, Type: Inline - DirectCall 0x805FAE0E-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x00123E1A, Type: Inline - RelativeCall 0x805FAE1A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00124043, Type: Inline - RelativeJump 0x805FB043-->805FB0C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0012407A, Type: Inline - RelativeJump 0x805FB07A-->805FB0EC [ntoskrnl.exe]
ntoskrnl.exe+0x0012409A, Type: Inline - RelativeJump 0x805FB09A-->805807FB [ntoskrnl.exe]
ntoskrnl.exe+0x001240A4, Type: Inline - RelativeJump 0x805FB0A4-->805807FB [ntoskrnl.exe]
ntoskrnl.exe+0x001240AE, Type: Inline - RelativeJump 0x805FB0AE-->805807FB [ntoskrnl.exe]
ntoskrnl.exe+0x001240B3, Type: Inline - RelativeJump 0x805FB0B3-->805FB0C6 [ntoskrnl.exe]
ntoskrnl.exe+0x00124217, Type: Inline - RelativeJump 0x805FB217-->80578E5B [ntoskrnl.exe]
ntoskrnl.exe+0x0012421F, Type: Inline - RelativeCall 0x805FB21F-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x00124228, Type: Inline - RelativeJump 0x805FB228-->805B2AB8 [ntoskrnl.exe]
ntoskrnl.exe+0x0012431B, Type: Inline - RelativeJump 0x805FB31B-->805FB33D [ntoskrnl.exe]
ntoskrnl.exe+0x0012441F, Type: Inline - RelativeCall 0x805FB41F-->804FB224 [ntoskrnl.exe]
ntoskrnl.exe+0x00124424, Type: Inline - RelativeJump 0x805FB424-->805FB447 [ntoskrnl.exe]
ntoskrnl.exe+0x001244BA, Type: Inline - RelativeJump 0x805FB4BA-->80594376 [ntoskrnl.exe]
ntoskrnl.exe+0x0012455B, Type: Inline - RelativeCall 0x805FB55B-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00124561, Type: Inline - RelativeCall 0x805FB561-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001245C4, Type: Inline - RelativeJump 0x805FB5C4-->8056DBE8 [ntoskrnl.exe]
ntoskrnl.exe+0x001245CB, Type: Inline - RelativeJump 0x805FB5CB-->8056DC05 [ntoskrnl.exe]
ntoskrnl.exe+0x001245D5, Type: Inline - PushRet 0x805FB5D5-->90909090 [unknown_code_page]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:49 pm


ntoskrnl.exe+0x0012479C, Type: Inline - RelativeJump 0x805FB79C-->805BAB5A [ntoskrnl.exe]
ntoskrnl.exe+0x0012487E, Type: Inline - RelativeJump 0x805FB87E-->805FB8AC [ntoskrnl.exe]
ntoskrnl.exe+0x001248B3, Type: Inline - RelativeCall 0x805FB8B3-->80579B92 [ntoskrnl.exe]
ntoskrnl.exe+0x001248BA, Type: Inline - RelativeJump 0x805FB8BA-->805BAB7C [ntoskrnl.exe]
ntoskrnl.exe+0x00124952, Type: Inline - RelativeCall 0x805FB952-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe+0x00124961, Type: Inline - RelativeJump 0x805FB961-->805FBA93 [ntoskrnl.exe]
ntoskrnl.exe+0x001249D6, Type: Inline - RelativeCall 0x805FB9D6-->8053C23C [ntoskrnl.exe]
ntoskrnl.exe+0x00124CBC, Type: Inline - RelativeJump 0x805FBCBC-->805A948A [ntoskrnl.exe]
ntoskrnl.exe+0x00124CD1, Type: Inline - RelativeJump 0x805FBCD1-->805B638A [ntoskrnl.exe]
ntoskrnl.exe+0x00124CD6, Type: Inline - RelativeJump 0x805FBCD6-->805B647F [ntoskrnl.exe]
ntoskrnl.exe+0x00124CDB, Type: Inline - RelativeJump 0x805FBCDB-->805A8F15 [ntoskrnl.exe]
ntoskrnl.exe+0x00124D4A, Type: Inline - RelativeJump 0x805FBD4A-->805FBD4B [ntoskrnl.exe]
ntoskrnl.exe+0x00124F11, Type: Inline - RelativeCall 0x805FBF11-->804F0C11 [ntoskrnl.exe]
ntoskrnl.exe+0x00124F42, Type: Inline - RelativeJump 0x805FBF42-->805FBF04 [ntoskrnl.exe]
ntoskrnl.exe+0x00124F4E, Type: Inline - RelativeJump 0x805FBF4E-->805FBF10 [ntoskrnl.exe]
ntoskrnl.exe+0x00124F65, Type: Inline - RelativeJump 0x805FBF65-->805FBF07 [ntoskrnl.exe]
ntoskrnl.exe+0x00124F7B, Type: Inline - RelativeJump 0x805FBF7B-->805FBF95 [ntoskrnl.exe]
ntoskrnl.exe+0x0012537A, Type: Inline - PushRet 0x805FC37A-->E9FFFB0C [unknown_code_page]
ntoskrnl.exe+0x0012537E, Type: Inline - RelativeCall 0x805FC37E-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe+0x00125393, Type: Inline - RelativeJump 0x805FC393-->805FC3B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001253EA, Type: Inline - RelativeJump 0x805FC3EA-->805FC413 [ntoskrnl.exe]
ntoskrnl.exe+0x001255AF, Type: Inline - RelativeCall 0x805FC5AF-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0012590A, Type: Inline - RelativeJump 0x805FC90A-->805FC915 [ntoskrnl.exe]
ntoskrnl.exe+0x0012590D, Type: Inline - RelativeJump 0x805FC90D-->805FC89F [ntoskrnl.exe]
ntoskrnl.exe+0x0012595C, Type: Inline - RelativeCall 0x805FC95C-->804F23E1 [ntoskrnl.exe]
ntoskrnl.exe+0x00125A2B, Type: Inline - RelativeJump 0x805FCA2B-->80582B02 [ntoskrnl.exe]
ntoskrnl.exe+0x00125A33, Type: Inline - DirectCall 0x805FCA33-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00125A39, Type: Inline - RelativeJump 0x805FCA39-->80582B2E [ntoskrnl.exe]
ntoskrnl.exe+0x00125C27, Type: Inline - RelativeJump 0x805FCC27-->805DE901 [ntoskrnl.exe]
ntoskrnl.exe+0x00125C32, Type: Inline - RelativeJump 0x805FCC32-->8058CD7B [ntoskrnl.exe]
ntoskrnl.exe+0x00125CAB, Type: Inline - RelativeCall 0x805FCCAB-->80595FAB [ntoskrnl.exe]
ntoskrnl.exe+0x00125CB7, Type: Inline - RelativeJump 0x805FCCB7-->8058CFA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00125CDA, Type: Inline - RelativeJump 0x805FCCDA-->805FCD2A [ntoskrnl.exe]
ntoskrnl.exe+0x00125F17, Type: Inline - RelativeJump 0x805FCF17-->805FCF3C [ntoskrnl.exe]
ntoskrnl.exe+0x0012601D, Type: Inline - RelativeCall 0x805FD01D-->805E2D1C [ntoskrnl.exe]
ntoskrnl.exe+0x00126024, Type: Inline - RelativeCall 0x805FD024-->804EA9A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0012606D, Type: Inline - RelativeJump 0x805FD06D-->8057A561 [ntoskrnl.exe]
ntoskrnl.exe+0x00126074, Type: Inline - RelativeJump 0x805FD074-->8057A4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x00126312, Type: Inline - RelativeJump 0x805FD312-->805FD325 [ntoskrnl.exe]
ntoskrnl.exe+0x001264A0, Type: Inline - DirectCall 0x805FD4A0-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x001264AC, Type: Inline - RelativeCall 0x805FD4AC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00126819, Type: Inline - PushRet 0x805FD819-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012690D, Type: Inline - PushRet 0x805FD90D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00126BB8, Type: Inline - RelativeJump 0x805FDBB8-->805FDB28 [ntoskrnl.exe]
ntoskrnl.exe+0x00126BC3, Type: Inline - RelativeJump 0x805FDBC3-->805FDC15 [ntoskrnl.exe]
ntoskrnl.exe+0x00126CDF, Type: Inline - RelativeCall 0x805FDCDF-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x00126CE9, Type: Inline - RelativeJump 0x805FDCE9-->805B3FFB [ntoskrnl.exe]
ntoskrnl.exe+0x00126CF1, Type: Inline - RelativeCall 0x805FDCF1-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00127014, Type: Inline - RelativeJump 0x805FE014-->805FE054 [ntoskrnl.exe]
ntoskrnl.exe+0x00127058, Type: Inline - RelativeJump 0x805FE058-->805FE067 [ntoskrnl.exe]
ntoskrnl.exe+0x00127165, Type: Inline - RelativeCall 0x805FE165-->804EA895 [ntoskrnl.exe]
ntoskrnl.exe+0x00127171, Type: Inline - RelativeJump 0x805FE171-->805FE0BD [ntoskrnl.exe]
ntoskrnl.exe+0x001271D3, Type: Inline - RelativeJump 0x805FE1D3-->8057F502 [ntoskrnl.exe]
ntoskrnl.exe+0x001272B8, Type: Inline - RelativeCall 0x805FE2B8-->80539EE3 [ntoskrnl.exe]
ntoskrnl.exe+0x00127382, Type: Inline - RelativeJump 0x805FE382-->805FE360 [ntoskrnl.exe]
ntoskrnl.exe+0x001273C9, Type: Inline - RelativeJump 0x805FE3C9-->805FE3C9 [ntoskrnl.exe]
ntoskrnl.exe+0x001273CD, Type: Inline - RelativeCall 0x805FE3CD-->8051A630 [ntoskrnl.exe]
ntoskrnl.exe+0x001273D6, Type: Inline - RelativeJump 0x805FE3D6-->805D3A10 [ntoskrnl.exe]
ntoskrnl.exe+0x00127452, Type: Inline - RelativeJump 0x805FE452-->8057F2E1 [ntoskrnl.exe]
ntoskrnl.exe+0x00127523, Type: Inline - RelativeJump 0x805FE523-->8427E520 [unknown_code_page]
ntoskrnl.exe+0x00127590, Type: Inline - RelativeJump 0x805FE590-->8057CB76 [ntoskrnl.exe]
ntoskrnl.exe+0x00127595, Type: Inline - RelativeJump 0x805FE595-->8057C933 [ntoskrnl.exe]
ntoskrnl.exe+0x001275BF, Type: Inline - PushRet 0x805FE5BF-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012771F, Type: Inline - RelativeJump 0x805FE71F-->805FE72B [ntoskrnl.exe]
ntoskrnl.exe+0x00127728, Type: Inline - RelativeJump 0x805FE728-->805FE702 [ntoskrnl.exe]
ntoskrnl.exe+0x001277A6, Type: Inline - RelativeJump 0x805FE7A6-->8057C8FB [ntoskrnl.exe]
ntoskrnl.exe+0x001277B5, Type: Inline - PushRet 0x805FE7B5-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001277CA, Type: Inline - RelativeJump 0x805FE7CA-->8057C92D [ntoskrnl.exe]
ntoskrnl.exe+0x00127A59, Type: Inline - RelativeCall 0x805FEA59-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00127A64, Type: Inline - DirectCall 0x805FEA64-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x00127BFC, Type: Inline - RelativeJump 0x805FEBFC-->8056F09C [ntoskrnl.exe]
ntoskrnl.exe+0x00127C01, Type: Inline - RelativeJump 0x805FEC01-->8056F081 [ntoskrnl.exe]
ntoskrnl.exe+0x00127DBC, Type: Inline - RelativeJump 0x805FEDBC-->80570242 [ntoskrnl.exe]
ntoskrnl.exe+0x00127DC1, Type: Inline - RelativeJump 0x805FEDC1-->805FEE20 [ntoskrnl.exe]
ntoskrnl.exe+0x00127F4A, Type: Inline - RelativeJump 0x805FEF4A-->8057803C [ntoskrnl.exe]
ntoskrnl.exe+0x00127F4F, Type: Inline - RelativeJump 0x805FEF4F-->80597572 [ntoskrnl.exe]
ntoskrnl.exe+0x00128559, Type: Inline - RelativeJump 0x805FF559-->805FF5AD [ntoskrnl.exe]
ntoskrnl.exe+0x0012857C, Type: Inline - RelativeJump 0x805FF57C-->805FF592 [ntoskrnl.exe]
ntoskrnl.exe+0x0012865E, Type: Inline - RelativeCall 0x805FF65E-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00128A2A, Type: Inline - RelativeJump 0x805FFA2A-->8057EF64 [ntoskrnl.exe]
ntoskrnl.exe+0x00128A34, Type: Inline - RelativeCall 0x805FFA34-->8057F011 [ntoskrnl.exe]
ntoskrnl.exe+0x00128A3A, Type: Inline - RelativeJump 0x805FFA3A-->8057EFC1 [ntoskrnl.exe]
ntoskrnl.exe+0x00128A41, Type: Inline - RelativeJump 0x805FFA41-->8057EF90 [ntoskrnl.exe]
ntoskrnl.exe+0x00128B6E, Type: Inline - RelativeJump 0x805FFB6E-->8057F135 [ntoskrnl.exe]
ntoskrnl.exe+0x00128B78, Type: Inline - RelativeJump 0x805FFB78-->805FFB8C [ntoskrnl.exe]
ntoskrnl.exe+0x00128C35, Type: Inline - RelativeJump 0x805FFC35-->80588672 [ntoskrnl.exe]
ntoskrnl.exe+0x00128C3C, Type: Inline - RelativeJump 0x805FFC3C-->805877B7 [ntoskrnl.exe]
ntoskrnl.exe+0x00128FFB, Type: Inline - RelativeJump 0x805FFFFB-->8056D0AE [ntoskrnl.exe]
ntoskrnl.exe+0x001290F9, Type: Inline - RelativeCall 0x806000F9-->805C4E81 [ntoskrnl.exe]
ntoskrnl.exe+0x001290FE, Type: Inline - RelativeJump 0x806000FE-->805DFDD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00129172, Type: Inline - RelativeCall 0x80600172-->8056C2C7 [ntoskrnl.exe]
ntoskrnl.exe+0x00129256, Type: Inline - PushRet 0x80600256-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00129307, Type: Inline - RelativeJump 0x80600307-->806002FC [ntoskrnl.exe]
ntoskrnl.exe+0x001293A1, Type: Inline - RelativeCall 0x806003A1-->80575533 [ntoskrnl.exe]
ntoskrnl.exe+0x00129493, Type: Inline - RelativeJump 0x80600493-->80582067 [ntoskrnl.exe]
ntoskrnl.exe+0x0012949A, Type: Inline - RelativeCall 0x8060049A-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x0012949F, Type: Inline - RelativeJump 0x8060049F-->80573DB4 [ntoskrnl.exe]
ntoskrnl.exe+0x001294A4, Type: Inline - RelativeJump 0x806004A4-->80573DC2 [ntoskrnl.exe]
ntoskrnl.exe+0x001294AB, Type: Inline - RelativeJump 0x806004AB-->8056CD00 [ntoskrnl.exe]
ntoskrnl.exe+0x0012969F, Type: Inline - RelativeCall 0x8060069F-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe+0x001297AA, Type: Inline - RelativeJump 0x806007AA-->806007D7 [ntoskrnl.exe]
ntoskrnl.exe+0x001297B5, Type: Inline - RelativeCall 0x806007B5-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001297BA, Type: Inline - RelativeJump 0x806007BA-->806007D7 [ntoskrnl.exe]
ntoskrnl.exe+0x001298E1, Type: Inline - RelativeCall 0x806008E1-->8AFFFCB6 [unknown_code_page]
ntoskrnl.exe+0x00129A96, Type: Inline - RelativeCall 0x80600A96-->80540E51 [ntoskrnl.exe]
ntoskrnl.exe+0x00129AA4, Type: Inline - RelativeJump 0x80600AA4-->80591E3E [ntoskrnl.exe]
ntoskrnl.exe+0x00129AA9, Type: Inline - RelativeCall 0x80600AA9-->80630CA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00129BAA, Type: Inline - RelativeJump 0x80600BAA-->8056DB47 [ntoskrnl.exe]
ntoskrnl.exe+0x00129BAF, Type: Inline - RelativeJump 0x80600BAF-->8056DACA [ntoskrnl.exe]
ntoskrnl.exe+0x00129D45, Type: Inline - RelativeJump 0x80600D45-->80600D63 [ntoskrnl.exe]
ntoskrnl.exe+0x00129EB7, Type: Inline - RelativeJump 0x80600EB7-->80600EC9 [ntoskrnl.exe]
ntoskrnl.exe+0x0012A23F, Type: Inline - RelativeJump 0x8060123F-->805E7658 [ntoskrnl.exe]
ntoskrnl.exe+0x0012A5BE, Type: Inline - RelativeJump 0x806015BE-->805B6F70 [ntoskrnl.exe]
ntoskrnl.exe+0x0012A72A, Type: Inline - RelativeJump 0x8060172A-->8058F47E [ntoskrnl.exe]
ntoskrnl.exe+0x0012A72F, Type: Inline - RelativeJump 0x8060172F-->8058F49A [ntoskrnl.exe]
ntoskrnl.exe+0x0012AA1B, Type: Inline - RelativeJump 0x80601A1B-->80601A27 [ntoskrnl.exe]
ntoskrnl.exe+0x0012AA2B, Type: Inline - RelativeJump 0x80601A2B-->8058F71B [ntoskrnl.exe]
ntoskrnl.exe+0x0012AAAD, Type: Inline - RelativeJump 0x80601AAD-->80601AE3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012AAC3, Type: Inline - RelativeJump 0x80601AC3-->80601AD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012AAF0, Type: Inline - PushRet 0x80601AF0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012AB07, Type: Inline - RelativeJump 0x80601B07-->80601AED [ntoskrnl.exe]
ntoskrnl.exe+0x0012AD79, Type: Inline - RelativeJump 0x80601D79-->80601D97 [ntoskrnl.exe]
ntoskrnl.exe+0x0012AD8F, Type: Inline - RelativeJump 0x80601D8F-->80601D97 [ntoskrnl.exe]
ntoskrnl.exe+0x0012AD92, Type: Inline - RelativeJump 0x80601D92-->80601EDB [ntoskrnl.exe]
ntoskrnl.exe+0x0012AEB3, Type: Inline - RelativeJump 0x80601EB3-->80601EB6 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B01A, Type: Inline - RelativeJump 0x8060201A-->805D49EB [ntoskrnl.exe]
ntoskrnl.exe+0x0012B084, Type: Inline - RelativeJump 0x80602084-->805C7D59 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B136, Type: Inline - RelativeJump 0x80602136-->805C7D77 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B13C, Type: Inline - RelativeJump 0x8060213C-->805C7D77 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B14D, Type: Inline - RelativeCall 0x8060214D-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B15C, Type: Inline - RelativeJump 0x8060215C-->805C7D77 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B171, Type: Inline - RelativeCall 0x80602171-->804F4295 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B17A, Type: Inline - RelativeJump 0x8060217A-->805C7D77 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B19B, Type: Inline - RelativeJump 0x8060219B-->805C7D8D [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1A0, Type: Inline - RelativeJump 0x806021A0-->806020CE [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1B0, Type: Inline - RelativeJump 0x806021B0-->806020CE [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1BE, Type: Inline - RelativeCall 0x806021BE-->8056F374 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1C5, Type: Inline - RelativeCall 0x806021C5-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1CC, Type: Inline - RelativeJump 0x806021CC-->806020CE [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1D1, Type: Inline - RelativeJump 0x806021D1-->8057EA70 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B1DD, Type: Inline - RelativeJump 0x806021DD-->806021EE [ntoskrnl.exe]
ntoskrnl.exe+0x0012B285, Type: Inline - RelativeJump 0x80602285-->805E4206 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B293, Type: Inline - RelativeCall 0x80602293-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B29A, Type: Inline - RelativeJump 0x8060229A-->805B9D5E [ntoskrnl.exe]
ntoskrnl.exe+0x0012B2C9, Type: Inline - RelativeJump 0x806022C9-->805B9E95 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B2D3, Type: Inline - RelativeCall 0x806022D3-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B314, Type: Inline - RelativeCall 0x80602314-->BA6010B9 [unknown_code_page]
ntoskrnl.exe+0x0012B42B, Type: Inline - RelativeCall 0x8060242B-->804E45EE [ntoskrnl.exe]
ntoskrnl.exe+0x0012B43B, Type: Inline - RelativeCall 0x8060243B-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0012B947, Type: Inline - RelativeJump 0x80602947-->805D9EB2 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BAF4, Type: Inline - PushRet 0x80602AF4-->E90889FF [unknown_code_page]
ntoskrnl.exe+0x0012BAF5, Type: Inline - RelativeJump 0x80602AF5-->80602AF8 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BB17, Type: Inline - RelativeJump 0x80602B17-->805D9C6B [ntoskrnl.exe]
ntoskrnl.exe+0x0012BB1C, Type: Inline - RelativeJump 0x80602B1C-->805D9C76 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BB23, Type: Inline - RelativeJump 0x80602B23-->805D9CC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BBD2, Type: Inline - RelativeJump 0x80602BD2-->80602BD6 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BC26, Type: Inline - RelativeJump 0x80602C26-->805DA0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BC2D, Type: Inline - RelativeCall 0x80602C2D-->805CD2BC [ntoskrnl.exe]
ntoskrnl.exe+0x0012BF96, Type: Inline - RelativeJump 0x80602F96-->80602F62 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BF9A, Type: Inline - RelativeJump 0x80602F9A-->8057F61C [ntoskrnl.exe]
ntoskrnl.exe+0x0012BFC5, Type: Inline - RelativeJump 0x80602FC5-->8057F639 [ntoskrnl.exe]
ntoskrnl.exe+0x0012BFCB, Type: Inline - RelativeJump 0x80602FCB-->805E830D [ntoskrnl.exe]
ntoskrnl.exe+0x0012C072, Type: Inline - RelativeCall 0x80603072-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C077, Type: Inline - RelativeJump 0x80603077-->8058489D [ntoskrnl.exe]
ntoskrnl.exe+0x0012C1B9, Type: Inline - RelativeJump 0x806031B9-->805E0E0A [ntoskrnl.exe]
ntoskrnl.exe+0x0012C1C5, Type: Inline - RelativeJump 0x806031C5-->80603200 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C246, Type: Inline - RelativeJump 0x80603246-->805E0E0A [ntoskrnl.exe]
ntoskrnl.exe+0x0012C379, Type: Inline - RelativeCall 0x80603379-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C3AC, Type: Inline - PushRet 0x806033AC-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012C3FC, Type: Inline - RelativeJump 0x806033FC-->806033E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C499, Type: Inline - RelativeJump 0x80603499-->8BFFF734 [unknown_code_page]
ntoskrnl.exe+0x0012C4A3, Type: Inline - RelativeCall 0x806034A3-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C4BC, Type: Inline - RelativeJump 0x806034BC-->805769ED [ntoskrnl.exe]
ntoskrnl.exe+0x0012C4E7, Type: Inline - RelativeJump 0x806034E7-->806032B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C5AA, Type: Inline - RelativeCall 0x806035AA-->805C8332 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C5B1, Type: Inline - RelativeJump 0x806035B1-->8057698A [ntoskrnl.exe]
ntoskrnl.exe+0x0012C5B8, Type: Inline - RelativeCall 0x806035B8-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C5BD, Type: Inline - RelativeJump 0x806035BD-->80576B12 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C7CA, Type: Inline - RelativeJump 0x806037CA-->806037D8 [ntoskrnl.exe]
ntoskrnl.exe+0x0012C89D, Type: Inline - RelativeJump 0x8060389D-->80603887 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CAA7, Type: Inline - PushRet 0x80603AA7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012CC60, Type: Inline - PushRet 0x80603C60-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012CD16, Type: Inline - PushRet 0x80603D16-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012CD25, Type: Inline - RelativeJump 0x80603D25-->80603C11 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CD2A, Type: Inline - RelativeJump 0x80603D2A-->80574C34 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CD5D, Type: Inline - PushRet 0x80603D5D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012CD76, Type: Inline - RelativeJump 0x80603D76-->80603C11 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CD7D, Type: Inline - RelativeJump 0x80603D7D-->80574C34 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CEC3, Type: Inline - PushRet 0x80603EC3-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012CEC7, Type: Inline - RelativeJump 0x80603EC7-->80603C11 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CF8F, Type: Inline - RelativeJump 0x80603F8F-->80603C11 [ntoskrnl.exe]
ntoskrnl.exe+0x0012CF96, Type: Inline - RelativeJump 0x80603F96-->8060429E [ntoskrnl.exe]
ntoskrnl.exe+0x0012D070, Type: Inline - RelativeJump 0x80604070-->8060404E [ntoskrnl.exe]
ntoskrnl.exe+0x0012D1A3, Type: Inline - RelativeJump 0x806041A3-->806041F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D29A, Type: Inline - RelativeJump 0x8060429A-->80604299 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D29E, Type: Inline - RelativeJump 0x8060429E-->80603D2A [ntoskrnl.exe]
ntoskrnl.exe+0x0012D2C2, Type: Inline - RelativeCall 0x806042C2-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x0012D2CC, Type: Inline - RelativeJump 0x806042CC-->80603DBA [ntoskrnl.exe]
ntoskrnl.exe+0x0012D606, Type: Inline - RelativeCall 0x80604606-->8056F40A [ntoskrnl.exe]
ntoskrnl.exe+0x0012D60B, Type: Inline - RelativeJump 0x8060460B-->8058DD5C [ntoskrnl.exe]
ntoskrnl.exe+0x0012D612, Type: Inline - RelativeCall 0x80604612-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D617, Type: Inline - RelativeJump 0x80604617-->8058DD7C [ntoskrnl.exe]
ntoskrnl.exe+0x0012D61C, Type: Inline - DirectCall 0x8060461C-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x0012D810, Type: Inline - RelativeJump 0x80604810-->805E472D [ntoskrnl.exe]
ntoskrnl.exe+0x0012D816, Type: Inline - RelativeJump 0x80604816-->8060482A [ntoskrnl.exe]
ntoskrnl.exe+0x0012D81A, Type: Inline - RelativeJump 0x8060481A-->806047D5 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D880, Type: Inline - PushRet 0x80604880-->8B077400 [unknown_code_page]
ntoskrnl.exe+0x0012D885, Type: Inline - RelativeCall 0x80604885-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D8E6, Type: Inline - RelativeJump 0x806048E6-->805B1491 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D8EB, Type: Inline - RelativeCall 0x806048EB-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D8F2, Type: Inline - RelativeJump 0x806048F2-->805B14BC [ntoskrnl.exe]
ntoskrnl.exe+0x0012D990, Type: Inline - RelativeJump 0x80604990-->805E8B15 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D99A, Type: Inline - RelativeCall 0x8060499A-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D9A2, Type: Inline - RelativeJump 0x806049A2-->805E8B2B [ntoskrnl.exe]
ntoskrnl.exe+0x0012D9CC, Type: Inline - PushRet 0x806049CC-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0012D9E3, Type: Inline - RelativeJump 0x806049E3-->806049F1 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D9EA, Type: Inline - RelativeCall 0x806049EA-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x0012D9F3, Type: Inline - RelativeJump 0x806049F3-->80580BE1 [ntoskrnl.exe]
ntoskrnl.exe+0x0012DB51, Type: Inline - RelativeCall 0x80604B51-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0012DB68, Type: Inline - RelativeJump 0x80604B68-->80604C1C [ntoskrnl.exe]
ntoskrnl.exe+0x0012DB74, Type: Inline - RelativeJump 0x80604B74-->80604C17 [ntoskrnl.exe]
ntoskrnl.exe+0x0012DC69, Type: Inline - DirectCall 0x80604C69-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0012DC6B, Type: Inline - RelativeCall 0x80604C6B-->8064CDC1 [ntoskrnl.exe]
ntoskrnl.exe+0x0012DC74, Type: Inline - RelativeJump 0x80604C74-->80575F57 [ntoskrnl.exe]
ntoskrnl.exe+0x0012DE12, Type: Inline - RelativeJump 0x80604E12-->805760EB [ntoskrnl.exe]
ntoskrnl.exe+0x0012DE1E, Type: Inline - RelativeJump 0x80604E1E-->805760DB [ntoskrnl.exe]
ntoskrnl.exe+0x0012DEC1, Type: Inline - RelativeJump 0x80604EC1-->80604EBE [ntoskrnl.exe]
ntoskrnl.exe+0x0012DEC5, Type: Inline - RelativeJump 0x80604EC5-->8059051C [ntoskrnl.exe]
ntoskrnl.exe+0x0012E16C, Type: Inline - RelativeJump 0x8060516C-->80595A15 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E1F5, Type: Inline - RelativeJump 0x806051F5-->805905A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E368, Type: Inline - RelativeJump 0x80605368-->805933E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E373, Type: Inline - RelativeJump 0x80605373-->80605359 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E3A0, Type: Inline - RelativeCall 0x806053A0-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E3AA, Type: Inline - RelativeCall 0x806053AA-->80593902 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E3B0, Type: Inline - RelativeCall 0x806053B0-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E40F, Type: Inline - RelativeJump 0x8060540F-->80575D28 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E420, Type: Inline - RelativeJump 0x80605420-->8060563C [ntoskrnl.exe]
ntoskrnl.exe+0x0012E4E2, Type: Inline - RelativeJump 0x806054E2-->805759A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E4E7, Type: Inline - RelativeCall 0x806054E7-->80662CE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E4EF, Type: Inline - RelativeJump 0x806054EF-->805759A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E76E, Type: Inline - RelativeCall 0x8060576E-->80632019 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E812, Type: Inline - RelativeJump 0x80605812-->805909EF [ntoskrnl.exe]
ntoskrnl.exe+0x0012E81B, Type: Inline - RelativeCall 0x8060581B-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E822, Type: Inline - RelativeJump 0x80605822-->80590A19 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E82E, Type: Inline - RelativeJump 0x8060582E-->80590A32 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E83C, Type: Inline - RelativeJump 0x8060583C-->80605843 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E89D, Type: Inline - RelativeJump 0x8060589D-->805936B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E8A2, Type: Inline - RelativeJump 0x806058A2-->806058D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E909, Type: Inline - RelativeCall 0x80605909-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E91E, Type: Inline - RelativeJump 0x8060591E-->80605922 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E929, Type: Inline - RelativeJump 0x80605929-->80605937 [ntoskrnl.exe]
ntoskrnl.exe+0x0012E9FC, Type: Inline - RelativeJump 0x806059FC-->80605A16 [ntoskrnl.exe]
ntoskrnl.exe+0x0012EBCC, Type: Inline - RelativeCall 0x80605BCC-->80519376 [ntoskrnl.exe]
ntoskrnl.exe+0x0012EC0C, Type: Inline - DirectCall 0x80605C0C-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x0012EC18, Type: Inline - RelativeJump 0x80605C18-->805E90F9 [ntoskrnl.exe]
ntoskrnl.exe+0x0012EC1D, Type: Inline - RelativeJump 0x80605C1D-->805E9109 [ntoskrnl.exe]
ntoskrnl.exe+0x0012ECC2, Type: Inline - RelativeJump 0x80605CC2-->805B23C3 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F019, Type: Inline - RelativeJump 0x80606019-->805D1191 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F06C, Type: Inline - RelativeJump 0x8060606C-->80606099 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F0E3, Type: Inline - RelativeJump 0x806060E3-->806060F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F187, Type: Inline - RelativeJump 0x80606187-->8060619A [ntoskrnl.exe]
ntoskrnl.exe+0x0012F45C, Type: Inline - RelativeJump 0x8060645C-->806064BC [ntoskrnl.exe]
ntoskrnl.exe+0x0012F526, Type: Inline - RelativeJump 0x80606526-->805DBF1E [ntoskrnl.exe]
ntoskrnl.exe+0x0012F589, Type: Inline - RelativeCall 0x80606589-->805AB8F4 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F59B, Type: Inline - RelativeJump 0x8060659B-->806065BF [ntoskrnl.exe]
ntoskrnl.exe+0x0012F7B3, Type: Inline - RelativeJump 0x806067B3-->80606870 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F7BB, Type: Inline - RelativeJump 0x806067BB-->806067D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0012F9DF, Type: Inline - DirectCall 0x806069DF-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x0012F9E7, Type: Inline - RelativeJump 0x806069E7-->805AB0E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0012FAE1, Type: Inline - RelativeJump 0x80606AE1-->80606AF0 [ntoskrnl.exe]
ntoskrnl.exe+0x0012FF9A, Type: Inline - RelativeJump 0x80606F9A-->80581C95 [ntoskrnl.exe]
ntoskrnl.exe+0x0012FFA0, Type: Inline - RelativeJump 0x80606FA0-->80581C95 [ntoskrnl.exe]
ntoskrnl.exe+0x0012FFB1, Type: Inline - RelativeJump 0x80606FB1-->80581C95 [ntoskrnl.exe]
ntoskrnl.exe+0x0012FFC1, Type: Inline - RelativeJump 0x80606FC1-->80606FD0 [ntoskrnl.exe]
ntoskrnl.exe+0x0013008B, Type: Inline - RelativeJump 0x8060708B-->8060709A [ntoskrnl.exe]
ntoskrnl.exe+0x00130128, Type: Inline - RelativeJump 0x80607128-->80570753 [ntoskrnl.exe]
ntoskrnl.exe+0x00130134, Type: Inline - RelativeJump 0x80607134-->80570899 [ntoskrnl.exe]
ntoskrnl.exe+0x0013013B, Type: Inline - RelativeJump 0x8060713B-->805E9F18 [ntoskrnl.exe]
ntoskrnl.exe+0x0013014A, Type: Inline - RelativeJump 0x8060714A-->8057088A [ntoskrnl.exe]
ntoskrnl.exe+0x0013031C, Type: Inline - RelativeCall 0x8060731C-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x00130322, Type: Inline - RelativeJump 0x80607322-->805BC4CE [ntoskrnl.exe]
ntoskrnl.exe+0x00130418, Type: Inline - RelativeJump 0x80607418-->805C2AE2 [ntoskrnl.exe]
ntoskrnl.exe+0x0013085A, Type: Inline - RelativeJump 0x8060785A-->8060786F [ntoskrnl.exe]
ntoskrnl.exe+0x001309DC, Type: Inline - RelativeJump 0x806079DC-->80607A4E [ntoskrnl.exe]
ntoskrnl.exe+0x00130B5E, Type: Inline - RelativeCall 0x80607B5E-->804E33F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00130B67, Type: Inline - RelativeJump 0x80607B67-->80607B8A [ntoskrnl.exe]
ntoskrnl.exe+0x00130C7A, Type: Inline - RelativeJump 0x80607C7A-->80607CB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00130E08, Type: Inline - RelativeJump 0x80607E08-->A8A87F1B [unknown_code_page]
ntoskrnl.exe+0x00130E3B, Type: Inline - RelativeJump 0x80607E3B-->80607EDD [ntoskrnl.exe]
ntoskrnl.exe+0x00130E46, Type: Inline - RelativeJump 0x80607E46-->80607E74 [ntoskrnl.exe]
ntoskrnl.exe+0x00130F63, Type: Inline - RelativeCall 0x80607F63-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe+0x00130F6F, Type: Inline - RelativeJump 0x80607F6F-->80607FA6 [ntoskrnl.exe]
ntoskrnl.exe+0x00131057, Type: Inline - RelativeJump 0x80608057-->80608065 [ntoskrnl.exe]
ntoskrnl.exe+0x001310C8, Type: Inline - RelativeJump 0x806080C8-->806080E0 [ntoskrnl.exe]
ntoskrnl.exe+0x001310D4, Type: Inline - RelativeJump 0x806080D4-->805ABCE2 [ntoskrnl.exe]
ntoskrnl.exe+0x001310E0, Type: Inline - RelativeJump 0x806080E0-->805ABCE2 [ntoskrnl.exe]
ntoskrnl.exe+0x00131123, Type: Inline - RelativeJump 0x80608123-->805ABD52 [ntoskrnl.exe]
ntoskrnl.exe+0x0013112D, Type: Inline - RelativeJump 0x8060812D-->805D890A [ntoskrnl.exe]
ntoskrnl.exe+0x00131290, Type: Inline - RelativeJump 0x80608290-->8057D947 [ntoskrnl.exe]
ntoskrnl.exe+0x001314DE, Type: Inline - RelativeCall 0x806084DE-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe+0x001314EA, Type: Inline - RelativeJump 0x806084EA-->8057DA8A [ntoskrnl.exe]
ntoskrnl.exe+0x00131576, Type: Inline - RelativeCall 0x80608576-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x00131582, Type: Inline - RelativeJump 0x80608582-->8057D3FF [ntoskrnl.exe]
ntoskrnl.exe+0x0013158B, Type: Inline - RelativeJump 0x8060858B-->8057D48B [ntoskrnl.exe]
ntoskrnl.exe+0x00131629, Type: Inline - RelativeJump 0x80608629-->80582271 [ntoskrnl.exe]
ntoskrnl.exe+0x0013178D, Type: Inline - RelativeJump 0x8060878D-->8058DBB1 [ntoskrnl.exe]
ntoskrnl.exe+0x00131792, Type: Inline - RelativeJump 0x80608792-->8058DC09 [ntoskrnl.exe]
ntoskrnl.exe+0x0013185B, Type: Inline - RelativeJump 0x8060885B-->D860860F [unknown_code_page]
ntoskrnl.exe+0x00131860, Type: Inline - RelativeCall 0x80608860-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe+0x00131865, Type: Inline - RelativeJump 0x80608865-->805E2CA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00131879, Type: Inline - RelativeJump 0x80608879-->805E2CF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0013187E, Type: Inline - RelativeJump 0x8060887E-->805E2CF7 [ntoskrnl.exe]
ntoskrnl.exe+0x00131888, Type: Inline - RelativeJump 0x80608888-->8060889D [ntoskrnl.exe]
ntoskrnl.exe+0x0013195E, Type: Inline - PushRet 0x8060895E-->F810C5E9 [unknown_code_page]
ntoskrnl.exe+0x0013195F, Type: Inline - RelativeJump 0x8060895F-->80589A29 [ntoskrnl.exe]
ntoskrnl.exe+0x00131964, Type: Inline - RelativeJump 0x80608964-->806089DA [ntoskrnl.exe]
ntoskrnl.exe+0x00131999, Type: Inline - RelativeJump 0x80608999-->8060898C [ntoskrnl.exe]
ntoskrnl.exe+0x001319CC, Type: Inline - RelativeJump 0x806089CC-->80608A58 [ntoskrnl.exe]
ntoskrnl.exe+0x00131DA7, Type: Inline - RelativeJump 0x80608DA7-->805B1CF4 [ntoskrnl.exe]
ntoskrnl.exe+0x00131DB4, Type: Inline - RelativeJump 0x80608DB4-->8058878D [ntoskrnl.exe]
ntoskrnl.exe+0x00131DBC, Type: Inline - RelativeJump 0x80608DBC-->80588798 [ntoskrnl.exe]
ntoskrnl.exe+0x00131DC4, Type: Inline - RelativeJump 0x80608DC4-->80608E98 [ntoskrnl.exe]
ntoskrnl.exe+0x00131DCC, Type: Inline - RelativeCall 0x80608DCC-->805DF5CA [ntoskrnl.exe]
ntoskrnl.exe+0x00131EC9, Type: Inline - RelativeJump 0x80608EC9-->805887D4 [ntoskrnl.exe]
ntoskrnl.exe+0x00131ED1, Type: Inline - RelativeJump 0x80608ED1-->805887D4 [ntoskrnl.exe]
ntoskrnl.exe+0x00131ED9, Type: Inline - RelativeJump 0x80608ED9-->80608F6F [ntoskrnl.exe]
ntoskrnl.exe+0x00132129, Type: Inline - RelativeJump 0x80609129-->80609204 [ntoskrnl.exe]
ntoskrnl.exe+0x0013219B, Type: Inline - RelativeJump 0x8060919B-->806091A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013219E, Type: Inline - RelativeJump 0x8060919E-->805B022A [ntoskrnl.exe]
ntoskrnl.exe+0x00132321, Type: Inline - RelativeCall 0x80609321-->8063C617 [ntoskrnl.exe]
ntoskrnl.exe+0x00132328, Type: Inline - RelativeJump 0x80609328-->805DFAC9 [ntoskrnl.exe]
ntoskrnl.exe+0x001325BA, Type: Inline - RelativeJump 0x806095BA-->8058836F [ntoskrnl.exe]
ntoskrnl.exe+0x001326E6, Type: Inline - RelativeJump 0x806096E6-->806096A7 [ntoskrnl.exe]
ntoskrnl.exe+0x00132712, Type: Inline - RelativeJump 0x80609712-->80609765 [ntoskrnl.exe]
ntoskrnl.exe+0x0013279C, Type: Inline - RelativeJump 0x8060979C-->80574EE4 [ntoskrnl.exe]
ntoskrnl.exe+0x00132840, Type: Inline - RelativeCall 0x80609840-->805738F5 [ntoskrnl.exe]
ntoskrnl.exe+0x00132858, Type: Inline - RelativeJump 0x80609858-->80609866 [ntoskrnl.exe]
ntoskrnl.exe+0x00132884, Type: Inline - RelativeJump 0x80609884-->8060985E [ntoskrnl.exe]
ntoskrnl.exe+0x00132EF0, Type: Inline - RelativeJump 0x80609EF0-->8059BA2A [ntoskrnl.exe]
ntoskrnl.exe+0x00132EF7, Type: Inline - RelativeJump 0x80609EF7-->805B6173 [ntoskrnl.exe]
ntoskrnl.exe+0x00133070, Type: Inline - RelativeJump 0x8060A070-->80588BD2 [ntoskrnl.exe]
ntoskrnl.exe+0x00133076, Type: Inline - RelativeJump 0x8060A076-->80588BFE [ntoskrnl.exe]
ntoskrnl.exe+0x0013307E, Type: Inline - RelativeJump 0x8060A07E-->80588C3F [ntoskrnl.exe]
ntoskrnl.exe+0x00133273, Type: Inline - RelativeJump 0x8060A273-->8060A281 [ntoskrnl.exe]
ntoskrnl.exe+0x001334BA, Type: Inline - RelativeJump 0x8060A4BA-->8060A4FC [ntoskrnl.exe]
ntoskrnl.exe+0x001334E8, Type: Inline - RelativeCall 0x8060A4E8-->804E4076 [ntoskrnl.exe]
ntoskrnl.exe+0x001334F6, Type: Inline - RelativeJump 0x8060A4F6-->8060A500 [ntoskrnl.exe]
ntoskrnl.exe+0x001334FC, Type: Inline - RelativeJump 0x8060A4FC-->8060A59E [ntoskrnl.exe]
ntoskrnl.exe+0x00133504, Type: Inline - RelativeJump 0x8060A504-->8060A59E [ntoskrnl.exe]
ntoskrnl.exe+0x00133563, Type: Inline - RelativeJump 0x8060A563-->8060A56D [ntoskrnl.exe]
ntoskrnl.exe+0x001335C3, Type: Inline - RelativeJump 0x8060A5C3-->8060A5D8 [ntoskrnl.exe]
ntoskrnl.exe+0x001336E7, Type: Inline - RelativeJump 0x8060A6E7-->8060A709 [ntoskrnl.exe]
ntoskrnl.exe+0x001338C5, Type: Inline - DirectCall 0x8060A8C5-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x001338CB, Type: Inline - RelativeJump 0x8060A8CB-->80589DB3 [ntoskrnl.exe]
ntoskrnl.exe+0x0013397D, Type: Inline - RelativeCall 0x8060A97D-->80573938 [ntoskrnl.exe]
ntoskrnl.exe+0x00133A00, Type: Inline - RelativeJump 0x8060AA00-->8060A9F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00133ADA, Type: Inline - RelativeCall 0x8060AADA-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00133C05, Type: Inline - RelativeJump 0x8060AC05-->8060AC29 [ntoskrnl.exe]
ntoskrnl.exe+0x00133D85, Type: Inline - RelativeJump 0x8060AD85-->805D429E [ntoskrnl.exe]
ntoskrnl.exe+0x00133D8C, Type: Inline - RelativeCall 0x8060AD8C-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00133D91, Type: Inline - RelativeJump 0x8060AD91-->805D1016 [ntoskrnl.exe]
ntoskrnl.exe+0x00133D96, Type: Inline - RelativeJump 0x8060AD96-->805D1023 [ntoskrnl.exe]
ntoskrnl.exe+0x00133D9D, Type: Inline - RelativeJump 0x8060AD9D-->8060ADAB [ntoskrnl.exe]
ntoskrnl.exe+0x0013424A, Type: Inline - RelativeJump 0x8060B24A-->8060B254 [ntoskrnl.exe]
ntoskrnl.exe+0x001344AF, Type: Inline - RelativeJump 0x8060B4AF-->8060B471 [ntoskrnl.exe]
ntoskrnl.exe+0x00134507, Type: Inline - RelativeJump 0x8060B507-->8060B51F [ntoskrnl.exe]
ntoskrnl.exe+0x001345D1, Type: Inline - RelativeJump 0x8060B5D1-->8060B5CE [ntoskrnl.exe]
ntoskrnl.exe+0x0013469E, Type: Inline - RelativeCall 0x8060B69E-->80573938 [ntoskrnl.exe]
ntoskrnl.exe+0x00134789, Type: Inline - RelativeJump 0x8060B789-->8060B7B0 [ntoskrnl.exe]
ntoskrnl.exe+0x00134949, Type: Inline - RelativeCall 0x8060B949-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x001349AA, Type: Inline - RelativeJump 0x8060B9AA-->8060B9FC [ntoskrnl.exe]
ntoskrnl.exe+0x00134B46, Type: Inline - RelativeJump 0x8060BB46-->8060BB4F [ntoskrnl.exe]
ntoskrnl.exe+0x00134B79, Type: Inline - RelativeJump 0x8060BB79-->8060BB8F [ntoskrnl.exe]
ntoskrnl.exe+0x00134F82, Type: Inline - RelativeJump 0x8060BF82-->80589F5F [ntoskrnl.exe]
ntoskrnl.exe+0x00135097, Type: Inline - RelativeJump 0x8060C097-->8060C0A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00135233, Type: Inline - PushRet 0x8060C233-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00135249, Type: Inline - RelativeJump 0x8060C249-->8058A116 [ntoskrnl.exe]
ntoskrnl.exe+0x0013525E, Type: Inline - RelativeJump 0x8060C25E-->8060C20C [ntoskrnl.exe]
ntoskrnl.exe+0x001352A0, Type: Inline - RelativeJump 0x8060C2A0-->8060C2BD [ntoskrnl.exe]
ntoskrnl.exe+0x001353A8, Type: Inline - RelativeJump 0x8060C3A8-->8060C37C [ntoskrnl.exe]
ntoskrnl.exe+0x001356C2, Type: Inline - RelativeJump 0x8060C6C2-->8060C734 [ntoskrnl.exe]
ntoskrnl.exe+0x00135806, Type: Inline - RelativeCall 0x8060C806-->80641AFB [ntoskrnl.exe]
ntoskrnl.exe+0x00135C8E, Type: Inline - RelativeCall 0x8060CC8E-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00135C93, Type: Inline - RelativeJump 0x8060CC93-->805E4BCE [ntoskrnl.exe]
ntoskrnl.exe+0x00135E76, Type: Inline - RelativeCall 0x8060CE76-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00135E7B, Type: Inline - RelativeJump 0x8060CE7B-->8058C301 [ntoskrnl.exe]
ntoskrnl.exe+0x00135E80, Type: Inline - RelativeJump 0x8060CE80-->8058C30E [ntoskrnl.exe]
ntoskrnl.exe+0x00135E87, Type: Inline - RelativeJump 0x8060CE87-->8060CEEB [ntoskrnl.exe]
ntoskrnl.exe+0x00135EFF, Type: Inline - PushRet 0x8060CEFF-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00135F0D, Type: Inline - RelativeJump 0x8060CF0D-->8060CF2D [ntoskrnl.exe]
ntoskrnl.exe+0x00135F62, Type: Inline - RelativeJump 0x8060CF62-->8058C339 [ntoskrnl.exe]
ntoskrnl.exe+0x00135F6A, Type: Inline - RelativeJump 0x8060CF6A-->8060CF8C [ntoskrnl.exe]
ntoskrnl.exe+0x001360A0, Type: Inline - RelativeCall 0x8060D0A0-->805D1E28 [ntoskrnl.exe]
ntoskrnl.exe+0x0013632D, Type: Inline - RelativeJump 0x8060D32D-->805AC52D [ntoskrnl.exe]
ntoskrnl.exe+0x0013654F, Type: Inline - RelativeCall 0x8060D54F-->8064315D [ntoskrnl.exe]
ntoskrnl.exe+0x00136559, Type: Inline - RelativeJump 0x8060D559-->8058142F [ntoskrnl.exe]
ntoskrnl.exe+0x0013655E, Type: Inline - RelativeJump 0x8060D55E-->805AF470 [ntoskrnl.exe]
ntoskrnl.exe+0x0013657A, Type: Inline - RelativeCall 0x8060D57A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00136581, Type: Inline - RelativeJump 0x8060D581-->805EAF40 [ntoskrnl.exe]
ntoskrnl.exe+0x0013660F, Type: Inline - RelativeJump 0x8060D60F-->8060D626 [ntoskrnl.exe]
ntoskrnl.exe+0x00136C78, Type: Inline - RelativeJump 0x8060DC78-->805ACA06 [ntoskrnl.exe]
ntoskrnl.exe+0x00136C81, Type: Inline - RelativeJump 0x8060DC81-->805ACA14 [ntoskrnl.exe]
ntoskrnl.exe+0x00136C88, Type: Inline - RelativeCall 0x8060DC88-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00136CB5, Type: Inline - RelativeJump 0x8060DCB5-->805ACA4D [ntoskrnl.exe]
ntoskrnl.exe+0x00136CCA, Type: Inline - RelativeCall 0x8060DCCA-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x00136D4D, Type: Inline - RelativeJump 0x8060DD4D-->805ACB69 [ntoskrnl.exe]
ntoskrnl.exe+0x00136D79, Type: Inline - PushRet 0x8060DD79-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00136E22, Type: Inline - RelativeCall 0x8060DE22-->8058C357 [ntoskrnl.exe]
ntoskrnl.exe+0x00136F6C, Type: Inline - RelativeJump 0x8060DF6C-->805EB05E [ntoskrnl.exe]
ntoskrnl.exe+0x00136F71, Type: Inline - DirectCall 0x8060DF71-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00136F76, Type: Inline - RelativeJump 0x8060DF76-->805EB069 [ntoskrnl.exe]
ntoskrnl.exe+0x00136F7B, Type: Inline - RelativeCall 0x8060DF7B-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00136F81, Type: Inline - RelativeJump 0x8060DF81-->805B3A9D [ntoskrnl.exe]
ntoskrnl.exe+0x00136F90, Type: Inline - RelativeCall 0x8060DF90-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x001370FA, Type: Inline - PushRet 0x8060E0FA-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00137106, Type: Inline - RelativeJump 0x8060E106-->8060E272 [ntoskrnl.exe]
ntoskrnl.exe+0x001372D8, Type: Inline - PushRet 0x8060E2D8-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001375A6, Type: Inline - RelativeCall 0x8060E5A6-->804E5547 [ntoskrnl.exe]
ntoskrnl.exe+0x001375AF, Type: Inline - RelativeCall 0x8060E5AF-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00137789, Type: Inline - RelativeJump 0x8060E789-->8060E272 [ntoskrnl.exe]
ntoskrnl.exe+0x00137884, Type: Inline - DirectCall 0x8060E884-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x00137890, Type: Inline - RelativeJump 0x8060E890-->805EAE1F [ntoskrnl.exe]
ntoskrnl.exe+0x00137895, Type: Inline - RelativeCall 0x8060E895-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0013789D, Type: Inline - RelativeJump 0x8060E89D-->805EAEAF [ntoskrnl.exe]
ntoskrnl.exe+0x00137934, Type: Inline - RelativeJump 0x8060E934-->8060E946 [ntoskrnl.exe]
ntoskrnl.exe+0x00137A66, Type: Inline - RelativeCall 0x8060EA66-->806366EB [ntoskrnl.exe]
ntoskrnl.exe+0x00137CFF, Type: Inline - RelativeJump 0x8060ECFF-->805B36F3 [ntoskrnl.exe]
ntoskrnl.exe+0x00137D4B, Type: Inline - RelativeJump 0x8060ED4B-->8060ED5F [ntoskrnl.exe]
ntoskrnl.exe+0x00137DCC, Type: Inline - DirectCall 0x8060EDCC-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x00137DD2, Type: Inline - RelativeJump 0x8060EDD2-->805B377D [ntoskrnl.exe]
ntoskrnl.exe+0x00137DE1, Type: Inline - RelativeJump 0x8060EDE1-->805B3644 [ntoskrnl.exe]
ntoskrnl.exe+0x00137FB1, Type: Inline - RelativeCall 0x8060EFB1-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe+0x00138016, Type: Inline - RelativeJump 0x8060F016-->8060F00A [ntoskrnl.exe]
ntoskrnl.exe+0x001382E4, Type: Inline - RelativeCall 0x8060F2E4-->804EAFBD [ntoskrnl.exe]
ntoskrnl.exe+0x00138482, Type: Inline - RelativeJump 0x8060F482-->805928D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0013875D, Type: Inline - RelativeJump 0x8060F75D-->805E8783 [ntoskrnl.exe]
ntoskrnl.exe+0x00138762, Type: Inline - RelativeJump 0x8060F762-->805B2044 [ntoskrnl.exe]
ntoskrnl.exe+0x00138847, Type: Inline - RelativeCall 0x8060F847-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00138B7D, Type: Inline - RelativeCall 0x8060FB7D-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x00138B82, Type: Inline - RelativeJump 0x8060FB82-->805B590F [ntoskrnl.exe]
ntoskrnl.exe+0x00138BBF, Type: Inline - PushRet 0x8060FBBF-->8BA5F302 [unknown_code_page]
ntoskrnl.exe+0x00138C61, Type: Inline - RelativeCall 0x8060FC61-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x00138EA6, Type: Inline - RelativeJump 0x8060FEA6-->805E4301 [ntoskrnl.exe]
ntoskrnl.exe+0x00138EAD, Type: Inline - RelativeJump 0x8060FEAD-->8060FF55 [ntoskrnl.exe]
ntoskrnl.exe+0x00138EB9, Type: Inline - RelativeJump 0x8060FEB9-->8060FEFC [ntoskrnl.exe]
ntoskrnl.exe+0x00138F9F, Type: Inline - RelativeJump 0x8060FF9F-->805E4303 [ntoskrnl.exe]
ntoskrnl.exe+0x00138FB6, Type: Inline - RelativeCall 0x8060FFB6-->805B56A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00138FBB, Type: Inline - RelativeJump 0x8060FFBB-->805E4301 [ntoskrnl.exe]
ntoskrnl.exe+0x00139002, Type: Inline - RelativeJump 0x80610002-->805B1597 [ntoskrnl.exe]
ntoskrnl.exe+0x001390AC, Type: Inline - RelativeJump 0x806100AC-->805B15A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013922E, Type: Inline - RelativeJump 0x8061022E-->8061026F [ntoskrnl.exe]
ntoskrnl.exe+0x001392AA, Type: Inline - RelativeJump 0x806102AA-->806102CD [ntoskrnl.exe]
ntoskrnl.exe+0x001392FB, Type: Inline - RelativeJump 0x806102FB-->805AAA41 [ntoskrnl.exe]
ntoskrnl.exe+0x00139302, Type: Inline - RelativeJump 0x80610302-->805AAB0F [ntoskrnl.exe]
ntoskrnl.exe+0x001394C8, Type: Inline - RelativeJump 0x806104C8-->8061056B [ntoskrnl.exe]
ntoskrnl.exe+0x001394EE, Type: Inline - RelativeJump 0x806104EE-->80610508 [ntoskrnl.exe]
ntoskrnl.exe+0x001395B4, Type: Inline - RelativeJump 0x806105B4-->805B1E31 [ntoskrnl.exe]
ntoskrnl.exe+0x001395BF, Type: Inline - RelativeJump 0x806105BF-->805B1D32 [ntoskrnl.exe]
ntoskrnl.exe+0x001396DF, Type: Inline - RelativeJump 0x806106DF-->805B1F5D [ntoskrnl.exe]
ntoskrnl.exe+0x001396E4, Type: Inline - RelativeJump 0x806106E4-->805B1F60 [ntoskrnl.exe]
ntoskrnl.exe+0x001396F5, Type: Inline - RelativeCall 0x806106F5-->8064AE63 [ntoskrnl.exe]
ntoskrnl.exe+0x001397CF, Type: Inline - RelativeJump 0x806107CF-->806107DE [ntoskrnl.exe]
ntoskrnl.exe+0x001397FC, Type: Inline - RelativeJump 0x806107FC-->8059F55E [ntoskrnl.exe]
ntoskrnl.exe+0x00139808, Type: Inline - RelativeJump 0x80610808-->805B1FD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00139853, Type: Inline - RelativeJump 0x80610853-->806107F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00139865, Type: Inline - RelativeJump 0x80610865-->80610894 [ntoskrnl.exe]
ntoskrnl.exe+0x001399EF, Type: Inline - RelativeJump 0x806109EF-->805A00DB [ntoskrnl.exe]
ntoskrnl.exe+0x001399FA, Type: Inline - RelativeJump 0x806109FA-->805A0115 [ntoskrnl.exe]
ntoskrnl.exe+0x001399FF, Type: Inline - RelativeCall 0x806109FF-->804EA4A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00139A0F, Type: Inline - RelativeCall 0x80610A0F-->805012EC [ntoskrnl.exe]
ntoskrnl.exe+0x00139CDC, Type: Inline - RelativeJump 0x80610CDC-->80610CED [ntoskrnl.exe]
ntoskrnl.exe+0x00139DF4, Type: Inline - RelativeJump 0x80610DF4-->80610DFA [ntoskrnl.exe]
ntoskrnl.exe+0x00139E36, Type: Inline - RelativeJump 0x80610E36-->80610E46 [ntoskrnl.exe]
ntoskrnl.exe+0x00139E56, Type: Inline - RelativeJump 0x80610E56-->80610E5C [ntoskrnl.exe]
ntoskrnl.exe+0x00139E5C, Type: Inline - RelativeJump 0x80610E5C-->80610E66 [ntoskrnl.exe]
ntoskrnl.exe+0x00139EE1, Type: Inline - RelativeJump 0x80610EE1-->80610EB3 [ntoskrnl.exe]
ntoskrnl.exe+0x00139EF1, Type: Inline - RelativeCall 0x80610EF1-->80514EA5 [ntoskrnl.exe]
ntoskrnl.exe+0x00139EF7, Type: Inline - RelativeJump 0x80610EF7-->80610F18 [ntoskrnl.exe]
ntoskrnl.exe+0x0013A10C, Type: Inline - RelativeJump 0x8061110C-->80611100 [ntoskrnl.exe]
ntoskrnl.exe+0x0013A110, Type: Inline - RelativeCall 0x80611110-->805E440F [ntoskrnl.exe]
ntoskrnl.exe+0x0013A11B, Type: Inline - RelativeJump 0x8061111B-->805E036E [ntoskrnl.exe]
ntoskrnl.exe+0x0013A121, Type: Inline - RelativeJump 0x80611121-->805D810B [ntoskrnl.exe]
ntoskrnl.exe+0x0013A1FE, Type: Inline - RelativeJump 0x806111FE-->8059FAE3 [ntoskrnl.exe]
ntoskrnl.exe+0x0013A26C, Type: Inline - RelativeJump 0x8061126C-->805BF9D8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013A316, Type: Inline - RelativeJump 0x80611316-->80611327 [ntoskrnl.exe]
ntoskrnl.exe+0x0013A6BC, Type: Inline - RelativeCall 0x806116BC-->80519648 [ntoskrnl.exe]
ntoskrnl.exe+0x0013A99B, Type: Inline - RelativeJump 0x8061199B-->8056F701 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AA00, Type: Inline - PushRet 0x80611A00-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013AA01, Type: Inline - RelativeJump 0x80611A01-->805745AC [ntoskrnl.exe]
ntoskrnl.exe+0x0013AA0E, Type: Inline - RelativeJump 0x80611A0E-->8058E828 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AA19, Type: Inline - RelativeCall 0x80611A19-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AA2D, Type: Inline - PushRet 0x80611A2D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013AA63, Type: Inline - RelativeJump 0x80611A63-->80611A74 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AAC7, Type: Inline - PushRet 0x80611AC7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013AAC8, Type: Inline - RelativeJump 0x80611AC8-->80611A8F [ntoskrnl.exe]
ntoskrnl.exe+0x0013AC00, Type: Inline - RelativeCall 0x80611C00-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AC0F, Type: Inline - PushRet 0x80611C0F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013AE2D, Type: Inline - RelativeCall 0x80611E2D-->805ACFF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AE56, Type: Inline - RelativeCall 0x80611E56-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x0013AE6E, Type: Inline - RelativeJump 0x80611E6E-->805B0B38 [ntoskrnl.exe]
ntoskrnl.exe+0x0013AE73, Type: Inline - RelativeJump 0x80611E73-->805B0C3B [ntoskrnl.exe]
ntoskrnl.exe+0x0013AE78, Type: Inline - RelativeJump 0x80611E78-->80611E9C [ntoskrnl.exe]
ntoskrnl.exe+0x0013AF16, Type: Inline - PushRet 0x80611F16-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013AF18, Type: Inline - RelativeJump 0x80611F18-->805B0BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B08C, Type: Inline - RelativeCall 0x8061208C-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B091, Type: Inline - RelativeJump 0x80612091-->805B0BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B12E, Type: Inline - PushRet 0x8061212E-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013B3F7, Type: Inline - PushRet 0x806123F7-->C183DC73 [unknown_code_page]
ntoskrnl.exe+0x0013B43E, Type: Inline - RelativeJump 0x8061243E-->80612444 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B486, Type: Inline - RelativeJump 0x80612486-->8061248C [ntoskrnl.exe]
ntoskrnl.exe+0x0013B539, Type: Inline - RelativeJump 0x80612539-->80612536 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B564, Type: Inline - RelativeJump 0x80612564-->80612577 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B5A9, Type: Inline - RelativeCall 0x806125A9-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B632, Type: Inline - RelativeJump 0x80612632-->8061263C [ntoskrnl.exe]
ntoskrnl.exe+0x0013B6C6, Type: Inline - RelativeJump 0x806126C6-->805BBBB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B76C, Type: Inline - RelativeJump 0x8061276C-->80612747 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B80D, Type: Inline - RelativeJump 0x8061280D-->805D3BC6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013B914, Type: Inline - RelativeJump 0x80612914-->80612978 [ntoskrnl.exe]
ntoskrnl.exe+0x0013BC50, Type: Inline - RelativeCall 0x80612C50-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013BC5D, Type: Inline - PushRet 0x80612C5D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013BE62, Type: Inline - RelativeJump 0x80612E62-->80612E7A [ntoskrnl.exe]
ntoskrnl.exe+0x0013BF2F, Type: Inline - DirectCall 0x80612F2F-->804D810C [ntoskrnl.exe]
ntoskrnl.exe+0x0013BF3B, Type: Inline - RelativeJump 0x80612F3B-->805E9D03 [ntoskrnl.exe]
ntoskrnl.exe+0x0013BF43, Type: Inline - RelativeCall 0x80612F43-->8050D57A [ntoskrnl.exe]
ntoskrnl.exe+0x0013BF58, Type: Inline - RelativeJump 0x80612F58-->805C86A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013C0BE, Type: Inline - RelativeJump 0x806130BE-->806130A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013C1E5, Type: Inline - PushRet 0x806131E5-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013C22A, Type: Inline - RelativeCall 0x8061322A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013C3A4, Type: Inline - PushRet 0x806133A4-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013C3A8, Type: Inline - RelativeJump 0x806133A8-->8059DBCC [ntoskrnl.exe]
ntoskrnl.exe+0x0013C3B2, Type: Inline - RelativeJump 0x806133B2-->805E3F7B [ntoskrnl.exe]
ntoskrnl.exe+0x0013C3BA, Type: Inline - RelativeCall 0x806133BA-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CAE4, Type: Inline - RelativeJump 0x80613AE4-->805CC273 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CAF4, Type: Inline - RelativeJump 0x80613AF4-->80613B5A [ntoskrnl.exe]
ntoskrnl.exe+0x0013CB50, Type: Inline - RelativeJump 0x80613B50-->80613B69 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CB7C, Type: Inline - RelativeCall 0x80613B7C-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CB82, Type: Inline - RelativeJump 0x80613B82-->805C8885 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CB90, Type: Inline - RelativeJump 0x80613B90-->805C88C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CC46, Type: Inline - RelativeCall 0x80613C46-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CCBA, Type: Inline - RelativeJump 0x80613CBA-->805CF79D [ntoskrnl.exe]
ntoskrnl.exe+0x0013CCC4, Type: Inline - RelativeCall 0x80613CC4-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013CF9A, Type: Inline - RelativeJump 0x80613F9A-->80613FD0 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D0D4, Type: Inline - RelativeJump 0x806140D4-->806140DC [ntoskrnl.exe]
ntoskrnl.exe+0x0013D25E, Type: Inline - RelativeJump 0x8061425E-->80614264 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D2CB, Type: Inline - RelativeCall 0x806142CB-->80684EBF [ntoskrnl.exe]
ntoskrnl.exe+0x0013D2D0, Type: Inline - RelativeJump 0x806142D0-->805AF4F1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D349, Type: Inline - RelativeJump 0x80614349-->805B0CEA [ntoskrnl.exe]
ntoskrnl.exe+0x0013D4A0, Type: Inline - PushRet 0x806144A0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0013D51B, Type: Inline - RelativeJump 0x8061451B-->806145A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D626, Type: Inline - RelativeJump 0x80614626-->8059245E [ntoskrnl.exe]
ntoskrnl.exe+0x0013D63A, Type: Inline - RelativeJump 0x8061463A-->8059245E [ntoskrnl.exe]
ntoskrnl.exe+0x0013D651, Type: Inline - RelativeJump 0x80614651-->8059245E [ntoskrnl.exe]
ntoskrnl.exe+0x0013D656, Type: Inline - RelativeJump 0x80614656-->8059245E [ntoskrnl.exe]
ntoskrnl.exe+0x0013D7DB, Type: Inline - RelativeJump 0x806147DB-->8059A820 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D7E7, Type: Inline - RelativeJump 0x806147E7-->8059A820 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D7F3, Type: Inline - RelativeJump 0x806147F3-->8059A820 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D7FA, Type: Inline - RelativeJump 0x806147FA-->8059A820 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D827, Type: Inline - RelativeJump 0x80614827-->8059A8DC [ntoskrnl.exe]
ntoskrnl.exe+0x0013D8D7, Type: Inline - RelativeCall 0x806148D7-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D8DF, Type: Inline - RelativeJump 0x806148DF-->8059A62F [ntoskrnl.exe]
ntoskrnl.exe+0x0013D8E4, Type: Inline - RelativeJump 0x806148E4-->80599C67 [ntoskrnl.exe]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:50 pm


ntoskrnl.exe+0x0013D8EE, Type: Inline - RelativeJump 0x806148EE-->80599EC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D976, Type: Inline - RelativeJump 0x80614976-->805E9F51 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D97B, Type: Inline - RelativeJump 0x8061497B-->8061498B [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9A9, Type: Inline - RelativeJump 0x806149A9-->806149BB [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9BD, Type: Inline - RelativeJump 0x806149BD-->8059B3DD [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9C9, Type: Inline - RelativeJump 0x806149C9-->8059B3DD [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9D1, Type: Inline - RelativeCall 0x806149D1-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9D9, Type: Inline - RelativeJump 0x806149D9-->8059B476 [ntoskrnl.exe]
ntoskrnl.exe+0x0013D9DF, Type: Inline - RelativeJump 0x806149DF-->806149BD [ntoskrnl.exe]
ntoskrnl.exe+0x0013DB9E, Type: Inline - RelativeJump 0x80614B9E-->80614BC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DD62, Type: Inline - RelativeJump 0x80614D62-->80614D86 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DED0, Type: Inline - RelativeJump 0x80614ED0-->80614EDA [ntoskrnl.exe]
ntoskrnl.exe+0x0013DF2A, Type: Inline - RelativeJump 0x80614F2A-->80614F34 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DF3C, Type: Inline - RelativeJump 0x80614F3C-->80614F46 [ntoskrnl.exe]
ntoskrnl.exe+0x0013DFBA, Type: Inline - RelativeJump 0x80614FBA-->80615037 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E15F, Type: Inline - RelativeJump 0x8061515F-->8061514B [ntoskrnl.exe]
ntoskrnl.exe+0x0013E328, Type: Inline - RelativeJump 0x80615328-->805D4676 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E332, Type: Inline - RelativeCall 0x80615332-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E3DB, Type: Inline - RelativeJump 0x806153DB-->806153EF [ntoskrnl.exe]
ntoskrnl.exe+0x0013E45D, Type: Inline - RelativeCall 0x8061545D-->804F7BCC [ntoskrnl.exe]
ntoskrnl.exe+0x0013E51E, Type: Inline - RelativeJump 0x8061551E-->8061553C [ntoskrnl.exe]
ntoskrnl.exe+0x0013E766, Type: Inline - RelativeJump 0x80615766-->8061576B [ntoskrnl.exe]
ntoskrnl.exe+0x0013E89F, Type: Inline - RelativeJump 0x8061589F-->806158BE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E8E8, Type: Inline - RelativeCall 0x806158E8-->805DA670 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E8EE, Type: Inline - RelativeJump 0x806158EE-->805788B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9DD, Type: Inline - RelativeJump 0x806159DD-->805997EE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9E8, Type: Inline - RelativeJump 0x806159E8-->805997EE [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9ED, Type: Inline - RelativeCall 0x806159ED-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0013E9F4, Type: Inline - RelativeJump 0x806159F4-->80615A66 [ntoskrnl.exe]
ntoskrnl.exe+0x0013ED4B, Type: Inline - RelativeCall 0x80615D4B-->8061C3F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F4CB, Type: Inline - DirectCall 0x806164CB-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0013F58E, Type: Inline - RelativeJump 0x8061658E-->80616592 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F70E, Type: Inline - RelativeJump 0x8061670E-->805D45B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F9F1, Type: Inline - RelativeJump 0x806169F1-->80616A07 [ntoskrnl.exe]
ntoskrnl.exe+0x0013F9F8, Type: Inline - RelativeJump 0x806169F8-->80616A11 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FB93, Type: Inline - RelativeJump 0x80616B93-->80616B85 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FC7C, Type: Inline - RelativeCall 0x80616C7C-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0013FC95, Type: Inline - RelativeJump 0x80616C95-->80616CD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FE93, Type: Inline - RelativeJump 0x80616E93-->805C8BE1 [ntoskrnl.exe]
ntoskrnl.exe+0x0013FEA1, Type: Inline - RelativeJump 0x80616EA1-->805C8BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00140007, Type: Inline - RelativeCall 0x80617007-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014000F, Type: Inline - RelativeCall 0x8061700F-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00140019, Type: Inline - RelativeJump 0x80617019-->805B7773 [ntoskrnl.exe]
ntoskrnl.exe+0x0014001E, Type: Inline - RelativeJump 0x8061701E-->80587A97 [ntoskrnl.exe]
ntoskrnl.exe+0x00140163, Type: Inline - RelativeJump 0x80617163-->805D69E0 [ntoskrnl.exe]
ntoskrnl.exe+0x00140168, Type: Inline - RelativeCall 0x80617168-->80587586 [ntoskrnl.exe]
ntoskrnl.exe+0x00140194, Type: Inline - RelativeJump 0x80617194-->805E135F [ntoskrnl.exe]
ntoskrnl.exe+0x001401A0, Type: Inline - PushRet 0x806171A0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014030A, Type: Inline - RelativeJump 0x8061730A-->8061731A [ntoskrnl.exe]
ntoskrnl.exe+0x0014031C, Type: Inline - RelativeJump 0x8061731C-->80586ED9 [ntoskrnl.exe]
ntoskrnl.exe+0x00140324, Type: Inline - RelativeJump 0x80617324-->80586EEC [ntoskrnl.exe]
ntoskrnl.exe+0x001407E2, Type: Inline - RelativeJump 0x806177E2-->80587179 [ntoskrnl.exe]
ntoskrnl.exe+0x001407E7, Type: Inline - RelativeJump 0x806177E7-->8058719C [ntoskrnl.exe]
ntoskrnl.exe+0x001407EC, Type: Inline - RelativeJump 0x806177EC-->806177FD [ntoskrnl.exe]
ntoskrnl.exe+0x001407F5, Type: Inline - DirectCall 0x806177F5-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00140A1B, Type: Inline - RelativeJump 0x80617A1B-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A27, Type: Inline - RelativeJump 0x80617A27-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A2C, Type: Inline - RelativeJump 0x80617A2C-->805D684D [ntoskrnl.exe]
ntoskrnl.exe+0x00140A6C, Type: Inline - RelativeJump 0x80617A6C-->80617A7E [ntoskrnl.exe]
ntoskrnl.exe+0x00140A7C, Type: Inline - RelativeJump 0x80617A7C-->805D684A [ntoskrnl.exe]
ntoskrnl.exe+0x00140B36, Type: Inline - RelativeJump 0x80617B36-->8057274A [ntoskrnl.exe]
ntoskrnl.exe+0x00140B3B, Type: Inline - RelativeCall 0x80617B3B-->80570360 [ntoskrnl.exe]
ntoskrnl.exe+0x00140B7C, Type: Inline - RelativeJump 0x80617B7C-->805726BD [ntoskrnl.exe]
ntoskrnl.exe+0x00140B83, Type: Inline - RelativeJump 0x80617B83-->80572732 [ntoskrnl.exe]
ntoskrnl.exe+0x00140B95, Type: Inline - RelativeJump 0x80617B95-->80617BC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00140BDF, Type: Inline - RelativeJump 0x80617BDF-->80586182 [ntoskrnl.exe]
ntoskrnl.exe+0x00140C19, Type: Inline - RelativeJump 0x80617C19-->80617C3F [ntoskrnl.exe]
ntoskrnl.exe+0x00140C1E, Type: Inline - RelativeJump 0x80617C1E-->80617CBB [ntoskrnl.exe]
ntoskrnl.exe+0x00140C2A, Type: Inline - RelativeJump 0x80617C2A-->80617CC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00140EAB, Type: Inline - RelativeJump 0x80617EAB-->80617EB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00140FFF, Type: Inline - RelativeCall 0x80617FFF-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00141008, Type: Inline - RelativeJump 0x80618008-->805DC66A [ntoskrnl.exe]
ntoskrnl.exe+0x001410DA, Type: Inline - RelativeCall 0x806180DA-->805E1B20 [ntoskrnl.exe]
ntoskrnl.exe+0x001410E9, Type: Inline - RelativeJump 0x806180E9-->80618130 [ntoskrnl.exe]
ntoskrnl.exe+0x001410EC, Type: Inline - RelativeJump 0x806180EC-->80618116 [ntoskrnl.exe]
ntoskrnl.exe+0x001412F4, Type: Inline - RelativeJump 0x806182F4-->80618305 [ntoskrnl.exe]
ntoskrnl.exe+0x00141415, Type: Inline - PushRet 0x80618415-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014149D, Type: Inline - RelativeJump 0x8061849D-->8058056C [ntoskrnl.exe]
ntoskrnl.exe+0x001414A6, Type: Inline - RelativeJump 0x806184A6-->806184E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00141540, Type: Inline - RelativeCall 0x80618540-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00141872, Type: Inline - RelativeJump 0x80618872-->80578624 [ntoskrnl.exe]
ntoskrnl.exe+0x00141889, Type: Inline - RelativeJump 0x80618889-->80618874 [ntoskrnl.exe]
ntoskrnl.exe+0x001418BC, Type: Inline - RelativeJump 0x806188BC-->806188C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001419CE, Type: Inline - RelativeCall 0x806189CE-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001419D6, Type: Inline - RelativeCall 0x806189D6-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x00141F17, Type: Inline - RelativeJump 0x80618F17-->80573349 [ntoskrnl.exe]
ntoskrnl.exe+0x00141F1E, Type: Inline - RelativeJump 0x80618F1E-->805EB444 [ntoskrnl.exe]
ntoskrnl.exe+0x00141F6D, Type: Inline - RelativeJump 0x80618F6D-->80618F7D [ntoskrnl.exe]
ntoskrnl.exe+0x00141F82, Type: Inline - RelativeJump 0x80618F82-->80618F9C [ntoskrnl.exe]
ntoskrnl.exe+0x0014202B, Type: Inline - RelativeJump 0x8061902B-->80619041 [ntoskrnl.exe]
ntoskrnl.exe+0x001421FE, Type: Inline - RelativeJump 0x806191FE-->80619228 [ntoskrnl.exe]
ntoskrnl.exe+0x00142225, Type: Inline - RelativeJump 0x80619225-->80619233 [ntoskrnl.exe]
ntoskrnl.exe+0x00142253, Type: Inline - RelativeJump 0x80619253-->80597905 [ntoskrnl.exe]
ntoskrnl.exe+0x00142264, Type: Inline - RelativeJump 0x80619264-->805D4FFC [ntoskrnl.exe]
ntoskrnl.exe+0x0014226B, Type: Inline - RelativeJump 0x8061926B-->8061928C [ntoskrnl.exe]
ntoskrnl.exe+0x001422E1, Type: Inline - RelativeJump 0x806192E1-->8059824B [ntoskrnl.exe]
ntoskrnl.exe+0x0014231D, Type: Inline - RelativeJump 0x8061931D-->80597A14 [ntoskrnl.exe]
ntoskrnl.exe+0x0014246F, Type: Inline - RelativeCall 0x8061946F-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00142475, Type: Inline - RelativeJump 0x80619475-->805D6DA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0014247A, Type: Inline - RelativeJump 0x8061947A-->8061948C [ntoskrnl.exe]
ntoskrnl.exe+0x00142481, Type: Inline - RelativeJump 0x80619481-->80619483 [ntoskrnl.exe]
ntoskrnl.exe+0x0014250D, Type: Inline - RelativeJump 0x8061950D-->805D6ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x00142537, Type: Inline - RelativeJump 0x80619537-->80619549 [ntoskrnl.exe]
ntoskrnl.exe+0x00142542, Type: Inline - RelativeJump 0x80619542-->80619550 [ntoskrnl.exe]
ntoskrnl.exe+0x001425C4, Type: Inline - RelativeJump 0x806195C4-->806195C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001425D7, Type: Inline - RelativeJump 0x806195D7-->806195E8 [ntoskrnl.exe]
ntoskrnl.exe+0x001425E3, Type: Inline - RelativeJump 0x806195E3-->806195E7 [ntoskrnl.exe]
ntoskrnl.exe+0x001425E8, Type: Inline - RelativeJump 0x806195E8-->806195E2 [ntoskrnl.exe]
ntoskrnl.exe+0x001425EC, Type: Inline - PushRet 0x806195EC-->EBFFF7EF [unknown_code_page]
ntoskrnl.exe+0x001425F0, Type: Inline - RelativeJump 0x806195F0-->806195A2 [ntoskrnl.exe]
ntoskrnl.exe+0x00142607, Type: Inline - RelativeJump 0x80619607-->80619595 [ntoskrnl.exe]
ntoskrnl.exe+0x00142615, Type: Inline - RelativeJump 0x80619615-->80619606 [ntoskrnl.exe]
ntoskrnl.exe+0x00142619, Type: Inline - RelativeJump 0x80619619-->8061962A [ntoskrnl.exe]
ntoskrnl.exe+0x0014262A, Type: Inline - RelativeJump 0x8061962A-->8061959E [ntoskrnl.exe]
ntoskrnl.exe+0x00142630, Type: Inline - RelativeJump 0x80619630-->8061959E [ntoskrnl.exe]
ntoskrnl.exe+0x0014263B, Type: Inline - RelativeJump 0x8061963B-->8061959B [ntoskrnl.exe]
ntoskrnl.exe+0x00142740, Type: Inline - RelativeJump 0x80619740-->8061976E [ntoskrnl.exe]
ntoskrnl.exe+0x0014274A, Type: Inline - RelativeJump 0x8061974A-->805DB282 [ntoskrnl.exe]
ntoskrnl.exe+0x00142754, Type: Inline - RelativeCall 0x80619754-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x0014275D, Type: Inline - RelativeJump 0x8061975D-->805DB282 [ntoskrnl.exe]
ntoskrnl.exe+0x00142763, Type: Inline - RelativeJump 0x80619763-->8061975D [ntoskrnl.exe]
ntoskrnl.exe+0x001427BE, Type: Inline - RelativeJump 0x806197BE-->806197A8 [ntoskrnl.exe]
ntoskrnl.exe+0x00142816, Type: Inline - RelativeJump 0x80619816-->80619825 [ntoskrnl.exe]
ntoskrnl.exe+0x00142825, Type: Inline - RelativeJump 0x80619825-->80619834 [ntoskrnl.exe]
ntoskrnl.exe+0x00142A59, Type: Inline - RelativeJump 0x80619A59-->805E12AA [ntoskrnl.exe]
ntoskrnl.exe+0x00142A63, Type: Inline - RelativeCall 0x80619A63-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x00142B5B, Type: Inline - RelativeJump 0x80619B5B-->805E15F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00142B65, Type: Inline - RelativeJump 0x80619B65-->805E1602 [ntoskrnl.exe]
ntoskrnl.exe+0x00142B6A, Type: Inline - RelativeJump 0x80619B6A-->80619B84 [ntoskrnl.exe]
ntoskrnl.exe+0x00142C66, Type: Inline - RelativeJump 0x80619C66-->80619D56 [ntoskrnl.exe]
ntoskrnl.exe+0x00142C70, Type: Inline - RelativeJump 0x80619C70-->80619D56 [ntoskrnl.exe]
ntoskrnl.exe+0x00143168, Type: Inline - RelativeJump 0x8061A168-->80586DE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00143173, Type: Inline - RelativeCall 0x8061A173-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00143846, Type: Inline - RelativeJump 0x8061A846-->8061A7FB [ntoskrnl.exe]
ntoskrnl.exe+0x00143868, Type: Inline - RelativeJump 0x8061A868-->8061A85B [ntoskrnl.exe]
ntoskrnl.exe+0x00143B6E, Type: Inline - RelativeJump 0x8061AB6E-->8061AB87 [ntoskrnl.exe]
ntoskrnl.exe+0x00143BC2, Type: Inline - RelativeJump 0x8061ABC2-->8061ABA7 [ntoskrnl.exe]
ntoskrnl.exe+0x00143BFA, Type: Inline - RelativeCall 0x8061ABFA-->8065FCB9 [ntoskrnl.exe]
ntoskrnl.exe+0x00143C00, Type: Inline - RelativeJump 0x8061AC00-->805D5F8A [ntoskrnl.exe]
ntoskrnl.exe+0x00143DCA, Type: Inline - RelativeJump 0x8061ADCA-->80586722 [ntoskrnl.exe]
ntoskrnl.exe+0x00143DCF, Type: Inline - RelativeJump 0x8061ADCF-->8061ADED [ntoskrnl.exe]
ntoskrnl.exe+0x00143F4B, Type: Inline - DirectCall 0x8061AF4B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00143F4F, Type: Inline - RelativeJump 0x8061AF4F-->805DB32A [ntoskrnl.exe]
ntoskrnl.exe+0x00143F54, Type: Inline - RelativeJump 0x8061AF54-->805DB30D [ntoskrnl.exe]
ntoskrnl.exe+0x00144254, Type: Inline - RelativeJump 0x8061B254-->8061B2DF [ntoskrnl.exe]
ntoskrnl.exe+0x00144433, Type: Inline - RelativeJump 0x8061B433-->8061B458 [ntoskrnl.exe]
ntoskrnl.exe+0x00144486, Type: Inline - RelativeCall 0x8061B486-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x0014448F, Type: Inline - RelativeJump 0x8061B48F-->8061B4BC [ntoskrnl.exe]
ntoskrnl.exe+0x00144713, Type: Inline - RelativeCall 0x8061B713-->8058020A [ntoskrnl.exe]
ntoskrnl.exe+0x00144719, Type: Inline - RelativeJump 0x8061B719-->8061B72A [ntoskrnl.exe]
ntoskrnl.exe+0x00144726, Type: Inline - RelativeJump 0x8061B726-->805D5179 [ntoskrnl.exe]
ntoskrnl.exe+0x00144730, Type: Inline - RelativeJump 0x8061B730-->805D5179 [ntoskrnl.exe]
ntoskrnl.exe+0x0014473F, Type: Inline - RelativeJump 0x8061B73F-->805D522D [ntoskrnl.exe]
ntoskrnl.exe+0x00144750, Type: Inline - RelativeJump 0x8061B750-->8061B768 [ntoskrnl.exe]
ntoskrnl.exe+0x001448C1, Type: Inline - PushRet 0x8061B8C1-->8B804D81 [unknown_code_page]
ntoskrnl.exe+0x001448C2, Type: Inline - DirectCall 0x8061B8C2-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x00144989, Type: Inline - PushRet 0x8061B989-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00144993, Type: Inline - RelativeCall 0x8061B993-->DDEB94CB [unknown_code_page]
ntoskrnl.exe+0x00144B9C, Type: Inline - RelativeJump 0x8061BB9C-->805A0D34 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BB2, Type: Inline - RelativeJump 0x8061BBB2-->805A0D50 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BB7, Type: Inline - RelativeJump 0x8061BBB7-->805A0D69 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BBF, Type: Inline - RelativeJump 0x8061BBBF-->805A0D82 [ntoskrnl.exe]
ntoskrnl.exe+0x00144BCE, Type: Inline - RelativeJump 0x8061BBCE-->805A1290 [ntoskrnl.exe]
ntoskrnl.exe+0x00144CA9, Type: Inline - RelativeJump 0x8061BCA9-->805DCEDC [ntoskrnl.exe]
ntoskrnl.exe+0x00144EFF, Type: Inline - RelativeJump 0x8061BEFF-->8061BF1E [ntoskrnl.exe]
ntoskrnl.exe+0x00145040, Type: Inline - RelativeCall 0x8061C040-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00145045, Type: Inline - PushRet 0x8061C045-->90900014 [unknown_code_page]
ntoskrnl.exe+0x0014508B, Type: Inline - RelativeJump 0x8061C08B-->8061C096 [ntoskrnl.exe]
ntoskrnl.exe+0x00145092, Type: Inline - RelativeJump 0x8061C092-->8061C0A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014517B, Type: Inline - RelativeJump 0x8061C17B-->8061C189 [ntoskrnl.exe]
ntoskrnl.exe+0x00145183, Type: Inline - RelativeJump 0x8061C183-->8061C1AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014528C, Type: Inline - RelativeCall 0x8061C28C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x001452A3, Type: Inline - RelativeJump 0x8061C2A3-->8061C376 [ntoskrnl.exe]
ntoskrnl.exe+0x001452B0, Type: Inline - RelativeCall 0x8061C2B0-->8064CBAC [ntoskrnl.exe]
ntoskrnl.exe+0x001452C4, Type: Inline - RelativeJump 0x8061C2C4-->8061C2E4 [ntoskrnl.exe]
ntoskrnl.exe+0x001454B8, Type: Inline - RelativeCall 0x8061C4B8-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x001454C9, Type: Inline - RelativeJump 0x8061C4C9-->8061C4E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014563F, Type: Inline - RelativeCall 0x8061C63F-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00145673, Type: Inline - RelativeJump 0x8061C673-->8061C678 [ntoskrnl.exe]
ntoskrnl.exe+0x001457AD, Type: Inline - RelativeJump 0x8061C7AD-->8061C7DE [ntoskrnl.exe]
ntoskrnl.exe+0x0014585D, Type: Inline - RelativeJump 0x8061C85D-->8061C879 [ntoskrnl.exe]
ntoskrnl.exe+0x00145A23, Type: Inline - RelativeJump 0x8061CA23-->8061CA84 [ntoskrnl.exe]
ntoskrnl.exe+0x00145A84, Type: Inline - RelativeJump 0x8061CA84-->8061CAD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00145C89, Type: Inline - RelativeJump 0x8061CC89-->8061CF21 [ntoskrnl.exe]
ntoskrnl.exe+0x00145CA6, Type: Inline - RelativeJump 0x8061CCA6-->8061CCB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00145CBB, Type: Inline - RelativeJump 0x8061CCBB-->8061CD56 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D1A, Type: Inline - RelativeCall 0x8061CD1A-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D30, Type: Inline - RelativeJump 0x8061CD30-->8061CD49 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D4A, Type: Inline - RelativeJump 0x8061CD4A-->8061CC8E [ntoskrnl.exe]
ntoskrnl.exe+0x00145D5B, Type: Inline - RelativeCall 0x8061CD5B-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D6C, Type: Inline - RelativeJump 0x8061CD6C-->8061CCD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00145D7E, Type: Inline - RelativeJump 0x8061CD7E-->8061CD99 [ntoskrnl.exe]
ntoskrnl.exe+0x00145E27, Type: Inline - RelativeJump 0x8061CE27-->8061CE57 [ntoskrnl.exe]
ntoskrnl.exe+0x0014606E, Type: Inline - RelativeJump 0x8061D06E-->8061D24C [ntoskrnl.exe]
ntoskrnl.exe+0x00146078, Type: Inline - RelativeJump 0x8061D078-->8061D0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00146083, Type: Inline - RelativeCall 0x8061D083-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x001460C8, Type: Inline - RelativeJump 0x8061D0C8-->8061D0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x001460CE, Type: Inline - RelativeJump 0x8061D0CE-->8061D0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00146213, Type: Inline - RelativeJump 0x8061D213-->8061D23F [ntoskrnl.exe]
ntoskrnl.exe+0x00146229, Type: Inline - RelativeJump 0x8061D229-->8061D239 [ntoskrnl.exe]
ntoskrnl.exe+0x0014628D, Type: Inline - RelativeJump 0x8061D28D-->8061D624 [ntoskrnl.exe]
ntoskrnl.exe+0x00146334, Type: Inline - RelativeJump 0x8061D334-->8061D616 [ntoskrnl.exe]
ntoskrnl.exe+0x00146347, Type: Inline - RelativeJump 0x8061D347-->8061D356 [ntoskrnl.exe]
ntoskrnl.exe+0x0014634D, Type: Inline - RelativeJump 0x8061D34D-->8061D616 [ntoskrnl.exe]
ntoskrnl.exe+0x0014643A, Type: Inline - RelativeJump 0x8061D43A-->8061D624 [ntoskrnl.exe]
ntoskrnl.exe+0x00146685, Type: Inline - RelativeJump 0x8061D685-->8061D69B [ntoskrnl.exe]
ntoskrnl.exe+0x001466A2, Type: Inline - RelativeJump 0x8061D6A2-->8AD822E0 [unknown_code_page]
ntoskrnl.exe+0x001467F2, Type: Inline - RelativeJump 0x8061D7F2-->8061D83A [ntoskrnl.exe]
ntoskrnl.exe+0x00146A08, Type: Inline - RelativeJump 0x8061DA08-->8061DA20 [ntoskrnl.exe]
ntoskrnl.exe+0x00146A1C, Type: Inline - RelativeCall 0x8061DA1C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x00146A26, Type: Inline - PushRet 0x8061DA26-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x00146CC7, Type: Inline - RelativeJump 0x8061DCC7-->8061DF50 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D42, Type: Inline - RelativeJump 0x8061DD42-->8061DD77 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D6C, Type: Inline - RelativeJump 0x8061DD6C-->8061DD83 [ntoskrnl.exe]
ntoskrnl.exe+0x00146D84, Type: Inline - RelativeJump 0x8061DD84-->8061DDDE [ntoskrnl.exe]
ntoskrnl.exe+0x00146D90, Type: Inline - RelativeJump 0x8061DD90-->8061DDFE [ntoskrnl.exe]
ntoskrnl.exe+0x00146DB7, Type: Inline - RelativeJump 0x8061DDB7-->8061DD47 [ntoskrnl.exe]
ntoskrnl.exe+0x00146DF2, Type: Inline - RelativeJump 0x8061DDF2-->8061DE85 [ntoskrnl.exe]
ntoskrnl.exe+0x00146DF8, Type: Inline - RelativeJump 0x8061DDF8-->8061DE85 [ntoskrnl.exe]
ntoskrnl.exe+0x00146EDC, Type: Inline - RelativeJump 0x8061DEDC-->8061DEF6 [ntoskrnl.exe]
ntoskrnl.exe+0x00146F78, Type: Inline - RelativeJump 0x8061DF78-->8061DF88 [ntoskrnl.exe]
ntoskrnl.exe+0x00147001, Type: Inline - RelativeJump 0x8061E001-->8061E05E [ntoskrnl.exe]
ntoskrnl.exe+0x00147049, Type: Inline - RelativeJump 0x8061E049-->8061E047 [ntoskrnl.exe]
ntoskrnl.exe+0x00147155, Type: Inline - RelativeJump 0x8061E155-->8061E171 [ntoskrnl.exe]
ntoskrnl.exe+0x001471BD, Type: Inline - RelativeJump 0x8061E1BD-->8061E1DB [ntoskrnl.exe]
ntoskrnl.exe+0x0014739B, Type: Inline - RelativeJump 0x8061E39B-->8061E49C [ntoskrnl.exe]
ntoskrnl.exe+0x00147476, Type: Inline - RelativeJump 0x8061E476-->8061E48C [ntoskrnl.exe]
ntoskrnl.exe+0x00147532, Type: Inline - RelativeJump 0x8061E532-->8061E53E [ntoskrnl.exe]
ntoskrnl.exe+0x001478B1, Type: Inline - RelativeJump 0x8061E8B1-->8061E8A3 [ntoskrnl.exe]
ntoskrnl.exe+0x001478BD, Type: Inline - RelativeCall 0x8061E8BD-->80518DB9 [ntoskrnl.exe]
ntoskrnl.exe+0x001478CD, Type: Inline - RelativeJump 0x8061E8CD-->8061EB07 [ntoskrnl.exe]
ntoskrnl.exe+0x001478D6, Type: Inline - RelativeCall 0x8061E8D6-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x00147A6E, Type: Inline - RelativeJump 0x8061EA6E-->8061EA87 [ntoskrnl.exe]
ntoskrnl.exe+0x0014810A, Type: Inline - RelativeJump 0x8061F10A-->8061F0EC [ntoskrnl.exe]
ntoskrnl.exe+0x00148191, Type: Inline - RelativeJump 0x8061F191-->8061F250 [ntoskrnl.exe]
ntoskrnl.exe+0x001482EE, Type: Inline - RelativeJump 0x8061F2EE-->8061F300 [ntoskrnl.exe]
ntoskrnl.exe+0x00148384, Type: Inline - RelativeJump 0x8061F384-->8061F3BA [ntoskrnl.exe]
ntoskrnl.exe+0x00148392, Type: Inline - RelativeCall 0x8061F392-->8061EF09 [ntoskrnl.exe]
ntoskrnl.exe+0x00148883, Type: Inline - RelativeJump 0x8061F883-->8061F9A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0014888B, Type: Inline - RelativeJump 0x8061F88B-->8061F89B [ntoskrnl.exe]
ntoskrnl.exe+0x00148912, Type: Inline - RelativeJump 0x8061F912-->8061F97B [ntoskrnl.exe]
ntoskrnl.exe+0x001489A4, Type: Inline - RelativeCall 0x8061F9A4-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001489B5, Type: Inline - PushRet 0x8061F9B5-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00148A60, Type: Inline - RelativeCall 0x8061FA60-->8061F25F [ntoskrnl.exe]
ntoskrnl.exe+0x00148A91, Type: Inline - RelativeJump 0x8061FA91-->8061FAC3 [ntoskrnl.exe]
ntoskrnl.exe+0x00148A94, Type: Inline - RelativeJump 0x8061FA94-->8061FAC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00148BD5, Type: Inline - PushRet 0x8061FBD5-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00148D59, Type: Inline - RelativeJump 0x8061FD59-->8061FDA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00148D6F, Type: Inline - RelativeJump 0x8061FD6F-->8061FD8E [ntoskrnl.exe]
ntoskrnl.exe+0x00148D78, Type: Inline - RelativeCall 0x8061FD78-->8061FB49 [ntoskrnl.exe]
ntoskrnl.exe+0x00148D88, Type: Inline - RelativeJump 0x8061FD88-->8061FDA1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014913A, Type: Inline - RelativeJump 0x8062013A-->8062014A [ntoskrnl.exe]
ntoskrnl.exe+0x001493AC, Type: Inline - RelativeCall 0x806203AC-->8057010D [ntoskrnl.exe]
ntoskrnl.exe+0x001493B7, Type: Inline - RelativeJump 0x806203B7-->806203D6 [ntoskrnl.exe]
ntoskrnl.exe+0x001495EC, Type: Inline - RelativeJump 0x806205EC-->806205F7 [ntoskrnl.exe]
ntoskrnl.exe+0x001496EC, Type: Inline - RelativeJump 0x806206EC-->806206FE [ntoskrnl.exe]
ntoskrnl.exe+0x00149BC0, Type: Inline - RelativeJump 0x80620BC0-->80620BD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00149BC4, Type: Inline - RelativeJump 0x80620BC4-->80620BCE [ntoskrnl.exe]
ntoskrnl.exe+0x00149CD1, Type: Inline - RelativeCall 0x80620CD1-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00149CFA, Type: Inline - RelativeJump 0x80620CFA-->80620D05 [ntoskrnl.exe]
ntoskrnl.exe+0x00149D7C, Type: Inline - RelativeJump 0x80620D7C-->80620D92 [ntoskrnl.exe]
ntoskrnl.exe+0x00149D80, Type: Inline - RelativeCall 0x80620D80-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00149DC0, Type: Inline - RelativeJump 0x80620DC0-->80620DD9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A2D6, Type: Inline - RelativeCall 0x806212D6-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A5A6, Type: Inline - RelativeJump 0x806215A6-->806215D6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A891, Type: Inline - PushRet 0x80621891-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014A898, Type: Inline - RelativeJump 0x80621898-->80621B7C [ntoskrnl.exe]
ntoskrnl.exe+0x0014A8B0, Type: Inline - RelativeJump 0x806218B0-->806218CC [ntoskrnl.exe]
ntoskrnl.exe+0x0014A952, Type: Inline - RelativeCall 0x80621952-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe+0x0014A9BF, Type: Inline - RelativeJump 0x806219BF-->806219DB [ntoskrnl.exe]
ntoskrnl.exe+0x0014A9E6, Type: Inline - RelativeJump 0x806219E6-->C6EBFA3A [unknown_code_page]
ntoskrnl.exe+0x0014AAD3, Type: Inline - RelativeCall 0x80621AD3-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014AADB, Type: Inline - RelativeJump 0x80621ADB-->80621B7C [ntoskrnl.exe]
ntoskrnl.exe+0x0014ACE8, Type: Inline - RelativeJump 0x80621CE8-->80621D1B [ntoskrnl.exe]
ntoskrnl.exe+0x0014ACFE, Type: Inline - RelativeJump 0x80621CFE-->80621CE0 [ntoskrnl.exe]
ntoskrnl.exe+0x0014AE4D, Type: Inline - PushRet 0x80621E4D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014AE60, Type: Inline - RelativeCall 0x80621E60-->EB3E9464 [unknown_code_page]
ntoskrnl.exe+0x0014AE65, Type: Inline - RelativeJump 0x80621E65-->80621E1D [ntoskrnl.exe]
ntoskrnl.exe+0x0014AFFC, Type: Inline - PushRet 0x80621FFC-->8BD84589 [unknown_code_page]
ntoskrnl.exe+0x0014B0B0, Type: Inline - RelativeJump 0x806220B0-->806220C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B171, Type: Inline - RelativeJump 0x80622171-->8062218F [ntoskrnl.exe]
ntoskrnl.exe+0x0014B221, Type: Inline - RelativeCall 0x80622221-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B23C, Type: Inline - RelativeJump 0x8062223C-->80622257 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B302, Type: Inline - RelativeJump 0x80622302-->80622320 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B314, Type: Inline - RelativeJump 0x80622314-->806222EE [ntoskrnl.exe]
ntoskrnl.exe+0x0014B398, Type: Inline - RelativeJump 0x80622398-->806223AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4A3, Type: Inline - RelativeJump 0x806224A3-->806224BD [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4A6, Type: Inline - PushRet 0x806224A6-->E8057403 [unknown_code_page]
ntoskrnl.exe+0x0014B4B4, Type: Inline - RelativeJump 0x806224B4-->806224C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B4C0, Type: Inline - RelativeJump 0x806224C0-->806224CB [ntoskrnl.exe]
ntoskrnl.exe+0x0014B555, Type: Inline - RelativeJump 0x80622555-->806227AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B611, Type: Inline - RelativeJump 0x80622611-->806227AC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B679, Type: Inline - RelativeJump 0x80622679-->80622693 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B6B6, Type: Inline - RelativeJump 0x806226B6-->806226E3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B6C7, Type: Inline - RelativeJump 0x806226C7-->806226D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B702, Type: Inline - RelativeCall 0x80622702-->80573888 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B908, Type: Inline - RelativeJump 0x80622908-->80622931 [ntoskrnl.exe]
ntoskrnl.exe+0x0014B95A, Type: Inline - RelativeJump 0x8062295A-->8062296F [ntoskrnl.exe]
ntoskrnl.exe+0x0014B9E5, Type: Inline - RelativeCall 0x806229E5-->805352CC [ntoskrnl.exe]
ntoskrnl.exe+0x0014B9F7, Type: Inline - PushRet 0x806229F7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014BB42, Type: Inline - RelativeCall 0x80622B42-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0014BB49, Type: Inline - RelativeCall 0x80622B49-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0014BC6B, Type: Inline - PushRet 0x80622C6B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014C034, Type: Inline - RelativeCall 0x80623034-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C044, Type: Inline - RelativeCall 0x80623044-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C052, Type: Inline - RelativeJump 0x80623052-->8062306C [ntoskrnl.exe]
ntoskrnl.exe+0x0014C0EC, Type: Inline - RelativeCall 0x806230EC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C1E2, Type: Inline - PushRet 0x806231E2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014C3A6, Type: Inline - RelativeJump 0x806233A6-->806233B4 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C45C, Type: Inline - PushRet 0x8062345C-->CCCC0010 [unknown_code_page]
ntoskrnl.exe+0x0014C6BD, Type: Inline - RelativeCall 0x806236BD-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6C5, Type: Inline - RelativeJump 0x806236C5-->806236D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6D1, Type: Inline - RelativeCall 0x806236D1-->804F2DB1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014C6EE, Type: Inline - RelativeJump 0x806236EE-->8062374E [ntoskrnl.exe]
ntoskrnl.exe+0x0014C8AF, Type: Inline - PushRet 0x806238AF-->C2C95E5B [unknown_code_page]
ntoskrnl.exe+0x0014C914, Type: Inline - RelativeJump 0x80623914-->806239B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA58, Type: Inline - RelativeCall 0x80623A58-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA60, Type: Inline - RelativeJump 0x80623A60-->80623BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA70, Type: Inline - RelativeCall 0x80623A70-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA7C, Type: Inline - RelativeJump 0x80623A7C-->80623C02 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CA87, Type: Inline - RelativeJump 0x80623A87-->80623C02 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CB55, Type: Inline - RelativeJump 0x80623B55-->80623AEC [ntoskrnl.exe]
ntoskrnl.exe+0x0014CBA7, Type: Inline - RelativeCall 0x80623BA7-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014CF63, Type: Inline - RelativeJump 0x80623F63-->806243CF [ntoskrnl.exe]
ntoskrnl.exe+0x0014D0A2, Type: Inline - RelativeCall 0x806240A2-->80622ED7 [ntoskrnl.exe]
ntoskrnl.exe+0x0014D737, Type: Inline - PushRet 0x80624737-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0014D904, Type: Inline - RelativeCall 0x80624904-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0014DF94, Type: Inline - RelativeJump 0x80624F94-->806250CA [ntoskrnl.exe]
ntoskrnl.exe+0x0014E20C, Type: Inline - RelativeJump 0x8062520C-->806251EA [ntoskrnl.exe]
ntoskrnl.exe+0x0014E25B, Type: Inline - RelativeJump 0x8062525B-->80625209 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E520, Type: Inline - RelativeJump 0x80625520-->80625526 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E564, Type: Inline - RelativeJump 0x80625564-->80625574 [ntoskrnl.exe]
ntoskrnl.exe+0x0014E5F2, Type: Inline - PushRet 0x806255F2-->F1B80775 [unknown_code_page]
ntoskrnl.exe+0x0014E5FE, Type: Inline - RelativeJump 0x806255FE-->8062561C [ntoskrnl.exe]
ntoskrnl.exe+0x0014E611, Type: Inline - RelativeJump 0x80625611-->8062561F [ntoskrnl.exe]
ntoskrnl.exe+0x0014E6CC, Type: Inline - RelativeJump 0x806256CC-->806256C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0014EAC6, Type: Inline - RelativeCall 0x80625AC6-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F207, Type: Inline - RelativeJump 0x80626207-->80626217 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F283, Type: Inline - RelativeJump 0x80626283-->80626296 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F3A3, Type: Inline - RelativeJump 0x806263A3-->806263CF [ntoskrnl.exe]
ntoskrnl.exe+0x0014F3BE, Type: Inline - RelativeJump 0x806263BE-->806263D3 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F400, Type: Inline - RelativeJump 0x80626400-->806264A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F42F, Type: Inline - RelativeJump 0x8062642F-->80626370 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F434, Type: Inline - RelativeJump 0x80626434-->806263D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0014F6D7, Type: Inline - RelativeJump 0x806266D7-->80626716 [ntoskrnl.exe]
ntoskrnl.exe+0x0014FD00, Type: Inline - RelativeCall 0x80626D00-->80535B3F [ntoskrnl.exe]
ntoskrnl.exe+0x0014FD0B, Type: Inline - RelativeJump 0x80626D0B-->80626D3A [ntoskrnl.exe]
ntoskrnl.exe+0x00150344, Type: Inline - RelativeJump 0x80627344-->80627373 [ntoskrnl.exe]
ntoskrnl.exe+0x0015034F, Type: Inline - RelativeJump 0x8062734F-->80627369 [ntoskrnl.exe]
ntoskrnl.exe+0x00150355, Type: Inline - RelativeJump 0x80627355-->80627353 [ntoskrnl.exe]
ntoskrnl.exe+0x0015037A, Type: Inline - RelativeJump 0x8062737A-->80627398 [ntoskrnl.exe]
ntoskrnl.exe+0x001503EB, Type: Inline - RelativeCall 0x806273EB-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x001505C5, Type: Inline - RelativeJump 0x806275C5-->806275E3 [ntoskrnl.exe]
ntoskrnl.exe+0x00150829, Type: Inline - RelativeCall 0x80627829-->805A1115 [ntoskrnl.exe]
ntoskrnl.exe+0x00150976, Type: Inline - RelativeJump 0x80627976-->80627994 [ntoskrnl.exe]
ntoskrnl.exe+0x001509D5, Type: Inline - RelativeJump 0x806279D5-->806279E4 [ntoskrnl.exe]
ntoskrnl.exe+0x001509E7, Type: Inline - RelativeJump 0x806279E7-->806279F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00150B7B, Type: Inline - RelativeCall 0x80627B7B-->EBC00000 [unknown_code_page]
ntoskrnl.exe+0x00151043, Type: Inline - RelativeCall 0x80628043-->80627F7D [ntoskrnl.exe]
ntoskrnl.exe+0x0015104A, Type: Inline - RelativeJump 0x8062804A-->80628056 [ntoskrnl.exe]
ntoskrnl.exe+0x00151166, Type: Inline - RelativeJump 0x80628166-->80628194 [ntoskrnl.exe]
ntoskrnl.exe+0x0015124B, Type: Inline - RelativeCall 0x8062824B-->805A7B02 [ntoskrnl.exe]
ntoskrnl.exe+0x00151258, Type: Inline - RelativeJump 0x80628258-->80628271 [ntoskrnl.exe]
ntoskrnl.exe+0x001513B7, Type: Inline - RelativeJump 0x806283B7-->806283CC [ntoskrnl.exe]
ntoskrnl.exe+0x001514B4, Type: Inline - DirectCall 0x806284B4-->804D811C [ntoskrnl.exe]
ntoskrnl.exe+0x001514CA, Type: Inline - RelativeJump 0x806284CA-->80628508 [ntoskrnl.exe]
ntoskrnl.exe+0x0015168D, Type: Inline - RelativeJump 0x8062868D-->8062868F [ntoskrnl.exe]
ntoskrnl.exe+0x001516BA, Type: Inline - PushRet 0x806286BA-->90900008 [unknown_code_page]
ntoskrnl.exe+0x00151817, Type: Inline - RelativeJump 0x80628817-->80628823 [ntoskrnl.exe]
ntoskrnl.exe+0x0015183C, Type: Inline - RelativeJump 0x8062883C-->80628846 [ntoskrnl.exe]
ntoskrnl.exe+0x00151848, Type: Inline - RelativeJump 0x80628848-->8062884E [ntoskrnl.exe]
ntoskrnl.exe+0x00151B47, Type: Inline - RelativeCall 0x80628B47-->805A714A [ntoskrnl.exe]
ntoskrnl.exe+0x00151B86, Type: Inline - RelativeCall 0x80628B86-->8062A017 [ntoskrnl.exe]
ntoskrnl.exe+0x00151C76, Type: Inline - RelativeJump 0x80628C76-->80628C80 [ntoskrnl.exe]
ntoskrnl.exe+0x001521C4, Type: Inline - RelativeCall 0x806291C4-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0015222D, Type: Inline - RelativeJump 0x8062922D-->80629236 [ntoskrnl.exe]
ntoskrnl.exe+0x00152416, Type: Inline - RelativeJump 0x80629416-->8062942F [ntoskrnl.exe]
ntoskrnl.exe+0x0015242E, Type: Inline - RelativeJump 0x8062942E-->806293E4 [ntoskrnl.exe]
ntoskrnl.exe+0x00152592, Type: Inline - RelativeJump 0x80629592-->806295C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0015265E, Type: Inline - RelativeJump 0x8062965E-->806296EE [ntoskrnl.exe]
ntoskrnl.exe+0x0015273C, Type: Inline - RelativeJump 0x8062973C-->8062974B [ntoskrnl.exe]
ntoskrnl.exe+0x001527F3, Type: Inline - RelativeJump 0x806297F3-->80629966 [ntoskrnl.exe]
ntoskrnl.exe+0x001529D5, Type: Inline - RelativeJump 0x806299D5-->806299DF [ntoskrnl.exe]
ntoskrnl.exe+0x00152B5D, Type: Inline - RelativeJump 0x80629B5D-->80629B68 [ntoskrnl.exe]
ntoskrnl.exe+0x00152B60, Type: Inline - RelativeJump 0x80629B60-->80629BC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00152B75, Type: Inline - RelativeJump 0x80629B75-->80629B8B [ntoskrnl.exe]
ntoskrnl.exe+0x001530BF, Type: Inline - PushRet 0x8062A0BF-->8AFC45C7 [unknown_code_page]
ntoskrnl.exe+0x00153190, Type: Inline - RelativeCall 0x8062A190-->BC4AE721 [unknown_code_page]
ntoskrnl.exe+0x00153196, Type: Inline - RelativeJump 0x8062A196-->8062A1B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001531A6, Type: Inline - RelativeJump 0x8062A1A6-->8062A18C [ntoskrnl.exe]
ntoskrnl.exe+0x001531B7, Type: Inline - RelativeJump 0x8062A1B7-->8062A187 [ntoskrnl.exe]
ntoskrnl.exe+0x00153220, Type: Inline - RelativeJump 0x8062A220-->8062A236 [ntoskrnl.exe]
ntoskrnl.exe+0x0015322C, Type: Inline - RelativeCall 0x8062A22C-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00153242, Type: Inline - RelativeJump 0x8062A242-->8062A23A [ntoskrnl.exe]
ntoskrnl.exe+0x001534F0, Type: Inline - RelativeJump 0x8062A4F0-->8062A503 [ntoskrnl.exe]
ntoskrnl.exe+0x0015378C, Type: Inline - RelativeJump 0x8062A78C-->8062A7F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00153828, Type: Inline - RelativeJump 0x8062A828-->8062A840 [ntoskrnl.exe]
ntoskrnl.exe+0x001538A2, Type: Inline - RelativeJump 0x8062A8A2-->8062A8C0 [ntoskrnl.exe]
ntoskrnl.exe+0x001538B7, Type: Inline - RelativeJump 0x8062A8B7-->8062A8C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001539B3, Type: Inline - RelativeJump 0x8062A9B3-->8062A9C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001539BE, Type: Inline - PushRet 0x8062A9BE-->CCCC0014 [unknown_code_page]
ntoskrnl.exe+0x00153A5A, Type: Inline - RelativeJump 0x8062AA5A-->8062AA70 [ntoskrnl.exe]
ntoskrnl.exe+0x00153A68, Type: Inline - RelativeJump 0x8062AA68-->8062AA86 [ntoskrnl.exe]
ntoskrnl.exe+0x00153B4F, Type: Inline - RelativeJump 0x8062AB4F-->8062AAC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00153D70, Type: Inline - RelativeJump 0x8062AD70-->8062ADA0 [ntoskrnl.exe]
ntoskrnl.exe+0x00153E01, Type: Inline - RelativeJump 0x8062AE01-->8062AE17 [ntoskrnl.exe]
ntoskrnl.exe+0x00153F40, Type: Inline - RelativeCall 0x8062AF40-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00153F6C, Type: Inline - RelativeJump 0x8062AF6C-->8062AFD4 [ntoskrnl.exe]
ntoskrnl.exe+0x00154080, Type: Inline - RelativeCall 0x8062B080-->804E310E [ntoskrnl.exe]
ntoskrnl.exe+0x00154368, Type: Inline - RelativeJump 0x8062B368-->8062B386 [ntoskrnl.exe]
ntoskrnl.exe+0x0015469C, Type: Inline - RelativeJump 0x8062B69C-->E4458BFF [unknown_code_page]
ntoskrnl.exe+0x00154A9F, Type: Inline - RelativeJump 0x8062BA9F-->8062BAB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00154C13, Type: Inline - RelativeJump 0x8062BC13-->8062BB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00154C5F, Type: Inline - RelativeJump 0x8062BC5F-->8062BC78 [ntoskrnl.exe]
ntoskrnl.exe+0x00154EA0, Type: Inline - PushRet 0x8062BEA0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00154F1E, Type: Inline - RelativeJump 0x8062BF1E-->8062BF2C [ntoskrnl.exe]
ntoskrnl.exe+0x001552FF, Type: Inline - RelativeJump 0x8062C2FF-->8062C3AF [ntoskrnl.exe]
ntoskrnl.exe+0x0015566C, Type: Inline - RelativeJump 0x8062C66C-->8062C6C8 [ntoskrnl.exe]
ntoskrnl.exe+0x00155724, Type: Inline - RelativeCall 0x8062C724-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe+0x001559F3, Type: Inline - RelativeCall 0x8062C9F3-->804EA1F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00155A5E, Type: Inline - RelativeCall 0x8062CA5E-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00155A68, Type: Inline - RelativeJump 0x8062CA68-->8062CA7C [ntoskrnl.exe]
ntoskrnl.exe+0x00155A73, Type: Inline - RelativeJump 0x8062CA73-->8062CB66 [ntoskrnl.exe]
ntoskrnl.exe+0x00155CC7, Type: Inline - RelativeJump 0x8062CCC7-->8062CD0A [ntoskrnl.exe]
ntoskrnl.exe+0x00155DF8, Type: Inline - RelativeCall 0x8062CDF8-->80550010 [ntoskrnl.exe]
ntoskrnl.exe+0x00155E06, Type: Inline - PushRet 0x8062CE06-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00155ED1, Type: Inline - DirectCall 0x8062CED1-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00155EDB, Type: Inline - RelativeJump 0x8062CEDB-->8062CEE2 [ntoskrnl.exe]
ntoskrnl.exe+0x00155F41, Type: Inline - RelativeJump 0x8062CF41-->8062CF4F [ntoskrnl.exe]
ntoskrnl.exe+0x001561D9, Type: Inline - RelativeCall 0x8062D1D9-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe+0x001561E2, Type: Inline - RelativeJump 0x8062D1E2-->8062D1F3 [ntoskrnl.exe]
ntoskrnl.exe+0x00156331, Type: Inline - RelativeJump 0x8062D331-->8062D38D [ntoskrnl.exe]
ntoskrnl.exe+0x00156511, Type: Inline - PushRet 0x8062D511-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0015680E, Type: Inline - RelativeCall 0x8062D80E-->805F2596 [ntoskrnl.exe]
ntoskrnl.exe+0x00156814, Type: Inline - RelativeCall 0x8062D814-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0015681C, Type: Inline - PushRet 0x8062D81C-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00156A4F, Type: Inline - RelativeCall 0x8062DA4F-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00156A54, Type: Inline - RelativeJump 0x8062DA54-->8062DA7A [ntoskrnl.exe]
ntoskrnl.exe+0x00156F37, Type: Inline - RelativeJump 0x8062DF37-->8062DF4B [ntoskrnl.exe]
ntoskrnl.exe+0x00157002, Type: Inline - RelativeJump 0x8062E002-->8062E081 [ntoskrnl.exe]
ntoskrnl.exe+0x00157012, Type: Inline - RelativeJump 0x8062E012-->8062E023 [ntoskrnl.exe]
ntoskrnl.exe+0x001571E2, Type: Inline - RelativeJump 0x8062E1E2-->8062E1C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0015752B, Type: Inline - RelativeJump 0x8062E52B-->8062E6FF [ntoskrnl.exe]
ntoskrnl.exe+0x001575E3, Type: Inline - RelativeJump 0x8062E5E3-->8062E60C [ntoskrnl.exe]
ntoskrnl.exe+0x00157753, Type: Inline - RelativeJump 0x8062E753-->8062E703 [ntoskrnl.exe]
ntoskrnl.exe+0x001577C7, Type: Inline - RelativeCall 0x8062E7C7-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x001577D4, Type: Inline - RelativeJump 0x8062E7D4-->8062E7E2 [ntoskrnl.exe]
ntoskrnl.exe+0x0015782F, Type: Inline - RelativeJump 0x8062E82F-->8062E83D [ntoskrnl.exe]
ntoskrnl.exe+0x0015783C, Type: Inline - RelativeJump 0x8062E83C-->8062EB0A [ntoskrnl.exe]
ntoskrnl.exe+0x00157843, Type: Inline - RelativeJump 0x8062E843-->8062E862 [ntoskrnl.exe]
ntoskrnl.exe+0x0015784A, Type: Inline - RelativeCall 0x8062E84A-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe+0x00157863, Type: Inline - DirectCall 0x8062E863-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00157929, Type: Inline - RelativeJump 0x8062E929-->8062E940 [ntoskrnl.exe]
ntoskrnl.exe+0x00157A80, Type: Inline - RelativeCall 0x8062EA80-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00157A86, Type: Inline - PushRet 0x8062EA86-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00157C62, Type: Inline - RelativeJump 0x8062EC62-->8062ECFC [ntoskrnl.exe]
ntoskrnl.exe+0x00157CD6, Type: Inline - RelativeCall 0x8062ECD6-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00157CE1, Type: Inline - PushRet 0x8062ECE1-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00157D09, Type: Inline - RelativeJump 0x8062ED09-->8062ED5B [ntoskrnl.exe]
ntoskrnl.exe+0x00157DA8, Type: Inline - DirectCall 0x8062EDA8-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00157DFE, Type: Inline - RelativeJump 0x8062EDFE-->8062EE9B [ntoskrnl.exe]
ntoskrnl.exe+0x00157E47, Type: Inline - RelativeJump 0x8062EE47-->8062EE7E [ntoskrnl.exe]
ntoskrnl.exe+0x00157EF2, Type: Inline - RelativeJump 0x8062EEF2-->8062EF3F [ntoskrnl.exe]
ntoskrnl.exe+0x00157F9E, Type: Inline - RelativeJump 0x8062EF9E-->8062EFAC [ntoskrnl.exe]
ntoskrnl.exe+0x00157FB4, Type: Inline - PushRet 0x8062EFB4-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00158142, Type: Inline - DirectCall 0x8062F142-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x001583F1, Type: Inline - RelativeCall 0x8062F3F1-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00158409, Type: Inline - PushRet 0x8062F409-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00158485, Type: Inline - RelativeJump 0x8062F485-->8062F48C [ntoskrnl.exe]
ntoskrnl.exe+0x001586E7, Type: Inline - PushRet 0x8062F6E7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00158B99, Type: Inline - RelativeJump 0x8062FB99-->8062FBAB [ntoskrnl.exe]
ntoskrnl.exe+0x00158E10, Type: Inline - RelativeJump 0x8062FE10-->8062FFBE [ntoskrnl.exe]
ntoskrnl.exe+0x00158F11, Type: Inline - RelativeCall 0x8062FF11-->8062C7E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00159084, Type: Inline - RelativeCall 0x80630084-->8062F72F [ntoskrnl.exe]
ntoskrnl.exe+0x0015908F, Type: Inline - RelativeJump 0x8063008F-->8063061C [ntoskrnl.exe]
ntoskrnl.exe+0x0015909A, Type: Inline - RelativeJump 0x8063009A-->80630615 [ntoskrnl.exe]
ntoskrnl.exe+0x00159128, Type: Inline - RelativeCall 0x80630128-->908A49AD [unknown_code_page]
ntoskrnl.exe+0x0015916A, Type: Inline - RelativeJump 0x8063016A-->806301A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0015926A, Type: Inline - RelativeJump 0x8063026A-->80630259 [ntoskrnl.exe]
ntoskrnl.exe+0x001592D1, Type: Inline - RelativeCall 0x806302D1-->8053CDD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00159653, Type: Inline - RelativeCall 0x80630653-->8054020F [ntoskrnl.exe]
ntoskrnl.exe+0x001599EF, Type: Inline - RelativeJump 0x806309EF-->80630A2B [ntoskrnl.exe]
ntoskrnl.exe+0x00159D12, Type: Inline - RelativeJump 0x80630D12-->80630D2B [ntoskrnl.exe]
ntoskrnl.exe+0x00159EDC, Type: Inline - RelativeJump 0x80630EDC-->80630EF4 [ntoskrnl.exe]
ntoskrnl.exe+0x00159FB1, Type: Inline - RelativeJump 0x80630FB1-->80630FDA [ntoskrnl.exe]
ntoskrnl.exe+0x00159FED, Type: Inline - RelativeJump 0x80630FED-->80631003 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A054, Type: Inline - PushRet 0x80631054-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x0015A0B8, Type: Inline - RelativeCall 0x806310B8-->804F4295 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A211, Type: Inline - RelativeJump 0x80631211-->80631244 [ntoskrnl.exe]
ntoskrnl.exe+0x0015A9ED, Type: Inline - RelativeCall 0x806319ED-->80631904 [ntoskrnl.exe]
ntoskrnl.exe+0x0015AAC3, Type: Inline - RelativeJump 0x80631AC3-->80631BDC [ntoskrnl.exe]
ntoskrnl.exe+0x0015AAD1, Type: Inline - RelativeJump 0x80631AD1-->80631AEB [ntoskrnl.exe]
ntoskrnl.exe+0x0015AE2B, Type: Inline - RelativeJump 0x80631E2B-->80631E57 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B092, Type: Inline - RelativeCall 0x80632092-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B2F4, Type: Inline - RelativeCall 0x806322F4-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0015B926, Type: Inline - RelativeCall 0x80632926-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0015B930, Type: Inline - PushRet 0x80632930-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0015B96A, Type: Inline - RelativeJump 0x8063296A-->80632974 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C011, Type: Inline - RelativeJump 0x80633011-->80633027 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C0C6, Type: Inline - RelativeJump 0x806330C6-->806330DA [ntoskrnl.exe]
ntoskrnl.exe+0x0015C0D7, Type: Inline - RelativeCall 0x806330D7-->8050795F [ntoskrnl.exe]
ntoskrnl.exe+0x0015C183, Type: Inline - RelativeCall 0x80633183-->805D9E44 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C190, Type: Inline - RelativeCall 0x80633190-->805D9AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C307, Type: Inline - RelativeJump 0x80633307-->80633361 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C351, Type: Inline - RelativeJump 0x80633351-->80633368 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C3FA, Type: Inline - RelativeJump 0x806333FA-->80633414 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C65F, Type: Inline - RelativeJump 0x8063365F-->80633677 [ntoskrnl.exe]
ntoskrnl.exe+0x0015C926, Type: Inline - RelativeJump 0x80633926-->8063392E [ntoskrnl.exe]
ntoskrnl.exe+0x0015CAEA, Type: Inline - RelativeCall 0x80633AEA-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0015CAF4, Type: Inline - PushRet 0x80633AF4-->90CC0004 [unknown_code_page]
ntoskrnl.exe+0x0015CB8F, Type: Inline - RelativeJump 0x80633B8F-->80633B99 [ntoskrnl.exe]
ntoskrnl.exe+0x0015CBD4, Type: Inline - RelativeCall 0x80633BD4-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0015CD3F, Type: Inline - RelativeJump 0x80633D3F-->80633D5E [ntoskrnl.exe]
ntoskrnl.exe+0x0015CE25, Type: Inline - PushRet 0x80633E25-->E8016AD0 [unknown_code_page]
ntoskrnl.exe+0x0015D059, Type: Inline - RelativeCall 0x80634059-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D0CD, Type: Inline - RelativeCall 0x806340CD-->81CD93D5 [unknown_code_page]
ntoskrnl.exe+0x0015D0D5, Type: Inline - RelativeJump 0x806340D5-->80634114 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D3DC, Type: Inline - RelativeJump 0x806343DC-->806343D5 [ntoskrnl.exe]
ntoskrnl.exe+0x0015D622, Type: Inline - RelativeJump 0x80634622-->8063466E [ntoskrnl.exe]
ntoskrnl.exe+0x0015D696, Type: Inline - RelativeJump 0x80634696-->806346AF [ntoskrnl.exe]
ntoskrnl.exe+0x0015D6AF, Type: Inline - RelativeJump 0x806346AF-->806346A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC2F, Type: Inline - RelativeCall 0x80634C2F-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC34, Type: Inline - RelativeJump 0x80634C34-->80634E24 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DC40, Type: Inline - RelativeCall 0x80634C40-->804E5C6E [ntoskrnl.exe]
ntoskrnl.exe+0x0015DCE1, Type: Inline - RelativeCall 0x80634CE1-->80634B17 [ntoskrnl.exe]
ntoskrnl.exe+0x0015DD35, Type: Inline - RelativeJump 0x80634D35-->80634D49 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E0A9, Type: Inline - RelativeJump 0x806350A9-->8063509B [ntoskrnl.exe]
ntoskrnl.exe+0x0015E51B, Type: Inline - RelativeJump 0x8063551B-->8063552C [ntoskrnl.exe]
ntoskrnl.exe+0x0015E582, Type: Inline - RelativeJump 0x80635582-->80635590 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E603, Type: Inline - RelativeCall 0x80635603-->8064CBE3 [ntoskrnl.exe]
ntoskrnl.exe+0x0015E95F, Type: Inline - PushRet 0x8063595F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0015E976, Type: Inline - RelativeJump 0x80635976-->80635A12 [ntoskrnl.exe]
ntoskrnl.exe+0x0015EB05, Type: Inline - RelativeJump 0x80635B05-->80635B28 [ntoskrnl.exe]
ntoskrnl.exe+0x0015ECDB, Type: Inline - PushRet 0x80635CDB-->EABC4FE8 [unknown_code_page]
ntoskrnl.exe+0x0015ED25, Type: Inline - PushRet 0x80635D25-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0015F104, Type: Inline - RelativeCall 0x80636104-->80590F69 [ntoskrnl.exe]
ntoskrnl.exe+0x0015F113, Type: Inline - RelativeJump 0x80636113-->8063625F [ntoskrnl.exe]
ntoskrnl.exe+0x0015F1C9, Type: Inline - RelativeJump 0x806361C9-->80636262 [ntoskrnl.exe]
ntoskrnl.exe+0x0015F52F, Type: Inline - RelativeJump 0x8063652F-->80636549 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FAD2, Type: Inline - RelativeCall 0x80636AD2-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FAD8, Type: Inline - RelativeJump 0x80636AD8-->80636C7F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FC58, Type: Inline - RelativeJump 0x80636C58-->80636C36 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD3C, Type: Inline - RelativeCall 0x80636D3C-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD4A, Type: Inline - RelativeJump 0x80636D4A-->80636E3B [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD52, Type: Inline - RelativeJump 0x80636D52-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD64, Type: Inline - RelativeJump 0x80636D64-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD6D, Type: Inline - RelativeJump 0x80636D6D-->80636D90 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FD78, Type: Inline - RelativeJump 0x80636D78-->80636D88 [ntoskrnl.exe]
ntoskrnl.exe+0x0015FDF6, Type: Inline - RelativeJump 0x80636DF6-->80636E0F [ntoskrnl.exe]
ntoskrnl.exe+0x0015FE05, Type: Inline - RelativeJump 0x80636E05-->80636E0E [ntoskrnl.exe]
ntoskrnl.exe+0x00160097, Type: Inline - RelativeJump 0x80637097-->806370A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001600EA, Type: Inline - RelativeCall 0x806370EA-->8054D3D1 [ntoskrnl.exe]
ntoskrnl.exe+0x001601BB, Type: Inline - RelativeJump 0x806371BB-->80637242 [ntoskrnl.exe]
ntoskrnl.exe+0x0016055F, Type: Inline - RelativeJump 0x8063755F-->80637583 [ntoskrnl.exe]
ntoskrnl.exe+0x001607BF, Type: Inline - PushRet 0x806377BF-->8BED75F6 [unknown_code_page]
ntoskrnl.exe+0x001607C0, Type: Inline - RelativeCall 0x806377C0-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x001607C5, Type: Inline - RelativeJump 0x806377C5-->806377D3 [ntoskrnl.exe]
ntoskrnl.exe+0x00160B4D, Type: Inline - RelativeJump 0x80637B4D-->80637B55 [ntoskrnl.exe]
ntoskrnl.exe+0x00160CDC, Type: Inline - RelativeJump 0x80637CDC-->80637D15 [ntoskrnl.exe]
ntoskrnl.exe+0x00160D4E, Type: Inline - RelativeCall 0x80637D4E-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00160D56, Type: Inline - PushRet 0x80637D56-->9090000C [unknown_code_page]
ntoskrnl.exe+0x00160E08, Type: Inline - DirectCall 0x80637E08-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x00160EEE, Type: Inline - RelativeJump 0x80637EEE-->80637F15 [ntoskrnl.exe]
ntoskrnl.exe+0x00160FF8, Type: Inline - RelativeJump 0x80637FF8-->8063800D [ntoskrnl.exe]
ntoskrnl.exe+0x0016139D, Type: Inline - RelativeJump 0x8063839D-->FF006AFF [unknown_code_page]
ntoskrnl.exe+0x001613A6, Type: Inline - RelativeCall 0x806383A6-->806382BF [ntoskrnl.exe]
ntoskrnl.exe+0x001613AC, Type: Inline - RelativeCall 0x806383AC-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x00161591, Type: Inline - PushRet 0x80638591-->CC900014 [unknown_code_page]
ntoskrnl.exe+0x001615D4, Type: Inline - RelativeCall 0x806385D4-->80505760 [ntoskrnl.exe]
ntoskrnl.exe+0x0016187D, Type: Inline - RelativeJump 0x8063887D-->80638893 [ntoskrnl.exe]
ntoskrnl.exe+0x00161C43, Type: Inline - RelativeJump 0x80638C43-->80638CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00161C5C, Type: Inline - RelativeJump 0x80638C5C-->80638C83 [ntoskrnl.exe]
ntoskrnl.exe+0x00161CEE, Type: Inline - RelativeJump 0x80638CEE-->80638C64 [ntoskrnl.exe]
ntoskrnl.exe+0x00161D0B, Type: Inline - RelativeCall 0x80638D0B-->B96C4F94 [unknown_code_page]
ntoskrnl.exe+0x00161D11, Type: Inline - RelativeJump 0x80638D11-->80638CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00161D1C, Type: Inline - RelativeJump 0x80638D1C-->80638B76 [ntoskrnl.exe]
ntoskrnl.exe+0x00161F07, Type: Inline - RelativeJump 0x80638F07-->80638F19 [ntoskrnl.exe]
ntoskrnl.exe+0x00162513, Type: Inline - RelativeJump 0x80639513-->80639505 [ntoskrnl.exe]
ntoskrnl.exe+0x00162847, Type: Inline - RelativeJump 0x80639847-->80639952 [ntoskrnl.exe]
ntoskrnl.exe+0x00162853, Type: Inline - RelativeJump 0x80639853-->8063917F [ntoskrnl.exe]
ntoskrnl.exe+0x00162858, Type: Inline - RelativeJump 0x80639858-->80639952 [ntoskrnl.exe]
ntoskrnl.exe+0x00162908, Type: Inline - RelativeJump 0x80639908-->80639933 [ntoskrnl.exe]
ntoskrnl.exe+0x0016293A, Type: Inline - RelativeJump 0x8063993A-->80639879 [ntoskrnl.exe]
ntoskrnl.exe+0x00162ED6, Type: Inline - RelativeCall 0x80639ED6-->88A92C2B [unknown_code_page]
ntoskrnl.exe+0x00163158, Type: Inline - RelativeCall 0x8063A158-->8056F21C [ntoskrnl.exe]
ntoskrnl.exe+0x00163163, Type: Inline - RelativeJump 0x8063A163-->8063A175 [ntoskrnl.exe]
ntoskrnl.exe+0x0016348C, Type: Inline - RelativeJump 0x8063A48C-->8063A513 [ntoskrnl.exe]
ntoskrnl.exe+0x0016361C, Type: Inline - RelativeCall 0x8063A61C-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163B14, Type: Inline - RelativeJump 0x8063AB14-->8063ACD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163B96, Type: Inline - RelativeJump 0x8063AB96-->8063ABA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00163BEC, Type: Inline - RelativeJump 0x8063ABEC-->8063AC12 [ntoskrnl.exe]
ntoskrnl.exe+0x00163C58, Type: Inline - RelativeJump 0x8063AC58-->8063ACD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00163D5A, Type: Inline - RelativeJump 0x8063AD5A-->8063ACD3 [ntoskrnl.exe]
ntoskrnl.exe+0x00163D68, Type: Inline - RelativeJump 0x8063AD68-->8063AD9C [ntoskrnl.exe]
ntoskrnl.exe+0x00163DC7, Type: Inline - RelativeJump 0x8063ADC7-->8063ADA9 [ntoskrnl.exe]
ntoskrnl.exe+0x00163E65, Type: Inline - RelativeJump 0x8063AE65-->8063AE6A [ntoskrnl.exe]
ntoskrnl.exe+0x00163F1D, Type: Inline - RelativeJump 0x8063AF1D-->8063AF05 [ntoskrnl.exe]
ntoskrnl.exe+0x00163F61, Type: Inline - PushRet 0x8063AF61-->F0C5048D [unknown_code_page]
ntoskrnl.exe+0x00163F62, Type: Inline - RelativeCall 0x8063AF62-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe+0x001640C5, Type: Inline - RelativeJump 0x8063B0C5-->8063B0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0016467A, Type: Inline - RelativeJump 0x8063B67A-->8063B753 [ntoskrnl.exe]
ntoskrnl.exe+0x0016467F, Type: Inline - RelativeJump 0x8063B67F-->8063B74B [ntoskrnl.exe]
ntoskrnl.exe+0x0016468A, Type: Inline - RelativeJump 0x8063B68A-->8063B6BE [ntoskrnl.exe]
ntoskrnl.exe+0x00164AEC, Type: Inline - RelativeJump 0x8063BAEC-->8063BAB4 [ntoskrnl.exe]
ntoskrnl.exe+0x00164AFB, Type: Inline - RelativeJump 0x8063BAFB-->8063BAC0 [ntoskrnl.exe]
ntoskrnl.exe+0x00164B44, Type: Inline - RelativeJump 0x8063BB44-->8063BB74 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C5E, Type: Inline - RelativeJump 0x8063BC5E-->8063BAB3 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C6C, Type: Inline - RelativeJump 0x8063BC6C-->8063BC08 [ntoskrnl.exe]
ntoskrnl.exe+0x00164C7E, Type: Inline - RelativeJump 0x8063BC7E-->8063BC8B [ntoskrnl.exe]
ntoskrnl.exe+0x00164D26, Type: Inline - RelativeCall 0x8063BD26-->805D2201 [ntoskrnl.exe]
ntoskrnl.exe+0x00164D3A, Type: Inline - RelativeJump 0x8063BD3A-->8063BD55 [ntoskrnl.exe]
ntoskrnl.exe+0x00164D85, Type: Inline - RelativeJump 0x8063BD85-->8063BDA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00164EB4, Type: Inline - RelativeJump 0x8063BEB4-->8063BECE [ntoskrnl.exe]
ntoskrnl.exe+0x00165171, Type: Inline - PushRet 0x8063C171-->90900008 [unknown_code_page]
ntoskrnl.exe+0x001653EE, Type: Inline - RelativeJump 0x8063C3EE-->8063C411 [ntoskrnl.exe]
ntoskrnl.exe+0x00165503, Type: Inline - RelativeJump 0x8063C503-->8063C523 [ntoskrnl.exe]
ntoskrnl.exe+0x00165513, Type: Inline - RelativeJump 0x8063C513-->8063C5B3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016558C, Type: Inline - RelativeJump 0x8063C58C-->8063C5BE [ntoskrnl.exe]
ntoskrnl.exe+0x001659C1, Type: Inline - RelativeCall 0x8063C9C1-->BC72B4FD [unknown_code_page]
ntoskrnl.exe+0x001659C6, Type: Inline - RelativeJump 0x8063C9C6-->8063C9F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00165A0B, Type: Inline - PushRet 0x8063CA0B-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00165A1A, Type: Inline - RelativeCall 0x8063CA1A-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00165A2C, Type: Inline - PushRet 0x8063CA2C-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x00165B77, Type: Inline - RelativeJump 0x8063CB77-->8063CB65 [ntoskrnl.exe]
ntoskrnl.exe+0x00165C18, Type: Inline - PushRet 0x8063CC18-->CC900010 [unknown_code_page]
ntoskrnl.exe+0x00165CEF, Type: Inline - DirectJump 0x8063CCEF-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00166106, Type: Inline - RelativeCall 0x8063D106-->805B61D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016610C, Type: Inline - RelativeCall 0x8063D10C-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00166237, Type: Inline - RelativeJump 0x8063D237-->8063D251 [ntoskrnl.exe]
ntoskrnl.exe+0x0016623C, Type: Inline - DirectCall 0x8063D23C-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00166246, Type: Inline - RelativeJump 0x8063D246-->8063D251 [ntoskrnl.exe]
ntoskrnl.exe+0x001663EC, Type: Inline - RelativeJump 0x8063D3EC-->8063D406 [ntoskrnl.exe]
ntoskrnl.exe+0x00166566, Type: Inline - PushRet 0x8063D566-->CC900014 [unknown_code_page]
ntoskrnl.exe+0x001665D6, Type: Inline - RelativeJump 0x8063D5D6-->8063D5DE [ntoskrnl.exe]
ntoskrnl.exe+0x0016663A, Type: Inline - RelativeCall 0x8063D63A-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe+0x00166645, Type: Inline - RelativeJump 0x8063D645-->8063D651 [ntoskrnl.exe]
ntoskrnl.exe+0x001666C6, Type: Inline - RelativeCall 0x8063D6C6-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x001666D7, Type: Inline - PushRet 0x8063D6D7-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00166B00, Type: Inline - RelativeJump 0x8063DB00-->8063DB06 [ntoskrnl.exe]
ntoskrnl.exe+0x00166B12, Type: Inline - RelativeJump 0x8063DB12-->8063DB18 [ntoskrnl.exe]
ntoskrnl.exe+0x00166E01, Type: Inline - RelativeJump 0x8063DE01-->8063DD27 [ntoskrnl.exe]
ntoskrnl.exe+0x00166EED, Type: Inline - RelativeJump 0x8063DEED-->8063DEF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016702C, Type: Inline - RelativeJump 0x8063E02C-->8063E041 [ntoskrnl.exe]
ntoskrnl.exe+0x00167318, Type: Inline - RelativeJump 0x8063E318-->8063E4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00167326, Type: Inline - RelativeJump 0x8063E326-->8063E4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00167360, Type: Inline - RelativeJump 0x8063E360-->8063E4D8 [ntoskrnl.exe]
ntoskrnl.exe+0x0016738C, Type: Inline - RelativeJump 0x8063E38C-->8063E497 [ntoskrnl.exe]
ntoskrnl.exe+0x00167478, Type: Inline - RelativeCall 0x8063E478-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016795B, Type: Inline - RelativeCall 0x8063E95B-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe+0x00167963, Type: Inline - RelativeJump 0x8063E963-->8063E9F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00167AEB, Type: Inline - RelativeJump 0x8063EAEB-->8063EC41 [ntoskrnl.exe]
ntoskrnl.exe+0x00167F15, Type: Inline - RelativeJump 0x8063EF15-->8063EF1B [ntoskrnl.exe]
ntoskrnl.exe+0x00168003, Type: Inline - RelativeJump 0x8063F003-->8063F023 [ntoskrnl.exe]
ntoskrnl.exe+0x0016800E, Type: Inline - RelativeJump 0x8063F00E-->8063F023 [ntoskrnl.exe]
ntoskrnl.exe+0x00168035, Type: Inline - RelativeCall 0x8063F035-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0016810A, Type: Inline - RelativeJump 0x8063F10A-->8063F1E5 [ntoskrnl.exe]
ntoskrnl.exe+0x001684F1, Type: Inline - RelativeCall 0x8063F4F1-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x001684F6, Type: Inline - PushRet 0x8063F4F6-->90909090 [unknown_code_page]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:50 pm


ntoskrnl.exe+0x001686F5, Type: Inline - RelativeCall 0x8063F6F5-->8056FE2C [ntoskrnl.exe]
ntoskrnl.exe+0x001687DD, Type: Inline - RelativeJump 0x8063F7DD-->8063F7EF [ntoskrnl.exe]
ntoskrnl.exe+0x00168875, Type: Inline - RelativeJump 0x8063F875-->8063F8B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016889E, Type: Inline - RelativeJump 0x8063F89E-->8063FA0B [ntoskrnl.exe]
ntoskrnl.exe+0x00168910, Type: Inline - RelativeJump 0x8063F910-->8063F8DE [ntoskrnl.exe]
ntoskrnl.exe+0x0016892F, Type: Inline - RelativeJump 0x8063F92F-->8063F905 [ntoskrnl.exe]
ntoskrnl.exe+0x001689E9, Type: Inline - RelativeCall 0x8063F9E9-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x001689F5, Type: Inline - RelativeJump 0x8063F9F5-->8063FA0C [ntoskrnl.exe]
ntoskrnl.exe+0x00168A01, Type: Inline - RelativeJump 0x8063FA01-->8063F9E7 [ntoskrnl.exe]
ntoskrnl.exe+0x00168A0F, Type: Inline - RelativeJump 0x8063FA0F-->8063FB7A [ntoskrnl.exe]
ntoskrnl.exe+0x00168A16, Type: Inline - RelativeJump 0x8063FA16-->8063FA7D [ntoskrnl.exe]
ntoskrnl.exe+0x00168A70, Type: Inline - RelativeJump 0x8063FA70-->8063FA80 [ntoskrnl.exe]
ntoskrnl.exe+0x00168E5A, Type: Inline - PushRet 0x8063FE5A-->CCCC000C [unknown_code_page]
ntoskrnl.exe+0x00169014, Type: Inline - RelativeJump 0x80640014-->8064003A [ntoskrnl.exe]
ntoskrnl.exe+0x00169094, Type: Inline - PushRet 0x80640094-->CCCC0024 [unknown_code_page]
ntoskrnl.exe+0x001697E0, Type: Inline - RelativeCall 0x806407E0-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x00169813, Type: Inline - RelativeCall 0x80640813-->80590EF2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016A021, Type: Inline - RelativeJump 0x80641021-->8064101F [ntoskrnl.exe]
ntoskrnl.exe+0x0016A14A, Type: Inline - RelativeJump 0x8064114A-->8064114A [ntoskrnl.exe]
ntoskrnl.exe+0x0016A34C, Type: Inline - RelativeCall 0x8064134C-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0016A351, Type: Inline - RelativeJump 0x80641351-->8064135F [ntoskrnl.exe]
ntoskrnl.exe+0x0016AA78, Type: Inline - RelativeCall 0x80641A78-->80573991 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AA7D, Type: Inline - RelativeJump 0x80641A7D-->80641A8B [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB24, Type: Inline - RelativeJump 0x80641B24-->80641BF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB2C, Type: Inline - RelativeJump 0x80641B2C-->80641BF7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB42, Type: Inline - RelativeJump 0x80641B42-->80641BF6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AB48, Type: Inline - RelativeJump 0x80641B48-->80641B5B [ntoskrnl.exe]
ntoskrnl.exe+0x0016AF13, Type: Inline - RelativeJump 0x80641F13-->80641F49 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AFD3, Type: Inline - RelativeJump 0x80641FD3-->80641FE9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016AFDA, Type: Inline - RelativeJump 0x80641FDA-->80641FEF [ntoskrnl.exe]
ntoskrnl.exe+0x0016B1F7, Type: Inline - RelativeJump 0x806421F7-->80642229 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B20D, Type: Inline - RelativeJump 0x8064220D-->8064221F [ntoskrnl.exe]
ntoskrnl.exe+0x0016B768, Type: Inline - RelativeCall 0x80642768-->80642618 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B773, Type: Inline - RelativeJump 0x80642773-->80642790 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B77A, Type: Inline - RelativeCall 0x8064277A-->806426C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016B7A0, Type: Inline - RelativeJump 0x806427A0-->806427B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BA94, Type: Inline - RelativeJump 0x80642A94-->80642A9C [ntoskrnl.exe]
ntoskrnl.exe+0x0016BABE, Type: Inline - RelativeJump 0x80642ABE-->80642B5A [ntoskrnl.exe]
ntoskrnl.exe+0x0016BB54, Type: Inline - RelativeJump 0x80642B54-->80642B63 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BB9F, Type: Inline - RelativeJump 0x80642B9F-->80642A13 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BCD0, Type: Inline - RelativeJump 0x80642CD0-->80642D78 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BD5C, Type: Inline - RelativeJump 0x80642D5C-->80642D75 [ntoskrnl.exe]
ntoskrnl.exe+0x0016BF03, Type: Inline - RelativeJump 0x80642F03-->80642E9A [ntoskrnl.exe]
ntoskrnl.exe+0x0016C171, Type: Inline - RelativeCall 0x80643171-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C3A0, Type: Inline - RelativeJump 0x806433A0-->806433B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C3B7, Type: Inline - PushRet 0x806433B7-->8BA5F3FA [unknown_code_page]
ntoskrnl.exe+0x0016C4B6, Type: Inline - RelativeCall 0x806434B6-->8053769F [ntoskrnl.exe]
ntoskrnl.exe+0x0016C4BC, Type: Inline - RelativeJump 0x806434BC-->806434D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016C8E4, Type: Inline - RelativeCall 0x806438E4-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0016C8F9, Type: Inline - PushRet 0x806438F9-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0016C999, Type: Inline - RelativeJump 0x80643999-->8068FCA1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016CA78, Type: Inline - PushRet 0x80643A78-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CBCD, Type: Inline - RelativeCall 0x80643BCD-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0016CC54, Type: Inline - RelativeJump 0x80643C54-->80643C64 [ntoskrnl.exe]
ntoskrnl.exe+0x0016CD54, Type: Inline - PushRet 0x80643D54-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CE40, Type: Inline - PushRet 0x80643E40-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016CFF2, Type: Inline - PushRet 0x80643FF2-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016D27F, Type: Inline - RelativeJump 0x8064427F-->806442B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016DD8A, Type: Inline - RelativeJump 0x80644D8A-->80644D7C [ntoskrnl.exe]
ntoskrnl.exe+0x0016DEEA, Type: Inline - RelativeJump 0x80644EEA-->80644EE7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016DF1D, Type: Inline - RelativeJump 0x80644F1D-->80644EAE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E082, Type: Inline - RelativeJump 0x80645082-->806450A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E203, Type: Inline - RelativeCall 0x80645203-->80644A0E [ntoskrnl.exe]
ntoskrnl.exe+0x0016E39E, Type: Inline - RelativeJump 0x8064539E-->806453B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E4F5, Type: Inline - RelativeCall 0x806454F5-->80546FFE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E500, Type: Inline - PushRet 0x80645500-->90CC0004 [unknown_code_page]
ntoskrnl.exe+0x0016E5BB, Type: Inline - RelativeCall 0x806455BB-->804E3B12 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5C4, Type: Inline - PushRet 0x806455C4-->F08B077D [unknown_code_page]
ntoskrnl.exe+0x0016E5C5, Type: Inline - RelativeJump 0x806455C5-->806455D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5E4, Type: Inline - RelativeJump 0x806455E4-->8064561B [ntoskrnl.exe]
ntoskrnl.exe+0x0016E5FC, Type: Inline - PushRet 0x806455FC-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016E64B, Type: Inline - RelativeCall 0x8064564B-->804E391E [ntoskrnl.exe]
ntoskrnl.exe+0x0016E65E, Type: Inline - PushRet 0x8064565E-->FF628C0F [unknown_code_page]
ntoskrnl.exe+0x0016E65F, Type: Inline - RelativeJump 0x8064565F-->806455C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E695, Type: Inline - RelativeCall 0x80645695-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x0016E69E, Type: Inline - RelativeJump 0x8064569E-->806455C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E893, Type: Inline - RelativeJump 0x80645893-->806458AC [ntoskrnl.exe]
ntoskrnl.exe+0x0016E8CC, Type: Inline - RelativeCall 0x806458CC-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016E8DC, Type: Inline - RelativeJump 0x806458DC-->80645A76 [ntoskrnl.exe]
ntoskrnl.exe+0x0016EA22, Type: Inline - RelativeCall 0x80645A22-->804E86F5 [ntoskrnl.exe]
ntoskrnl.exe+0x0016EA86, Type: Inline - RelativeJump 0x80645A86-->80645A8C [ntoskrnl.exe]
ntoskrnl.exe+0x0016EAAA, Type: Inline - RelativeJump 0x80645AAA-->80645AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016ECE4, Type: Inline - RelativeJump 0x80645CE4-->80645D9F [ntoskrnl.exe]
ntoskrnl.exe+0x0016EE7E, Type: Inline - PushRet 0x80645E7E-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0016F158, Type: Inline - RelativeJump 0x80646158-->8064677D [ntoskrnl.exe]
ntoskrnl.exe+0x0016F1D2, Type: Inline - RelativeJump 0x806461D2-->806461DF [ntoskrnl.exe]
ntoskrnl.exe+0x0016F206, Type: Inline - RelativeJump 0x80646206-->80646222 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F226, Type: Inline - RelativeJump 0x80646226-->80646259 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F23A, Type: Inline - RelativeJump 0x8064623A-->80646259 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F552, Type: Inline - RelativeJump 0x80646552-->8064656C [ntoskrnl.exe]
ntoskrnl.exe+0x0016F590, Type: Inline - RelativeCall 0x80646590-->8064C717 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F5A6, Type: Inline - RelativeJump 0x806465A6-->8064674A [ntoskrnl.exe]
ntoskrnl.exe+0x0016F5E0, Type: Inline - RelativeJump 0x806465E0-->806465F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F60E, Type: Inline - RelativeJump 0x8064660E-->806466D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F626, Type: Inline - RelativeJump 0x80646626-->806466B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F62E, Type: Inline - RelativeJump 0x8064662E-->806466B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0016F6B0, Type: Inline - RelativeJump 0x806466B0-->806466C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FA6F, Type: Inline - RelativeJump 0x80646A6F-->80646A8B [ntoskrnl.exe]
ntoskrnl.exe+0x0016FA85, Type: Inline - RelativeJump 0x80646A85-->80646AA0 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FBD5, Type: Inline - RelativeCall 0x80646BD5-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FBE1, Type: Inline - RelativeCall 0x80646BE1-->80645EC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FC24, Type: Inline - RelativeJump 0x80646C24-->80646C6B [ntoskrnl.exe]
ntoskrnl.exe+0x0016FCDD, Type: Inline - RelativeCall 0x80646CDD-->80649F4E [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEB8, Type: Inline - RelativeJump 0x80646EB8-->80647056 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEBD, Type: Inline - RelativeJump 0x80646EBD-->80647059 [ntoskrnl.exe]
ntoskrnl.exe+0x0016FEC5, Type: Inline - RelativeJump 0x80646EC5-->80647030 [ntoskrnl.exe]
ntoskrnl.exe+0x0017000E, Type: Inline - RelativeCall 0x8064700E-->FFC00000 [unknown_code_page]
ntoskrnl.exe+0x00170016, Type: Inline - RelativeCall 0x80647016-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0017001B, Type: Inline - RelativeJump 0x8064701B-->8064705A [ntoskrnl.exe]
ntoskrnl.exe+0x001705C7, Type: Inline - RelativeJump 0x806475C7-->8064761D [ntoskrnl.exe]
ntoskrnl.exe+0x00170804, Type: Inline - RelativeJump 0x80647804-->8064781E [ntoskrnl.exe]
ntoskrnl.exe+0x00170924, Type: Inline - RelativeJump 0x80647924-->80647907 [ntoskrnl.exe]
ntoskrnl.exe+0x0017095C, Type: Inline - RelativeJump 0x8064795C-->8064797A [ntoskrnl.exe]
ntoskrnl.exe+0x00170968, Type: Inline - PushRet 0x80647968-->E8A55210 [unknown_code_page]
ntoskrnl.exe+0x0017096B, Type: Inline - RelativeCall 0x8064796B-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x0017097B, Type: Inline - RelativeCall 0x8064797B-->80649F4E [ntoskrnl.exe]
ntoskrnl.exe+0x00170980, Type: Inline - RelativeJump 0x80647980-->8064798F [ntoskrnl.exe]
ntoskrnl.exe+0x00170B02, Type: Inline - RelativeJump 0x80647B02-->80647A88 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C10, Type: Inline - RelativeJump 0x80647C10-->80647D90 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C17, Type: Inline - RelativeJump 0x80647C17-->80647D07 [ntoskrnl.exe]
ntoskrnl.exe+0x00170C80, Type: Inline - RelativeJump 0x80647C80-->80647D85 [ntoskrnl.exe]
ntoskrnl.exe+0x00170CE4, Type: Inline - PushRet 0x80647CE4-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00170CEE, Type: Inline - RelativeJump 0x80647CEE-->80647DCE [ntoskrnl.exe]
ntoskrnl.exe+0x00170D04, Type: Inline - RelativeJump 0x80647D04-->80647D90 [ntoskrnl.exe]
ntoskrnl.exe+0x00170D0F, Type: Inline - RelativeJump 0x80647D0F-->80647D6A [ntoskrnl.exe]
ntoskrnl.exe+0x00170E41, Type: Inline - RelativeJump 0x80647E41-->80647E5B [ntoskrnl.exe]
ntoskrnl.exe+0x00170ECD, Type: Inline - RelativeCall 0x80647ECD-->80684277 [ntoskrnl.exe]
ntoskrnl.exe+0x00170EDD, Type: Inline - RelativeCall 0x80647EDD-->80648F9F [ntoskrnl.exe]
ntoskrnl.exe+0x00171105, Type: Inline - RelativeCall 0x80648105-->804E1343 [ntoskrnl.exe]
ntoskrnl.exe+0x00171157, Type: Inline - RelativeCall 0x80648157-->80684277 [ntoskrnl.exe]
ntoskrnl.exe+0x001712B5, Type: Inline - RelativeJump 0x806482B5-->80648364 [ntoskrnl.exe]
ntoskrnl.exe+0x001712BB, Type: Inline - RelativeJump 0x806482BB-->80648378 [ntoskrnl.exe]
ntoskrnl.exe+0x001714F8, Type: Inline - RelativeJump 0x806484F8-->806484D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017193A, Type: Inline - RelativeJump 0x8064893A-->80648966 [ntoskrnl.exe]
ntoskrnl.exe+0x00171BEA, Type: Inline - RelativeJump 0x80648BEA-->80648D06 [ntoskrnl.exe]
ntoskrnl.exe+0x00171CEE, Type: Inline - RelativeJump 0x80648CEE-->80648CFF [ntoskrnl.exe]
ntoskrnl.exe+0x00172259, Type: Inline - RelativeJump 0x80649259-->8064931F [ntoskrnl.exe]
ntoskrnl.exe+0x00172292, Type: Inline - RelativeJump 0x80649292-->806492A2 [ntoskrnl.exe]
ntoskrnl.exe+0x001722CE, Type: Inline - RelativeJump 0x806492CE-->806492C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00172305, Type: Inline - RelativeJump 0x80649305-->80649319 [ntoskrnl.exe]
ntoskrnl.exe+0x00172330, Type: Inline - RelativeJump 0x80649330-->8064933F [ntoskrnl.exe]
ntoskrnl.exe+0x00172543, Type: Inline - PushRet 0x80649543-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00172A01, Type: Inline - RelativeJump 0x80649A01-->80649A16 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B24, Type: Inline - RelativeJump 0x80649B24-->80649B2C [ntoskrnl.exe]
ntoskrnl.exe+0x00172B2C, Type: Inline - RelativeJump 0x80649B2C-->80649B36 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B40, Type: Inline - RelativeJump 0x80649B40-->80649B48 [ntoskrnl.exe]
ntoskrnl.exe+0x00172B50, Type: Inline - RelativeJump 0x80649B50-->80649B5A [ntoskrnl.exe]
ntoskrnl.exe+0x00172B60, Type: Inline - RelativeJump 0x80649B60-->80649B6A [ntoskrnl.exe]
ntoskrnl.exe+0x00172D8D, Type: Inline - DirectCall 0x80649D8D-->804D8054 [ntoskrnl.exe]
ntoskrnl.exe+0x00172E6F, Type: Inline - PushRet 0x80649E6F-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00172F4F, Type: Inline - RelativeJump 0x80649F4F-->80649F67 [ntoskrnl.exe]
ntoskrnl.exe+0x00173124, Type: Inline - RelativeJump 0x8064A124-->8064A139 [ntoskrnl.exe]
ntoskrnl.exe+0x0017320B, Type: Inline - RelativeJump 0x8064A20B-->8064A219 [ntoskrnl.exe]
ntoskrnl.exe+0x00173250, Type: Inline - RelativeJump 0x8064A250-->8064A25A [ntoskrnl.exe]
ntoskrnl.exe+0x00173292, Type: Inline - RelativeJump 0x8064A292-->8064A29C [ntoskrnl.exe]
ntoskrnl.exe+0x001732AE, Type: Inline - RelativeJump 0x8064A2AE-->8064A2BA [ntoskrnl.exe]
ntoskrnl.exe+0x001734CF, Type: Inline - RelativeJump 0x8064A4CF-->8064A4F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00173682, Type: Inline - RelativeJump 0x8064A682-->8064A794 [ntoskrnl.exe]
ntoskrnl.exe+0x00173793, Type: Inline - RelativeCall 0x8064A793-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x001737A4, Type: Inline - RelativeJump 0x8064A7A4-->8064A7C7 [ntoskrnl.exe]
ntoskrnl.exe+0x001737BD, Type: Inline - RelativeJump 0x8064A7BD-->8064A7C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00173893, Type: Inline - RelativeJump 0x8064A893-->8064ABE3 [ntoskrnl.exe]
ntoskrnl.exe+0x001738D6, Type: Inline - RelativeJump 0x8064A8D6-->8064AB77 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A2C, Type: Inline - RelativeJump 0x8064AA2C-->8064AA44 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A82, Type: Inline - RelativeCall 0x8064AA82-->805B56A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A87, Type: Inline - RelativeJump 0x8064AA87-->8064AB32 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A8F, Type: Inline - RelativeJump 0x8064AA8F-->8064AB32 [ntoskrnl.exe]
ntoskrnl.exe+0x00173A9B, Type: Inline - RelativeJump 0x8064AA9B-->8064AABB [ntoskrnl.exe]
ntoskrnl.exe+0x00173AAE, Type: Inline - RelativeJump 0x8064AAAE-->8064AB36 [ntoskrnl.exe]
ntoskrnl.exe+0x00173ABE, Type: Inline - RelativeJump 0x8064AABE-->8064AAD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00173AED, Type: Inline - RelativeJump 0x8064AAED-->8064AB05 [ntoskrnl.exe]
ntoskrnl.exe+0x00173B44, Type: Inline - RelativeJump 0x8064AB44-->8064A8DC [ntoskrnl.exe]
ntoskrnl.exe+0x00173B4F, Type: Inline - PushRet 0x8064AB4F-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00173BBC, Type: Inline - RelativeJump 0x8064ABBC-->8064ABCB [ntoskrnl.exe]
ntoskrnl.exe+0x00173BC7, Type: Inline - RelativeJump 0x8064ABC7-->8064ABE7 [ntoskrnl.exe]
ntoskrnl.exe+0x00173BF6, Type: Inline - PushRet 0x8064ABF6-->CC900024 [unknown_code_page]
ntoskrnl.exe+0x00173C47, Type: Inline - RelativeJump 0x8064AC47-->8064AC58 [ntoskrnl.exe]
ntoskrnl.exe+0x00173E20, Type: Inline - RelativeJump 0x8064AE20-->8064AE2E [ntoskrnl.exe]
ntoskrnl.exe+0x00173ECF, Type: Inline - RelativeJump 0x8064AECF-->8064AEFF [ntoskrnl.exe]
ntoskrnl.exe+0x00173EE6, Type: Inline - RelativeCall 0x8064AEE6-->804E5CEF [ntoskrnl.exe]
ntoskrnl.exe+0x00173EF0, Type: Inline - RelativeJump 0x8064AEF0-->8064AEFF [ntoskrnl.exe]
ntoskrnl.exe+0x00174145, Type: Inline - RelativeJump 0x8064B145-->8064B155 [ntoskrnl.exe]
ntoskrnl.exe+0x00174151, Type: Inline - RelativeJump 0x8064B151-->8064B16D [ntoskrnl.exe]
ntoskrnl.exe+0x001744BB, Type: Inline - RelativeJump 0x8064B4BB-->8064B4EC [ntoskrnl.exe]
ntoskrnl.exe+0x001747A2, Type: Inline - RelativeJump 0x8064B7A2-->8064B7C2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017481D, Type: Inline - RelativeCall 0x8064B81D-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x001748A5, Type: Inline - RelativeJump 0x8064B8A5-->8064B79F [ntoskrnl.exe]
ntoskrnl.exe+0x001748C4, Type: Inline - RelativeJump 0x8064B8C4-->8064B8CA [ntoskrnl.exe]
ntoskrnl.exe+0x00174A6D, Type: Inline - RelativeCall 0x8064BA6D-->804EA0FD [ntoskrnl.exe]
ntoskrnl.exe+0x00174AD1, Type: Inline - RelativeJump 0x8064BAD1-->8064BAF7 [ntoskrnl.exe]
ntoskrnl.exe+0x00174AD5, Type: Inline - RelativeJump 0x8064BAD5-->8064BAEF [ntoskrnl.exe]
ntoskrnl.exe+0x00174ADB, Type: Inline - RelativeJump 0x8064BADB-->8064BAED [ntoskrnl.exe]
ntoskrnl.exe+0x00174B62, Type: Inline - RelativeJump 0x8064BB62-->8064BB90 [ntoskrnl.exe]
ntoskrnl.exe+0x00174C8F, Type: Inline - RelativeJump 0x8064BC8F-->8064BCA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00174D31, Type: Inline - RelativeJump 0x8064BD31-->8064BCA1 [ntoskrnl.exe]
ntoskrnl.exe+0x00175091, Type: Inline - RelativeCall 0x8064C091-->8050B721 [ntoskrnl.exe]
ntoskrnl.exe+0x00175099, Type: Inline - RelativeJump 0x8064C099-->8064C0A6 [ntoskrnl.exe]
ntoskrnl.exe+0x001751B9, Type: Inline - RelativeJump 0x8064C1B9-->8064C1D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017523C, Type: Inline - RelativeCall 0x8064C23C-->8064BFB6 [ntoskrnl.exe]
ntoskrnl.exe+0x00175299, Type: Inline - RelativeJump 0x8064C299-->8064C2B7 [ntoskrnl.exe]
ntoskrnl.exe+0x001755D5, Type: Inline - RelativeJump 0x8064C5D5-->8064C619 [ntoskrnl.exe]
ntoskrnl.exe+0x001755EA, Type: Inline - RelativeJump 0x8064C5EA-->8064C611 [ntoskrnl.exe]
ntoskrnl.exe+0x00175D71, Type: Inline - RelativeJump 0x8064CD71-->8064CD72 [ntoskrnl.exe]
ntoskrnl.exe+0x00175DEA, Type: Inline - RelativeCall 0x8064CDEA-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe+0x00175DEF, Type: Inline - PushRet 0x8064CDEF-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00175E4D, Type: Inline - RelativeCall 0x8064CE4D-->8059296C [ntoskrnl.exe]
ntoskrnl.exe+0x00175E5A, Type: Inline - PushRet 0x8064CE5A-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x00176003, Type: Inline - RelativeJump 0x8064D003-->8064D046 [ntoskrnl.exe]
ntoskrnl.exe+0x00176448, Type: Inline - RelativeJump 0x8064D448-->8064D432 [ntoskrnl.exe]
ntoskrnl.exe+0x00176466, Type: Inline - RelativeJump 0x8064D466-->8064D46C [ntoskrnl.exe]
ntoskrnl.exe+0x00176468, Type: Inline - RelativeJump 0x8064D468-->8064D46E [ntoskrnl.exe]
ntoskrnl.exe+0x00176490, Type: Inline - RelativeJump 0x8064D490-->8064D4A8 [ntoskrnl.exe]
ntoskrnl.exe+0x001765C5, Type: Inline - RelativeJump 0x8064D5C5-->8064D5D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017692A, Type: Inline - RelativeJump 0x8064D92A-->8064D934 [ntoskrnl.exe]
ntoskrnl.exe+0x00176958, Type: Inline - RelativeJump 0x8064D958-->8064D95E [ntoskrnl.exe]
ntoskrnl.exe+0x00176964, Type: Inline - RelativeJump 0x8064D964-->8064D96A [ntoskrnl.exe]
ntoskrnl.exe+0x00176E5F, Type: Inline - RelativeCall 0x8064DE5F-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00176F05, Type: Inline - RelativeCall 0x8064DF05-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x00176F0A, Type: Inline - RelativeCall 0x8064DF0A-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x001770F4, Type: Inline - RelativeJump 0x8064E0F4-->8064E0B5 [ntoskrnl.exe]
ntoskrnl.exe+0x001775DE, Type: Inline - RelativeJump 0x8064E5DE-->8064E717 [ntoskrnl.exe]
ntoskrnl.exe+0x0017777D, Type: Inline - RelativeJump 0x8064E77D-->8064E779 [ntoskrnl.exe]
ntoskrnl.exe+0x001777E2, Type: Inline - RelativeJump 0x8064E7E2-->8064E8D2 [ntoskrnl.exe]
ntoskrnl.exe+0x001777E8, Type: Inline - RelativeCall 0x8064E7E8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00177AAC, Type: Inline - RelativeJump 0x8064EAAC-->8064EAB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00177B0A, Type: Inline - RelativeJump 0x8064EB0A-->8064EB10 [ntoskrnl.exe]
ntoskrnl.exe+0x00177B61, Type: Inline - RelativeJump 0x8064EB61-->8064EB6A [ntoskrnl.exe]
ntoskrnl.exe+0x00177C2D, Type: Inline - PushRet 0x8064EC2D-->90CC0008 [unknown_code_page]
ntoskrnl.exe+0x00177CD8, Type: Inline - RelativeCall 0x8064ECD8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00177D23, Type: Inline - RelativeCall 0x8064ED23-->80572BDF [ntoskrnl.exe]
ntoskrnl.exe+0x00177D34, Type: Inline - RelativeJump 0x8064ED34-->8064EFC6 [ntoskrnl.exe]
ntoskrnl.exe+0x00177F31, Type: Inline - RelativeJump 0x8064EF31-->8064EF50 [ntoskrnl.exe]
ntoskrnl.exe+0x00177F42, Type: Inline - RelativeJump 0x8064EF42-->89FFE929 [unknown_code_page]
ntoskrnl.exe+0x00178014, Type: Inline - RelativeJump 0x8064F014-->8064F01A [ntoskrnl.exe]
ntoskrnl.exe+0x001780B2, Type: Inline - RelativeJump 0x8064F0B2-->8064F0C2 [ntoskrnl.exe]
ntoskrnl.exe+0x001780D4, Type: Inline - RelativeJump 0x8064F0D4-->8064F0E0 [ntoskrnl.exe]
ntoskrnl.exe+0x001782B6, Type: Inline - RelativeJump 0x8064F2B6-->8064F30A [ntoskrnl.exe]
ntoskrnl.exe+0x001782C8, Type: Inline - RelativeJump 0x8064F2C8-->8064F30A [ntoskrnl.exe]
ntoskrnl.exe+0x001783C9, Type: Inline - RelativeJump 0x8064F3C9-->806DB6CF [ntoskrnl.exe]
ntoskrnl.exe+0x001785E0, Type: Inline - RelativeJump 0x8064F5E0-->8064F5EE [ntoskrnl.exe]
ntoskrnl.exe+0x0017883F, Type: Inline - RelativeJump 0x8064F83F-->8064F858 [ntoskrnl.exe]
ntoskrnl.exe+0x00178885, Type: Inline - RelativeJump 0x8064F885-->8064F86F [ntoskrnl.exe]
ntoskrnl.exe+0x00178E01, Type: Inline - RelativeJump 0x8064FE01-->8064FE1F [ntoskrnl.exe]
ntoskrnl.exe+0x00178E94, Type: Inline - RelativeCall 0x8064FE94-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00178E9A, Type: Inline - RelativeJump 0x8064FE9A-->8064FEAE [ntoskrnl.exe]
ntoskrnl.exe+0x00178EA8, Type: Inline - RelativeCall 0x8064FEA8-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x00178EAF, Type: Inline - PushRet 0x8064FEAF-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00178EC4, Type: Inline - PushRet 0x8064FEC4-->90900014 [unknown_code_page]
ntoskrnl.exe+0x00178EDA, Type: Inline - PushRet 0x8064FEDA-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x00178EEE, Type: Inline - PushRet 0x8064FEEE-->CC900008 [unknown_code_page]
ntoskrnl.exe+0x00178F36, Type: Inline - RelativeJump 0x8064FF36-->8064FFE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00178F6C, Type: Inline - RelativeJump 0x8064FF6C-->8065019E [ntoskrnl.exe]
ntoskrnl.exe+0x00179069, Type: Inline - RelativeCall 0x80650069-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x00179071, Type: Inline - RelativeJump 0x80650071-->80650091 [ntoskrnl.exe]
ntoskrnl.exe+0x0017907C, Type: Inline - RelativeJump 0x8065007C-->8065003E [ntoskrnl.exe]
ntoskrnl.exe+0x0017949B, Type: Inline - RelativeJump 0x8065049B-->806504D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0017963B, Type: Inline - RelativeJump 0x8065063B-->80650698 [ntoskrnl.exe]
ntoskrnl.exe+0x00179652, Type: Inline - RelativeJump 0x80650652-->80650668 [ntoskrnl.exe]
ntoskrnl.exe+0x001796DA, Type: Inline - PushRet 0x806506DA-->90909090 [unknown_code_page]
ntoskrnl.exe+0x001796DB, Type: Inline - RelativeJump 0x806506DB-->806506CE [ntoskrnl.exe]
ntoskrnl.exe+0x001797AC, Type: Inline - RelativeJump 0x806507AC-->806507AE [ntoskrnl.exe]
ntoskrnl.exe+0x001797C5, Type: Inline - PushRet 0x806507C5-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00179807, Type: Inline - RelativeJump 0x80650807-->80650815 [ntoskrnl.exe]
ntoskrnl.exe+0x00179876, Type: Inline - RelativeCall 0x80650876-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x00179882, Type: Inline - RelativeJump 0x80650882-->806508B1 [ntoskrnl.exe]
ntoskrnl.exe+0x001799AF, Type: Inline - RelativeCall 0x806509AF-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00179AB9, Type: Inline - RelativeJump 0x80650AB9-->80650AEA [ntoskrnl.exe]
ntoskrnl.exe+0x00179B2A, Type: Inline - RelativeCall 0x80650B2A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00179B34, Type: Inline - RelativeJump 0x80650B34-->80650B44 [ntoskrnl.exe]
ntoskrnl.exe+0x00179C59, Type: Inline - RelativeJump 0x80650C59-->80650C8C [ntoskrnl.exe]
ntoskrnl.exe+0x00179C63, Type: Inline - RelativeJump 0x80650C63-->80650C51 [ntoskrnl.exe]
ntoskrnl.exe+0x00179E10, Type: Inline - RelativeJump 0x80650E10-->80650F0A [ntoskrnl.exe]
ntoskrnl.exe+0x00179FE3, Type: Inline - RelativeCall 0x80650FE3-->804EE0B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00179FEB, Type: Inline - RelativeCall 0x80650FEB-->804F6EB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00179FF5, Type: Inline - RelativeJump 0x80650FF5-->80651013 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A078, Type: Inline - RelativeCall 0x80651078-->80615E00 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A07E, Type: Inline - RelativeJump 0x8065107E-->806510BC [ntoskrnl.exe]
ntoskrnl.exe+0x0017A101, Type: Inline - RelativeCall 0x80651101-->8057898F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A157, Type: Inline - RelativeJump 0x80651157-->80651175 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A159, Type: Inline - RelativeCall 0x80651159-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A161, Type: Inline - RelativeJump 0x80651161-->8065117F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A17F, Type: Inline - RelativeJump 0x8065117F-->8065148D [ntoskrnl.exe]
ntoskrnl.exe+0x0017A188, Type: Inline - DirectJump 0x80651188-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0017A194, Type: Inline - RelativeJump 0x80651194-->806511B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A19E, Type: Inline - RelativeJump 0x8065119E-->80651488 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A1FB, Type: Inline - RelativeJump 0x806511FB-->80651494 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A23D, Type: Inline - RelativeJump 0x8065123D-->8065124B [ntoskrnl.exe]
ntoskrnl.exe+0x0017A243, Type: Inline - RelativeJump 0x80651243-->80651494 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A25B, Type: Inline - RelativeJump 0x8065125B-->80651269 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A353, Type: Inline - RelativeJump 0x80651353-->80651335 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A37D, Type: Inline - RelativeJump 0x8065137D-->8065138F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A39A, Type: Inline - RelativeJump 0x8065139A-->8065137C [ntoskrnl.exe]
ntoskrnl.exe+0x0017A3A2, Type: Inline - RelativeJump 0x806513A2-->806513B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A3F7, Type: Inline - RelativeJump 0x806513F7-->80651411 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A445, Type: Inline - RelativeJump 0x80651445-->8065145F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A44B, Type: Inline - RelativeJump 0x8065144B-->8065145D [ntoskrnl.exe]
ntoskrnl.exe+0x0017A45D, Type: Inline - RelativeJump 0x8065145D-->806514DC [ntoskrnl.exe]
ntoskrnl.exe+0x0017A4D1, Type: Inline - RelativeJump 0x806514D1-->E4458BFF [unknown_code_page]
ntoskrnl.exe+0x0017A61F, Type: Inline - RelativeJump 0x8065161F-->806517A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A667, Type: Inline - RelativeJump 0x80651667-->80651687 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A6B6, Type: Inline - RelativeJump 0x806516B6-->80651795 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A794, Type: Inline - RelativeJump 0x80651794-->8075DAA7 [unknown_code_page]
ntoskrnl.exe+0x0017A7CC, Type: Inline - RelativeJump 0x806517CC-->80651A10 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A8FC, Type: Inline - RelativeJump 0x806518FC-->806519D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017A929, Type: Inline - RelativeJump 0x80651929-->8065193F [ntoskrnl.exe]
ntoskrnl.exe+0x0017A92C, Type: Inline - RelativeJump 0x8065192C-->8065190E [ntoskrnl.exe]
ntoskrnl.exe+0x0017A9B1, Type: Inline - RelativeCall 0x806519B1-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AAE1, Type: Inline - RelativeCall 0x80651AE1-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AAEE, Type: Inline - RelativeJump 0x80651AEE-->80651BAE [ntoskrnl.exe]
ntoskrnl.exe+0x0017AB2C, Type: Inline - RelativeCall 0x80651B2C-->804DB4B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AC65, Type: Inline - PushRet 0x80651C65-->CC90000C [unknown_code_page]
ntoskrnl.exe+0x0017ACEB, Type: Inline - RelativeJump 0x80651CEB-->80651CF0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017ACFA, Type: Inline - RelativeJump 0x80651CFA-->80651D00 [ntoskrnl.exe]
ntoskrnl.exe+0x0017AD10, Type: Inline - RelativeJump 0x80651D10-->80651D5D [ntoskrnl.exe]
ntoskrnl.exe+0x0017AE74, Type: Inline - PushRet 0x80651E74-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0017B0FD, Type: Inline - RelativeJump 0x806520FD-->80652113 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B140, Type: Inline - RelativeJump 0x80652140-->80652155 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B14A, Type: Inline - RelativeJump 0x8065214A-->8065233B [ntoskrnl.exe]
ntoskrnl.exe+0x0017B1A6, Type: Inline - RelativeJump 0x806521A6-->8065226D [ntoskrnl.exe]
ntoskrnl.exe+0x0017B1B6, Type: Inline - RelativeJump 0x806521B6-->80652275 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B250, Type: Inline - RelativeJump 0x80652250-->806521B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B268, Type: Inline - RelativeJump 0x80652268-->80652279 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B274, Type: Inline - RelativeCall 0x80652274-->805A4B2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017B27C, Type: Inline - RelativeJump 0x8065227C-->80652339 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B2A8, Type: Inline - RelativeJump 0x806522A8-->8065210E [ntoskrnl.exe]
ntoskrnl.exe+0x0017B2B5, Type: Inline - RelativeJump 0x806522B5-->80652302 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B3B5, Type: Inline - RelativeCall 0x806523B5-->80652524 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B3F0, Type: Inline - RelativeJump 0x806523F0-->80652414 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B448, Type: Inline - RelativeJump 0x80652448-->806524CC [ntoskrnl.exe]
ntoskrnl.exe+0x0017B48E, Type: Inline - RelativeCall 0x8065248E-->80652DA4 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B494, Type: Inline - RelativeJump 0x80652494-->8065249F [ntoskrnl.exe]
ntoskrnl.exe+0x0017B4E5, Type: Inline - RelativeJump 0x806524E5-->80652503 [ntoskrnl.exe]
ntoskrnl.exe+0x0017B4F1, Type: Inline - RelativeJump 0x806524F1-->806524FF [ntoskrnl.exe]
ntoskrnl.exe+0x0017B541, Type: Inline - RelativeJump 0x80652541-->88B2B138 [unknown_code_page]
ntoskrnl.exe+0x0017B5CF, Type: Inline - RelativeJump 0x806525CF-->8065262A [ntoskrnl.exe]
ntoskrnl.exe+0x0017B6A5, Type: Inline - RelativeJump 0x806526A5-->806526A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BB47, Type: Inline - RelativeJump 0x80652B47-->80652B63 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BB88, Type: Inline - RelativeJump 0x80652B88-->80652B96 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BE72, Type: Inline - RelativeJump 0x80652E72-->80652E84 [ntoskrnl.exe]
ntoskrnl.exe+0x0017BFF0, Type: Inline - RelativeCall 0x80652FF0-->80652E26 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C377, Type: Inline - RelativeCall 0x80653377-->804DA88D [ntoskrnl.exe]
ntoskrnl.exe+0x0017C390, Type: Inline - RelativeJump 0x80653390-->8065339C [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4CD, Type: Inline - RelativeCall 0x806534CD-->8065292E [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4D6, Type: Inline - RelativeCall 0x806534D6-->806526EE [ntoskrnl.exe]
ntoskrnl.exe+0x0017C4DF, Type: Inline - RelativeJump 0x806534DF-->80653538 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C525, Type: Inline - RelativeCall 0x80653525-->80652E26 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C72C, Type: Inline - RelativeJump 0x8065372C-->80653795 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C730, Type: Inline - RelativeJump 0x80653730-->80653799 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C73B, Type: Inline - RelativeJump 0x8065373B-->8065377B [ntoskrnl.exe]
ntoskrnl.exe+0x0017C78C, Type: Inline - RelativeJump 0x8065378C-->8065379A [ntoskrnl.exe]
ntoskrnl.exe+0x0017C881, Type: Inline - RelativeJump 0x80653881-->80653897 [ntoskrnl.exe]
ntoskrnl.exe+0x0017C9FD, Type: Inline - RelativeJump 0x806539FD-->80653A4F [ntoskrnl.exe]
ntoskrnl.exe+0x0017CAA2, Type: Inline - RelativeJump 0x80653AA2-->80653AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017CAE4, Type: Inline - RelativeCall 0x80653AE4-->8065384B [ntoskrnl.exe]
ntoskrnl.exe+0x0017CD98, Type: Inline - PushRet 0x80653D98-->CCCC0004 [unknown_code_page]
ntoskrnl.exe+0x0017CEA4, Type: Inline - RelativeJump 0x80653EA4-->80653E35 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D020, Type: Inline - RelativeJump 0x80654020-->80654080 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D13D, Type: Inline - RelativeJump 0x8065413D-->806541B7 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D3AF, Type: Inline - RelativeJump 0x806543AF-->80654641 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D3B5, Type: Inline - RelativeCall 0x806543B5-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D530, Type: Inline - RelativeCall 0x80654530-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D561, Type: Inline - RelativeCall 0x80654561-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D613, Type: Inline - RelativeJump 0x80654613-->8065462D [ntoskrnl.exe]
ntoskrnl.exe+0x0017D628, Type: Inline - RelativeJump 0x80654628-->80654642 [ntoskrnl.exe]
ntoskrnl.exe+0x0017D630, Type: Inline - RelativeJump 0x80654630-->8065468F [ntoskrnl.exe]
ntoskrnl.exe+0x0017D680, Type: Inline - RelativeCall 0x80654680-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DDB8, Type: Inline - RelativeCall 0x80654DB8-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DDCA, Type: Inline - RelativeCall 0x80654DCA-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE37, Type: Inline - RelativeCall 0x80654E37-->805B779D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE3C, Type: Inline - RelativeJump 0x80654E3C-->80654F2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE4C, Type: Inline - RelativeCall 0x80654E4C-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE5E, Type: Inline - RelativeCall 0x80654E5E-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE7E, Type: Inline - RelativeCall 0x80654E7E-->805B779D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE83, Type: Inline - RelativeJump 0x80654E83-->80654F2D [ntoskrnl.exe]
ntoskrnl.exe+0x0017DE93, Type: Inline - RelativeJump 0x80654E93-->80654DA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DEC7, Type: Inline - RelativeJump 0x80654EC7-->80654F31 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DF25, Type: Inline - RelativeJump 0x80654F25-->80654F31 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DF33, Type: Inline - RelativeCall 0x80654F33-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DFBA, Type: Inline - RelativeJump 0x80654FBA-->80654FC6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017DFD1, Type: Inline - RelativeJump 0x80654FD1-->80654FDA [ntoskrnl.exe]
ntoskrnl.exe+0x0017E012, Type: Inline - RelativeJump 0x80655012-->8065501C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E02E, Type: Inline - RelativeJump 0x8065502E-->8065503C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E040, Type: Inline - RelativeJump 0x80655040-->8065504C [ntoskrnl.exe]
ntoskrnl.exe+0x0017E052, Type: Inline - RelativeJump 0x80655052-->80655058 [ntoskrnl.exe]
ntoskrnl.exe+0x0017E238, Type: Inline - RelativeJump 0x80655238-->8065521E [ntoskrnl.exe]
ntoskrnl.exe+0x0017E2C5, Type: Inline - RelativeJump 0x806552C5-->806552CF [ntoskrnl.exe]
ntoskrnl.exe+0x0017E2CC, Type: Inline - RelativeJump 0x806552CC-->806552D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0017E6F2, Type: Inline - RelativeJump 0x806556F2-->80655764 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EA95, Type: Inline - RelativeJump 0x80655A95-->80655AB3 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EAA8, Type: Inline - RelativeJump 0x80655AA8-->80655AB0 [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB38, Type: Inline - RelativeJump 0x80655B38-->80655B5E [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB43, Type: Inline - RelativeJump 0x80655B43-->80655B5B [ntoskrnl.exe]
ntoskrnl.exe+0x0017EB51, Type: Inline - RelativeJump 0x80655B51-->80655B8C [ntoskrnl.exe]
ntoskrnl.exe+0x0017F144, Type: Inline - RelativeCall 0x80656144-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F23B, Type: Inline - RelativeCall 0x8065623B-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F243, Type: Inline - RelativeJump 0x80656243-->8065629E [ntoskrnl.exe]
ntoskrnl.exe+0x0017F336, Type: Inline - RelativeJump 0x80656336-->8065634C [ntoskrnl.exe]
ntoskrnl.exe+0x0017F33E, Type: Inline - RelativeCall 0x8065633E-->80570313 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F433, Type: Inline - RelativeCall 0x80656433-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F43C, Type: Inline - RelativeJump 0x8065643C-->80656487 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F441, Type: Inline - RelativeJump 0x80656441-->80656442 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F45D, Type: Inline - RelativeJump 0x8065645D-->80656472 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F51B, Type: Inline - RelativeJump 0x8065651B-->8065651D [ntoskrnl.exe]
ntoskrnl.exe+0x0017F54F, Type: Inline - RelativeJump 0x8065654F-->80656572 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F5F6, Type: Inline - RelativeCall 0x806565F6-->80655083 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F5FC, Type: Inline - RelativeJump 0x806565FC-->80656644 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F70C, Type: Inline - RelativeJump 0x8065670C-->8065670E [ntoskrnl.exe]
ntoskrnl.exe+0x0017F71C, Type: Inline - RelativeCall 0x8065671C-->80655083 [ntoskrnl.exe]
ntoskrnl.exe+0x0017F8C9, Type: Inline - RelativeCall 0x806568C9-->8065C0F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0017FDAD, Type: Inline - RelativeJump 0x80656DAD-->80656F3A [ntoskrnl.exe]
ntoskrnl.exe+0x0018009F, Type: Inline - RelativeJump 0x8065709F-->806570C1 [ntoskrnl.exe]
ntoskrnl.exe+0x001800A6, Type: Inline - RelativeJump 0x806570A6-->80657063 [ntoskrnl.exe]
ntoskrnl.exe+0x00180154, Type: Inline - RelativeJump 0x80657154-->80657162 [ntoskrnl.exe]
ntoskrnl.exe+0x001801BD, Type: Inline - RelativeJump 0x806571BD-->80657242 [ntoskrnl.exe]
ntoskrnl.exe+0x001802E0, Type: Inline - RelativeJump 0x806572E0-->806572F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0018030C, Type: Inline - RelativeJump 0x8065730C-->80657312 [ntoskrnl.exe]
ntoskrnl.exe+0x00180328, Type: Inline - RelativeJump 0x80657328-->8065732E [ntoskrnl.exe]
ntoskrnl.exe+0x00180593, Type: Inline - RelativeCall 0x80657593-->8057FCE0 [ntoskrnl.exe]
ntoskrnl.exe+0x0018062C, Type: Inline - RelativeJump 0x8065762C-->80657638 [ntoskrnl.exe]
ntoskrnl.exe+0x0018063A, Type: Inline - RelativeJump 0x8065763A-->80657640 [ntoskrnl.exe]
ntoskrnl.exe+0x0018074D, Type: Inline - RelativeJump 0x8065774D-->8065775D [ntoskrnl.exe]
ntoskrnl.exe+0x0018075A, Type: Inline - RelativeJump 0x8065775A-->80657769 [ntoskrnl.exe]
ntoskrnl.exe+0x00180890, Type: Inline - RelativeCall 0x80657890-->804E3BED [ntoskrnl.exe]
ntoskrnl.exe+0x0018089C, Type: Inline - RelativeJump 0x8065789C-->80657960 [ntoskrnl.exe]
ntoskrnl.exe+0x00180A2A, Type: Inline - RelativeCall 0x80657A2A-->805DE2C1 [ntoskrnl.exe]
ntoskrnl.exe+0x00180A39, Type: Inline - RelativeJump 0x80657A39-->80657C28 [ntoskrnl.exe]
ntoskrnl.exe+0x00180BE0, Type: Inline - RelativeJump 0x80657BE0-->80657C5C [ntoskrnl.exe]
ntoskrnl.exe+0x00180C0E, Type: Inline - RelativeJump 0x80657C0E-->80657C28 [ntoskrnl.exe]
ntoskrnl.exe+0x00180C4F, Type: Inline - RelativeJump 0x80657C4F-->80657C4D [ntoskrnl.exe]
ntoskrnl.exe+0x00180CBC, Type: Inline - RelativeJump 0x80657CBC-->80657CC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00180FE6, Type: Inline - RelativeCall 0x80657FE6-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x0018107A, Type: Inline - RelativeJump 0x8065807A-->8065817D [ntoskrnl.exe]
ntoskrnl.exe+0x00181082, Type: Inline - RelativeCall 0x80658082-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00181092, Type: Inline - RelativeCall 0x80658092-->80572F19 [ntoskrnl.exe]
ntoskrnl.exe+0x0018115E, Type: Inline - RelativeJump 0x8065815E-->80658128 [ntoskrnl.exe]
ntoskrnl.exe+0x00181232, Type: Inline - RelativeJump 0x80658232-->80658238 [ntoskrnl.exe]
ntoskrnl.exe+0x00181778, Type: Inline - RelativeCall 0x80658778-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe+0x001817D8, Type: Inline - RelativeJump 0x806587D8-->806587EE [ntoskrnl.exe]
ntoskrnl.exe+0x00181986, Type: Inline - RelativeCall 0x80658986-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe+0x0018198B, Type: Inline - RelativeJump 0x8065898B-->80658A7F [ntoskrnl.exe]
ntoskrnl.exe+0x001819E0, Type: Inline - RelativeCall 0x806589E0-->805DAB3E [ntoskrnl.exe]
ntoskrnl.exe+0x001819EB, Type: Inline - RelativeJump 0x806589EB-->80658A75 [ntoskrnl.exe]
ntoskrnl.exe+0x00181A3B, Type: Inline - RelativeJump 0x80658A3B-->80658A48 [ntoskrnl.exe]
ntoskrnl.exe+0x00181A54, Type: Inline - RelativeJump 0x80658A54-->80658A7E [ntoskrnl.exe]
ntoskrnl.exe+0x00181B62, Type: Inline - RelativeJump 0x80658B62-->80658B68 [ntoskrnl.exe]
ntoskrnl.exe+0x00181B6A, Type: Inline - RelativeJump 0x80658B6A-->80658B74 [ntoskrnl.exe]
ntoskrnl.exe+0x00181FF9, Type: Inline - RelativeCall 0x80658FF9-->80572F19 [ntoskrnl.exe]
ntoskrnl.exe+0x00182006, Type: Inline - RelativeJump 0x80659006-->8065933D [ntoskrnl.exe]
ntoskrnl.exe+0x0018200E, Type: Inline - RelativeJump 0x8065900E-->8065933D [ntoskrnl.exe]
ntoskrnl.exe+0x00182086, Type: Inline - RelativeJump 0x80659086-->806594C5 [ntoskrnl.exe]
ntoskrnl.exe+0x00182224, Type: Inline - RelativeCall 0x80659224-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001823DA, Type: Inline - RelativeCall 0x806593DA-->80657362 [ntoskrnl.exe]
ntoskrnl.exe+0x001823EE, Type: Inline - RelativeJump 0x806593EE-->806594C5 [ntoskrnl.exe]
ntoskrnl.exe+0x001824D1, Type: Inline - RelativeJump 0x806594D1-->80658EB4 [ntoskrnl.exe]
ntoskrnl.exe+0x001824E6, Type: Inline - RelativeJump 0x806594E6-->806594F4 [ntoskrnl.exe]
ntoskrnl.exe+0x001824F0, Type: Inline - RelativeJump 0x806594F0-->806594F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00182582, Type: Inline - RelativeJump 0x80659582-->80659590 [ntoskrnl.exe]
ntoskrnl.exe+0x00182676, Type: Inline - RelativeJump 0x80659676-->8065967C [ntoskrnl.exe]
ntoskrnl.exe+0x0018268A, Type: Inline - RelativeJump 0x8065968A-->80659698 [ntoskrnl.exe]
ntoskrnl.exe+0x001826D0, Type: Inline - RelativeJump 0x806596D0-->806596DC [ntoskrnl.exe]
ntoskrnl.exe+0x001826DE, Type: Inline - RelativeJump 0x806596DE-->806596E8 [ntoskrnl.exe]
ntoskrnl.exe+0x00182716, Type: Inline - RelativeJump 0x80659716-->8065971C [ntoskrnl.exe]
ntoskrnl.exe+0x00182744, Type: Inline - RelativeJump 0x80659744-->8065974A [ntoskrnl.exe]
ntoskrnl.exe+0x0018274E, Type: Inline - RelativeJump 0x8065974E-->80659756 [ntoskrnl.exe]
ntoskrnl.exe+0x00182752, Type: Inline - RelativeJump 0x80659752-->8065975E [ntoskrnl.exe]
ntoskrnl.exe+0x0018279D, Type: Inline - RelativeJump 0x8065979D-->806597AE [ntoskrnl.exe]
ntoskrnl.exe+0x0018280E, Type: Inline - RelativeJump 0x8065980E-->80659814 [ntoskrnl.exe]
ntoskrnl.exe+0x00182810, Type: Inline - RelativeJump 0x80659810-->80659816 [ntoskrnl.exe]
ntoskrnl.exe+0x00182814, Type: Inline - RelativeJump 0x80659814-->8065981A [ntoskrnl.exe]
ntoskrnl.exe+0x00182819, Type: Inline - RelativeJump 0x80659819-->80659830 [ntoskrnl.exe]
ntoskrnl.exe+0x0018282C, Type: Inline - RelativeJump 0x8065982C-->80659832 [ntoskrnl.exe]
ntoskrnl.exe+0x0018282E, Type: Inline - RelativeJump 0x8065982E-->80659834 [ntoskrnl.exe]
ntoskrnl.exe+0x0018287A, Type: Inline - RelativeJump 0x8065987A-->80659880 [ntoskrnl.exe]
ntoskrnl.exe+0x00182A90, Type: Inline - RelativeJump 0x80659A90-->80659B03 [ntoskrnl.exe]
ntoskrnl.exe+0x00182A97, Type: Inline - RelativeJump 0x80659A97-->80659AC4 [ntoskrnl.exe]
ntoskrnl.exe+0x00182AA0, Type: Inline - RelativeJump 0x80659AA0-->80659AC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00182BA8, Type: Inline - RelativeCall 0x80659BA8-->8065BE17 [ntoskrnl.exe]
ntoskrnl.exe+0x00182C4A, Type: Inline - RelativeJump 0x80659C4A-->80659CD5 [ntoskrnl.exe]
ntoskrnl.exe+0x00182C6D, Type: Inline - RelativeCall 0x80659C6D-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe+0x00182DA4, Type: Inline - RelativeJump 0x80659DA4-->80659D52 [ntoskrnl.exe]
ntoskrnl.exe+0x00183127, Type: Inline - RelativeJump 0x8065A127-->8065A14A [ntoskrnl.exe]
ntoskrnl.exe+0x0018338C, Type: Inline - RelativeJump 0x8065A38C-->8065A3A6 [ntoskrnl.exe]
ntoskrnl.exe+0x00183892, Type: Inline - RelativeJump 0x8065A892-->8065A8A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0018389F, Type: Inline - RelativeCall 0x8065A89F-->80578B44 [ntoskrnl.exe]
ntoskrnl.exe+0x001838D7, Type: Inline - RelativeJump 0x8065A8D7-->8065A8EB [ntoskrnl.exe]
ntoskrnl.exe+0x001838E8, Type: Inline - RelativeJump 0x8065A8E8-->8065A8F6 [ntoskrnl.exe]
ntoskrnl.exe+0x001839C8, Type: Inline - RelativeJump 0x8065A9C8-->8065A9DE [ntoskrnl.exe]
ntoskrnl.exe+0x00183A6C, Type: Inline - RelativeCall 0x8065AA6C-->80598198 [ntoskrnl.exe]
ntoskrnl.exe+0x00183A7B, Type: Inline - RelativeJump 0x8065AA7B-->8065AA93 [ntoskrnl.exe]
ntoskrnl.exe+0x00183BDD, Type: Inline - RelativeJump 0x8065ABDD-->8065AD17 [ntoskrnl.exe]
ntoskrnl.exe+0x00183D5B, Type: Inline - DirectCall 0x8065AD5B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00183DF4, Type: Inline - PushRet 0x8065ADF4-->CCCC0008 [unknown_code_page]
ntoskrnl.exe+0x00183F0D, Type: Inline - RelativeJump 0x8065AF0D-->8065AED0 [ntoskrnl.exe]
ntoskrnl.exe+0x00183F92, Type: Inline - RelativeJump 0x8065AF92-->8065AECC [ntoskrnl.exe]
ntoskrnl.exe+0x001841A4, Type: Inline - PushRet 0x8065B1A4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x001845BF, Type: Inline - RelativeJump 0x8065B5BF-->8065B595 [ntoskrnl.exe]
ntoskrnl.exe+0x00184877, Type: Inline - RelativeJump 0x8065B877-->8065BC95 [ntoskrnl.exe]
ntoskrnl.exe+0x00184882, Type: Inline - RelativeJump 0x8065B882-->8065BC95 [ntoskrnl.exe]
ntoskrnl.exe+0x0018488D, Type: Inline - RelativeCall 0x8065B88D-->8065E63B [ntoskrnl.exe]
ntoskrnl.exe+0x001849D2, Type: Inline - RelativeJump 0x8065B9D2-->8065BC9A [ntoskrnl.exe]
ntoskrnl.exe+0x001849D9, Type: Inline - RelativeJump 0x8065B9D9-->8065BC9A [ntoskrnl.exe]
ntoskrnl.exe+0x001849E3, Type: Inline - RelativeJump 0x8065B9E3-->8065BAD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00184AF5, Type: Inline - RelativeJump 0x8065BAF5-->8065BAFD [ntoskrnl.exe]
ntoskrnl.exe+0x00184B61, Type: Inline - RelativeCall 0x8065BB61-->8065C87D [ntoskrnl.exe]
ntoskrnl.exe+0x00184B6B, Type: Inline - RelativeJump 0x8065BB6B-->8065BB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00184BDC, Type: Inline - RelativeJump 0x8065BBDC-->8065BC5B [ntoskrnl.exe]
ntoskrnl.exe+0x00184E8E, Type: Inline - DirectCall 0x8065BE8E-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00185218, Type: Inline - RelativeCall 0x8065C218-->805868A3 [ntoskrnl.exe]
ntoskrnl.exe+0x00185296, Type: Inline - RelativeCall 0x8065C296-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x001853DB, Type: Inline - RelativeJump 0x8065C3DB-->8065C45C [ntoskrnl.exe]
ntoskrnl.exe+0x001853F0, Type: Inline - RelativeCall 0x8065C3F0-->80659D18 [ntoskrnl.exe]
ntoskrnl.exe+0x001853F7, Type: Inline - RelativeJump 0x8065C3F7-->8065C30B [ntoskrnl.exe]
ntoskrnl.exe+0x00185477, Type: Inline - RelativeJump 0x8065C477-->8065C48E [ntoskrnl.exe]
ntoskrnl.exe+0x0018560F, Type: Inline - RelativeJump 0x8065C60F-->8065C693 [ntoskrnl.exe]
ntoskrnl.exe+0x001859FC, Type: Inline - RelativeJump 0x8065C9FC-->8065C963 [ntoskrnl.exe]
ntoskrnl.exe+0x00185BE4, Type: Inline - RelativeCall 0x8065CBE4-->8058621A [ntoskrnl.exe]
ntoskrnl.exe+0x00185BE9, Type: Inline - RelativeJump 0x8065CBE9-->8065CBCF [ntoskrnl.exe]
ntoskrnl.exe+0x00185C16, Type: Inline - RelativeJump 0x8065CC16-->8065CC24 [ntoskrnl.exe]
ntoskrnl.exe+0x00185E42, Type: Inline - RelativeCall 0x8065CE42-->805702E9 [ntoskrnl.exe]
ntoskrnl.exe+0x00185E4B, Type: Inline - RelativeJump 0x8065CE4B-->8065CE60 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F3B, Type: Inline - RelativeCall 0x8065CF3B-->805D6BA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F4C, Type: Inline - RelativeJump 0x8065CF4C-->8065D074 [ntoskrnl.exe]
ntoskrnl.exe+0x00185F5E, Type: Inline - RelativeJump 0x8065CF5E-->8065CF48 [ntoskrnl.exe]
ntoskrnl.exe+0x00185FED, Type: Inline - RelativeJump 0x8065CFED-->8065D000 [ntoskrnl.exe]
ntoskrnl.exe+0x00186029, Type: Inline - RelativeJump 0x8065D029-->8065CFCC [ntoskrnl.exe]
ntoskrnl.exe+0x0018603D, Type: Inline - RelativeJump 0x8065D03D-->8065D007 [ntoskrnl.exe]
ntoskrnl.exe+0x00186145, Type: Inline - RelativeCall 0x8065D145-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0018614A, Type: Inline - RelativeCall 0x8065D14A-->80585F2E [ntoskrnl.exe]
ntoskrnl.exe+0x00186155, Type: Inline - PushRet 0x8065D155-->CC900004 [unknown_code_page]
ntoskrnl.exe+0x00186282, Type: Inline - RelativeJump 0x8065D282-->8065D28F [ntoskrnl.exe]
ntoskrnl.exe+0x0018638B, Type: Inline - RelativeJump 0x8065D38B-->8065D3B3 [ntoskrnl.exe]
ntoskrnl.exe+0x001863C4, Type: Inline - RelativeJump 0x8065D3C4-->8065D3F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0018653D, Type: Inline - RelativeCall 0x8065D53D-->8065EA3F [ntoskrnl.exe]
ntoskrnl.exe+0x00186974, Type: Inline - RelativeCall 0x8065D974-->805702E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0018697A, Type: Inline - RelativeJump 0x8065D97A-->8065D98B [ntoskrnl.exe]
ntoskrnl.exe+0x00186A55, Type: Inline - RelativeCall 0x8065DA55-->8065F02B [ntoskrnl.exe]
ntoskrnl.exe+0x00186B33, Type: Inline - RelativeJump 0x8065DB33-->8065DB49 [ntoskrnl.exe]
ntoskrnl.exe+0x00186BE6, Type: Inline - RelativeCall 0x8065DBE6-->8065EDD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00186BF6, Type: Inline - RelativeJump 0x8065DBF6-->8065DC09 [ntoskrnl.exe]
ntoskrnl.exe+0x00186C33, Type: Inline - RelativeCall 0x8065DC33-->8065F02B [ntoskrnl.exe]
ntoskrnl.exe+0x00186C9E, Type: Inline - RelativeCall 0x8065DC9E-->8065EA3F [ntoskrnl.exe]
ntoskrnl.exe-->atoi, Type: EAT modification 0x80684C98-->805119B4 [ntoskrnl.exe]
ntoskrnl.exe-->atol, Type: EAT modification 0x80684C9C-->805119C1 [ntoskrnl.exe]
ntoskrnl.exe-->CcCanIWrite, Type: EAT modification 0x80683714-->804F836E [ntoskrnl.exe]
ntoskrnl.exe-->CcCopyRead, Type: EAT modification 0x80683718-->8057B042 [ntoskrnl.exe]
ntoskrnl.exe-->CcCopyWrite, Type: EAT modification 0x8068371C-->804F8648 [ntoskrnl.exe]
ntoskrnl.exe-->CcDeferWrite, Type: Inline - RelativeJump 0x8052A962-->8052A986 [ntoskrnl.exe]
ntoskrnl.exe-->CcDeferWrite, Type: EAT modification 0x80683720-->8052F7C5 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastCopyRead, Type: EAT modification 0x80683724-->8058B0E9 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastCopyWrite, Type: EAT modification 0x80683728-->80514419 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastMdlReadWait, Type: EAT modification 0x8068372C-->8055F5C4 [ntoskrnl.exe]
ntoskrnl.exe-->CcFastReadNotPossible, Type: EAT modification 0x80683730-->8055F5CC [ntoskrnl.exe]
ntoskrnl.exe-->CcFastReadWait, Type: EAT modification 0x80683734-->8055F5D4 [ntoskrnl.exe]
ntoskrnl.exe-->CcFlushCache, Type: EAT modification 0x80683738-->804ECEE7 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetDirtyPages, Type: EAT modification 0x8068373C-->804F0014 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x80683740-->8052FDB7 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x80683744-->8052FD79 [ntoskrnl.exe]
ntoskrnl.exe-->CcGetFlushedValidData, Type: EAT modification 0x80683748-->804F789F [ntoskrnl.exe]
ntoskrnl.exe-->CcGetLsnForFileObject, Type: EAT modification 0x8068374C-->8052FC00 [ntoskrnl.exe]
ntoskrnl.exe-->CcInitializeCacheMap, Type: EAT modification 0x80683750-->804F5140 [ntoskrnl.exe]
ntoskrnl.exe-->CcIsThereDirtyData, Type: EAT modification 0x80683754-->8052FB57 [ntoskrnl.exe]
ntoskrnl.exe-->CcMapData, Type: EAT modification 0x80683758-->8057BE0A [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlRead, Type: EAT modification 0x8068375C-->8061BE7D [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlReadComplete, Type: EAT modification 0x80683760-->8061C130 [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlWriteAbort, Type: EAT modification 0x80683764-->8052FF2F [ntoskrnl.exe]
ntoskrnl.exe-->CcMdlWriteComplete, Type: EAT modification 0x80683768-->8061C175 [ntoskrnl.exe]
ntoskrnl.exe-->CcPinMappedData, Type: EAT modification 0x8068376C-->8057BFF4 [ntoskrnl.exe]
ntoskrnl.exe-->CcPinRead, Type: EAT modification 0x80683770-->8058ACDD [ntoskrnl.exe]
ntoskrnl.exe-->CcPrepareMdlWrite, Type: EAT modification 0x80683774-->8052FFE3 [ntoskrnl.exe]
ntoskrnl.exe-->CcPreparePinWrite, Type: EAT modification 0x80683778-->80572491 [ntoskrnl.exe]
ntoskrnl.exe-->CcPurgeCacheSection, Type: EAT modification 0x8068377C-->804F7D86 [ntoskrnl.exe]
ntoskrnl.exe-->CcRemapBcb, Type: EAT modification 0x80683780-->804F2AD9 [ntoskrnl.exe]
ntoskrnl.exe-->CcRepinBcb, Type: EAT modification 0x80683784-->8052F8C5 [ntoskrnl.exe]
ntoskrnl.exe-->CcScheduleReadAhead, Type: EAT modification 0x80683788-->805022CF [ntoskrnl.exe]
ntoskrnl.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x8068378C-->8050244A [ntoskrnl.exe]
ntoskrnl.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x80683790-->80572572 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x80683794-->8052FD40 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x80683798-->804EF448 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetFileSizes, Type: EAT modification 0x8068379C-->804F7592 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetLogHandleForFile, Type: EAT modification 0x806837A0-->80582D00 [ntoskrnl.exe]
ntoskrnl.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x806837A4-->804F549C [ntoskrnl.exe]
ntoskrnl.exe-->CcUninitializeCacheMap, Type: EAT modification 0x806837A8-->804F5570 [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinData, Type: EAT modification 0x806837AC-->8057BDBC [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinDataForThread, Type: EAT modification 0x806837B0-->8057259C [ntoskrnl.exe]
ntoskrnl.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x806837B4-->8052FA64 [ntoskrnl.exe]
ntoskrnl.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x806837B8-->80530311 [ntoskrnl.exe]
ntoskrnl.exe-->CcZeroData, Type: EAT modification 0x806837BC-->805E656C [ntoskrnl.exe]
ntoskrnl.exe-->CmRegisterCallback, Type: EAT modification 0x806837C0-->8061C287 [ntoskrnl.exe]
ntoskrnl.exe-->CmUnRegisterCallback, Type: EAT modification 0x806837C4-->8061C1CB [ntoskrnl.exe]
ntoskrnl.exe-->DbgBreakPoint, Type: EAT modification 0x806837C8-->804E2A66 [ntoskrnl.exe]
ntoskrnl.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x806837CC-->804E2A6E [ntoskrnl.exe]
ntoskrnl.exe-->DbgLoadImageSymbols, Type: EAT modification 0x806837D0-->80506311 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrint, Type: EAT modification 0x806837D4-->80501F09 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrintEx, Type: EAT modification 0x806837D8-->80542EF9 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrintReturnControlC, Type: EAT modification 0x806837DC-->80542E08 [ntoskrnl.exe]
ntoskrnl.exe-->DbgPrompt, Type: EAT modification 0x806837E0-->80542E7B [ntoskrnl.exe]
ntoskrnl.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x806837E4-->80542ED3 [ntoskrnl.exe]
ntoskrnl.exe-->DbgSetDebugFilterState, Type: EAT modification 0x806837E8-->80542EE8 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x80683628-->804DBE15 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: Inline - RelativeCall 0x804E35E6-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x806837EC-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x806837F0-->804E1980 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtection, Type: EAT modification 0x8068362C-->8056FF59 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtectionEx, Type: Inline - RelativeJump 0x8064542A-->80645437 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x80683630-->8064C8EA [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x806837F4-->804EF378 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: Inline - DirectCall 0x804E8A22-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x806837F8-->804F2B23 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x806837FC-->804E9237 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePool, Type: EAT modification 0x80683800-->8050D57A [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x80683804-->8054A97B [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x80683808-->804E8782 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x8068380C-->80551005 [ntoskrnl.exe]
ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x80683810-->804F3C7E [ntoskrnl.exe]
ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: Inline - RelativeJump 0x804FB61E-->804FB2ED [ntoskrnl.exe]
ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x80683814-->804F9ACA [ntoskrnl.exe]
ntoskrnl.exe-->ExCreateCallback, Type: EAT modification 0x80683818-->805BBD83 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x8068381C-->8054AA43 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x80683820-->8054AA98 [ntoskrnl.exe]
ntoskrnl.exe-->ExDeleteResourceLite, Type: EAT modification 0x80683824-->804E9E92 [ntoskrnl.exe]
ntoskrnl.exe-->ExDesktopObjectType, Type: EAT modification 0x80683828-->8056A9BC [ntoskrnl.exe]
ntoskrnl.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x8068382C-->804EF3CA [ntoskrnl.exe]
ntoskrnl.exe-->ExEnumHandleTable, Type: EAT modification 0x80683830-->805E84E4 [ntoskrnl.exe]
ntoskrnl.exe-->ExEventObjectType, Type: EAT modification 0x80683834-->8056A940 [ntoskrnl.exe]
ntoskrnl.exe-->ExExtendZone, Type: EAT modification 0x80683838-->80518582 [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x80683668-->8056F374 [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockShared, Type: Inline - RelativeJump 0x8057E9EE-->8057E9FD [ntoskrnl.exe]
ntoskrnl.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x8068366C-->8056F40A [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x80683690-->804E56FC [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x80683694-->804E5708 [ntoskrnl.exe]
ntoskrnl.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x80683698-->804E56F0 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x80683670-->804E55BC [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x80683674-->804E5734 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x80683678-->804E55E8 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x8068367C-->804E5620 [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x80683680-->804E568C [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x80683684-->804E56BC [ntoskrnl.exe]
ntoskrnl.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x80683688-->804E5658 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreePool, Type: EAT modification 0x8068383C-->805513D4 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreePoolWithTag, Type: EAT modification 0x80683840-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x80683844-->804E920D [ntoskrnl.exe]
ntoskrnl.exe-->ExfReleasePushLock, Type: EAT modification 0x8068368C-->8056F2D4 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x80683848-->8054ADE9 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x8068384C-->8054ADA2 [ntoskrnl.exe]
ntoskrnl.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x80683850-->80549D3A [ntoskrnl.exe]
ntoskrnl.exe-->ExGetPreviousMode, Type: EAT modification 0x80683854-->8051917D [ntoskrnl.exe]
ntoskrnl.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x80683858-->80549D55 [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x806838F8-->804DC05E [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x806838FC-->804DC072 [ntoskrnl.exe]
ntoskrnl.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x80683900-->804DC04A [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x8068385C-->80508A20 [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x80683860-->805B6911 [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeResourceLite, Type: EAT modification 0x80683864-->804E9EEF [ntoskrnl.exe]
ntoskrnl.exe-->ExInitializeRundownProtection, Type: EAT modification 0x80683634-->8064C8BF [ntoskrnl.exe]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:51 pm


ntoskrnl.exe-->ExInitializeZone, Type: EAT modification 0x80683868-->80509C60 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x8068386C-->804DBE49 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeStatistic, Type: Inline - RelativeJump 0x804E2E1E-->804E2E2D [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x80683638-->804E55B0 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedAddUlong, Type: Inline - PushRet 0x804DB33B-->8BFC418D [unknown_code_page]
ntoskrnl.exe-->ExInterlockedAddUlong, Type: EAT modification 0x80683870-->804DBE9A [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x8068363C-->804E5750 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x80683874-->804DC026 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x80683878-->804DC03A [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedExtendZone, Type: EAT modification 0x8068387C-->8054AAFF [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedFlushSList, Type: EAT modification 0x80683640-->804E12FF [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x80683880-->804DC012 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x80683884-->804DBECE [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x80683888-->804DBF12 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x8068388C-->804DBFA2 [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x80683644-->804E131F [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x80683890-->804DBFDA [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x80683648-->804E133F [ntoskrnl.exe]
ntoskrnl.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x80683894-->804DBF56 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x80683898-->8050BAB1 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x8068389C-->804F28C9 [ntoskrnl.exe]
ntoskrnl.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x806838A0-->804EB012 [ntoskrnl.exe]
ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x806838A4-->804F9AA0 [ntoskrnl.exe]
ntoskrnl.exe-->ExNotifyCallback, Type: EAT modification 0x806838A8-->80519120 [ntoskrnl.exe]
ntoskrnl.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x806838AC-->8054A0C7 [ntoskrnl.exe]
ntoskrnl.exe-->ExQueueWorkItem, Type: EAT modification 0x806838B0-->804DA3FC [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseAccessViolation, Type: EAT modification 0x806838B4-->8064F4B4 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x806838B8-->8064F4C9 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseException, Type: EAT modification 0x806838BC-->804E310E [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseHardError, Type: EAT modification 0x806838C0-->805B25C2 [ntoskrnl.exe]
ntoskrnl.exe-->ExRaiseStatus, Type: EAT modification 0x806838C4-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe-->ExRegisterCallback, Type: EAT modification 0x806838C8-->8050D0B4 [ntoskrnl.exe]
ntoskrnl.exe-->ExReinitializeResourceLite, Type: EAT modification 0x806838CC-->804FC2A7 [ntoskrnl.exe]
ntoskrnl.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x8068364C-->8064C8CF [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x80683650-->804DBE35 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x806838D0-->804EFF24 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseResourceLite, Type: EAT modification 0x80683654-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseRundownProtection, Type: EAT modification 0x80683658-->8056FF35 [ntoskrnl.exe]
ntoskrnl.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x8068365C-->8064C927 [ntoskrnl.exe]
ntoskrnl.exe-->ExRundownCompleted, Type: EAT modification 0x80683660-->80593172 [ntoskrnl.exe]
ntoskrnl.exe-->ExSemaphoreObjectType, Type: EAT modification 0x806838D4-->8056A520 [ntoskrnl.exe]
ntoskrnl.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x806838D8-->804EFC14 [ntoskrnl.exe]
ntoskrnl.exe-->ExSetTimerResolution, Type: EAT modification 0x806838DC-->8064EB8F [ntoskrnl.exe]
ntoskrnl.exe-->ExSystemExceptionFilter, Type: EAT modification 0x806838E0-->805E2AE6 [ntoskrnl.exe]
ntoskrnl.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x806838E4-->805150FE [ntoskrnl.exe]
ntoskrnl.exe-->ExUnregisterCallback, Type: EAT modification 0x806838E8-->8054A9AA [ntoskrnl.exe]
ntoskrnl.exe-->ExUuidCreate, Type: EAT modification 0x806838EC-->805E9C7C [ntoskrnl.exe]
ntoskrnl.exe-->ExVerifySuite, Type: EAT modification 0x806838F0-->8050E0E8 [ntoskrnl.exe]
ntoskrnl.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x80683664-->80575BD8 [ntoskrnl.exe]
ntoskrnl.exe-->ExWindowStationObjectType, Type: EAT modification 0x806838F4-->8056A9C0 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: Inline - RelativeJump 0x80572E37-->805726BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: Inline - RelativeJump 0x80572E3F-->805726AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x80683904-->8057C4A1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x80683908-->804F7EB3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x8068390C-->80530A07 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: Inline - RelativeJump 0x805923AA-->8059248B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x80683910-->80589455 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x80683914-->805167C9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePool, Type: EAT modification 0x80683918-->80530F8B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuota, Type: Inline - RelativeCall 0x8052C192-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x8068391C-->80530FC2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x80683920-->8053102E [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x80683924-->80530FF9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAllocateResource, Type: EAT modification 0x80683928-->8061D709 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x8068392C-->805796A1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlBalanceReads, Type: EAT modification 0x80683930-->805BBFE2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x80683934-->804F45B3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x80683938-->804F7E6A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCheckOplock, Type: EAT modification 0x8068393C-->804E942F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCopyRead, Type: EAT modification 0x80683940-->8061CC31 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCopyWrite, Type: EAT modification 0x80683944-->8061CF37 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x80683948-->805318DB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x8068394C-->80579721 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x80683950-->805E5B4A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x80683954-->805D2CC5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x80683958-->8061D9A3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDissectDbcs, Type: EAT modification 0x8068395C-->8061DA38 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDissectName, Type: EAT modification 0x80683960-->8057B388 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x80683964-->8061DAE1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x80683968-->8057B89A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x8068396C-->804F7292 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x80683970-->8051657A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x80683974-->804F56F1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x80683978-->80530F4F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x8068397C-->805161EE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x80683980-->80583E5B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlFreeFileLock, Type: EAT modification 0x80683984-->804FE989 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetFileSize, Type: EAT modification 0x80683988-->8057C4BB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x8068398C-->8050105B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x80683990-->804EC915 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x80683994-->805307EC [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x8068399C-->8061CC15 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x80683998-->805305EE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x806839A0-->80530605 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: Inline - RelativeJump 0x805744B9-->805744CC [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x806839A4-->80574B0D [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x806839A8-->804F7E8F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x806839AC-->804FBC9A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeMcb, Type: EAT modification 0x806839B0-->8061D6DF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeOplock, Type: Inline - RelativeJump 0x805774D6-->805774F1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeOplock, Type: EAT modification 0x806839B4-->80573E48 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x806839B8-->805D2C50 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x806839BC-->80531C0A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x806839C0-->804FBD4C [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x806839C4-->8061DB53 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x806839C8-->805898AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x806839CC-->8061DFB4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x806839D0-->8057B8D3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x806839D4-->8050A3A2 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsPagingFile, Type: EAT modification 0x806839D8-->80531BEB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x806839DC-->80503910 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x806839E0-->804D8168 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x806839E4-->804ECD15 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x806839E8-->804F910E [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x806839EC-->8053069F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x806839F0-->80530791 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x806839F4-->80530A96 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x806839F8-->80531AA7 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerStreamContextInternal, Type: Inline - RelativeJump 0x804F478B-->804F479F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x806839FC-->804F383C [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlRead, Type: EAT modification 0x80683A00-->8061C6B1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x80683A04-->80530616 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x80683A08-->805305BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlReadDev, Type: EAT modification 0x80683A0C-->8061C4BD [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x80683A10-->8061D65B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x80683A14-->8061CBC3 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x80683A18-->8050A3D5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x80683A1C-->8061E13B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x80683A20-->805E2B73 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x80683A24-->80587F0F [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x80683A28-->8057C0FA [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: Inline - RelativeJump 0x80613817-->805A3992 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x80683A2C-->8061E173 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x80683A30-->8061E1EB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x80683A34-->8059E2D8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyReportChange, Type: Inline - RelativeJump 0x80613854-->805A3992 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x80683A38-->8061E1AF [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x80683A3C-->80583A91 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x80683A40-->805AB55A [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x80683A44-->804F91C1 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x80683A48-->805307D7 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x80683A4C-->805DCF14 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x80683A50-->8056FE85 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x80683A54-->80531DEB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x80683A58-->80531DC8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x80683A5C-->8061CB3B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWriteDev, Type: Inline - RelativeJump 0x80611E23-->805B0BE8 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x80683A60-->8061C73B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlPrivateLock, Type: EAT modification 0x80683A64-->80515DBA [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlProcessFileLock, Type: EAT modification 0x80683A68-->80500AC5 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x80683A6C-->805106E9 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x80683A70-->805D9792 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlReleaseFile, Type: EAT modification 0x80683A74-->8057C368 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x80683A78-->804FD588 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x80683A7C-->80530A30 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x80683A80-->80531B40 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x80683A84-->80515B69 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x80683A88-->804ECA20 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: Inline - RelativeJump 0x8052BA0D-->804FC4C0 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: Inline - RelativeJump 0x8052BA12-->804EB229 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x80683A8C-->8053085B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlSyncVolumes, Type: EAT modification 0x80683A90-->8061D74B [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x80683A94-->8057C788 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x80683A98-->804F8FCB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateMcb, Type: Inline - RelativeCall 0x8052BB9C-->80543CCE [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlTruncateMcb, Type: EAT modification 0x80683A9C-->805309E4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x80683AA0-->804F99DB [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x80683AA4-->804FC309 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x80683AA8-->8061D6F4 [ntoskrnl.exe]
ntoskrnl.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x80683AAC-->804FC261 [ntoskrnl.exe]
ntoskrnl.exe-->HalDispatchTable, Type: EAT modification 0x80683AB0-->80553038 [ntoskrnl.exe]
ntoskrnl.exe-->HalExamineMBR, Type: EAT modification 0x8068369C-->8050D44B [ntoskrnl.exe]
ntoskrnl.exe-->HalPrivateDispatchTable, Type: EAT modification 0x80683AB4-->80553090 [ntoskrnl.exe]
ntoskrnl.exe-->HeadlessDispatch, Type: EAT modification 0x80683AB8-->8050D2F8 [ntoskrnl.exe]
ntoskrnl.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x80683ABC-->805321FF [ntoskrnl.exe]
ntoskrnl.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x80683AC0-->8050B508 [ntoskrnl.exe]
ntoskrnl.exe-->InbvDisplayString, Type: EAT modification 0x80683AC4-->8050D350 [ntoskrnl.exe]
ntoskrnl.exe-->InbvEnableBootDriver, Type: EAT modification 0x80683AC8-->8050D212 [ntoskrnl.exe]
ntoskrnl.exe-->InbvEnableDisplayString, Type: EAT modification 0x80683ACC-->8050D527 [ntoskrnl.exe]
ntoskrnl.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x80683AD0-->805108B4 [ntoskrnl.exe]
ntoskrnl.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x80683AD4-->80532022 [ntoskrnl.exe]
ntoskrnl.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x80683AD8-->8050C222 [ntoskrnl.exe]
ntoskrnl.exe-->InbvResetDisplay, Type: EAT modification 0x80683ADC-->80532033 [ntoskrnl.exe]
ntoskrnl.exe-->InbvSetScrollRegion, Type: EAT modification 0x80683AE0-->8053225F [ntoskrnl.exe]
ntoskrnl.exe-->InbvSetTextColor, Type: EAT modification 0x80683AE4-->80532143 [ntoskrnl.exe]
ntoskrnl.exe-->InbvSolidColorFill, Type: EAT modification 0x80683AE8-->805320B7 [ntoskrnl.exe]
ntoskrnl.exe-->InitSafeBootMode, Type: EAT modification 0x80683AEC-->80560880 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedCompareExchange, Type: EAT modification 0x806836A0-->804E5728 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedDecrement, Type: EAT modification 0x806836A4-->804E571C [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedExchange, Type: EAT modification 0x806836A8-->804E5708 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedExchangeAdd, Type: EAT modification 0x806836AC-->804E576C [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedIncrement, Type: EAT modification 0x806836B0-->804E5710 [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedPopEntrySList, Type: EAT modification 0x806836B4-->804E131F [ntoskrnl.exe]
ntoskrnl.exe-->InterlockedPushEntrySList, Type: EAT modification 0x806836B8-->804E1343 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x80683AF0-->804E81D7 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x80683AF4-->804EAD26 [ntoskrnl.exe]
ntoskrnl.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x80683AF8-->805058D0 [ntoskrnl.exe]
ntoskrnl.exe-->IoAdapterObjectType, Type: EAT modification 0x80683AFC-->80560D70 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x80683B00-->80518C16 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateController, Type: EAT modification 0x80683B04-->80509230 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x80683B08-->8050999B [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x80683B0C-->8050BB6D [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateIrp, Type: EAT modification 0x80683B10-->804EAFBD [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateMdl, Type: EAT modification 0x80683B14-->804EDDB1 [ntoskrnl.exe]
ntoskrnl.exe-->IoAllocateWorkItem, Type: EAT modification 0x80683B18-->804FEBBD [ntoskrnl.exe]
ntoskrnl.exe-->IoAssignDriveLetters, Type: EAT modification 0x806836BC-->805C079D [ntoskrnl.exe]
ntoskrnl.exe-->IoAssignResources, Type: EAT modification 0x80683B1C-->80624B37 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDevice, Type: EAT modification 0x80683B20-->80621101 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceByPointer, Type: Inline - DirectCall 0x8052E337-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x80683B24-->80532CD0 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: Inline - RelativeCall 0x8050BB8F-->8050BBA2 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x80683B28-->80506BF6 [ntoskrnl.exe]
ntoskrnl.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x80683B2C-->80508EA3 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x80683B30-->804FC59C [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x80683B34-->80518674 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildPartialMdl, Type: EAT modification 0x80683B38-->804EE132 [ntoskrnl.exe]
ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x80683B3C-->80518DB9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCallDriver, Type: EAT modification 0x80683B40-->80532862 [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelFileOpen, Type: Inline - RelativeJump 0x806164B9-->806164DE [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelFileOpen, Type: EAT modification 0x80683B44-->80620DF9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCancelIrp, Type: EAT modification 0x80683B48-->805184C1 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckDesiredAccess, Type: EAT modification 0x80683B4C-->8061FF83 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x80683B50-->8059E280 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckFunctionAccess, Type: EAT modification 0x80683B54-->805EB34E [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x80683B58-->80532379 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x80683B5C-->805323C3 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x80683B60-->8061FFC4 [ntoskrnl.exe]
ntoskrnl.exe-->IoCheckShareAccess, Type: EAT modification 0x80683B64-->8057B23E [ntoskrnl.exe]
ntoskrnl.exe-->IoCompleteRequest, Type: EAT modification 0x80683B68-->80532881 [ntoskrnl.exe]
ntoskrnl.exe-->IoConnectInterrupt, Type: EAT modification 0x80683B6C-->805B07B1 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateController, Type: EAT modification 0x80683B70-->805C5A7D [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDevice, Type: EAT modification 0x80683B74-->805A170C [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDisk, Type: EAT modification 0x80683B78-->8061FCD3 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDriver, Type: EAT modification 0x80683B7C-->805B50EE [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFile, Type: Inline - RelativeJump 0x8056CE50-->8056CE4E [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFile, Type: EAT modification 0x80683B80-->80579B92 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x80683B84-->8058B001 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateNotificationEvent, Type: EAT modification 0x80683B88-->805B6BAB [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObject, Type: EAT modification 0x80683B8C-->805D2CFC [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x80683B90-->8050A4FD [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x80683B94-->8057BB83 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateSymbolicLink, Type: EAT modification 0x80683B98-->805D2EFF [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x80683B9C-->805C6899 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x80683BA0-->805D712C [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqInitialize, Type: EAT modification 0x80683BA4-->80509A3C [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqInsertIrp, Type: EAT modification 0x80683BA8-->80518C81 [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqRemoveIrp, Type: EAT modification 0x80683BAC-->80518CE6 [ntoskrnl.exe]
ntoskrnl.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x80683BB0-->804E612C [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteController, Type: EAT modification 0x80683BB4-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteDevice, Type: EAT modification 0x80683BB8-->80505760 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteDriver, Type: EAT modification 0x80683BBC-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x80683BC0-->805D7E64 [ntoskrnl.exe]
ntoskrnl.exe-->IoDetachDevice, Type: EAT modification 0x80683BC4-->80507FC4 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x80683BC8-->80560D54 [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x80683BCC-->80560D5C [ntoskrnl.exe]
ntoskrnl.exe-->IoDeviceObjectType, Type: EAT modification 0x80683BD0-->80560D64 [ntoskrnl.exe]
ntoskrnl.exe-->IoDisconnectInterrupt, Type: EAT modification 0x80683BD4-->805AF3E9 [ntoskrnl.exe]
ntoskrnl.exe-->IoDriverObjectType, Type: EAT modification 0x80683BD8-->80560D60 [ntoskrnl.exe]
ntoskrnl.exe-->IoEnqueueIrp, Type: EAT modification 0x80683BDC-->806202B8 [ntoskrnl.exe]
ntoskrnl.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x80683BE0-->8050A29E [ntoskrnl.exe]
ntoskrnl.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x80683BE4-->80620F86 [ntoskrnl.exe]
ntoskrnl.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x80683BE8-->806202FB [ntoskrnl.exe]
ntoskrnl.exe-->IofCallDriver, Type: EAT modification 0x806836CC-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe-->IofCompleteRequest, Type: EAT modification 0x806836D0-->804E17CF [ntoskrnl.exe]
ntoskrnl.exe-->IoFileObjectType, Type: EAT modification 0x80683BEC-->80560D58 [ntoskrnl.exe]
ntoskrnl.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x80683BF0-->805C5620 [ntoskrnl.exe]
ntoskrnl.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x80683BF4-->805C5620 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeController, Type: EAT modification 0x80683BF8-->80509203 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x80683BFC-->80532315 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeIrp, Type: EAT modification 0x80683C00-->804EAF62 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeMdl, Type: EAT modification 0x80683C04-->804EDE66 [ntoskrnl.exe]
ntoskrnl.exe-->IoFreeWorkItem, Type: EAT modification 0x80683C08-->804FEBA5 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetAttachedDevice, Type: EAT modification 0x80683C0C-->804E8477 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x80683C10-->8051527F [ntoskrnl.exe]
ntoskrnl.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x80683C14-->804ED31D [ntoskrnl.exe]
ntoskrnl.exe-->IoGetBootDiskInformation, Type: EAT modification 0x80683C18-->805CC72D [ntoskrnl.exe]
ntoskrnl.exe-->IoGetConfigurationInformation, Type: EAT modification 0x80683C1C-->805D7121 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetCurrentProcess, Type: EAT modification 0x80683C20-->804E5E36 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x80683C24-->80508E5A [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x80683C28-->805D86E7 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x80683C2C-->8059D4AC [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x80683C30-->805E3B29 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceProperty, Type: EAT modification 0x80683C34-->8059BFB5 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDeviceToVerify, Type: EAT modification 0x80683C38-->8050A371 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x80683C3C-->8050A31C [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDmaAdapter, Type: EAT modification 0x80683C40-->805C3C25 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x80683C44-->8050582A [ntoskrnl.exe]
ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x80683C48-->80579683 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetInitialStack, Type: EAT modification 0x80683C4C-->8053245E [ntoskrnl.exe]
ntoskrnl.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x80683C50-->80508DC6 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x80683C54-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorProcess, Type: EAT modification 0x80683C58-->804F4331 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorProcessId, Type: EAT modification 0x80683C5C-->804F9B61 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetRequestorSessionId, Type: EAT modification 0x80683C60-->80515366 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetStackLimits, Type: EAT modification 0x80683C64-->804DC214 [ntoskrnl.exe]
ntoskrnl.exe-->IoGetTopLevelIrp, Type: EAT modification 0x80683C68-->804E84B2 [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeCrashDump, Type: EAT modification 0x80683C6C-->805BA4CB [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeIrp, Type: EAT modification 0x80683C70-->805197FC [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x80683C74-->805B667B [ntoskrnl.exe]
ntoskrnl.exe-->IoInitializeTimer, Type: EAT modification 0x80683C78-->805D7ED6 [ntoskrnl.exe]
ntoskrnl.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x80683C7C-->80505DDD [ntoskrnl.exe]
ntoskrnl.exe-->IoInvalidateDeviceState, Type: EAT modification 0x80683C80-->8050BADF [ntoskrnl.exe]
ntoskrnl.exe-->IoIsFileOriginRemote, Type: EAT modification 0x80683C84-->804F8355 [ntoskrnl.exe]
ntoskrnl.exe-->IoIsOperationSynchronous, Type: EAT modification 0x80683C88-->804EAFCE [ntoskrnl.exe]
ntoskrnl.exe-->IoIsSystemThread, Type: EAT modification 0x80683C8C-->80514E6B [ntoskrnl.exe]
ntoskrnl.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x80683C90-->80620400 [ntoskrnl.exe]
ntoskrnl.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x80683C94-->8059D309 [ntoskrnl.exe]
ntoskrnl.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x80683C98-->80513B48 [ntoskrnl.exe]
ntoskrnl.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x80683C9C-->805A0681 [ntoskrnl.exe]
ntoskrnl.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x80683CA0-->8059D062 [ntoskrnl.exe]
ntoskrnl.exe-->IoPageRead, Type: EAT modification 0x80683CA4-->804FB224 [ntoskrnl.exe]
ntoskrnl.exe-->IoPnPDeliverServicePowerNotification, Type: EAT modification 0x80683CA8-->80625626 [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryDeviceDescription, Type: EAT modification 0x80683CAC-->805B427B [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x80683CB0-->80620F0B [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryFileInformation, Type: EAT modification 0x80683CB4-->8058EFEC [ntoskrnl.exe]
ntoskrnl.exe-->IoQueryVolumeInformation, Type: EAT modification 0x80683CB8-->805BB0FC [ntoskrnl.exe]
ntoskrnl.exe-->IoQueueThreadIrp, Type: EAT modification 0x80683CBC-->804FEB68 [ntoskrnl.exe]
ntoskrnl.exe-->IoQueueWorkItem, Type: EAT modification 0x80683CC0-->804E627F [ntoskrnl.exe]
ntoskrnl.exe-->IoRaiseHardError, Type: EAT modification 0x80683CC4-->8050A461 [ntoskrnl.exe]
ntoskrnl.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x80683CC8-->805324C7 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadDiskSignature, Type: Inline - RelativeJump 0x8050F8F2-->8050F8F8 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadDiskSignature, Type: EAT modification 0x80683CCC-->80510819 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadOperationCount, Type: EAT modification 0x80683CD0-->80560D50 [ntoskrnl.exe]
ntoskrnl.exe-->IoReadPartitionTable, Type: EAT modification 0x806836C0-->805BE9EE [ntoskrnl.exe]
ntoskrnl.exe-->IoReadPartitionTableEx, Type: EAT modification 0x80683CD4-->805CC6CD [ntoskrnl.exe]
ntoskrnl.exe-->IoReadTransferCount, Type: EAT modification 0x80683CD8-->80560D40 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x80683CDC-->805C6911 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x80683CE0-->805DCC64 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x80683CE4-->805C5D02 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFileSystem, Type: EAT modification 0x80683CE8-->805AF1B5 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFsRegistrationChange, Type: Inline - RelativeJump 0x805D2A75-->805D2A83 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x80683CEC-->805CE9E2 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x80683CF0-->80620933 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x80683CF4-->8059D346 [ntoskrnl.exe]
ntoskrnl.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x80683CF8-->805BB902 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x80683CFC-->804E81BD [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x80683D00-->80624AE1 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x80683D04-->804EACF3 [ntoskrnl.exe]
ntoskrnl.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x80683D08-->805058EC [ntoskrnl.exe]
ntoskrnl.exe-->IoRemoveShareAccess, Type: Inline - RelativeJump 0x8056D00C-->8056D03E [ntoskrnl.exe]
ntoskrnl.exe-->IoRemoveShareAccess, Type: EAT modification 0x80683D0C-->80579BF4 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportDetectedDevice, Type: EAT modification 0x80683D10-->805CDE34 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportHalResourceUsage, Type: EAT modification 0x80683D14-->806B48FB [ntoskrnl.exe]
ntoskrnl.exe-->IoReportResourceForDetection, Type: EAT modification 0x80683D18-->805BDCFD [ntoskrnl.exe]
ntoskrnl.exe-->IoReportResourceUsage, Type: EAT modification 0x80683D1C-->805BD317 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x80683D20-->80625711 [ntoskrnl.exe]
ntoskrnl.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x80683D24-->805054D9 [ntoskrnl.exe]
ntoskrnl.exe-->IoRequestDeviceEject, Type: EAT modification 0x80683D28-->80535825 [ntoskrnl.exe]
ntoskrnl.exe-->IoReuseIrp, Type: EAT modification 0x80683D2C-->804ECE58 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x80683D30-->8050D9E8 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x80683D34-->805D7867 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetDeviceToVerify, Type: EAT modification 0x80683D38-->8050A388 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetFileOrigin, Type: EAT modification 0x80683D3C-->8051C812 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x80683D40-->80508949 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetInformation, Type: EAT modification 0x80683D44-->8062098F [ntoskrnl.exe]
ntoskrnl.exe-->IoSetIoCompletion, Type: EAT modification 0x80683D48-->80576D74 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformation, Type: Inline - RelativeJump 0x80613BB8-->80613BCE [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformation, Type: EAT modification 0x806836C4-->8061E517 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x80683D4C-->8061FD2A [ntoskrnl.exe]
ntoskrnl.exe-->IoSetShareAccess, Type: EAT modification 0x80683D50-->80579C54 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetStartIoAttributes, Type: EAT modification 0x80683D54-->8050E35E [ntoskrnl.exe]
ntoskrnl.exe-->IoSetSystemPartition, Type: EAT modification 0x80683D58-->8053294B [ntoskrnl.exe]
ntoskrnl.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x80683D5C-->804E9480 [ntoskrnl.exe]
ntoskrnl.exe-->IoSetTopLevelIrp, Type: EAT modification 0x80683D60-->804E8495 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacket, Type: Inline - RelativeCall 0x804E3EEB-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacket, Type: EAT modification 0x80683D64-->804E5C3B [ntoskrnl.exe]
ntoskrnl.exe-->IoStartNextPacketByKey, Type: EAT modification 0x80683D68-->805327F1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartPacket, Type: EAT modification 0x80683D6C-->804E60A1 [ntoskrnl.exe]
ntoskrnl.exe-->IoStartTimer, Type: EAT modification 0x80683D70-->80508AA0 [ntoskrnl.exe]
ntoskrnl.exe-->IoStatisticsLock, Type: EAT modification 0x80683D74-->80559700 [ntoskrnl.exe]
ntoskrnl.exe-->IoStopTimer, Type: EAT modification 0x80683D78-->80507CD1 [ntoskrnl.exe]
ntoskrnl.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x80683D7C-->805B6B18 [ntoskrnl.exe]
ntoskrnl.exe-->IoSynchronousPageWrite, Type: EAT modification 0x80683D80-->804EEC16 [ntoskrnl.exe]
ntoskrnl.exe-->IoThreadToProcess, Type: EAT modification 0x80683D84-->804E8400 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterFileSystem, Type: EAT modification 0x80683D88-->805B05C9 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x80683D8C-->80620C44 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x80683D90-->8059D295 [ntoskrnl.exe]
ntoskrnl.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x80683D94-->80665347 [ntoskrnl.exe]
ntoskrnl.exe-->IoUpdateShareAccess, Type: EAT modification 0x80683D98-->8057BB20 [ntoskrnl.exe]
ntoskrnl.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x80683D9C-->80532B20 [ntoskrnl.exe]
ntoskrnl.exe-->IoVerifyPartitionTable, Type: EAT modification 0x80683DA0-->8061FAE0 [ntoskrnl.exe]
ntoskrnl.exe-->IoVerifyVolume, Type: EAT modification 0x80683DA4-->80620CB4 [ntoskrnl.exe]
ntoskrnl.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x80683DA8-->80534DE2 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x80683DAC-->80646D42 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIDeviceObjectToInstanceName, Type: Inline - RelativeCall 0x80545D11-->80545A53 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x80683DB0-->80549B6B [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIExecuteMethod, Type: EAT modification 0x80683DB4-->80647337 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x80683DB8-->8050B48C [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIOpenBlock, Type: Inline - RelativeJump 0x805A8171-->805C71BD [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIOpenBlock, Type: EAT modification 0x80683DBC-->805B10CA [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQueryAllData, Type: EAT modification 0x80683DC0-->805B194F [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x80683DC4-->8064707A [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x80683DC8-->805B5762 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x80683DCC-->806470FC [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIRegistrationControl, Type: EAT modification 0x80683DD0-->805A218B [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x80683DD4-->805B1BF7 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetSingleInstance, Type: EAT modification 0x80683DD8-->8064717F [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISetSingleItem, Type: EAT modification 0x80683DDC-->80647257 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x80683DE0-->80646E29 [ntoskrnl.exe]
ntoskrnl.exe-->IoWMIWriteEvent, Type: EAT modification 0x80683DE4-->805094CA [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x80683DE8-->8050BDCD [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteOperationCount, Type: EAT modification 0x80683DEC-->80560D4C [ntoskrnl.exe]
ntoskrnl.exe-->IoWritePartitionTable, Type: EAT modification 0x806836C8-->8061E78B [ntoskrnl.exe]
ntoskrnl.exe-->IoWritePartitionTableEx, Type: EAT modification 0x80683DF0-->8061F9C6 [ntoskrnl.exe]
ntoskrnl.exe-->IoWriteTransferCount, Type: EAT modification 0x80683DF4-->80560D38 [ntoskrnl.exe]
ntoskrnl.exe-->isdigit, Type: EAT modification 0x80684CA0-->805124D7 [ntoskrnl.exe]
ntoskrnl.exe-->islower, Type: EAT modification 0x80684CA4-->8054B4C1 [ntoskrnl.exe]
ntoskrnl.exe-->isprint, Type: EAT modification 0x80684CA8-->8054B542 [ntoskrnl.exe]
ntoskrnl.exe-->isspace, Type: Inline - RelativeJump 0x805476AE-->805476D3 [ntoskrnl.exe]
ntoskrnl.exe-->isspace, Type: EAT modification 0x80684CAC-->80512500 [ntoskrnl.exe]
ntoskrnl.exe-->isupper, Type: EAT modification 0x80684CB0-->805124AE [ntoskrnl.exe]
ntoskrnl.exe-->isxdigit, Type: EAT modification 0x80684CB4-->8054B4FF [ntoskrnl.exe]
ntoskrnl.exe-->KdDebuggerEnabled, Type: EAT modification 0x80683DF8-->8055BA41 [ntoskrnl.exe]
ntoskrnl.exe-->KdDebuggerNotPresent, Type: EAT modification 0x80683DFC-->8055BA40 [ntoskrnl.exe]
ntoskrnl.exe-->KdDisableDebugger, Type: EAT modification 0x80683E00-->80535F65 [ntoskrnl.exe]
ntoskrnl.exe-->KdEnableDebugger, Type: EAT modification 0x80683E04-->80535FDE [ntoskrnl.exe]
ntoskrnl.exe-->KdEnteredDebugger, Type: EAT modification 0x80683E08-->8055BA44 [ntoskrnl.exe]
ntoskrnl.exe-->KdPollBreakIn, Type: EAT modification 0x80683E0C-->804E25AB [ntoskrnl.exe]
ntoskrnl.exe-->KdPowerTransition, Type: EAT modification 0x80683E10-->8053603B [ntoskrnl.exe]
ntoskrnl.exe-->Ke386CallBios, Type: Inline - RelativeCall 0x805B790E-->805B7926 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386CallBios, Type: EAT modification 0x80683E14-->805B334A [ntoskrnl.exe]
ntoskrnl.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x80683E18-->8050DC81 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x80683E1C-->8050DC25 [ntoskrnl.exe]
ntoskrnl.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x80683E20-->8050DD1F [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x806836D4-->804E2518 [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x80683E24-->80536447 [ntoskrnl.exe]
ntoskrnl.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x80683E28-->804E243B [ntoskrnl.exe]
ntoskrnl.exe-->KeAddSystemServiceTable, Type: EAT modification 0x80683E2C-->805B8D9D [ntoskrnl.exe]
ntoskrnl.exe-->KeAreApcsDisabled, Type: EAT modification 0x80683E30-->8051AEAC [ntoskrnl.exe]
ntoskrnl.exe-->KeAttachProcess, Type: EAT modification 0x80683E34-->804F15C5 [ntoskrnl.exe]
ntoskrnl.exe-->KeBugCheck, Type: EAT modification 0x80683E38-->80537679 [ntoskrnl.exe]
ntoskrnl.exe-->KeBugCheckEx, Type: EAT modification 0x80683E3C-->8053769F [ntoskrnl.exe]
ntoskrnl.exe-->KeCancelTimer, Type: EAT modification 0x80683E40-->804E61C5 [ntoskrnl.exe]
ntoskrnl.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x80683E44-->8053375F [ntoskrnl.exe]
ntoskrnl.exe-->KeClearEvent, Type: EAT modification 0x80683E48-->804E5AA4 [ntoskrnl.exe]
ntoskrnl.exe-->KeConnectInterrupt, Type: EAT modification 0x80683E4C-->8050A11A [ntoskrnl.exe]
ntoskrnl.exe-->KeDcacheFlushCount, Type: EAT modification 0x80683E50-->8055BA54 [ntoskrnl.exe]
ntoskrnl.exe-->KeDelayExecutionThread, Type: EAT modification 0x80683E54-->804E14F6 [ntoskrnl.exe]
ntoskrnl.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x80683E58-->805368B7 [ntoskrnl.exe]
ntoskrnl.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x80683E5C-->805369DF [ntoskrnl.exe]
ntoskrnl.exe-->KeDetachProcess, Type: EAT modification 0x80683E60-->804F161E [ntoskrnl.exe]
ntoskrnl.exe-->KeDisconnectInterrupt, Type: EAT modification 0x80683E64-->80509FF8 [ntoskrnl.exe]
ntoskrnl.exe-->KeEnterCriticalRegion, Type: EAT modification 0x80683E68-->804D95F2 [ntoskrnl.exe]
ntoskrnl.exe-->KeEnterKernelDebugger, Type: EAT modification 0x80683E6C-->8053686B [ntoskrnl.exe]
ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x806836E0-->804E2427 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: EAT modification 0x80683E70-->806B4DD9 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x80683E74-->806BA287 [ntoskrnl.exe]
ntoskrnl.exe-->KeFlushEntireTb, Type: EAT modification 0x80683E78-->804E9BF5 [ntoskrnl.exe]
ntoskrnl.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x80683E7C-->805AD468 [ntoskrnl.exe]
ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: EAT modification 0x806836E4-->804E2468 [ntoskrnl.exe]
ntoskrnl.exe-->KeGetCurrentThread, Type: EAT modification 0x80683E80-->804DB622 [ntoskrnl.exe]
ntoskrnl.exe-->KeGetPreviousMode, Type: EAT modification 0x80683E84-->804DB62A [ntoskrnl.exe]
ntoskrnl.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x80683E88-->80508931 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386AbiosCall, Type: EAT modification 0x80683E8C-->80537CFD [ntoskrnl.exe]
ntoskrnl.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x80683E90-->80510DC4 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x80683E94-->804D9A3C [ntoskrnl.exe]
ntoskrnl.exe-->KeI386Call16BitFunction, Type: EAT modification 0x80683E98-->804D9898 [ntoskrnl.exe]
ntoskrnl.exe-->Kei386EoiHelper, Type: EAT modification 0x8068370C-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x80683E9C-->80537E0A [ntoskrnl.exe]
ntoskrnl.exe-->KeI386GetLid, Type: EAT modification 0x80683EA0-->80537AFF [ntoskrnl.exe]
ntoskrnl.exe-->KeI386MachineType, Type: EAT modification 0x80683EA4-->8055BA84 [ntoskrnl.exe]
ntoskrnl.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x80683EA8-->80537D9F [ntoskrnl.exe]
ntoskrnl.exe-->KeI386ReleaseLid, Type: EAT modification 0x80683EAC-->80537C7B [ntoskrnl.exe]
ntoskrnl.exe-->KeI386SetGdtSelector, Type: EAT modification 0x80683EB0-->806664DA [ntoskrnl.exe]
ntoskrnl.exe-->KeIcacheFlushCount, Type: EAT modification 0x80683EB4-->8055BA58 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeApc, Type: EAT modification 0x80683EB8-->804E5C99 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x80683EBC-->80506671 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeDpc, Type: EAT modification 0x80683EC0-->804E7DB8 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeEvent, Type: EAT modification 0x80683EC4-->804E7DE6 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeInterrupt, Type: EAT modification 0x80683EC8-->8050A082 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutant, Type: EAT modification 0x80683ECC-->804FA804 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutex, Type: Inline - RelativeJump 0x8051243B-->8052ACC7 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeMutex, Type: EAT modification 0x80683ED0-->80518BE3 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeQueue, Type: EAT modification 0x80683ED4-->804FE890 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeSemaphore, Type: EAT modification 0x80683ED8-->804E88F1 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeSpinLock, Type: EAT modification 0x80683EDC-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeTimer, Type: EAT modification 0x80683EE0-->804EC4FB [ntoskrnl.exe]
ntoskrnl.exe-->KeInitializeTimerEx, Type: EAT modification 0x80683EE4-->804EC513 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x80683EE8-->804E5F99 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertDeviceQueue, Type: EAT modification 0x80683EEC-->804E605E [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertHeadQueue, Type: EAT modification 0x80683EF0-->8051AFA3 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueue, Type: EAT modification 0x80683EF4-->804E5AB9 [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueueApc, Type: EAT modification 0x80683EF8-->804E5CEF [ntoskrnl.exe]
ntoskrnl.exe-->KeInsertQueueDpc, Type: EAT modification 0x80683EFC-->804D968D [ntoskrnl.exe]
ntoskrnl.exe-->KeIsAttachedProcess, Type: EAT modification 0x80683F00-->80509CD9 [ntoskrnl.exe]
ntoskrnl.exe-->KeIsExecutingDpc, Type: EAT modification 0x80683F04-->804DB63A [ntoskrnl.exe]
ntoskrnl.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x80683F08-->804D9604 [ntoskrnl.exe]
ntoskrnl.exe-->KeLoaderBlock, Type: EAT modification 0x80683F0C-->8055BA5C [ntoskrnl.exe]
ntoskrnl.exe-->KeNumberProcessors, Type: EAT modification 0x80683F10-->8055BA60 [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterrupt, Type: EAT modification 0x80683F14-->804E28EE [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterruptWithSource, Type: Inline - RelativeCall 0x804E3482-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x80683F18-->804E28F6 [ntoskrnl.exe]
ntoskrnl.exe-->KePulseEvent, Type: EAT modification 0x80683F1C-->80515CB3 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryActiveProcessors, Type: EAT modification 0x80683F20-->805B623F [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryInterruptTime, Type: EAT modification 0x80683F24-->804E5C65 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryPriorityThread, Type: EAT modification 0x80683F28-->80538084 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryRuntimeThread, Type: EAT modification 0x80683F2C-->805150DC [ntoskrnl.exe]
ntoskrnl.exe-->KeQuerySystemTime, Type: Inline - RelativeCall 0x804E3BB5-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeQuerySystemTime, Type: EAT modification 0x80683F30-->804D95AF [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTickCount, Type: Inline - RelativeJump 0x804EDC2E-->804EDC28 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTickCount, Type: EAT modification 0x80683F34-->804ED995 [ntoskrnl.exe]
ntoskrnl.exe-->KeQueryTimeIncrement, Type: EAT modification 0x80683F38-->804E5A3E [ntoskrnl.exe]
ntoskrnl.exe-->KeRaiseUserException, Type: EAT modification 0x80683F3C-->805383C4 [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateEvent, Type: Inline - PushRet 0x804E42CB-->CFB80008 [unknown_code_page]
ntoskrnl.exe-->KeReadStateEvent, Type: EAT modification 0x80683F40-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateMutant, Type: EAT modification 0x80683F44-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateMutex, Type: EAT modification 0x80683F48-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateQueue, Type: EAT modification 0x80683F4C-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateSemaphore, Type: EAT modification 0x80683F50-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe-->KeReadStateTimer, Type: EAT modification 0x80683F54-->804E6C19 [ntoskrnl.exe]
ntoskrnl.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x80683F58-->8050DB2A [ntoskrnl.exe]
ntoskrnl.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x80683F5C-->8050E119 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x806836D8-->804E2550 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x80683F60-->80536476 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseMutant, Type: EAT modification 0x80683F64-->804D9B4C [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseMutex, Type: EAT modification 0x80683F68-->804E8508 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSemaphore, Type: EAT modification 0x80683F6C-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSpinLockFromDpcLevel, Type: Inline - RelativeJump 0x804DA5EF-->804DA603 [ntoskrnl.exe]
ntoskrnl.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x80683F70-->804E246C [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x80683F74-->804E6020 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x80683F78-->80537F0F [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveDeviceQueue, Type: EAT modification 0x80683F7C-->804E5FE4 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x80683F80-->80537F84 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveQueue, Type: EAT modification 0x80683F84-->804E21B4 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveQueueDpc, Type: EAT modification 0x80683F88-->80514F93 [ntoskrnl.exe]
ntoskrnl.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x80683F8C-->8062A382 [ntoskrnl.exe]
ntoskrnl.exe-->KeResetEvent, Type: EAT modification 0x80683F90-->804E8525 [ntoskrnl.exe]
ntoskrnl.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x80683F94-->804F44A2 [ntoskrnl.exe]
ntoskrnl.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x80683F98-->80506DBF [ntoskrnl.exe]
ntoskrnl.exe-->KeRundownQueue, Type: EAT modification 0x80683F9C-->804FE9AC [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: Inline - RelativeCall 0x804F0D9B-->804EA9EB [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: Inline - RelativeJump 0x804F0DA3-->80507AFA [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveFloatingPointState, Type: EAT modification 0x80683FA0-->804F4385 [ntoskrnl.exe]
ntoskrnl.exe-->KeSaveStateForHibernate, Type: EAT modification 0x80683FA4-->8053849F [ntoskrnl.exe]
ntoskrnl.exe-->KeServiceDescriptorTable, Type: EAT modification 0x80683FA8-->80562520 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetAffinityThread, Type: EAT modification 0x80683FAC-->805188C3 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetBasePriorityThread, Type: EAT modification 0x80683FB0-->80514FD4 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x80683FB4-->80536367 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetEvent, Type: EAT modification 0x80683FB8-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetEventBoostPriority, Type: EAT modification 0x80683FBC-->804E68BC [ntoskrnl.exe]
ntoskrnl.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x80683FC0-->80519874 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetImportanceDpc, Type: EAT modification 0x80683FC4-->804EC82B [ntoskrnl.exe]
ntoskrnl.exe-->KeSetKernelStackSwapEnable, Type: EAT modification 0x80683FC8-->804F45DC [ntoskrnl.exe]
ntoskrnl.exe-->KeSetPriorityThread, Type: EAT modification 0x80683FCC-->804EC21C [ntoskrnl.exe]
ntoskrnl.exe-->KeSetProfileIrql, Type: EAT modification 0x80683FD0-->806B4D76 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x80683FD4-->80506D58 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x80683FD8-->80509693 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimeIncrement, Type: EAT modification 0x80683FDC-->80510D87 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimer, Type: EAT modification 0x80683FE0-->804E216F [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimerEx, Type: EAT modification 0x80683FE4-->804E210E [ntoskrnl.exe]
ntoskrnl.exe-->KeSetTimeUpdateNotifyRoutine, Type: EAT modification 0x806836DC-->8062A3EF [ntoskrnl.exe]
ntoskrnl.exe-->KeStackAttachProcess, Type: EAT modification 0x80683FE8-->804F3FC5 [ntoskrnl.exe]
ntoskrnl.exe-->KeSynchronizeExecution, Type: EAT modification 0x80683FEC-->804DB68A [ntoskrnl.exe]
ntoskrnl.exe-->KeTerminateThread, Type: EAT modification 0x80683FF0-->804EC32A [ntoskrnl.exe]
ntoskrnl.exe-->KeTickCount, Type: EAT modification 0x80683FF4-->8055A000 [ntoskrnl.exe]
ntoskrnl.exe-->KeUnstackDetachProcess, Type: Inline - RelativeCall 0x804F14F6-->804F1580 [ntoskrnl.exe]
ntoskrnl.exe-->KeUnstackDetachProcess, Type: EAT modification 0x80683FF8-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateRunTime, Type: Inline - RelativeCall 0x804E3346-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateRunTime, Type: EAT modification 0x80683FFC-->804E2794 [ntoskrnl.exe]
ntoskrnl.exe-->KeUpdateSystemTime, Type: EAT modification 0x80684000-->804E2608 [ntoskrnl.exe]
ntoskrnl.exe-->KeUserModeCallback, Type: EAT modification 0x80684004-->8056F133 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x80684008-->804E1A33 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForMutexObject, Type: EAT modification 0x8068400C-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe-->KeWaitForSingleObject, Type: EAT modification 0x80684010-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe-->KiAcquireSpinLock, Type: EAT modification 0x806836E8-->804E2478 [ntoskrnl.exe]
ntoskrnl.exe-->KiBugCheckData, Type: EAT modification 0x80684014-->80562EC0 [ntoskrnl.exe]
ntoskrnl.exe-->KiCoprocessorError, Type: EAT modification 0x80684018-->804E114B [ntoskrnl.exe]
ntoskrnl.exe-->KiDeliverApc, Type: EAT modification 0x8068401C-->804DCE01 [ntoskrnl.exe]
ntoskrnl.exe-->KiDispatchInterrupt, Type: Inline - RelativeJump 0x804DB880-->804DB87F [ntoskrnl.exe]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:52 pm

ntoskrnl.exe-->KiDispatchInterrupt, Type: EAT modification 0x80684020-->804DC862 [ntoskrnl.exe]
ntoskrnl.exe-->KiEnableTimerWatchdog, Type: EAT modification 0x80684024-->8055BA78 [ntoskrnl.exe]
ntoskrnl.exe-->Kii386SpinOnSpinLock, Type: EAT modification 0x80683710-->804DB61F [ntoskrnl.exe]
ntoskrnl.exe-->KiIpiServiceRoutine, Type: EAT modification 0x80684028-->804D9D1E [ntoskrnl.exe]
ntoskrnl.exe-->KiReleaseSpinLock, Type: EAT modification 0x806836EC-->804E2498 [ntoskrnl.exe]
ntoskrnl.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x8068402C-->804DBAF4 [ntoskrnl.exe]
ntoskrnl.exe-->LdrAccessResource, Type: EAT modification 0x80684030-->805DE2A9 [ntoskrnl.exe]
ntoskrnl.exe-->LdrEnumResources, Type: EAT modification 0x80684034-->80638B08 [ntoskrnl.exe]
ntoskrnl.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x80684038-->805B5A5F [ntoskrnl.exe]
ntoskrnl.exe-->LdrFindResource_U, Type: EAT modification 0x8068403C-->805B8648 [ntoskrnl.exe]
ntoskrnl.exe-->LpcPortObjectType, Type: EAT modification 0x80684040-->80562F08 [ntoskrnl.exe]
ntoskrnl.exe-->LpcRequestPort, Type: EAT modification 0x80684044-->8059531E [ntoskrnl.exe]
ntoskrnl.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x80684048-->8059E237 [ntoskrnl.exe]
ntoskrnl.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x8068404C-->80651D70 [ntoskrnl.exe]
ntoskrnl.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x80684050-->80651E13 [ntoskrnl.exe]
ntoskrnl.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x80684054-->805EB39D [ntoskrnl.exe]
ntoskrnl.exe-->LsaLogonUser, Type: EAT modification 0x80684058-->80651C76 [ntoskrnl.exe]
ntoskrnl.exe-->LsaLookupAuthenticationPackage, Type: EAT modification 0x8068405C-->80651BC8 [ntoskrnl.exe]
ntoskrnl.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x80684060-->80651A2F [ntoskrnl.exe]
ntoskrnl.exe-->mbstowcs, Type: EAT modification 0x80684CB8-->8054B59C [ntoskrnl.exe]
ntoskrnl.exe-->mbtowc, Type: EAT modification 0x80684CBC-->804FCFAF [ntoskrnl.exe]
ntoskrnl.exe-->memchr, Type: EAT modification 0x80684CC0-->804DA9DB [ntoskrnl.exe]
ntoskrnl.exe-->memcpy, Type: EAT modification 0x80684CC4-->804DAA82 [ntoskrnl.exe]
ntoskrnl.exe-->memmove, Type: EAT modification 0x80684CC8-->804DADC5 [ntoskrnl.exe]
ntoskrnl.exe-->memset, Type: EAT modification 0x80684CCC-->804DB105 [ntoskrnl.exe]
ntoskrnl.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x80684064-->80567944 [ntoskrnl.exe]
ntoskrnl.exe-->MmAddPhysicalMemory, Type: EAT modification 0x80684068-->8066AC0B [ntoskrnl.exe]
ntoskrnl.exe-->MmAddVerifierThunks, Type: EAT modification 0x8068406C-->8062BAF4 [ntoskrnl.exe]
ntoskrnl.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x80684070-->8066AC3B [ntoskrnl.exe]
ntoskrnl.exe-->MmAdvanceMdl, Type: EAT modification 0x80684074-->8053AB13 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x80684078-->8050C3E2 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x8068407C-->80504DD2 [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateMappingAddress, Type: EAT modification 0x80684080-->805C5B3D [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x80684084-->8062CC8A [ntoskrnl.exe]
ntoskrnl.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x80684088-->8066586D [ntoskrnl.exe]
ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x8068408C-->804EDEBC [ntoskrnl.exe]
ntoskrnl.exe-->MmCanFileBeTruncated, Type: EAT modification 0x80684090-->804F719D [ntoskrnl.exe]
ntoskrnl.exe-->MmCommitSessionMappedView, Type: EAT modification 0x80684094-->805053E8 [ntoskrnl.exe]
ntoskrnl.exe-->MmCreateMdl, Type: EAT modification 0x80684098-->804FAA38 [ntoskrnl.exe]
ntoskrnl.exe-->MmCreateSection, Type: EAT modification 0x8068409C-->804E1CC0 [ntoskrnl.exe]
ntoskrnl.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x806840A0-->804FAC31 [ntoskrnl.exe]
ntoskrnl.exe-->MmFlushImageSection, Type: EAT modification 0x806840A4-->804F710E [ntoskrnl.exe]
ntoskrnl.exe-->MmForceSectionClosed, Type: EAT modification 0x806840A8-->80500F48 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeContiguousMemory, Type: EAT modification 0x806840AC-->80504F19 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x806840B0-->8053B0C8 [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeMappingAddress, Type: EAT modification 0x806840B4-->8062C8DD [ntoskrnl.exe]
ntoskrnl.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x806840B8-->8062CDBB [ntoskrnl.exe]
ntoskrnl.exe-->MmFreePagesFromMdl, Type: EAT modification 0x806840BC-->8066B0FF [ntoskrnl.exe]
ntoskrnl.exe-->MmGetPhysicalAddress, Type: EAT modification 0x806840C0-->80505086 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x806840C4-->80669CF7 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x806840C8-->805C0E58 [ntoskrnl.exe]
ntoskrnl.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x806840CC-->8053B0E8 [ntoskrnl.exe]
ntoskrnl.exe-->MmGrowKernelStack, Type: EAT modification 0x806840D0-->804FA101 [ntoskrnl.exe]
ntoskrnl.exe-->MmHighestUserAddress, Type: EAT modification 0x806840D4-->80567EDC [ntoskrnl.exe]
ntoskrnl.exe-->MmIsAddressValid, Type: EAT modification 0x806840D8-->804E1F76 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsDriverVerifying, Type: Inline - PushRet 0x8050BD9C-->C7470010 [unknown_code_page]
ntoskrnl.exe-->MmIsDriverVerifying, Type: EAT modification 0x806840DC-->8050E225 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x806840E0-->8053CF57 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsRecursiveIoFault, Type: Inline - RelativeJump 0x80536CD3-->80536CE1 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x806840E4-->8053B195 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x806840E8-->80509675 [ntoskrnl.exe]
ntoskrnl.exe-->MmIsVerifierEnabled, Type: EAT modification 0x806840EC-->805B84D1 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableDataSection, Type: EAT modification 0x806840F0-->805E7DA9 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableImageSection, Type: EAT modification 0x806840F4-->805E7DA9 [ntoskrnl.exe]
ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x806840F8-->805E09D2 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapIoSpace, Type: EAT modification 0x806840FC-->8050B5CA [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPages, Type: EAT modification 0x80684100-->804F97B4 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x80684104-->804EDF4C [ntoskrnl.exe]
ntoskrnl.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x80684108-->8053A6E9 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x8068410C-->8053B1BB [ntoskrnl.exe]
ntoskrnl.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x80684110-->8066B226 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapVideoDisplay, Type: EAT modification 0x80684114-->805C5993 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x80684118-->805E3103 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x8068411C-->8062D687 [ntoskrnl.exe]
ntoskrnl.exe-->MmMapViewOfSection, Type: EAT modification 0x80684120-->8057A468 [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x80684124-->8062B9AB [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsGood, Type: Inline - RelativeJump 0x8066222D-->80662217 [ntoskrnl.exe]
ntoskrnl.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x80684128-->80669B6D [ntoskrnl.exe]
ntoskrnl.exe-->MmPageEntireDriver, Type: EAT modification 0x8068412C-->805DC76C [ntoskrnl.exe]
ntoskrnl.exe-->MmPrefetchPages, Type: EAT modification 0x80684130-->8059AB16 [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockPages, Type: EAT modification 0x80684134-->804F6BFF [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x80684138-->8062CE16 [ntoskrnl.exe]
ntoskrnl.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x8068413C-->8050863E [ntoskrnl.exe]
ntoskrnl.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x80684140-->8053AD4F [ntoskrnl.exe]
ntoskrnl.exe-->MmQuerySystemSize, Type: EAT modification 0x80684144-->8050896A [ntoskrnl.exe]
ntoskrnl.exe-->MmRemovePhysicalMemory, Type: Inline - RelativeJump 0x80623B43-->80623B51 [ntoskrnl.exe]
ntoskrnl.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x80684148-->8062B9CF [ntoskrnl.exe]
ntoskrnl.exe-->MmResetDriverPaging, Type: EAT modification 0x8068414C-->805DC83F [ntoskrnl.exe]
ntoskrnl.exe-->MmSectionObjectType, Type: EAT modification 0x80684150-->80567C40 [ntoskrnl.exe]
ntoskrnl.exe-->MmSecureVirtualMemory, Type: EAT modification 0x80684154-->80571DB6 [ntoskrnl.exe]
ntoskrnl.exe-->MmSetAddressRangeModified, Type: EAT modification 0x80684158-->804EF03B [ntoskrnl.exe]
ntoskrnl.exe-->MmSetBankedSection, Type: EAT modification 0x8068415C-->8062C991 [ntoskrnl.exe]
ntoskrnl.exe-->MmSizeOfMdl, Type: Inline - RelativeCall 0x804F7F4D-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe-->MmSizeOfMdl, Type: EAT modification 0x80684160-->804FACC1 [ntoskrnl.exe]
ntoskrnl.exe-->MmSystemRangeStart, Type: EAT modification 0x80684164-->80567ED8 [ntoskrnl.exe]
ntoskrnl.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x80684168-->8053DBAF [ntoskrnl.exe]
ntoskrnl.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x8068416C-->8051A1AB [ntoskrnl.exe]
ntoskrnl.exe-->MmUnlockPages, Type: EAT modification 0x80684170-->804F6EB5 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapIoSpace, Type: EAT modification 0x80684174-->8050B721 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapLockedPages, Type: EAT modification 0x80684178-->804EE0B8 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapReservedMapping, Type: EAT modification 0x8068417C-->8053A9B6 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x80684180-->805C59B2 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x80684184-->805E2E4C [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x80684188-->8062D6B4 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnmapViewOfSection, Type: EAT modification 0x8068418C-->8057C697 [ntoskrnl.exe]
ntoskrnl.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x80684190-->80571D9E [ntoskrnl.exe]
ntoskrnl.exe-->MmUserProbeAddress, Type: EAT modification 0x80684194-->80567ED4 [ntoskrnl.exe]
ntoskrnl.exe-->NlsAnsiCodePage, Type: EAT modification 0x80684198-->8069A4F0 [ntoskrnl.exe]
ntoskrnl.exe-->NlsLeadByteInfo, Type: EAT modification 0x8068419C-->8056C4BC [ntoskrnl.exe]
ntoskrnl.exe-->NlsMbCodePageTag, Type: EAT modification 0x806841A0-->8069A508 [ntoskrnl.exe]
ntoskrnl.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x806841A4-->8069A720 [ntoskrnl.exe]
ntoskrnl.exe-->NlsOemCodePage, Type: EAT modification 0x806841A8-->8069A4F4 [ntoskrnl.exe]
ntoskrnl.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x806841AC-->8056C4C0 [ntoskrnl.exe]
ntoskrnl.exe-->NtAddAtom, Type: EAT modification 0x806841B0-->8057FA34 [ntoskrnl.exe]
ntoskrnl.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x806841B4-->80589C03 [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x806841B8-->805E28DD [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateUuids, Type: EAT modification 0x806841BC-->805DE611 [ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x806841C0-->80570BC5 [ntoskrnl.exe]
ntoskrnl.exe-->NtBuildNumber, Type: EAT modification 0x806841C4-->805530E8 [ntoskrnl.exe]
ntoskrnl.exe-->NtCallbackReturn, Type: Inline - RelativeJump 0x804E2CD2-->804E2D17 [ntoskrnl.exe]
ntoskrnl.exe-->NtClearEvent, Type: Inline - RelativeJump 0x80569682-->80569689 [ntoskrnl.exe]
ntoskrnl.exe-->NtClose, Type: EAT modification 0x806841C8-->8056F8D7 [ntoskrnl.exe]
ntoskrnl.exe-->NtConnectPort, Type: EAT modification 0x806841CC-->80584D73 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateEvent, Type: EAT modification 0x806841D0-->805744F6 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: EAT modification 0x806841D4-->80573DFB [ntoskrnl.exe]
ntoskrnl.exe-->NtCreatePort, Type: Inline - RelativeCall 0x80597611-->8056C3D1 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSection, Type: EAT modification 0x806841D8-->8056DB66 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSemaphore, Type: Inline - RelativeJump 0x80572631-->805726BD [ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteAtom, Type: EAT modification 0x806841DC-->8058771C [ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteFile, Type: EAT modification 0x806841E0-->805DB33C [ntoskrnl.exe]
ntoskrnl.exe-->NtDeviceIoControlFile, Type: EAT modification 0x806841E4-->8058D747 [ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateObject, Type: EAT modification 0x806841E8-->8057EDE5 [ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateToken, Type: EAT modification 0x806841EC-->8058C373 [ntoskrnl.exe]
ntoskrnl.exe-->NtFindAtom, Type: EAT modification 0x806841F0-->805E480C [ntoskrnl.exe]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: EAT modification 0x806841F4-->805710BF [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Inline - RelativeJump 0x8057AC9C-->8057B57D [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Inline - RelativeJump 0x8057ACA4-->80579755 [ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: EAT modification 0x806841F8-->8058274A [ntoskrnl.exe]
ntoskrnl.exe-->NtGlobalFlag, Type: EAT modification 0x806841FC-->805607EC [ntoskrnl.exe]
ntoskrnl.exe-->NtInitializeRegistry, Type: Inline - RelativeJump 0x805A80EA-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe-->NtInitiatePowerAction, Type: Inline - RelativeJump 0x8062C2AC-->8062C2B2 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockFile, Type: EAT modification 0x80684200-->80587AE9 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Inline - RelativeJump 0x805D0F98-->805A8085 [ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Inline - RelativeJump 0x805D0FA1-->805A8179 [ntoskrnl.exe]
ntoskrnl.exe-->NtMakePermanentObject, Type: EAT modification 0x80684204-->805E7AE2 [ntoskrnl.exe]
ntoskrnl.exe-->NtMapViewOfSection, Type: EAT modification 0x80684208-->8057A879 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x8068420C-->80587D80 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeCall 0x8058EAA0-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x8058EAA9-->80574322 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x8058EAAE-->80599DFC [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeCall 0x8058EB69-->804F4029 [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeJump 0x8058EB72-->8057F2BF [ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Inline - RelativeJump 0x8058EB77-->805AFC1C [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenEventPair, Type: Inline - RelativeJump 0x8064957F-->80649536 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenFile, Type: EAT modification 0x80684210-->80579CF1 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Inline - RelativeJump 0x8059540D-->8059678E [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Inline - RelativeJump 0x80595413-->805EA1C3 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcess, Type: EAT modification 0x80684214-->8057F592 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessToken, Type: EAT modification 0x80684218-->80578148 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x8068421C-->8057809F [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThread, Type: EAT modification 0x80684220-->80584849 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadToken, Type: EAT modification 0x80684224-->805746D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x80684228-->805745CF [ntoskrnl.exe]
ntoskrnl.exe-->NtPrivilegedServiceAuditAlarm, Type: Inline - RelativeJump 0x805AA8D4-->805D92D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump 0x8057EC95-->8057EC6B [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: EAT modification 0x8068422C-->8057B814 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEaFile, Type: EAT modification 0x80684230-->8062164C [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEvent, Type: Inline - RelativeJump 0x80589EBC-->80589ECE [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationAtom, Type: EAT modification 0x80684234-->805B065E [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: Inline - RelativeJump 0x80572E51-->80572E42 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: EAT modification 0x80684238-->8057AB98 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: Inline - RelativeJump 0x8056DD1F-->8056DD45 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: EAT modification 0x8068423C-->805747B6 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationThread, Type: EAT modification 0x80684240-->80576860 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationToken, Type: EAT modification 0x80684244-->80576F36 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Inline - PushRet 0x80567344-->9822D25A [unknown_code_page]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Inline - RelativeJump 0x8056734F-->80567359 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPortInformationProcess, Type: Inline - RelativeJump 0x8062D845-->8062D85D [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x80684248-->80621F03 [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySecurityObject, Type: EAT modification 0x8068424C-->805DFD3E [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySymbolicLinkObject, Type: Inline - RelativeJump 0x80589B76-->80589E54 [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemInformation, Type: EAT modification 0x80684250-->8058B41A [ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemTime, Type: Inline - RelativeJump 0x8058A5B6-->805EB5D2 [ntoskrnl.exe]
ntoskrnl.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x80684254-->8057A03C [ntoskrnl.exe]
ntoskrnl.exe-->NtRaiseException, Type: Inline - RelativeJump 0x804E206A-->804E2068 [ntoskrnl.exe]
ntoskrnl.exe-->NtReadFile, Type: EAT modification 0x80684258-->8057495D [ntoskrnl.exe]
ntoskrnl.exe-->NtReleaseMutant, Type: Inline - RelativeJump 0x80566490-->80566499 [ntoskrnl.exe]
ntoskrnl.exe-->NtRemoveProcessDebug, Type: Inline - RelativeJump 0x8065B62B-->8065B66E [ntoskrnl.exe]
ntoskrnl.exe-->NtRequestPort, Type: EAT modification 0x8068425C-->805E33BE [ntoskrnl.exe]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x80684260-->8057CD93 [ntoskrnl.exe]
ntoskrnl.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8064F0EC-->8064F0F2 [ntoskrnl.exe]
ntoskrnl.exe-->NtSecureConnectPort, Type: Inline - RelativeJump 0x805888DD-->805E62D4 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetEaFile, Type: EAT modification 0x80684264-->80621B91 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetEvent, Type: EAT modification 0x80684268-->80570634 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Inline - RelativeCall 0x8064988C-->80649352 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Inline - RelativeJump 0x80649892-->80649869 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationFile, Type: EAT modification 0x8068426C-->8058A47C [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationProcess, Type: EAT modification 0x80684270-->80574B1F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationThread, Type: EAT modification 0x80684274-->80576AB3 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x80684278-->80621ED9 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetSecurityObject, Type: EAT modification 0x8068427C-->805DFB3F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeJump 0x80617B1B-->8057275F [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeJump 0x80617B25-->80572626 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Inline - RelativeCall 0x80617B2A-->80570360 [ntoskrnl.exe]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x80684280-->80622417 [ntoskrnl.exe]
ntoskrnl.exe-->NtShutdownSystem, Type: EAT modification 0x80684284-->8064E8EB [ntoskrnl.exe]
ntoskrnl.exe-->NtSignalAndWaitForSingleObject, Type: Inline - RelativeJump 0x805173A1-->80517452 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateJobObject, Type: Inline - RelativeJump 0x80630579-->806305F6 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA71-->8057B034 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeCall 0x8057BA76-->80573C38 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA7B-->8056D095 [ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateThread, Type: Inline - RelativeJump 0x8057BA8B-->8057B9B6 [ntoskrnl.exe]
ntoskrnl.exe-->NtTraceEvent, Type: EAT modification 0x80684288-->805499E0 [ntoskrnl.exe]
ntoskrnl.exe-->NtUnlockFile, Type: EAT modification 0x8068428C-->80587C49 [ntoskrnl.exe]
ntoskrnl.exe-->NtVdmControl, Type: EAT modification 0x80684290-->805B3552 [ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForSingleObject, Type: Inline - PushRet 0x8056618A-->9822CEC6 [unknown_code_page]
ntoskrnl.exe-->NtWaitForSingleObject, Type: EAT modification 0x80684294-->8056DF62 [ntoskrnl.exe]
ntoskrnl.exe-->NtWriteFile, Type: EAT modification 0x80684298-->8058A6FD [ntoskrnl.exe]
ntoskrnl.exe-->ObAssignSecurity, Type: EAT modification 0x8068429C-->80575777 [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckCreateObjectAccess, Type: Inline - RelativeCall 0x8058DD06-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x806842A0-->8058858B [ntoskrnl.exe]
ntoskrnl.exe-->ObCheckObjectAccess, Type: EAT modification 0x806842A4-->8056DD78 [ntoskrnl.exe]
ntoskrnl.exe-->ObCloseHandle, Type: EAT modification 0x806842A8-->80571730 [ntoskrnl.exe]
ntoskrnl.exe-->ObCreateObject, Type: EAT modification 0x806842AC-->8056D525 [ntoskrnl.exe]
ntoskrnl.exe-->ObCreateObjectType, Type: EAT modification 0x806842B0-->805CBC4E [ntoskrnl.exe]
ntoskrnl.exe-->ObDereferenceObject, Type: EAT modification 0x806842B4-->80541089 [ntoskrnl.exe]
ntoskrnl.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x806842B8-->8056D963 [ntoskrnl.exe]
ntoskrnl.exe-->ObfDereferenceObject, Type: EAT modification 0x806836F0-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe-->ObFindHandleForObject, Type: EAT modification 0x806842BC-->805E859F [ntoskrnl.exe]
ntoskrnl.exe-->ObfReferenceObject, Type: EAT modification 0x806836F4-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe-->ObGetObjectSecurity, Type: EAT modification 0x806842C0-->8056C287 [ntoskrnl.exe]
ntoskrnl.exe-->ObInsertObject, Type: EAT modification 0x806842C4-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x806842C8-->80541121 [ntoskrnl.exe]
ntoskrnl.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x806842CC-->805755A8 [ntoskrnl.exe]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: EAT modification 0x806842D0-->805E74E6 [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByName, Type: EAT modification 0x806842D4-->8057010D [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByPointer, Type: Inline - RelativeCall 0x8056DC57-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe-->ObOpenObjectByPointer, Type: EAT modification 0x806842D8-->80577F90 [ntoskrnl.exe]
ntoskrnl.exe-->ObQueryNameString, Type: EAT modification 0x806842DC-->8058F2D9 [ntoskrnl.exe]
ntoskrnl.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x806842E0-->80589506 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x806842E4-->8056C559 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByName, Type: EAT modification 0x806842E8-->80597466 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x806842EC-->804EA5A1 [ntoskrnl.exe]
ntoskrnl.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x806842F0-->8059DD71 [ntoskrnl.exe]
ntoskrnl.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x806842F4-->8056C241 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetHandleAttributes, Type: EAT modification 0x806842F8-->80595862 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x806842FC-->8059EE92 [ntoskrnl.exe]
ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x80684300-->805DFBEF [ntoskrnl.exe]
ntoskrnl.exe-->PfxFindPrefix, Type: EAT modification 0x80684304-->80639DD3 [ntoskrnl.exe]
ntoskrnl.exe-->PfxInitialize, Type: EAT modification 0x80684308-->806399CC [ntoskrnl.exe]
ntoskrnl.exe-->PfxInsertPrefix, Type: EAT modification 0x8068430C-->80639CE9 [ntoskrnl.exe]
ntoskrnl.exe-->PfxRemovePrefix, Type: EAT modification 0x80684310-->806399EF [ntoskrnl.exe]
ntoskrnl.exe-->PoCallDriver, Type: EAT modification 0x80684314-->805072A3 [ntoskrnl.exe]
ntoskrnl.exe-->PoCancelDeviceNotify, Type: EAT modification 0x80684318-->805411A0 [ntoskrnl.exe]
ntoskrnl.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x8068431C-->805C5BB2 [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x80684320-->8050565D [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x80684324-->8054169B [ntoskrnl.exe]
ntoskrnl.exe-->PoRegisterSystemState, Type: EAT modification 0x80684328-->805192E1 [ntoskrnl.exe]
ntoskrnl.exe-->PoRequestPowerIrp, Type: EAT modification 0x8068432C-->80507355 [ntoskrnl.exe]
ntoskrnl.exe-->PoRequestShutdownEvent, Type: EAT modification 0x80684330-->805B3D76 [ntoskrnl.exe]
ntoskrnl.exe-->PoSetHiberRange, Type: EAT modification 0x80684334-->8066DF9A [ntoskrnl.exe]
ntoskrnl.exe-->PoSetPowerState, Type: EAT modification 0x80684338-->80507E25 [ntoskrnl.exe]
ntoskrnl.exe-->PoSetSystemState, Type: EAT modification 0x8068433C-->8051A4A5 [ntoskrnl.exe]
ntoskrnl.exe-->PoShutdownBugCheck, Type: Inline - RelativeJump 0x8062B429-->8062B413 [ntoskrnl.exe]
ntoskrnl.exe-->PoShutdownBugCheck, Type: EAT modification 0x80684340-->80632E7F [ntoskrnl.exe]
ntoskrnl.exe-->PoStartNextPowerIrp, Type: EAT modification 0x80684344-->80507169 [ntoskrnl.exe]
ntoskrnl.exe-->PoUnregisterSystemState, Type: EAT modification 0x80684348-->80518BBE [ntoskrnl.exe]
ntoskrnl.exe-->ProbeForRead, Type: EAT modification 0x8068434C-->805838BB [ntoskrnl.exe]
ntoskrnl.exe-->ProbeForWrite, Type: EAT modification 0x80684350-->8056E89F [ntoskrnl.exe]
ntoskrnl.exe-->PsAssignImpersonationToken, Type: Inline - RelativeJump 0x80575872-->805D8F3A [ntoskrnl.exe]
ntoskrnl.exe-->PsAssignImpersonationToken, Type: EAT modification 0x80684354-->80580B55 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargePoolQuota, Type: EAT modification 0x80684358-->804F4784 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessNonPagedPoolQuota, Type: Inline - RelativeJump 0x804EB2AB-->804EB4E2 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x8068435C-->804F07EB [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x80684360-->804F6327 [ntoskrnl.exe]
ntoskrnl.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x80684364-->804E8847 [ntoskrnl.exe]
ntoskrnl.exe-->PsCreateSystemProcess, Type: EAT modification 0x80684368-->806357FB [ntoskrnl.exe]
ntoskrnl.exe-->PsCreateSystemThread, Type: EAT modification 0x8068436C-->805762A6 [ntoskrnl.exe]
ntoskrnl.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x80684370-->80635413 [ntoskrnl.exe]
ntoskrnl.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x80684374-->80592E08 [ntoskrnl.exe]
ntoskrnl.exe-->PsDisableImpersonation, Type: EAT modification 0x80684378-->80584F4A [ntoskrnl.exe]
ntoskrnl.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x8068437C-->805B92EF [ntoskrnl.exe]
ntoskrnl.exe-->PsGetContextThread, Type: EAT modification 0x80684380-->80635837 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcess, Type: EAT modification 0x80684384-->804E5E36 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcessId, Type: EAT modification 0x80684388-->804E6997 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x8068438C-->804EA489 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThread, Type: EAT modification 0x80684390-->804E5DA7 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadId, Type: EAT modification 0x80684394-->804E83EE [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x80684398-->8051917D [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x8068439C-->80542D19 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x806843A0-->80542D30 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobLock, Type: EAT modification 0x806843A4-->80542C23 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobSessionId, Type: EAT modification 0x806843A8-->80542C3C [ntoskrnl.exe]
ntoskrnl.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x806843AC-->80509627 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x806843B0-->80513374 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessDebugPort, Type: Inline - RelativeJump 0x80502C51-->8051EA6E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessDebugPort, Type: EAT modification 0x806843B4-->80503940 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x806843B8-->80635D17 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitStatus, Type: EAT modification 0x806843BC-->80542C73 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessExitTime, Type: EAT modification 0x806843C0-->8059DDB6 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessId, Type: EAT modification 0x806843C4-->804FA911 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessImageFileName, Type: EAT modification 0x806843C8-->8051338B [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x806843CC-->804FF78E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessJob, Type: EAT modification 0x806843D0-->804F41F3 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPeb, Type: Inline - RelativeJump 0x804E7413-->804E7427 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPeb, Type: EAT modification 0x806843D4-->804EA4C8 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x806843D8-->80542CBF [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x806843DC-->804FA3E6 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x806843E0-->8059E255 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSessionId, Type: Inline - RelativeJump 0x804FA95D-->804F0B40 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessSessionId, Type: EAT modification 0x806843E4-->804FE25E [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessWin32Process, Type: EAT modification 0x806843E8-->804E6BCA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x806843EC-->804F41DC [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x806843F0-->804EA180 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: Inline - RelativeCall 0x805082C8-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: Inline - RelativeJump 0x805082CE-->805082AD [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x806843F4-->80508BDA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadId, Type: EAT modification 0x806843F8-->804E7D5F [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadProcess, Type: EAT modification 0x806843FC-->804E8400 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadProcessId, Type: EAT modification 0x80684400-->804E7D48 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadSessionId, Type: EAT modification 0x80684404-->8057D6A9 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadTeb, Type: EAT modification 0x80684408-->804F0A40 [ntoskrnl.exe]
ntoskrnl.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x8068440C-->804E6BCA [ntoskrnl.exe]
ntoskrnl.exe-->PsGetVersion, Type: EAT modification 0x80684410-->80542BB2 [ntoskrnl.exe]
ntoskrnl.exe-->PsImpersonateClient, Type: EAT modification 0x80684414-->80580C82 [ntoskrnl.exe]
ntoskrnl.exe-->PsInitialSystemProcess, Type: EAT modification 0x80684418-->80569754 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x8068441C-->80635CF5 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsSystemThread, Type: EAT modification 0x80684420-->80514E6B [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadImpersonating, Type: EAT modification 0x80684424-->80635D90 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadTerminating, Type: Inline - RelativeJump 0x804E6ED7-->80521FD2 [ntoskrnl.exe]
ntoskrnl.exe-->PsIsThreadTerminating, Type: EAT modification 0x80684428-->804F1725 [ntoskrnl.exe]
ntoskrnl.exe-->PsJobType, Type: EAT modification 0x8068442C-->805696E0 [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x80684430-->8057F50F [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x80684434-->8057CC54 [ntoskrnl.exe]
ntoskrnl.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x80684438-->8057D6C5 [ntoskrnl.exe]
ntoskrnl.exe-->PsProcessType, Type: EAT modification 0x8068443C-->80569758 [ntoskrnl.exe]
ntoskrnl.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x80684440-->8056C2A5 [ntoskrnl.exe]
ntoskrnl.exe-->PsReferencePrimaryToken, Type: EAT modification 0x80684444-->8056C967 [ntoskrnl.exe]
ntoskrnl.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x80684448-->806355E0 [ntoskrnl.exe]
ntoskrnl.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x8068444C-->80635707 [ntoskrnl.exe]
ntoskrnl.exe-->PsRestoreImpersonation, Type: EAT modification 0x80684450-->8058501F [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnPoolQuota, Type: EAT modification 0x80684454-->804E86F5 [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x80684458-->804F1429 [ntoskrnl.exe]
ntoskrnl.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x8068445C-->804F60B9 [ntoskrnl.exe]
ntoskrnl.exe-->PsRevertThreadToSelf, Type: EAT modification 0x80684460-->80580BF1 [ntoskrnl.exe]
ntoskrnl.exe-->PsRevertToSelf, Type: EAT modification 0x80684464-->805B1467 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetContextThread, Type: EAT modification 0x80684468-->80635ACF [ntoskrnl.exe]
ntoskrnl.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x8068446C-->8063549F [ntoskrnl.exe]
ntoskrnl.exe-->PsSetCreateThreadNotifyRoutine, Type: EAT modification 0x80684470-->80635577 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x80684474-->80635D3D [ntoskrnl.exe]
ntoskrnl.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x80684478-->805B9406 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x8068447C-->80635695 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x80684480-->80571E63 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x80684484-->80635D5C [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x80684488-->805E6086 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWin32Process, Type: Inline - RelativeJump 0x8057FD2C-->8057FD3A [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWin32Process, Type: EAT modification 0x8068448C-->80592812 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetProcessWindowStation, Type: EAT modification 0x80684490-->80592DC5 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadHardErrorsAreDisabled, Type: Inline - RelativeJump 0x805082F3-->805214D1 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x80684494-->80508BF8 [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadWin32Thread, Type: Inline - RelativeJump 0x8057BD31-->8057BCFB [ntoskrnl.exe]
ntoskrnl.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x80684498-->8059583E [ntoskrnl.exe]
ntoskrnl.exe-->PsTerminateSystemThread, Type: EAT modification 0x8068449C-->80583248 [ntoskrnl.exe]
ntoskrnl.exe-->PsThreadType, Type: EAT modification 0x806844A0-->8056975C [ntoskrnl.exe]
ntoskrnl.exe-->qsort, Type: Inline - PushRet 0x8050844F-->90900008 [unknown_code_page]
ntoskrnl.exe-->qsort, Type: EAT modification 0x80684CD0-->8050B1B4 [ntoskrnl.exe]
ntoskrnl.exe-->rand, Type: EAT modification 0x80684CD4-->8054B68A [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x806844A4-->804DA0AA [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806844A8-->804DA0E2 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806844AC-->804DA0C6 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x806844B0-->804DA086 [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x806844B4-->804DA09E [ntoskrnl.exe]
ntoskrnl.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x806844B8-->804DA092 [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x806844BC-->805C1474 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: EAT modification 0x806844C0-->805852BE [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x806844C4-->805B1BD3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAce, Type: EAT modification 0x806844C8-->805D337A [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x806844CC-->80570802 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAddRange, Type: EAT modification 0x806844D0-->805C1EFB [ntoskrnl.exe]
ntoskrnl.exe-->RtlAllocateHeap, Type: EAT modification 0x806844D4-->8057D7CA [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x806844D8-->80582233 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeSize, Type: Inline - DirectCall 0x80633AE2-->804D811C [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x806844DC-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x806844E0-->8058DB92 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendAsciizToString, Type: EAT modification 0x806844E4-->8063C09F [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendStringToString, Type: EAT modification 0x806844E8-->805D3077 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x806844EC-->804F7BCC [ntoskrnl.exe]
ntoskrnl.exe-->RtlAppendUnicodeToString, Type: EAT modification 0x806844F0-->804F5F19 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAllAccessesGranted, Type: Inline - RelativeJump 0x80566A0F-->80566A19 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x806844F4-->8056EF85 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x806844F8-->8058B2F6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreBitsClear, Type: EAT modification 0x806844FC-->804F8F41 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAreBitsSet, Type: EAT modification 0x80684500-->804F9056 [ntoskrnl.exe]
ntoskrnl.exe-->RtlAssert, Type: EAT modification 0x80684504-->805436B0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCaptureContext, Type: EAT modification 0x80684508-->804DC152 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x8068450C-->805436DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlCharToInteger, Type: EAT modification 0x80684510-->8063C903 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCheckRegistryKey, Type: EAT modification 0x80684514-->805B6595 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearAllBits, Type: EAT modification 0x80684518-->80513EB1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearBit, Type: EAT modification 0x8068451C-->80542FE9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlClearBits, Type: EAT modification 0x80684520-->804EA9A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareMemory, Type: EAT modification 0x80684524-->804E5080 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x80684528-->804E50D0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareString, Type: Inline - RelativeJump 0x80634174-->80634185 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareString, Type: EAT modification 0x8068452C-->8063BFEB [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompareUnicodeString, Type: EAT modification 0x80684530-->80574887 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompressBuffer, Type: EAT modification 0x80684534-->80671217 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCompressChunks, Type: EAT modification 0x80684538-->8063D447 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x8068453C-->804DBE04 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x80684540-->8058E317 [ntoskrnl.exe]
ntoskrnl.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x80684544-->804DBE0C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyLuid, Type: EAT modification 0x80684548-->805AC48C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyRangeList, Type: Inline - RelativeJump 0x805C3EDE-->805C3EE4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyRangeList, Type: EAT modification 0x8068454C-->805BC474 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopySid, Type: EAT modification 0x80684550-->8056FE2C [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyString, Type: EAT modification 0x80684554-->8050D6C1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCopyUnicodeString, Type: EAT modification 0x80684558-->804F2DB1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateAcl, Type: EAT modification 0x8068455C-->8057545D [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateAtomTable, Type: EAT modification 0x80684560-->805D31B6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateHeap, Type: EAT modification 0x80684564-->805ABBBF [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateRegistryKey, Type: EAT modification 0x80684568-->805B66DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x8068456C-->8056FC49 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x80684570-->8063D944 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCreateUnicodeString, Type: EAT modification 0x80684574-->805CF6E5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x80684578-->80638D96 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressBuffer, Type: Inline - PushRet 0x806352AE-->8139C033 [unknown_code_page]
ntoskrnl.exe-->RtlDecompressBuffer, Type: EAT modification 0x8068457C-->8063D129 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressChunks, Type: EAT modification 0x80684580-->8063D27E [ntoskrnl.exe]
ntoskrnl.exe-->RtlDecompressFragment, Type: EAT modification 0x80684584-->805DD2DD [ntoskrnl.exe]
ntoskrnl.exe-->RtlDelete, Type: EAT modification 0x80684588-->804F2FC1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteAce, Type: EAT modification 0x8068458C-->805C5CA3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x80684590-->8057D741 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x80684594-->80513757 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x80684598-->804FC1E2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteNoSplay, Type: EAT modification 0x8068459C-->805147B9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x806845A0-->805BC674 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteRange, Type: EAT modification 0x806845A4-->8063A442 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x806845A8-->805C2D41 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDescribeChunk, Type: EAT modification 0x806845AC-->8063D1A1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDestroyAtomTable, Type: EAT modification 0x806845B0-->8063A087 [ntoskrnl.exe]
ntoskrnl.exe-->RtlDestroyHeap, Type: EAT modification 0x806845B4-->8063A7FF [ntoskrnl.exe]
ntoskrnl.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x806845B8-->8063B7C7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEmptyAtomTable, Type: EAT modification 0x806845BC-->8063A149 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x806845C0-->804DBBE3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x806845C4-->804DBBFB [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x806845C8-->804DBBEF [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x806845CC-->80543A17 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x806845D0-->80500A83 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableLikeADirectory, Type: EAT modification 0x806845D4-->80543BEB [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x806845D8-->804FBA9D [ntoskrnl.exe]
ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: EAT modification 0x806845DC-->80500AA8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualLuid, Type: EAT modification 0x806845E0-->8063C151 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualSid, Type: EAT modification 0x806845E4-->80573938 [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualString, Type: EAT modification 0x806845E8-->8050372A [ntoskrnl.exe]
ntoskrnl.exe-->RtlEqualUnicodeString, Type: EAT modification 0x806845EC-->8056C684 [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: EAT modification 0x806845F0-->804DBD08 [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x806845F4-->804DBC1B [ntoskrnl.exe]
ntoskrnl.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x806845F8-->804DBC78 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFillMemory, Type: EAT modification 0x806845FC-->804E5100 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFillMemoryUlong, Type: EAT modification 0x80684600-->804E5170 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearBits, Type: EAT modification 0x80684604-->804F044D [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x80684608-->804F0AA8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindClearRuns, Type: EAT modification 0x8068460C-->80503A42 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindFirstRunClear, Type: EAT modification 0x80684610-->80543481 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLastBackwardRunClear, Type: EAT modification 0x80684614-->805035B1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x80684618-->80511437 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindLongestRunClear, Type: EAT modification 0x8068461C-->80543329 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindMessage, Type: EAT modification 0x80684620-->805DE2C1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x80684624-->80543388 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x80684628-->80513474 [ntoskrnl.exe]

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:53 pm


ntoskrnl.exe-->RtlFindRange, Type: EAT modification 0x8068462C-->805C2338 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindSetBits, Type: EAT modification 0x80684630-->8054305F [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x80684634-->80543447 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x80684638-->805964BE [ntoskrnl.exe]
ntoskrnl.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x8068463C-->8058E485 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeAnsiString, Type: EAT modification 0x80684640-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeHeap, Type: EAT modification 0x80684644-->8057D392 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeOemString, Type: EAT modification 0x80684648-->805E5654 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeRangeList, Type: EAT modification 0x8068464C-->805BC392 [ntoskrnl.exe]
ntoskrnl.exe-->RtlFreeUnicodeString, Type: EAT modification 0x80684650-->80582BB6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x80684658-->80588A90 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetAce, Type: EAT modification 0x8068465C-->805AEF9A [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetCallersAddress, Type: EAT modification 0x80684660-->804DA198 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x80684664-->80665146 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x80684668-->805B1763 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x8068466C-->8058B3F2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetElementGenericTable, Type: EAT modification 0x80684670-->80543960 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x80684674-->80543ADB [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetFirstRange, Type: EAT modification 0x80684678-->8059DC4A [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x8068467C-->805BBF77 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetNextRange, Type: EAT modification 0x80684680-->8059DBE0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x80684684-->805E3E91 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x80684688-->805BBF35 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: EAT modification 0x8068468C-->805BBF00 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x80684690-->8063DF91 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGetVersion, Type: EAT modification 0x80684694-->805D7F67 [ntoskrnl.exe]
ntoskrnl.exe-->RtlGUIDFromString, Type: EAT modification 0x80684654-->805A02D4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlHashUnicodeString, Type: EAT modification 0x80684698-->80589617 [ntoskrnl.exe]
ntoskrnl.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x8068469C-->804FE293 [ntoskrnl.exe]
ntoskrnl.exe-->RtlImageNtHeader, Type: EAT modification 0x806846A0-->804FA366 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitAnsiString, Type: EAT modification 0x806846A4-->804DA26D [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitCodePageTable, Type: EAT modification 0x806846A8-->805CD087 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeBitMap, Type: EAT modification 0x806846B4-->8057BF4E [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeGenericTable, Type: EAT modification 0x806846B8-->80509716 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x806846BC-->804FF7A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeRangeList, Type: EAT modification 0x806846C0-->805CFA97 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeSid, Type: EAT modification 0x806846C4-->80588972 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x806846C8-->805BDBE1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitString, Type: EAT modification 0x806846AC-->804DA235 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInitUnicodeString, Type: EAT modification 0x806846B0-->804DA2A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTable, Type: EAT modification 0x806846CC-->804FBB74 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x806846D0-->80519427 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x806846D4-->804FBB35 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x806846D8-->804FBC0B [ntoskrnl.exe]
ntoskrnl.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x806846DC-->80593C1E [ntoskrnl.exe]
ntoskrnl.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x806846E0-->8063CE0D [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToChar, Type: EAT modification 0x806846E4-->8058F1EF [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToUnicode, Type: EAT modification 0x806846E8-->8058E5C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x806846EC-->8058DCB5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlInvertRangeList, Type: EAT modification 0x806846F0-->8063A580 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x806846F4-->8054416D [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x806846F8-->805441BB [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x806846FC-->80544620 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x80684700-->805445C2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x80684704-->80544C33 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x80684708-->80544E47 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x8068470C-->8054555B [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x80684710-->8050BC50 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x80684714-->80543E59 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x80684718-->80544088 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringExW, Type: EAT modification 0x8068471C-->805444CD [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x80684720-->80544262 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x80684724-->805446C8 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x80684728-->805449EE [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x8068472C-->805452EA [ntoskrnl.exe]
ntoskrnl.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x80684730-->80544FE7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x80684734-->80543943 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x80684738-->80506658 [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x8068473C-->8063DC9E [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsRangeAvailable, Type: EAT modification 0x80684740-->805C805C [ntoskrnl.exe]
ntoskrnl.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x80684744-->8063DB5A [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x80684748-->804DBBCF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x8068474C-->804DBDB0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x80684750-->805456DF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x80684754-->804DBDDC [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x80684758-->804DBD60 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x8068475C-->804DBD88 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x80684760-->804DBDF0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthRequiredSid, Type: EAT modification 0x80684764-->80581CA2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x80684768-->805753C9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSid, Type: Inline - RelativeJump 0x8059B50E-->8059B534 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLengthSid, Type: EAT modification 0x8068476C-->805DF5CA [ntoskrnl.exe]
ntoskrnl.exe-->RtlLockBootStatusData, Type: EAT modification 0x80684770-->8063DE28 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x80684774-->8057D5FC [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x80684778-->805137F4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x8068477C-->805152BA [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x80684780-->805137AF [ntoskrnl.exe]
ntoskrnl.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x80684784-->804F5BDE [ntoskrnl.exe]
ntoskrnl.exe-->RtlMapGenericMask, Type: EAT modification 0x80684788-->8056FDCA [ntoskrnl.exe]
ntoskrnl.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x8068478C-->805191D2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMergeRangeLists, Type: EAT modification 0x80684790-->8063A352 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMoveMemory, Type: EAT modification 0x80684794-->804E51C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x80684798-->80571F11 [ntoskrnl.exe]
ntoskrnl.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x8068479C-->805E9A23 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x806847A0-->80639C52 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNtStatusToDosError, Type: EAT modification 0x806847A4-->805835E0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x806847A8-->805173A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberGenericTableElements, Type: EAT modification 0x806847AC-->804FBADF [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x806847B0-->80506621 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberOfClearBits, Type: EAT modification 0x806847B4-->80503664 [ntoskrnl.exe]
ntoskrnl.exe-->RtlNumberOfSetBits, Type: EAT modification 0x806847B8-->80513D7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x806847BC-->8063BD83 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x806847C0-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x806847C4-->805E37D2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlOemToUnicodeN, Type: EAT modification 0x806847C8-->805E36C0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x806847CC-->805D3109 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x806836F8-->804E5531 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefixString, Type: EAT modification 0x806847D0-->805B6329 [ntoskrnl.exe]
ntoskrnl.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x806847D4-->805E686C [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x806847D8-->8057208F [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryRegistryValues, Type: EAT modification 0x806847DC-->8059B907 [ntoskrnl.exe]
ntoskrnl.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x806847E0-->805D0463 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRaiseException, Type: EAT modification 0x806847E4-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRandom, Type: EAT modification 0x806847E8-->80591915 [ntoskrnl.exe]
ntoskrnl.exe-->RtlRandomEx, Type: EAT modification 0x806847EC-->8054576F [ntoskrnl.exe]
ntoskrnl.exe-->RtlRealPredecessor, Type: EAT modification 0x806847F0-->805438DF [ntoskrnl.exe]
ntoskrnl.exe-->RtlRealSuccessor, Type: EAT modification 0x806847F4-->804F173E [ntoskrnl.exe]
ntoskrnl.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x806847F8-->80593D1F [ntoskrnl.exe]
ntoskrnl.exe-->RtlReserveChunk, Type: EAT modification 0x806847FC-->8063D20E [ntoskrnl.exe]
ntoskrnl.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x80684800-->80500ECC [ntoskrnl.exe]
ntoskrnl.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x80684804-->8054582C [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x8068480C-->805BEC83 [ntoskrnl.exe]
ntoskrnl.exe-->absoƖute, Type: EAT modification 0x80684808-->80639E8B [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetAllBits, Type: EAT modification 0x80684810-->8050BA7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetBit, Type: EAT modification 0x80684814-->804F0BC5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetBits, Type: EAT modification 0x80684818-->804F03FD [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x8068481C-->80585052 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetGroupSecurityDescriptor, Type: EAT modification 0x80684820-->805D347C [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x80684824-->805DFC36 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x80684828-->805D34C6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x8068482C-->8063D00B [ntoskrnl.exe]
ntoskrnl.exe-->RtlSizeHeap, Type: EAT modification 0x80684830-->8063A8E2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSplay, Type: EAT modification 0x80684834-->804F345D [ntoskrnl.exe]
ntoskrnl.exe-->RtlStringFromGUID, Type: EAT modification 0x80684838-->8059CA05 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x8068483C-->8063C124 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubAuthoritySid, Type: EAT modification 0x80684840-->805DC816 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubtreePredecessor, Type: EAT modification 0x80684844-->804FC4A6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x80684848-->805438A5 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTestBit, Type: EAT modification 0x8068484C-->8054301F [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x80684850-->80506F79 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x80684854-->8063E0A1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x80684858-->8054586B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x8068485C-->805457E1 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTimeToTimeFields, Type: EAT modification 0x80684860-->8050A933 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x80684864-->80545EF7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x80684868-->80545B1A [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x8068486C-->80545C0B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x80684870-->80545A8B [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x80684874-->80545CF3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x80684878-->80545ECD [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x8068487C-->80545EE2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x80684880-->80545CA4 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUlongByteSwap, Type: EAT modification 0x806836FC-->804DBBAC [ntoskrnl.exe]
ntoskrnl.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x80683700-->804DBBBC [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x80684884-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x80684888-->8058C6CD [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x8068488C-->805899A0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: EAT modification 0x80684890-->805E4C39 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x80684894-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemString, Type: Inline - RelativeCall 0x8059EF9D-->8059EE92 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x80684898-->805E2C84 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x8068489C-->80638F81 [ntoskrnl.exe]



ntoskrnl.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x806848A0-->8058C523 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x806848A4-->805E9B8A [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - PushRet 0x80591F25-->F4A66EE8 [unknown_code_page]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - RelativeCall 0x80591F26-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: Inline - RelativeJump 0x80591F2B-->80591F42 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnicodeToOemN, Type: EAT modification 0x806848A8-->80589725 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnlockBootStatusData, Type: EAT modification 0x806848AC-->8063DF46 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUnwind, Type: EAT modification 0x806848B0-->804FD281 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x806848B4-->8056EFB0 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x806848B8-->80570494 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x806848BC-->8063BCB9 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x806848C0-->8063BE4C [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x806848C4-->805E55AA [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x806848C8-->80639137 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x806848CC-->805D2201 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x806848D0-->805E4F7D [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpperChar, Type: EAT modification 0x806848D4-->805A3DDB [ntoskrnl.exe]
ntoskrnl.exe-->RtlUpperString, Type: EAT modification 0x806848D8-->805C80F6 [ntoskrnl.exe]
ntoskrnl.exe-->RtlUshortByteSwap, Type: EAT modification 0x80683704-->804DBB9C [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x806848DC-->805B1C60 [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x806848E0-->805DD1A3 [ntoskrnl.exe]
ntoskrnl.exe-->RtlValidSid, Type: EAT modification 0x806848E4-->8057537B [ntoskrnl.exe]
ntoskrnl.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x806848E8-->80509AEC [ntoskrnl.exe]
ntoskrnl.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x806848EC-->80534DE2 [ntoskrnl.exe]
ntoskrnl.exe-->RtlWalkFrameChain, Type: EAT modification 0x806848F0-->80519648 [ntoskrnl.exe]
ntoskrnl.exe-->RtlWriteRegistryValue, Type: EAT modification 0x806848F4-->805B61D7 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x80684900-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x80684904-->8063B947 [ntoskrnl.exe]
ntoskrnl.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x80684908-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x8068490C-->8063B91B [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroHeap, Type: Inline - RelativeJump 0x806327E7-->80632850 [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroHeap, Type: EAT modification 0x806848F8-->8063A621 [ntoskrnl.exe]
ntoskrnl.exe-->RtlZeroMemory, Type: EAT modification 0x806848FC-->804E5190 [ntoskrnl.exe]
ntoskrnl.exe-->SeAccessCheck, Type: EAT modification 0x80684910-->8056C2C7 [ntoskrnl.exe]
ntoskrnl.exe-->SeAppendPrivileges, Type: EAT modification 0x80684914-->8058AF21 [ntoskrnl.exe]
ntoskrnl.exe-->SeAssignSecurity, Type: EAT modification 0x80684918-->805751E4 [ntoskrnl.exe]
ntoskrnl.exe-->SeAssignSecurityEx, Type: EAT modification 0x8068491C-->80640060 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x80684920-->806409AB [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileEvents, Type: EAT modification 0x80684924-->80642051 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x80684928-->80579876 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x8068492C-->80641FCC [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingHardLinkEvents, Type: EAT modification 0x80684930-->806420A9 [ntoskrnl.exe]
ntoskrnl.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x80684934-->80642112 [ntoskrnl.exe]
ntoskrnl.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x80684938-->80581D5F [ntoskrnl.exe]
ntoskrnl.exe-->SeCaptureSubjectContext, Type: EAT modification 0x8068493C-->80573991 [ntoskrnl.exe]
ntoskrnl.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x80684940-->80641A66 [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateAccessState, Type: Inline - DirectCall 0x805641C3-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe-->SeCreateAccessState, Type: Inline - PushRet 0x805641C5-->982491FE [unknown_code_page]
ntoskrnl.exe-->SeCreateAccessState, Type: EAT modification 0x80684944-->8056CA6B [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateClientSecurity, Type: EAT modification 0x80684948-->80581387 [ntoskrnl.exe]
ntoskrnl.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x8068494C-->805E60E4 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeassignSecurity, Type: EAT modification 0x80684950-->805884D4 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeleteAccessState, Type: EAT modification 0x80684954-->8056CAC8 [ntoskrnl.exe]
ntoskrnl.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x80684958-->80641AB3 [ntoskrnl.exe]
ntoskrnl.exe-->SeExports, Type: EAT modification 0x8068495C-->8069AD50 [ntoskrnl.exe]
ntoskrnl.exe-->SeFilterToken, Type: EAT modification 0x80684960-->8063FBBC [ntoskrnl.exe]
ntoskrnl.exe-->SeFreePrivileges, Type: Inline - RelativeJump 0x8057844E-->80578485 [ntoskrnl.exe]
ntoskrnl.exe-->SeFreePrivileges, Type: EAT modification 0x80684964-->80581CCE [ntoskrnl.exe]
ntoskrnl.exe-->SeImpersonateClient, Type: EAT modification 0x80684968-->80642926 [ntoskrnl.exe]
ntoskrnl.exe-->SeImpersonateClientEx, Type: EAT modification 0x8068496C-->8058145E [ntoskrnl.exe]
ntoskrnl.exe-->SeLockSubjectContext, Type: EAT modification 0x80684970-->8056C39C [ntoskrnl.exe]
ntoskrnl.exe-->SeMarkLogonSessionForTerminationNotification, Type: EAT modification 0x80684974-->80642D87 [ntoskrnl.exe]
ntoskrnl.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x80684978-->8056DCB2 [ntoskrnl.exe]
ntoskrnl.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x8068497C-->8064236F [ntoskrnl.exe]
ntoskrnl.exe-->SePrivilegeCheck, Type: EAT modification 0x80684980-->805738F5 [ntoskrnl.exe]
ntoskrnl.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x80684984-->8058AE40 [ntoskrnl.exe]
ntoskrnl.exe-->SePublicDefaultDacl, Type: EAT modification 0x80684988-->8069AC50 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x8068498C-->80582C58 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryInformationToken, Type: Inline - PushRet 0x805837CE-->90900008 [unknown_code_page]
ntoskrnl.exe-->SeQueryInformationToken, Type: Inline - RelativeCall 0x805837D1-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe-->SeQueryInformationToken, Type: EAT modification 0x80684990-->8058FB61 [ntoskrnl.exe]
ntoskrnl.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x80684994-->805734CB [ntoskrnl.exe]
ntoskrnl.exe-->SeQuerySessionIdToken, Type: EAT modification 0x80684998-->805830D2 [ntoskrnl.exe]
ntoskrnl.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x8068499C-->805D9A0D [ntoskrnl.exe]
ntoskrnl.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x806849A0-->80575533 [ntoskrnl.exe]
ntoskrnl.exe-->SeReleaseSubjectContext, Type: EAT modification 0x806849A4-->8056CA9C [ntoskrnl.exe]
ntoskrnl.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x806849A8-->80579651 [ntoskrnl.exe]
ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x806849AC-->805DFAD7 [ntoskrnl.exe]
ntoskrnl.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x806849B0-->8064308F [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: Inline - RelativeJump 0x80571943-->80571A3F [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: Inline - RelativeJump 0x8057194F-->80571ABA [ntoskrnl.exe]
ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x806849B4-->8057898F [ntoskrnl.exe]
ntoskrnl.exe-->SeSystemDefaultDacl, Type: EAT modification 0x806849B8-->8069AC60 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x806849BC-->805811E9 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsAdmin, Type: EAT modification 0x806849C0-->806430DF [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsRestricted, Type: EAT modification 0x806849C4-->8056FD90 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x806849C8-->80592F94 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenObjectType, Type: EAT modification 0x806849CC-->8069AEE0 [ntoskrnl.exe]
ntoskrnl.exe-->SeTokenType, Type: EAT modification 0x806849D0-->80573A3F [ntoskrnl.exe]
ntoskrnl.exe-->SeUnlockSubjectContext, Type: EAT modification 0x806849D4-->8056C3D1 [ntoskrnl.exe]
ntoskrnl.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x806849D8-->80642CC0 [ntoskrnl.exe]
ntoskrnl.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x806849DC-->80583CA1 [ntoskrnl.exe]
ntoskrnl.exe-->sprintf, Type: EAT modification 0x80684CD8-->8050621E [ntoskrnl.exe]
ntoskrnl.exe-->srand, Type: EAT modification 0x80684CDC-->8054B671 [ntoskrnl.exe]
ntoskrnl.exe-->strcat, Type: EAT modification 0x80684CE0-->804DB16D [ntoskrnl.exe]
ntoskrnl.exe-->strchr, Type: EAT modification 0x80684CE4-->804E596B [ntoskrnl.exe]
ntoskrnl.exe-->strcmp, Type: EAT modification 0x80684CE8-->804DB253 [ntoskrnl.exe]
ntoskrnl.exe-->strcpy, Type: EAT modification 0x80684CEC-->804DB15D [ntoskrnl.exe]
ntoskrnl.exe-->strlen, Type: Inline - RelativeJump 0x804DA292-->804DA29D [ntoskrnl.exe]
ntoskrnl.exe-->strlen, Type: EAT modification 0x80684CF0-->804DB2D8 [ntoskrnl.exe]
ntoskrnl.exe-->strncat, Type: EAT modification 0x80684CF4-->804DB353 [ntoskrnl.exe]
ntoskrnl.exe-->strncmp, Type: EAT modification 0x80684CF8-->804DB478 [ntoskrnl.exe]
ntoskrnl.exe-->strncpy, Type: EAT modification 0x80684CFC-->804DB4B0 [ntoskrnl.exe]
ntoskrnl.exe-->strrchr, Type: EAT modification 0x80684D00-->804DB5B0 [ntoskrnl.exe]
ntoskrnl.exe-->strspn, Type: EAT modification 0x80684D04-->804DB5D7 [ntoskrnl.exe]
ntoskrnl.exe-->strstr, Type: EAT modification 0x80684D08-->804E58DC [ntoskrnl.exe]
ntoskrnl.exe-->swprintf, Type: EAT modification 0x80684D0C-->804FCA51 [ntoskrnl.exe]
ntoskrnl.exe-->tolower, Type: EAT modification 0x80684D10-->80512529 [ntoskrnl.exe]
ntoskrnl.exe-->toupper, Type: EAT modification 0x80684D14-->80507C85 [ntoskrnl.exe]
ntoskrnl.exe-->towlower, Type: EAT modification 0x80684D18-->8054B75A [ntoskrnl.exe]
ntoskrnl.exe-->towupper, Type: EAT modification 0x80684D1C-->8054B782 [ntoskrnl.exe]
ntoskrnl.exe-->vDbgPrintEx, Type: EAT modification 0x80684D20-->80542F23 [ntoskrnl.exe]
ntoskrnl.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x80684D24-->80501E10 [ntoskrnl.exe]
ntoskrnl.exe-->VerSetConditionMask, Type: EAT modification 0x806849E0-->80509A7D [ntoskrnl.exe]
ntoskrnl.exe-->VfFailDeviceNode, Type: EAT modification 0x806849E4-->805477D3 [ntoskrnl.exe]
ntoskrnl.exe-->VfFailDriver, Type: EAT modification 0x806849E8-->80547857 [ntoskrnl.exe]
ntoskrnl.exe-->VfFailSystemBIOS, Type: EAT modification 0x806849EC-->80547814 [ntoskrnl.exe]
ntoskrnl.exe-->VfIsVerificationEnabled, Type: EAT modification 0x806849F0-->80511626 [ntoskrnl.exe]
ntoskrnl.exe-->vsprintf, Type: Inline - RelativeJump 0x80508277-->80508299 [ntoskrnl.exe]
ntoskrnl.exe-->vsprintf, Type: EAT modification 0x80684D28-->8050B8CA [ntoskrnl.exe]
ntoskrnl.exe-->wcscat, Type: EAT modification 0x80684D2C-->80518D3C [ntoskrnl.exe]
ntoskrnl.exe-->wcschr, Type: EAT modification 0x80684D30-->804FE23A [ntoskrnl.exe]
ntoskrnl.exe-->wcscmp, Type: EAT modification 0x80684D34-->804EA0FD [ntoskrnl.exe]
ntoskrnl.exe-->wcscpy, Type: EAT modification 0x80684D38-->804F36E9 [ntoskrnl.exe]
ntoskrnl.exe-->wcscspn, Type: EAT modification 0x80684D3C-->8054B7B8 [ntoskrnl.exe]
ntoskrnl.exe-->wcslen, Type: EAT modification 0x80684D40-->804EA4A9 [ntoskrnl.exe]
ntoskrnl.exe-->wcsncat, Type: EAT modification 0x80684D44-->80509161 [ntoskrnl.exe]
ntoskrnl.exe-->wcsncmp, Type: EAT modification 0x80684D48-->805012EC [ntoskrnl.exe]
ntoskrnl.exe-->wcsncpy, Type: EAT modification 0x80684D4C-->804FC693 [ntoskrnl.exe]
ntoskrnl.exe-->wcsrchr, Type: EAT modification 0x80684D50-->805062C6 [ntoskrnl.exe]
ntoskrnl.exe-->wcsspn, Type: EAT modification 0x80684D54-->8054B828 [ntoskrnl.exe]
ntoskrnl.exe-->wcsstr, Type: EAT modification 0x80684D58-->804FF706 [ntoskrnl.exe]
ntoskrnl.exe-->wcstombs, Type: EAT modification 0x80684D5C-->8054B884 [ntoskrnl.exe]
ntoskrnl.exe-->wctomb, Type: EAT modification 0x80684D60-->80506272 [ntoskrnl.exe]
ntoskrnl.exe-->WmiFlushTrace, Type: EAT modification 0x80684A0C-->8064678F [ntoskrnl.exe]
ntoskrnl.exe-->WmiGetClock, Type: EAT modification 0x80683708-->805490A4 [ntoskrnl.exe]
ntoskrnl.exe-->WmiQueryTrace, Type: EAT modification 0x80684A10-->80645EC3 [ntoskrnl.exe]
ntoskrnl.exe-->WmiQueryTraceInformation, Type: EAT modification 0x80684A14-->8064681C [ntoskrnl.exe]
ntoskrnl.exe-->WmiStartTrace, Type: EAT modification 0x80684A18-->80646CAB [ntoskrnl.exe]
ntoskrnl.exe-->WmiStopTrace, Type: EAT modification 0x80684A1C-->80645EEF [ntoskrnl.exe]
ntoskrnl.exe-->WmiTraceMessage, Type: EAT modification 0x80684A20-->805499B7 [ntoskrnl.exe]
ntoskrnl.exe-->WmiTraceMessageVa, Type: EAT modification 0x80684A24-->805496DB [ntoskrnl.exe]
ntoskrnl.exe-->WmiUpdateTrace, Type: EAT modification 0x80684A28-->8064610C [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x806849F4-->804DA13A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806849F8-->804DA17A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806849FC-->804DA15A [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x80684A00-->804DA0FE [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x80684A04-->804DA126 [ntoskrnl.exe]
ntoskrnl.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x80684A08-->804DA112 [ntoskrnl.exe]
ntoskrnl.exe-->XIPDispatch, Type: EAT modification 0x80684A2C-->8054AF97 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x80684A30-->804E32CA [ntoskrnl.exe]
ntoskrnl.exe-->ZwAddBootEntry, Type: Inline - RelativeJump 0x804DC775-->804DC758 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAddBootEntry, Type: EAT modification 0x80684A34-->804E3356 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x80684A38-->804E337E [ntoskrnl.exe]
ntoskrnl.exe-->ZwAlertThread, Type: EAT modification 0x80684A3C-->804E33A6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x80684A40-->804E33F6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x80684A44-->804E341E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCancelIoFile, Type: EAT modification 0x80684A48-->804E345A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCancelTimer, Type: EAT modification 0x80684A4C-->804E346E [ntoskrnl.exe]
ntoskrnl.exe-->ZwClearEvent, Type: Inline - RelativeJump 0x804DC89F-->804DC91B [ntoskrnl.exe]
ntoskrnl.exe-->ZwClearEvent, Type: EAT modification 0x80684A50-->804E3482 [ntoskrnl.exe]
ntoskrnl.exe-->ZwClose, Type: Inline - RelativeJump 0x804DC8B0-->804DC91C [ntoskrnl.exe]
ntoskrnl.exe-->ZwClose, Type: EAT modification 0x80684A54-->804E3496 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x80684A58-->804E34AA [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: Inline - RelativeCall 0x804DC928-->804EA3B7 [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: Inline - RelativeJump 0x804DC92F-->804DC8D5 [ntoskrnl.exe]
ntoskrnl.exe-->ZwConnectPort, Type: EAT modification 0x80684A5C-->804E350E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: Inline - RelativeJump 0x804DC969-->804DCAF2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: Inline - RelativeJump 0x804DC970-->804DCAC9 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x80684A60-->804E354A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateEvent, Type: Inline - RelativeJump 0x804DC97D-->804DCAA4 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateEvent, Type: EAT modification 0x80684A64-->804E355E [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateFile, Type: EAT modification 0x80684A68-->804E3586 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateJobObject, Type: EAT modification 0x80684A6C-->804E35AE [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateKey, Type: EAT modification 0x80684A70-->804E35D6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSection, Type: EAT modification 0x80684A74-->804E368A [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSymbolicLinkObject, Type: Inline - RelativeJump 0x804DCAD1-->804DC97D [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x80684A78-->804E36B2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwCreateTimer, Type: EAT modification 0x80684A7C-->804E36DA [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteBootEntry, Type: EAT modification 0x80684A80-->804E3766 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteFile, Type: EAT modification 0x80684A84-->804E377A [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteKey, Type: EAT modification 0x80684A88-->804E378E [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeleteValueKey, Type: EAT modification 0x80684A8C-->804E37B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x80684A90-->804E37CA [ntoskrnl.exe]
ntoskrnl.exe-->ZwDisplayString, Type: Inline - RelativeJump 0x804DCBF8-->804DCC0B [ntoskrnl.exe]
ntoskrnl.exe-->ZwDisplayString, Type: EAT modification 0x80684A94-->804E37DE [ntoskrnl.exe]
ntoskrnl.exe-->ZwDuplicateObject, Type: EAT modification 0x80684A98-->804E37F2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwDuplicateToken, Type: EAT modification 0x80684A9C-->804E3806 [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateBootEntries, Type: Inline - RelativeJump 0x804DCC37-->804DCC7A [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x80684AA0-->804E381A [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateKey, Type: EAT modification 0x80684AA4-->804E382E [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateValueKey, Type: Inline - RelativeJump 0x804DCC70-->804DCC77 [ntoskrnl.exe]
ntoskrnl.exe-->ZwEnumerateValueKey, Type: EAT modification 0x80684AA8-->804E3856 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: Inline - RelativeJump 0x804DCCD4-->804DCD5F [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: Inline - RelativeJump 0x804DCCDA-->804DCD56 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushInstructionCache, Type: EAT modification 0x80684AAC-->804E38BA [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushKey, Type: Inline - RelativeJump 0x804DCCEB-->804DCD51 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushKey, Type: EAT modification 0x80684AB0-->804E38CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x80684AB4-->804E38E2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwFreeVirtualMemory, Type: Inline - RelativeJump 0x804DCD38-->804DCCDE [ntoskrnl.exe]
ntoskrnl.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x80684AB8-->804E391E [ntoskrnl.exe]
ntoskrnl.exe-->ZwFsControlFile, Type: EAT modification 0x80684ABC-->804E3932 [ntoskrnl.exe]
ntoskrnl.exe-->ZwInitiatePowerAction, Type: EAT modification 0x80684AC0-->804E39E6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwIsProcessInJob, Type: EAT modification 0x80684AC4-->804E39FA [ntoskrnl.exe]
ntoskrnl.exe-->ZwLoadDriver, Type: EAT modification 0x80684AC8-->804E3A36 [ntoskrnl.exe]
ntoskrnl.exe-->ZwLoadKey, Type: EAT modification 0x80684ACC-->804E3A4A [ntoskrnl.exe]
ntoskrnl.exe-->ZwMakeTemporaryObject, Type: Inline - RelativeJump 0x804DCEF4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x80684AD0-->804E3AD6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMapViewOfSection, Type: Inline - RelativeJump 0x804DCF30-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwMapViewOfSection, Type: EAT modification 0x80684AD4-->804E3B12 [ntoskrnl.exe]
ntoskrnl.exe-->ZwNotifyChangeKey, Type: Inline - RelativeJump 0x804DCF6C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwNotifyChangeKey, Type: EAT modification 0x80684AD8-->804E3B4E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenDirectoryObject, Type: Inline - RelativeJump 0x804DCF94-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x80684ADC-->804E3B76 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenEvent, Type: Inline - RelativeJump 0x804DCFA8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenEvent, Type: EAT modification 0x80684AE0-->804E3B8A [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenFile, Type: Inline - RelativeJump 0x804DCFD0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenFile, Type: EAT modification 0x80684AE4-->804E3BB2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenJobObject, Type: Inline - RelativeJump 0x804DCFF8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenJobObject, Type: EAT modification 0x80684AE8-->804E3BDA [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenKey, Type: Inline - RelativeJump 0x804DD00C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenKey, Type: EAT modification 0x80684AEC-->804E3BEE [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcess, Type: Inline - RelativeJump 0x804DD048-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcess, Type: EAT modification 0x80684AF0-->804E3C2A [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessToken, Type: Inline - RelativeJump 0x804DD05C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessToken, Type: EAT modification 0x80684AF4-->804E3C3E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessTokenEx, Type: Inline - RelativeJump 0x804DD070-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x80684AF8-->804E3C52 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSection, Type: Inline - RelativeJump 0x804DD084-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSection, Type: EAT modification 0x80684AFC-->804E3C66 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSymbolicLinkObject, Type: Inline - RelativeJump 0x804DD0AC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x80684B00-->804E3C8E [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThread, Type: Inline - RelativeJump 0x804DD0C0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThread, Type: EAT modification 0x80684B04-->804E3CA2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadToken, Type: Inline - RelativeJump 0x804DD0D4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadToken, Type: EAT modification 0x80684B08-->804E3CB6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadTokenEx, Type: Inline - RelativeJump 0x804DD0E8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x80684B0C-->804E3CCA [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenTimer, Type: Inline - RelativeJump 0x804DD0FC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwOpenTimer, Type: EAT modification 0x80684B10-->804E3CDE [ntoskrnl.exe]
ntoskrnl.exe-->ZwPowerInformation, Type: Inline - RelativeJump 0x804DD124-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPowerInformation, Type: EAT modification 0x80684B14-->804E3D06 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPulseEvent, Type: Inline - RelativeJump 0x804DD188-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwPulseEvent, Type: EAT modification 0x80684B18-->804E3D6A [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootEntryOrder, Type: Inline - RelativeJump 0x804DD1B0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x80684B1C-->804E3D92 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootOptions, Type: Inline - RelativeJump 0x804DD1C4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryBootOptions, Type: EAT modification 0x80684B20-->804E3DA6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultLocale, Type: Inline - RelativeJump 0x804DD1EC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x80684B24-->804E3DCE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultUILanguage, Type: Inline - RelativeJump 0x804DD200-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDefaultUILanguage, Type: EAT modification

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:53 pm

0x80684B28-->804E3DE2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryFile, Type: Inline - RelativeJump 0x804DD214-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x80684B2C-->804E3DF6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryObject, Type: Inline - RelativeJump 0x804DD228-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x80684B30-->804E3E0A [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryEaFile, Type: Inline - RelativeJump 0x804DD23C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryEaFile, Type: EAT modification 0x80684B34-->804E3E1E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryFullAttributesFile, Type: Inline - RelativeJump 0x804DD264-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x80684B38-->804E3E46 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationFile, Type: Inline - RelativeJump 0x804DD28C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationFile, Type: EAT modification 0x80684B3C-->804E3E6E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationJobObject, Type: Inline - RelativeJump 0x804DD2A0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x80684B40-->804E3E82 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationProcess, Type: Inline - RelativeJump 0x804DD2C8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationProcess, Type: EAT modification 0x80684B44-->804E3EAA [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationThread, Type: Inline - RelativeJump 0x804DD2DC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationThread, Type: EAT modification 0x80684B48-->804E3EBE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationToken, Type: Inline - RelativeJump 0x804DD2F0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInformationToken, Type: EAT modification 0x80684B4C-->804E3ED2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInstallUILanguage, Type: Inline - RelativeJump 0x804DD304-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x80684B50-->804E3EE6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryKey, Type: Inline - RelativeJump 0x804DD340-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryKey, Type: EAT modification 0x80684B54-->804E3F22 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryObject, Type: Inline - RelativeJump 0x804DD37C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryObject, Type: EAT modification 0x80684B58-->804E3F5E [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySection, Type: Inline - RelativeJump 0x804DD3CC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySection, Type: EAT modification 0x80684B5C-->804E3FAE [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySecurityObject, Type: Inline - RelativeJump 0x804DD3E0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySecurityObject, Type: EAT modification 0x80684B60-->804E3FC2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySymbolicLinkObject, Type: Inline - RelativeJump 0x804DD408-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x80684B64-->804E3FEA [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySystemInformation, Type: Inline - RelativeJump 0x804DD444-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQuerySystemInformation, Type: EAT modification 0x80684B68-->804E4026 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryValueKey, Type: Inline - RelativeJump 0x804DD494-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryValueKey, Type: EAT modification 0x80684B6C-->804E4076 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryVolumeInformationFile, Type: Inline - RelativeJump 0x804DD4BC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x80684B70-->804E409E [ntoskrnl.exe]
ntoskrnl.exe-->ZwReadFile, Type: Inline - RelativeJump 0x804DD50C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwReadFile, Type: EAT modification 0x80684B74-->804E40EE [ntoskrnl.exe]
ntoskrnl.exe-->ZwReplaceKey, Type: Inline - RelativeJump 0x804DD5D4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe-->ZwReplaceKey, Type: EAT modification 0x80684B78-->804E41B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwRequestWaitReplyPort, Type: Inline - RelativeJump 0x804DD660-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x80684B7C-->804E4242 [ntoskrnl.exe]
ntoskrnl.exe-->ZwResetEvent, Type: EAT modification 0x80684B80-->804E426A [ntoskrnl.exe]
ntoskrnl.exe-->ZwRestoreKey, Type: EAT modification 0x80684B84-->804E4292 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSaveKey, Type: EAT modification 0x80684B88-->804E42CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSaveKeyEx, Type: EAT modification 0x80684B8C-->804E42E2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootEntryOrder, Type: Inline - RelativeJump 0x804DD73C-->804DD841 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x80684B90-->804E431E [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootOptions, Type: Inline - RelativeJump 0x804DD750-->804DD76A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetBootOptions, Type: EAT modification 0x80684B94-->804E4332 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetDefaultLocale, Type: EAT modification 0x80684B98-->804E4382 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x80684B9C-->804E4396 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetEaFile, Type: EAT modification 0x80684BA0-->804E43AA [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetEvent, Type: EAT modification 0x80684BA4-->804E43BE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationFile, Type: EAT modification 0x80684BA8-->804E4422 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationJobObject, Type: EAT modification 0x80684BAC-->804E4436 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationObject, Type: Inline - RelativeJump 0x804DD87C-->804DEF1A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationObject, Type: EAT modification 0x80684BB0-->804E445E [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationProcess, Type: Inline - RelativeJump 0x804DD890-->804DD870 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationProcess, Type: EAT modification 0x80684BB4-->804E4472 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetInformationThread, Type: EAT modification 0x80684BB8-->804E4486 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSecurityObject, Type: Inline - RelativeJump 0x804DD94C-->804DD682 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSecurityObject, Type: EAT modification 0x80684BBC-->804E4526 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSystemInformation, Type: EAT modification 0x80684BC0-->804E4562 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetSystemTime, Type: EAT modification 0x80684BC4-->804E458A [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetTimer, Type: Inline - RelativeJump 0x804DD9D0-->804DDA1B [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetTimer, Type: EAT modification 0x80684BC8-->804E45B2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetValueKey, Type: EAT modification 0x80684BCC-->804E45EE [ntoskrnl.exe]
ntoskrnl.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x80684BD0-->804E4602 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTerminateJobObject, Type: EAT modification 0x80684BD4-->804E46A2 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTerminateProcess, Type: EAT modification 0x80684BD8-->804E46B6 [ntoskrnl.exe]
ntoskrnl.exe-->ZwTranslateFilePath, Type: EAT modification 0x80684BDC-->804E4706 [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnloadDriver, Type: EAT modification 0x80684BE0-->804E471A [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnloadKey, Type: EAT modification 0x80684BE4-->804E472E [ntoskrnl.exe]
ntoskrnl.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x80684BE8-->804E477E [ntoskrnl.exe]
ntoskrnl.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x80684BEC-->804E47BA [ntoskrnl.exe]
ntoskrnl.exe-->ZwWaitForSingleObject, Type: EAT modification 0x80684BF0-->804E47CE [ntoskrnl.exe]
ntoskrnl.exe-->ZwWriteFile, Type: EAT modification 0x80684BF4-->804E480A [ntoskrnl.exe]
ntoskrnl.exe-->ZwYieldExecution, Type: EAT modification 0x80684BF8-->804E485A [ntoskrnl.exe]
ntoskrnl.exe-->_abnormal_termination, Type: EAT modification 0x80684C08-->804E30C4 [ntoskrnl.exe]
ntoskrnl.exe-->_alldiv, Type: EAT modification 0x80684C0C-->804DA42D [ntoskrnl.exe]
ntoskrnl.exe-->_alldvrm, Type: EAT modification 0x80684C10-->804DA4D7 [ntoskrnl.exe]
ntoskrnl.exe-->_allmul, Type: EAT modification 0x80684C14-->804DA5B6 [ntoskrnl.exe]
ntoskrnl.exe-->_alloca_probe, Type: Inline - RelativeJump 0x804D959C-->804D95A2 [ntoskrnl.exe]
ntoskrnl.exe-->_alloca_probe, Type: EAT modification 0x80684C18-->804DA5EA [ntoskrnl.exe]
ntoskrnl.exe-->_allrem, Type: EAT modification 0x80684C1C-->804DA627 [ntoskrnl.exe]
ntoskrnl.exe-->_allshl, Type: EAT modification 0x80684C20-->804DA6DB [ntoskrnl.exe]
ntoskrnl.exe-->_allshr, Type: EAT modification 0x80684C24-->804DA6FA [ntoskrnl.exe]
ntoskrnl.exe-->_aulldiv, Type: EAT modification 0x80684C28-->804DA71B [ntoskrnl.exe]
ntoskrnl.exe-->_aulldvrm, Type: EAT modification 0x80684C2C-->804DA783 [ntoskrnl.exe]
ntoskrnl.exe-->_aullrem, Type: EAT modification 0x80684C30-->804DA818 [ntoskrnl.exe]
ntoskrnl.exe-->_aullshr, Type: EAT modification 0x80684C34-->804DA88D [ntoskrnl.exe]
ntoskrnl.exe-->_CIcos, Type: EAT modification 0x80684BFC-->804E5773 [ntoskrnl.exe]
ntoskrnl.exe-->_CIsin, Type: EAT modification 0x80684C00-->804E582C [ntoskrnl.exe]
ntoskrnl.exe-->_CIsqrt, Type: EAT modification 0x80684C04-->804E2BCC [ntoskrnl.exe]
ntoskrnl.exe-->_except_handler2, Type: EAT modification 0x80684C38-->804DA8B4 [ntoskrnl.exe]
ntoskrnl.exe-->_except_handler3, Type: EAT modification 0x80684C3C-->804E2EF8 [ntoskrnl.exe]
ntoskrnl.exe-->_global_unwind2, Type: EAT modification 0x80684C40-->804E2FF9 [ntoskrnl.exe]
ntoskrnl.exe-->_itoa, Type: EAT modification 0x80684C44-->8054B13A [ntoskrnl.exe]
ntoskrnl.exe-->_itow, Type: EAT modification 0x80684C48-->8054B1CA [ntoskrnl.exe]
ntoskrnl.exe-->_local_unwind2, Type: EAT modification 0x80684C4C-->804E3054 [ntoskrnl.exe]
ntoskrnl.exe-->_purecall, Type: EAT modification 0x80684C50-->8054AF1F [ntoskrnl.exe]
ntoskrnl.exe-->_snprintf, Type: EAT modification 0x80684C54-->8050A866 [ntoskrnl.exe]
ntoskrnl.exe-->_snwprintf, Type: EAT modification 0x80684C58-->80515305 [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: Inline - RelativeCall 0x80501B1C-->804E116B [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: Inline - RelativeJump 0x80501B23-->8052200E [ntoskrnl.exe]
ntoskrnl.exe-->_stricmp, Type: EAT modification 0x80684C5C-->805198E9 [ntoskrnl.exe]
ntoskrnl.exe-->_strlwr, Type: EAT modification 0x80684C60-->8054B212 [ntoskrnl.exe]
ntoskrnl.exe-->_strnicmp, Type: EAT modification 0x80684C64-->804FBA2E [ntoskrnl.exe]
ntoskrnl.exe-->_strnset, Type: EAT modification 0x80684C68-->804DA962 [ntoskrnl.exe]
ntoskrnl.exe-->_strrev, Type: EAT modification 0x80684C6C-->804DA98B [ntoskrnl.exe]
ntoskrnl.exe-->_strset, Type: EAT modification 0x80684C70-->804DA9BB [ntoskrnl.exe]
ntoskrnl.exe-->_strupr, Type: EAT modification 0x80684C74-->805116E6 [ntoskrnl.exe]
ntoskrnl.exe-->_vsnprintf, Type: EAT modification 0x80684C78-->80501AB8 [ntoskrnl.exe]
ntoskrnl.exe-->_vsnwprintf, Type: EAT modification 0x80684C7C-->8054B274 [ntoskrnl.exe]
ntoskrnl.exe-->_wcsicmp, Type: EAT modification 0x80684C80-->804E8120 [ntoskrnl.exe]
ntoskrnl.exe-->_wcslwr, Type: EAT modification 0x80684C84-->8054B2FA [ntoskrnl.exe]
ntoskrnl.exe-->_wcsnicmp, Type: EAT modification 0x80684C88-->804FC53A [ntoskrnl.exe]
ntoskrnl.exe-->_wcsnset, Type: EAT modification 0x80684C8C-->8054B33C [ntoskrnl.exe]
ntoskrnl.exe-->_wcsrev, Type: EAT modification 0x80684C90-->8054B372 [ntoskrnl.exe]
ntoskrnl.exe-->_wcsupr, Type: EAT modification 0x80684C94-->8050B59C [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB4DDC428-->F795E16D [IPVNMon.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB4DDC454-->F795E0B3 [IPVNMon.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB4DDC460-->F795DBC4 [IPVNMon.sys]
tcpip.sys-->ntoskrnl.exe-->DbgBreakPoint, Type: IAT modification 0xB4DDC574-->804E2A66 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->DbgPrint, Type: IAT modification 0xB4DDC63C-->80501F09 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xB4DDC68C-->80551005 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: IAT modification 0xB4DDC6A8-->804F3C7E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExCreateCallback, Type: IAT modification 0xB4DDC59C-->805BBD83 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xB4DDC4B4-->8054AA43 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExfInterlockedAddUlong, Type: IAT modification 0xB4DDC660-->804E55BC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: IAT modification 0xB4DDC66C-->804E5620 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xB4DDC6A4-->805511E6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xB4DDC4CC-->80508A20 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExIsProcessorFeaturePresent, Type: IAT modification 0xB4DDC4E4-->8050BAB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: IAT modification 0xB4DDC600-->804F9AA0 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ExNotifyCallback, Type: IAT modification 0xB4DDC598-->80519120 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xB4DDC4DC-->804E131F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xB4DDC4E0-->804E1343 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xB4DDC654-->804E81D7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xB4DDC5C0-->804EDDB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xB4DDC51C-->80518674 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xB4DDC488-->805A170C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xB4DDC530-->805D2EFF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xB4DDC5EC-->80505760 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xB4DDC4B0-->805D7E64 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xB4DDC518-->804E13B9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xB4DDC65C-->804E17CF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoFileObjectType, Type: IAT modification 0xB4DDC5B8-->80560D58 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xB4DDC668-->804EDE66 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetCurrentProcess, Type: IAT modification 0xB4DDC560-->804E5E36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xB4DDC520-->805E3B29 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xB4DDC4FC-->80579683 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoRaiseInformationalHardError, Type: IAT modification 0xB4DDC69C-->805324C7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xB4DDC658-->804E81BD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->IoWMIRegistrationControl, Type: IAT modification 0xB4DDC55C-->805A218B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xB4DDC6C0-->8053769F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeCancelTimer, Type: IAT modification 0xB4DDC690-->804E61C5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeClearEvent, Type: IAT modification 0xB4DDC694-->804E5AA4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xB4DDC4B8-->804E14F6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeEnterCriticalRegion, Type: IAT modification 0xB4DDC4A4-->804D95F2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xB4DDC6B8-->804E2427 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xB4DDC6BC-->804E2468 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeDpc, Type: IAT modification 0xB4DDC4C8-->804E7DB8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xB4DDC6A0-->804E7DE6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeMutex, Type: IAT modification 0xB4DDC5D8-->80518BE3 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xB4DDC6AC-->804E2417 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeTimer, Type: IAT modification 0xB4DDC4C4-->804EC4FB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeInitializeTimerEx, Type: IAT modification 0xB4DDC564-->804EC513 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeLeaveCriticalRegion, Type: IAT modification 0xB4DDC4A0-->804D9604 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeNumberProcessors, Type: IAT modification 0xB4DDC678-->8055BA60 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQueryInterruptTime, Type: IAT modification 0xB4DDC56C-->804E5C65 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xB4DDC6B4-->804D95AF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeQueryTimeIncrement, Type: IAT modification 0xB4DDC4A8-->804E5A3E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeReadStateEvent, Type: IAT modification 0xB4DDC5E8-->804E5DBB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeReleaseMutex, Type: IAT modification 0xB4DDC5E4-->804E8508 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeResetEvent, Type: IAT modification 0xB4DDC650-->804E8525 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xB4DDC4AC-->804E20A9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: IAT modification 0xB4DDC578-->80509693 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeSetTimerEx, Type: IAT modification 0xB4DDC4C0-->804E210E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xB4DDC6C8-->8055A000 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xB4DDC5E0-->804DC400 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xB4DDC640-->804DADC5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: IAT modification 0xB4DDC6CC-->804EDEBC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: IAT modification 0xB4DDC5DC-->80509675 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmLockPagableDataSection, Type: IAT modification 0xB4DDC680-->805E7DA9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: IAT modification 0xB4DDC4D0-->805E09D2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xB4DDC674-->804F97B4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: IAT modification 0xB4DDC664-->804EDF4C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmProbeAndLockPages, Type: IAT modification 0xB4DDC5BC-->804F6BFF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmQuerySystemSize, Type: IAT modification 0xB4DDC614-->8050896A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmUnlockPagableImageSection, Type: IAT modification 0xB4DDC684-->8051A1AB [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->MmUnlockPages, Type: IAT modification 0xB4DDC5A4-->804F6EB5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObDereferenceSecurityDescriptor, Type: IAT modification 0xB4DDC58C-->8056D963 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xB4DDC524-->804E1930 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xB4DDC5CC-->804DA06B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObGetObjectSecurity, Type: IAT modification 0xB4DDC514-->8056C287 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObLogSecurityDescriptor, Type: IAT modification 0xB4DDC5B0-->805755A8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObReferenceObjectByHandle, Type: IAT modification 0xB4DDC5A0-->8056C559 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObReleaseObjectSecurity, Type: IAT modification 0xB4DDC500-->8056C241 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: IAT modification 0xB4DDC53C-->805DFBEF [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ProbeForWrite, Type: IAT modification 0xB4DDC5C8-->8056E89F [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->PsGetCurrentProcess, Type: IAT modification 0xB4DDC5D0-->804E5E36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->PsGetCurrentProcessId, Type: IAT modification 0xB4DDC590-->804E6997 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: IAT modification 0xB4DDC4E8-->805852BE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAddAce, Type: IAT modification 0xB4DDC528-->805D337A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: IAT modification 0xB4DDC698-->8058DB92 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xB4DDC648-->804F7BCC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAppendUnicodeToString, Type: IAT modification 0xB4DDC608-->804F5F19 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlAreBitsSet, Type: IAT modification 0xB4DDC62C-->804F9056 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlClearAllBits, Type: IAT modification 0xB4DDC620-->80513EB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlClearBits, Type: IAT modification 0xB4DDC630-->804EA9A5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCompareMemory, Type: IAT modification 0xB4DDC688-->804E5080 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCompareUnicodeString, Type: IAT modification 0xB4DDC618-->80574887 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xB4DDC644-->804F2DB1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCreateAcl, Type: IAT modification 0xB4DDC4EC-->8057545D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: IAT modification 0xB4DDC510-->8056FC49 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: IAT modification 0xB4DDC568-->804DBD08 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlExtendedMagicDivide, Type: IAT modification 0xB4DDC604-->804DBC78 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlFindClearBitsAndSet, Type: IAT modification 0xB4DDC634-->804F0AA8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlFindClearRuns, Type: IAT modification 0xB4DDC638-->80503A42 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetAce, Type: IAT modification 0xB4DDC52C-->805AEF9A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: IAT modification 0xB4DDC550-->805B1763 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: IAT modification 0xB4DDC548-->805BBF77 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: IAT modification 0xB4DDC54C-->805BBF35 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: IAT modification 0xB4DDC544-->805BBF00 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitializeBitMap, Type: IAT modification 0xB4DDC61C-->8057BF4E [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitializeSid, Type: IAT modification 0xB4DDC534-->80588972 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xB4DDC670-->804DA2A5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlIpv4StringToAddressW, Type: IAT modification 0xB4DDC5F8-->8050BC50 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthRequiredSid, Type: IAT modification 0xB4DDC538-->80581CA2 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: IAT modification 0xB4DDC508-->805753C9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlLengthSid, Type: IAT modification 0xB4DDC4F0-->805DF5CA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlMapGenericMask, Type: IAT modification 0xB4DDC4F8-->8056FDCA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlPrefetchMemoryNonTemporal, Type: IAT modification 0xB4DDC5D4-->804E5531 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->absoƖute, Type: IAT modification 0xB4DDC540-->805BEC83 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetBit, Type: IAT modification 0xB4DDC57C-->804F0BC5 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetBits, Type: IAT modification 0xB4DDC624-->804F03FD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: IAT modification 0xB4DDC50C-->80585052 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlSubAuthoritySid, Type: IAT modification 0xB4DDC6C4-->805DC816 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlTimeToTimeFields, Type: IAT modification 0xB4DDC5FC-->8050A933 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: IAT modification 0xB4DDC67C-->8058C6CD [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: IAT modification 0xB4DDC5F4-->805E4C39 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlVerifyVersionInfo, Type: IAT modification 0xB4DDC554-->80509AEC [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->RtlWalkFrameChain, Type: IAT modification 0xB4DDC594-->80519648 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xB4DDC584-->8056C2C7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAppendPrivileges, Type: IAT modification 0xB4DDC5AC-->8058AF21 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeAssignSecurity, Type: IAT modification 0xB4DDC5B4-->805751E4 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xB4DDC4F4-->8069AD50 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeFreePrivileges, Type: IAT modification 0xB4DDC5A8-->80581CCE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xB4DDC588-->8056C39C [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: IAT modification 0xB4DDC504-->805DFAD7 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xB4DDC580-->8056C3D1 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->VerSetConditionMask, Type: IAT modification 0xB4DDC558-->80509A7D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcschr, Type: IAT modification 0xB4DDC498-->804FE23A [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcscpy, Type: IAT modification 0xB4DDC490-->804F36E9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xB4DDC628-->804EA4A9 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->wcsncpy, Type: IAT modification 0xB4DDC494-->804FC693 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xB4DDC60C-->804E3496 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwCreateFile, Type: IAT modification 0xB4DDC6D4-->804E3586 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwDeviceIoControlFile, Type: IAT modification 0xB4DDC6D0-->804E37CA [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwEnumerateValueKey, Type: IAT modification 0xB4DDC5F0-->804E3856 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwLoadDriver, Type: IAT modification 0xB4DDC64C-->804E3A36 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xB4DDC4BC-->804E3BEE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwQueryValueKey, Type: IAT modification 0xB4DDC4D4-->804E4076 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwSetInformationThread, Type: IAT modification 0xB4DDC49C-->804E4486 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->ZwSetValueKey, Type: IAT modification 0xB4DDC4D8-->804E45EE [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xB4DDC6B0-->804DA42D [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xB4DDC610-->804DA5B6 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_aulldiv, Type: IAT modification 0xB4DDC570-->804DA71B [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xB4DDC5C4-->804E2EF8 [ntoskrnl.exe]
tcpip.sys-->ntoskrnl.exe-->_wcsicmp, Type: IAT modification 0xB4DDC48C-->804E8120 [ntoskrnl.exe]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF758CB4C-->F795E16D [IPVNMon.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF758CB3C-->F795E0B3 [IPVNMon.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF758CB28-->F795DBC4 [IPVNMon.sys]
wanarp.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xF758CBF0-->80551005 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xF758CB84-->8054AA43 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xF758CBF8-->805511E6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xF758CB7C-->80508A20 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xF758CBE0-->804DA3FC [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xF758CBC8-->804E131F [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xF758CBC4-->804E1343 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xF758CB78-->804E81D7 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xF758CBB0-->80518674 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xF758CC08-->805A170C [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xF758CBBC-->805D2EFF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xF758CB80-->80505760 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xF758CBC0-->805D7E64 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xF758CBB4-->804E13B9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xF758CB70-->804E17CF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xF758CBD0-->804EDE66 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xF758CBA4-->805E3B29 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xF758CB74-->804E81BD [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xF758CB9C-->8053769F [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xF758CBB8-->804E14F6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xF758CBFC-->804E2427 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xF758CC00-->804E2468 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xF758CBE4-->804E7DE6 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xF758CBF4-->804E2417 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xF758CC0C-->804D95AF [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xF758CBEC-->804E20A9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xF758CB98-->8055A000 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xF758CBE8-->804DC400 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xF758CBCC-->804F97B4 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xF758CBAC-->804E1930 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xF758CBA8-->804DA06B [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xF758CB8C-->804F7BCC [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xF758CB90-->804F2DB1 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xF758CBD8-->804DA2A5 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: IAT modification 0xF758CBD4-->80570494 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->swprintf, Type: IAT modification 0xF758CB94-->804FCA51 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xF758CBDC-->804EA4A9 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xF758CB88-->804E3496 [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xF758CBA0-->804E3BEE [ntoskrnl.exe]
wanarp.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xF758CC04-->804DA42D [ntoskrnl.exe]
[1252]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1252]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[208]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[208]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[208]explorer.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001228-->00000000 [iphook32.dll]
[208]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[208]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[208]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[208]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[208]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[208]explorer.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7C9C1488-->00000000 [iphook32.dll]
[208]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[208]explorer.exe-->shell32.dll-->user32.dll-->SetWindowsHookExW, Type: IAT modification 0x7C9C20F0-->00000000 [iphook32.dll]
[208]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Fri 10 Dec 2010, 4:56 pm

WOW I hope you really wanted all of that..... The computer is working much better. I now get an error message "Generic Host Process for Win32 Services"

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Belahzur on Sat 11 Dec 2010, 11:40 am

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Sat 11 Dec 2010, 4:53 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 21:24 on 10/12/2010 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [22:21 10/09/2008] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a---- 96512 bytes [14:52 11/04/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a---- 96512 bytes [13:00 03/09/2002] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-= EOF =-

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Belahzur on Sun 12 Dec 2010, 4:42 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    FCopy::
    C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
    C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\ERDNT\cache\atapi.sys
    C:\WINDOWS\$NtServicePackUninstall$\atapi.sys | C:\WINDOWS\ServicePackFiles\i386\atapi.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Sun 12 Dec 2010, 5:45 am

ComboFix 10-12-11.01 - Owner 12/11/2010 10:16:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.816 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\kb.dll

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\ERDNT\cache\atapi.sys
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 06:02 . 2010-12-11 06:02 -------- d-----w- c:\program files\Common Files\Java
2010-12-11 06:02 . 2010-09-15 12:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-10 03:07 . 2010-12-10 03:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-12-10 03:07 . 2010-12-10 03:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-12-10 02:56 . 2010-12-10 02:56 -------- d-----w- c:\program files\7-Zip
2010-12-07 03:18 . 2010-12-08 15:29 0 ----a-w- c:\windows\Kyuya.bin
2010-12-07 03:18 . 2010-12-07 03:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 23:30 . 2010-11-02 02:00 155567790 ----a-w- C:\cookn9-42994.exe
2010-09-18 19:23 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 13:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 10:29 . 2010-04-10 16:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 06:51 . 2007-11-07 06:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 06:51 . 2007-11-07 06:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 09:07 . 2009-07-12 09:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 09:19 . 2009-07-12 09:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-12-11 18:13 . 2010-12-11 18:13 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2002-09-03 13:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2002-09-03 13:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2010-12-11 06:09 . 2009-01-10 00:18 27136 c:\windows\system32\ReinstallBackups\0018\DriverFiles\RimSerial.sys
+ 2010-03-31 07:16 . 2010-03-31 07:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 1980-01-01 00:00 . 2010-12-11 06:10 71732 c:\windows\system32\perfc009.dat
- 1980-01-01 00:00 . 2010-03-16 03:19 71732 c:\windows\system32\perfc009.dat
+ 2009-11-07 08:07 . 2009-11-07 08:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 05:17 . 2009-11-06 05:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2002-09-03 13:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2002-09-03 13:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2010-07-14 22:14 . 2010-04-20 03:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-14 22:14 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2009-06-22 00:42 . 2010-04-20 03:47 41984 c:\windows\system32\drivers\usbaapl.sys
+ 2010-05-18 23:35 . 2010-05-18 23:35 91424 c:\windows\system32\dnssd.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2002-09-03 13:00 . 2004-08-04 05:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2002-09-03 13:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2002-09-03 13:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 01:19 . 2003-02-21 01:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 08:07 . 2009-11-07 08:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-10-16 09:54 . 2010-10-16 09:54 21504 c:\windows\Installer\a31e39b.msi
+ 2010-08-01 20:46 . 2010-08-01 20:46 38400 c:\windows\Installer\19a2912a.msi
+ 2010-05-13 12:54 . 2010-05-13 12:54 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 69632 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-08-01 20:47 . 2010-09-29 10:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-26 12:59 . 2010-09-26 12:59 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2010-04-16 00:54 . 2010-04-16 00:54 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-10-06 10:02 . 2010-10-06 10:02 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e4fb287c\System.Drawing.Design.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_74c68084\CustomMarshalers.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 10:16 . 2010-08-12 10:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 10:15 . 2010-08-12 10:15 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 10:21 . 2010-08-12 10:21 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 10:02 . 2008-04-14 00:11 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-05-26 10:00 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 10:00 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 10:14 . 2008-04-14 00:11 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-04-14 04:50 . 2008-04-14 00:11 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-09-15 10:08 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-10-14 10:07 . 2008-04-14 00:12 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-09-29 10:01 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-29 10:01 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-08-11 23:51 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-15 04:37 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-15 17:43 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
- 2004-04-01 04:15 . 2010-03-10 11:00 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-10-06 10:05 . 2010-10-06 10:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-14 10:16 . 2009-10-14 10:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-15 10:07 . 2008-05-03 11:55 2560

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Sun 12 Dec 2010, 5:46 am

c:\windows\$NtUninstallKB982802$\xpsp4res.dll
+ 2010-10-14 10:02 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-14 10:07 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2010-10-14 04:54 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2002-09-03 13:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2002-09-03 13:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2002-09-03 13:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
- 2002-09-03 13:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2002-09-03 13:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2002-09-03 13:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2002-09-03 13:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2002-09-03 13:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2004-04-15 19:08 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2010-03-31 07:10 . 2010-03-31 07:10 295264 c:\windows\system32\PresentationHost.exe
+ 1980-01-01 00:00 . 2010-12-11 06:10 442466 c:\windows\system32\perfh009.dat
- 1980-01-01 00:00 . 2010-03-16 03:19 442466 c:\windows\system32\perfh009.dat
+ 2009-11-07 08:07 . 2009-11-07 08:07 297808 c:\windows\system32\mscoree.dll
- 2004-02-22 08:11 . 2004-08-04 07:56 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-02-22 08:11 . 2010-04-05 18:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-12-11 06:02 . 2010-09-15 12:50 153376 c:\windows\system32\javaws.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 153376 c:\windows\system32\javaws.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 145184 c:\windows\system32\javaw.exe
+ 2010-12-11 06:02 . 2010-09-15 12:50 145184 c:\windows\system32\javaw.exe
- 2010-04-10 16:22 . 2010-04-10 16:21 145184 c:\windows\system32\java.exe
+ 2010-12-11 06:02 . 2010-09-15 12:50 145184 c:\windows\system32\java.exe
+ 2004-06-07 21:19 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2004-02-21 22:08 . 2010-10-14 10:24 247904 c:\windows\system32\FNTCACHE.DAT
- 2004-02-21 22:08 . 2009-11-11 11:20 247904 c:\windows\system32\FNTCACHE.DAT
+ 2002-09-03 13:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2002-09-03 13:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2002-09-03 13:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-05-18 23:35 . 2010-05-18 23:35 107808 c:\windows\system32\dns-sd.exe
+ 2004-08-04 07:56 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 08:32 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-11-11 20:14 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-04-05 18:54 . 2010-04-05 18:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-14 08:13 . 2010-09-18 19:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-14 04:59 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2010-10-14 04:59 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2002-09-03 13:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2008-08-20 14:22 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-07-14 11:48 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-10-14 04:59 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2002-09-03 13:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2002-09-03 13:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2002-09-03 13:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2002-09-03 13:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2004-02-22 04:13 . 2010-06-14 14:31 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2004-02-22 04:13 . 2008-04-14 00:12 744448 c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
+ 2010-03-31 07:16 . 2010-03-31 07:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 19:22 . 2010-02-09 19:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 06:51 . 2009-08-08 06:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:49 . 2008-05-28 07:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 08:30 . 2008-05-28 08:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\dcd5792.msp
+ 2010-09-24 04:02 . 2010-09-24 04:02 798208 c:\windows\Installer\34053a5.msp
+ 2010-12-11 06:06 . 2010-12-11 06:06 228352 c:\windows\Installer\320fde3.msi
+ 2010-12-11 06:02 . 2010-12-11 06:02 180224 c:\windows\Installer\320fdde.msi
+ 2010-07-14 22:12 . 2010-07-14 22:12 807424 c:\windows\Installer\17fcaa9.msi
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2010-12-11 06:08 . 2010-12-11 06:08 413696 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2004-04-01 04:15 . 2010-03-10 11:00 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2004-04-01 04:15 . 2010-11-11 11:03 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2010-07-14 22:21 . 2010-07-14 22:21 372736 c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-09-23 02:10 . 2010-09-23 02:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2008-11-11 20:14 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-10-06 10:02 . 2010-10-06 10:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d7078a6e\System.Drawing.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b03bcc04\System.Drawing.Design.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7bf9142d\CustomMarshalers.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 10:20 . 2010-08-12 10:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-08-12 10:25 . 2010-08-12 10:25 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 10:22 . 2010-08-12 10:22 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-08-12 10:17 . 2010-08-12 10:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 10:22 . 2010-08-12 10:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-10-06 10:09 . 2010-10-06 10:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-08-12 10:17 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys
+ 2010-08-12 10:17 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2010-08-12 10:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-05-26 10:00 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 10:00 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-08-12 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-08-12 10:08 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-04-15 10:35 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-15 10:35 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-15 10:35 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-10 10:20 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-10 10:20 . 2008-04-14 00:09 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-10-14 10:06 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2010-10-14 10:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
+ 2010-10-14 10:06 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2010-04-15 10:45 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-15 10:45 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-10 10:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-10 10:18 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-10 10:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-06-10 10:15 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-10 10:15 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-04-14 04:50 . 2008-04-14 00:12 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-12 10:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 10:02 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-15 10:22 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-15 10:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-15 10:22 . 2008-04-14 00:11 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-04-15 10:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-15 10:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-10 10:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-09-15 10:08 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-09-15 10:08 . 2004-08-04 07:56 384512 c:\windows\$NtUninstallKB975558_WM8$\mp4sdmod.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2010-10-14 10:08 . 2006-10-14 08:13 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll
+ 2010-10-14 10:08 . 2008-04-14 00:11 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll
+ 2010-10-14 10:08 . 2002-09-03 13:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll
+ 2010-10-14 10:07 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2010-10-14 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2010-10-14 10:02 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys
+ 2010-10-14 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2008-04-14 00:11 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
+ 2010-10-14 10:07 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2279986$\atmfd.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-15 10:04 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-15 10:04 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
+ 2010-09-29 10:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-29 10:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-09-15 10:02 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-09-15 10:07 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-08-12 10:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe
+ 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-08-12 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-08-12 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-08-12 10:17 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-08-12 10:17 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-08-12 10:17 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-08-11 23:51 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2010-10-14 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-08-12 10:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-08-12 10:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981957\update\updspapi.dll
+ 2010-10-14 10:03 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981957\update\update.exe
+ 2010-10-14 10:03 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981957\spuninst.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-08-12 10:15 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-08-12 10:15 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-09-15 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-09-15 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-09-15 10:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-08-12 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-08-12 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-15 10:45 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-15 10:45 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-15 04:37 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-06-10 10:20 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-10 10:20 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-10 10:20 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-10 10:20 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-10 10:20 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-10-14 10:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2010-10-14 10:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2010-10-14 10:07 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2010-04-15 10:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-15 10:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-15 10:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-06-10 10:18 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-10 10:18 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-10 10:18 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-10 10:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-10 10:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-10 10:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-14 04:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-14 04:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-14 04:50 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 10:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 10:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-15 10:32 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-15 10:32 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-15 10:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-15 10:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-06-10 10:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-10 10:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-10 10:14 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
+ 2010-10-14 10:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe
+ 2010-10-14 04:59 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
+ 2010-10-14 04:59 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
+ 2010-10-14 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe
+ 2010-10-14 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe
+ 2010-10-14 04:54 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-09-15 10:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2010-10-14 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2010-10-14 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2010-08-04 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-04 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-04 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-14 10:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2279986\update\updspapi.dll
+ 2010-10-14 10:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2279986\update\update.exe
+ 2010-10-14 10:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2279986\spuninst.exe
+ 2010-09-01 11:48 . 2010-09-01 11:48 285824 c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-09-15 10:08 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-09-15 10:08 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-15 10:04 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-15 10:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-15 10:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-14 11:48 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
+ 2010-08-12 10:09 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2160329\update\update.exe
+ 2010-08-12 10:09 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2160329\spuninst.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-09-15 10:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-09-15 10:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-09-15 10:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-09-15 10:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-08-12 10:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-08-12 10:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-08-12 10:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-08-12 10:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Sun 12 Dec 2010, 5:46 am


+ 2010-10-14 04:59 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2002-09-03 13:00 . 2010-04-03 13:39 2377576 c:\windows\system32\WMVCore.dll
+ 2003-09-17 08:25 . 2010-08-25 14:23 5541888 c:\windows\system32\wmp.dll
+ 2002-09-03 13:00 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
+ 2009-06-22 00:42 . 2010-04-20 03:47 3062048 c:\windows\system32\usbaaplrc.dll
+ 2004-07-14 15:40 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-02-22 08:44 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2004-02-22 08:44 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-04-15 19:08 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2002-09-03 13:00 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2002-09-03 13:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2002-09-03 13:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2010-07-14 22:14 . 2010-04-20 03:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-14 22:14 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2002-09-03 13:00 . 2010-04-03 13:39 2377576 c:\windows\system32\dllcache\WMVCore.dll
+ 2003-09-17 08:25 . 2010-08-25 14:23 5541888 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-15 08:31 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 08:31 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 08:31 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-11 20:14 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-11 20:14 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-08-12 09:31 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-12 09:31 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
- 2010-03-10 10:43 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 10:43 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-11-07 08:06 . 2009-11-07 08:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 06:48 . 2010-04-08 06:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 16:44 . 2010-09-22 16:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 12:32 . 2010-03-23 12:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 06:51 . 2009-08-08 06:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 08:35 . 2008-05-28 08:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 07:48 . 2008-05-28 07:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 09:25 . 2010-09-23 09:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 07:43 . 2008-05-28 07:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-08-18 17:19 . 2010-08-18 17:19 8400896 c:\windows\Installer\e726cd5.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\dcd579e.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\dcd579d.msp
+ 2010-01-11 23:35 . 2010-01-11 23:35 4480000 c:\windows\Installer\6045e416.msp
+ 2010-10-05 00:00 . 2010-10-05 00:00 7973888 c:\windows\Installer\48c10bc.msp
+ 2010-02-26 13:09 . 2010-02-26 13:09 8300544 c:\windows\Installer\46af360.msp
+ 2010-08-09 23:44 . 2010-08-09 23:44 3778048 c:\windows\Installer\46699209.msp
+ 2010-08-27 20:36 . 2010-08-27 20:36 2807296 c:\windows\Installer\466991f6.msp
+ 2010-04-16 04:39 . 2010-04-16 04:39 9472000 c:\windows\Installer\3b98dd8.msi
+ 2010-09-23 14:39 . 2010-09-23 14:39 4265472 c:\windows\Installer\340539e.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\320fdc7.msp
+ 2010-12-11 05:57 . 2010-12-11 05:57 3940864 c:\windows\Installer\320fdb4.msi
+ 2010-05-24 20:54 . 2010-05-24 20:54 6704640 c:\windows\Installer\27d4924.msp
+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\192bdf41.msp
+ 2010-06-29 23:01 . 2010-06-29 23:01 8404992 c:\windows\Installer\1856a902.msp
+ 2010-07-14 22:21 . 2010-07-14 22:21 4820480 c:\windows\Installer\17fd336.msi
+ 2010-07-14 22:14 . 2010-07-14 22:14 3089408 c:\windows\Installer\17fcb14.msi
+ 2010-07-14 22:13 . 2010-07-14 22:13 1984000 c:\windows\Installer\17fcae1.msi
+ 2010-09-26 12:59 . 2010-09-26 12:59 1223680 c:\windows\Installer\1765dd43.msi
+ 2010-09-16 11:08 . 2010-09-16 11:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2008-10-15 08:31 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 08:31 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 08:31 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-06 10:02 . 2010-10-06 10:02 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fcfc5ab8\System.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2e76303c\System.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7952d5c4\System.Xml.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_58a5ecf3\System.Xml.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_112292c9\System.Windows.Forms.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_045c9557\System.Windows.Forms.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6f58764e\System.Drawing.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fb280e14\System.Design.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4d98f055\System.Design.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1b9a5f4d\mscorlib.dll
+ 2010-10-06 10:03 . 2010-10-06 10:03 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_14677707\mscorlib.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 10:20 . 2010-08-12 10:20 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-06 10:11 . 2010-10-06 10:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-08-12 10:21 . 2010-08-12 10:21 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-06 10:09 . 2010-10-06 10:09 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-08-12 10:19 . 2010-08-12 10:19 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 10:18 . 2010-08-12 10:18 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 10:15 . 2010-08-12 10:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-12 10:24 . 2010-08-12 10:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 10:23 . 2010-08-12 10:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 10:22 . 2010-08-12 10:22 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-21 10:26 . 2009-08-21 10:26 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-06 10:07 . 2010-10-06 10:07 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-06-10 10:12 . 2010-06-10 10:12 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:15 . 2009-10-14 10:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 10:16 . 2009-10-14 10:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-06 10:06 . 2010-10-06 10:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-21 10:09 . 2009-08-21 10:09 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 10:05 . 2010-06-23 10:05 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-10-06 10:05 . 2010-10-06 10:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:04 . 2009-10-14 10:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 10:04 . 2009-10-14 10:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-06 10:02 . 2010-10-06 10:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 10:03 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-10-14 10:03 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB981957$\win32k.sys
+ 2010-08-12 10:15 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-08-12 10:15 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-08-12 10:15 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-08-12 10:15 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-10-14 10:06 . 2008-04-14 00:12 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll
+ 2010-04-15 10:45 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-15 10:45 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-15 10:45 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-15 10:45 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-10 10:18 . 2009-08-14 13:21 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-10 10:15 . 2009-05-20 19:24 2373504 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 10:02 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-10 10:14 . 2009-11-27 17:11 1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-10-14 10:08 . 2008-04-14 00:11 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll
+ 2010-10-14 10:07 . 2009-07-13 17:08 5537792 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
+ 2010-08-04 10:02 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-08-12 10:09 . 2010-05-02 05:22 1851264 c:\windows\$NtUninstallKB2160329$\win32k.sys
+ 2010-08-12 10:14 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-08-11 23:50 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-08-31 13:38 . 2010-08-31 13:38 1861888 c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys
+ 2010-08-11 23:51 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-08-11 23:51 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 14:14 . 2010-04-28 14:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-08-11 23:51 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2010-04-15 04:37 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-15 04:37 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-15 04:37 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-15 04:37 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-06-24 02:14 . 2010-06-24 02:14 1861120 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
+ 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2005-05-11 02:15 . 2010-11-11 11:00 35758536 c:\windows\system32\MRT.exe
+ 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-09-24 21:08 . 2010-09-24 21:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-08-18 17:12 . 2010-08-18 17:12 17516032 c:\windows\Installer\e726cc2.msp
+ 2010-04-02 19:30 . 2010-04-02 19:30 17456640 c:\windows\Installer\dcd57c9.msp
+ 2010-04-12 05:17 . 2010-04-12 05:17 14599680 c:\windows\Installer\dcd57ac.msp
+ 2010-04-16 04:34 . 2010-04-16 04:34 17510912 c:\windows\Installer\dcd5787.msp
+ 2010-09-14 10:01 . 2010-09-14 10:01 20303872 c:\windows\Installer\413dda79.msp
+ 2010-09-24 14:08 . 2010-09-24 14:08 17518080 c:\windows\Installer\3405395.msp
+ 2010-12-11 06:08 . 2010-12-11 06:08 24010752 c:\windows\Installer\320fe24.msi
+ 2010-09-29 10:02 . 2010-09-29 10:02 20303872 c:\windows\Installer\2639eb0a.msp
+ 2010-08-01 20:46 . 2010-08-01 20:46 20242432 c:\windows\Installer\19a29130.msp
+ 2010-03-31 08:23 . 2010-03-31 08:23 15638528 c:\windows\Installer\192bdf4d.msp
+ 2010-05-19 20:08 . 2010-05-19 20:08 11408896 c:\windows\Installer\1856a8ef.msp
+ 2010-06-29 06:46 . 2010-06-29 06:46 17512960 c:\windows\Installer\1856a8e5.msp
+ 2010-08-12 10:19 . 2010-08-12 10:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-06 10:10 . 2010-10-06 10:10 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-06 10:08 . 2010-10-06 10:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-08-12 10:17 . 2010-08-12 10:17 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 10:16 . 2010-08-12 10:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 10:14 . 2010-08-12 10:14 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"User Space Manager"="c:\program files\Intel\LDCM\Bin\USM.exe" [2002-05-02 20563]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-02-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-12 86016]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2005-01-15 385024]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2005-05-09 86016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-3-7 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\LDCM\\BIN\\USM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cook'n9\\Cook'n.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 9:09 PM 64160]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [5/5/2009 5:19 AM 616408]
R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\cismbios.sys [2/21/2004 8:45 PM 9978]
R2 Intel Bootstrap Agent;Intel Bootstrap Agent;c:\program files\Intel\BootStrap Agent\bsa.exe [2/21/2004 8:45 PM 65536]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2/21/2004 8:48 PM 6736]
S2 gupdate1c9a6b15c4c2a8c;Google Update Service (gupdate1c9a6b15c4c2a8c);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 7:35 PM 133104]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 1029456]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:08]

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-11 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: WDC_WD600BB-53CAA1 rev.17.07W17 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A263555]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2697b0]; MOV EAX, [0x8a26982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A281AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006d[0x8A285EB0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A284D98]
\Driver\atapi[0x8A2AD030] -> IRP_MJ_CREATE -> 0x8A263555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD600BB-53CAA1______________________17.07W17#4457572d414d4638323133393839_037_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A26339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
Completion time: 2010-12-11 10:41:13
ComboFix-quarantined-files.txt 2010-12-11 18:41
ComboFix2.txt 2010-12-09 04:06
ComboFix3.txt 2010-04-11 14:54
ComboFix4.txt 2009-03-16 15:08

Pre-Run: 8,789,316,608 bytes free
Post-Run: 9,640,254,976 bytes free

- - End Of File - - F8C5F56143F080591179CB359A7274BD

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Belahzur on Sun 12 Dec 2010, 6:20 am

Hmm.

Please run TDSSKiller one more time and post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Sun 12 Dec 2010, 6:37 am

How do I do that? I don't think I have ran than yet...

Thanks.

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Belahzur on Sun 12 Dec 2010, 10:22 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Mon 13 Dec 2010, 1:13 am

2010/12/12 06:10:21.0734 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/12 06:10:21.0734 ================================================================================
2010/12/12 06:10:21.0734 SystemInfo:
2010/12/12 06:10:21.0734
2010/12/12 06:10:21.0734 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/12 06:10:21.0734 Product type: Workstation
2010/12/12 06:10:21.0734 ComputerName: GATEWAY-0R10EG5
2010/12/12 06:10:21.0734 UserName: Owner
2010/12/12 06:10:21.0734 Windows directory: C:\WINDOWS
2010/12/12 06:10:21.0734 System windows directory: C:\WINDOWS
2010/12/12 06:10:21.0734 Processor architecture: Intel x86
2010/12/12 06:10:21.0734 Number of processors: 2
2010/12/12 06:10:21.0734 Page size: 0x1000
2010/12/12 06:10:21.0734 Boot type: Normal boot
2010/12/12 06:10:21.0734 ================================================================================
2010/12/12 06:10:22.0187 Initialize success
2010/12/12 06:10:27.0906 ================================================================================
2010/12/12 06:10:27.0921 Scan started
2010/12/12 06:10:27.0921 Mode: Manual;
2010/12/12 06:10:27.0921 ================================================================================
2010/12/12 06:10:29.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/12 06:10:29.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/12 06:10:29.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/12 06:10:29.0796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/12 06:10:30.0015 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/12 06:10:30.0546 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/12 06:10:30.0859 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/12 06:10:31.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/12 06:10:31.0156 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/12 06:10:31.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/12 06:10:31.0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/12 06:10:31.0609 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
2010/12/12 06:10:31.0687 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2010/12/12 06:10:31.0859 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/12 06:10:32.0078 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
2010/12/12 06:10:32.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/12 06:10:32.0468 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/12/12 06:10:32.0500 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/12/12 06:10:32.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/12 06:10:33.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/12 06:10:33.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/12 06:10:33.0421 Cdr4_xp (c1762eb422119f2cf4a32ef72dc2815f) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/12 06:10:33.0546 Cdralw2k (8dc7e0c2c409cb3f3b7fa45fc7ea852a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/12 06:10:33.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/12 06:10:33.0843 cdudf_xp (a664412d09991120e103a6ad9f22ffc8) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/12/12 06:10:34.0140 CiSmBios (6f147c47a818acaea5ab03743e63830f) C:\WINDOWS\system32\drivers\CiSmBios.sys
2010/12/12 06:10:34.0640 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/12 06:10:34.0843 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/12 06:10:35.0000 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/12 06:10:35.0140 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/12 06:10:35.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/12 06:10:35.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/12 06:10:35.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/12 06:10:35.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/12 06:10:36.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/12 06:10:36.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/12 06:10:36.0328 dvd_2K (f5a93af20fc1cecd85cb7d64453015e5) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/12/12 06:10:36.0421 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/12 06:10:36.0546 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/12 06:10:36.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/12 06:10:36.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/12 06:10:36.0953 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/12 06:10:37.0125 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/12 06:10:37.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/12 06:10:37.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/12 06:10:37.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/12 06:10:37.0703 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/12 06:10:37.0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/12 06:10:37.0921 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/12 06:10:38.0109 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/12 06:10:38.0296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/12 06:10:38.0468 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/12 06:10:38.0562 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/12 06:10:38.0640 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/12 06:10:38.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/12 06:10:39.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/12 06:10:39.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/12 06:10:39.0531 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/12 06:10:39.0687 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/12 06:10:39.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/12 06:10:39.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/12 06:10:40.0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/12 06:10:40.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/12 06:10:40.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/12 06:10:40.0578 IPVNMon (0b46016d4df29ff99edb33fadb643cbb) C:\WINDOWS\system32\drivers\IPVNMon.sys
2010/12/12 06:10:40.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/12 06:10:40.0828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/12 06:10:41.0062 itchfltr (51205dab5a3671d3e805f4981aa758b6) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2010/12/12 06:10:41.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/12 06:10:41.0375 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/12 06:10:41.0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/12 06:10:41.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/12 06:10:41.0781 l8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
2010/12/12 06:10:42.0000 Lbd (52320254d74ea11b6f129e7df1016975) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/12 06:10:42.0250 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2010/12/12 06:10:42.0343 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2010/12/12 06:10:42.0500 mmc_2K (c2d1d3d62b22e81297c589bca7de5e66) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/12/12 06:10:42.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/12 06:10:42.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/12 06:10:42.0875 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/12 06:10:43.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/12 06:10:43.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/12 06:10:43.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/12 06:10:43.0453 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/12 06:10:43.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/12 06:10:43.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/12 06:10:44.0000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/12 06:10:44.0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/12 06:10:44.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/12 06:10:44.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/12 06:10:44.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/12 06:10:44.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/12 06:10:44.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/12 06:10:45.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/12 06:10:45.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/12 06:10:45.0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/12 06:10:45.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/12 06:10:45.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/12 06:10:45.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/12 06:10:45.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/12 06:10:46.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/12 06:10:46.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/12 06:10:46.0593 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/12 06:10:46.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/12 06:10:47.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/12 06:10:47.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/12 06:10:47.0375 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/12 06:10:47.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/12 06:10:47.0625 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/12 06:10:47.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/12 06:10:48.0015 PcdrNt (231f133b4a5a04307abd95cac80fd063) C:\WINDOWS\System32\drivers\PcdrNt.sys
2010/12/12 06:10:48.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/12 06:10:48.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/12 06:10:48.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/12 06:10:49.0093 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/12/12 06:10:49.0343 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/12 06:10:49.0531 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/12 06:10:49.0671 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/12 06:10:49.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/12 06:10:49.0984 pwd_2k (d43e18f4c48f469b064b6105daffe5a1) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/12/12 06:10:50.0109 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/12 06:10:50.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/12 06:10:50.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/12 06:10:50.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/12 06:10:50.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/12 06:10:51.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/12 06:10:51.0218 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/12 06:10:51.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/12 06:10:51.0578 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/12 06:10:51.0796 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/12 06:10:51.0921 RioPNP (ace39b5ee46094f8f0c61fa4ceda9f18) C:\WINDOWS\system32\drivers\RioPNP.sys
2010/12/12 06:10:52.0093 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/12 06:10:52.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/12 06:10:52.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/12 06:10:52.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/12 06:10:52.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/12 06:10:53.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/12 06:10:53.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/12 06:10:53.0296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/12 06:10:53.0484 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/12 06:10:53.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/12 06:10:53.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/12 06:10:54.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/12 06:10:54.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/12 06:10:54.0593 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/12 06:10:54.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/12 06:10:54.0906 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/12 06:10:55.0031 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/12 06:10:55.0250 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/12 06:10:55.0390 UdfReadr_xp (38f35f42c149379434c7cac40b974728) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/12/12 06:10:55.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/12 06:10:55.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/12 06:10:55.0953 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/12 06:10:56.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/12 06:10:56.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/12 06:10:56.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/12 06:10:56.0375 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/12 06:10:56.0531 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/12 06:10:56.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/12 06:10:56.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/12 06:10:56.0859 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/12/12 06:10:57.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/12 06:10:57.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/12 06:10:57.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/12 06:10:57.0609 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/12 06:10:57.0828 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/12 06:10:57.0921 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/12 06:10:57.0937 ================================================================================
2010/12/12 06:10:57.0937 Scan finished
2010/12/12 06:10:57.0937 ================================================================================
2010/12/12 06:10:57.0953 Detected object count: 1
2010/12/12 06:11:46.0718 \HardDisk0 - will be cured after reboot
2010/12/12 06:11:46.0718 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Belahzur on Mon 13 Dec 2010, 9:18 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by racafrustrated on Mon 13 Dec 2010, 2:56 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=90dc22688c530b4d86bacac376a89050
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-13 03:48:22
# local_time=2010-12-12 07:48:22 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 54876170 54876170 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114157
# found=6
# cleaned=6
# scan_time=15907
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Adobe\plugs\KB296744296.exe.vir a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\dapdr32.dll.vir a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\kb.dll.vir Win32/Bamital.EX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP4\A0001519.exe a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP4\A0001521.dll a variant of Win32/Cimag.EW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP5\A0002443.dll Win32/Bamital.EX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Belahzur on Tue 14 Dec 2010, 10:43 am

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sick Desktop Computer "virus called tr/crypt.zpack.gen"

Post by Sponsored content Today at 1:04 am


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum