Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VIRUS???


  • Please log in to reply
14 replies to this topic

#1 swift06

swift06

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 25 August 2010 - 04:36 AM

hi...

recently i installed ESET nod32 ver 4.2 and immedietly after the scan a threat window stated popping out...

threat >> D:\WINDOWS\system32\drivers\atapi.sys has Win32/Olmarik.VM trojan... its size >>95360 bytes

window popped till i shut down pc----1659 times blocked

i read similar posts in here but not sure what to do.... ESET can't clear it

please HELP :thumbsup: :flowers:....

Edited by swift06, 25 August 2010 - 04:38 AM.

I never go back on my words.....BELIEVE IT !!!


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 25 August 2010 - 05:52 AM

Please try to follow the steps in this guide and let me know if that did the trick. :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 25 August 2010 - 10:09 AM

i tried it ....
tdsskiller scanned and replied >>> NO THREATS

now what should i do?? :thumbsup:

I never go back on my words.....BELIEVE IT !!!


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 25 August 2010 - 10:11 AM

Please run the following scan.

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 26 August 2010 - 09:36 PM

yesterday after installing Spybot -S&D and running it...ESET stopped this popping up problem
and moreover after checking the scan log i found that this same Win32/Olmarik trojan has been detected in........ system volume information/restore files 2-3 times and the size is same >>>95360 bytes.

now i'm upto trying rootkit unhooker... :thumbsup:

I never go back on my words.....BELIEVE IT !!!


#6 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 27 August 2010 - 12:18 AM

here is my scan report>>>

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805CB498-->AA239610 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtDebugActiveProcess, Type: Address change 0x806380AC-->AA239C10 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805B252C-->AA239730 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805BFEAE-->AA2394B0 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C013A-->AA239570 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805AC81E-->AA2396D0 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805C6528-->AA239690 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetInformationThread, Type: Address change 0x805C092C-->AA239650 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetSecurityObject, Type: Address change 0x805B46CC-->AA2397D0 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x805C98BE-->AA239510 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805C9730-->AA239590 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805C77FE-->AA2394D0 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805C79F8-->AA2395D0 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805A8626-->AA239750 [D:\WINDOWS\system32\DRIVERS\ehdrv.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8137E020 [4] System
0x8126EDA0 [508] D:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8127AD78 [556] D:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0xFFAF3DA0 [584] D:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8127A1F8 [628] D:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x812973B8 [632] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0xFFB40620 [640] D:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x812B1940 [764] D:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8128D330 [796] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFFA353D0 [840] D:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0xFFA8A228 [844] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFFB681B8 [880] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFFA66020 [924] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFF526A10 [992] D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0xFFA3A558 [1012] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFF523C88 [1024] D:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp., RealTek AlcWzrd Application)
0x812B1C68 [1040] D:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp., Realtek Sound Manager)
0xFF517020 [1080] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp., Realtek Azalia Audio - Event Monitor)
0xFFA9B558 [1120] D:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0xFFAFE368 [1196] D:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFF52B920 [1232] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET, ESET GUI)
0xFFA78998 [1240] D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET, ESET Service)
0xFFA298D8 [1276] D:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0xFF5228B0 [1308] D:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0xFF4FB270 [1312] D:\Program Files\DriverMax\devices.exe (Innovative Solutions, DriverMax)
0xFF4FC020 [1316] D:\Program Files\DNA\btdna.exe (BitTorrent, Inc., DNA)
0xFF509778 [1368] D:\WINDOWS\AGRSMMSG.exe (Agere Systems, SoftModem Messaging Applet)
0xFF65A020 [1648] D:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0xFFA4B648 [2368] D:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x8127D558 [2420] D:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
==============================================
>Drivers
==============================================
0xAA30F000 D:\WINDOWS\system32\drivers\RtkHDAud.sys 4919296 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 D:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 D:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8F51000 D:\WINDOWS\system32\DRIVERS\AGRSM.sys 1269760 bytes (Agere Systems, SoftModem Device Driver)
0xA9DAD000 D:\WINDOWS\system32\DRIVERS\eamon.sys 794624 bytes (ESET, Amon monitor)
0xBF064000 D:\WINDOWS\System32\ialmdd5.DLL 790528 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF9133000 D:\WINDOWS\system32\DRIVERS\ialmnt5.sys 741376 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF9278000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA067000 D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA185000 D:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9B21000 D:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF9087000 D:\WINDOWS\system32\DRIVERS\HS3dSensor1394.sys 233472 bytes (Point Grey Research, PGR1394b Device Driver)
0xF8DED000 D:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF8EC1000 D:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF93BB000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9BF0000 D:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF924B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA0D6000 D:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9368000 D:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA15D000 D:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF9365000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xBF03E000 D:\WINDOWS\System32\ialmdev5.DLL 155648 bytes (Intel Corporation, Component GHAL Driver)
0xF90FA000 D:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA9806000 D:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF8F1A000 D:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF90D7000 D:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAA102000 D:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAA2ED000 D:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAA124000 D:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 D:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAA238000 D:\WINDOWS\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0xF932E000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF938B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 D:\WINDOWS\System32\ialmdnt5.dll 122880 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF9230000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF934D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9F87000 D:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAA145000 D:\WINDOWS\system32\DRIVERS\epfwtdir.sys 98304 bytes (ESET, ESET Antivirus Network Redirector)
0xF9305000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8F03000 D:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA97C9000 D:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8F3D000 D:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF911F000 D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA1DD000 D:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 D:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF931C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF93AA000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8EF2000 D:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF95DA000 D:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF970A000 D:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF94FA000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF966A000 D:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA98A9000 D:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF971A000 D:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 D:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF950A000 D:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF965A000 D:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF954A000 D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF963A000 D:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF967A000 D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF952A000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF969A000 D:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF964A000 D:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF951A000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF968A000 D:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF96CA000 D:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF96BA000 D:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF953A000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF95AA000 D:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF961A000 D:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF94EA000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF96AA000 D:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF959A000 D:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA966A000 D:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF975A000 D:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF97EA000 D:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF986A000 D:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF97F2000 D:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF976A000 D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF97DA000 D:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF9852000 D:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF987A000 D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF97FA000 D:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9802000 D:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF97E2000 D:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF985A000 D:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF983A000 D:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF9862000 D:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9772000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF9812000 D:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF981A000 D:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF980A000 D:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF97D2000 D:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF9892000 D:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF99A2000 D:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9E8F000 D:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF98FA000 D:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAA2A5000 D:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF9986000 D:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8DC9000 D:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF9A10000 D:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF99F0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF9A2A000 D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF9A0E000 D:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF99EE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF99EA000 D:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF9A16000 D:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9A62000 D:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF9A18000 D:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9A00000 D:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF9A08000 D:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF99EC000 D:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF9BEC000 D:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF9B85000 D:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF9C30000 D:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF9AB2000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0xFF77AF53 Unknown page with executable code, 173 bytes
0xFF7CDE44 Unknown page with executable code, 444 bytes
0xFF7D5D66 Unknown page with executable code, 666 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002A424, Type: Inline - RelativeJump 0x80501424-->805013BF [ntkrnlpa.exe]
ntkrnlpa.exe+0x00069E7A, Type: Inline - RelativeJump 0x80540E7A-->80540E81 [ntkrnlpa.exe]
ntkrnlpa.exe-->atoi, Type: EAT modification 0x80663E90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atol, Type: EAT modification 0x80663E94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x80662914-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x80662918-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x8066291C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x80662920-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x80662924-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x80662928-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x8066292C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastReadNotPossible, Type: EAT modification 0x80662930-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastReadWait, Type: EAT modification 0x80662934-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x80662938-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x8066293C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x80662940-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x80662944-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x80662948-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x8066294C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x80662950-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x80662954-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x80662958-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x8066295C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x80662960-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x80662964-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x80662968-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x8066296C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x80662970-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x80662974-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x80662978-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x8066297C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x80662980-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x80662984-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x80662988-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x8066298C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x80662990-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x80662994-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x80662998-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x8066299C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x806629A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x806629A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x806629A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x806629AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x806629B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x806629B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x806629B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x806629BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x806629C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x806629C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x806629C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x806629CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x806629D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x806629D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x806629D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x806629DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x806629E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x806629E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x806629E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x80662828-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x806629EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x806629F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x8066282C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x80662830-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x806629F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x806629F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x806629FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x80662A00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x80662A04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x80662A08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x80662A0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x80662A10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x80662A14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x80662A18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x80662A1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x80662A20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x80662A24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x80662A28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x80662A2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x80662A30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x80662A34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x80662A38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x80662868-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x8066286C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x80662890-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x80662894-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x80662898-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x80662870-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x80662874-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x80662878-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x8066287C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x80662880-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x80662884-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x80662888-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x80662A3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x80662A40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x80662A44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x8066288C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x80662A48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x80662A4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x80662A50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x80662A54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x80662A58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x80662AF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x80662AFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x80662B00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x80662A5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x80662A60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x80662A64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x80662834-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x80662A68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x80662A6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x80662838-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x80662A70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x8066283C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x80662A74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x80662A78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x80662A7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x80662840-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x80662A80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x80662A84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x80662A88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x80662A8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x80662844-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x80662A90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x80662848-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x80662A94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x80662A98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x80662A9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x80662AA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x80662AA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x80662AA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x80662AAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x80662AB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x80662AB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x80662AB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x80662ABC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x80662AC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x80662AC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x80662AC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x80662ACC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x8066284C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x80662850-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x80662AD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x80662854-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x80662858-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x8066285C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRundownCompleted, Type: EAT modification 0x80662860-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSemaphoreObjectType, Type: EAT modification 0x80662AD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x80662AD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetTimerResolution, Type: EAT modification 0x80662ADC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSystemExceptionFilter, Type: EAT modification 0x80662AE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x80662AE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterCallback, Type: EAT modification 0x80662AE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUuidCreate, Type: EAT modification 0x80662AEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExVerifySuite, Type: EAT modification 0x80662AF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x80662864-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWindowStationObjectType, Type: EAT modification 0x80662AF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x80662B04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x80662B08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x80662B0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x80662B10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x80662B14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePool, Type: EAT modification 0x80662B18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x80662B1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x80662B20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x80662B24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateResource, Type: EAT modification 0x80662B28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x80662B2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlBalanceReads, Type: EAT modification 0x80662B30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x80662B34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x80662B38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckOplock, Type: EAT modification 0x80662B3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCopyRead, Type: EAT modification 0x80662B40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCopyWrite, Type: EAT modification 0x80662B44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x80662B48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x80662B4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x80662B50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x80662B54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x80662B58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDissectDbcs, Type: EAT modification 0x80662B5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDissectName, Type: EAT modification 0x80662B60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x80662B64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x80662B68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x80662B6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x80662B70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x80662B74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x80662B78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x80662B7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x80662B80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeFileLock, Type: EAT modification 0x80662B84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetFileSize, Type: EAT modification 0x80662B88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x80662B8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x80662B90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x80662B94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x80662B9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x80662B98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x80662BA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x80662BA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x80662BA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x80662BAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeMcb, Type: EAT modification 0x80662BB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeOplock, Type: EAT modification 0x80662BB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x80662BB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x80662BBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x80662BC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x80662BC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x80662BC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x80662BCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x80662BD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x80662BD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsPagingFile, Type: EAT modification 0x80662BD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x80662BDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x80662BE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x80662BE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x80662BE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x80662BEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x80662BF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x80662BF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x80662BF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x80662BFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlRead, Type: EAT modification 0x80662C00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x80662C04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x80662C08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlReadDev, Type: EAT modification 0x80662C0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x80662C10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x80662C14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x80662C18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x80662C1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x80662C20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x80662C24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x80662C28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x80662C2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x80662C30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x80662C34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x80662C38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x80662C3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x80662C40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x80662C44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x80662C48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x80662C4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x80662C50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x80662C54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x80662C58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x80662C5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x80662C60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPrivateLock, Type: EAT modification 0x80662C64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlProcessFileLock, Type: EAT modification 0x80662C68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x80662C6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x80662C70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlReleaseFile, Type: EAT modification 0x80662C74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x80662C78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x80662C7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x80662C80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x80662C84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x80662C88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x80662C8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlSyncVolumes, Type: EAT modification 0x80662C90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x80662C94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x80662C98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTruncateMcb, Type: EAT modification 0x80662C9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x80662CA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x80662CA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x80662CA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x80662CAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HalDispatchTable, Type: EAT modification 0x80662CB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HalExamineMBR, Type: EAT modification 0x8066289C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HalPrivateDispatchTable, Type: EAT modification 0x80662CB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HeadlessDispatch, Type: EAT modification 0x80662CB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x80662CBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x80662CC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvDisplayString, Type: EAT modification 0x80662CC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvEnableBootDriver, Type: EAT modification 0x80662CC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvEnableDisplayString, Type: EAT modification 0x80662CCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x80662CD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x80662CD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x80662CD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvResetDisplay, Type: EAT modification 0x80662CDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvSetScrollRegion, Type: EAT modification 0x80662CE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvSetTextColor, Type: EAT modification 0x80662CE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvSolidColorFill, Type: EAT modification 0x80662CE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InitSafeBootMode, Type: EAT modification 0x80662CEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedCompareExchange, Type: EAT modification 0x806628A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedDecrement, Type: EAT modification 0x806628A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedExchange, Type: EAT modification 0x806628A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedExchangeAdd, Type: EAT modification 0x806628AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedIncrement, Type: EAT modification 0x806628B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedPopEntrySList, Type: EAT modification 0x806628B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedPushEntrySList, Type: EAT modification 0x806628B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x80662CF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x80662CF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x80662CF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAdapterObjectType, Type: EAT modification 0x80662CFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x80662D00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateController, Type: EAT modification 0x80662D04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x80662D08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x80662D0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateIrp, Type: EAT modification 0x80662D10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateMdl, Type: EAT modification 0x80662D14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateWorkItem, Type: EAT modification 0x80662D18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAssignDriveLetters, Type: EAT modification 0x806628BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAssignResources, Type: EAT modification 0x80662D1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDevice, Type: EAT modification 0x80662D20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x80662D24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x80662D28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x80662D2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x80662D30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x80662D34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildPartialMdl, Type: EAT modification 0x80662D38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x80662D3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCallDriver, Type: EAT modification 0x80662D40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCancelFileOpen, Type: EAT modification 0x80662D44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCancelIrp, Type: EAT modification 0x80662D48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckDesiredAccess, Type: EAT modification 0x80662D4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x80662D50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckFunctionAccess, Type: EAT modification 0x80662D54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x80662D58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x80662D5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x80662D60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckShareAccess, Type: EAT modification 0x80662D64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCompleteRequest, Type: EAT modification 0x80662D68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoConnectInterrupt, Type: EAT modification 0x80662D6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateController, Type: EAT modification 0x80662D70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x80662D74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateDisk, Type: EAT modification 0x80662D78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateDriver, Type: EAT modification 0x80662D7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateFile, Type: EAT modification 0x80662D80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x80662D84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateNotificationEvent, Type: EAT modification 0x80662D88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateStreamFileObject, Type: EAT modification 0x80662D8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x80662D90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x80662D94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateSymbolicLink, Type: EAT modification 0x80662D98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x80662D9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x80662DA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqInitialize, Type: EAT modification 0x80662DA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqInsertIrp, Type: EAT modification 0x80662DA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqRemoveIrp, Type: EAT modification 0x80662DAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x80662DB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteController, Type: EAT modification 0x80662DB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteDevice, Type: EAT modification 0x80662DB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteDriver, Type: EAT modification 0x80662DBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x80662DC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDetachDevice, Type: EAT modification 0x80662DC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x80662DC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x80662DCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeviceObjectType, Type: EAT modification 0x80662DD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDisconnectInterrupt, Type: EAT modification 0x80662DD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDriverObjectType, Type: EAT modification 0x80662DD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoEnqueueIrp, Type: EAT modification 0x80662DDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x80662DE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x80662DE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x80662DE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCallDriver, Type: EAT modification 0x806628CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCompleteRequest, Type: EAT modification 0x806628D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFileObjectType, Type: EAT modification 0x80662DEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x80662DF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x80662DF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFreeController, Type: EAT modification 0x80662DF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x80662DFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFreeIrp, Type: EAT modification 0x80662E00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFreeMdl, Type: EAT modification 0x80662E04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFreeWorkItem, Type: EAT modification 0x80662E08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetAttachedDevice, Type: EAT modification 0x80662E0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x80662E10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x80662E14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetBootDiskInformation, Type: EAT modification 0x80662E18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetConfigurationInformation, Type: EAT modification 0x80662E1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetCurrentProcess, Type: EAT modification 0x80662E20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x80662E24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x80662E28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x80662E2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x80662E30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceProperty, Type: EAT modification 0x80662E34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceToVerify, Type: EAT modification 0x80662E38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x80662E3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDmaAdapter, Type: EAT modification 0x80662E40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x80662E44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x80662E48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetInitialStack, Type: EAT modification 0x80662E4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x80662E50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x80662E54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRequestorProcess, Type: EAT modification 0x80662E58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRequestorProcessId, Type: EAT modification 0x80662E5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRequestorSessionId, Type: EAT modification 0x80662E60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetStackLimits, Type: EAT modification 0x80662E64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetTopLevelIrp, Type: EAT modification 0x80662E68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoInitializeIrp, Type: EAT modification 0x80662E6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x80662E70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoInitializeTimer, Type: EAT modification 0x80662E74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x80662E78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoInvalidateDeviceState, Type: EAT modification 0x80662E7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsFileOriginRemote, Type: EAT modification 0x80662E80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsOperationSynchronous, Type: EAT modification 0x80662E84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsSystemThread, Type: EAT modification 0x80662E88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x80662E8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x80662E90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x80662E94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x80662E98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x80662E9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoPageRead, Type: EAT modification 0x80662EA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoPnPDeliverServicePowerNotification, Type: EAT modification 0x80662EA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueryDeviceDescription, Type: EAT modification 0x80662EA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x80662EAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueryFileInformation, Type: EAT modification 0x80662EB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueryVolumeInformation, Type: EAT modification 0x80662EB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueueThreadIrp, Type: EAT modification 0x80662EB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueueWorkItem, Type: EAT modification 0x80662EBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRaiseHardError, Type: EAT modification 0x80662EC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x80662EC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadDiskSignature, Type: EAT modification 0x80662EC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadOperationCount, Type: EAT modification 0x80662ECC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadPartitionTable, Type: EAT modification 0x806628C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadPartitionTableEx, Type: EAT modification 0x80662ED0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadTransferCount, Type: EAT modification 0x80662ED4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x80662ED8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x80662EDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x80662EE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterFileSystem, Type: EAT modification 0x80662EE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x80662EE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x80662EEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x80662EF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x80662EF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x80662EF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x80662EFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x80662F00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x80662F04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRemoveShareAccess, Type: EAT modification 0x80662F08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportDetectedDevice, Type: EAT modification 0x80662F0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportHalResourceUsage, Type: EAT modification 0x80662F10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportResourceForDetection, Type: EAT modification 0x80662F14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportResourceUsage, Type: EAT modification 0x80662F18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x80662F1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x80662F20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRequestDeviceEject, Type: EAT modification 0x80662F24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReuseIrp, Type: EAT modification 0x80662F28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x80662F2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x80662F30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetDeviceToVerify, Type: EAT modification 0x80662F34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetFileOrigin, Type: EAT modification 0x80662F38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x80662F3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetInformation, Type: EAT modification 0x80662F40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetIoCompletion, Type: EAT modification 0x80662F44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetPartitionInformation, Type: EAT modification 0x806628C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x80662F48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetShareAccess, Type: EAT modification 0x80662F4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetStartIoAttributes, Type: EAT modification 0x80662F50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetSystemPartition, Type: EAT modification 0x80662F54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x80662F58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetTopLevelIrp, Type: EAT modification 0x80662F5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoStartNextPacket, Type: EAT modification 0x80662F60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoStartNextPacketByKey, Type: EAT modification 0x80662F64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoStartPacket, Type: EAT modification 0x80662F68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoStartTimer, Type: EAT modification 0x80662F6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoStatisticsLock, Type: EAT modification 0x80662F70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoStopTimer, Type: EAT modification 0x80662F74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x80662F78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSynchronousPageWrite, Type: EAT modification 0x80662F7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoThreadToProcess, Type: EAT modification 0x80662F80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterFileSystem, Type: EAT modification 0x80662F84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x80662F88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x80662F8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x80662F90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUpdateShareAccess, Type: EAT modification 0x80662F94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x80662F98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoVerifyPartitionTable, Type: EAT modification 0x80662F9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoVerifyVolume, Type: EAT modification 0x80662FA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x80662FA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x80662FA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x80662FAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIExecuteMethod, Type: EAT modification 0x80662FB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x80662FB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIOpenBlock, Type: EAT modification 0x80662FB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIQueryAllData, Type: EAT modification 0x80662FBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x80662FC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x80662FC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x80662FC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIRegistrationControl, Type: EAT modification 0x80662FCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x80662FD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMISetSingleInstance, Type: EAT modification 0x80662FD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMISetSingleItem, Type: EAT modification 0x80662FD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x80662FDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIWriteEvent, Type: EAT modification 0x80662FE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x80662FE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWriteOperationCount, Type: EAT modification 0x80662FE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWritePartitionTable, Type: EAT modification 0x806628C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWritePartitionTableEx, Type: EAT modification 0x80662FEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWriteTransferCount, Type: EAT modification 0x80662FF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isdigit, Type: EAT modification 0x80663E98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->islower, Type: EAT modification 0x80663E9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isprint, Type: EAT modification 0x80663EA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isspace, Type: EAT modification 0x80663EA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isupper, Type: EAT modification 0x80663EA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isxdigit, Type: EAT modification 0x80663EAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdDebuggerEnabled, Type: EAT modification 0x80662FF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdDebuggerNotPresent, Type: EAT modification 0x80662FF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdDisableDebugger, Type: EAT modification 0x80662FFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdEnableDebugger, Type: EAT modification 0x80663000-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdEnteredDebugger, Type: EAT modification 0x80663004-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdPollBreakIn, Type: EAT modification 0x80663008-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdPowerTransition, Type: EAT modification 0x8066300C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Ke386CallBios, Type: EAT modification 0x80663010-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x80663014-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x80663018-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x8066301C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x806628D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x80663020-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x80663024-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAddSystemServiceTable, Type: EAT modification 0x80663028-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAreApcsDisabled, Type: EAT modification 0x8066302C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAttachProcess, Type: EAT modification 0x80663030-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeBugCheck, Type: EAT modification 0x80663034-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeBugCheckEx, Type: EAT modification 0x80663038-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeCancelTimer, Type: EAT modification 0x8066303C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x80663040-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeClearEvent, Type: EAT modification 0x80663044-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeConnectInterrupt, Type: EAT modification 0x80663048-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeDcacheFlushCount, Type: EAT modification 0x8066304C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeDelayExecutionThread, Type: EAT modification 0x80663050-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x80663054-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x80663058-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeDetachProcess, Type: EAT modification 0x8066305C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeDisconnectInterrupt, Type: EAT modification 0x80663060-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeEnterCriticalRegion, Type: EAT modification 0x80663064-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeEnterKernelDebugger, Type: EAT modification 0x80663068-->81728F4C [unknown_code_page]
ntkrnlpa.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x806628E0-->80B27078 [unknown_code_page]
ntkrnlpa.exe-->KeFindConfigurationEntry, Type: EAT modification 0x8066306C-->814F7007 [unknown_code_page]
ntkrnlpa.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x80663070-->8259719C [unknown_code_page]
ntkrnlpa.exe-->KeFlushEntireTb, Type: EAT modification 0x80663074-->80582BE0 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x80663078-->8172945C [unknown_code_page]
ntkrnlpa.exe-->KefReleaseSpinLockFromDpcLevel, Type: EAT modification 0x806628E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeGetCurrentThread, Type: EAT modification 0x8066307C-->804D7003 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeGetPreviousMode, Type: EAT modification 0x80663080-->804D7400 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x80663084-->804D7060 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386AbiosCall, Type: EAT modification 0x80663088-->82820100 [unknown_code_page]
ntkrnlpa.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x8066308C-->81729454 [unknown_code_page]
ntkrnlpa.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x80663090-->804D7003 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386Call16BitFunction, Type: EAT modification 0x80663094-->804D7200 [ntkrnlpa.exe]
ntkrnlpa.exe-->Kei386EoiHelper, Type: EAT modification 0x8066290C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x80663098-->804D70F6 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386GetLid, Type: EAT modification 0x8066309C-->805825A0 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386MachineType, Type: EAT modification 0x806630A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x806630A4-->8054700B [ntkrnlpa.exe]
ntkrnlpa.exe-->KeI386ReleaseLid, Type: EAT modification 0x806630A8-->82597195 [unknown_code_page]
ntkrnlpa.exe-->KeI386SetGdtSelector, Type: EAT modification 0x806630AC-->82859F30 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeEvent, Type: EAT modification 0x806630C0-->804DEFFF [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeInterrupt, Type: EAT modification 0x806630C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeMutant, Type: EAT modification 0x806630C8-->82859EA0 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeMutex, Type: EAT modification 0x806630CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeQueue, Type: EAT modification 0x806630D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeSemaphore, Type: EAT modification 0x806630D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeSpinLock, Type: EAT modification 0x806630D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeTimer, Type: EAT modification 0x806630DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInitializeTimerEx, Type: EAT modification 0x806630E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x806630E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInsertDeviceQueue, Type: EAT modification 0x806630E8-->804D6FFF [unknown_code_page]
ntkrnlpa.exe-->KeInsertHeadQueue, Type: EAT modification 0x806630EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInsertQueue, Type: EAT modification 0x806630F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInsertQueueApc, Type: EAT modification 0x806630F4-->804D70F6 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeInsertQueueDpc, Type: EAT modification 0x806630F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeIsAttachedProcess, Type: EAT modification 0x806630FC-->8058700B [ntkrnlpa.exe]
ntkrnlpa.exe-->KeIsExecutingDpc, Type: EAT modification 0x80663100-->825571AA [unknown_code_page]
ntkrnlpa.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x80663104-->80C1706E [unknown_code_page]
ntkrnlpa.exe-->KeLoaderBlock, Type: EAT modification 0x80663108-->80BF706B [unknown_code_page]
ntkrnlpa.exe-->KeNumberProcessors, Type: EAT modification 0x8066310C-->80B9706E [unknown_code_page]
ntkrnlpa.exe-->KeProfileInterrupt, Type: EAT modification 0x80663110-->80AE7070 [unknown_code_page]
ntkrnlpa.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x80663114-->80B2702E [unknown_code_page]
ntkrnlpa.exe-->KePulseEvent, Type: EAT modification 0x80663118-->80B27078 [unknown_code_page]
ntkrnlpa.exe-->KeQueryActiveProcessors, Type: EAT modification 0x8066311C-->807A702D [unknown_code_page]
ntkrnlpa.exe-->KeQueryInterruptTime, Type: EAT modification 0x80663120-->8093703E [unknown_code_page]
ntkrnlpa.exe-->KeQueryPriorityThread, Type: EAT modification 0x80663124-->809F7073 [unknown_code_page]
ntkrnlpa.exe-->KeQueryRuntimeThread, Type: EAT modification 0x80663128-->80B97074 [unknown_code_page]
ntkrnlpa.exe-->KeQuerySystemTime, Type: EAT modification 0x8066312C-->80B27052 [unknown_code_page]
ntkrnlpa.exe-->KeQueryTickCount, Type: EAT modification 0x80663130-->80B67067 [unknown_code_page]
ntkrnlpa.exe-->KeQueryTimeIncrement, Type: EAT modification 0x80663134-->80C17073 [unknown_code_page]
ntkrnlpa.exe-->KeRaiseUserException, Type: EAT modification 0x80663138-->80BF7065 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateEvent, Type: EAT modification 0x8066313C-->80BB7055 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateMutant, Type: EAT modification 0x80663140-->809D7063 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateMutex, Type: EAT modification 0x80663144-->80BC7072 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateQueue, Type: EAT modification 0x80663148-->80B67076 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateSemaphore, Type: EAT modification 0x8066314C-->80B27064 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateTimer, Type: EAT modification 0x80663150-->804D7072 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x80663154-->8058700B [ntkrnlpa.exe]
ntkrnlpa.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x80663158-->825771BF [unknown_code_page]
ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x806628D8-->80C57030 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x8066315C-->807D7038 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseMutant, Type: EAT modification 0x80663160-->80837036 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseMutex, Type: EAT modification 0x80663164-->80907032 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseSemaphore, Type: EAT modification 0x80663168-->807D7037 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x8066316C-->807A702D [unknown_code_page]
ntkrnlpa.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x80663170-->8085703E [unknown_code_page]
ntkrnlpa.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x80663174-->80817030 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveDeviceQueue, Type: EAT modification 0x80663178-->80847044 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x8066317C-->807D7030 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveQueue, Type: EAT modification 0x80663180-->806D7030 [hal.dll]
ntkrnlpa.exe-->KeRemoveQueueDpc, Type: EAT modification 0x80663184-->806D702D [hal.dll]
ntkrnlpa.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x80663188-->80BB705B [unknown_code_page]
ntkrnlpa.exe-->KeResetEvent, Type: EAT modification 0x8066318C-->80B87074 [unknown_code_page]
ntkrnlpa.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x80663190-->80BB7072 [unknown_code_page]
ntkrnlpa.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x80663194-->80BD706C [unknown_code_page]
ntkrnlpa.exe-->KeRundownQueue, Type: EAT modification 0x80663198-->807B7061 [unknown_code_page]
ntkrnlpa.exe-->KeSaveFloatingPointState, Type: EAT modification 0x8066319C-->80C57065 [unknown_code_page]
ntkrnlpa.exe-->KeSaveStateForHibernate, Type: EAT modification 0x806631A0-->80AA7065 [unknown_code_page]
ntkrnlpa.exe-->KeServiceDescriptorTable, Type: EAT modification 0x806631A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetAffinityThread, Type: EAT modification 0x806631A8-->80587003 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetBasePriorityThread, Type: EAT modification 0x806631AC-->825571B4 [unknown_code_page]
ntkrnlpa.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x806631B0-->82859F88 [unknown_code_page]
ntkrnlpa.exe-->KeSetEvent, Type: EAT modification 0x806631B4-->804E6FFF [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetEventBoostPriority, Type: EAT modification 0x806631B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x806631BC-->804D7004 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetImportanceDpc, Type: EAT modification 0x806631C0-->805070C8 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetKernelStackSwapEnable, Type: EAT modification 0x806631C4-->825971B1 [unknown_code_page]
ntkrnlpa.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x806631D0-->80663038 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x806631D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetTimeIncrement, Type: EAT modification 0x806631D8-->804F8AF4 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeSetTimer, Type: EAT modification 0x806631DC-->809B7049 [unknown_code_page]
ntkrnlpa.exe-->KeSetTimerEx, Type: EAT modification 0x806631E0-->809C7044 [unknown_code_page]
ntkrnlpa.exe-->KeSetTimeUpdateNotifyRoutine, Type: EAT modification 0x806628DC-->80A4705C [unknown_code_page]
ntkrnlpa.exe-->KeStackAttachProcess, Type: EAT modification 0x806631E4-->80A07057 [unknown_code_page]
ntkrnlpa.exe-->KeSynchronizeExecution, Type: EAT modification 0x806631E8-->80C0705C [unknown_code_page]
ntkrnlpa.exe-->KeTerminateThread, Type: EAT modification 0x806631EC-->80C07079 [unknown_code_page]
ntkrnlpa.exe-->KeTickCount, Type: EAT modification 0x806631F0-->80B27074 [unknown_code_page]
ntkrnlpa.exe-->KeUnstackDetachProcess, Type: EAT modification 0x806631F4-->8080706D [unknown_code_page]
ntkrnlpa.exe-->KeUpdateRunTime, Type: EAT modification 0x806631F8-->80A97032 [unknown_code_page]
ntkrnlpa.exe-->KeUpdateSystemTime, Type: EAT modification 0x806631FC-->80C1706E [unknown_code_page]
ntkrnlpa.exe-->KeUserModeCallback, Type: EAT modification 0x80663200-->80BF706B [unknown_code_page]
ntkrnlpa.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x80663204-->80B9706E [unknown_code_page]
ntkrnlpa.exe-->KeWaitForMutexObject, Type: EAT modification 0x80663208-->80AE7070 [unknown_code_page]
ntkrnlpa.exe-->KeWaitForSingleObject, Type: EAT modification 0x8066320C-->80B2702E [unknown_code_page]
ntkrnlpa.exe-->KiAcquireSpinLock, Type: EAT modification 0x806628E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiBugCheckData, Type: EAT modification 0x80663210-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiCoprocessorError, Type: EAT modification 0x80663214-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiDeliverApc, Type: EAT modification 0x80663218-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiDispatchInterrupt, Type: EAT modification 0x8066321C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiEnableTimerWatchdog, Type: EAT modification 0x80663220-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Kii386SpinOnSpinLock, Type: EAT modification 0x80662910-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiIpiServiceRoutine, Type: EAT modification 0x80663224-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiReleaseSpinLock, Type: EAT modification 0x806628EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x80663228-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LdrAccessResource, Type: EAT modification 0x8066322C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LdrEnumResources, Type: EAT modification 0x80663230-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x80663234-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LdrFindResource_U, Type: EAT modification 0x80663238-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LpcPortObjectType, Type: EAT modification 0x8066323C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LpcRequestPort, Type: EAT modification 0x80663240-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x80663244-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x80663248-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x8066324C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x80663250-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LsaLogonUser, Type: EAT modification 0x80663254-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LsaLookupAuthenticationPackage, Type: EAT modification 0x80663258-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x8066325C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->mbstowcs, Type: EAT modification 0x80663EB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->mbtowc, Type: EAT modification 0x80663EB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memchr, Type: EAT modification 0x80663EB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memcpy, Type: EAT modification 0x80663EBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memmove, Type: EAT modification 0x80663EC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memset, Type: EAT modification 0x80663EC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x80663260-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAddPhysicalMemory, Type: EAT modification 0x80663264-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAddVerifierThunks, Type: EAT modification 0x80663268-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x8066326C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAdvanceMdl, Type: EAT modification 0x80663270-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x80663274-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x80663278-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAllocateMappingAddress, Type: EAT modification 0x8066327C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x80663280-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x80663284-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x80663288-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmCanFileBeTruncated, Type: EAT modification 0x8066328C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmCommitSessionMappedView, Type: EAT modification 0x80663290-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmCreateMdl, Type: EAT modification 0x80663294-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmCreateSection, Type: EAT modification 0x80663298-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x8066329C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmFlushImageSection, Type: EAT modification 0x806632A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmForceSectionClosed, Type: EAT modification 0x806632A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmFreeContiguousMemory, Type: EAT modification 0x806632A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x806632AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmFreeMappingAddress, Type: EAT modification 0x806632B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x806632B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmFreePagesFromMdl, Type: EAT modification 0x806632B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmGetPhysicalAddress, Type: EAT modification 0x806632BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x806632C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x806632C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x806632C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmGrowKernelStack, Type: EAT modification 0x806632CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmHighestUserAddress, Type: EAT modification 0x806632D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmIsAddressValid, Type: EAT modification 0x806632D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmIsDriverVerifying, Type: EAT modification 0x806632D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x806632DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x806632E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x806632E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmIsVerifierEnabled, Type: EAT modification 0x806632E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmLockPagableDataSection, Type: EAT modification 0x806632EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmLockPagableImageSection, Type: EAT modification 0x806632F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x806632F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapIoSpace, Type: EAT modification 0x806632F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapLockedPages, Type: EAT modification 0x806632FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x80663300-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x80663304-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x80663308-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x8066330C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapVideoDisplay, Type: EAT modification 0x80663310-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x80663314-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x80663318-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMapViewOfSection, Type: EAT modification 0x8066331C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x80663320-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x80663324-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmPageEntireDriver, Type: EAT modification 0x80663328-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmPrefetchPages, Type: EAT modification 0x8066332C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmProbeAndLockPages, Type: EAT modification 0x80663330-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x80663334-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x80663338-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x8066333C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmQuerySystemSize, Type: EAT modification 0x80663340-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x80663344-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmResetDriverPaging, Type: EAT modification 0x80663348-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmSectionObjectType, Type: EAT modification 0x8066334C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmSecureVirtualMemory, Type: EAT modification 0x80663350-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmSetAddressRangeModified, Type: EAT modification 0x80663354-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmSetBankedSection, Type: EAT modification 0x80663358-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmSizeOfMdl, Type: EAT modification 0x8066335C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmSystemRangeStart, Type: EAT modification 0x80663360-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x80663364-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x80663368-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnlockPages, Type: EAT modification 0x8066336C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapIoSpace, Type: EAT modification 0x80663370-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapLockedPages, Type: EAT modification 0x80663374-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapReservedMapping, Type: EAT modification 0x80663378-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x8066337C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x80663380-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x80663384-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnmapViewOfSection, Type: EAT modification 0x80663388-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x8066338C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->MmUserProbeAddress, Type: EAT modification 0x80663390-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NlsAnsiCodePage, Type: EAT modification 0x80663394-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NlsLeadByteInfo, Type: EAT modification 0x80663398-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NlsMbCodePageTag, Type: EAT modification 0x8066339C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x806633A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NlsOemCodePage, Type: EAT modification 0x806633A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x806633A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtAddAtom, Type: EAT modification 0x806633AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x806633B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x806633B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtAllocateUuids, Type: EAT modification 0x806633B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x806633BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtBuildNumber, Type: EAT modification 0x806633C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtClose, Type: EAT modification 0x806633C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtConnectPort, Type: EAT modification 0x806633C8-->80C1706E [unknown_code_page]
ntkrnlpa.exe-->NtCreateEvent, Type: EAT modification 0x806633CC-->80BF706B [unknown_code_page]
ntkrnlpa.exe-->NtCreateFile, Type: EAT modification 0x806633D0-->80B9706E [unknown_code_page]
ntkrnlpa.exe-->NtCreateSection, Type: EAT modification 0x806633D4-->80AE7070 [unknown_code_page]
ntkrnlpa.exe-->NtDeleteAtom, Type: EAT modification 0x806633D8-->80B2702E [unknown_code_page]
ntkrnlpa.exe-->NtDeleteFile, Type: EAT modification 0x806633DC-->80B27078 [unknown_code_page]
ntkrnlpa.exe-->NtDeviceIoControlFile, Type: EAT modification 0x806633E0-->807A702D [unknown_code_page]
ntkrnlpa.exe-->NtDuplicateObject, Type: EAT modification 0x806633E4-->8098703E [unknown_code_page]
ntkrnlpa.exe-->NtDuplicateToken, Type: EAT modification 0x806633E8-->808F7065 [unknown_code_page]
ntkrnlpa.exe-->NtFindAtom, Type: EAT modification 0x806633EC-->80B47075 [unknown_code_page]
ntkrnlpa.exe-->NtFreeVirtualMemory, Type: EAT modification 0x806633F0-->80B57043 [unknown_code_page]
ntkrnlpa.exe-->NtFsControlFile, Type: EAT modification 0x806633F4-->80B07065 [unknown_code_page]
ntkrnlpa.exe-->NtGlobalFlag, Type: EAT modification 0x806633F8-->8092706B [unknown_code_page]
ntkrnlpa.exe-->NtLockFile, Type: EAT modification 0x806633FC-->804D7078 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMakePermanentObject, Type: EAT modification 0x80663400-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: EAT modification 0x80663404-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x80663408-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenFile, Type: EAT modification 0x8066340C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenProcess, Type: EAT modification 0x80663410-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenProcessToken, Type: EAT modification 0x80663414-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x80663418-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenThread, Type: EAT modification 0x8066341C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenThreadToken, Type: EAT modification 0x80663420-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x80663424-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryDirectoryFile, Type: EAT modification 0x80663428-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryEaFile, Type: EAT modification 0x8066342C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryInformationAtom, Type: EAT modification 0x80663430-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryInformationFile, Type: EAT modification 0x80663434-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryInformationProcess, Type: EAT modification 0x80663438-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryInformationThread, Type: EAT modification 0x8066343C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryInformationToken, Type: EAT modification 0x80663440-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x80663444-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQuerySecurityObject, Type: EAT modification 0x80663448-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQuerySystemInformation, Type: EAT modification 0x8066344C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x80663450-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtReadFile, Type: EAT modification 0x80663454-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtRequestPort, Type: EAT modification 0x80663458-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x8066345C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetEaFile, Type: EAT modification 0x80663460-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetEvent, Type: EAT modification 0x80663464-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetInformationFile, Type: EAT modification 0x80663468-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetInformationProcess, Type: EAT modification 0x8066346C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetInformationThread, Type: EAT modification 0x80663470-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x80663474-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetSecurityObject, Type: EAT modification 0x80663478-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x8066347C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtShutdownSystem, Type: EAT modification 0x80663480-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtTraceEvent, Type: EAT modification 0x80663484-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtUnlockFile, Type: EAT modification 0x80663488-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtVdmControl, Type: EAT modification 0x8066348C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtWaitForSingleObject, Type: EAT modification 0x80663490-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtWriteFile, Type: EAT modification 0x80663494-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObAssignSecurity, Type: EAT modification 0x80663498-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x8066349C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObCheckObjectAccess, Type: EAT modification 0x806634A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObCloseHandle, Type: EAT modification 0x806634A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObCreateObject, Type: EAT modification 0x806634A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObCreateObjectType, Type: EAT modification 0x806634AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObDereferenceObject, Type: EAT modification 0x806634B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x806634B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObfDereferenceObject, Type: EAT modification 0x806628F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObFindHandleForObject, Type: EAT modification 0x806634B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObfReferenceObject, Type: EAT modification 0x806628F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObGetObjectSecurity, Type: EAT modification 0x806634BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObInsertObject, Type: EAT modification 0x806634C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x806634C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: EAT modification 0x806634C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObOpenObjectByName, Type: EAT modification 0x806634CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObOpenObjectByPointer, Type: EAT modification 0x806634D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObQueryNameString, Type: EAT modification 0x806634D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x806634D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x806634DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObReferenceObjectByName, Type: EAT modification 0x806634E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x806634E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x806634E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x806634EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObSetHandleAttributes, Type: EAT modification 0x806634F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x806634F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x806634F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PfxFindPrefix, Type: EAT modification 0x806634FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PfxInitialize, Type: EAT modification 0x80663500-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PfxInsertPrefix, Type: EAT modification 0x80663504-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PfxRemovePrefix, Type: EAT modification 0x80663508-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoCallDriver, Type: EAT modification 0x8066350C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoCancelDeviceNotify, Type: EAT modification 0x80663510-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x80663514-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x80663518-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x8066351C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoRegisterSystemState, Type: EAT modification 0x80663520-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoRequestPowerIrp, Type: EAT modification 0x80663524-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoRequestShutdownEvent, Type: EAT modification 0x80663528-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoSetHiberRange, Type: EAT modification 0x8066352C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoSetPowerState, Type: EAT modification 0x80663530-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoSetSystemState, Type: EAT modification 0x80663534-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoShutdownBugCheck, Type: EAT modification 0x80663538-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoStartNextPowerIrp, Type: EAT modification 0x8066353C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoUnregisterSystemState, Type: EAT modification 0x80663540-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ProbeForRead, Type: EAT modification 0x80663544-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ProbeForWrite, Type: EAT modification 0x80663548-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsAssignImpersonationToken, Type: EAT modification 0x8066354C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargePoolQuota, Type: EAT modification 0x80663550-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x80663554-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x80663558-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x8066355C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsCreateSystemProcess, Type: EAT modification 0x80663560-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsCreateSystemThread, Type: EAT modification 0x80663564-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x80663568-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x8066356C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsDisableImpersonation, Type: EAT modification 0x80663570-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x80663574-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetContextThread, Type: EAT modification 0x80663578-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcess, Type: EAT modification 0x8066357C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcessId, Type: EAT modification 0x80663580-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x80663584-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThread, Type: EAT modification 0x80663588-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadId, Type: EAT modification 0x8066358C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x80663590-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x80663594-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x80663598-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetJobLock, Type: EAT modification 0x8066359C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetJobSessionId, Type: EAT modification 0x806635A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x806635A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x806635A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessDebugPort, Type: EAT modification 0x806635AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x806635B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessExitStatus, Type: EAT modification 0x806635B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessExitTime, Type: EAT modification 0x806635B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessId, Type: EAT modification 0x806635BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessImageFileName, Type: EAT modification 0x806635C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x806635C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessJob, Type: EAT modification 0x806635C8-->80877044 [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessPeb, Type: EAT modification 0x806635CC-->80A4705C [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x806635D0-->809B7049 [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x806635D4-->809C7044 [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x806635D8-->80A07057 [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessSessionId, Type: EAT modification 0x806635DC-->80C0705C [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessWin32Process, Type: EAT modification 0x806635E0-->80C07079 [unknown_code_page]
ntkrnlpa.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x806635E4-->80B27074 [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x806635E8-->8080706D [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x806635EC-->80A97032 [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadId, Type: EAT modification 0x806635F0-->80C1706E [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadProcess, Type: EAT modification 0x806635F4-->80BF706B [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadProcessId, Type: EAT modification 0x806635F8-->80B9706E [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadSessionId, Type: EAT modification 0x806635FC-->80AE7070 [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadTeb, Type: EAT modification 0x80663600-->80B2702E [unknown_code_page]
ntkrnlpa.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x80663604-->80B27078 [unknown_code_page]
ntkrnlpa.exe-->PsGetVersion, Type: EAT modification 0x80663608-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsImpersonateClient, Type: EAT modification 0x8066360C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsInitialSystemProcess, Type: EAT modification 0x80663610-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x80663614-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsSystemThread, Type: EAT modification 0x80663618-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsThreadImpersonating, Type: EAT modification 0x8066361C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsThreadTerminating, Type: EAT modification 0x80663620-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsJobType, Type: EAT modification 0x80663624-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x80663628-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x8066362C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x80663630-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsProcessType, Type: EAT modification 0x80663634-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x80663638-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReferencePrimaryToken, Type: EAT modification 0x8066363C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x80663640-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x80663644-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRestoreImpersonation, Type: EAT modification 0x80663648-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReturnPoolQuota, Type: EAT modification 0x8066364C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x80663650-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x80663654-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRevertThreadToSelf, Type: EAT modification 0x80663658-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRevertToSelf, Type: EAT modification 0x8066365C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetContextThread, Type: EAT modification 0x80663660-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x80663664-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetCreateThreadNotifyRoutine, Type: EAT modification 0x80663668-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x8066366C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x80663670-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x80663674-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x80663678-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x8066367C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x80663680-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessWin32Process, Type: EAT modification 0x80663684-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessWindowStation, Type: EAT modification 0x80663688-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x8066368C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x80663690-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsTerminateSystemThread, Type: EAT modification 0x80663694-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsThreadType, Type: EAT modification 0x80663698-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->qsort, Type: EAT modification 0x80663EC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->rand, Type: EAT modification 0x80663ECC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x8066369C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x806636A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x806636A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x806636A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x806636AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x806636B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAbsoluteToSelfRelativeSD, Type: EAT modification 0x806636B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAccessAllowedAce, Type: EAT modification 0x806636B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x806636BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAce, Type: EAT modification 0x806636C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x806636C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddRange, Type: EAT modification 0x806636C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAllocateHeap, Type: EAT modification 0x806636CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x806636D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x806636D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x806636D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendAsciizToString, Type: EAT modification 0x806636DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendStringToString, Type: EAT modification 0x806636E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x806636E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendUnicodeToString, Type: EAT modification 0x806636E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x806636EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x806636F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreBitsClear, Type: EAT modification 0x806636F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreBitsSet, Type: EAT modification 0x806636F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAssert, Type: EAT modification 0x806636FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCaptureContext, Type: EAT modification 0x80663700-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x80663704-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCharToInteger, Type: EAT modification 0x80663708-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCheckRegistryKey, Type: EAT modification 0x8066370C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlClearAllBits, Type: EAT modification 0x80663710-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlClearBit, Type: EAT modification 0x80663714-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlClearBits, Type: EAT modification 0x80663718-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareMemory, Type: EAT modification 0x8066371C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x80663720-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareString, Type: EAT modification 0x80663724-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareUnicodeString, Type: EAT modification 0x80663728-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompressBuffer, Type: EAT modification 0x8066372C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompressChunks, Type: EAT modification 0x80663730-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x80663734-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x80663738-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x8066373C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyLuid, Type: EAT modification 0x80663740-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyRangeList, Type: EAT modification 0x80663744-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopySid, Type: EAT modification 0x80663748-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyString, Type: EAT modification 0x8066374C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyUnicodeString, Type: EAT modification 0x80663750-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateAcl, Type: EAT modification 0x80663754-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateAtomTable, Type: EAT modification 0x80663758-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateHeap, Type: EAT modification 0x8066375C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateRegistryKey, Type: EAT modification 0x80663760-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x80663764-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x80663768-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateUnicodeString, Type: EAT modification 0x8066376C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x80663770-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDecompressBuffer, Type: EAT modification 0x80663774-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDecompressChunks, Type: EAT modification 0x80663778-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDecompressFragment, Type: EAT modification 0x8066377C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDelete, Type: EAT modification 0x80663780-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteAce, Type: EAT modification 0x80663784-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x80663788-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x8066378C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x80663790-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteNoSplay, Type: EAT modification 0x80663794-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x80663798-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteRange, Type: EAT modification 0x8066379C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x806637A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDescribeChunk, Type: EAT modification 0x806637A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDestroyAtomTable, Type: EAT modification 0x806637A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDestroyHeap, Type: EAT modification 0x806637AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x806637B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEmptyAtomTable, Type: EAT modification 0x806637B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x806637B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x806637BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x806637C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x806637C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x806637C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableLikeADirectory, Type: EAT modification 0x806637CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x806637D0-->804D7009 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEqualLuid, Type: EAT modification 0x806637D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEqualSid, Type: EAT modification 0x806637DC-->81157102 [unknown_code_page]
ntkrnlpa.exe-->RtlEqualString, Type: EAT modification 0x806637E0-->825D9389 [unknown_code_page]
ntkrnlpa.exe-->RtlEqualUnicodeString, Type: EAT modification 0x806637E4-->82860008 [unknown_code_page]
ntkrnlpa.exe-->RtlExtendedIntegerMultiply, Type: EAT modification 0x806637E8-->82860040 [unknown_code_page]
ntkrnlpa.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x806637EC-->8286008E [unknown_code_page]
ntkrnlpa.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x806637F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFillMemory, Type: EAT modification 0x806637F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFillMemoryUlong, Type: EAT modification 0x806637F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClearBits, Type: EAT modification 0x806637FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x80663800-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClearRuns, Type: EAT modification 0x80663804-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindFirstRunClear, Type: EAT modification 0x80663808-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindLastBackwardRunClear, Type: EAT modification 0x8066380C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x80663810-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindLongestRunClear, Type: EAT modification 0x80663814-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindMessage, Type: EAT modification 0x80663818-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x8066381C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x80663820-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindRange, Type: EAT modification 0x80663824-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindSetBits, Type: EAT modification 0x80663828-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x8066382C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x80663830-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x80663834-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeAnsiString, Type: EAT modification 0x80663838-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeHeap, Type: EAT modification 0x8066383C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeOemString, Type: EAT modification 0x80663840-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeRangeList, Type: EAT modification 0x80663844-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeUnicodeString, Type: EAT modification 0x80663848-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x80663850-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetAce, Type: EAT modification 0x80663854-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetCallersAddress, Type: EAT modification 0x80663858-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x8066385C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x80663860-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x80663864-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetElementGenericTable, Type: EAT modification 0x80663868-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x8066386C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetFirstRange, Type: EAT modification 0x80663870-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x80663874-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetNextRange, Type: EAT modification 0x80663878-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x8066387C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x80663880-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetSaclSecurityDescriptor, Type: EAT modification 0x80663884-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x80663888-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetVersion, Type: EAT modification 0x8066388C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGUIDFromString, Type: EAT modification 0x8066384C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlHashUnicodeString, Type: EAT modification 0x80663890-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x80663894-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlImageNtHeader, Type: EAT modification 0x80663898-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitAnsiString, Type: EAT modification 0x8066389C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitCodePageTable, Type: EAT modification 0x806638A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeBitMap, Type: EAT modification 0x806638AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeGenericTable, Type: EAT modification 0x806638B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x806638B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeRangeList, Type: EAT modification 0x806638B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeSid, Type: EAT modification 0x806638BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x806638C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitString, Type: EAT modification 0x806638A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitUnicodeString, Type: EAT modification 0x806638A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTable, Type: EAT modification 0x806638C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x806638C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x806638CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x806638D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x806638D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x806638D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIntegerToChar, Type: EAT modification 0x806638DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIntegerToUnicode, Type: EAT modification 0x806638E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x806638E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInvertRangeList, Type: EAT modification 0x806638E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x806638EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x806638F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x806638F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x806638F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x806638FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x80663900-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x80663904-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x80663908-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x8066390C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x80663910-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringExW, Type: EAT modification 0x80663914-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x80663918-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x8066391C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x80663920-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x80663924-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x80663928-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x8066392C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x80663930-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x80663934-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsRangeAvailable, Type: EAT modification 0x80663938-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x8066393C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x80663940-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x80663944-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x80663948-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x8066394C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x80663950-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x80663954-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x80663958-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLengthRequiredSid, Type: EAT modification 0x8066395C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x80663960-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLengthSid, Type: EAT modification 0x80663964-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLockBootStatusData, Type: EAT modification 0x80663968-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x8066396C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x80663970-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x80663974-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x80663978-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x8066397C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMapGenericMask, Type: EAT modification 0x80663980-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x80663984-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMergeRangeLists, Type: EAT modification 0x80663988-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMoveMemory, Type: EAT modification 0x8066398C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x80663990-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x80663994-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x80663998-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNtStatusToDosError, Type: EAT modification 0x8066399C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x806639A0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberGenericTableElements, Type: EAT modification 0x806639A4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x806639A8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberOfClearBits, Type: EAT modification 0x806639AC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberOfSetBits, Type: EAT modification 0x806639B0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x806639B4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x806639B8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x806639BC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemToUnicodeN, Type: EAT modification 0x806639C0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x806639C4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x806628F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPrefixString, Type: EAT modification 0x806639C8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x806639CC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x806639D0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryRegistryValues, Type: EAT modification 0x806639D4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x806639D8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRaiseException, Type: EAT modification 0x806639DC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRandom, Type: EAT modification 0x806639E0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRandomEx, Type: EAT modification 0x806639E4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRealPredecessor, Type: EAT modification 0x806639E8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRealSuccessor, Type: EAT modification 0x806639EC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x806639F0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlReserveChunk, Type: EAT modification 0x806639F4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x806639F8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x806639FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD, Type: EAT modification 0x80663A04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD2, Type: EAT modification 0x80663A00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetAllBits, Type: EAT modification 0x80663A08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetBit, Type: EAT modification 0x80663A0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetBits, Type: EAT modification 0x80663A10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x80663A14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetGroupSecurityDescriptor, Type: EAT modification 0x80663A18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x80663A1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x80663A20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x80663A24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSizeHeap, Type: EAT modification 0x80663A28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSplay, Type: EAT modification 0x80663A2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlStringFromGUID, Type: EAT modification 0x80663A30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x80663A34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubAuthoritySid, Type: EAT modification 0x80663A38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubtreePredecessor, Type: EAT modification 0x80663A3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x80663A40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTestBit, Type: EAT modification 0x80663A44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x80663A48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x80663A4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x80663A50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x80663A54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToTimeFields, Type: EAT modification 0x80663A58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x80663A5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x80663A60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x80663A64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x80663A68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x80663A6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x80663A70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x80663A74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x80663A78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUlongByteSwap, Type: EAT modification 0x806628FC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x80662900-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x80663A7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x80663A80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x80663A84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToInteger, Type: EAT modification 0x80663A88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x80663A8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x80663A90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x80663A94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x80663A98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x80663A9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToOemN, Type: EAT modification 0x80663AA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnlockBootStatusData, Type: EAT modification 0x80663AA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnwind, Type: EAT modification 0x80663AA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x80663AAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x80663AB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x80663AB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x80663AB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x80663ABC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x80663AC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x80663AC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x80663AC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpperChar, Type: EAT modification 0x80663ACC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpperString, Type: EAT modification 0x80663AD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUshortByteSwap, Type: EAT modification 0x80662904-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x80663AD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x80663AD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidSid, Type: EAT modification 0x80663ADC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x80663AE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x80663AE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlWalkFrameChain, Type: EAT modification 0x80663AE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlWriteRegistryValue, Type: EAT modification 0x80663AEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x80663AF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x80663AFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x80663B00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x80663B04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlZeroHeap, Type: EAT modification 0x80663AF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlZeroMemory, Type: EAT modification 0x80663AF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAccessCheck, Type: EAT modification 0x80663B08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAppendPrivileges, Type: EAT modification 0x80663B0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAssignSecurity, Type: EAT modification 0x80663B10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAssignSecurityEx, Type: EAT modification 0x80663B14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x80663B18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingFileEvents, Type: EAT modification 0x80663B1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x80663B20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x80663B24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingHardLinkEvents, Type: EAT modification 0x80663B28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x80663B2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x80663B30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCaptureSubjectContext, Type: EAT modification 0x80663B34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x80663B38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateAccessState, Type: EAT modification 0x80663B3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateClientSecurity, Type: EAT modification 0x80663B40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x80663B44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeassignSecurity, Type: EAT modification 0x80663B48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeleteAccessState, Type: EAT modification 0x80663B4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x80663B50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeExports, Type: EAT modification 0x80663B54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeFilterToken, Type: EAT modification 0x80663B58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeFreePrivileges, Type: EAT modification 0x80663B5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeImpersonateClient, Type: EAT modification 0x80663B60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeImpersonateClientEx, Type: EAT modification 0x80663B64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeLockSubjectContext, Type: EAT modification 0x80663B68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeMarkLogonSessionForTerminationNotification, Type: EAT modification 0x80663B6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x80663B70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x80663B74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SePrivilegeCheck, Type: EAT modification 0x80663B78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x80663B7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SePublicDefaultDacl, Type: EAT modification 0x80663B80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x80663B84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQueryInformationToken, Type: EAT modification 0x80663B88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x80663B8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQuerySessionIdToken, Type: EAT modification 0x80663B90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x80663B94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x80663B98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeReleaseSubjectContext, Type: EAT modification 0x80663B9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x80663BA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x80663BA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x80663BA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x80663BAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSystemDefaultDacl, Type: EAT modification 0x80663BB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x80663BB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenIsAdmin, Type: EAT modification 0x80663BB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenIsRestricted, Type: EAT modification 0x80663BBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x80663BC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenObjectType, Type: EAT modification 0x80663BC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenType, Type: EAT modification 0x80663BC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeUnlockSubjectContext, Type: EAT modification 0x80663BCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x80663BD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x80663BD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->sprintf, Type: EAT modification 0x80663ED0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->srand, Type: EAT modification 0x80663ED4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcat, Type: EAT modification 0x80663ED8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strchr, Type: EAT modification 0x80663EDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcmp, Type: EAT modification 0x80663EE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcpy, Type: EAT modification 0x80663EE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strlen, Type: EAT modification 0x80663EE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncat, Type: EAT modification 0x80663EEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncmp, Type: EAT modification 0x80663EF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncpy, Type: EAT modification 0x80663EF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strrchr, Type: EAT modification 0x80663EF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strspn, Type: EAT modification 0x80663EFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strstr, Type: EAT modification 0x80663F00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->swprintf, Type: EAT modification 0x80663F04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->tolower, Type: EAT modification 0x80663F08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->toupper, Type: EAT modification 0x80663F0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->towlower, Type: EAT modification 0x80663F10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->towupper, Type: EAT modification 0x80663F14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vDbgPrintEx, Type: EAT modification 0x80663F18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x80663F1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VerSetConditionMask, Type: EAT modification 0x80663BD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfFailDeviceNode, Type: EAT modification 0x80663BDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfFailDriver, Type: EAT modification 0x80663BE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfFailSystemBIOS, Type: EAT modification 0x80663BE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfIsVerificationEnabled, Type: EAT modification 0x80663BE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vsprintf, Type: EAT modification 0x80663F20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscat, Type: EAT modification 0x80663F24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcschr, Type: EAT modification 0x80663F28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscmp, Type: EAT modification 0x80663F2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscpy, Type: EAT modification 0x80663F30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscspn, Type: EAT modification 0x80663F34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcslen, Type: EAT modification 0x80663F38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncat, Type: EAT modification 0x80663F3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncmp, Type: EAT modification 0x80663F40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncpy, Type: EAT modification 0x80663F44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsrchr, Type: EAT modification 0x80663F48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsspn, Type: EAT modification 0x80663F4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsstr, Type: EAT modification 0x80663F50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcstombs, Type: EAT modification 0x80663F54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wctomb, Type: EAT modification 0x80663F58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiFlushTrace, Type: EAT modification 0x80663C04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiGetClock, Type: EAT modification 0x80662908-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiQueryTrace, Type: EAT modification 0x80663C08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiQueryTraceInformation, Type: EAT modification 0x80663C0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiStartTrace, Type: EAT modification 0x80663C10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiStopTrace, Type: EAT modification 0x80663C14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiTraceMessage, Type: EAT modification 0x80663C18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiTraceMessageVa, Type: EAT modification 0x80663C1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiUpdateTrace, Type: EAT modification 0x80663C20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x80663BEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x80663BF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x80663BF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x80663BF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x80663BFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x80663C00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->XIPDispatch, Type: EAT modification 0x80663C24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x80663C28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAddBootEntry, Type: EAT modification 0x80663C2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x80663C30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlertThread, Type: EAT modification 0x80663C34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x80663C38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x80663C3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCancelIoFile, Type: EAT modification 0x80663C40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCancelTimer, Type: EAT modification 0x80663C44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwClearEvent, Type: EAT modification 0x80663C48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwClose, Type: EAT modification 0x80663C4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x80663C50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwConnectPort, Type: EAT modification 0x80663C54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x80663C58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateEvent, Type: EAT modification 0x80663C5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateFile, Type: EAT modification 0x80663C60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateJobObject, Type: EAT modification 0x80663C64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateKey, Type: EAT modification 0x80663C68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateSection, Type: EAT modification 0x80663C6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x80663C70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateTimer, Type: EAT modification 0x80663C74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteBootEntry, Type: EAT modification 0x80663C78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteFile, Type: EAT modification 0x80663C7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteKey, Type: EAT modification 0x80663C80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteValueKey, Type: EAT modification 0x80663C84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x80663C88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDisplayString, Type: EAT modification 0x80663C8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDuplicateObject, Type: EAT modification 0x80663C90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDuplicateToken, Type: EAT modification 0x80663C94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x80663C98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateKey, Type: EAT modification 0x80663C9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateValueKey, Type: EAT modification 0x80663CA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushInstructionCache, Type: EAT modification 0x80663CA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushKey, Type: EAT modification 0x80663CA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x80663CAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x80663CB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFsControlFile, Type: EAT modification 0x80663CB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwInitiatePowerAction, Type: EAT modification 0x80663CB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwIsProcessInJob, Type: EAT modification 0x80663CBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLoadDriver, Type: EAT modification 0x80663CC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLoadKey, Type: EAT modification 0x80663CC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x80663CC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwMapViewOfSection, Type: EAT modification 0x80663CCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwNotifyChangeKey, Type: EAT modification 0x80663CD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x80663CD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenEvent, Type: EAT modification 0x80663CD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenFile, Type: EAT modification 0x80663CDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenJobObject, Type: EAT modification 0x80663CE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenKey, Type: EAT modification 0x80663CE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenProcess, Type: EAT modification 0x80663CE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenProcessToken, Type: EAT modification 0x80663CEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x80663CF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenSection, Type: EAT modification 0x80663CF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x80663CF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenThread, Type: EAT modification 0x80663CFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenThreadToken, Type: EAT modification 0x80663D00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x80663D04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenTimer, Type: EAT modification 0x80663D08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPowerInformation, Type: EAT modification 0x80663D0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPulseEvent, Type: EAT modification 0x80663D10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x80663D14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryBootOptions, Type: EAT modification 0x80663D18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x80663D1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDefaultUILanguage, Type: EAT modification 0x80663D20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x80663D24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x80663D28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryEaFile, Type: EAT modification 0x80663D2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x80663D30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationFile, Type: EAT modification 0x80663D34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x80663D38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationProcess, Type: EAT modification 0x80663D3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationThread, Type: EAT modification 0x80663D40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationToken, Type: EAT modification 0x80663D44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x80663D48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryKey, Type: EAT modification 0x80663D4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryObject, Type: EAT modification 0x80663D50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySection, Type: EAT modification 0x80663D54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySecurityObject, Type: EAT modification 0x80663D58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x80663D5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySystemInformation, Type: EAT modification 0x80663D60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryValueKey, Type: EAT modification 0x80663D64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x80663D68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwReadFile, Type: EAT modification 0x80663D6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwReplaceKey, Type: EAT modification 0x80663D70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x80663D74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwResetEvent, Type: EAT modification 0x80663D78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRestoreKey, Type: EAT modification 0x80663D7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSaveKey, Type: EAT modification 0x80663D80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSaveKeyEx, Type: EAT modification 0x80663D84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x80663D88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetBootOptions, Type: EAT modification 0x80663D8C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetDefaultLocale, Type: EAT modification 0x80663D90-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x80663D94-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetEaFile, Type: EAT modification 0x80663D98-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetEvent, Type: EAT modification 0x80663D9C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationFile, Type: EAT modification 0x80663DA0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationJobObject, Type: EAT modification 0x80663DA4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationObject, Type: EAT modification 0x80663DA8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationProcess, Type: EAT modification 0x80663DAC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationThread, Type: EAT modification 0x80663DB0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetSecurityObject, Type: EAT modification 0x80663DB4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetSystemInformation, Type: EAT modification 0x80663DB8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetSystemTime, Type: EAT modification 0x80663DBC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetTimer, Type: EAT modification 0x80663DC0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetValueKey, Type: EAT modification 0x80663DC4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x80663DC8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTerminateJobObject, Type: EAT modification 0x80663DCC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTerminateProcess, Type: EAT modification 0x80663DD0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTranslateFilePath, Type: EAT modification 0x80663DD4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnloadDriver, Type: EAT modification 0x80663DD8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnloadKey, Type: EAT modification 0x80663DDC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x80663DE0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x80663DE4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwWaitForSingleObject, Type: EAT modification 0x80663DE8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwWriteFile, Type: EAT modification 0x80663DEC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwYieldExecution, Type: EAT modification 0x80663DF0-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_abnormal_termination, Type: EAT modification 0x80663E00-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alldiv, Type: EAT modification 0x80663E04-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alldvrm, Type: EAT modification 0x80663E08-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allmul, Type: EAT modification 0x80663E0C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alloca_probe, Type: EAT modification 0x80663E10-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allrem, Type: EAT modification 0x80663E14-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allshl, Type: EAT modification 0x80663E18-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allshr, Type: EAT modification 0x80663E1C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aulldiv, Type: EAT modification 0x80663E20-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aulldvrm, Type: EAT modification 0x80663E24-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aullrem, Type: EAT modification 0x80663E28-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aullshr, Type: EAT modification 0x80663E2C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_CIcos, Type: EAT modification 0x80663DF4-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_CIsin, Type: EAT modification 0x80663DF8-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_CIsqrt, Type: EAT modification 0x80663DFC-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_except_handler2, Type: EAT modification 0x80663E30-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_except_handler3, Type: EAT modification 0x80663E34-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_global_unwind2, Type: EAT modification 0x80663E38-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_itoa, Type: EAT modification 0x80663E3C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_itow, Type: EAT modification 0x80663E40-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_local_unwind2, Type: EAT modification 0x80663E44-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_purecall, Type: EAT modification 0x80663E48-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snprintf, Type: EAT modification 0x80663E4C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snwprintf, Type: EAT modification 0x80663E50-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_stricmp, Type: EAT modification 0x80663E54-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strlwr, Type: EAT modification 0x80663E58-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strnicmp, Type: EAT modification 0x80663E5C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strnset, Type: EAT modification 0x80663E60-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strrev, Type: EAT modification 0x80663E64-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strset, Type: EAT modification 0x80663E68-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strupr, Type: EAT modification 0x80663E6C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vsnprintf, Type: EAT modification 0x80663E70-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vsnwprintf, Type: EAT modification 0x80663E74-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsicmp, Type: EAT modification 0x80663E78-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcslwr, Type: EAT modification 0x80663E7C-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsnicmp, Type: EAT modification 0x80663E80-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsnset, Type: EAT modification 0x80663E84-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsrev, Type: EAT modification 0x80663E88-->804D7000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsupr, Type: EAT modification 0x80663E8C-->804D7000 [ntkrnlpa.exe]
[1240]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C8447ED-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)


how's this ??? do reply :thumbsup: thanx

I never go back on my words.....BELIEVE IT !!!


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 27 August 2010 - 06:07 AM

If it was detected in system restore, it means it was there by "something" has cleaned it.

How are things running now?


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 28 August 2010 - 06:53 AM

i 'll check it and paste the log file as soon as possible.. computer is working normally though.. :thumbsup:

I never go back on my words.....BELIEVE IT !!!


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 28 August 2010 - 07:07 AM

Good to hear that, will wait for the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 01 September 2010 - 11:03 AM

hi
sorry for the delay .... here is the MBAM log>>>

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4504

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/30/2010 8:18:27 AM
mbam-log-2010-08-30 (08-18-27).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 184760
Time elapsed: 1 hour(s), 13 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


how's this report >>> next what should i do ??? am i free of virus??? :thumbsup:

I never go back on my words.....BELIEVE IT !!!


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 01 September 2010 - 12:47 PM

Looks good, so its high time to install all latest XP updates.

UPDATE XP
--------------
Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.[/color]


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 02 September 2010 - 08:38 AM

ESET online scan report>>> NO threats found !!!

does downloading and installing windows sp3 automatically upgrades my current system ?

do reply thanks..... :D

I never go back on my words.....BELIEVE IT !!!


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 02 September 2010 - 12:50 PM

After installing Service Pack 3 you still will have some other updates to install as well. However, it is very important to install this because service pack 2 is no longer supported by microsoft.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Edited by elise025, 02 September 2010 - 12:51 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 swift06

swift06
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:kerala
  • Local time:07:37 AM

Posted 04 September 2010 - 08:38 AM

hi
the links were great :D

thanks for ur help !!!

adios..

I never go back on my words.....BELIEVE IT !!!


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:07 AM

Posted 04 September 2010 - 09:14 AM

You're welcome. :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users