Untitled

From Sexy Cheetah, 4 Years ago, written in Plain Text.

Embed

Download Paste or View Raw
Hits: 562

GMER 2.2.19882 - http://www.gmer.net

Rootkit scan 2019-07-27 10:05:03

Windows 6.2.9200 x64 \Device\Harddisk3\DR3 -> \Device\0000003c Force_MP510 rev.ECFM12.2 894,25GB

Running: h5oc01p4.exe; Driver: C:\Users\Wojtek\AppData\Local\Temp\uwrdiuoc.sys

---- Kernel code sections - GMER 2.2 ----

.text C:\Windows\system32\hal.dll!KeStallExecutionProcessor + 114 fffff807742b3672 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!KeStallExecutionProcessor + 121 fffff807742b3679 5 bytes {CALL 0xffffffffff5fc997}

.text ... * 5

.text C:\Windows\system32\hal.dll!KeQueryPerformanceCounter + 91 fffff807742b381b 6 bytes {CALL 0xffffffffff89ca85}

.text C:\Windows\system32\hal.dll!KeQueryPerformanceCounter + 124 fffff807742b383c 2 bytes [4C, 8B]

.text ... * 7

.text C:\Windows\system32\hal.dll!HalSendSoftwareInterrupt + 208 fffff807742b3b70 6 bytes {CALL 0xffffffffff89c730}

.text C:\Windows\system32\hal.dll!HalSendSoftwareInterrupt + 430 fffff807742b3c4e 6 bytes {CALL 0xffffffffff89c652}

.text ... * 2

.text C:\Windows\system32\hal.dll!HalRequestIpiSpecifyVector + 54 fffff807742b3d66 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalRequestIpiSpecifyVector + 61 fffff807742b3d6d 5 bytes {CALL 0xffffffffff573693}

.text ... * 16

.text C:\Windows\system32\hal.dll!HalRequestIpi + 81 fffff807742b41c1 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalRequestIpi + 88 fffff807742b41c8 5 bytes {CALL 0xffffffffff573238}

.text ... * 18

.text C:\Windows\system32\hal.dll!HalRequestClockInterrupt + 81 fffff807742b4701 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalRequestClockInterrupt + 88 fffff807742b4708 5 bytes {CALL 0xffffffffff572cf8}

.text ... * 18

.text C:\Windows\system32\hal.dll!HalRequestSoftwareInterrupt + 214 fffff807742b5146 6 bytes {CALL 0xffffffffff89b15a}

.text C:\Windows\system32\hal.dll!HalRequestSoftwareInterrupt + 357 fffff807742b51d5 2 bytes [4C, 8B]

.text ... * 4

.text C:\Windows\system32\hal.dll!HalPerformEndOfInterrupt + 21 fffff807742b52c5 6 bytes {CALL 0xffffffffff89afdb}

.text C:\Windows\system32\hal.dll!HalPerformEndOfInterrupt + 247 fffff807742b53a7 2 bytes [4C, 8B]

.text ... * 7

.text C:\Windows\system32\hal.dll!HalCalibratePerformanceCounter + 322 fffff807742b7bd2 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalCalibratePerformanceCounter + 329 fffff807742b7bd9 5 bytes {CALL 0xffffffffff69a017}

.text C:\Windows\system32\hal.dll!HalInitializeOnResume + 633 fffff807742b86d9 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalInitializeOnResume + 640 fffff807742b86e0 5 bytes {CALL 0xffffffffff587e20}

.text C:\Windows\system32\hal.dll!HalGetBusDataByOffset + 785 fffff807742b93a1 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalGetBusDataByOffset + 792 fffff807742b93a8 5 bytes {CALL 0xffffffffff5ad258}

.text ... * 3

.text C:\Windows\system32\hal.dll!HalGetMessageRoutingInfo + 113 fffff807742b9f71 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalGetMessageRoutingInfo + 120 fffff807742b9f78 5 bytes {CALL 0xffffffffff645e68}

.text ... * 9

.text C:\Windows\system32\hal.dll!HalGetProcessorIdByNtNumber + 31 fffff807742ba0ef 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalGetProcessorIdByNtNumber + 38 fffff807742ba0f6 5 bytes {CALL 0xffffffffff61653a}

.text ... * 11

.text C:\Windows\system32\hal.dll!HalGetMemoryCachingRequirements + 287 fffff807742ba84f 6 bytes {CALL 0xffffffffff895a51}

.text C:\Windows\system32\hal.dll!HalTranslateBusAddress + 50 fffff807742bac22 6 bytes {CALL 0xffffffffff89567e}

.text C:\Windows\system32\hal.dll!HalTranslateBusAddress + 119 fffff807742bac67 6 bytes {CALL 0xffffffffff895639}

.text C:\Windows\system32\hal.dll!HalDmaAllocateCrashDumpRegistersEx + 403 fffff807742baf43 6 bytes {CALL 0xffffffffff89535d}

.text C:\Windows\system32\hal.dll!HalDmaAllocateCrashDumpRegistersEx + 561 fffff807742bafe1 2 bytes [4C, 8B]

.text ... * 9

.text C:\Windows\system32\hal.dll!HalDmaFreeCrashDumpRegistersEx + 279 fffff807742bb327 6 bytes {CALL 0xffffffffff894f79}

.text C:\Windows\system32\hal.dll!HalDmaFreeCrashDumpRegistersEx + 303 fffff807742bb33f 6 bytes {CALL 0xffffffffff894f61}

.text ... * 11

.text C:\Windows\system32\hal.dll!HalStartNextProcessor + 267 fffff807742bb86b 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalStartNextProcessor + 274 fffff807742bb872 5 bytes {CALL 0xffffffffff66561e}

.text ... * 3

.text C:\Windows\system32\hal.dll!HalQueryMaximumProcessorCount + 258 fffff807742bc582 6 bytes {CALL 0xffffffffff893d1e}

.text C:\Windows\system32\hal.dll!HalQueryMaximumProcessorCount + 607 fffff807742bc6df 2 bytes [4C, 8B]

.text ... * 4

.text C:\Windows\system32\hal.dll!HalDisableInterrupt + 214 fffff807742bc7f6 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalDisableInterrupt + 221 fffff807742bc7fd 5 bytes {CALL 0xffffffffff56b3a3}

.text ... * 3

.text C:\Windows\system32\hal.dll!HalEnableInterrupt + 204 fffff807742bc8ec 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalEnableInterrupt + 211 fffff807742bc8f3 5 bytes {CALL 0xffffffffff56b2ad}

.text ... * 7

.text C:\Windows\system32\hal.dll!HalQueryRealTimeClock + 100 fffff807742be5f4 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalQueryRealTimeClock + 107 fffff807742be5fb 5 bytes {CALL 0xffffffffff65eb55}

.text ... * 15

.text C:\Windows\system32\hal.dll!HalFreeCommonBuffer + 7 fffff807742be9d7 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalFreeCommonBuffer + 14 fffff807742be9de 5 bytes {CALL 0xffffffffff639d62}

.text ... * 2

.text C:\Windows\system32\hal.dll!HalSetRealTimeClock + 52 fffff807742bebc4 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalSetRealTimeClock + 59 fffff807742bebcb 5 bytes {CALL 0xffffffffff65e585}

.text ... * 5

.text C:\Windows\system32\hal.dll!HalSendNMI + 175 fffff807742bf03f 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalSendNMI + 182 fffff807742bf046 5 bytes {CALL 0xffffffffff5683ea}

.text ... * 15

.text C:\Windows\system32\hal.dll!HalAllocateCommonBuffer + 669 fffff807742c094d 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalAllocateCommonBuffer + 676 fffff807742c0954 5 bytes {CALL 0xffffffffff63f1ac}

.text ... * 9

.text C:\Windows\system32\hal.dll!x86BiosReadMemory + 282 fffff807742c799a 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!x86BiosReadMemory + 289 fffff807742c79a1 5 bytes {CALL 0xffffffffff59dbcf}

.text ... * 5

.text C:\Windows\system32\hal.dll!x86BiosWriteMemory + 170 fffff807742c825a 6 bytes {CALL 0xffffffffff888046}

.text C:\Windows\system32\hal.dll!HalInitializeBios + 45 fffff807742c82bd 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalInitializeBios + 52 fffff807742c82c4 5 bytes {CALL 0xffffffffff6d1a1c}

.text ... * 17

.text C:\Windows\system32\hal.dll!HalGetBusData + 763 fffff807742c8c7b 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalGetBusData + 770 fffff807742c8c82 5 bytes {CALL 0xffffffffff55ef1e}

.text ... * 3

.text C:\Windows\system32\hal.dll!HalGetInterruptTargetInformation + 199 fffff807742c8e77 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalGetInterruptTargetInformation + 206 fffff807742c8e7e 5 bytes {CALL 0xffffffffff5e6922}

.text ... * 5

.text C:\Windows\system32\hal.dll!x86BiosFreeBuffer + 96 fffff807742c9420 6 bytes {CALL 0xffffffffff886e80}

.text C:\Windows\system32\hal.dll!x86BiosFreeBuffer + 394 fffff807742c954a 2 bytes [4C, 8B]

.text ... * 20

.text C:\Windows\system32\hal.dll!HalEnumerateProcessors + 454 fffff807742c9bb6 6 bytes {CALL 0xffffffffff8866ea}

.text C:\Windows\system32\hal.dll!HalEnumerateProcessors + 524 fffff807742c9bfc 6 bytes {CALL 0xffffffffff8866a4}

.text ... * 5

.text C:\Windows\system32\hal.dll!HalAcpiGetTableEx + 47 fffff807742ca41f 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalAcpiGetTableEx + 54 fffff807742ca426 5 bytes {CALL 0xffffffffff6641fa}

.text C:\Windows\system32\hal.dll!HalGetVectorInput + 28 fffff807742ca48c 6 bytes {CALL 0xffffffffff885e14}

.text C:\Windows\system32\hal.dll!HalIsHyperThreadingEnabled + 102 fffff807742ca536 3 bytes [4C, 8B, 15]

.text C:\Windows\system32\hal.dll!HalIsHyperThreadingEnabled + 109 fffff807742ca53d 5 bytes JMP fffff807739b90b0

.text ... * 17

.text C:\Windows\system32\hal.dll!HalReadDmaCounter + 40 fffff807742d5cc8 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalReadDmaCounter + 47 fffff807742d5ccf 5 bytes {CALL 0xffffffffff568631}

.text ... * 26

.text C:\Windows\system32\hal.dll!HalGetEnvironmentVariable + 39 fffff807742df867 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalGetEnvironmentVariable + 46 fffff807742df86e 5 bytes {CALL 0xffffffffff6bacf2}

.text ... * 3

.text C:\Windows\system32\hal.dll!HalQueryEnvironmentVariableInfoEx + 111 fffff807742df94f 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalQueryEnvironmentVariableInfoEx + 118 fffff807742df956 5 bytes {CALL 0xffffffffff656f8a}

.text ... * 5

.text C:\Windows\system32\hal.dll!HalSetEnvironmentVariable + 35 fffff807742df9e3 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalSetEnvironmentVariable + 42 fffff807742df9ea 5 bytes {CALL 0xffffffffff6bab76}

.text ... * 5

.text C:\Windows\system32\hal.dll!HalSetEnvironmentVariableEx + 187 fffff807742dfb6b 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalSetEnvironmentVariableEx + 194 fffff807742dfb72 5 bytes {CALL 0xffffffffff6c13ce}

.text ... * 13

.text C:\Windows\system32\hal.dll!HalSetProfileInterval + 26 fffff807742e149a 6 bytes {CALL 0xffffffffff86ee06}

.text C:\Windows\system32\hal.dll!HalStartProfileInterrupt + 22 fffff807742e14d6 6 bytes {CALL 0xffffffffff86edca}

.text C:\Windows\system32\hal.dll!HalStopProfileInterrupt + 17 fffff807742e1501 6 bytes {CALL 0xffffffffff86ed9f}

.text C:\Windows\system32\hal.dll!HalStopProfileInterrupt + 126 fffff807742e156e 2 bytes [4C, 8B]

.text ... * 18

.text C:\Windows\system32\hal.dll!HalGetInterruptVector + 38 fffff807742e1d56 6 bytes {CALL 0xffffffffff86e54a}

.text C:\Windows\system32\hal.dll!HalGetInterruptVector + 314 fffff807742e1e6a 6 bytes {CALL 0xffffffffff86e436}

.text ... * 9

.text C:\Windows\system32\hal.dll!HalStartDynamicProcessor + 111 fffff807742e25ff 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalStartDynamicProcessor + 118 fffff807742e2606 5 bytes {CALL 0xffffffffffbe8a5a}

.text ... * 4

.text C:\Windows\system32\hal.dll!HalRequestDeferredRecoveryServiceInterrupt + 104 fffff807742e2cc8 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalRequestDeferredRecoveryServiceInterrupt + 111 fffff807742e2ccf 5 bytes {CALL 0xffffffffff5576f1}

.text ... * 22

.text C:\Windows\system32\hal.dll!HalMakeBeep + 883 fffff807742e4233 1 byte [A9]

.text C:\Windows\system32\hal.dll!HalReturnToFirmware + 27 fffff807742e42fb 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalReturnToFirmware + 34 fffff807742e4302 5 bytes {CALL 0xffffffffff63e8ee}

.text ... * 10

.text C:\Windows\system32\hal.dll!HalBugCheckSystem + 117 fffff807742f9785 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalBugCheckSystem + 124 fffff807742f978c 5 bytes {CALL 0xffffffffff6c3174}

.text ... * 3

.text C:\Windows\system32\hal.dll!HalHandleMcheck + 259 fffff807742fba73 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalHandleMcheck + 266 fffff807742fba7a 5 bytes {CALL 0xffffffffff56ab86}

.text ... * 18

.text C:\Windows\system32\hal.dll!HalHandleNMI + 219 fffff807742fc5eb 2 bytes [4C, 8B]

.text C:\Windows\system32\hal.dll!HalHandleNMI + 226 fffff807742fc5f2 5 bytes {CALL 0xffffffffff840e2e}

PAGE C:\Windows\system32\hal.dll!HalConvertDeviceIdtToIrql + 90 fffff8077433011a 2 bytes [4C, 8B]

PAGE C:\Windows\system32\hal.dll!HalConvertDeviceIdtToIrql + 97 fffff80774330121 5 bytes {CALL 0xffffffffffc0c6cf}

PAGE ... * 13

PAGE C:\Windows\system32\hal.dll!HalGetAdapter + 419 fffff80774332c43 2 bytes [4C, 8B]

PAGE C:\Windows\system32\hal.dll!HalGetAdapter + 426 fffff80774332c4a 5 bytes {CALL 0xffffffffff5ed286}

PAGE ... * 11

PAGE C:\Windows\system32\hal.dll!HalAllocateHardwareCounters + 131 fffff80774333483 2 bytes [4C, 8B]

PAGE C:\Windows\system32\hal.dll!HalAllocateHardwareCounters + 138 fffff8077433348a 5 bytes {CALL 0xffffffffff4f3e36}

PAGE ... * 9

PAGE C:\Windows\system32\hal.dll!HalFreeHardwareCounters + 80 fffff807743335a0 4 bytes [E8, FB, CC, 81]

PAGE C:\Windows\system32\hal.dll!HalFreeHardwareCounters + 85 fffff807743335a5 1 byte [90]

PAGE ... * 5

PAGE C:\Windows\system32\hal.dll!IoReadPartitionTable + 4 fffff807743347d4 2 bytes [4C, 8B]

PAGE C:\Windows\system32\hal.dll!IoReadPartitionTable + 11 fffff807743347db 5 bytes {CALL 0xffffffffffd195e5}

PAGE C:\Windows\system32\hal.dll!IoSetPartitionInformation + 4 fffff807743347f4 2 bytes [4C, 8B]

PAGE C:\Windows\system32\hal.dll!IoSetPartitionInformation + 11 fffff807743347fb 5 bytes {CALL 0xffffffffffd19855}

PAGE C:\Windows\system32\hal.dll!IoWritePartitionTable + 14 fffff8077433481e 2 bytes [4C, 8B]

PAGE C:\Windows\system32\hal.dll!IoWritePartitionTable + 21 fffff80774334825 5 bytes {CALL 0xffffffffffd199cb}

PAGE C:\Windows\system32\hal.dll!HalAssignSlotResources + 78 fffff8077433488e 4 bytes [E8, 0D, BA, 81]

PAGE C:\Windows\system32\hal.dll!HalAssignSlotResources + 83 fffff80774334893 1 byte [90]

PAGELK C:\Windows\system32\hal.dll!HalInitSystem + 194 fffff80774339d82 4 bytes [E8, 19, 65, 81]

PAGELK C:\Windows\system32\hal.dll!HalInitSystem + 199 fffff80774339d87 1 byte [90]

.text C:\Windows\system32\kd.dll!KdSetHiberRange + 29 fffff807766010bd 2 bytes [4C, 8B]

.text C:\Windows\system32\kd.dll!KdSetHiberRange + 36 fffff807766010c4 5 bytes {CALL 0xfffffffffd359bcc}

.text C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAuthIdentity + 73 fffff80776661059 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAuthIdentity + 80 fffff80776661060 5 bytes {CALL 0xfffffffffd509040}

.text C:\Windows\System32\drivers\ksecdd.sys!SspiZeroAuthIdentity + 230 fffff80776661166 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiZeroAuthIdentity + 237 fffff8077666116d 5 bytes {CALL 0xfffffffffd20e883}

.text ... * 32

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptHashData + 28 fffff8077666178c 6 bytes {CALL 0x28b14}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptCreateHash + 76 fffff807766617fc 6 bytes {CALL 0x28aa4}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptFinishHash + 25 fffff80776661839 6 bytes {CALL 0x28a67}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroyHash + 25 fffff807766618a9 2 bytes [E8, F2]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroyHash + 28 fffff807766618ac 3 bytes [02, 00, 90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGetProperty + 60 fffff8077666190c 6 bytes {CALL 0x28994}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGetProperty + 112 fffff80776661940 2 bytes [4C, 8B]

.text ... * 18

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGenRandom + 28 fffff80776661b2c 6 bytes {CALL 0x28774}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGenRandom + 82 fffff80776661b62 2 bytes [4C, 8B]

.text ... * 2

.text C:\Windows\System32\drivers\ksecdd.sys!MapSecurityError + 4 fffff80776661b84 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!MapSecurityError + 11 fffff80776661b8b 5 bytes {CALL 0xfffffffffd2cb1e5}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDuplicateHash + 41 fffff80776661bc9 6 bytes {CALL 0x286d7}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGenerateSymmetricKey + 71 fffff80776661c37 6 bytes {CALL 0x28669}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptKeyDerivation + 60 fffff80776661c8c 6 bytes {CALL 0x28614}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroyKey + 25 fffff80776661cc9 6 bytes {CALL 0x285d7}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDuplicateKey + 41 fffff80776661d19 6 bytes {CALL 0x28587}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptVerifySignature + 71 fffff80776661d87 6 bytes {CALL 0x28519}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptOpenAlgorithmProvider + 28 fffff80776661dbc 6 bytes {CALL 0x284e4}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptImportKey + 101 fffff80776661e45 6 bytes {CALL 0x2845b}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptCloseAlgorithmProvider + 25 fffff80776661e79 6 bytes {CALL 0x28427}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptCloseAlgorithmProvider + 269 fffff80776661f6d 2 bytes [4C, 8B]

.text ... * 16

.text C:\Windows\System32\drivers\ksecdd.sys!SspiLocalFree + 11 fffff807766622bb 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiLocalFree + 18 fffff807766622c2 5 bytes {CALL 0xfffffffffd507dde}

.text ... * 11

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptImportKeyPair + 71 fffff80776665277 6 bytes {CALL 0x25029}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptSetProperty + 44 fffff8077666536c 6 bytes {CALL 0x24f34}

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptSignHash + 90 fffff807766653ea 6 bytes {CALL 0x24eb6}

.text C:\Windows\System32\drivers\ksecdd.sys!InitSecurityInterfaceW + 109 fffff8077666547d 3 bytes [4C, 8B, 15]

.text C:\Windows\System32\drivers\ksecdd.sys!InitSecurityInterfaceW + 116 fffff80776665484 5 bytes JMP fffff80773999140

.text ... * 4

.text C:\Windows\System32\drivers\ksecdd.sys!SspiCompareAuthIdentities + 383 fffff80776668d3f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiCompareAuthIdentities + 390 fffff80776668d46 5 bytes {CALL 0xfffffffffd50135a}

.text ... * 19

.text C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeAuthIdentityAsStrings + 685 fffff807766696dd 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeAuthIdentityAsStrings + 692 fffff807766696e4 5 bytes {CALL 0xfffffffffd5009bc}

.text ... * 7

.text C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeStringsAsAuthIdentity + 140 fffff8077666a0bc 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeStringsAsAuthIdentity + 147 fffff8077666a0c3 5 bytes {CALL 0xfffffffffd33286d}

.text ... * 5

.text C:\Windows\System32\drivers\ksecdd.sys!SspiValidateAuthIdentity + 412 fffff8077666aa6c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SspiValidateAuthIdentity + 419 fffff8077666aa73 5 bytes {CALL 0xfffffffffd204f7d}

.text ... * 17

.text C:\Windows\System32\drivers\ksecdd.sys!SecLookupWellKnownSid + 761 fffff8077666b859 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SecLookupWellKnownSid + 768 fffff8077666b860 5 bytes {CALL 0xfffffffffd1980c0}

.text C:\Windows\System32\drivers\ksecdd.sys!KSecRegisterSecurityProvider + 24 fffff8077666c2a8 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!KSecRegisterSecurityProvider + 31 fffff8077666c2af 5 bytes {CALL 0xfffffffffd1969c1}

.text ... * 11

.text C:\Windows\System32\drivers\ksecdd.sys!KSecValidateBuffer + 209 fffff8077666c551 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!KSecValidateBuffer + 216 fffff8077666c558 5 bytes {CALL 0xfffffffffd7b9d68}

.text ... * 3

.text C:\Windows\System32\drivers\ksecdd.sys!SecSetPagingMode + 54 fffff8077666c666 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!SecSetPagingMode + 61 fffff8077666c66d 5 bytes {CALL 0xfffffffffd196603}

.text ... * 15

.text C:\Windows\System32\drivers\ksecdd.sys!GetSecurityUserInfo + 165 fffff8077666c8a5 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\ksecdd.sys!GetSecurityUserInfo + 172 fffff8077666c8ac 5 bytes {CALL 0xfffffffffd4fd764}

.text ... * 5

.text C:\Windows\System32\drivers\ksecdd.sys!SystemPrng + 28 fffff8077666d03c 4 bytes [E8, 5F, D2, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SystemPrng + 33 fffff8077666d041 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDecrypt + 106 fffff8077666d0ca 4 bytes [E8, D1, D1, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDecrypt + 111 fffff8077666d0cf 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKey + 71 fffff8077666d137 4 bytes [E8, 64, D1, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKey + 76 fffff8077666d13c 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyCapi + 44 fffff8077666d17c 4 bytes [E8, 1F, D1, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyCapi + 49 fffff8077666d181 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyPBKDF2 + 101 fffff8077666d205 4 bytes [E8, 96, D0, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyPBKDF2 + 106 fffff8077666d20a 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroySecret + 28 fffff8077666d23c 4 bytes [E8, 5F, D0, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroySecret + 33 fffff8077666d241 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptEncrypt + 106 fffff8077666d2ca 4 bytes [E8, D1, CF, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptEncrypt + 111 fffff8077666d2cf 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumAlgorithms + 25 fffff8077666d309 4 bytes [E8, 92, CF, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumAlgorithms + 30 fffff8077666d30e 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumProviders + 25 fffff8077666d349 4 bytes [E8, 52, CF, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumProviders + 30 fffff8077666d34e 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptExportKey + 68 fffff8077666d3b4 4 bytes [E8, E7, CE, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptExportKey + 73 fffff8077666d3b9 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptFinalizeKeyPair + 28 fffff8077666d3ec 4 bytes [E8, AF, CE, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptFinalizeKeyPair + 33 fffff8077666d3f1 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptFreeBuffer + 28 fffff8077666d42c 4 bytes [E8, 6F, CE, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptFreeBuffer + 33 fffff8077666d431 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGenerateKeyPair + 28 fffff8077666d45c 4 bytes [E8, 3F, CE, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGenerateKeyPair + 33 fffff8077666d461 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGetFipsAlgorithmMode + 25 fffff8077666d499 4 bytes [E8, 02, CE, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptGetFipsAlgorithmMode + 30 fffff8077666d49e 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptRegisterConfigChangeNotify + 24 fffff8077666d4d8 4 bytes [E8, C3, CD, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptRegisterConfigChangeNotify + 29 fffff8077666d4dd 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptResolveProviders + 85 fffff8077666d545 4 bytes [E8, 56, CD, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptResolveProviders + 90 fffff8077666d54a 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptSecretAgreement + 28 fffff8077666d57c 4 bytes [E8, 1F, CD, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptSecretAgreement + 33 fffff8077666d581 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptUnregisterConfigChangeNotify + 25 fffff8077666d5b9 4 bytes [E8, E2, CC, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!BCryptUnregisterConfigChangeNotify + 30 fffff8077666d5be 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslDecryptPacket + 99 fffff8077666d643 4 bytes [E8, 58, CC, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslDecryptPacket + 104 fffff8077666d648 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslEncryptPacket + 106 fffff8077666d6ca 4 bytes [E8, D1, CB, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslEncryptPacket + 111 fffff8077666d6cf 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslExportKey + 68 fffff8077666d734 4 bytes [E8, 67, CB, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslExportKey + 73 fffff8077666d739 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslFreeObject + 25 fffff8077666d769 4 bytes [E8, 32, CB, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslFreeObject + 30 fffff8077666d76e 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslGetExtensions + 57 fffff8077666d7c9 4 bytes [E8, D2, CA, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslGetExtensions + 62 fffff8077666d7ce 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslGetServerIdentity + 41 fffff8077666d819 4 bytes [E8, 82, CA, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslGetServerIdentity + 46 fffff8077666d81e 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslImportKey + 55 fffff8077666d877 4 bytes [E8, 24, CA, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslImportKey + 60 fffff8077666d87c 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslLookupCipherSuiteInfo + 57 fffff8077666d8c9 4 bytes [E8, D2, C9, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslLookupCipherSuiteInfo + 62 fffff8077666d8ce 1 byte [90]

.text C:\Windows\System32\drivers\ksecdd.sys!SslOpenProvider + 25 fffff8077666d909 4 bytes [E8, 92, C9, 01]

.text C:\Windows\System32\drivers\ksecdd.sys!SslOpenProvider + 30 fffff8077666d90e 1 byte [90]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx2 + 218 fffff8077667b16a 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx2 + 225 fffff8077667b171 5 bytes {CALL 0xfffffffffd4eee9f}

PAGE C:\Windows\System32\drivers\ksecdd.sys!FreeContextBuffer + 152 fffff8077667b3d8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!FreeContextBuffer + 159 fffff8077667b3df 5 bytes {CALL 0xfffffffffd2aedf1}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\ksecdd.sys!AcquireCredentialsHandleW + 220 fffff8077667b52c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!AcquireCredentialsHandleW + 227 fffff8077667b533 5 bytes {CALL 0xfffffffffdc3828d}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\ksecdd.sys!FreeCredentialsHandle + 88 fffff8077667b6c8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!FreeCredentialsHandle + 95 fffff8077667b6cf 5 bytes {CALL 0xfffffffffd1f4321}

PAGE ... * 6

PAGE C:\Windows\System32\drivers\ksecdd.sys!DeleteSecurityContext + 104 fffff8077667b888 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!DeleteSecurityContext + 111 fffff8077667b88f 5 bytes {CALL 0xfffffffffdc37f31}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\ksecdd.sys!AcceptSecurityContext + 220 fffff8077667ba7c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!AcceptSecurityContext + 227 fffff8077667ba83 5 bytes {CALL 0xfffffffffd1a406d}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiDeleteSecurityContextAsync + 159 fffff8077667c4ef 6 bytes {CALL 0xddb1}

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiDeleteSecurityContextAsync + 544 fffff8077667c670 6 bytes {CALL 0xdc30}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAsyncContext + 84 fffff8077667d004 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAsyncContext + 91 fffff8077667d00b 5 bytes {CALL 0xfffffffffd289b75}

PAGE ... * 20

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiCreateAsyncContext + 19 fffff8077667d293 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiCreateAsyncContext + 26 fffff8077667d29a 5 bytes {CALL 0xfffffffffd347486}

PAGE ... * 2

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiAcceptSecurityContextAsync + 198 fffff8077667d3d6 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiAcceptSecurityContextAsync + 205 fffff8077667d3dd 5 bytes {CALL 0xfffffffffd4ecc33}

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiGetAsyncCallStatus + 569 fffff8077667d699 2 bytes {JMP 0x4e}

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiGetAsyncCallStatus + 576 fffff8077667d6a0 5 bytes {CALL 0xfffffffffd4ec970}

PAGE C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetKeyTypesServer + 93 fffff8077667e62d 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetKeyTypesServer + 100 fffff8077667e634 5 bytes {CALL 0xfffffffffd4eb9dc}

PAGE ... * 19

PAGE C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetHighestSupportedVersion + 77 fffff8077667e8ed 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetHighestSupportedVersion + 84 fffff8077667e8f4 4 bytes [E8, D7, C9, 04]

PAGE ... * 13

PAGE C:\Windows\System32\drivers\ksecdd.sys!CredMarshalTargetInfo + 450 fffff8077667fe52 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!CredMarshalTargetInfo + 457 fffff8077667fe59 5 bytes {CALL 0xfffffffffd4ea1b7}

PAGE C:\Windows\System32\drivers\ksecdd.sys!ApplyControlToken + 299 fffff80776680bab 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!ApplyControlToken + 306 fffff80776680bb2 5 bytes {CALL 0xfffffffffdc32c0e}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\ksecdd.sys!ExportSecurityContext + 89 fffff80776680d19 6 bytes {CALL 0x9587}

PAGE C:\Windows\System32\drivers\ksecdd.sys!ImportSecurityContextW + 113 fffff80776680dc1 6 bytes {CALL 0x94df}

PAGE C:\Windows\System32\drivers\ksecdd.sys!ImportSecurityContextW + 377 fffff80776680ec9 2 bytes [4C, 8B]

PAGE ... * 4

PAGE C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx + 225 fffff807766814f1 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx + 232 fffff807766814f8 5 bytes {CALL 0xfffffffffdc322c8}

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiReinitAsyncContext + 332 fffff807766817ac 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!SspiReinitAsyncContext + 339 fffff807766817b3 5 bytes {CALL 0xfffffffffd337cfd}

PAGE ... * 19

PAGE C:\Windows\System32\drivers\ksecdd.sys!TokenBindingVerifyMessage + 167 fffff80776681ea7 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ksecdd.sys!TokenBindingVerifyMessage + 174 fffff80776681eae 5 bytes {CALL 0xfffffffffdc31912}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!QuerySecurityContextToken + 73 fffff80776683059 6 bytes {CALL 0x7247}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!QuerySecurityContextToken + 123 fffff8077668308b 2 bytes [4C, 8B]

PAGEMSG ... * 2

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!QueryContextAttributesW + 105 fffff80776683129 6 bytes {CALL 0x7177}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!UnsealMessage + 84 fffff807766831d4 6 bytes {CALL 0x70cc}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!SealMessage + 82 fffff80776683262 6 bytes {CALL 0x703e}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!ImpersonateSecurityContext + 68 fffff807766832e4 6 bytes {CALL 0x6fbc}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!ImpersonateSecurityContext + 92 fffff807766832fc 2 bytes [4C, 8B]

PAGEMSG ... * 4

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!RevertSecurityContext + 29 fffff807766833bd 2 bytes [4C, 8B]

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!RevertSecurityContext + 36 fffff807766833c4 5 bytes {CALL 0xfffffffffd74e0cc}

PAGEMSG ... * 3

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!CompleteAuthToken + 69 fffff80776683465 6 bytes {CALL 0x6e3b}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!MakeSignature + 89 fffff807766834e9 6 bytes {CALL 0x6db7}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!VerifySignature + 91 fffff8077668357b 6 bytes {CALL 0x6d25}

PAGEMSG C:\Windows\System32\drivers\ksecdd.sys!VerifySignature + 246 fffff80776683616 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerSubmitUserCrashReport + 108 fffff8077664807c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerSubmitUserCrashReport + 115 fffff80776648083 5 bytes {CALL 0xfffffffffd3712ed}

PAGE ... * 29

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCancelReport + 37 fffff80776648575 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCancelReport + 44 fffff8077664857c 5 bytes {CALL 0xfffffffffd2da634}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCloseHandle + 55 fffff80776648647 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCloseHandle + 62 fffff8077664864e 5 bytes {CALL 0xfffffffffd2da562}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCreateReport + 91 fffff8077664872b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCreateReport + 98 fffff80776648732 5 bytes {CALL 0xfffffffffd2da47e}

PAGE ... * 15

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelOpenDumpFile + 66 fffff807766489f2 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelOpenDumpFile + 73 fffff807766489f9 5 bytes {CALL 0xfffffffffd2da1b7}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelSubmitReport + 37 fffff80776648ac5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelSubmitReport + 44 fffff80776648acc 5 bytes {CALL 0xfffffffffd2da0e4}

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsGetManagementSupportInterface + 82 fffff80776731272 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsGetManagementSupportInterface + 89 fffff80776731279 5 bytes {CALL 0xfffffffffd10c927}

.text ... * 17

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnInvalid + 91 fffff8077673218b 6 bytes {CALL 0x66115}

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnInvalid + 160 fffff807767321d0 2 bytes [4C, 8B]

.text ... * 16

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnDifference + 291 fffff807767324c3 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnDifference + 298 fffff807767324ca 5 bytes {CALL 0xfffffffffd437bd6}

.text ... * 20

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnRecordSequence + 165 fffff807767328e5 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnRecordSequence + 172 fffff807767328ec 5 bytes {CALL 0xfffffffffd4377b4}

.text ... * 3

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivGetBaseLogFileFromFileObjectPointer + 114 fffff807767329f2 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivGetBaseLogFileFromFileObjectPointer + 121 fffff807767329f9 5 bytes {CALL 0xfffffffffd104327}

.text ... * 14

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnContainer + 47 fffff80776732d7f 6 bytes {CALL 0x65521}

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnContainer + 75 fffff80776732d9b 6 bytes {CALL 0x65505}

.text ... * 5

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnGreater + 198 fffff80776734f06 3 bytes [E8, 95, 33]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnGreater + 202 fffff80776734f0a 2 bytes [00, 90]

.text ... * 10

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnBlockOffset + 273 fffff80776735de1 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnBlockOffset + 280 fffff80776735de8 5 bytes {CALL 0xfffffffffd16f888}

.text ... * 8

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnEqual + 94 fffff807767382de 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnEqual + 101 fffff807767382e5 5 bytes {CALL 0xfffffffffd0e780b}

.text ... * 19

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsQueryLogFileInformation + 119 fffff80776738da7 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsQueryLogFileInformation + 126 fffff80776738dae 5 bytes {CALL 0xfffffffffd104df2}

.text ... * 13

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsGetObservableInterface + 83 fffff8077673a783 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsGetObservableInterface + 90 fffff8077673a78a 5 bytes {CALL 0xfffffffffd103416}

.text ... * 16

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLaterLsn + 178 fffff80776742b52 6 bytes {CALL 0x5574e}

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsLaterLsn + 375 fffff80776742c17 6 bytes {CALL 0x55689}

.text ... * 2

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsAlignReservedLog + 217 fffff80776742e19 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsAlignReservedLog + 224 fffff80776742e20 5 bytes {CALL 0xfffffffffd0fad80}

.text ... * 5

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsAllocReservedLog + 156 fffff8077674302c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsAllocReservedLog + 163 fffff80776743033 5 bytes {CALL 0xfffffffffd0fab6d}

.text ... * 5

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsGetIoStatistics + 451 fffff80776743393 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsGetIoStatistics + 458 fffff8077674339a 5 bytes {CALL 0xfffffffffd0fa806}

.text ... * 9

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivQueryErrorState + 94 fffff807767437de 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivQueryErrorState + 101 fffff807767437e5 5 bytes {CALL 0xfffffffffd0fa3bb}

.text ... * 9

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsReadPreviousRestartArea + 266 fffff80776743a4a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsReadPreviousRestartArea + 273 fffff80776743a51 5 bytes {CALL 0xfffffffffd0fa14f}

.text ... * 5

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsSetEndOfLog + 273 fffff80776743d11 6 bytes {CALL 0x5458f}

.text C:\Windows\System32\drivers\CLFS.SYS!ClfsSetEndOfLog + 455 fffff80776743dc7 6 bytes {CALL 0x544d9}

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtQueryPolicy + 56 fffff80776757598 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtQueryPolicy + 63 fffff8077675759f 5 bytes {CALL 0xfffffffffd0e6601}

PAGE ... * 19

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsAdvanceLogBase + 134 fffff80776757ca6 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsAdvanceLogBase + 141 fffff80776757cad 5 bytes {CALL 0xfffffffffd0e5ef3}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteLogByPointer + 69 fffff80776758215 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteLogByPointer + 76 fffff8077675821c 5 bytes {CALL 0xfffffffffd0e5984}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsFreeReservedLog + 105 fffff807767584f9 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsFreeReservedLog + 112 fffff80776758500 5 bytes {CALL 0xfffffffffd0e56a0}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRegisterManagedClient + 93 fffff807767588fd 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRegisterManagedClient + 100 fffff80776758904 5 bytes {CALL 0xfffffffffd0e529c}

PAGE ... * 23

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateMarshallingArea + 363 fffff8077675951b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateMarshallingArea + 370 fffff80776759522 5 bytes {CALL 0xfffffffffd0df3fe}

PAGE ... * 17

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtSetLogFileSizeAsClient + 56 fffff80776759978 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtSetLogFileSizeAsClient + 63 fffff8077675997f 5 bytes {CALL 0xfffffffffd0e4221}

PAGE ... * 12

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsAddLogContainerSet + 121 fffff8077675b259 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsAddLogContainerSet + 128 fffff8077675b260 5 bytes {CALL 0xfffffffffd0e2940}

PAGE ... * 10

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtDeregisterManagedClient + 22 fffff8077675b506 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtDeregisterManagedClient + 29 fffff8077675b50d 5 bytes {CALL 0xfffffffffd0e2693}

PAGE ... * 27

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsWriteRestartArea + 193 fffff8077675c6a1 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsWriteRestartArea + 200 fffff8077675c6a8 5 bytes {CALL 0xfffffffffd0e14f8}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteMarshallingArea + 93 fffff8077675dd6d 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteMarshallingArea + 100 fffff8077675dd74 5 bytes {CALL 0xfffffffffd0dfe2c}

PAGE ... * 24

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsTerminateReadLog + 93 fffff8077675e24d 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsTerminateReadLog + 100 fffff8077675e254 5 bytes {CALL 0xfffffffffd0df94c}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReadLogRecord + 246 fffff8077675e4c6 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReadLogRecord + 253 fffff8077675e4cd 5 bytes {CALL 0xfffffffffd0df6d3}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReserveAndAppendLogAligned + 275 fffff8077675f6d3 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReserveAndAppendLogAligned + 282 fffff8077675f6da 5 bytes {CALL 0xfffffffffd0de4c6}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateLogFile + 328 fffff80776763f38 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateLogFile + 335 fffff80776763f3f 5 bytes {CALL 0xfffffffffd679851}

PAGE ... * 15

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsGetLogFileInformation + 119 fffff80776764b07 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsGetLogFileInformation + 126 fffff80776764b0e 5 bytes {CALL 0xfffffffffd0d9092}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsDispatchIoRequest + 114 fffff80776764fc2 6 bytes {CALL 0x332de}

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsDispatchIoRequest + 434 fffff80776765102 2 bytes [4C, 8B]

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtInstallPolicy + 58 fffff80776765a0a 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtInstallPolicy + 65 fffff80776765a11 5 bytes {CALL 0xfffffffffd0d818f}

PAGE ... * 29

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseLogFileObject + 50 fffff80776767c52 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseLogFileObject + 57 fffff80776767c59 5 bytes {CALL 0xfffffffffd0d5f47}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReadNextLogRecord + 313 fffff807767693b9 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReadNextLogRecord + 320 fffff807767693c0 5 bytes {CALL 0xfffffffffd0d47e0}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReadRestartArea + 171 fffff8077676a1db 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsReadRestartArea + 178 fffff8077676a1e2 5 bytes {CALL 0xfffffffffd0d39be}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsFlushToLsn + 139 fffff8077676b02b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsFlushToLsn + 146 fffff8077676b032 5 bytes {CALL 0xfffffffffd0d2b6e}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateScanContext + 178 fffff80776770322 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateScanContext + 185 fffff80776770329 5 bytes {CALL 0xfffffffffd0cd877}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsInitialize + 260 fffff80776773fc4 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsInitialize + 267 fffff80776773fcb 5 bytes {CALL 0xfffffffffd1fc7f5}

PAGE ... * 23

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseAndResetLogFile + 101 fffff8077678bf85 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseAndResetLogFile + 108 fffff8077678bf8c 5 bytes {CALL 0xfffffffffd0b1c14}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsFinalize + 91 fffff8077678c42b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsFinalize + 98 fffff8077678c432 5 bytes {CALL 0xfffffffffd1e645e}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsGetContainerName + 390 fffff8077678c756 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsGetContainerName + 397 fffff8077678c75d 5 bytes {CALL 0xfffffffffd0b1443}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsRemoveLogContainerSet + 292 fffff8077678cc54 2 bytes {JMP 0xffffffffffffffab}

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsRemoveLogContainerSet + 299 fffff8077678cc5b 5 bytes {CALL 0xfffffffffd0b0f45}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsScanLogContainers + 504 fffff8077678d0f8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsScanLogContainers + 511 fffff8077678d0ff 5 bytes {CALL 0xfffffffffd0b0aa1}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsSetArchiveTail + 133 fffff8077678d455 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsSetArchiveTail + 140 fffff8077678d45c 5 bytes {CALL 0xfffffffffd0b0744}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsSetLogFileInformation + 133 fffff8077678d6c5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsSetLogFileInformation + 140 fffff8077678d6cc 5 bytes {CALL 0xfffffffffd0b04d4}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtHandleLogFileFull + 25 fffff8077678dfe9 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtHandleLogFileFull + 32 fffff8077678dff0 5 bytes {CALL 0xfffffffffd0afbb0}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRemovePolicy + 42 fffff8077678e06a 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRemovePolicy + 49 fffff8077678e071 5 bytes {CALL 0xfffffffffd0afb2f}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtTailAdvanceFailure + 36 fffff8077678e124 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtTailAdvanceFailure + 43 fffff8077678e12b 5 bytes {CALL 0xfffffffffd0afa75}

.text C:\Windows\System32\drivers\tm.sys!TmShutdownSystem + 367 fffff80776701b9f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\tm.sys!TmShutdownSystem + 374 fffff80776701ba6 5 bytes {CALL 0xfffffffffd6c3aca}

PAGE C:\Windows\System32\drivers\tm.sys!TmCurrentTransaction + 47 fffff8077670b03f 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmCurrentTransaction + 54 fffff8077670b046 5 bytes {CALL 0xfffffffffd1ba04a}

PAGE C:\Windows\System32\drivers\tm.sys!DllUnload + 352 fffff8077670b210 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!DllUnload + 359 fffff8077670b217 5 bytes {CALL 0xfffffffffd132989}

PAGE ... * 15

PAGE C:\Windows\System32\drivers\tm.sys!TmInitSystemPhase2 + 337 fffff8077670c1a1 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmInitSystemPhase2 + 344 fffff8077670c1a8 5 bytes {CALL 0xfffffffffd6b94c8}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\tm.sys!TmRecoverTransactionManager + 250 fffff8077670c3ea 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRecoverTransactionManager + 257 fffff8077670c3f1 4 bytes [E8, 1A, D5, 04]

PAGE C:\Windows\System32\drivers\tm.sys!TmCommitEnlistment + 69 fffff80776710665 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmCommitEnlistment + 76 fffff8077671066c 5 bytes {CALL 0xfffffffffd212544}

PAGE ... * 19

PAGE C:\Windows\System32\drivers\tm.sys!TmDereferenceEnlistmentKey + 44 fffff8077671088c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmDereferenceEnlistmentKey + 51 fffff80776710893 5 bytes {CALL 0xfffffffffd129b2d}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!TmPrePrepareEnlistment + 66 fffff807767109a2 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmPrePrepareEnlistment + 73 fffff807767109a9 5 bytes {CALL 0xfffffffffd212207}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!TmPrepareEnlistment + 66 fffff80776710b32 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmPrepareEnlistment + 73 fffff80776710b39 5 bytes {CALL 0xfffffffffd212077}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!TmRecoverEnlistment + 74 fffff80776710d5a 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRecoverEnlistment + 81 fffff80776710d61 5 bytes {CALL 0xfffffffffd12965f}

PAGE ... * 17

PAGE C:\Windows\System32\drivers\tm.sys!TmReferenceEnlistmentKey + 57 fffff80776710f69 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmReferenceEnlistmentKey + 64 fffff80776710f70 5 bytes {CALL 0xfffffffffd129450}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!TmRequestOutcomeEnlistment + 78 fffff8077671102e 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRequestOutcomeEnlistment + 85 fffff80776711035 5 bytes {CALL 0xfffffffffd211b7b}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\tm.sys!TmRollbackEnlistment + 69 fffff807767112e5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRollbackEnlistment + 76 fffff807767112ec 5 bytes {CALL 0xfffffffffd2118c4}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\tm.sys!TmSinglePhaseReject + 65 fffff80776711521 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmSinglePhaseReject + 72 fffff80776711528 5 bytes {CALL 0xfffffffffd211688}

PAGE ... * 39

PAGE C:\Windows\System32\drivers\tm.sys!TmCommitTransaction + 51 fffff80776712573 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmCommitTransaction + 58 fffff8077671257a 5 bytes {CALL 0xfffffffffd210636}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\tm.sys!TmFreezeTransactions + 90 fffff807767128ba 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmFreezeTransactions + 97 fffff807767128c1 5 bytes {CALL 0xfffffffffd127aff}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\tm.sys!TmGetTransactionId + 62 fffff80776712b2e 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmGetTransactionId + 69 fffff80776712b35 5 bytes {CALL 0xfffffffffd11e1db}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\tm.sys!TmIsKTMCommitCoordinator + 56 fffff80776712db8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmIsKTMCommitCoordinator + 63 fffff80776712dbf 5 bytes {CALL 0xfffffffffd138651}

PAGE C:\Windows\System32\drivers\tm.sys!TmRollbackTransaction + 51 fffff80776712e43 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRollbackTransaction + 58 fffff80776712e4a 5 bytes {CALL 0xfffffffffd20fd66}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\tm.sys!TmThawTransactions + 40 fffff80776713078 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmThawTransactions + 47 fffff8077671307f 5 bytes {CALL 0xfffffffffd134931}

PAGE ... * 29

PAGE C:\Windows\System32\drivers\tm.sys!TmEnableCallbacks + 68 fffff80776715184 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmEnableCallbacks + 75 fffff8077671518b 5 bytes {CALL 0xfffffffffd125235}

PAGE ... * 37

PAGE C:\Windows\System32\drivers\tm.sys!TmRecoverResourceManager + 86 fffff80776715596 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRecoverResourceManager + 93 fffff8077671559d 5 bytes {CALL 0xfffffffffd124e23}

PAGE ... * 30

PAGE C:\Windows\System32\drivers\tm.sys!NtCommitComplete + 117 fffff80776716b65 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCommitComplete + 124 fffff80776716b6c 1 byte [E8]

PAGE ... * 6

PAGE C:\Windows\System32\drivers\tm.sys!NtCommitEnlistment + 117 fffff80776716c45 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCommitEnlistment + 124 fffff80776716c4c 5 bytes {CALL 0xfffffffffd6dc444}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateEnlistment + 224 fffff80776716d90 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateEnlistment + 231 fffff80776716d97 5 bytes {CALL 0xfffffffffd6dc2f9}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenEnlistment + 212 fffff80776716f54 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenEnlistment + 219 fffff80776716f5b 5 bytes {CALL 0xfffffffffd9f9f75}

PAGE ... * 18

PAGE C:\Windows\System32\drivers\tm.sys!NtPrePrepareComplete + 117 fffff807767171b5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtPrePrepareComplete + 124 fffff807767171bc 5 bytes {CALL 0xfffffffffd6dbed4}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtPrePrepareEnlistment + 117 fffff80776717295 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtPrePrepareEnlistment + 124 fffff8077671729c 5 bytes {CALL 0xfffffffffd6dbdf4}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtPrepareComplete + 117 fffff80776717375 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtPrepareComplete + 124 fffff8077671737c 5 bytes {CALL 0xfffffffffd6dbd14}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtPrepareEnlistment + 117 fffff80776717455 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtPrepareEnlistment + 124 fffff8077671745c 5 bytes {CALL 0xfffffffffd6dbc34}

PAGE ... * 6

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationEnlistment + 126 fffff8077671753e 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationEnlistment + 133 fffff80776717545 5 bytes {CALL 0xfffffffffd6d205b}

PAGE ... * 17

PAGE C:\Windows\System32\drivers\tm.sys!NtReadOnlyEnlistment + 117 fffff80776717825 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtReadOnlyEnlistment + 124 fffff8077671782c 5 bytes {CALL 0xfffffffffd6db864}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtRecoverEnlistment + 56 fffff807767178c8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRecoverEnlistment + 63 fffff807767178cf 5 bytes {CALL 0xfffffffffd6db7c1}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!NtRollbackComplete + 117 fffff80776717985 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRollbackComplete + 124 fffff8077671798c 5 bytes {CALL 0xfffffffffd6db704}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtRollbackEnlistment + 117 fffff80776717a65 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRollbackEnlistment + 124 fffff80776717a6c 1 byte [E8]

PAGE ... * 6

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationEnlistment + 220 fffff80776717bac 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationEnlistment + 227 fffff80776717bb3 5 bytes {CALL 0xfffffffffd6db4dd}

PAGE ... * 25

PAGE C:\Windows\System32\drivers\tm.sys!NtSinglePhaseReject + 117 fffff80776717e45 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtSinglePhaseReject + 124 fffff80776717e4c 5 bytes {CALL 0xfffffffffd6db244}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!TmCreateEnlistment + 169 fffff80776717f59 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmCreateEnlistment + 176 fffff80776717f60 5 bytes {CALL 0xfffffffffd718210}

PAGE ... * 12

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateResourceManager + 206 fffff8077671816e 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateResourceManager + 213 fffff80776718175 5 bytes {CALL 0xfffffffffd9f8d5b}

PAGE ... * 22

PAGE C:\Windows\System32\drivers\tm.sys!NtGetNotificationResourceManager + 80 fffff80776718510 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtGetNotificationResourceManager + 87 fffff80776718517 5 bytes {CALL 0xfffffffffd6d1089}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenResourceManager + 171 fffff8077671870b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenResourceManager + 178 fffff80776718712 5 bytes {CALL 0xfffffffffd9f87be}

PAGE ... * 17

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationResourceManager + 119 fffff80776718967 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationResourceManager + 126 fffff8077671896e 5 bytes {CALL 0xfffffffffd6d0c32}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\tm.sys!NtRecoverResourceManager + 53 fffff80776718bc5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRecoverResourceManager + 60 fffff80776718bcc 5 bytes {CALL 0xfffffffffd6da4c4}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationResourceManager + 272 fffff80776718d20 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationResourceManager + 279 fffff80776718d27 5 bytes {CALL 0xfffffffffd6da369}

PAGE ... * 25

PAGE C:\Windows\System32\drivers\tm.sys!TmInitializeTransactionManager + 67 fffff80776718ee3 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmInitializeTransactionManager + 74 fffff80776718eea 5 bytes {CALL 0xfffffffffd1c1f86}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\tm.sys!TmRenameTransactionManager + 133 fffff80776719305 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmRenameTransactionManager + 140 fffff8077671930c 5 bytes {CALL 0xfffffffffd1106b4}

PAGE ... * 37

PAGE C:\Windows\System32\drivers\tm.sys!NtCommitTransaction + 70 fffff8077671baf6 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCommitTransaction + 77 fffff8077671bafd 5 bytes {CALL 0xfffffffffd6d7593}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateTransaction + 227 fffff8077671bc33 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateTransaction + 234 fffff8077671bc3a 5 bytes {CALL 0xfffffffffd9f5296}

PAGE ... * 17

PAGE C:\Windows\System32\drivers\tm.sys!NtEnumerateTransactionObject + 152 fffff8077671c0d8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtEnumerateTransactionObject + 159 fffff8077671c0df 5 bytes {CALL 0xfffffffffd6cd4c1}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\tm.sys!NtFreezeTransactions + 232 fffff8077671c3b8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtFreezeTransactions + 239 fffff8077671c3bf 5 bytes {CALL 0xfffffffffd81f551}

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenTransaction + 183 fffff8077671c497 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenTransaction + 190 fffff8077671c49e 5 bytes {CALL 0xfffffffffd9f4a32}

PAGE ... * 19

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransaction + 283 fffff8077671c7cb 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransaction + 290 fffff8077671c7d2 5 bytes {CALL 0xfffffffffd6ccdce}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\tm.sys!NtRollbackTransaction + 70 fffff8077671ce26 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRollbackTransaction + 77 fffff8077671ce2d 5 bytes {CALL 0xfffffffffd6d6263}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationTransaction + 261 fffff8077671cf85 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationTransaction + 268 fffff8077671cf8c 5 bytes {CALL 0xfffffffffd6d6104}

PAGE ... * 23

PAGE C:\Windows\System32\drivers\tm.sys!NtThawTransactions + 71 fffff8077671d1e7 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtThawTransactions + 78 fffff8077671d1ee 5 bytes {CALL 0xfffffffffd6ad572}

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateTransactionManager + 181 fffff8077671d2c5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtCreateTransactionManager + 188 fffff8077671d2cc 5 bytes {CALL 0xfffffffffd9f3c04}

PAGE ... * 17

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenTransactionManager + 229 fffff8077671d605 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtOpenTransactionManager + 236 fffff8077671d60c 5 bytes {CALL 0xfffffffffd9f38c4}

PAGE ... * 19

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransactionManager + 280 fffff8077671d9c8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransactionManager + 287 fffff8077671d9cf 5 bytes {CALL 0xfffffffffd6cbbd1}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\tm.sys!NtRecoverTransactionManager + 53 fffff8077671de95 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRecoverTransactionManager + 60 fffff8077671de9c 5 bytes {CALL 0xfffffffffd6d51f4}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\tm.sys!NtRenameTransactionManager + 155 fffff8077671df7b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRenameTransactionManager + 162 fffff8077671df82 5 bytes {CALL 0xfffffffffd9f2f4e}

PAGE ... * 11

PAGE C:\Windows\System32\drivers\tm.sys!NtRollforwardTransactionManager + 117 fffff8077671e165 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRollforwardTransactionManager + 124 fffff8077671e16c 1 byte [E8]

PAGE ... * 6

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationTransactionManager + 83 fffff8077671e223 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtSetInformationTransactionManager + 90 fffff8077671e22a 5 bytes {CALL 0xfffffffffd6d4e66}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtPropagationComplete + 137 fffff8077671e309 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtPropagationComplete + 144 fffff8077671e310 5 bytes {CALL 0xfffffffffd6d4d80}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\tm.sys!NtPropagationFailed + 69 fffff8077671e3e5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtPropagationFailed + 76 fffff8077671e3ec 5 bytes {CALL 0xfffffffffd6d4ca4}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!NtRegisterProtocolAddressInformation + 102 fffff8077671e4b6 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!NtRegisterProtocolAddressInformation + 109 fffff8077671e4bd 5 bytes {CALL 0xfffffffffd9f2a13}

PAGE ... * 31

PAGE C:\Windows\System32\drivers\tm.sys!TmEndPropagationRequest + 34 fffff8077671e852 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmEndPropagationRequest + 41 fffff8077671e859 5 bytes {CALL 0xfffffffffd11bb67}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\tm.sys!TmPropagationFailed + 48 fffff8077671e950 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\tm.sys!TmPropagationFailed + 55 fffff8077671e957 5 bytes {CALL 0xfffffffffd11ba69}

.text C:\Windows\system32\PSHED.dll!PshedRetrieveErrorInfo + 82 fffff807767a1062 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedRetrieveErrorInfo + 89 fffff807767a1069 5 bytes {CALL 0xfffffffffd0d08f7}

.text ... * 9

.text C:\Windows\system32\PSHED.dll!PshedWriteErrorRecord + 217 fffff807767a1599 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedWriteErrorRecord + 224 fffff807767a15a0 5 bytes {CALL 0xfffffffffd96e200}

.text C:\Windows\system32\PSHED.dll!PshedReadErrorRecord + 90 fffff807767a166a 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedReadErrorRecord + 97 fffff807767a1671 5 bytes {CALL 0xfffffffffd3c899f}

.text C:\Windows\system32\PSHED.dll!PshedClearErrorRecord + 42 fffff807767a170a 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedClearErrorRecord + 49 fffff807767a1711 5 bytes {CALL 0xfffffffffd0d024f}

.text ... * 7

.text C:\Windows\system32\PSHED.dll!PshedFinalizeErrorRecord + 39 fffff807767a17c7 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedFinalizeErrorRecord + 46 fffff807767a17ce 5 bytes {CALL 0xfffffffffd0d0192}

.text ... * 7

.text C:\Windows\system32\PSHED.dll!PshedAttemptErrorRecovery + 30 fffff807767a187e 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedAttemptErrorRecovery + 37 fffff807767a1885 5 bytes {CALL 0xfffffffffd0d00db}

.text ... * 7

.text C:\Windows\system32\PSHED.dll!PshedBugCheckSystem + 4 fffff807767a1914 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedBugCheckSystem + 11 fffff807767a191b 5 bytes {CALL 0xfffffffffdb57df5}

.text C:\Windows\system32\PSHED.dll!PshedGetErrorSourceInfo + 65 fffff807767a1971 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedGetErrorSourceInfo + 72 fffff807767a1978 5 bytes {CALL 0xfffffffffd0cffe8}

.text ... * 8

.text C:\Windows\system32\PSHED.dll!PshedSetErrorSourceInfo + 26 fffff807767a1a0a 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedSetErrorSourceInfo + 33 fffff807767a1a11 5 bytes {CALL 0xfffffffffd39ba0f}

.text ... * 9

.text C:\Windows\system32\PSHED.dll!PshedEnableErrorSource + 47 fffff807767a1aef 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedEnableErrorSource + 54 fffff807767a1af6 5 bytes {CALL 0xfffffffffd0cfe6a}

.text ... * 7

.text C:\Windows\system32\PSHED.dll!PshedDisableErrorSource + 75 fffff807767a1bcb 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedDisableErrorSource + 82 fffff807767a1bd2 5 bytes {CALL 0xfffffffffd0cfd8e}

.text ... * 7

.text C:\Windows\system32\PSHED.dll!PshedGetInjectionCapabilities + 139 fffff807767a1cdb 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedGetInjectionCapabilities + 146 fffff807767a1ce2 5 bytes {CALL 0xfffffffffd0cfc7e}

.text ... * 7

.text C:\Windows\system32\PSHED.dll!PshedInjectError + 325 fffff807767a1eb5 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedInjectError + 332 fffff807767a1ebc 5 bytes {CALL 0xfffffffffd1f23d4}

.text C:\Windows\system32\PSHED.dll!PshedMarkHiberPhase + 29 fffff807767a1f0d 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedMarkHiberPhase + 36 fffff807767a1f14 5 bytes {CALL 0xfffffffffd1b8d7c}

.text ... * 3

.text C:\Windows\system32\PSHED.dll!PshedGetBootErrorPacket + 88 fffff807767a23d8 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedGetBootErrorPacket + 95 fffff807767a23df 5 bytes {CALL 0xfffffffffd3c7c31}

.text ... * 17

.text C:\Windows\system32\PSHED.dll!PshedIsSystemWheaEnabled + 522 fffff807767a288a 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedIsSystemWheaEnabled + 529 fffff807767a2891 5 bytes {CALL 0xfffffffffd10d77f}

.text ... * 9

.text C:\Windows\system32\PSHED.dll!PshedSynchronizeExecution + 78 fffff807767a2a1e 2 bytes [4C, 8B]

.text C:\Windows\system32\PSHED.dll!PshedSynchronizeExecution + 85 fffff807767a2a25 5 bytes {CALL 0xfffffffffd09b12b}

PAGE C:\Windows\system32\PSHED.dll!PshedGetAllErrorSources + 58 fffff807767ac04a 2 bytes [4C, 8B]

PAGE C:\Windows\system32\PSHED.dll!PshedGetAllErrorSources + 65 fffff807767ac051 5 bytes {CALL 0xfffffffffd08e36f}

PAGE ... * 11

PAGE C:\Windows\system32\PSHED.dll!PshedRegisterPlugin + 166 fffff807767ac276 2 bytes [4C, 8B]

PAGE C:\Windows\system32\PSHED.dll!PshedRegisterPlugin + 173 fffff807767ac27d 5 bytes {CALL 0xfffffffffd091923}

PAGE ... * 10

PAGE C:\Windows\system32\PSHED.dll!PshedUnregisterPlugin + 27 fffff807767ac65b 2 bytes [4C, 8B]

PAGE C:\Windows\system32\PSHED.dll!PshedUnregisterPlugin + 34 fffff807767ac662 5 bytes {CALL 0xfffffffffd09153e}

PAGE ... * 8

PAGE C:\Windows\system32\PSHED.dll!PshedAllocateMemory + 17 fffff807767ac6f1 2 bytes [4C, 8B]

PAGE C:\Windows\system32\PSHED.dll!PshedAllocateMemory + 24 fffff807767ac6f8 5 bytes {CALL 0xfffffffffd3bd918}

PAGE C:\Windows\system32\PSHED.dll!PshedFreeMemory + 9 fffff807767ac719 2 bytes [4C, 8B]

PAGE C:\Windows\system32\PSHED.dll!PshedFreeMemory + 16 fffff807767ac720 5 bytes {CALL 0xfffffffffd3bd980}

PAGE C:\Windows\System32\drivers\cmimcext.sys!CmCompleteInitMachineConfig + 325 fffff80776967175 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\cmimcext.sys!CmCompleteInitMachineConfig + 332 fffff8077696717c 5 bytes {CALL 0xfffffffffd055784}

PAGE C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationLoad + 76 fffff8077697606c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationLoad + 83 fffff80776976073 5 bytes {CALL 0xfffffffffd4546ed}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationUnload + 76 fffff8077697618c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationUnload + 83 fffff80776976193 5 bytes {CALL 0xfffffffffd4545cd}

.text C:\Windows\system32\drivers\WDFLDR.SYS!DllInitialize + 139 fffff8077698149b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WDFLDR.SYS!DllInitialize + 146 fffff807769814a2 5 bytes {CALL 0xfffffffffd55041e}

.text ... * 7

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBindClass + 67 fffff80776981643 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBindClass + 74 fffff8077698164a 5 bytes {CALL 0xfffffffffd1e89c6}

.text ... * 24

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrDiagnosticsValueByNameAsULONG + 131 fffff80776981ed3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrDiagnosticsValueByNameAsULONG + 138 fffff80776981eda 5 bytes {CALL 0xfffffffffd037236}

.text ... * 19

.text C:\Windows\system32\drivers\WDFLDR.SYS!DllUnload + 33 fffff807769860f1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WDFLDR.SYS!DllUnload + 40 fffff807769860f8 5 bytes {CALL 0xfffffffffcf9caf8}

.text ... * 15

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrQueryInterface + 43 fffff807769862eb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrQueryInterface + 50 fffff807769862f2 5 bytes {CALL 0xfffffffffd03ec2e}

.text ... * 5

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbindClass + 68 fffff80776986414 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbindClass + 75 fffff8077698641b 5 bytes {CALL 0xfffffffffcf9c7d5}

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfRegisterLibrary + 157 fffff8077698d0ad 6 bytes {CALL 0x61f3}

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfRegisterLibrary + 266 fffff8077698d11a 2 bytes [4C, 8B]

PAGE ... * 9

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfRegisterClassLibrary + 205 fffff8077698d30d 6 bytes {CALL 0x5f93}

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBind + 208 fffff8077698d480 6 bytes {CALL 0x5e20}

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBind + 398 fffff8077698d53e 6 bytes {CALL 0x5d62}

PAGE ... * 21

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbind + 37 fffff8077698dc15 2 bytes [4C, 8B]

PAGE C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbind + 44 fffff8077698dc1c 5 bytes {CALL 0xfffffffffcf94fd4}

.text C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStart + 114 fffff807769b18d2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStart + 121 fffff807769b18d9 5 bytes {CALL 0xfffffffffd51ffe7}

.text ... * 17

.text C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStop + 80 fffff807769b1da0 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStop + 87 fffff807769b1da7 5 bytes {CALL 0xfffffffffcfc8b69}

.text ... * 9

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderConfigure + 97 fffff807769b2131 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderConfigure + 104 fffff807769b2138 5 bytes {CALL 0xfffffffffce88288}

.text ... * 11

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDelete + 58 fffff807769b241a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDelete + 65 fffff807769b2421 5 bytes {CALL 0xfffffffffcfc84ef}

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDumpLiveData + 185 fffff807769b2619 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDumpLiveData + 192 fffff807769b2620 5 bytes {CALL 0xfffffffffd1b79f0}

.text ... * 3

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderReplay + 79 fffff807769b348f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderReplay + 86 fffff807769b3496 5 bytes {CALL 0xfffffffffce86f2a}

.text ... * 11

.text C:\Windows\system32\drivers\WppRecorder.sys!DllInitialize + 212 fffff807769b39a4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!DllInitialize + 219 fffff807769b39ab 5 bytes {CALL 0xfffffffffcee8195}

.text ... * 15

.text C:\Windows\system32\drivers\WppRecorder.sys!DllUnload + 86 fffff807769b3cd6 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\WppRecorder.sys!DllUnload + 93 fffff807769b3cdd 5 bytes {CALL 0xfffffffffd1b63c3}

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Initialize + 100 fffff807769a2154 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Initialize + 107 fffff807769a215b 5 bytes {CALL 0xfffffffffcf07ca5}

.text ... * 19

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Uninitialize + 130 fffff807769a2692 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Uninitialize + 137 fffff807769a2699 5 bytes {CALL 0xfffffffffcf07767}

.text ... * 7

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_RegisterComponentEx + 172 fffff807769a2f5c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_RegisterComponentEx + 179 fffff807769a2f63 5 bytes {CALL 0xfffffffffd1c70ad}

.text ... * 7

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UnregisterComponent + 126 fffff807769a324e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UnregisterComponent + 133 fffff807769a3255 5 bytes {CALL 0xfffffffffcf06bab}

.text ... * 3

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentActive + 43 fffff807769a342b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentActive + 50 fffff807769a3432 5 bytes {CALL 0xfffffffffcf069ce}

.text ... * 3

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentInactive + 48 fffff807769a3520 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentInactive + 55 fffff807769a3527 5 bytes {CALL 0xfffffffffcf068d9}

.text ... * 3

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_AcquireComponentLock + 38 fffff807769a35d6 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_AcquireComponentLock + 45 fffff807769a35dd 5 bytes {CALL 0xfffffffffcf06823}

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ReleaseComponentLock + 31 fffff807769a361f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ReleaseComponentLock + 38 fffff807769a3626 5 bytes {CALL 0xfffffffffcf0656a}

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UpdateFriendlyName + 142 fffff807769a36ce 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UpdateFriendlyName + 149 fffff807769a36d5 5 bytes {CALL 0xfffffffffd1c693b}

.text ... * 7

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ResetComponentsStartTime + 43 fffff807769a384b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ResetComponentsStartTime + 50 fffff807769a3852 5 bytes {CALL 0xfffffffffcf065ae}

.text ... * 7

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_GetPdoFriendlyName + 327 fffff807769a4607 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_GetPdoFriendlyName + 334 fffff807769a460e 5 bytes {CALL 0xfffffffffd1c5a92}

.text ... * 9

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!DllInitialize + 101 fffff807769a4a25 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!DllInitialize + 108 fffff807769a4a2c 5 bytes {CALL 0xfffffffffcef7114}

.text C:\Windows\system32\drivers\SleepStudyHelper.sys!DllUnload + 272 fffff807769a4b60 5 bytes JMP fffff807769af2e0

.text C:\Windows\System32\drivers\WMILIB.SYS!WmiCompleteRequest + 169 fffff80776dc10b9 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\WMILIB.SYS!WmiCompleteRequest + 176 fffff80776dc10c0 5 bytes {CALL 0xfffffffffca85a90}

.text ... * 2

.text C:\Windows\System32\drivers\WMILIB.SYS!WmiFireEvent + 69 fffff80776dc15b5 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\WMILIB.SYS!WmiFireEvent + 76 fffff80776dc15bc 5 bytes {CALL 0xfffffffffcda8a54}

PAGE C:\Windows\System32\drivers\WMILIB.SYS!WmiSystemControl + 281 fffff80776dc6129 5 bytes {CALL 0x5f97}

PAGE C:\Windows\System32\drivers\WMILIB.SYS!WmiSystemControl + 386 fffff80776dc6192 6 bytes {CALL 0x610e}

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoAlloc + 93 fffff807778b11ad 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoAlloc + 100 fffff807778b11b4 5 bytes {CALL 0xfffffffffc11356c}

.text ... * 2

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoDestroyIfUnused + 181 fffff807778b1315 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoDestroyIfUnused + 188 fffff807778b131c 5 bytes {CALL 0xfffffffffc055864}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferAndNetBufferListChain + 36 fffff807778b13b4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferAndNetBufferListChain + 43 fffff807778b13bb 5 bytes {CALL 0xffffffffffe8c775}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeMdl + 111 fffff807778b14cf 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeMdl + 118 fffff807778b14d6 5 bytes {CALL 0xfffffffffc0556aa}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCopyNetBufferListChain + 140 fffff807778b15ac 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCopyNetBufferListChain + 147 fffff807778b15b3 5 bytes {CALL 0xffffffffffe8c57d}

.text ... * 8

.text C:\Windows\system32\drivers\NETIO.SYS!MdpFree + 100 fffff807778b16e4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!MdpFree + 107 fffff807778b16eb 5 bytes {CALL 0xfffffffffc113075}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateMdl + 84 fffff807778b18f4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateMdl + 91 fffff807778b18fb 5 bytes {CALL 0xfffffffffbfb4d05}

.text ... * 18

.text C:\Windows\system32\drivers\NETIO.SYS!KfdDiagnoseEvent + 256 fffff807778b2020 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdDiagnoseEvent + 263 fffff807778b2027 5 bytes {CALL 0xfffffffffbf8e4d9}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdIsDiagnoseEventEnabled + 58 fffff807778b23ca 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdIsDiagnoseEventEnabled + 65 fffff807778b23d1 5 bytes {CALL 0xfffffffffbf8e12f}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferAndNetBufferList + 52 fffff807778b2924 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferAndNetBufferList + 59 fffff807778b292b 5 bytes {CALL 0xffffffffffe8a3f5}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferListChain + 235 fffff807778b2e2b 6 bytes {CALL 0x91475}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferListChain + 297 fffff807778b2e69 6 bytes {CALL 0x91437}

.text ... * 10

.text C:\Windows\system32\drivers\NETIO.SYS!KfdReleaseTerminatingFilters + 167 fffff807778b3f47 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdReleaseTerminatingFilters + 174 fffff807778b3f4e 5 bytes {CALL 0xfffffffffc2b6152}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleNotifyFlowDeletion + 123 fffff807778b405b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleNotifyFlowDeletion + 130 fffff807778b4062 5 bytes {CALL 0xfffffffffbfb5d7e}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleRemoveFlowContextTable + 151 fffff807778b42e7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleRemoveFlowContextTable + 158 fffff807778b42ee 5 bytes {CALL 0xfffffffffbf8a012}

.text ... * 28

.text C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlow + 193 fffff807778b4831 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlow + 200 fffff807778b4838 5 bytes {CALL 0xfffffffffbfb55a8}

.text ... * 8

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectDisconnect + 306 fffff807778b4b32 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectDisconnect + 313 fffff807778b4b39 5 bytes {CALL 0xfffffffffc052047}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!KfdIsLayerEmpty + 234 fffff807778b4dda 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdIsLayerEmpty + 241 fffff807778b4de1 5 bytes {CALL 0xfffffffffc10f93f}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectRemoteDisconnect + 298 fffff807778b50ba 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectRemoteDisconnect + 305 fffff807778b50c1 5 bytes {CALL 0xfffffffffc051abf}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferList + 177 fffff807778b51e1 6 bytes {CALL 0x8f0bf}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferList + 250 fffff807778b522a 6 bytes {CALL 0x8f076}

.text ... * 2

.text C:\Windows\system32\drivers\NETIO.SYS!KfdEnumLayer + 89 fffff807778b5369 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdEnumLayer + 96 fffff807778b5370 5 bytes {CALL 0xffffffffffe89340}

.text ... * 12

.text C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlowFast + 148 fffff807778b5784 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlowFast + 155 fffff807778b578b 5 bytes {CALL 0xffffffffffe88865}

.text ... * 12

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireEndpointContextFromFlow + 100 fffff807778b5a34 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireEndpointContextFromFlow + 107 fffff807778b5a3b 5 bytes {CALL 0xfffffffffbf888c5}

.text ... * 21

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInsertWorkQueue + 39 fffff807778b5dd7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInsertWorkQueue + 46 fffff807778b5dde 5 bytes {CALL 0xfffffffffbf88522}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoInit + 78 fffff807778b5e9e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoInit + 85 fffff807778b5ea5 5 bytes {CALL 0xfffffffffc2b416b}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectSend + 216 fffff807778b8708 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectSend + 223 fffff807778b870f 5 bytes {CALL 0xfffffffffc10c011}

.text ... * 10

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectReceive + 231 fffff807778b8b27 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectReceive + 238 fffff807778b8b2e 5 bytes {CALL 0xfffffffffc10bbf2}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!KfdClassify + 236 fffff807778b96dc 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdClassify + 243 fffff807778b96e3 5 bytes {CALL 0xffffffffffe84fcd}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlow + 74 fffff807778bdd3a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlow + 81 fffff807778bdd41 5 bytes {CALL 0xffffffffffe8096f}

.text ... * 20

.text C:\Windows\system32\drivers\NETIO.SYS!NsiSetParameterEx + 327 fffff807778be577 6 bytes {CALL 0x85d29}

.text C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterChangeNotificationEx + 194 fffff807778be712 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterChangeNotificationEx + 201 fffff807778be719 5 bytes {CALL 0xfffffffffbf7bca7}

.text ... * 15

.text C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotificationEx + 229 fffff807778be9a5 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotificationEx + 236 fffff807778be9ac 5 bytes {CALL 0xfffffffffbf7ba14}

.text ... * 23

.text C:\Windows\system32\drivers\NETIO.SYS!NsiEnumerateObjectsAllParametersEx + 252 fffff807778beedc 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiEnumerateObjectsAllParametersEx + 259 fffff807778beee3 5 bytes {CALL 0xfffffffffbfa771d}

.text ... * 8

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetAllParametersEx + 200 fffff807778bf668 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetAllParametersEx + 207 fffff807778bf66f 5 bytes {CALL 0xfffffffffbfa6f91}

.text ... * 6

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetParameterEx + 238 fffff807778bf9ee 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetParameterEx + 245 fffff807778bf9f5 5 bytes {CALL 0xfffffffffbfa6c0b}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData + 27 fffff807778c054b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData + 34 fffff807778c0552 5 bytes {CALL 0xffffffffffe7cb3e}

.text C:\Windows\system32\drivers\NETIO.SYS!FsbAllocateAtDpcLevel + 93 fffff807778c06cd 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FsbAllocateAtDpcLevel + 100 fffff807778c06d4 5 bytes {CALL 0xfffffffffc10404c}

.text ... * 19

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToMdlIndirect + 409 fffff807778c0bb9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToMdlIndirect + 416 fffff807778c0bc0 5 bytes {CALL 0xfffffffffc104530}

.text ... * 6

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListContext + 214 fffff807778c10a6 6 bytes {CALL 0x831fa}

.text C:\Windows\system32\drivers\NETIO.SYS!FsbFree + 98 fffff807778c1342 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FsbFree + 105 fffff807778c1349 5 bytes {CALL 0xfffffffffc103417}

.text ... * 8

.text C:\Windows\system32\drivers\NETIO.SYS!FsbAllocate + 33 fffff807778c1461 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FsbAllocate + 40 fffff807778c1468 5 bytes {CALL 0xfffffffffbfa5198}

.text ... * 20

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCopyNetBufferListEx + 66 fffff807778c1952 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCopyNetBufferListEx + 73 fffff807778c1959 5 bytes {CALL 0xffffffffffe7b3c7}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheAcceptBypass + 95 fffff807778c1b6f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheAcceptBypass + 102 fffff807778c1b76 5 bytes {CALL 0xffffffffffe7cb3a}

.text ... * 15

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAcceptBypass + 90 fffff807778c24ea 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAcceptBypass + 97 fffff807778c24f1 5 bytes {CALL 0xffffffffffe7c1bf}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListAndFirstNetBufferContext + 179 fffff807778c2893 6 bytes {CALL 0x81a0d}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireFlowHandleForFlow + 351 fffff807778c2a2f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireFlowHandleForFlow + 358 fffff807778c2a36 5 bytes {CALL 0xfffffffffbf7b8ca}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferAndNetBufferList + 4 fffff807778c2db4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferAndNetBufferList + 11 fffff807778c2dbb 5 bytes {CALL 0xffffffffffe7ad75}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdClassify2 + 212 fffff807778c2ec4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdClassify2 + 219 fffff807778c2ecb 5 bytes {CALL 0xfffffffffbfa3735}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!PtGetLongestMatch + 79 fffff807778c30bf 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtGetLongestMatch + 86 fffff807778c30c6 5 bytes {CALL 0xfffffffffc101e5a}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckOffloadFastLayers + 316 fffff807778c32ec 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckOffloadFastLayers + 323 fffff807778c32f3 5 bytes {CALL 0xffffffffffe7b3bd}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferListEx + 54 fffff807778c3736 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferListEx + 61 fffff807778c373d 5 bytes {CALL 0xffffffffffe78d53}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!PtEnumOverTable + 133 fffff807778c3a65 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtEnumOverTable + 140 fffff807778c3a6c 5 bytes {CALL 0xfffffffffc1014b4}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!PtGetExactMatch + 80 fffff807778c3d10 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtGetExactMatch + 87 fffff807778c3d17 5 bytes {CALL 0xfffffffffc101209}

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToBuffer + 212 fffff807778c3f74 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToBuffer + 219 fffff807778c3f7b 5 bytes {CALL 0xfffffffffbf5bb75}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAdvanceNetBufferList + 75 fffff807778c402b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAdvanceNetBufferList + 82 fffff807778c4032 5 bytes {CALL 0xffffffffffe7b7fe}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAuditEvent + 99 fffff807778c40a3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAuditEvent + 106 fffff807778c40aa 5 bytes {CALL 0xfffffffffbfa5d36}

.text ... * 23

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBufferList + 56 fffff807778c4498 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBufferList + 63 fffff807778c449f 5 bytes {CALL 0xffffffffffe7b401}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowTable + 117 fffff807778c4565 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowTable + 124 fffff807778c456c 5 bytes {CALL 0xfffffffffbf79d94}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheConnectBypass + 337 fffff807778c47a1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheConnectBypass + 344 fffff807778c47a8 5 bytes {CALL 0xfffffffffc2a5868}

.text ... * 22

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckConnectBypass + 79 fffff807778c4abf 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckConnectBypass + 86 fffff807778c4ac6 5 bytes {CALL 0xffffffffffe79bea}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoCleanup + 77 fffff807778c4e2d 6 bytes {CALL 0x7f473}

.text C:\Windows\system32\drivers\NETIO.SYS!FwppCopyStreamDataToBuffer + 292 fffff807778c4f94 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FwppCopyStreamDataToBuffer + 299 fffff807778c4f9b 5 bytes {CALL 0xfffffffffbf5ab55}

.text C:\Windows\system32\drivers\NETIO.SYS!FwppStreamDeleteDpcQueue + 55 fffff807778c4ff7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FwppStreamDeleteDpcQueue + 62 fffff807778c4ffe 5 bytes {CALL 0xfffffffffc041b82}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCloneNetBufferList + 6 fffff807778c5056 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCloneNetBufferList + 13 fffff807778c505d 5 bytes {CALL 0xffffffffffe7d223}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!KfdGetNextFilter + 368 fffff807778c5250 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdGetNextFilter + 375 fffff807778c5257 5 bytes {CALL 0xfffffffffc041929}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!WfpFreeReassemblyContext + 9 fffff807778c5b89 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpFreeReassemblyContext + 16 fffff807778c5b90 5 bytes {CALL 0xffffffffffe77fa0}

.text ... * 12

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTlObjectRequest + 114 fffff807778c5d72 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTlObjectRequest + 121 fffff807778c5d79 5 bytes {CALL 0xfffffffffc2a4327}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastActiveReferenceRequest + 27 fffff807778c5eab 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastActiveReferenceRequest + 34 fffff807778c5eb2 5 bytes {CALL 0xffffffffffe7bcbe}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdQueryEnumFilters + 77 fffff807778c5fcd 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdQueryEnumFilters + 84 fffff807778c5fd4 5 bytes {CALL 0xfffffffffbf7832c}

.text ... * 16

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferList + 33 fffff807778c64f1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferList + 40 fffff807778c64f8 5 bytes {CALL 0xffffffffffe76b98}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferListChain + 41 fffff807778c65f9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferListChain + 48 fffff807778c6600 5 bytes {CALL 0xffffffffffe77530}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBuffer + 20 fffff807778c6a84 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBuffer + 27 fffff807778c6a8b 5 bytes {CALL 0xffffffffffe83a65}

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToAlias + 320 fffff807778c6e90 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToAlias + 327 fffff807778c6e97 5 bytes {CALL 0xfffffffffc0d2e99}

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceEntry + 807 fffff807778c7217 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceEntry + 814 fffff807778c721e 5 bytes {CALL 0xfffffffffbfa2bc2}

.text ... * 8

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmActiveReferenceRequest + 249 fffff807778c7509 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmActiveReferenceRequest + 256 fffff807778c7510 5 bytes {CALL 0xfffffffffbf69800}

.text ... * 21

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdCommitTransaction + 360 fffff807778c8b18 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdCommitTransaction + 367 fffff807778c8b1f 5 bytes {CALL 0xffffffffffe78231}

.text ... * 15

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBatchUpdate + 104 fffff807778ca298 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBatchUpdate + 111 fffff807778ca29f 5 bytes {CALL 0xfffffffffc052b21}

.text ... * 10

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToGuid + 222 fffff807778cbc7e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToGuid + 229 fffff807778cbc85 5 bytes {CALL 0xfffffffffc29e38b}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!FreeMibTable + 9 fffff807778cc019 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FreeMibTable + 16 fffff807778cc020 5 bytes {CALL 0xfffffffffc29e080}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NsiSetAllParametersEx + 285 fffff807778cc47d 6 bytes {CALL 0x77e23}

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCopyBufferToMdl + 162 fffff807778cc6a2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCopyBufferToMdl + 169 fffff807778cc6a9 5 bytes {CALL 0xfffffffffbf53447}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCloneNetBufferListChain + 37 fffff807778cc855 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCloneNetBufferListChain + 44 fffff807778cc85c 1 byte [E8]

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!PtGetNextShorterMatch + 129 fffff807778cc951 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtGetNextShorterMatch + 136 fffff807778cc958 5 bytes {CALL 0xfffffffffbf659c8}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferList + 201 fffff807778ccbb9 6 bytes {CALL 0x776e7}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferList + 292 fffff807778ccc14 2 bytes [4C, 8B]

.text ... * 2

.text C:\Windows\system32\drivers\NETIO.SYS!NsiFreeTable + 31 fffff807778ccd7f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiFreeTable + 38 fffff807778ccd86 5 bytes {CALL 0xfffffffffc29d31a}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!GetUnicastIpAddressTable + 537 fffff807778cd0a9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetUnicastIpAddressTable + 544 fffff807778cd0b0 5 bytes {CALL 0xfffffffffc29cf60}

.text C:\Windows\system32\drivers\NETIO.SYS!NsiAllocateAndGetTable + 190 fffff807778cd5de 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiAllocateAndGetTable + 197 fffff807778cd5e5 5 bytes {CALL 0xfffffffffbf64d3b}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndData + 15 fffff807778cd7ff 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndData + 22 fffff807778cd806 5 bytes {CALL 0xffffffffffe6f23a}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBuffer + 4 fffff807778cd864 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBuffer + 11 fffff807778cd86b 5 bytes {CALL 0xffffffffffe71205}

.text ... * 23

.text C:\Windows\system32\drivers\NETIO.SYS!CreateSortedAddressPairs + 134 fffff807778ced76 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!CreateSortedAddressPairs + 141 fffff807778ced7d 5 bytes {CALL 0xfffffffffc29b293}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!KfdDeleteCalloutEntry + 34 fffff807778cf042 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdDeleteCalloutEntry + 41 fffff807778cf049 5 bytes {CALL 0xfffffffffc04dd77}

.text ... * 10

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdDeleteIndex + 60 fffff807778cf2ac 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdDeleteIndex + 67 fffff807778cf2b3 5 bytes {CALL 0xfffffffffc04db0d}

.text C:\Windows\system32\drivers\NETIO.SYS!CancelMibChangeNotify2 + 106 fffff807778cf39a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!CancelMibChangeNotify2 + 113 fffff807778cf3a1 5 bytes {CALL 0xfffffffffc29acff}

.text C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterChangeNotification + 409 fffff807778cf559 6 bytes {CALL 0x74d47}

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddIndex + 71 fffff807778cf607 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddIndex + 78 fffff807778cf60e 5 bytes {CALL 0xfffffffffc04d7b2}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAddCalloutEntry + 92 fffff807778cfa4c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAddCalloutEntry + 99 fffff807778cfa53 5 bytes {CALL 0xfffffffffc04d36d}

.text ... * 16

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyUnicastIpAddressChange + 89 fffff807778cffa9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyUnicastIpAddressChange + 96 fffff807778cffb0 5 bytes {CALL 0xfffffffffc29a060}

.text C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotification + 426 fffff807778d02da 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotification + 433 fffff807778d02e1 5 bytes {CALL 0xfffffffffc53bc9f}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddCache + 89 fffff807778d0cb9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddCache + 96 fffff807778d0cc0 5 bytes {CALL 0xfffffffffc2993e0}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowHandles + 13 fffff807778d136d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowHandles + 20 fffff807778d1374 5 bytes {CALL 0xfffffffffbfca7cc}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!GetIfTable2 + 103 fffff807778d1447 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetIfTable2 + 110 fffff807778d144e 5 bytes {CALL 0xfffffffffbf6c702}

.text ... * 19

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStart + 56 fffff807778d1788 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStart + 63 fffff807778d178f 5 bytes {CALL 0xfffffffffbf6c3c1}

.text ... * 18

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmInitializeState + 73 fffff807778d1c59 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmInitializeState + 80 fffff807778d1c60 5 bytes {CALL 0xfffffffffc0a0fe0}

.text ... * 17

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCloseKey + 17 fffff807778d20c1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCloseKey + 24 fffff807778d20c8 5 bytes {CALL 0xfffffffffc0e6fe8}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioOpenKey + 57 fffff807778d25f9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioOpenKey + 64 fffff807778d2600 5 bytes {CALL 0xfffffffffbf6b550}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncInterface + 131 fffff807778d26e3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncInterface + 138 fffff807778d26ea 5 bytes {CALL 0xfffffffffc539896}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncQueryAndUpdateKeyValue + 55 fffff807778d2867 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncQueryAndUpdateKeyValue + 62 fffff807778d286e 5 bytes {CALL 0xfffffffffc2977a2}

.text ... * 10

.text C:\Windows\system32\drivers\NETIO.SYS!NetioQueryValueKey + 81 fffff807778d29f1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioQueryValueKey + 88 fffff807778d29f8 5 bytes {CALL 0xfffffffffbf6b158}

.text ... * 15

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitNetworkRegistry + 52 fffff807778d2cf4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitNetworkRegistry + 59 fffff807778d2cfb 5 bytes {CALL 0xfffffffffc607875}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegisterProcessorAddCallback + 72 fffff807778d2d78 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegisterProcessorAddCallback + 79 fffff807778d2d7f 5 bytes {CALL 0xfffffffffbf6add1}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListLibrary + 56 fffff807778d2e58 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListLibrary + 63 fffff807778d2e5f 5 bytes {CALL 0xfffffffffbfd6fa1}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStartStreamShim + 178 fffff807778d3082 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpStartStreamShim + 185 fffff807778d3089 5 bytes {CALL 0xfffffffffc88a4a7}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeFlowsManager + 59 fffff807778d322b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeFlowsManager + 66 fffff807778d3232 5 bytes {CALL 0xfffffffffc07f72e}

.text ... * 21

.text C:\Windows\system32\drivers\NETIO.SYS!MdpCreatePool + 45 fffff807778d397d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!MdpCreatePool + 52 fffff807778d3984 5 bytes {CALL 0xfffffffffbfdbc9c}

.text ... * 14

.text C:\Windows\system32\drivers\NETIO.SYS!WskRegister + 50 fffff807778d3ca2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WskRegister + 57 fffff807778d3ca9 5 bytes {CALL 0xfffffffffc296367}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NmrRegisterProvider + 185 fffff807778d3fd9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NmrRegisterProvider + 192 fffff807778d3fe0 5 bytes {CALL 0xfffffffffc296030}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeToeplitzHash + 92 fffff807778d4aec 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeToeplitzHash + 99 fffff807778d4af3 5 bytes {CALL 0xfffffffffc29551d}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!RtlReinitializeToeplitzHash + 607 fffff807778d4dbf 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlReinitializeToeplitzHash + 614 fffff807778d4dc6 5 bytes {CALL 0xfffffffffbf72bea}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmGetAllNotificationChannelContextParameters + 78 fffff807778d4e3e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmGetAllNotificationChannelContextParameters + 85 fffff807778d4e45 3 bytes [E8, 06, 63]

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetModuleHandle + 121 fffff807778d50a9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetModuleHandle + 128 fffff807778d50b0 5 bytes {CALL 0xfffffffffc294f60}

.text ... * 15

.text C:\Windows\system32\drivers\NETIO.SYS!NsiSetObjectSecurity + 66 fffff807778d5352 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiSetObjectSecurity + 73 fffff807778d5359 5 bytes {CALL 0xfffffffffc5077f7}

.text ... * 20

.text C:\Windows\system32\drivers\NETIO.SYS!NmrClientAttachProvider + 102 fffff807778d5746 6 bytes {CALL 0x6eb5a}

.text C:\Windows\system32\drivers\NETIO.SYS!NmrClientAttachProvider + 301 fffff807778d580d 2 bytes [4C, 8B]

.text ... * 10

.text C:\Windows\system32\drivers\NETIO.SYS!FsbCreatePool + 51 fffff807778d5e43 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FsbCreatePool + 58 fffff807778d5e4a 5 bytes {CALL 0xfffffffffbfd97d6}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!PtInsertEntry + 303 fffff807778d65ef 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtInsertEntry + 310 fffff807778d65f6 5 bytes {CALL 0xfffffffffc293a1a}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeWorkQueue + 46 fffff807778d6a3e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeWorkQueue + 53 fffff807778d6a45 5 bytes {CALL 0xfffffffffbfc50fb}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!WfpInitializeLeastRecentlyUsedList + 303 fffff807778d6bef 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpInitializeLeastRecentlyUsedList + 310 fffff807778d6bf6 5 bytes {CALL 0xfffffffffbfc4f4a}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateOpaquePerProcessorContext + 64 fffff807778d6d60 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateOpaquePerProcessorContext + 71 fffff807778d6d67 5 bytes {CALL 0xfffffffffc2932a9}

.text ... * 2

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndInitializeStackBlock + 35 fffff807778d6e03 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndInitializeStackBlock + 42 fffff807778d6e0a 5 bytes {CALL 0xfffffffffbfd8816}

.text ... * 18

.text C:\Windows\system32\drivers\NETIO.SYS!HfCreateFactory + 29 fffff807778d703d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!HfCreateFactory + 36 fffff807778d7044 5 bytes {CALL 0xfffffffffc292fcc}

.text ... * 20

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncDefaultChangeHandler + 117 fffff807778d7d95 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncDefaultChangeHandler + 124 fffff807778d7d9c 1 byte [E8]

.text ... * 17

.text C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterRscIncompatCalloutNotify + 117 fffff807778d8535 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterRscIncompatCalloutNotify + 124 fffff807778d853c 5 bytes {CALL 0xfffffffffbf918a4}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceCompartmentId + 128 fffff807778d8650 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceCompartmentId + 135 fffff807778d8657 5 bytes {CALL 0xfffffffffc2919b9}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterUsoIncompatCalloutNotify + 98 fffff807778d8792 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterUsoIncompatCalloutNotify + 105 fffff807778d8799 5 bytes {CALL 0xfffffffffbf91647}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferListNetBufferMdlAndDataPool + 60 fffff807778d882c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferListNetBufferMdlAndDataPool + 67 fffff807778d8833 5 bytes {CALL 0xffffffffffe7fd9d}

.text C:\Windows\system32\drivers\NETIO.SYS!PtCreateTable + 40 fffff807778d8878 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtCreateTable + 47 fffff807778d887f 5 bytes {CALL 0xfffffffffc291791}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdSetBfeEngineSd + 185 fffff807778d8a39 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdSetBfeEngineSd + 192 fffff807778d8a40 5 bytes {CALL 0xfffffffffbf658c0}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndDataPool + 47 fffff807778d8d6f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndDataPool + 54 fffff807778d8d76 5 bytes {CALL 0xffffffffffe9414a}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdFreeEnumHandle + 50 fffff807778d8ea2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdFreeEnumHandle + 57 fffff807778d8ea9 5 bytes {CALL 0xfffffffffbfc2c97}

.text C:\Windows\system32\drivers\NETIO.SYS!FeGetWfpGlobalPtr + 109 fffff807778d8f3d 3 bytes [4C, 8B, 15]

.text C:\Windows\system32\drivers\NETIO.SYS!FeGetWfpGlobalPtr + 116 fffff807778d8f44 5 bytes JMP fffff80773999140

.text ... * 2

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceFragmentNetBufferList + 60 fffff807778eab1c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceFragmentNetBufferList + 67 fffff807778eab23 5 bytes {CALL 0xffffffffffebf42d}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceReassembledNetBufferList + 43 fffff807778eabfb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceReassembledNetBufferList + 50 fffff807778eac02 5 bytes {CALL 0xffffffffffebf77e}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceVacantNetBufferListEx + 47 fffff807778eacff 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceVacantNetBufferListEx + 54 fffff807778ead06 5 bytes {CALL 0xffffffffffe5238a}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCopyNetBufferList + 25 fffff807778eaf59 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCopyNetBufferList + 32 fffff807778eaf60 5 bytes {CALL 0xffffffffffe52bd0}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferListNetBufferMdlAndDataPool + 4 fffff807778eaf84 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferListNetBufferMdlAndDataPool + 11 fffff807778eaf8b 5 bytes {CALL 0xffffffffffe669d5}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferMdlAndDataPool + 4 fffff807778eafa4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferMdlAndDataPool + 11 fffff807778eafab 5 bytes {CALL 0xffffffffffebf7f5}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBuffer + 33 fffff807778eb021 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBuffer + 40 fffff807778eb028 5 bytes {CALL 0xffffffffffe54878}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeNetBufferListLibrary + 13 fffff807778eb04d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeNetBufferListLibrary + 20 fffff807778eb054 5 bytes {CALL 0xfffffffffbfbedac}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioValidateNetBufferList + 136 fffff807778eb1a8 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioValidateNetBufferList + 143 fffff807778eb1af 5 bytes {CALL 0xffffffffffebf5f1}

.text ... * 19

.text C:\Windows\system32\drivers\NETIO.SYS!NetioAssociateQoSFlowWithNbl + 58 fffff807778eb57a 6 bytes {CALL 0x58d26}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreateQoSFlow + 123 fffff807778eb61b 6 bytes {CALL 0x58c85}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioDeleteQoSFlow + 52 fffff807778eb684 6 bytes {CALL 0x58c1c}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioGetStatsForQoSFlow + 113 fffff807778eb721 6 bytes {CALL 0x58b7f}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioQueryNetBufferListTrafficClass + 75 fffff807778eb7bb 6 bytes {CALL 0x58ae5}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioQueryNetBufferListTrafficClass + 248 fffff807778eb868 2 bytes [E8, 33]

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhClampMssOnTcpPkt + 67 fffff807778eba23 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhClampMssOnTcpPkt + 74 fffff807778eba2a 5 bytes {CALL 0xffffffffffe526a6}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhGetIpUlProtocol + 66 fffff807778ebcc2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhGetIpUlProtocol + 73 fffff807778ebcc9 5 bytes {CALL 0xffffffffffe52407}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhIsIcmpErrorForIcmpMessage + 166 fffff807778ebdc6 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhIsIcmpErrorForIcmpMessage + 173 fffff807778ebdcd 5 bytes {CALL 0xffffffffffe52303}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipIpv6ExtHdr + 66 fffff807778ebe52 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipIpv6ExtHdr + 73 fffff807778ebe59 5 bytes {CALL 0xffffffffffe52277}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipToTransHdr + 71 fffff807778ebef7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipToTransHdr + 78 fffff807778ebefe 5 bytes {CALL 0xffffffffffe521d2}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!FsbDestroyPool + 23 fffff807778ec0e7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FsbDestroyPool + 30 fffff807778ec0ee 5 bytes {CALL 0xfffffffffbfc3532}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!HfDestroyFactory + 30 fffff807778ec1ce 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!HfDestroyFactory + 37 fffff807778ec1d5 5 bytes {CALL 0xfffffffffc27decb}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!HfSuspendHandle32 + 162 fffff807778ec332 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!HfSuspendHandle32 + 169 fffff807778ec339 5 bytes {CALL 0xfffffffffc27dcd7}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!MdpAllocate + 23 fffff807778ecb67 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!MdpAllocate + 30 fffff807778ecb6e 5 bytes {CALL 0xfffffffffbf79a92}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!MdpAllocateAtDpcLevel + 125 fffff807778ecc2d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!MdpAllocateAtDpcLevel + 132 fffff807778ecc34 5 bytes {CALL 0xfffffffffc0d7aec}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!MdpDestroyPool + 23 fffff807778ecd17 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!MdpDestroyPool + 30 fffff807778ecd1e 5 bytes {CALL 0xfffffffffbfc2902}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeOpaquePerProcessorContext + 31 fffff807778ecd9f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeOpaquePerProcessorContext + 38 fffff807778ecda6 5 bytes {CALL 0xfffffffffbfc287a}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioUnRegisterProcessorAddCallback + 18 fffff807778ece22 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioUnRegisterProcessorAddCallback + 25 fffff807778ece29 5 bytes {CALL 0xfffffffffc08f657}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!RtlAllocateDummyMdlChain + 66 fffff807778ecf22 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlAllocateDummyMdlChain + 73 fffff807778ecf29 5 bytes {CALL 0xfffffffffbf44207}

.text ... * 27

.text C:\Windows\system32\drivers\NETIO.SYS!RtlFreeDummyMdlChain + 29 fffff807778ed4ed 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlFreeDummyMdlChain + 36 fffff807778ed4f4 5 bytes {CALL 0xfffffffffbf5d22c}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCleanupToeplitzHash + 14 fffff807778ed53e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlCleanupToeplitzHash + 21 fffff807778ed545 5 bytes {CALL 0xfffffffffc27cb5b}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!CloseCompartment + 4 fffff807778ed704 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!CloseCompartment + 11 fffff807778ed70b 5 bytes {CALL 0xfffffffffc0cb9a5}

.text C:\Windows\system32\drivers\NETIO.SYS!InitializeCompartmentEntry + 174 fffff807778eda7e 6 bytes {CALL 0x56822}

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyCompartmentChange + 53 fffff807778edaf5 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyCompartmentChange + 60 fffff807778edafc 5 bytes {CALL 0xfffffffffc27c514}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!OpenCompartment + 92 fffff807778edc0c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!OpenCompartment + 99 fffff807778edc13 5 bytes {CALL 0xfffffffffbf4ff3d}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceAliasToLuid + 262 fffff807778ee036 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceAliasToLuid + 269 fffff807778ee03d 5 bytes {CALL 0xfffffffffc0acad3}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToNameA + 95 fffff807778ee13f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToNameA + 102 fffff807778ee146 5 bytes {CALL 0xfffffffffbf4fa0a}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidA + 147 fffff807778ee333 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidA + 154 fffff807778ee33a 5 bytes {CALL 0xfffffffffbfb5636}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidW + 147 fffff807778ee423 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidW + 154 fffff807778ee42a 5 bytes {CALL 0xfffffffffc0ae506}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!InternalFindInterfaceByAddress + 196 fffff807778eecc4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!InternalFindInterfaceByAddress + 203 fffff807778eeccb 5 bytes {CALL 0xfffffffffc27b3d5}

.text C:\Windows\system32\drivers\NETIO.SYS!InternalSetUnicastIpAddressEntry + 907 fffff807778ef3fb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!InternalSetUnicastIpAddressEntry + 914 fffff807778ef402 5 bytes {CALL 0xfffffffffc27ac0e}

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetForwardIpTable2 + 489 fffff807778efd19 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetForwardIpTable2 + 496 fffff807778efd20 5 bytes {CALL 0xfffffffffc27a2f0}

.text C:\Windows\system32\drivers\NETIO.SYS!InternalSetIpForwardEntry2 + 858 fffff807778f047a 6 bytes {CALL 0x53e26}

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyRouteChange2 + 54 fffff807778f04e6 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyRouteChange2 + 61 fffff807778f04ed 5 bytes {CALL 0xfffffffffc279b23}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpNetTable2 + 413 fffff807778f0e3d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpNetTable2 + 420 fffff807778f0e44 5 bytes {CALL 0xfffffffffc2791cc}

.text C:\Windows\system32\drivers\NETIO.SYS!GetIpPathTable + 420 fffff807778f19f4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetIpPathTable + 427 fffff807778f19fb 5 bytes {CALL 0xfffffffffc278615}

.text C:\Windows\system32\drivers\NETIO.SYS!FreeDnsSettings + 29 fffff807778f1b4d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FreeDnsSettings + 36 fffff807778f1b54 5 bytes {CALL 0xfffffffffc27854c}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!FreeInterfaceDnsSettings + 33 fffff807778f1bd1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FreeInterfaceDnsSettings + 40 fffff807778f1bd8 5 bytes {CALL 0xfffffffffc2784c8}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!GetDnsSettings + 93 fffff807778f1cad 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetDnsSettings + 100 fffff807778f1cb4 5 bytes {CALL 0xfffffffffeda035c}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceDnsSettings + 127 fffff807778f1dff 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceDnsSettings + 134 fffff807778f1e06 5 bytes {CALL 0xfffffffffeda020a}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!SetDnsSettings + 126 fffff807778f1fae 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!SetDnsSettings + 133 fffff807778f1fb5 5 bytes {CALL 0xfffffffffeda005b}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!SetInterfaceDnsSettings + 249 fffff807778f2149 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!SetInterfaceDnsSettings + 256 fffff807778f2150 5 bytes {CALL 0xfffffffffed9fec0}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!GetIfStackTable + 178 fffff807778f25f2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!GetIfStackTable + 185 fffff807778f25f9 5 bytes {CALL 0xfffffffffc277a17}

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceTable + 420 fffff807778f2c34 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceTable + 427 fffff807778f2c3b 5 bytes {CALL 0xfffffffffc2773d5}

.text C:\Windows\system32\drivers\NETIO.SYS!InternalSetIpInterfaceEntry + 904 fffff807778f3128 6 bytes {CALL 0x51178}

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyIpInterfaceChange + 54 fffff807778f3196 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyIpInterfaceChange + 61 fffff807778f319d 5 bytes {CALL 0xfffffffffc276e73}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!InternalSetTeredoPort + 113 fffff807778f3381 6 bytes {CALL 0x50f1f}

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyTeredoPortChange + 71 fffff807778f33e7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NotifyTeredoPortChange + 78 fffff807778f33ee 5 bytes {CALL 0xfffffffffc276c22}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeStackBlock + 40 fffff807778f34a8 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFreeStackBlock + 47 fffff807778f34af 5 bytes {CALL 0xfffffffffc62dbb1}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioStackBlockProcessorAddHandler + 62 fffff807778f352e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioStackBlockProcessorAddHandler + 69 fffff807778f3535 5 bytes {CALL 0xfffffffffc62db2b}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreateKey + 74 fffff807778f365a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreateKey + 81 fffff807778f3661 5 bytes {CALL 0xfffffffffbf4a4ef}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioWriteKey + 39 fffff807778f3707 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioWriteKey + 46 fffff807778f370e 5 bytes {CALL 0xfffffffffbf4a442}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioShutdownWorkQueue + 34 fffff807778f3782 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioShutdownWorkQueue + 41 fffff807778f3789 5 bytes {CALL 0xfffffffffbf4ab77}

.text ... * 27

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmCleanupState + 17 fffff807778f3aa1 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmCleanupState + 24 fffff807778f3aa8 5 bytes {CALL 0xfffffffffc07c368}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastCheckIsMobileCore + 116 fffff807778f3be4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastCheckIsMobileCore + 123 fffff807778f3beb 5 bytes {CALL 0xfffffffffc276425}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmHandlePatternEviction + 96 fffff807778f3d80 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmHandlePatternEviction + 103 fffff807778f3d87 5 bytes {CALL 0xfffffffffbf4a579}

.text ... * 26

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmIsOwningProcessRtcApp + 40 fffff807778f4028 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmIsOwningProcessRtcApp + 47 fffff807778f402f 5 bytes {CALL 0xfffffffffbf7a101}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmNotifyRedirectOnInterface + 18 fffff807778f40d2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmNotifyRedirectOnInterface + 25 fffff807778f40d9 5 bytes {CALL 0xfffffffffff59817}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmPatternCoalescingRequired + 59 fffff807778f416b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmPatternCoalescingRequired + 66 fffff807778f4172 5 bytes {CALL 0xfffffffffbfdc47e}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortHint + 64 fffff807778f41d0 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortHint + 71 fffff807778f41d7 5 bytes {CALL 0xfffffffffbfdc419}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortRange + 76 fffff807778f423c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortRange + 83 fffff807778f4243 5 bytes {CALL 0xfffffffffbfdc3ad}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmSignalNcContextWorkQueueRoutine + 66 fffff807778f42a2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmSignalNcContextWorkQueueRoutine + 73 fffff807778f42a9 5 bytes {CALL 0xfffffffffbfb5b57}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreBaseSupportedSlots + 135 fffff807778f43c7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreBaseSupportedSlots + 142 fffff807778f43ce 5 bytes {CALL 0xfffffffffc4cfd82}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreRtcPortHint + 41 fffff807778f46c9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreRtcPortHint + 48 fffff807778f46d0 5 bytes {CALL 0xfffffffffbf49c30}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTrackIsLegitimateWake + 88 fffff807778f4778 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTrackIsLegitimateWake + 95 fffff807778f477f 5 bytes {CALL 0xfffffffffbfe5ba1}

.text ... * 8

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPdcDeactivateNetwork + 410 fffff807778f4cea 6 bytes {CALL 0x4f5b6}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioPdcDeactivateNetwork + 476 fffff807778f4d2c 6 bytes {CALL 0x4f574}

.text ... * 6

.text C:\Windows\system32\drivers\NETIO.SYS!PtDeleteEntry + 237 fffff807778f51bd 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtDeleteEntry + 244 fffff807778f51c4 5 bytes {CALL 0xfffffffffc274edc}

.text C:\Windows\system32\drivers\NETIO.SYS!PtDestroyTable + 27 fffff807778f520b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!PtDestroyTable + 34 fffff807778f5212 5 bytes {CALL 0xfffffffffc274e8e}

.text C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeTimerWheelEnumeration + 172 fffff807778f56fc 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeTimerWheelEnumeration + 179 fffff807778f5703 5 bytes {CALL 0xfffffffffbf4844d}

.text ... * 16

.text C:\Windows\system32\drivers\NETIO.SYS!NmrProviderDetachClientComplete + 111 fffff807778f5baf 6 bytes {CALL 0x4e6f1}

.text C:\Windows\system32\drivers\NETIO.SYS!NmrProviderDetachClientComplete + 130 fffff807778f5bc2 6 bytes {CALL 0x4e6de}

.text ... * 14

.text C:\Windows\system32\drivers\NETIO.SYS!NmrWaitForProviderDeregisterComplete + 117 fffff807778f5eb5 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NmrWaitForProviderDeregisterComplete + 124 fffff807778f5ebc 5 bytes {CALL 0xfffffffffbf48444}

.text ... * 21

.text C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterLegacyHandler + 27 fffff807778f75cb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterLegacyHandler + 34 fffff807778f75d2 5 bytes {CALL 0xfffffffffbf3973e}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NsiSetAllPersistentParametersWithMask + 136 fffff807778f7878 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiSetAllPersistentParametersWithMask + 143 fffff807778f787f 5 bytes {CALL 0xfffffffffbfb2581}

.text ... * 23

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetObjectSecurity + 289 fffff807778f7f81 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiGetObjectSecurity + 296 fffff807778f7f88 5 bytes {CALL 0xfffffffffc4fb108}

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!NsiReferenceDefaultObjectSecurity + 22 fffff807778f8056 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NsiReferenceDefaultObjectSecurity + 29 fffff807778f805d 5 bytes {CALL 0xfffffffffc4d5563}

.text ... * 26

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAbortTransaction + 51 fffff807778f93b3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAbortTransaction + 58 fffff807778f93ba 5 bytes {CALL 0xfffffffffc023a06}

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBeginEnumFilters + 75 fffff807778f94bb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBeginEnumFilters + 82 fffff807778f94c2 5 bytes {CALL 0xfffffffffc0238fe}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdMoveFilter + 58 fffff807778f967a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdMoveFilter + 65 fffff807778f9681 5 bytes {CALL 0xfffffffffc02373f}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdResetState + 52 fffff807778f9844 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdResetState + 59 fffff807778f984b 5 bytes {CALL 0xfffffffffc023575}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!WfpDecodedBufferFreeHelper + 11 fffff807778f9bcb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpDecodedBufferFreeHelper + 18 fffff807778f9bd2 5 bytes {CALL 0xfffffffffc2704ce}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleUpdateEndpointContextStatus + 158 fffff807778f9e8e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdAleUpdateEndpointContextStatus + 165 fffff807778f9e95 2 bytes [E8, 66]

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!KfdNotifyFlowDeletion + 53 fffff807778fa005 5 bytes {CALL 0x4a0bb}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdNotifyFlowDeletion + 145 fffff807778fa061 5 bytes {CALL 0x4a05f}

.text ... * 16

.text C:\Windows\system32\drivers\NETIO.SYS!KfdBfeEngineAccessCheck + 68 fffff807778faee4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdBfeEngineAccessCheck + 75 fffff807778faeeb 5 bytes {CALL 0xfffffffffbf72315}

.text C:\Windows\system32\drivers\NETIO.SYS!WfpDeleteEntryLru + 97 fffff807778faf91 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpDeleteEntryLru + 104 fffff807778faf98 5 bytes {CALL 0xfffffffffbf6ee48}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!WfpExpireEntryLru + 32 fffff807778fb000 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpExpireEntryLru + 39 fffff807778fb007 5 bytes {CALL 0xfffffffffbf0c0e9}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!WfpInsertEntryLru + 178 fffff807778fb132 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpInsertEntryLru + 185 fffff807778fb139 5 bytes {CALL 0xfffffffffbf6eca7}

.text ... * 14

.text C:\Windows\system32\drivers\NETIO.SYS!WfpLruProcessExpiredEndpoint + 63 fffff807778fb3cf 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpLruProcessExpiredEndpoint + 70 fffff807778fb3d6 5 bytes {CALL 0xfffffffffbf0bd1a}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!WfpLruQueueLruCleanupWorkItemForContext + 142 fffff807778fb53e 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpLruQueueLruCleanupWorkItemForContext + 149 fffff807778fb545 5 bytes {CALL 0xfffffffffbf0bbab}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!WfpRefreshEntryLru + 131 fffff807778fb6a3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpRefreshEntryLru + 138 fffff807778fb6aa 5 bytes {CALL 0xfffffffffbf6e736}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!WfpScavangeLeastRecentlyUsedList + 63 fffff807778fb7ff 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpScavangeLeastRecentlyUsedList + 70 fffff807778fb806 5 bytes {CALL 0xfffffffffbf0b8ea}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!WfpUninitializeLeastRecentlyUsedList + 69 fffff807778fb9a5 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpUninitializeLeastRecentlyUsedList + 76 fffff807778fb9ac 5 bytes {CALL 0xfffffffffbf3ea14}

.text ... * 19

.text C:\Windows\system32\drivers\NETIO.SYS!FeAcquireClassifyHandle + 210 fffff807778fc2b2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FeAcquireClassifyHandle + 217 fffff807778fc2b9 5 bytes {CALL 0xfffffffffbf9f887}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!FeAcquireWritableLayerDataPointer + 305 fffff807778fc511 6 bytes {CALL 0x47d8f}

.text C:\Windows\system32\drivers\NETIO.SYS!FeAcquireWritableLayerDataPointer + 359 fffff807778fc547 2 bytes [4C, 8B]

.text ... * 6

.text C:\Windows\system32\drivers\NETIO.SYS!FeCompleteClassify + 407 fffff807778fc9b7 6 bytes {CALL 0x478e9}

.text C:\Windows\system32\drivers\NETIO.SYS!FeCopyIncomingValues + 431 fffff807778fcb8f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FeCopyIncomingValues + 438 fffff807778fcb96 5 bytes {CALL 0xfffffffffbf06d8a}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!FePendClassify + 522 fffff807778fcf5a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FePendClassify + 529 fffff807778fcf61 5 bytes {CALL 0xfffffffffbf6ce7f}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!FeReleaseClassifyHandle + 360 fffff807778fd178 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FeReleaseClassifyHandle + 367 fffff807778fd17f 5 bytes {CALL 0xfffffffffbf067a1}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!KfdIsTfoIncompatibleFilterPresent + 115 fffff807778fd4b3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdIsTfoIncompatibleFilterPresent + 122 fffff807778fd4ba 5 bytes {CALL 0xfffffffffbf6c926}

.text ... * 18

.text C:\Windows\system32\drivers\NETIO.SYS!KfdToggleFilterActivation + 225 fffff807778fe021 6 bytes {CALL 0x4627f}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdToggleFilterActivation + 328 fffff807778fe088 6 bytes {CALL 0x46218}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!KfdPreClassify + 304 fffff807778fe820 6 bytes {CALL 0x45a80}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterLayerChangeCallback2 + 136 fffff807778ffb48 6 bytes {CALL 0x44758}

.text C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterLayerChangeCallback2 + 189 fffff807778ffb7d 2 bytes [4C, 8B]

.text ... * 6

.text C:\Windows\system32\drivers\NETIO.SYS!KfdFindFilterById + 201 fffff807778ffcc9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!KfdFindFilterById + 208 fffff807778ffcd0 5 bytes {CALL 0xffffffffffe3e320}

.text ... * 9

.text C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlowFast + 191 fffff80777901c8f 6 bytes {CALL 0x42611}

.text C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlowFast + 223 fffff80777901caf 2 bytes [4C, 8B]

.text ... * 11

.text C:\Windows\system32\drivers\NETIO.SYS!FwppStreamInject + 197 fffff80777903e35 6 bytes {CALL 0x4046b}

.text C:\Windows\system32\drivers\NETIO.SYS!FwppStreamInject + 370 fffff80777903ee2 6 bytes {CALL 0x403be}

.text C:\Windows\system32\drivers\NETIO.SYS!FwppTruncateStreamDataAfterOffset + 90 fffff80777903f7a 6 bytes {CALL 0x40326}

.text C:\Windows\system32\drivers\NETIO.SYS!FwppTruncateStreamDataAfterOffset + 235 fffff8077790400b 6 bytes {CALL 0x40295}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!AgileVPNFindCompartmentIdFromTunnelId + 20 fffff8077790aff4 6 bytes {CALL 0x392ac}

.text C:\Windows\system32\drivers\NETIO.SYS!AgileVPNFindTunnelInfoFromInterfaceIndex + 33 fffff8077790b051 6 bytes {CALL 0x3924f}

.text C:\Windows\system32\drivers\NETIO.SYS!IPsecGwGetTunnelInfoFromIPInformation + 44 fffff8077790b0ac 6 bytes {CALL 0x391f4}

.text C:\Windows\system32\drivers\NETIO.SYS!IPsecGwIsUdpEspPacket + 11 fffff8077790b0cb 6 bytes {CALL 0x391d5}

.text C:\Windows\system32\drivers\NETIO.SYS!IPsecGwProcessSecureNbl + 115 fffff8077790b153 6 bytes {CALL 0x3914d}

.text C:\Windows\system32\drivers\NETIO.SYS!IPsecGwSetCallbackDispatch + 16 fffff8077790b180 6 bytes {CALL 0x39120}

.text C:\Windows\system32\drivers\NETIO.SYS!IPsecGwTransformClearTextPacket + 138 fffff8077790b22a 6 bytes {CALL 0x39076}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreateForwardFlow + 141 fffff8077790b2cd 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreateForwardFlow + 148 fffff8077790b2d4 5 bytes {CALL 0xfffffffffbf3302c}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreatevSwitchForwardFlow + 180 fffff8077790b4d4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioCreatevSwitchForwardFlow + 187 fffff8077790b4db 5 bytes {CALL 0xfffffffffbf32e25}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFlowAssociateContext + 47 fffff8077790b6af 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFlowAssociateContext + 54 fffff8077790b6b6 5 bytes {CALL 0xfffffffffbf9e74a}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRemoveContext + 36 fffff8077790b744 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRemoveContext + 43 fffff8077790b74b 5 bytes {CALL 0xfffffffffbf9e6b5}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRetrieveContext + 51 fffff8077790b7f3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRetrieveContext + 58 fffff8077790b7fa 5 bytes {CALL 0xfffffffffbf9e606}

.text ... * 36

.text C:\Windows\system32\drivers\NETIO.SYS!NetioLookupForwardFlow + 137 fffff8077790bcf9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioLookupForwardFlow + 144 fffff8077790bd00 5 bytes {CALL 0xfffffffffbfc48f0}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioLookupvSwitchForwardFlow + 228 fffff8077790be24 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioLookupvSwitchForwardFlow + 235 fffff8077790be2b 5 bytes {CALL 0xfffffffffbfc47c5}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRefreshFlow + 52 fffff8077790bea4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioRefreshFlow + 59 fffff8077790beab 5 bytes {CALL 0xfffffffffbf9df55}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!NetioReleaseFlow + 120 fffff8077790bfc8 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioReleaseFlow + 127 fffff8077790bfcf 5 bytes {CALL 0xfffffffffbffabb1}

.text ... * 4

.text C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeFlowsManager + 52 fffff8077790c054 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeFlowsManager + 59 fffff8077790c05b 5 bytes {CALL 0xfffffffffc063db5}

.text ... * 18

.text C:\Windows\system32\drivers\NETIO.SYS!WskDeregister + 46 fffff8077790cbae 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WskDeregister + 53 fffff8077790cbb5 5 bytes {CALL 0xfffffffffbf2415b}

.text ... * 7

.text C:\Windows\system32\drivers\NETIO.SYS!WskReleaseProviderNPI + 79 fffff8077790cd4f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WskReleaseProviderNPI + 86 fffff8077790cd56 5 bytes {CALL 0xfffffffffbf3ac5a}

.text ... * 13

.text C:\Windows\system32\drivers\NETIO.SYS!WfpCreateReassemblyContext + 34 fffff8077790cef2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpCreateReassemblyContext + 41 fffff8077790cef9 5 bytes {CALL 0xffffffffffe30197}

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoClone + 179 fffff8077790cff3 6 bytes {CALL 0x372ad}

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoClone + 222 fffff8077790d01e 6 bytes {CALL 0x37282}

.text ... * 2

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoGetFlags + 43 fffff8077790d0eb 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoGetFlags + 50 fffff8077790d0f2 5 bytes {CALL 0xffffffffffe4486e}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderIsNetEventTypeEnabled0 + 58 fffff8077790d20a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderIsNetEventTypeEnabled0 + 65 fffff8077790d211 5 bytes {CALL 0xfffffffffbf332ef}

.text C:\Windows\system32\drivers\NETIO.SYS!FwppLogVpnEvent + 169 fffff8077790d2e9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!FwppLogVpnEvent + 176 fffff8077790d2f0 5 bytes {CALL 0xfffffffffc62e6b0}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDereferenceRecord + 91 fffff8077790e34b 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDereferenceRecord + 98 fffff8077790e352 5 bytes {CALL 0xfffffffffbfcbf1e}

.text ... * 5

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordByHandle + 48 fffff8077790e4c0 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordByHandle + 55 fffff8077790e4c7 5 bytes {CALL 0xfffffffffc4e4bc9}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordById + 167 fffff8077790e667 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordById + 174 fffff8077790e66e 5 bytes {CALL 0xfffffffffbf2fd22}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindOrCreateRecord + 281 fffff8077790e7e9 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindOrCreateRecord + 288 fffff8077790e7f0 5 bytes {CALL 0xfffffffffbf391c0}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtIsProxyInRecord + 63 fffff8077790ea3f 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtIsProxyInRecord + 70 fffff8077790ea46 5 bytes {CALL 0xfffffffffc08e01a}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtJoinRecords + 163 fffff8077790eb23 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtJoinRecords + 170 fffff8077790eb2a 5 bytes {CALL 0xfffffffffbf2f866}

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtWppLogRecord + 803 fffff8077790ef03 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtWppLogRecord + 810 fffff8077790ef0a 5 bytes {CALL 0xffffffffff1e6606}

.text ... * 3

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDispatch + 184 fffff807779106b8 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDispatch + 191 fffff807779106bf 5 bytes {CALL 0xfffffffffbf5f331}

.text ... * 19

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStop + 16 fffff80777910f00 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStop + 23 fffff80777910f07 5 bytes {CALL 0xfffffffffbfc5ab9}

PAGE C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderCreate0 + 350 fffff8077793180e 2 bytes [4C, 8B]

PAGE C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderCreate0 + 357 fffff80777931815 5 bytes {CALL 0xfffffffffc08789b}

PAGE ... * 9

PAGE C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStartRoutines + 53 fffff80777931d45 6 bytes {CALL 0x1255b}

PAGE C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStartRoutines + 196 fffff80777931dd4 6 bytes {CALL 0x124cc}

PAGE ... * 24

PAGE C:\Windows\system32\drivers\NETIO.SYS!KfdSetWfpPerProcContextPtr + 35 fffff80777932913 2 bytes [4C, 8B]

PAGE C:\Windows\system32\drivers\NETIO.SYS!KfdSetWfpPerProcContextPtr + 42 fffff8077793291a 5 bytes {CALL 0xffffffffffea9116}

PAGE ... * 19

PAGE C:\Windows\system32\drivers\NETIO.SYS!DllUnload + 46 fffff8077793342e 6 bytes {CALL 0x10e72}

PAGE C:\Windows\system32\drivers\NETIO.SYS!DllUnload + 145 fffff80777933491 2 bytes [4C, 8B]

PAGE ... * 5

PAGE C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStopRoutines + 46 fffff8077793376e 6 bytes {CALL 0x10b32}

PAGE C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStopRoutines + 127 fffff807779337bf 2 bytes [4C, 8B]

PAGE ... * 30

PAGE C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderDestroy0 + 269 fffff80777933d6d 2 bytes [4C, 8B]

PAGE C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderDestroy0 + 276 fffff80777933d74 5 bytes {CALL 0xfffffffffc23629c}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCopyStreamDataToBuffer0 + 43 fffff80777cb103b 6 bytes {CALL 0x79265}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCopyStreamDataToBuffer0 + 143 fffff80777cb109f 2 bytes [4C, 8B]

.text ... * 10

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAssociateContext0 + 4 fffff80777cb11c4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAssociateContext0 + 11 fffff80777cb11cb 5 bytes {CALL 0xffffffffffc0cb25}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowRemoveContext0 + 8 fffff80777cb11e8 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowRemoveContext0 + 15 fffff80777cb11ef 5 bytes {CALL 0xffffffffffc03581}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleDestroy0 + 106 fffff80777cb127a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleDestroy0 + 113 fffff80777cb1281 5 bytes {CALL 0xfffffffffbbb8b5f}

.text ... * 11

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListEventNotify + 66 fffff80777cb14d2 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListEventNotify + 73 fffff80777cb14d9 5 bytes {CALL 0xffffffffffc103e7}

.text ... * 10

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListAssociateContext + 65 fffff80777cb1771 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListAssociateContext + 72 fffff80777cb1778 5 bytes {CALL 0xffffffffffc10148}

.text ... * 9

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsNetBufferListRetrieveContext0 + 66 fffff80777cb18f2 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsNetBufferListRetrieveContext0 + 73 fffff80777cb18f9 5 bytes {CALL 0xffffffffffc0ffc7}

.text ... * 5

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiGetValueFromClassifyContext + 51 fffff80777cb19e3 6 bytes {CALL 0x788bd}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsIPSecGetPacketListSecurityInformation + 23 fffff80777cb1b07 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsIPSecGetPacketListSecurityInformation + 30 fffff80777cb1b0e 5 bytes {CALL 0xffffffffffc0fdb2}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowAssociateContextFast + 4 fffff80777cb1ba4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowAssociateContextFast + 11 fffff80777cb1bab 5 bytes {CALL 0xffffffffffc03b45}

.text ... * 15

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsForceReclassifyLayer0 + 53 fffff80777cb1e75 6 bytes {CALL 0x7842b}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiCalloutRegisterWithoutDeviceFast0 + 62 fffff80777cb1f0e 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiCalloutRegisterWithoutDeviceFast0 + 69 fffff80777cb1f15 5 bytes {CALL 0xfffffffffbc2a9fb}

.text ... * 7

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateGet0 + 99 fffff80777cb2803 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateGet0 + 106 fffff80777cb280a 5 bytes {CALL 0xfffffffffbc63b66}

.text ... * 13

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleCreate0 + 308 fffff80777cb2c34 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleCreate0 + 315 fffff80777cb2c3b 5 bytes {CALL 0xfffffffffbbb71a5}

.text ... * 7

.text C:\Windows\System32\drivers\fwpkclnt.sys!DllInitialize + 225 fffff80777cb2e91 6 bytes {CALL 0x7740f}

.text C:\Windows\System32\drivers\fwpkclnt.sys!DllInitialize + 409 fffff80777cb2f49 2 bytes [4C, 8B]

.text ... * 18

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableAndGlobalsSet0 + 197 fffff80777cb31b5 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableAndGlobalsSet0 + 204 fffff80777cb31bc 5 bytes {CALL 0xfffffffffbcbd604}

.text ... * 5

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableAndGlobalsSet0 + 99 fffff80777cb3303 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableAndGlobalsSet0 + 106 fffff80777cb330a 5 bytes {CALL 0xfffffffffbcbd4b6}

.text ... * 7

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointWasRedirectedToProxy + 18 fffff80777cb3532 6 bytes {CALL 0x76d6e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReserveFlowLocation + 4 fffff80777cb3574 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReserveFlowLocation + 11 fffff80777cb357b 5 bytes {CALL 0xffffffffffc25645}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsRedirectHandleDestroy0 + 390 fffff80777cb3786 3 bytes [4C, 8B, 15]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsRedirectHandleDestroy0 + 397 fffff80777cb378d 5 bytes JMP fffff8077399c110

.text ... * 2

.text C:\Windows\System32\drivers\fwpkclnt.sys!DllUnload + 209 fffff80777cb4dd1 6 bytes {CALL 0x754cf}

.text C:\Windows\System32\drivers\fwpkclnt.sys!DllUnload + 603 fffff80777cb4f5b 2 bytes [4C, 8B]

.text ... * 7

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetById0 + 107 fffff80777cb526b 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetById0 + 114 fffff80777cb5272 5 bytes {CALL 0xfffffffffe9dcd9e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetSecurityInfo0 + 147 fffff80777cb5343 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetSecurityInfo0 + 154 fffff80777cb534a 5 bytes {CALL 0xfffffffffe9dccc6}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionSetSecurityInfo0 + 236 fffff80777cb54cc 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionSetSecurityInfo0 + 243 fffff80777cb54d3 5 bytes {CALL 0xfffffffffe9dcb3d}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFreeMemory0 + 144 fffff80777cb55b0 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFreeMemory0 + 151 fffff80777cb55b7 5 bytes {CALL 0xfffffffffe9dca59}

.text ... * 11

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppVpnTriggerEventFire0 + 77 fffff80777cb58cd 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppVpnTriggerEventFire0 + 84 fffff80777cb58d4 5 bytes {CALL 0xfffffffffe9dc73c}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverExpire + 98 fffff80777cb5972 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverExpire + 105 fffff80777cb5979 5 bytes {CALL 0xfffffffffe9dc697}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverInitiateAcquire + 205 fffff80777cb5a7d 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverInitiateAcquire + 212 fffff80777cb5a84 5 bytes {CALL 0xfffffffffe9dc58c}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverProcessClearTextResponse + 88 fffff80777cb5b18 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverProcessClearTextResponse + 95 fffff80777cb5b1f 5 bytes {CALL 0xfffffffffe9dc4f1}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverSaOffloaded + 93 fffff80777cb5bad 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverSaOffloaded + 100 fffff80777cb5bb4 5 bytes {CALL 0xfffffffffe9dc45c}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextGetStatistics1 + 73 fffff80777cb5e29 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextGetStatistics1 + 80 fffff80777cb5e30 5 bytes {CALL 0xfffffffffe9dc1e0}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaCreateEnumHandle0 + 87 fffff80777cb5ec7 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaCreateEnumHandle0 + 94 fffff80777cb5ece 5 bytes {CALL 0xfffffffffe9dc142}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbGetSecurityInfo0 + 131 fffff80777cb5f93 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbGetSecurityInfo0 + 138 fffff80777cb5f9a 5 bytes {CALL 0xfffffffffe9dc076}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbSetSecurityInfo0 + 206 fffff80777cb60fe 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbSetSecurityInfo0 + 213 fffff80777cb6105 5 bytes {CALL 0xfffffffffe9dbf0b}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDeleteById0 + 74 fffff80777cb619a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDeleteById0 + 81 fffff80777cb61a1 5 bytes {CALL 0xfffffffffe9dbe6f}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDestroyEnumHandle0 + 83 fffff80777cb6233 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDestroyEnumHandle0 + 90 fffff80777cb623a 5 bytes {CALL 0xfffffffffe9dbdd6}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaEnum2 + 125 fffff80777cb656d 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaEnum2 + 132 fffff80777cb6574 5 bytes {CALL 0xfffffffffe9dba9c}

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaGetById2 + 116 fffff80777cb67c4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaGetById2 + 123 fffff80777cb67cb 5 bytes {CALL 0xfffffffffe9db845}

.text ... * 24

.text C:\Windows\System32\drivers\fwpkclnt.sys!DPChannelCreate0 + 11 fffff80777cc1e3b 6 bytes {CALL 0x68465}

.text C:\Windows\System32\drivers\fwpkclnt.sys!DPChannelDestroy0 + 11 fffff80777cc1e5b 6 bytes {CALL 0x68445}

.text C:\Windows\System32\drivers\fwpkclnt.sys!DPGetProcessIdFromProfileName0 + 11 fffff80777cc1e7b 6 bytes {CALL 0x68425}

.text C:\Windows\System32\drivers\fwpkclnt.sys!DPReceiveNetBufferListComplete0 + 11 fffff80777cc1e9b 6 bytes {CALL 0x68405}

.text C:\Windows\System32\drivers\fwpkclnt.sys!DPSendNetBufferList0 + 11 fffff80777cc1ebb 6 bytes {CALL 0x683e5}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowRemoveContextFast + 8 fffff80777cc1ed8 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowRemoveContextFast + 15 fffff80777cc1edf 5 bytes {CALL 0xffffffffffc3fcf1}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiGetConnectionLuid0 + 142 fffff80777cc1f9e 6 bytes {CALL 0x68302}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiGetConnectionLuid0 + 209 fffff80777cc1fe1 6 bytes {CALL 0x682bf}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiIsConnectionEdgeTraversed0 + 48 fffff80777cc2040 6 bytes {CALL 0x68260}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReleaseFlowLocation + 4 fffff80777cc2064 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReleaseFlowLocation + 11 fffff80777cc206b 5 bytes {CALL 0xffffffffffc3faf5}

.text ... * 17

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppProcessorAddHandler + 16 fffff80777cc2240 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppProcessorAddHandler + 23 fffff80777cc2247 5 bytes {CALL 0xffffffffffc312a9}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCancelEndpointDeleteNotification0 + 47 fffff80777cc22ef 6 bytes {CALL 0x67fb1}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsClassifyOptionSet0 + 296 fffff80777cc2448 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsClassifyOptionSet0 + 303 fffff80777cc244f 5 bytes {CALL 0xfffffffffbba7991}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCompleteOperation0 + 30 fffff80777cc24fe 6 bytes {CALL 0x67da2}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAbort0 + 43 fffff80777cc253b 2 bytes {JMP 0x41}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAbort0 + 50 fffff80777cc2542 5 bytes {CALL 0xffffffffffc3f4de}

.text ... * 2

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableClear0 + 45 fffff80777cc266d 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableClear0 + 52 fffff80777cc2674 5 bytes {CALL 0xfffffffffbb7bc8c}

.text ... * 5

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsPendOperation0 + 62 fffff80777cc271e 6 bytes {CALL 0x67b82}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointClassifiableFieldGet + 28 fffff80777cc276c 6 bytes {CALL 0x67b34}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointDereferenceEndpoint + 18 fffff80777cc2792 6 bytes {CALL 0x67b0e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointMetadataValueGet + 18 fffff80777cc27c2 6 bytes {CALL 0x67ade}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointReferenceEndpoint + 18 fffff80777cc27f2 6 bytes {CALL 0x67aae}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointRegisterForExitingEndpoint + 18 fffff80777cc2822 6 bytes {CALL 0x67a7e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointUnRegisterForExitingEndpoint + 18 fffff80777cc2852 6 bytes {CALL 0x67a4e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsQueryConnectionRedirectState0 + 27 fffff80777cc288b 6 bytes {CALL 0x67a15}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsQueryConnectionSioFormatRedirectRecords0 + 27 fffff80777cc28bb 6 bytes {CALL 0x679e5}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsRequestEndpointDeleteNotification0 + 71 fffff80777cc2977 6 bytes {CALL 0x67929}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsSignalIPsecDecryptCompleteIkeV20 + 18 fffff80777cc29c2 6 bytes {CALL 0x678de}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsStreamContinue0 + 47 fffff80777cc2a0f 6 bytes {CALL 0x67891}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableClear0 + 45 fffff80777cc2a6d 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableClear0 + 52 fffff80777cc2a74 5 bytes {CALL 0xfffffffffbb7b88c}

.text ... * 5

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsVirtualIfTunnelInfoSet0 + 104 fffff80777cc2b88 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsVirtualIfTunnelInfoSet0 + 111 fffff80777cc2b8f 5 bytes {CALL 0xffffffffffbfed31}

.text C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpFreeMemory0 + 16 fffff80777cc2bd0 6 bytes {CALL 0x676d0}

.text C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpGetEnterpriseId0 + 25 fffff80777cc2c09 6 bytes {CALL 0x67697}

.text C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpGetEnterpriseIdAsync0 + 45 fffff80777cc2c4d 6 bytes {CALL 0x67653}

.text C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpGetEnterpriseIdClose0 + 16 fffff80777cc2c70 6 bytes {CALL 0x67630}

.text C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpNotifyProcessTokenChange0 + 44 fffff80777cc2cbc 6 bytes {CALL 0x675e4}

.text C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpNotifyProcessTokenChange0 + 72 fffff80777cc2cd8 6 bytes {CALL 0x675c8}

.text ... * 2

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiParseIPv6Protocol0 + 98 fffff80777cc2e62 6 bytes {CALL 0x6743e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpiParseIPv6Protocol0 + 218 fffff80777cc2eda 2 bytes [4C, 8B]

.text ... * 16

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppAllocateNetioCloneNetBufferList + 124 fffff80777cc314c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppAllocateNetioCloneNetBufferList + 131 fffff80777cc3153 5 bytes {CALL 0xffffffffffa7933d}

.text ... * 18

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppDeepCloneNetBufferList + 39 fffff80777cc3487 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppDeepCloneNetBufferList + 46 fffff80777cc348e 5 bytes {CALL 0xffffffffffa79002}

.text ... * 21

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppFreeDeepCloneNetBufferList + 28 fffff80777cc389c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppFreeDeepCloneNetBufferList + 35 fffff80777cc38a3 5 bytes {CALL 0xffffffffffbedbbd}

.text ... * 27

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateCloneNetBufferList0 + 60 fffff80777cc45ec 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateCloneNetBufferList0 + 67 fffff80777cc45f3 5 bytes {CALL 0xffffffffffc48acd}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateNetBufferAndNetBufferList0 + 91 fffff80777cc46cb 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateNetBufferAndNetBufferList0 + 98 fffff80777cc46d2 5 bytes {CALL 0xffffffffffa7864e}

.text ... * 8

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCloneStreamData0 + 176 fffff80777cc4890 6 bytes {CALL 0x65a10}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCloneStreamData0 + 284 fffff80777cc48fc 6 bytes {CALL 0x659a4}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsDereferenceNetBufferList0 + 16 fffff80777cc4960 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsDereferenceNetBufferList0 + 23 fffff80777cc4967 5 bytes {CALL 0xffffffffffc48759}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeCloneNetBufferList0 + 105 fffff80777cc4a59 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeCloneNetBufferList0 + 112 fffff80777cc4a60 5 bytes {CALL 0xffffffffffc48660}

.text ... * 19

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeNetBufferList0 + 76 fffff80777cc4c6c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeNetBufferList0 + 83 fffff80777cc4c73 5 bytes {CALL 0xffffffffffc4844d}

.text ... * 25

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReassembleForwardFragmentGroup0 + 281 fffff80777cc51d9 6 bytes {CALL 0x650c7}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReassembleForwardFragmentGroup0 + 400 fffff80777cc5250 2 bytes [4C, 8B]

.text ... * 11

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReferenceNetBufferList0 + 16 fffff80777cc5640 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReferenceNetBufferList0 + 23 fffff80777cc5647 5 bytes {CALL 0xffffffffffc47a79}

.text ... * 9

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppDereferencevSwitchNblContext + 22 fffff80777cc5776 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppDereferencevSwitchNblContext + 29 fffff80777cc577d 5 bytes {CALL 0xfffffffffbea4923}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppGetvSwitchNblContext + 252 fffff80777cc588c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppGetvSwitchNblContext + 259 fffff80777cc5893 5 bytes {CALL 0xfffffffffbba454d}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCopyVmSwitchNblInfo + 15 fffff80777cc5b3f 6 bytes {CALL 0x64761}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCopyVmSwitchNblInfo + 153 fffff80777cc5bc9 2 bytes [4C, 8B]

.text ... * 4

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCreateNotify + 97 fffff80777cc5c81 6 bytes {CALL 0x6461f}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCreateNotify + 200 fffff80777cc5ce8 2 bytes [4C, 8B]

.text ... * 2

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchDeleteNotify + 76 fffff80777cc5dcc 6 bytes {CALL 0x644d4}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchFreeVmSwitchNblInfo + 15 fffff80777cc5e0f 6 bytes {CALL 0x64491}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchGetDestinationArray + 15 fffff80777cc5e5f 6 bytes {CALL 0x64441}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchGetDestinationInterface + 15 fffff80777cc5e7f 6 bytes {CALL 0x64421}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchLwfReorderEventNotify + 124 fffff80777cc5f0c 6 bytes {CALL 0x64394}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchLwfReorderEventNotify + 242 fffff80777cc5f82 6 bytes {CALL 0x6431e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPolicyEventNotify + 204 fffff80777cc60ac 6 bytes {CALL 0x641f4}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPolicyEventNotify + 317 fffff80777cc611d 6 bytes {CALL 0x64183}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPortEventNotify + 231 fffff80777cc6237 6 bytes {CALL 0x64069}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPortEventNotify + 360 fffff80777cc62b8 6 bytes {CALL 0x63fe8}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateRestoreNotify + 375 fffff80777cc6467 6 bytes {CALL 0x63e39}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateRestoreNotify + 532 fffff80777cc6504 6 bytes {CALL 0x63d9c}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateSaveNotify + 257 fffff80777cc6681 6 bytes {CALL 0x63c1f}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateSaveNotify + 499 fffff80777cc6773 6 bytes {CALL 0x63b2d}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsSubscribe0 + 273 fffff80777cc6971 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsSubscribe0 + 280 fffff80777cc6978 5 bytes {CALL 0xfffffffffbba3468}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsUnsubscribe0 + 129 fffff80777cc6a51 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsUnsubscribe0 + 136 fffff80777cc6a58 5 bytes {CALL 0xfffffffffbba3388}

.text ... * 3

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchNotifyComplete0 + 184 fffff80777cc6b78 6 bytes {CALL 0x63728}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchNotifyComplete0 + 210 fffff80777cc6b92 6 bytes {CALL 0x6370e}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireClassifyHandle0 + 49 fffff80777cc6be1 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireClassifyHandle0 + 56 fffff80777cc6be8 5 bytes {CALL 0xffffffffffc355f8}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireWritableLayerDataPointer0 + 37 fffff80777cc6c25 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireWritableLayerDataPointer0 + 44 fffff80777cc6c2c 5 bytes {CALL 0xffffffffffc357b4}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsApplyModifiedLayerData0 + 14 fffff80777cc6c6e 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsApplyModifiedLayerData0 + 21 fffff80777cc6c75 5 bytes {CALL 0xffffffffffc35adb}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCompleteClassify0 + 9 fffff80777cc6c99 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCompleteClassify0 + 16 fffff80777cc6ca0 5 bytes {CALL 0xffffffffffc35b80}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsPendClassify0 + 44 fffff80777cc6cdc 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsPendClassify0 + 51 fffff80777cc6ce3 5 bytes {CALL 0xffffffffffc3606d}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReleaseClassifyHandle0 + 9 fffff80777cc6d09 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReleaseClassifyHandle0 + 16 fffff80777cc6d10 5 bytes {CALL 0xffffffffffc36300}

.text ... * 8

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsConstructIpHeaderForTransportPacket0 + 263 fffff80777cc85e7 6 bytes {CALL 0x61cb9}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsConstructIpHeaderForTransportPacket0 + 327 fffff80777cc8627 6 bytes {CALL 0x61c79}

.text ... * 4

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectForwardAsync0 + 58 fffff80777cc876a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectForwardAsync0 + 65 fffff80777cc8771 5 bytes {CALL 0xfffffffffbb9de8f}

.text ... * 6

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkReceiveAsync0 + 52 fffff80777cc8a44 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkReceiveAsync0 + 59 fffff80777cc8a4b 5 bytes {CALL 0xfffffffffbb9dbb5}

.text ... * 6

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkSendAsync0 + 60 fffff80777cc8c6c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkSendAsync0 + 67 fffff80777cc8c73 5 bytes {CALL 0xfffffffffbb9d98d}

.text ... * 8

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectTransportReceiveAsync0 + 70 fffff80777cc8ee6 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectTransportReceiveAsync0 + 77 fffff80777cc8eed 5 bytes {CALL 0xfffffffffbb9d713}

.text ... * 8

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsStreamInjectAsync0 + 247 fffff80777cc9407 6 bytes {CALL 0x60e99}

.text C:\Windows\System32\drivers\fwpkclnt.sys!FwpsStreamInjectAsync0 + 424 fffff80777cc94b8 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterById0 + 27 fffff80777cf61eb 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterById0 + 34 fffff80777cf61f2 5 bytes {CALL 0xfffffffffbbe671e}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterDeleteByKey0 + 413 fffff80777cf65ad 6 bytes {CALL 0x33cf3}

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterDeleteByKey0 + 554 fffff80777cf663a 2 bytes [4C, 8B]

PAGE ... * 2

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwppDispatchDevCtl0 + 508 fffff80777cf694c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwppDispatchDevCtl0 + 515 fffff80777cf6953 5 bytes {CALL 0xfffffffffbb36e1d}

PAGE ... * 10

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister3 + 82 fffff80777cf6e32 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister3 + 89 fffff80777cf6e39 5 bytes {CALL 0xfffffffffbbe5ad7}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegisterWithoutDevice0 + 62 fffff80777cf6ece 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegisterWithoutDevice0 + 69 fffff80777cf6ed5 5 bytes {CALL 0xfffffffffbbe5a3b}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwppBfeStateGetResetCount0 + 71 fffff80777cf7357 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwppBfeStateGetResetCount0 + 78 fffff80777cf735e 5 bytes {CALL 0xfffffffffbc13092}

PAGE ... * 6

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateSubscribeChangesWithoutDevice0 + 229 fffff80777cf7645 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateSubscribeChangesWithoutDevice0 + 236 fffff80777cf764c 5 bytes {CALL 0xfffffffffbc12da4}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterAdd0 + 304 fffff80777cf7b40 6 bytes {CALL 0x32760}

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterAdd0 + 366 fffff80777cf7b7e 2 bytes [4C, 8B]

PAGE ... * 25

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister0 + 101 fffff80777cf8bd5 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister0 + 108 fffff80777cf8bdc 5 bytes {CALL 0xfffffffffbbe3d34}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister1 + 101 fffff80777cf8c95 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister1 + 108 fffff80777cf8c9c 5 bytes {CALL 0xfffffffffbbe3c74}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister2 + 101 fffff80777cf8d55 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister2 + 108 fffff80777cf8d5c 5 bytes {CALL 0xfffffffffbbe3bb4}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterByKey0 + 60 fffff80777cf8dec 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterByKey0 + 67 fffff80777cf8df3 5 bytes {CALL 0xfffffffffbbe3b1d}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateUnsubscribeChanges0 + 121 fffff80777cf8eb9 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateUnsubscribeChanges0 + 128 fffff80777cf8ec0 5 bytes {CALL 0xfffffffffbc11530}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketAddAsync0 + 169 fffff80777cfc429 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketAddAsync0 + 176 fffff80777cfc430 5 bytes {CALL 0xfffffffffe9c0940}

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketDeleteByKeyAsync0 + 124 fffff80777cfc57c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketDeleteByKeyAsync0 + 131 fffff80777cfc583 5 bytes {CALL 0xfffffffffe9c07ed}

.text C:\Windows\System32\Drivers\mup.sys!MupPinKnownPrefix + 133 fffff80777f13375 2 bytes [4C, 8B]

.text C:\Windows\System32\Drivers\mup.sys!MupPinKnownPrefix + 140 fffff80777f1337c 1 byte [E8]

.text ... * 7

.text C:\Windows\System32\Drivers\mup.sys!MupUnpinKnownPrefix + 99 fffff80777f13573 2 bytes [4C, 8B]

.text C:\Windows\System32\Drivers\mup.sys!MupUnpinKnownPrefix + 106 fffff80777f1357a 5 bytes {CALL 0xfffffffffb92a626}

.text ... * 16

.text C:\Windows\System32\Drivers\mup.sys!DllInitialize + 101 fffff80777f141b5 2 bytes [4C, 8B]

.text C:\Windows\System32\Drivers\mup.sys!DllInitialize + 108 fffff80777f141bc 5 bytes {CALL 0xfffffffffb9fa564}

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateCheckNegativeCache + 141 fffff80777f1d14d 2 bytes {JMP 0xffffffffffffffee}

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateCheckNegativeCache + 148 fffff80777f1d154 5 bytes {CALL 0xfffffffffb8e5b1c}

PAGE ... * 12

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateGetUncProviderDeviceObject + 148 fffff80777f208d4 2 bytes [4C, 8B]

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateGetUncProviderDeviceObject + 155 fffff80777f208db 5 bytes {CALL 0xfffffffffbf285a5}

PAGE ... * 10

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProviderEx + 108 fffff80777f23f9c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProviderEx + 115 fffff80777f23fa3 5 bytes {CALL 0xfffffffffb919bfd}

PAGE ... * 14

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProvider + 134 fffff80777f243a6 2 bytes [4C, 8B]

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProvider + 141 fffff80777f243ad 5 bytes {CALL 0xfffffffffbc45cf3}

PAGE ... * 15

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateDeregisterProvider + 85 fffff80777f29635 2 bytes [4C, 8B]

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateDeregisterProvider + 92 fffff80777f2963c 5 bytes {CALL 0xfffffffffb914564}

PAGE ... * 11

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateSetUndecoratedFileName + 130 fffff80777f29b02 2 bytes [4C, 8B]

PAGE C:\Windows\System32\Drivers\mup.sys!MupSurrogateSetUndecoratedFileName + 137 fffff80777f29b09 5 bytes {CALL 0xfffffffffbc40507}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendIrpSynchronous + 42 fffff80777f91a2a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendIrpSynchronous + 49 fffff80777f91a31 5 bytes {CALL 0xfffffffffb89f2df}

.text ... * 5

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSignalCompletion + 20 fffff80777f91ac4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSignalCompletion + 27 fffff80777f91acb 5 bytes {CALL 0xfffffffffb8b5ee5}

.text ... * 9

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbSynchronous + 205 fffff80777f91d8d 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbSynchronous + 212 fffff80777f91d94 5 bytes {CALL 0xfffffffffbbd827c}

.text ... * 11

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCompleteRequest + 71 fffff80777f93d27 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCompleteRequest + 78 fffff80777f93d2e 5 bytes {CALL 0xfffffffffb96e012}

.text ... * 3

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoComplete + 562 fffff80777f94032 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoComplete + 569 fffff80777f94039 5 bytes {CALL 0xfffffffffb96dd07}

.text ... * 3

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeviceControl + 104 fffff80777f94158 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeviceControl + 111 fffff80777f9415f 5 bytes {CALL 0xfffffffffb96dbe1}

.text ... * 20

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseRemoveLock + 38 fffff80777f96556 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseRemoveLock + 45 fffff80777f9655d 5 bytes {CALL 0xfffffffffb970913}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireRemoveLockEx + 21 fffff80777f965d5 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireRemoveLockEx + 28 fffff80777f965dc 5 bytes {CALL 0xfffffffffb96f814}

.text ... * 21

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReadDriveCapacity + 228 fffff80777f99964 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReadDriveCapacity + 235 fffff80777f9996b 5 bytes {CALL 0xfffffffffb8973a5}

.text ... * 11

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSpinDownPowerHandler + 524 fffff80777f9a49c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSpinDownPowerHandler + 531 fffff80777f9a4a3 5 bytes {CALL 0xfffffffffb9d7e1d}

.text ... * 4

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInterpretSenseInfo + 937 fffff80777f9c459 6 bytes {CALL 0x5ee47}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetMediaChangeState + 156 fffff80777f9d17c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetMediaChangeState + 163 fffff80777f9d183 5 bytes {CALL 0xfffffffffb89d23d}

.text ... * 7

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCheckMediaState + 326 fffff80777f9e616 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCheckMediaState + 333 fffff80777f9e61d 5 bytes {CALL 0xfffffffffb893653}

.text ... * 5

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseChildLock + 33 fffff80777f9e8d1 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseChildLock + 40 fffff80777f9e8d8 5 bytes {CALL 0xfffffffffb8a90d8}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbAsynchronous + 335 fffff80777f9ea9f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbAsynchronous + 342 fffff80777f9eaa6 5 bytes {CALL 0xfffffffffb8931ca}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassForwardIrpSynchronous + 492 fffff80777fa233c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassForwardIrpSynchronous + 499 fffff80777fa2343 5 bytes {CALL 0xfffffffffb94f06d}

.text ... * 3

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassNotifyFailurePredicted + 142 fffff80777fb0d6e 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassNotifyFailurePredicted + 149 fffff80777fb0d75 5 bytes {CALL 0xfffffffffb9c167b}

.text ... * 8

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendNotification + 81 fffff80777fb0f31 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendNotification + 88 fffff80777fb0f38 5 bytes {CALL 0xfffffffffbbb90d8}

.text ... * 5

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAsynchronousCompletion + 145 fffff80777fb1fc1 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAsynchronousCompletion + 152 fffff80777fb1fc8 5 bytes {CALL 0xfffffffffb897de8}

.text ... * 13

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDriverExtension + 11 fffff80777fb252b 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDriverExtension + 18 fffff80777fb2532 5 bytes {CALL 0xfffffffffb982d9e}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInternalIoControl + 180 fffff80777fb2614 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInternalIoControl + 187 fffff80777fb261b 5 bytes {CALL 0xfffffffffb87f655}

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseQueue + 216 fffff80777fb2738 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseQueue + 223 fffff80777fb273f 5 bytes {CALL 0xfffffffffb8f76c1}

.text ... * 3

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendStartUnit + 47 fffff80777fb28bf 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendStartUnit + 54 fffff80777fb28c6 5 bytes {CALL 0xfffffffffbbb774a}

.text ... * 9

.text C:\Windows\System32\drivers\CLASSPNP.SYS!DllUnload + 19 fffff80777fb5943 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!DllUnload + 26 fffff80777fb594a 5 bytes {CALL 0xfffffffffb96d266}

.text ... * 11

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassWmiFireEvent + 70 fffff80777fb75f6 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassWmiFireEvent + 77 fffff80777fb75fd 5 bytes {CALL 0xfffffffffbbb2a13}

.text ... * 20

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassStopUnitPowerHandler + 363 fffff80777fb7f7b 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassStopUnitPowerHandler + 370 fffff80777fb7f82 5 bytes {CALL 0xfffffffffb9b8ace}

.text ... * 5

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoCompleteAssociated + 643 fffff80777fc31e3 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoCompleteAssociated + 650 fffff80777fc31ea 5 bytes {CALL 0xfffffffffbad3b66}

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendDeviceIoControlSynchronous + 48 fffff80777fd8040 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendDeviceIoControlSynchronous + 55 fffff80777fd8047 5 bytes {CALL 0xfffffffffb8cc8c9}

PAGE ... * 9

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassRemoveDevice + 46 fffff80777fd994e 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassRemoveDevice + 53 fffff80777fd9955 5 bytes {CALL 0xfffffffffb95b97b}

PAGE ... * 30

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireChildLock + 48 fffff80777fd9fd0 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireChildLock + 55 fffff80777fd9fd7 5 bytes {CALL 0xfffffffffb8603e9}

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCleanupMediaChangeDetection + 240 fffff80777fda0f0 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCleanupMediaChangeDetection + 247 fffff80777fda0f7 5 bytes {CALL 0xfffffffffbb8ff19}

PAGE ... * 7

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeleteSrbLookasideList + 27 fffff80777fda92b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeleteSrbLookasideList + 34 fffff80777fda932 5 bytes {CALL 0xfffffffffb997f5e}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCreateDeviceObject + 64 fffff80777fda9e0 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCreateDeviceObject + 71 fffff80777fda9e7 5 bytes {CALL 0xfffffffffbf53c89}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDeviceParameter + 92 fffff80777fdad3c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDeviceParameter + 99 fffff80777fdad43 5 bytes {CALL 0xfffffffffbef0a4d}

PAGE ... * 27

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDescriptor + 157 fffff80777fdba5d 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDescriptor + 164 fffff80777fdba64 5 bytes {CALL 0xfffffffffbb8e5ac}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassScanForSpecial + 299 fffff80777fdc41b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassScanForSpecial + 306 fffff80777fdc422 5 bytes {CALL 0xfffffffffb9bdb3e}

PAGE ... * 13

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassQueryTimeOutRegistryValue + 30 fffff80777fdc5ee 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassQueryTimeOutRegistryValue + 37 fffff80777fdc5f5 5 bytes {CALL 0xfffffffffb958cdb}

PAGE ... * 22

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassClaimDevice + 117 fffff80777fdd275 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassClaimDevice + 124 fffff80777fdd27c 5 bytes {CALL 0xfffffffffb853a94}

PAGE ... * 5

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeSrbLookasideList + 82 fffff80777fdd382 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeSrbLookasideList + 89 fffff80777fdd389 5 bytes {CALL 0xfffffffffb993437}

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitialize + 177 fffff80777fdd451 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitialize + 184 fffff80777fdd458 5 bytes {CALL 0xfffffffffb8606f8}

PAGE ... * 30

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeEx + 28 fffff80777fddefc 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeEx + 35 fffff80777fddf03 5 bytes {CALL 0xfffffffffb9573cd}

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetFailurePredictionPoll + 67 fffff80777fde023 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetFailurePredictionPoll + 74 fffff80777fde02a 5 bytes {CALL 0xfffffffffbb8bfe6}

PAGE ... * 21

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDisableMediaChangeDetection + 37 fffff80777fe2785 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDisableMediaChangeDetection + 44 fffff80777fe278c 5 bytes {CALL 0xfffffffffb857c34}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassEnableMediaChangeDetection + 125 fffff80777fe286d 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassEnableMediaChangeDetection + 132 fffff80777fe2874 5 bytes {CALL 0xfffffffffb857b4c}

PAGE ... * 3

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeMediaChangeDetection + 539 fffff80777fe2b7b 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeMediaChangeDetection + 546 fffff80777fe2b82 5 bytes {CALL 0xfffffffffb94707e}

PAGE ... * 15

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInvalidateBusRelations + 28 fffff80777fe471c 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInvalidateBusRelations + 35 fffff80777fe4723 5 bytes {CALL 0xfffffffffb950bad}

PAGE ... * 4

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassModeSenseEx + 64 fffff80777fe4870 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassModeSenseEx + 71 fffff80777fe4877 5 bytes {CALL 0xfffffffffb950a59}

PAGE ... * 20

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassUpdateInformationInRegistry + 418 fffff80777fe4e22 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassUpdateInformationInRegistry + 425 fffff80777fe4e29 5 bytes {CALL 0xfffffffffb880747}

PAGE ... * 24

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetFsContext + 113 fffff80777fe5761 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetFsContext + 120 fffff80777fe5768 5 bytes {CALL 0xfffffffffb8f71a8}

PAGE ... * 6

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetDeviceParameter + 63 fffff80777fe596f 2 bytes [4C, 8B]

PAGE C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetDeviceParameter + 70 fffff80777fe5976 5 bytes {CALL 0xfffffffffbee5e1a}

PAGE C:\Windows\System32\Drivers\crashdmp.sys!DriverEntry + 99 fffff807807f3073 2 bytes [4C, 8B]

PAGE C:\Windows\System32\Drivers\crashdmp.sys!DriverEntry + 106 fffff807807f307a 3 bytes [E8, A1, A3]

.text C:\Windows\system32\drivers\tbs.sys!DllInitialize + 272 fffff80780551120 5 bytes JMP fffff8078055e2e0

.text C:\Windows\system32\drivers\tbs.sys!Tbsi_Context_Create + 229 fffff80780552125 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\tbs.sys!Tbsi_Context_Create + 236 fffff8078055212c 5 bytes {CALL 0xfffffffff3466f84}

.text ... * 3

.text C:\Windows\system32\drivers\tbs.sys!Tbsi_GetDeviceInfo + 124 fffff8078055229c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\tbs.sys!Tbsi_GetDeviceInfo + 131 fffff807805522a3 5 bytes {CALL 0xfffffffff3466e0d}

.text ... * 3

.text C:\Windows\system32\drivers\tbs.sys!Tbsip_Context_Close + 4 fffff80780552ce4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\tbs.sys!Tbsip_Context_Close + 11 fffff80780552ceb 5 bytes {CALL 0xfffffffff34663c5}

.text ... * 3

.text C:\Windows\system32\drivers\tbs.sys!Tbsip_TestMorBit + 458 fffff8078055302a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\tbs.sys!Tbsip_TestMorBit + 465 fffff80780553031 5 bytes {CALL 0xfffffffff331d68f}

.text C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetCommitVidPnStatus + 38 fffff807814613f6 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetCommitVidPnStatus + 45 fffff807814613fd 5 bytes {CALL 0xfffffffff24b3863}

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdError + 168 fffff80781461c38 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdError + 175 fffff80781461c3f 5 bytes {CALL 0xfffffffff23a0451}

.text ... * 17

.text C:\Windows\System32\drivers\watchdog.sys!SMgrRegisterSessionChangeCallout + 48 fffff80781461e70 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!SMgrRegisterSessionChangeCallout + 55 fffff80781461e77 5 bytes {CALL 0xfffffffff23d8549}

.text ... * 5

.text C:\Windows\System32\drivers\watchdog.sys!WdIsDebuggerPresent + 8 fffff80781461f38 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdIsDebuggerPresent + 15 fffff80781461f3f 5 bytes {CALL 0xfffffffff251b391}

.text ... * 2

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdAssertion + 44 fffff80781463e5c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdAssertion + 51 fffff80781463e63 5 bytes {CALL 0xfffffffff240279d}

.text ... * 15

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdCriticalError + 20 fffff807814640d4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdCriticalError + 27 fffff807814640db 5 bytes {CALL 0xfffffffff2402525}

.text ... * 5

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdDebug + 43 fffff807814641db 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdDebug + 50 fffff807814641e2 5 bytes {CALL 0xfffffffff240241e}

.text ... * 16

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdLowResource + 43 fffff8078146446b 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdLowResource + 50 fffff80781464472 5 bytes {CALL 0xfffffffff240218e}

.text ... * 15

.text C:\Windows\System32\drivers\watchdog.sys!WdQueryDebugFlag + 52 fffff80781464a14 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdQueryDebugFlag + 59 fffff80781464a1b 5 bytes {CALL 0xfffffffff255fd05}

.text ... * 9

.text C:\Windows\System32\drivers\watchdog.sys!SMgrUnregisterSessionChangeCallout + 35 fffff80781464ad3 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!SMgrUnregisterSessionChangeCallout + 42 fffff80781464ada 5 bytes {CALL 0xfffffffff23d58e6}

.text ... * 3

.text C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetSetTimingPathInfo + 75 fffff80781464b6b 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetSetTimingPathInfo + 82 fffff80781464b72 5 bytes {CALL 0xfffffffff24b00ee}

.text ... * 7

.text C:\Windows\System32\drivers\watchdog.sys!WdEnterMonitoredSection + 47 fffff80781464d1f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdEnterMonitoredSection + 54 fffff80781464d26 5 bytes {CALL 0xfffffffff24450da}

.text ... * 3

.text C:\Windows\System32\drivers\watchdog.sys!WdExitMonitoredSection + 31 fffff80781464daf 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdExitMonitoredSection + 38 fffff80781464db6 5 bytes {CALL 0xfffffffff244504a}

.text ... * 3

.text C:\Windows\System32\drivers\watchdog.sys!WdResetDeferredWatch + 17 fffff80781464e31 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdResetDeferredWatch + 24 fffff80781464e38 5 bytes {CALL 0xfffffffff2444fc8}

.text ... * 3

.text C:\Windows\System32\drivers\watchdog.sys!WdStartDeferredWatch + 33 fffff80781464ed1 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdStartDeferredWatch + 40 fffff80781464ed8 5 bytes {CALL 0xfffffffff2444f28}

.text ... * 5

.text C:\Windows\System32\drivers\watchdog.sys!WdStopDeferredWatch + 22 fffff80781464f76 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdStopDeferredWatch + 29 fffff80781464f7d 5 bytes {CALL 0xfffffffff2444e83}

.text ... * 9

.text C:\Windows\System32\drivers\watchdog.sys!WdSuspendDeferredWatch + 33 fffff80781465071 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdSuspendDeferredWatch + 40 fffff80781465078 5 bytes {CALL 0xfffffffff23c2ab8}

.text ... * 15

.text C:\Windows\System32\drivers\watchdog.sys!WdResetWatch + 22 fffff80781465356 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdResetWatch + 29 fffff8078146535d 5 bytes {CALL 0xfffffffff2444aa3}

.text ... * 7

.text C:\Windows\System32\drivers\watchdog.sys!WdResumeWatch + 39 fffff80781465417 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdResumeWatch + 46 fffff8078146541e 5 bytes {CALL 0xfffffffff24449e2}

.text ... * 7

.text C:\Windows\System32\drivers\watchdog.sys!WdStartWatch + 47 fffff8078146550f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdStartWatch + 54 fffff80781465516 5 bytes {CALL 0xfffffffff24448ea}

.text ... * 7

.text C:\Windows\System32\drivers\watchdog.sys!WdStopWatch + 30 fffff807814655de 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdStopWatch + 37 fffff807814655e5 5 bytes {CALL 0xfffffffff244481b}

.text ... * 7

.text C:\Windows\System32\drivers\watchdog.sys!WdSuspendWatch + 22 fffff807814656b6 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdSuspendWatch + 29 fffff807814656bd 5 bytes {CALL 0xfffffffff2444743}

.text ... * 20

.text C:\Windows\System32\drivers\watchdog.sys!WdAttachContext + 20 fffff807814658b4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdAttachContext + 27 fffff807814658bb 5 bytes {CALL 0xfffffffff2704755}

.text C:\Windows\System32\drivers\watchdog.sys!WdCompleteEvent + 30 fffff807814658ee 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdCompleteEvent + 37 fffff807814658f5 5 bytes {CALL 0xfffffffff23d2f5b}

.text C:\Windows\System32\drivers\watchdog.sys!WdDetachContext + 15 fffff8078146595f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdDetachContext + 22 fffff80781465966 5 bytes {CALL 0xfffffffff270473a}

.text C:\Windows\System32\drivers\watchdog.sys!WdGetDeviceObject + 13 fffff8078146598d 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdGetDeviceObject + 20 fffff80781465994 5 bytes {CALL 0xfffffffff23d2f8c}

.text C:\Windows\System32\drivers\watchdog.sys!WdGetLowestDeviceObject + 8 fffff807814659c8 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdGetLowestDeviceObject + 15 fffff807814659cf 5 bytes {CALL 0xfffffffff23ffe51}

.text C:\Windows\System32\drivers\watchdog.sys!WdReferenceObject + 25 fffff807814659f9 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdReferenceObject + 32 fffff80781465a00 5 bytes {CALL 0xfffffffff23d2e50}

.text ... * 5

.text C:\Windows\System32\drivers\watchdog.sys!WdDiagIsTracingEnabled + 19 fffff80781465b63 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\watchdog.sys!WdDiagIsTracingEnabled + 26 fffff80781465b6a 5 bytes {CALL 0xfffffffff23da996}

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiMapUserRequest + 141 fffff8078153116d 3 bytes [4C, 8B, 15]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiMapUserRequest + 148 fffff80781531174 5 bytes JMP fffff80773999140

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiInitialize + 176 fffff80781531230 5 bytes JMP fffff807815402e0

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEAllocateString + 31 fffff80781531adf 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEAllocateString + 38 fffff80781531ae6 5 bytes {CALL 0xfffffffff263852a}

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEBlock + 32 fffff80781531b40 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEBlock + 39 fffff80781531b47 5 bytes {CALL 0xfffffffff2308879}

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitEvent + 23 fffff80781531bc7 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitEvent + 30 fffff80781531bce 5 bytes {CALL 0xfffffffff2369f72}

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitString + 30 fffff80781531c1e 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitString + 37 fffff80781531c25 5 bytes {CALL 0xfffffffff233394b}

.text ... * 8

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitTimer + 33 fffff80781531cc1 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitTimer + 40 fffff80781531cc8 5 bytes {CALL 0xfffffffff237d938}

.text ... * 3

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInsertBlockTracker + 33 fffff80781531d21 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEInsertBlockTracker + 40 fffff80781531d28 5 bytes {CALL 0xfffffffff23780d8}

.text ... * 3

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTERemoveBlockTracker + 16 fffff80781531d90 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTERemoveBlockTracker + 23 fffff80781531d97 5 bytes {CALL 0xfffffffff2378069}

.text ... * 3

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleCriticalEvent + 30 fffff80781531dfe 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleCriticalEvent + 37 fffff80781531e05 5 bytes {CALL 0xfffffffff2377ffb}

.text ... * 5

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleDelayedEvent + 30 fffff80781531e8e 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleDelayedEvent + 37 fffff80781531e95 5 bytes {CALL 0xfffffffff2377f6b}

.text ... * 5

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTESignal + 15 fffff80781531f0f 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTESignal + 22 fffff80781531f16 5 bytes {CALL 0xfffffffff2315a9a}

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEStartTimer + 41 fffff80781531f59 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTEStartTimer + 48 fffff80781531f60 5 bytes {CALL 0xfffffffff23397d0}

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTESystemUpTime + 108 fffff80781531fec 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!CTESystemUpTime + 115 fffff80781531ff3 5 bytes {CALL 0xfffffffff2377e0d}

.text ... * 7

.text C:\Windows\system32\DRIVERS\TDI.SYS!DllInitialize + 16 fffff80781532080 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!DllInitialize + 23 fffff80781532087 5 bytes {CALL 0xfffffffff2369ab9}

.text ... * 11

.text C:\Windows\system32\DRIVERS\TDI.SYS!DllUnload + 4 fffff80781532194 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!DllUnload + 11 fffff8078153219b 5 bytes {CALL 0xfffffffff627b6f5}

.text ... * 3

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyBufferToMdlWithReservedMappingAtDpcLevel + 79 fffff8078153230f 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyBufferToMdlWithReservedMappingAtDpcLevel + 86 fffff80781532316 5 bytes {CALL 0xfffffffff22f581a}

.text ... * 11

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlChainToMdlChain + 102 fffff807815324a6 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlChainToMdlChain + 109 fffff807815324ad 5 bytes {CALL 0xfffffffff22ed643}

.text ... * 11

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlToBuffer + 78 fffff8078153274e 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlToBuffer + 85 fffff80781532755 5 bytes {CALL 0xfffffffff22ed39b}

.text ... * 7

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiOpenNetbiosAddress + 356 fffff80781532ab4 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiOpenNetbiosAddress + 363 fffff80781532abb 5 bytes {CALL 0xfffffffff28faab5}

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiReturnChainedReceives + 4 fffff80781532af4 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiReturnChainedReceives + 11 fffff80781532afb 5 bytes {CALL 0xfffffffff6295e95}

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiEnumerateAddresses + 102 fffff80781532d36 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiEnumerateAddresses + 109 fffff80781532d3d 5 bytes {CALL 0xfffffffff23770c3}

.text ... * 22

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiGet9FTriageBlock + 86 fffff807815332a6 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiGet9FTriageBlock + 93 fffff807815332ad 5 bytes {CALL 0xfffffffff28f30e3}

.text ... * 28

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiIsIPTransportSupported + 16 fffff80781533990 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiIsIPTransportSupported + 23 fffff80781533997 5 bytes {CALL 0xfffffffff29ab379}

.text ... * 25

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerComplete + 135 fffff80781533f47 4 bytes [E8, 54, C3, 00]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerComplete + 140 fffff80781533f4c 1 byte [90]

.text ... * 11

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerRequest + 41 fffff80781534019 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerRequest + 48 fffff80781534020 5 bytes {CALL 0xfffffffff2635ff0}

.text ... * 25

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterDeviceObject + 38 fffff80781534346 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterDeviceObject + 45 fffff8078153434d 5 bytes {CALL 0xfffffffff2635cc3}

.text ... * 11

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterNetAddress + 49 fffff80781534471 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterNetAddress + 56 fffff80781534478 5 bytes {CALL 0xfffffffff2635b98}

.text ... * 16

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterPnPHandlers + 82 fffff807815346d2 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterPnPHandlers + 89 fffff807815346d9 5 bytes {CALL 0xfffffffff2635937}

.text ... * 17

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterProvider + 38 fffff807815348b6 2 bytes [4C, 8B]

.text C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterProvider + 45 fffff807815348bd 5 bytes {CALL 0xfffffffff2635753}

.text C:\Windows\System32\drivers\vwififlt.sys!DllInitialize + 749 fffff80780cf20bd 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\vwififlt.sys!DllInitialize + 756 fffff80780cf20c4 5 bytes {CALL 0xfffffffff6a5812c}

.text ... * 3

.text C:\Windows\System32\drivers\vwififlt.sys!FExCancelSendNetBufferLists + 126 fffff80780cfafde 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\vwififlt.sys!FExCancelSendNetBufferLists + 133 fffff80780cfafe5 5 bytes {CALL 0xfffffffff6ac246b}

.text C:\Windows\System32\drivers\vwififlt.sys!FExMpRegistrationComplete + 31 fffff80780cfb30f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\vwififlt.sys!FExMpRegistrationComplete + 38 fffff80780cfb316 5 bytes {CALL 0xfffffffff6a4eeda}

.text ... * 7

.text C:\Windows\System32\drivers\vwififlt.sys!FExRegisterMp + 631 fffff80780cfb747 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\vwififlt.sys!FExRegisterMp + 638 fffff80780cfb74e 5 bytes {CALL 0xfffffffff6a72792}

.text ... * 5

.text C:\Windows\System32\drivers\vwififlt.sys!FExStopMp + 899 fffff80780cfcb63 4 bytes [E8, 38, D7, 00]

.text C:\Windows\System32\drivers\vwififlt.sys!FExStopMp + 904 fffff80780cfcb68 1 byte [90]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvFlushEventLogBuffer + 731 fffff807818e13fb 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvFlushEventLogBuffer + 738 fffff807818e1402 5 bytes {CALL 0xfffffffff1f5764e}

.text ... * 7

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSignalEvent + 151 fffff807818e1647 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSignalEvent + 158 fffff807818e164e 5 bytes {CALL 0xfffffffff2260142}

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvGetVpRegisters + 301 fffff807818e17fd 3 bytes [4C, 8B, 15]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvGetVpRegisters + 308 fffff807818e1804 5 bytes JMP fffff80773999140

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateOverlayPages + 96 fffff807818e4140 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateOverlayPages + 103 fffff807818e4147 5 bytes {CALL 0xfffffffff2015419}

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvFreeOverlayPages + 4 fffff807818e41b4 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvFreeOverlayPages + 11 fffff807818e41bb 5 bytes {CALL 0xfffffffff2014585}

.text C:\Windows\System32\drivers\winhvr.sys!WinHvAllocatePartitionSintIndex + 151 fffff807818e4617 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvAllocatePartitionSintIndex + 158 fffff807818e461e 5 bytes {CALL 0xfffffffff1fcb9f2}

.text ... * 19

.text C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateSingleSintIndex + 157 fffff807818e48fd 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateSingleSintIndex + 164 fffff807818e4904 5 bytes {CALL 0xfffffffff1fcb70c}

.text ... * 15

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetSint + 72 fffff807818e4f38 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetSint + 79 fffff807818e4f3f 5 bytes {CALL 0xfffffffff201aea1}

.text ... * 5

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetSintOnCurrentProcessor + 191 fffff807818e50af 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetSintOnCurrentProcessor + 198 fffff807818e50b6 5 bytes {CALL 0xfffffffff1fcaf5a}

.text ... * 21

.text C:\Windows\System32\drivers\winhvr.sys!WinHvCancelTimer + 113 fffff807818e5581 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvCancelTimer + 120 fffff807818e5588 5 bytes {CALL 0xfffffffff1feb0a8}

.text ... * 9

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetAbsoluteTimer + 54 fffff807818e5706 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetAbsoluteTimer + 61 fffff807818e570d 5 bytes {CALL 0xfffffffff1f80ef3}

.text ... * 23

.text C:\Windows\System32\drivers\winhvr.sys!WinHvGetXsaveData + 202 fffff807818e5e4a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvGetXsaveData + 209 fffff807818e5e51 5 bytes {CALL 0xfffffffff228424f}

.text C:\Windows\System32\drivers\winhvr.sys!WinHvProcessorNumberToVpIndex + 27 fffff807818e5f8b 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvProcessorNumberToVpIndex + 34 fffff807818e5f92 5 bytes {CALL 0xfffffffff1fc980e}

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetXsaveData + 198 fffff807818e6166 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetXsaveData + 205 fffff807818e616d 5 bytes {CALL 0xfffffffff2283f33}

.text ... * 7

.text C:\Windows\System32\drivers\winhvr.sys!WinHvEnableVpVtl + 339 fffff807818e68d3 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvEnableVpVtl + 346 fffff807818e68da 5 bytes {CALL 0xfffffffff1f7fd26}

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvFinalizePartition + 53 fffff807818e7005 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvFinalizePartition + 60 fffff807818e700c 5 bytes {CALL 0xfffffffff1f7f5f4}

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetInterceptRoutine + 36 fffff807818e7354 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetInterceptRoutine + 43 fffff807818e735b 5 bytes {CALL 0xfffffffff1f516f5}

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetLowMemoryPolicyRoutine + 36 fffff807818e7434 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetLowMemoryPolicyRoutine + 43 fffff807818e743b 5 bytes {CALL 0xfffffffff1f51615}

.text ... * 3

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetPartitionProperty + 533 fffff807818e7705 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetPartitionProperty + 540 fffff807818e770c 5 bytes {CALL 0xfffffffff2282904}

.text ... * 9

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetLogicalProcessorRegisters + 335 fffff807818e8c1f 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetLogicalProcessorRegisters + 342 fffff807818e8c26 5 bytes {CALL 0xfffffffff203826a}

.text ... * 13

.text C:\Windows\System32\drivers\winhvr.sys!WinHvWithdrawAllMemory + 260 fffff807818e9594 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvWithdrawAllMemory + 267 fffff807818e959b 5 bytes {CALL 0xfffffffff201af35}

.text C:\Windows\System32\drivers\winhvr.sys!WinHvNotifyStandbyTransition + 188 fffff807818e969c 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvNotifyStandbyTransition + 195 fffff807818e96a3 5 bytes {CALL 0xfffffffff22809fd}

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetDispatchNotificationEvent + 190 fffff807818e9cbe 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\winhvr.sys!WinHvSetDispatchNotificationEvent + 197 fffff807818e9cc5 5 bytes {CALL 0xfffffffff2257a7b}

.text C:\Windows\System32\drivers\kdnic.sys!CreateNetworkAdapter + 33 fffff80781921751 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\kdnic.sys!CreateNetworkAdapter + 40 fffff80781921758 5 bytes {CALL 0xfffffffff2214218}

.text C:\Windows\system32\drivers\ks.sys!KsFreeObjectHeader + 65 fffff80781e11051 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsFreeObjectHeader + 72 fffff80781e11058 5 bytes {CALL 0xfffffffff1d59048}

.text ... * 14

.text C:\Windows\system32\drivers\ks.sys!KsGetFilterFromIrp + 306 fffff80781e117c2 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGetFilterFromIrp + 313 fffff80781e117c9 5 bytes {CALL 0xfffffffff1b88567}

.text ... * 13

.text C:\Windows\system32\drivers\ks.sys!KsUnregisterWorker + 20 fffff80781e119f4 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsUnregisterWorker + 27 fffff80781e119fb 5 bytes {CALL 0xfffffffff1a98405}

.text ... * 5

.text C:\Windows\system32\drivers\ks.sys!KsRemoveIrpFromCancelableQueue + 44 fffff80781e11a7c 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsRemoveIrpFromCancelableQueue + 51 fffff80781e11a83 5 bytes {CALL 0xfffffffff1a9837d}

.text ... * 19

.text C:\Windows\system32\drivers\ks.sys!KsGetDefaultClockTime + 57 fffff80781e14629 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGetDefaultClockTime + 64 fffff80781e14630 5 bytes {CALL 0xfffffffff249f190}

.text C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockState + 53 fffff80781e146c5 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockState + 60 fffff80781e146cc 5 bytes {CALL 0xfffffffff249f0f4}

.text ... * 8

.text C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockTime + 49 fffff80781e14831 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockTime + 56 fffff80781e14838 5 bytes {CALL 0xfffffffff249ef88}

.text C:\Windows\system32\drivers\ks.sys!KsiDefaultClockAddMarkEvent + 87 fffff80781e148f7 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsiDefaultClockAddMarkEvent + 94 fffff80781e148fe 5 bytes {CALL 0xfffffffff1a95502}

.text ... * 23

.text C:\Windows\system32\drivers\ks.sys!KsDiscardEvent + 22 fffff80781e14d36 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsDiscardEvent + 29 fffff80781e14d3d 5 bytes {CALL 0xfffffffff1ac5ca3}

.text ... * 15

.text C:\Windows\system32\drivers\ks.sys!KsGenerateDataEvent + 81 fffff80781e14e91 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGenerateDataEvent + 88 fffff80781e14e98 5 bytes {CALL 0xfffffffff1d55178}

.text C:\Windows\system32\drivers\ks.sys!KsGenerateEvent + 160 fffff80781e14fb0 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGenerateEvent + 167 fffff80781e14fb7 5 bytes {CALL 0xfffffffff1ab10c9}

.text ... * 17

.text C:\Windows\system32\drivers\ks.sys!KsGenerateEventList + 305 fffff80781e15301 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGenerateEventList + 312 fffff80781e15308 5 bytes {CALL 0xfffffffff1d54d08}

.text ... * 13

.text C:\Windows\system32\drivers\ks.sys!KsAddIrpToCancelableQueue + 70 fffff80781e15476 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsAddIrpToCancelableQueue + 77 fffff80781e1547d 5 bytes {CALL 0xfffffffff1a94983}

.text ... * 8

.text C:\Windows\system32\drivers\ks.sys!KsCancelIo + 29 fffff80781e1557d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsCancelIo + 36 fffff80781e15584 5 bytes {CALL 0xfffffffff1a9487c}

.text ... * 8

.text C:\Windows\system32\drivers\ks.sys!KsCancelRoutine + 23 fffff80781e15637 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsCancelRoutine + 30 fffff80781e1563e 5 bytes {CALL 0xfffffffff1a124f2}

.text ... * 7

.text C:\Windows\system32\drivers\ks.sys!KsDefaultDispatchPower + 74 fffff80781e1570a 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsDefaultDispatchPower + 81 fffff80781e15711 5 bytes {CALL 0xfffffffff1a2848f}

.text ... * 15

.text C:\Windows\system32\drivers\ks.sys!KsMoveIrpsOnCancelableQueue + 54 fffff80781e15846 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsMoveIrpsOnCancelableQueue + 61 fffff80781e1584d 5 bytes {CALL 0xfffffffff1a92503}

.text ... * 17

.text C:\Windows\system32\drivers\ks.sys!KsReleaseIrpOnCancelableQueue + 42 fffff80781e159fa 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsReleaseIrpOnCancelableQueue + 49 fffff80781e15a01 5 bytes {CALL 0xfffffffff1a943ff}

.text ... * 8

.text C:\Windows\system32\drivers\ks.sys!KsRemoveSpecificIrpFromCancelableQueue + 16 fffff80781e15a90 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsRemoveSpecificIrpFromCancelableQueue + 23 fffff80781e15a97 5 bytes {CALL 0xfffffffff1a94369}

.text ... * 3

.text C:\Windows\system32\drivers\ks.sys!KsSetPowerDispatch + 81 fffff80781e15b41 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsSetPowerDispatch + 88 fffff80781e15b48 5 bytes {CALL 0xfffffffff1a28058}

.text ... * 21

.text C:\Windows\system32\drivers\ks.sys!KsQueueWorkItem + 30 fffff80781e15fde 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsQueueWorkItem + 37 fffff80781e15fe5 5 bytes {CALL 0xfffffffff1a93e1b}

.text ... * 21

.text C:\Windows\system32\drivers\ks.sys!KsGetImageNameAndResourceId + 149 fffff80781e16215 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGetImageNameAndResourceId + 156 fffff80781e1621c 5 bytes {CALL 0xfffffffff1d53df4}

.text ... * 15

.text C:\Windows\system32\drivers\ks.sys!??_FCBaseUnknown@@QEAAXXZ + 462 fffff80781e1665e 6 bytes {CALL 0x71c42}

.text C:\Windows\system32\drivers\ks.sys!??_FCBaseUnknown@@QEAAXXZ + 543 fffff80781e166af 2 bytes [4C, 8B]

.text ... * 7

.text C:\Windows\system32\drivers\ks.sys!KsCompletePendingRequest + 77 fffff80781e16e8d 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsCompletePendingRequest + 84 fffff80781e16e94 5 bytes {CALL 0xfffffffff1a2fcbc}

.text ... * 2

.text C:\Windows\system32\drivers\ks.sys!KsDeviceGetBusData + 119 fffff80781e16fa7 6 bytes {CALL 0x712f9}

.text C:\Windows\system32\drivers\ks.sys!KsDeviceSetBusData + 119 fffff80781e17057 6 bytes {CALL 0x71249}

.text C:\Windows\system32\drivers\ks.sys!KsDeviceSetBusData + 381 fffff80781e1715d 6 bytes {CALL 0x71143}

.text ... * 7

.text C:\Windows\system32\drivers\ks.sys!KsFilterAttemptProcessing + 79 fffff80781e18f3f 6 bytes {CALL 0x6f361}

.text C:\Windows\system32\drivers\ks.sys!KsFilterAttemptProcessing + 95 fffff80781e18f4f 6 bytes {CALL 0x6f351}

.text ... * 2

.text C:\Windows\system32\drivers\ks.sys!KsFilterGetAndGate + 69 fffff80781e18fd5 6 bytes {CALL 0x6f2cb}

.text C:\Windows\system32\drivers\ks.sys!KsGetNodeIdFromIrp + 253 fffff80781e1915d 6 bytes {CALL 0x6f143}

.text C:\Windows\system32\drivers\ks.sys!KsGetNodeIdFromIrp + 367 fffff80781e191cf 6 bytes {CALL 0x6f0d1}

.text ... * 2

.text C:\Windows\system32\drivers\ks.sys!KsGenerateEvents + 131 fffff80781e192c3 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsGenerateEvents + 138 fffff80781e192ca 5 bytes {CALL 0xfffffffff1a90b36}

.text ... * 4

.text C:\Windows\system32\drivers\ks.sys!KsGetObjectTypeFromIrp + 182 fffff80781e194f6 6 bytes {CALL 0x6edaa}

.text C:\Windows\system32\drivers\ks.sys!KsGetObjectTypeFromIrp + 303 fffff80781e1956f 6 bytes {CALL 0x6ed31}

.text ... * 11

.text C:\Windows\system32\drivers\ks.sys!KsPinAttemptProcessing + 79 fffff80781e1a79f 6 bytes {CALL 0x6db01}

.text C:\Windows\system32\drivers\ks.sys!KsPinAttemptProcessing + 95 fffff80781e1a7af 6 bytes {CALL 0x6daf1}

.text ... * 2

.text C:\Windows\system32\drivers\ks.sys!KsPinGetAndGate + 69 fffff80781e1a835 6 bytes {CALL 0x6da6b}

.text C:\Windows\system32\drivers\ks.sys!KsPinSubmitFrameMdl + 120 fffff80781e1aa48 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\ks.sys!KsPinSubmitFrameMdl + 127 fffff80781e1aa4f 5 bytes {CALL 0xfffffffff1a050a1}

.text C:\Windows\system32\drivers\ks.sys!KsProcessPinUpdate + 138 fffff80781e1ab3a 6 bytes {CALL 0x6d766}

.text C:\Windows\system32\drivers\ks.sys!KsProcessPinUpdate + 692 fffff80781e1ad64 6 bytes {CALL 0x6d53c}

.text ... * 5

.text C:\Windows\system32\drivers\ks.sys!KsPinGetAvailableByteCount + 113 fffff80781e1f121 6 bytes {CALL 0x6917f}

.text C:\Windows\system32\drivers\ks.sys!KsPinGetFirstCloneStreamPointer + 92 fffff80781e1f1ac 6 bytes {CALL 0x690f4}

.text C:\Windows\system32\drivers\ks.sys!KsPinGetLeadingEdgeStreamPointer + 100 fffff80781e1f234 6 bytes {CALL 0x6906c}

.text C:\Windows\system32\drivers\ks.sys!KsPinGetTrailingEdgeStreamPointer + 100 fffff80781e1f2c4 6 bytes {CALL 0x68fdc}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvance + 91 fffff80781e1f34b 6 bytes {CALL 0x68f55}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvance + 111 fffff80781e1f35f 6 bytes {CALL 0x68f41}

.text ... * 2

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsets + 248 fffff80781e1f4a8 6 bytes {CALL 0x68df8}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsets + 276 fffff80781e1f4c4 6 bytes {CALL 0x68ddc}

.text ... * 2

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsetsAndUnlock + 230 fffff80781e1f606 6 bytes {CALL 0x68c9a}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsetsAndUnlock + 261 fffff80781e1f625 6 bytes {CALL 0x68c7b}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerCancelTimeout + 73 fffff80781e1f699 6 bytes {CALL 0x68c07}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerClone + 127 fffff80781e1f72f 6 bytes {CALL 0x68b71}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerDelete + 75 fffff80781e1f7ab 6 bytes {CALL 0x68af5}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerGetNextClone + 73 fffff80781e1f919 6 bytes {CALL 0x68987}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerLock + 88 fffff80781e1f998 6 bytes {CALL 0x68908}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerScheduleTimeout + 94 fffff80781e1fa1e 6 bytes {CALL 0x68882}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerSetStatusCode + 87 fffff80781e1fa97 6 bytes {CALL 0x68809}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerUnlock + 93 fffff80781e1fb0d 6 bytes {CALL 0x68793}

.text C:\Windows\system32\drivers\ks.sys!KsStreamPointerUnlock + 138 fffff80781e1fb3a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!DllInitialize + 158 fffff807839410ae 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!DllInitialize + 165 fffff807839410b5 5 bytes {CALL 0xfffffffff059080b}

.text ... * 11

.text C:\Windows\System32\drivers\USBD.SYS!USBD_AllocateHubNumber + 43 fffff807839411db 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_AllocateHubNumber + 50 fffff807839411e2 5 bytes {CALL 0xffffffffefef91de}

.text ... * 5

.text C:\Windows\System32\drivers\USBD.SYS!USBD_RegisterHcFilter + 176 fffff80783941370 5 bytes JMP fffff8078394e2e0

.text C:\Windows\System32\drivers\USBD.SYS!DllUnload + 73 fffff80783941839 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!DllUnload + 80 fffff80783941840 5 bytes {CALL 0xfffffffff0228860}

.text C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequest + 166 fffff80783941996 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequest + 173 fffff8078394199d 5 bytes {CALL 0xfffffffff0228673}

.text ... * 3

.text C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequestEx + 199 fffff80783941b17 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequestEx + 206 fffff80783941b1e 5 bytes {CALL 0xfffffffff02284f2}

.text ... * 3

.text C:\Windows\System32\drivers\USBD.SYS!USBD_GetPdoRegistryParameter + 40 fffff80783941db8 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_GetPdoRegistryParameter + 47 fffff80783941dbf 5 bytes {CALL 0xfffffffff05899d1}

.text ... * 3

.text C:\Windows\System32\drivers\USBD.SYS!USBD_GetRegistryKeyValue + 35 fffff80783941e33 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_GetRegistryKeyValue + 42 fffff80783941e3a 5 bytes {CALL 0xffffffffefefbd16}

.text ... * 7

.text C:\Windows\System32\drivers\USBD.SYS!USBD_ValidateConfigurationDescriptor + 256 fffff807839425b0 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_ValidateConfigurationDescriptor + 263 fffff807839425b7 5 bytes {CALL 0xfffffffff0227a59}

.text ... * 3

.text C:\Windows\System32\drivers\USBD.SYS!USBD_AddDeviceToGlobalList + 50 fffff80783942a92 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_AddDeviceToGlobalList + 57 fffff80783942a99 5 bytes {CALL 0xffffffffeff67367}

.text ... * 11

.text C:\Windows\System32\drivers\USBD.SYS!USBD_MarkDeviceAsDisconnected + 16 fffff80783942d00 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_MarkDeviceAsDisconnected + 23 fffff80783942d07 5 bytes {CALL 0xffffffffeff670f9}

.text ... * 3

.text C:\Windows\System32\drivers\USBD.SYS!USBD_ReleaseHubNumber + 42 fffff80783942d8a 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_ReleaseHubNumber + 49 fffff80783942d91 5 bytes {CALL 0xffffffffefef762f}

.text ... * 5

.text C:\Windows\System32\drivers\USBD.SYS!USBD_RemoveDeviceFromGlobalList + 25 fffff80783942df9 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\USBD.SYS!USBD_RemoveDeviceFromGlobalList + 32 fffff80783942e00 5 bytes {CALL 0xffffffffeff67000}

.text C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_UsageAndPageListDifference + 688 fffff80783db2910 5 bytes JMP fffff80783dc32e0

.text C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_FreeCollectionDescription + 32 fffff80783db3140 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_FreeCollectionDescription + 39 fffff80783db3147 5 bytes {CALL 0xffffffffefdb6f59}

.text ... * 5

.text C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_SetUsageValueArray + 867 fffff80783db4d93 4 bytes [E8, 08, E5, 00]

.text C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_SetUsageValueArray + 872 fffff80783db4d98 1 byte [90]

.text C:\Windows\System32\drivers\HIDCLASS.SYS!HidNotifyPresence + 149 fffff80783a12e45 2 bytes [4C, 8B]

.text C:\Windows\System32\drivers\HIDCLASS.SYS!HidNotifyPresence + 156 fffff80783a12e4c 5 bytes {CALL 0xffffffffeff45904}

.text C:\Windows\system32\drivers\winquic.sys!WinQuicOpen + 787 fffff80783eb1b23 2 bytes [4C, 8B]

.text C:\Windows\system32\drivers\winquic.sys!WinQuicOpen + 794 fffff80783eb1b2a 5 bytes {CALL 0xffffffffefa2b296}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreePool + 32 fffff807bfc72030 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreePool + 39 fffff807bfc72037 5 bytes {CALL 0xffffffffb3ef8069}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTag + 47 fffff807bfc7207f 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTag + 54 fffff807bfc72086 5 bytes {CALL 0xffffffffb3ef7f8a}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateMemStatistics + 526 fffff807bfc722de 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateMemStatistics + 533 fffff807bfc722e5 5 bytes {CALL 0xffffffffb3bc4a3b}

.text ... * 11

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibIsNetworkAddress + 148 fffff807bfc726a4 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibIsNetworkAddress + 155 fffff807bfc726ab 5 bytes {CALL 0xffffffffb3cbb645}

.text ... * 23

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSendData + 204 fffff807bfc7514c 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSendData + 211 fffff807bfc75153 5 bytes {CALL 0xffffffffb3bdf35d}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreeBuffer + 311 fffff807bfc75847 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreeBuffer + 318 fffff807bfc7584e 5 bytes {CALL 0xffffffffb3c91332}

.text ... * 13

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBufferNoTransportHeader + 135 fffff807bfc765d7 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBufferNoTransportHeader + 142 fffff807bfc765de 5 bytes {CALL 0xffffffffb3d4e142}

.text ... * 2

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBuffer + 146 fffff807bfc767c2 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBuffer + 153 fffff807bfc767c9 5 bytes {CALL 0xffffffffb3d4df57}

.text ... * 22

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetRegisterClient + 106 fffff807bfc76a9a 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetRegisterClient + 113 fffff807bfc76aa1 5 bytes {CALL 0xffffffffb3c2509f}

.text ... * 15

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisconnectConnection + 67 fffff807bfc76ec3 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisconnectConnection + 74 fffff807bfc76eca 5 bytes {CALL 0xffffffffb3c32f36}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetCloseConnection + 22 fffff807bfc76fe6 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetCloseConnection + 29 fffff807bfc76fed 5 bytes {CALL 0xffffffffb3c32e13}

.text ... * 29

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterFile + 46 fffff807bfc7757e 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterFile + 53 fffff807bfc77585 5 bytes {CALL 0xffffffffb3bbf79b}

.text ... * 15

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterProvider + 17 fffff807bfc78361 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterProvider + 24 fffff807bfc78368 5 bytes {CALL 0xffffffffb3bbe5d8}

.text ... * 17

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterProvider + 189 fffff807bfc7868d 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterProvider + 196 fffff807bfc78694 5 bytes {CALL 0xffffffffb3bbe2ac}

.text ... * 17

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAnonymousLists + 15 fffff807bfc787df 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAnonymousLists + 22 fffff807bfc787e6 5 bytes {CALL 0xffffffffb3bbe15a}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterSession + 285 fffff807bfc78a6d 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterSession + 292 fffff807bfc78a74 5 bytes {CALL 0xffffffffb3bc0aac}

.text ... * 4

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterTreeConnect + 378 fffff807bfc791da 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterTreeConnect + 385 fffff807bfc791e1 5 bytes {CALL 0xffffffffb3bc017f}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterFile + 35 fffff807bfc792d3 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterFile + 42 fffff807bfc792da 5 bytes {CALL 0xffffffffb3bbda46}

.text ... * 16

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAllowedServerNameList + 13 fffff807bfc79b9d 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAllowedServerNameList + 20 fffff807bfc79ba4 5 bytes {CALL 0xffffffffb3bbcd9c}

.text ... * 20

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCheckAccess + 60 fffff807bfc7a0bc 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCheckAccess + 67 fffff807bfc7a0c3 5 bytes {CALL 0xffffffffb4168c7d}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshPipeList + 24 fffff807bfc7a298 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshPipeList + 31 fffff807bfc7a29f 5 bytes {CALL 0xffffffffb3bbc6a1}

.text ... * 24

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibSeAccessCheck + 313 fffff807bfc7b509 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibSeAccessCheck + 320 fffff807bfc7b510 5 bytes {CALL 0xffffffffb3cd4940}

.text ... * 15

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibQueryLicensingDWord + 39 fffff807bfc7cce7 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibQueryLicensingDWord + 46 fffff807bfc7ccee 5 bytes {CALL 0xffffffffb3bc0e62}

.text ... * 25

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsRdmaConnection + 155 fffff807bfc7d31b 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsRdmaConnection + 162 fffff807bfc7d322 5 bytes {CALL 0xffffffffb3c7db2e}

.text ... * 17

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementClose + 106 fffff807bfc7d69a 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementClose + 113 fffff807bfc7d6a1 5 bytes {CALL 0xffffffffb3be724f}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementPreventIdle + 69 fffff807bfc7d6f5 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementPreventIdle + 76 fffff807bfc7d6fc 1 byte [E8]

.text ... * 2

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableRemove + 115 fffff807bfc7d943 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableRemove + 122 fffff807bfc7d94a 5 bytes {CALL 0xffffffffb69e4366}

.text ... * 9

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableInsert + 52 fffff807bfc7db04 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableInsert + 59 fffff807bfc7db0b 5 bytes {CALL 0xffffffffb3eec505}

.text ... * 14

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditForceAccess + 26 fffff807bfc7de0a 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditForceAccess + 33 fffff807bfc7de11 5 bytes {CALL 0xffffffffb417527f}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateStatisticsFromQueues + 42 fffff807bfc7de7a 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateStatisticsFromQueues + 49 fffff807bfc7de81 5 bytes {CALL 0xffffffffb3c2bf7f}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSuccessEnabled + 6 fffff807bfc7dfa6 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSuccessEnabled + 13 fffff807bfc7dfad 5 bytes {CALL 0xffffffffb41e9f93}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoCreateSigningKey + 238 fffff807bfc7e21e 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoCreateSigningKey + 245 fffff807bfc7e225 5 bytes {CALL 0xffffffffb3eebdeb}

.text ... * 13

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAddOrDelete + 349 fffff807bfc7e64d 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAddOrDelete + 356 fffff807bfc7e654 5 bytes {CALL 0xffffffffb3bbf4fc}

.text ... * 15

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareConnect + 130 fffff807bfc7e822 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareConnect + 137 fffff807bfc7e829 5 bytes {CALL 0xffffffffb3bbf327}

.text ... * 24

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminEvaluateServerAlias + 51 fffff807bfc7ec43 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminEvaluateServerAlias + 58 fffff807bfc7ec4a 5 bytes {CALL 0xffffffffb3bb80d6}

.text ... * 5

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringA + 83 fffff807bfc7f033 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringA + 90 fffff807bfc7f03a 5 bytes {CALL 0xffffffffb3cc03f6}

.text ... * 15

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAllocateNameList + 343 fffff807bfc7f517 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAllocateNameList + 350 fffff807bfc7f51e 5 bytes {CALL 0xffffffffb3bb7422}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoUpdatePreauthIntegrityHashValue + 38 fffff807bfc7f666 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoUpdatePreauthIntegrityHashValue + 45 fffff807bfc7f66d 5 bytes {CALL 0xffffffffb69e2103}

.text ... * 5

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCreateSelfSD + 107 fffff807bfc7f73b 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCreateSelfSD + 114 fffff807bfc7f742 5 bytes {CALL 0xffffffffb3b841de}

.text ... * 23

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminTakeActionToAllowPowerDown + 131 fffff807bfc7fe13 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminTakeActionToAllowPowerDown + 138 fffff807bfc7fe1a 5 bytes {CALL 0xffffffffb3bbdd86}

.text ... * 18

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetMarkConnectionAuthenticated + 33 fffff807bfc80141 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetMarkConnectionAuthenticated + 40 fffff807bfc80148 5 bytes {CALL 0xffffffffb3c29cb8}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetInitializeStatisticsQueues + 75 fffff807bfc8023b 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetInitializeStatisticsQueues + 82 fffff807bfc80242 5 bytes {CALL 0xffffffffb3c29bbe}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionServerName + 97 fffff807bfc80341 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionServerName + 104 fffff807bfc80348 5 bytes {CALL 0xffffffffb41a9cc8}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyDereference + 30 fffff807bfc8043e 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyDereference + 37 fffff807bfc80445 5 bytes {CALL 0xffffffffb69e186b}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringW + 91 fffff807bfc804cb 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringW + 98 fffff807bfc804d2 5 bytes {CALL 0xffffffffb3cf194e}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetOutputLength + 40 fffff807bfc80788 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetOutputLength + 47 fffff807bfc8078f 5 bytes {CALL 0xffffffffb69e1141}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibUpdateIdleLogic + 127 fffff807bfc8085f 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibUpdateIdleLogic + 134 fffff807bfc80866 5 bytes {CALL 0xffffffffb41ef68a}

.text ... * 55

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetRecommendedSaltSize + 32 fffff807bfc80cf0 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetRecommendedSaltSize + 39 fffff807bfc80cf7 5 bytes {CALL 0xffffffffb3c45389}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetQueueStatistics + 58 fffff807bfc80e7a 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetQueueStatistics + 65 fffff807bfc80e81 5 bytes {CALL 0xffffffffb3c0fb4f}

.text ... * 5

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsIdle + 15 fffff807bfc80faf 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsIdle + 22 fffff807bfc80fb6 5 bytes {CALL 0xffffffffb3be564a}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionInstanceId + 87 fffff807bfc81057 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionInstanceId + 94 fffff807bfc8105e 5 bytes {CALL 0xffffffffb41a5262}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStartClient + 20 fffff807bfc81164 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStartClient + 27 fffff807bfc8116b 5 bytes {CALL 0xffffffffb3c28c95}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateStatisticsQueuesEx + 13 fffff807bfc811ed 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateStatisticsQueuesEx + 20 fffff807bfc811f4 5 bytes {CALL 0xffffffffb3c28c0c}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStopClient + 20 fffff807bfc81254 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStopClient + 27 fffff807bfc8125b 5 bytes {CALL 0xffffffffb3c28ba5}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsDriverLoaded + 93 fffff807bfc8132d 3 bytes [4C, 8B, 15]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsDriverLoaded + 100 fffff807bfc81334 5 bytes JMP fffff80773999140

.text ... * 19

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoIsHashAlgIdValid + 544 fffff807bfc81b00 5 bytes JMP fffff807bfcc32e0

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTagPriority + 39 fffff807bfc88217 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTagPriority + 46 fffff807bfc8821e 5 bytes {CALL 0xffffffffb3baa102}

.text ... * 5

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisableStatisticsQueue + 15 fffff807bfc8830f 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisableStatisticsQueue + 22 fffff807bfc88316 5 bytes {CALL 0xffffffffb3c21aea}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetQueryRssScalability + 39 fffff807bfc883a7 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetQueryRssScalability + 46 fffff807bfc883ae 5 bytes {CALL 0xffffffffb3b9f782}

.text ... * 34

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetConnectionWillSign + 109 fffff807bfc89a0d 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetConnectionWillSign + 116 fffff807bfc89a14 5 bytes {CALL 0xffffffffb3c1b60c}

.text ... * 21

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetReceiveData + 30 fffff807bfc8a47e 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetReceiveData + 37 fffff807bfc8a485 5 bytes {CALL 0xffffffffb3c1f97b}

.text ... * 11

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectFreeBuffer + 6 fffff807bfc8ab66 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectFreeBuffer + 13 fffff807bfc8ab6d 5 bytes {CALL 0xffffffffb3edf533}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetRdmaNicInfo + 39 fffff807bfc8b337 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetRdmaNicInfo + 46 fffff807bfc8b33e 5 bytes {CALL 0xffffffffb3c7ab02}

.text ... * 14

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoDecrypt + 188 fffff807bfc8e28c 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoDecrypt + 195 fffff807bfc8e293 5 bytes {CALL 0xffffffffb69dedcd}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashFinish + 10 fffff807bfc8e3da 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashFinish + 17 fffff807bfc8e3e1 5 bytes {CALL 0xffffffffb69d343f}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashUpdate + 10 fffff807bfc8e41a 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashUpdate + 17 fffff807bfc8e421 5 bytes {CALL 0xffffffffb69d334f}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCompressionDecompress + 102 fffff807bfc8e516 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SmbCompressionDecompress + 109 fffff807bfc8e51d 5 bytes {CALL 0xffffffffb3bd0a13}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowClusterPipeAccess + 32 fffff807bfc8e5f0 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowClusterPipeAccess + 39 fffff807bfc8e5f7 5 bytes {CALL 0xffffffffb3ba8349}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesPipeAllowAnonymous + 40 fffff807bfc8e6b8 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesPipeAllowAnonymous + 47 fffff807bfc8e6bf 5 bytes {CALL 0xffffffffb3ba8661}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesShareAllowAnonymous + 109 fffff807bfc8e7cd 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesShareAllowAnonymous + 116 fffff807bfc8e7d4 5 bytes {CALL 0xffffffffb3ba854c}

.text ... * 7

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRemapPipeName + 73 fffff807bfc8e8b9 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRemapPipeName + 80 fffff807bfc8e8c0 5 bytes {CALL 0xffffffffb3ba8080}

.text ... * 19

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForActivity + 39 fffff807bfc8eb27 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForActivity + 46 fffff807bfc8eb2e 5 bytes {CALL 0xffffffffb3bd5dc2}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForOpenFiles + 39 fffff807bfc8eb67 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForOpenFiles + 46 fffff807bfc8eb6e 5 bytes {CALL 0xffffffffb3bd5d82}

.text ... * 47

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForActivity + 42 fffff807bfc8efaa 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForActivity + 49 fffff807bfc8efb1 5 bytes {CALL 0xffffffffb3bd596f}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForOpenFiles + 42 fffff807bfc8effa 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForOpenFiles + 49 fffff807bfc8f001 5 bytes {CALL 0xffffffffb3bd591f}

.text ... * 8

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminUpdateFileSessionID + 185 fffff807bfc8f759 6 bytes {CALL 0x33b47}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminUpdateFileSessionID + 509 fffff807bfc8f89d 2 bytes [4C, 8B]

.text ... * 14

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFreeNameList + 18 fffff807bfc92ab2 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFreeNameList + 25 fffff807bfc92ab9 5 bytes {CALL 0xffffffffb3ba3e87}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibStandardizeIpAddress + 132 fffff807bfc92b74 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibStandardizeIpAddress + 139 fffff807bfc92b7b 5 bytes {CALL 0xffffffffb3c9b175}

.text ... * 11

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAccess + 176 fffff807bfc92d40 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAccess + 183 fffff807bfc92d47 5 bytes {CALL 0xffffffffb3baae09}

.text ... * 27

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareModification + 418 fffff807bfc93312 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareModification + 425 fffff807bfc93319 5 bytes {CALL 0xffffffffb3baa837}

.text ... * 26

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSpnCheck + 150 fffff807bfc93756 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSpnCheck + 157 fffff807bfc9375d 5 bytes {CALL 0xffffffffb3baa3f3}

.text ... * 21

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsNotIdle + 15 fffff807bfc93a0f 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsNotIdle + 22 fffff807bfc93a16 5 bytes {CALL 0xffffffffb3bd2bea}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLogError + 176 fffff807bfc93b80 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLogError + 183 fffff807bfc93b87 5 bytes {CALL 0xffffffffb3cde869}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideAllocate + 77 fffff807bfc93ccd 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideAllocate + 84 fffff807bfc93cd4 5 bytes {CALL 0xffffffffb3d30a4c}

.text ... * 6

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideCreatePool + 89 fffff807bfc93d99 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideCreatePool + 96 fffff807bfc93da0 5 bytes {CALL 0xffffffffb3b9e580}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDestroyPool + 50 fffff807bfc93e72 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDestroyPool + 57 fffff807bfc93e79 5 bytes {CALL 0xffffffffb3cdea17}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectNonPagedAllocateBuffer + 14 fffff807bfc93ece 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectNonPagedAllocateBuffer + 21 fffff807bfc93ed5 5 bytes {CALL 0xffffffffb3b9e44b}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectPagedAllocateBuffer + 13 fffff807bfc93efd 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectPagedAllocateBuffer + 20 fffff807bfc93f04 5 bytes {CALL 0xffffffffb3b9e41c}

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFlush + 47 fffff807bfc93f4f 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFlush + 54 fffff807bfc93f56 5 bytes {CALL 0xffffffffb3d3084a}

.text ... * 3

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFree + 79 fffff807bfc93fef 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFree + 86 fffff807bfc93ff6 5 bytes {CALL 0xffffffffb3c72b8a}

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiRegisterProvider + 52 fffff807bfde1594 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiRegisterProvider + 59 fffff807bfde159b 5 bytes {CALL 0xffffffffb3ac8865}

.text ... * 27

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiDeregisterProvider + 34 fffff807bfde18d2 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiDeregisterProvider + 41 fffff807bfde18d9 5 bytes {CALL 0xffffffffb3ac8527}

.text ... * 11

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiIndicateStatus + 46 fffff807bfde1a4e 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiIndicateStatus + 53 fffff807bfde1a55 5 bytes {CALL 0xffffffffb3ac83ab}

.text ... * 15

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiCompleteRequest + 101 fffff807bfde1c75 2 bytes [4C, 8B]

.text C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiCompleteRequest + 108 fffff807bfde1c7c 5 bytes {CALL 0xffffffffb3ac8184}

---- User code sections - GMER 2.2 ----

? C:\Windows\SYSTEM32\WININET.dll [13104] entry point in ".rdata" section 0000000072d96830

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc67ef0046

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc67ef001c

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

? C:\Windows\SYSTEM32\WININET.dll [54040] entry point in ".rdata" section 0000000072d96830

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!BaseThreadInitThunk 00007ffc676b7bc0 13 bytes {MOV R11, 0x7ffc56473470; JMP R11}

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateFileMappingA 00007ffc676bab30 5 bytes JMP 00007ffc00010074

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessA 00007ffc676bb660 5 bytes JMP 00007ffc000101e8

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessW 00007ffc676bbe40 5 bytes JMP 00007ffc0001035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffc676bfd50 5 bytes JMP 00007ffc000104d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessInternalA 00007ffc676d5870 5 bytes JMP 00007ffc00010644

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessInternalW 00007ffc676d58f0 5 bytes JMP 00007ffc000107b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffc676fe800 5 bytes JMP 00007ffc0001092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\user32.dll!GetWindowInfo 00007ffc65dcba80 13 bytes {MOV R11, 0x7ffc1d676ae0; JMP R11}

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\user32.dll!SendMessageTimeoutW 00007ffc65de2a50 13 bytes {MOV R11, 0x7ffc1d514aa0; JMP R11}

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToFileW 00007ffc584fec90 5 bytes JMP 00007ffc000401e8

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW 00007ffc5850fbd0 5 bytes JMP 00007ffc0004035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileA 00007ffc58599740 5 bytes JMP 00007ffc000404d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToFileA 00007ffc585998c0 5 bytes JMP 00007ffc00040644

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc67ef0046

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc67ef001c

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!LdrAccessResource + 1 00007ffc67d1f401 4 bytes {JMP 0x1f0c0f}

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U 00007ffc67d6f2f0 5 bytes JMP 00007ffc67f0000f

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc67ef0046

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc67f20015

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc67ef001c

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc67d21610 5 bytes JMP 00007ffc0003035c

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap 00007ffc67d48a90 5 bytes JMP 00007ffc000304d0

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffc67d9c550 5 bytes JMP 00007ffc000307b8

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc67d9c790 5 bytes JMP 00007ffc0003092c

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}

.text C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey 00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c

? C:\Windows\System32\iertutil.dll [37072] entry point in ".rdata" section 00000000714e89e0

---- User IAT/EAT - GMER 2.2 ----

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!calloc] [6553657461657243]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!wcsrchr] [4565726f6870616d]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_vsnprintf] [6548000600005778]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!wcsstr] [656572467061]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_vsnwprintf] [73614c746553000d]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!strncmp] [726f72724574]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!localtime] [7361656c65520026]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_getdrive] [6f6870616d655365]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!gmtime] [6547001300006572]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!time] [48656c75646f4d74]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!wcschr] [577845656c646e61]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!qsort] [7469615700360000]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memcmp] [6c676e6953726f46]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memcpy] [7463656a624f65]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memmove] [7275437465470011]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!__CxxFrameHandler3] [65726854746e6572]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_onexit] [23000064496461]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!__dllonexit] [4d657361656c6552]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_unlock] [9000078657475]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_lock] [654d74616d726f46]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!__C_specific_handler] [576567617373]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_initterm] [73614c7465470005]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!malloc] [726f72724574]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!free] [74757074754f0007]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_amsg_exit] [7274536775626544]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_XcptFilter] [37000057676e69]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!swscanf_s] [53726f4674696157]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memmove_s] [6a624f656c676e69]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_errno] [21007845746365]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_ismbstrail] [616d65536e65704f]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_access] [5765726f6870]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memcpy_s] [4865736f6c430000]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!mktime] [200656c646e61]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memset] [6f6c6c4170616548]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PropVariantToVariant] [6b4ee]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PSFormatForDisplay] [6b4be]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantToPropVariant] [8000000000000073]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantCompare] [6b4d8]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantToBuffer] [800000000000006f]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantToStringArrayAlloc] [6b8d0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PropVariantGetElementCount] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PSCreateSimplePropertyChange] [6b2d8]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PSCreatePropertyChangeArray] [6b210]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!InitVariantFromFileTime] [6b2ca]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!InitVariantFromBuffer] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHChangeNotifySuspendResume] [6b82c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHFileOperationW] [6b178]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetIDListFromObject] [6b810]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToObject] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetFolderPathEx] [6b9be]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!ShellExecuteW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateItemWithParent] [6b250]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateDataObject] [6b88c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!ShellExecuteExW] [6b2a4]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!ExtractIconExW] [6b480]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateItemFromIDList] [6b64a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetSpecialFolderPathW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToParent] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetPathFromIDListW] [6b9e6]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToFolderIDListParent] [6b140]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToFolderIDListParentEx] [6b26a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!AssocCreateForClasses] [6b42a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHAddToRecentDocs] [6b9f8]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetSpecialFolderLocation] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHParseDisplayName] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!DragQueryFileW] [6b906]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateShellItemArrayFromDataObject] [6b91a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetItemFromDataObject] [6b1c8]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetNameFromIDList] [6b84a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHChangeNotify] [6b8f4]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetFileInfoW] [6b85e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateItemFromParsingName] [6b872]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetStockIconInfo] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathAppendW] [6b6d4]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFindFileNameW] [6b394]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathCombineW] [6b784]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathStripToRootW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveFileSpecW] [6b7e2]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathStripPathW] [6b7fc]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFileExistsW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrCmpNIW] [6bed6]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveBackslashW] [6beca]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathAddBackslashW] [6beb2]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!SHAutoComplete] [6beea]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrTrimW] [6b468]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsRelativeW] [6b48c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsDirectoryW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveBlanksW] [6b546]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [6b556]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveExtensionW] [6bf02]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathCompactPathW] [6b1b2]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrChrW] [6b188]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrCmpIW] [6b318]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsPrefixW] [6b156]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrDupW] [6b63c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathCanonicalizeW] [6b2fc]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathMatchSpecExA] [6b27c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsSameRootW] [6b23e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFindExtensionA] [6b226]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathGetDriveNumberW] [6b6b6]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFindExtensionW] [6b330]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathSkipRootW] [6b8e6]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsUNCW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrRetToBufW] [6b5e0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!SHStrDupW] [6b60e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrFormatKBSizeW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[GDI32.dll!GetStockObject] [6be2e00000000]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrlenA] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!FileTimeToDosDateTime] [5bb400006be5a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!DosDateTimeToFileTime] [6a908]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpA] [6be8800000000]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalReAlloc] [6a9200005b980]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!CreateActCtxW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!ReleaseActCtx] [5b9980006bf1e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!ActivateActCtx] [6a9a8]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!DeactivateActCtx] [6bf4a00000000]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpiA] [6ad580005ba20]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpiW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrlenW] [5bdd00006c062]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalHandle] [6a710]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpW] [6c09c00000000]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalLock] [6a7000005b788]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalSize] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalUnlock] [5b7780006c0c2]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ntdll.dll!RtlIsPartialPlaceholder] [6572646441636f72]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ntdll.dll!WinSqmAddToStream] [7243000900007373]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ntdll.dll!RtlGetLastNtStatus] [6574754d65746165]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!ReleaseStgMedium] [6572727543746547]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!CreateBindCtx] [7365636f7250746e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!CoAllowSetForegroundWindow] [6547000000644973]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!OleSetClipboard] [737365636f725074]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!OleGetClipboard] [14000070616548]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SendDlgItemMessageW] [6b89a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DestroyIcon] [6b506]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!ShowCursor] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!LoadCursorW] [6b69e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetCursor] [6b706]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!EndDialog] [6b6e4]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DeleteMenu] [6b688]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DispatchMessageW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!TranslateMessage] [6bdce]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!PeekMessageW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetThreadDpiAwarenessContext] [6bd82]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetFocus] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!IsDlgButtonChecked] [6b3e6]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetWindowTextW] [6b3b8]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetDlgItemTextW] [6b412]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetDlgItem] [6b2ec]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!EnableWindow] [6b3d0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!PostMessageW] [6b3fc]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SendMessageW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetWindowLongPtrW] [6b9b0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetWindowLongPtrW] [6b9a2]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetParent] [6b990]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DestroyMenu] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetMenuDefaultItem] [6b56c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!OemToCharBuffA] [6b456]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharToOemA] [6b446]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!RegisterClipboardFormatW] [6b582]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!InsertMenuW] [6b360]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CheckDlgButton] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetDlgItemTextW] [6b5d0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetWindowRect] [6b92e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetForegroundWindow] [6b93c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetAsyncKeyState] [6b8b0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!RegisterClassW] [6b730]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetForegroundWindow] [6b75e]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!TrackPopupMenu] [6b746]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DestroyWindow] [6b96c]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!LoadMenuW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetWindowTextW] [6b028]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetSubMenu] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!RemoveMenu] [6af5a]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DialogBoxParamW] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetDesktopWindow] [6afa6]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!PeekMessageA] [6afcc]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DispatchMessageA] [6af86]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharNextA] [6af98]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CreateWindowExW] [6afdc]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharLowerA] [6aff0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharToOemBuffA] [6af78]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharUpperBuffA] [0]

IAT C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharPrevA] [6b038]

Author

Title

Language

Your paste - Paste your paste here

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2019-07-27 10:05:03
Windows 6.2.9200  x64 \Device\Harddisk3\DR3 -&gt; \Device\0000003c Force_MP510 rev.ECFM12.2 894,25GB
Running: h5oc01p4.exe; Driver: C:\Users\Wojtek\AppData\Local\Temp\uwrdiuoc.sys

---- Kernel code sections - GMER 2.2 ----

.text    C:\Windows\system32\hal.dll!KeStallExecutionProcessor + 114                                                         fffff807742b3672 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!KeStallExecutionProcessor + 121                                                         fffff807742b3679 5 bytes {CALL 0xffffffffff5fc997}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!KeQueryPerformanceCounter + 91                                                          fffff807742b381b 6 bytes {CALL 0xffffffffff89ca85}
.text    C:\Windows\system32\hal.dll!KeQueryPerformanceCounter + 124                                                         fffff807742b383c 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\hal.dll!HalSendSoftwareInterrupt + 208                                                          fffff807742b3b70 6 bytes {CALL 0xffffffffff89c730}
.text    C:\Windows\system32\hal.dll!HalSendSoftwareInterrupt + 430                                                          fffff807742b3c4e 6 bytes {CALL 0xffffffffff89c652}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\hal.dll!HalRequestIpiSpecifyVector + 54                                                         fffff807742b3d66 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalRequestIpiSpecifyVector + 61                                                         fffff807742b3d6d 5 bytes {CALL 0xffffffffff573693}
.text    ...                                                                                                                 * 16
.text    C:\Windows\system32\hal.dll!HalRequestIpi + 81                                                                      fffff807742b41c1 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalRequestIpi + 88                                                                      fffff807742b41c8 5 bytes {CALL 0xffffffffff573238}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\hal.dll!HalRequestClockInterrupt + 81                                                           fffff807742b4701 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalRequestClockInterrupt + 88                                                           fffff807742b4708 5 bytes {CALL 0xffffffffff572cf8}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\hal.dll!HalRequestSoftwareInterrupt + 214                                                       fffff807742b5146 6 bytes {CALL 0xffffffffff89b15a}
.text    C:\Windows\system32\hal.dll!HalRequestSoftwareInterrupt + 357                                                       fffff807742b51d5 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\hal.dll!HalPerformEndOfInterrupt + 21                                                           fffff807742b52c5 6 bytes {CALL 0xffffffffff89afdb}
.text    C:\Windows\system32\hal.dll!HalPerformEndOfInterrupt + 247                                                          fffff807742b53a7 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\hal.dll!HalCalibratePerformanceCounter + 322                                                    fffff807742b7bd2 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalCalibratePerformanceCounter + 329                                                    fffff807742b7bd9 5 bytes {CALL 0xffffffffff69a017}
.text    C:\Windows\system32\hal.dll!HalInitializeOnResume + 633                                                             fffff807742b86d9 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalInitializeOnResume + 640                                                             fffff807742b86e0 5 bytes {CALL 0xffffffffff587e20}
.text    C:\Windows\system32\hal.dll!HalGetBusDataByOffset + 785                                                             fffff807742b93a1 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalGetBusDataByOffset + 792                                                             fffff807742b93a8 5 bytes {CALL 0xffffffffff5ad258}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\hal.dll!HalGetMessageRoutingInfo + 113                                                          fffff807742b9f71 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalGetMessageRoutingInfo + 120                                                          fffff807742b9f78 5 bytes {CALL 0xffffffffff645e68}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\hal.dll!HalGetProcessorIdByNtNumber + 31                                                        fffff807742ba0ef 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalGetProcessorIdByNtNumber + 38                                                        fffff807742ba0f6 5 bytes {CALL 0xffffffffff61653a}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\hal.dll!HalGetMemoryCachingRequirements + 287                                                   fffff807742ba84f 6 bytes {CALL 0xffffffffff895a51}
.text    C:\Windows\system32\hal.dll!HalTranslateBusAddress + 50                                                             fffff807742bac22 6 bytes {CALL 0xffffffffff89567e}
.text    C:\Windows\system32\hal.dll!HalTranslateBusAddress + 119                                                            fffff807742bac67 6 bytes {CALL 0xffffffffff895639}
.text    C:\Windows\system32\hal.dll!HalDmaAllocateCrashDumpRegistersEx + 403                                                fffff807742baf43 6 bytes {CALL 0xffffffffff89535d}
.text    C:\Windows\system32\hal.dll!HalDmaAllocateCrashDumpRegistersEx + 561                                                fffff807742bafe1 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\hal.dll!HalDmaFreeCrashDumpRegistersEx + 279                                                    fffff807742bb327 6 bytes {CALL 0xffffffffff894f79}
.text    C:\Windows\system32\hal.dll!HalDmaFreeCrashDumpRegistersEx + 303                                                    fffff807742bb33f 6 bytes {CALL 0xffffffffff894f61}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\hal.dll!HalStartNextProcessor + 267                                                             fffff807742bb86b 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalStartNextProcessor + 274                                                             fffff807742bb872 5 bytes {CALL 0xffffffffff66561e}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\hal.dll!HalQueryMaximumProcessorCount + 258                                                     fffff807742bc582 6 bytes {CALL 0xffffffffff893d1e}
.text    C:\Windows\system32\hal.dll!HalQueryMaximumProcessorCount + 607                                                     fffff807742bc6df 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\hal.dll!HalDisableInterrupt + 214                                                               fffff807742bc7f6 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalDisableInterrupt + 221                                                               fffff807742bc7fd 5 bytes {CALL 0xffffffffff56b3a3}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\hal.dll!HalEnableInterrupt + 204                                                                fffff807742bc8ec 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalEnableInterrupt + 211                                                                fffff807742bc8f3 5 bytes {CALL 0xffffffffff56b2ad}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\hal.dll!HalQueryRealTimeClock + 100                                                             fffff807742be5f4 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalQueryRealTimeClock + 107                                                             fffff807742be5fb 5 bytes {CALL 0xffffffffff65eb55}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\hal.dll!HalFreeCommonBuffer + 7                                                                 fffff807742be9d7 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalFreeCommonBuffer + 14                                                                fffff807742be9de 5 bytes {CALL 0xffffffffff639d62}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\hal.dll!HalSetRealTimeClock + 52                                                                fffff807742bebc4 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalSetRealTimeClock + 59                                                                fffff807742bebcb 5 bytes {CALL 0xffffffffff65e585}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!HalSendNMI + 175                                                                        fffff807742bf03f 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalSendNMI + 182                                                                        fffff807742bf046 5 bytes {CALL 0xffffffffff5683ea}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\hal.dll!HalAllocateCommonBuffer + 669                                                           fffff807742c094d 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalAllocateCommonBuffer + 676                                                           fffff807742c0954 5 bytes {CALL 0xffffffffff63f1ac}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\hal.dll!x86BiosReadMemory + 282                                                                 fffff807742c799a 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!x86BiosReadMemory + 289                                                                 fffff807742c79a1 5 bytes {CALL 0xffffffffff59dbcf}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!x86BiosWriteMemory + 170                                                                fffff807742c825a 6 bytes {CALL 0xffffffffff888046}
.text    C:\Windows\system32\hal.dll!HalInitializeBios + 45                                                                  fffff807742c82bd 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalInitializeBios + 52                                                                  fffff807742c82c4 5 bytes {CALL 0xffffffffff6d1a1c}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\hal.dll!HalGetBusData + 763                                                                     fffff807742c8c7b 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalGetBusData + 770                                                                     fffff807742c8c82 5 bytes {CALL 0xffffffffff55ef1e}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\hal.dll!HalGetInterruptTargetInformation + 199                                                  fffff807742c8e77 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalGetInterruptTargetInformation + 206                                                  fffff807742c8e7e 5 bytes {CALL 0xffffffffff5e6922}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!x86BiosFreeBuffer + 96                                                                  fffff807742c9420 6 bytes {CALL 0xffffffffff886e80}
.text    C:\Windows\system32\hal.dll!x86BiosFreeBuffer + 394                                                                 fffff807742c954a 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 20
.text    C:\Windows\system32\hal.dll!HalEnumerateProcessors + 454                                                            fffff807742c9bb6 6 bytes {CALL 0xffffffffff8866ea}
.text    C:\Windows\system32\hal.dll!HalEnumerateProcessors + 524                                                            fffff807742c9bfc 6 bytes {CALL 0xffffffffff8866a4}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!HalAcpiGetTableEx + 47                                                                  fffff807742ca41f 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalAcpiGetTableEx + 54                                                                  fffff807742ca426 5 bytes {CALL 0xffffffffff6641fa}
.text    C:\Windows\system32\hal.dll!HalGetVectorInput + 28                                                                  fffff807742ca48c 6 bytes {CALL 0xffffffffff885e14}
.text    C:\Windows\system32\hal.dll!HalIsHyperThreadingEnabled + 102                                                        fffff807742ca536 3 bytes [4C, 8B, 15]
.text    C:\Windows\system32\hal.dll!HalIsHyperThreadingEnabled + 109                                                        fffff807742ca53d 5 bytes JMP fffff807739b90b0
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\hal.dll!HalReadDmaCounter + 40                                                                  fffff807742d5cc8 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalReadDmaCounter + 47                                                                  fffff807742d5ccf 5 bytes {CALL 0xffffffffff568631}
.text    ...                                                                                                                 * 26
.text    C:\Windows\system32\hal.dll!HalGetEnvironmentVariable + 39                                                          fffff807742df867 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalGetEnvironmentVariable + 46                                                          fffff807742df86e 5 bytes {CALL 0xffffffffff6bacf2}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\hal.dll!HalQueryEnvironmentVariableInfoEx + 111                                                 fffff807742df94f 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalQueryEnvironmentVariableInfoEx + 118                                                 fffff807742df956 5 bytes {CALL 0xffffffffff656f8a}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!HalSetEnvironmentVariable + 35                                                          fffff807742df9e3 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalSetEnvironmentVariable + 42                                                          fffff807742df9ea 5 bytes {CALL 0xffffffffff6bab76}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\hal.dll!HalSetEnvironmentVariableEx + 187                                                       fffff807742dfb6b 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalSetEnvironmentVariableEx + 194                                                       fffff807742dfb72 5 bytes {CALL 0xffffffffff6c13ce}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\hal.dll!HalSetProfileInterval + 26                                                              fffff807742e149a 6 bytes {CALL 0xffffffffff86ee06}
.text    C:\Windows\system32\hal.dll!HalStartProfileInterrupt + 22                                                           fffff807742e14d6 6 bytes {CALL 0xffffffffff86edca}
.text    C:\Windows\system32\hal.dll!HalStopProfileInterrupt + 17                                                            fffff807742e1501 6 bytes {CALL 0xffffffffff86ed9f}
.text    C:\Windows\system32\hal.dll!HalStopProfileInterrupt + 126                                                           fffff807742e156e 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\hal.dll!HalGetInterruptVector + 38                                                              fffff807742e1d56 6 bytes {CALL 0xffffffffff86e54a}
.text    C:\Windows\system32\hal.dll!HalGetInterruptVector + 314                                                             fffff807742e1e6a 6 bytes {CALL 0xffffffffff86e436}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\hal.dll!HalStartDynamicProcessor + 111                                                          fffff807742e25ff 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalStartDynamicProcessor + 118                                                          fffff807742e2606 5 bytes {CALL 0xffffffffffbe8a5a}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\hal.dll!HalRequestDeferredRecoveryServiceInterrupt + 104                                        fffff807742e2cc8 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalRequestDeferredRecoveryServiceInterrupt + 111                                        fffff807742e2ccf 5 bytes {CALL 0xffffffffff5576f1}
.text    ...                                                                                                                 * 22
.text    C:\Windows\system32\hal.dll!HalMakeBeep + 883                                                                       fffff807742e4233 1 byte [A9]
.text    C:\Windows\system32\hal.dll!HalReturnToFirmware + 27                                                                fffff807742e42fb 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalReturnToFirmware + 34                                                                fffff807742e4302 5 bytes {CALL 0xffffffffff63e8ee}
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\hal.dll!HalBugCheckSystem + 117                                                                 fffff807742f9785 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalBugCheckSystem + 124                                                                 fffff807742f978c 5 bytes {CALL 0xffffffffff6c3174}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\hal.dll!HalHandleMcheck + 259                                                                   fffff807742fba73 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalHandleMcheck + 266                                                                   fffff807742fba7a 5 bytes {CALL 0xffffffffff56ab86}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\hal.dll!HalHandleNMI + 219                                                                      fffff807742fc5eb 2 bytes [4C, 8B]
.text    C:\Windows\system32\hal.dll!HalHandleNMI + 226                                                                      fffff807742fc5f2 5 bytes {CALL 0xffffffffff840e2e}
PAGE     C:\Windows\system32\hal.dll!HalConvertDeviceIdtToIrql + 90                                                          fffff8077433011a 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\hal.dll!HalConvertDeviceIdtToIrql + 97                                                          fffff80774330121 5 bytes {CALL 0xffffffffffc0c6cf}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\system32\hal.dll!HalGetAdapter + 419                                                                     fffff80774332c43 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\hal.dll!HalGetAdapter + 426                                                                     fffff80774332c4a 5 bytes {CALL 0xffffffffff5ed286}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\system32\hal.dll!HalAllocateHardwareCounters + 131                                                       fffff80774333483 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\hal.dll!HalAllocateHardwareCounters + 138                                                       fffff8077433348a 5 bytes {CALL 0xffffffffff4f3e36}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\system32\hal.dll!HalFreeHardwareCounters + 80                                                            fffff807743335a0 4 bytes [E8, FB, CC, 81]
PAGE     C:\Windows\system32\hal.dll!HalFreeHardwareCounters + 85                                                            fffff807743335a5 1 byte [90]
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\system32\hal.dll!IoReadPartitionTable + 4                                                                fffff807743347d4 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\hal.dll!IoReadPartitionTable + 11                                                               fffff807743347db 5 bytes {CALL 0xffffffffffd195e5}
PAGE     C:\Windows\system32\hal.dll!IoSetPartitionInformation + 4                                                           fffff807743347f4 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\hal.dll!IoSetPartitionInformation + 11                                                          fffff807743347fb 5 bytes {CALL 0xffffffffffd19855}
PAGE     C:\Windows\system32\hal.dll!IoWritePartitionTable + 14                                                              fffff8077433481e 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\hal.dll!IoWritePartitionTable + 21                                                              fffff80774334825 5 bytes {CALL 0xffffffffffd199cb}
PAGE     C:\Windows\system32\hal.dll!HalAssignSlotResources + 78                                                             fffff8077433488e 4 bytes [E8, 0D, BA, 81]
PAGE     C:\Windows\system32\hal.dll!HalAssignSlotResources + 83                                                             fffff80774334893 1 byte [90]
PAGELK   C:\Windows\system32\hal.dll!HalInitSystem + 194                                                                     fffff80774339d82 4 bytes [E8, 19, 65, 81]
PAGELK   C:\Windows\system32\hal.dll!HalInitSystem + 199                                                                     fffff80774339d87 1 byte [90]
.text    C:\Windows\system32\kd.dll!KdSetHiberRange + 29                                                                     fffff807766010bd 2 bytes [4C, 8B]
.text    C:\Windows\system32\kd.dll!KdSetHiberRange + 36                                                                     fffff807766010c4 5 bytes {CALL 0xfffffffffd359bcc}
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAuthIdentity + 73                                                    fffff80776661059 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAuthIdentity + 80                                                    fffff80776661060 5 bytes {CALL 0xfffffffffd509040}
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiZeroAuthIdentity + 230                                                   fffff80776661166 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiZeroAuthIdentity + 237                                                   fffff8077666116d 5 bytes {CALL 0xfffffffffd20e883}
.text    ...                                                                                                                 * 32
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptHashData + 28                                                          fffff8077666178c 6 bytes {CALL 0x28b14}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptCreateHash + 76                                                        fffff807766617fc 6 bytes {CALL 0x28aa4}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptFinishHash + 25                                                        fffff80776661839 6 bytes {CALL 0x28a67}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroyHash + 25                                                       fffff807766618a9 2 bytes [E8, F2]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroyHash + 28                                                       fffff807766618ac 3 bytes [02, 00, 90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGetProperty + 60                                                       fffff8077666190c 6 bytes {CALL 0x28994}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGetProperty + 112                                                      fffff80776661940 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 18
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGenRandom + 28                                                         fffff80776661b2c 6 bytes {CALL 0x28774}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGenRandom + 82                                                         fffff80776661b62 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\ksecdd.sys!MapSecurityError + 4                                                         fffff80776661b84 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!MapSecurityError + 11                                                        fffff80776661b8b 5 bytes {CALL 0xfffffffffd2cb1e5}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDuplicateHash + 41                                                     fffff80776661bc9 6 bytes {CALL 0x286d7}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGenerateSymmetricKey + 71                                              fffff80776661c37 6 bytes {CALL 0x28669}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptKeyDerivation + 60                                                     fffff80776661c8c 6 bytes {CALL 0x28614}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroyKey + 25                                                        fffff80776661cc9 6 bytes {CALL 0x285d7}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDuplicateKey + 41                                                      fffff80776661d19 6 bytes {CALL 0x28587}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptVerifySignature + 71                                                   fffff80776661d87 6 bytes {CALL 0x28519}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptOpenAlgorithmProvider + 28                                             fffff80776661dbc 6 bytes {CALL 0x284e4}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptImportKey + 101                                                        fffff80776661e45 6 bytes {CALL 0x2845b}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptCloseAlgorithmProvider + 25                                            fffff80776661e79 6 bytes {CALL 0x28427}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptCloseAlgorithmProvider + 269                                           fffff80776661f6d 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiLocalFree + 11                                                           fffff807766622bb 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiLocalFree + 18                                                           fffff807766622c2 5 bytes {CALL 0xfffffffffd507dde}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptImportKeyPair + 71                                                     fffff80776665277 6 bytes {CALL 0x25029}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptSetProperty + 44                                                       fffff8077666536c 6 bytes {CALL 0x24f34}
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptSignHash + 90                                                          fffff807766653ea 6 bytes {CALL 0x24eb6}
.text    C:\Windows\System32\drivers\ksecdd.sys!InitSecurityInterfaceW + 109                                                 fffff8077666547d 3 bytes [4C, 8B, 15]
.text    C:\Windows\System32\drivers\ksecdd.sys!InitSecurityInterfaceW + 116                                                 fffff80776665484 5 bytes JMP fffff80773999140
.text    ...                                                                                                                 * 4
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiCompareAuthIdentities + 383                                              fffff80776668d3f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiCompareAuthIdentities + 390                                              fffff80776668d46 5 bytes {CALL 0xfffffffffd50135a}
.text    ...                                                                                                                 * 19
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeAuthIdentityAsStrings + 685                                        fffff807766696dd 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeAuthIdentityAsStrings + 692                                        fffff807766696e4 5 bytes {CALL 0xfffffffffd5009bc}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeStringsAsAuthIdentity + 140                                        fffff8077666a0bc 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiEncodeStringsAsAuthIdentity + 147                                        fffff8077666a0c3 5 bytes {CALL 0xfffffffffd33286d}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiValidateAuthIdentity + 412                                               fffff8077666aa6c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SspiValidateAuthIdentity + 419                                               fffff8077666aa73 5 bytes {CALL 0xfffffffffd204f7d}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\drivers\ksecdd.sys!SecLookupWellKnownSid + 761                                                  fffff8077666b859 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SecLookupWellKnownSid + 768                                                  fffff8077666b860 5 bytes {CALL 0xfffffffffd1980c0}
.text    C:\Windows\System32\drivers\ksecdd.sys!KSecRegisterSecurityProvider + 24                                            fffff8077666c2a8 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!KSecRegisterSecurityProvider + 31                                            fffff8077666c2af 5 bytes {CALL 0xfffffffffd1969c1}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\ksecdd.sys!KSecValidateBuffer + 209                                                     fffff8077666c551 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!KSecValidateBuffer + 216                                                     fffff8077666c558 5 bytes {CALL 0xfffffffffd7b9d68}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\ksecdd.sys!SecSetPagingMode + 54                                                        fffff8077666c666 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!SecSetPagingMode + 61                                                        fffff8077666c66d 5 bytes {CALL 0xfffffffffd196603}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\drivers\ksecdd.sys!GetSecurityUserInfo + 165                                                    fffff8077666c8a5 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\ksecdd.sys!GetSecurityUserInfo + 172                                                    fffff8077666c8ac 5 bytes {CALL 0xfffffffffd4fd764}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\ksecdd.sys!SystemPrng + 28                                                              fffff8077666d03c 4 bytes [E8, 5F, D2, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SystemPrng + 33                                                              fffff8077666d041 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDecrypt + 106                                                          fffff8077666d0ca 4 bytes [E8, D1, D1, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDecrypt + 111                                                          fffff8077666d0cf 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKey + 71                                                         fffff8077666d137 4 bytes [E8, 64, D1, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKey + 76                                                         fffff8077666d13c 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyCapi + 44                                                     fffff8077666d17c 4 bytes [E8, 1F, D1, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyCapi + 49                                                     fffff8077666d181 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyPBKDF2 + 101                                                  fffff8077666d205 4 bytes [E8, 96, D0, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDeriveKeyPBKDF2 + 106                                                  fffff8077666d20a 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroySecret + 28                                                     fffff8077666d23c 4 bytes [E8, 5F, D0, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptDestroySecret + 33                                                     fffff8077666d241 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptEncrypt + 106                                                          fffff8077666d2ca 4 bytes [E8, D1, CF, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptEncrypt + 111                                                          fffff8077666d2cf 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumAlgorithms + 25                                                    fffff8077666d309 4 bytes [E8, 92, CF, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumAlgorithms + 30                                                    fffff8077666d30e 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumProviders + 25                                                     fffff8077666d349 4 bytes [E8, 52, CF, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptEnumProviders + 30                                                     fffff8077666d34e 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptExportKey + 68                                                         fffff8077666d3b4 4 bytes [E8, E7, CE, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptExportKey + 73                                                         fffff8077666d3b9 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptFinalizeKeyPair + 28                                                   fffff8077666d3ec 4 bytes [E8, AF, CE, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptFinalizeKeyPair + 33                                                   fffff8077666d3f1 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptFreeBuffer + 28                                                        fffff8077666d42c 4 bytes [E8, 6F, CE, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptFreeBuffer + 33                                                        fffff8077666d431 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGenerateKeyPair + 28                                                   fffff8077666d45c 4 bytes [E8, 3F, CE, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGenerateKeyPair + 33                                                   fffff8077666d461 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGetFipsAlgorithmMode + 25                                              fffff8077666d499 4 bytes [E8, 02, CE, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptGetFipsAlgorithmMode + 30                                              fffff8077666d49e 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptRegisterConfigChangeNotify + 24                                        fffff8077666d4d8 4 bytes [E8, C3, CD, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptRegisterConfigChangeNotify + 29                                        fffff8077666d4dd 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptResolveProviders + 85                                                  fffff8077666d545 4 bytes [E8, 56, CD, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptResolveProviders + 90                                                  fffff8077666d54a 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptSecretAgreement + 28                                                   fffff8077666d57c 4 bytes [E8, 1F, CD, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptSecretAgreement + 33                                                   fffff8077666d581 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptUnregisterConfigChangeNotify + 25                                      fffff8077666d5b9 4 bytes [E8, E2, CC, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!BCryptUnregisterConfigChangeNotify + 30                                      fffff8077666d5be 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslDecryptPacket + 99                                                        fffff8077666d643 4 bytes [E8, 58, CC, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslDecryptPacket + 104                                                       fffff8077666d648 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslEncryptPacket + 106                                                       fffff8077666d6ca 4 bytes [E8, D1, CB, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslEncryptPacket + 111                                                       fffff8077666d6cf 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslExportKey + 68                                                            fffff8077666d734 4 bytes [E8, 67, CB, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslExportKey + 73                                                            fffff8077666d739 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslFreeObject + 25                                                           fffff8077666d769 4 bytes [E8, 32, CB, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslFreeObject + 30                                                           fffff8077666d76e 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslGetExtensions + 57                                                        fffff8077666d7c9 4 bytes [E8, D2, CA, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslGetExtensions + 62                                                        fffff8077666d7ce 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslGetServerIdentity + 41                                                    fffff8077666d819 4 bytes [E8, 82, CA, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslGetServerIdentity + 46                                                    fffff8077666d81e 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslImportKey + 55                                                            fffff8077666d877 4 bytes [E8, 24, CA, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslImportKey + 60                                                            fffff8077666d87c 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslLookupCipherSuiteInfo + 57                                                fffff8077666d8c9 4 bytes [E8, D2, C9, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslLookupCipherSuiteInfo + 62                                                fffff8077666d8ce 1 byte [90]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslOpenProvider + 25                                                         fffff8077666d909 4 bytes [E8, 92, C9, 01]
.text    C:\Windows\System32\drivers\ksecdd.sys!SslOpenProvider + 30                                                         fffff8077666d90e 1 byte [90]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx2 + 218                                                          fffff8077667b16a 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx2 + 225                                                          fffff8077667b171 5 bytes {CALL 0xfffffffffd4eee9f}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!FreeContextBuffer + 152                                                      fffff8077667b3d8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!FreeContextBuffer + 159                                                      fffff8077667b3df 5 bytes {CALL 0xfffffffffd2aedf1}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\ksecdd.sys!AcquireCredentialsHandleW + 220                                              fffff8077667b52c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!AcquireCredentialsHandleW + 227                                              fffff8077667b533 5 bytes {CALL 0xfffffffffdc3828d}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\ksecdd.sys!FreeCredentialsHandle + 88                                                   fffff8077667b6c8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!FreeCredentialsHandle + 95                                                   fffff8077667b6cf 5 bytes {CALL 0xfffffffffd1f4321}
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\ksecdd.sys!DeleteSecurityContext + 104                                                  fffff8077667b888 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!DeleteSecurityContext + 111                                                  fffff8077667b88f 5 bytes {CALL 0xfffffffffdc37f31}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\ksecdd.sys!AcceptSecurityContext + 220                                                  fffff8077667ba7c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!AcceptSecurityContext + 227                                                  fffff8077667ba83 5 bytes {CALL 0xfffffffffd1a406d}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiDeleteSecurityContextAsync + 159                                         fffff8077667c4ef 6 bytes {CALL 0xddb1}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiDeleteSecurityContextAsync + 544                                         fffff8077667c670 6 bytes {CALL 0xdc30}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAsyncContext + 84                                                    fffff8077667d004 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiFreeAsyncContext + 91                                                    fffff8077667d00b 5 bytes {CALL 0xfffffffffd289b75}
PAGE     ...                                                                                                                 * 20
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiCreateAsyncContext + 19                                                  fffff8077667d293 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiCreateAsyncContext + 26                                                  fffff8077667d29a 5 bytes {CALL 0xfffffffffd347486}
PAGE     ...                                                                                                                 * 2
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiAcceptSecurityContextAsync + 198                                         fffff8077667d3d6 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiAcceptSecurityContextAsync + 205                                         fffff8077667d3dd 5 bytes {CALL 0xfffffffffd4ecc33}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiGetAsyncCallStatus + 569                                                 fffff8077667d699 2 bytes {JMP 0x4e}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiGetAsyncCallStatus + 576                                                 fffff8077667d6a0 5 bytes {CALL 0xfffffffffd4ec970}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetKeyTypesServer + 93                                           fffff8077667e62d 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetKeyTypesServer + 100                                          fffff8077667e634 5 bytes {CALL 0xfffffffffd4eb9dc}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetHighestSupportedVersion + 77                                  fffff8077667e8ed 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!TokenBindingGetHighestSupportedVersion + 84                                  fffff8077667e8f4 4 bytes [E8, D7, C9, 04]
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\ksecdd.sys!CredMarshalTargetInfo + 450                                                  fffff8077667fe52 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!CredMarshalTargetInfo + 457                                                  fffff8077667fe59 5 bytes {CALL 0xfffffffffd4ea1b7}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!ApplyControlToken + 299                                                      fffff80776680bab 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!ApplyControlToken + 306                                                      fffff80776680bb2 5 bytes {CALL 0xfffffffffdc32c0e}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\ksecdd.sys!ExportSecurityContext + 89                                                   fffff80776680d19 6 bytes {CALL 0x9587}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!ImportSecurityContextW + 113                                                 fffff80776680dc1 6 bytes {CALL 0x94df}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!ImportSecurityContextW + 377                                                 fffff80776680ec9 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 4
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx + 225                                                           fffff807766814f1 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SecMakeSPNEx + 232                                                           fffff807766814f8 5 bytes {CALL 0xfffffffffdc322c8}
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiReinitAsyncContext + 332                                                 fffff807766817ac 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!SspiReinitAsyncContext + 339                                                 fffff807766817b3 5 bytes {CALL 0xfffffffffd337cfd}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\System32\drivers\ksecdd.sys!TokenBindingVerifyMessage + 167                                              fffff80776681ea7 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ksecdd.sys!TokenBindingVerifyMessage + 174                                              fffff80776681eae 5 bytes {CALL 0xfffffffffdc31912}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!QuerySecurityContextToken + 73                                               fffff80776683059 6 bytes {CALL 0x7247}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!QuerySecurityContextToken + 123                                              fffff8077668308b 2 bytes [4C, 8B]
PAGEMSG  ...                                                                                                                 * 2
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!QueryContextAttributesW + 105                                                fffff80776683129 6 bytes {CALL 0x7177}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!UnsealMessage + 84                                                           fffff807766831d4 6 bytes {CALL 0x70cc}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!SealMessage + 82                                                             fffff80776683262 6 bytes {CALL 0x703e}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!ImpersonateSecurityContext + 68                                              fffff807766832e4 6 bytes {CALL 0x6fbc}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!ImpersonateSecurityContext + 92                                              fffff807766832fc 2 bytes [4C, 8B]
PAGEMSG  ...                                                                                                                 * 4
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!RevertSecurityContext + 29                                                   fffff807766833bd 2 bytes [4C, 8B]
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!RevertSecurityContext + 36                                                   fffff807766833c4 5 bytes {CALL 0xfffffffffd74e0cc}
PAGEMSG  ...                                                                                                                 * 3
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!CompleteAuthToken + 69                                                       fffff80776683465 6 bytes {CALL 0x6e3b}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!MakeSignature + 89                                                           fffff807766834e9 6 bytes {CALL 0x6db7}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!VerifySignature + 91                                                         fffff8077668357b 6 bytes {CALL 0x6d25}
PAGEMSG  C:\Windows\System32\drivers\ksecdd.sys!VerifySignature + 246                                                        fffff80776683616 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerSubmitUserCrashReport + 108                                            fffff8077664807c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerSubmitUserCrashReport + 115                                            fffff80776648083 5 bytes {CALL 0xfffffffffd3712ed}
PAGE     ...                                                                                                                 * 29
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCancelReport + 37                                            fffff80776648575 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCancelReport + 44                                            fffff8077664857c 5 bytes {CALL 0xfffffffffd2da634}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCloseHandle + 55                                             fffff80776648647 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCloseHandle + 62                                             fffff8077664864e 5 bytes {CALL 0xfffffffffd2da562}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCreateReport + 91                                            fffff8077664872b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelCreateReport + 98                                            fffff80776648732 5 bytes {CALL 0xfffffffffd2da47e}
PAGE     ...                                                                                                                 * 15
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelOpenDumpFile + 66                                            fffff807766489f2 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelOpenDumpFile + 73                                            fffff807766489f9 5 bytes {CALL 0xfffffffffd2da1b7}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelSubmitReport + 37                                            fffff80776648ac5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\werkernel.sys!WerLiveKernelSubmitReport + 44                                            fffff80776648acc 5 bytes {CALL 0xfffffffffd2da0e4}
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsGetManagementSupportInterface + 82                                         fffff80776731272 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsGetManagementSupportInterface + 89                                         fffff80776731279 5 bytes {CALL 0xfffffffffd10c927}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnInvalid + 91                                                            fffff8077673218b 6 bytes {CALL 0x66115}
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnInvalid + 160                                                           fffff807767321d0 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnDifference + 291                                                        fffff807767324c3 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnDifference + 298                                                        fffff807767324ca 5 bytes {CALL 0xfffffffffd437bd6}
.text    ...                                                                                                                 * 20
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnRecordSequence + 165                                                    fffff807767328e5 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnRecordSequence + 172                                                    fffff807767328ec 5 bytes {CALL 0xfffffffffd4377b4}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivGetBaseLogFileFromFileObjectPointer + 114                              fffff807767329f2 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivGetBaseLogFileFromFileObjectPointer + 121                              fffff807767329f9 5 bytes {CALL 0xfffffffffd104327}
.text    ...                                                                                                                 * 14
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnContainer + 47                                                          fffff80776732d7f 6 bytes {CALL 0x65521}
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnContainer + 75                                                          fffff80776732d9b 6 bytes {CALL 0x65505}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnGreater + 198                                                           fffff80776734f06 3 bytes [E8, 95, 33]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnGreater + 202                                                           fffff80776734f0a 2 bytes [00, 90]
.text    ...                                                                                                                 * 10
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnBlockOffset + 273                                                       fffff80776735de1 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnBlockOffset + 280                                                       fffff80776735de8 5 bytes {CALL 0xfffffffffd16f888}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnEqual + 94                                                              fffff807767382de 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLsnEqual + 101                                                             fffff807767382e5 5 bytes {CALL 0xfffffffffd0e780b}
.text    ...                                                                                                                 * 19
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsQueryLogFileInformation + 119                                              fffff80776738da7 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsQueryLogFileInformation + 126                                              fffff80776738dae 5 bytes {CALL 0xfffffffffd104df2}
.text    ...                                                                                                                 * 13
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsGetObservableInterface + 83                                                fffff8077673a783 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsGetObservableInterface + 90                                                fffff8077673a78a 5 bytes {CALL 0xfffffffffd103416}
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLaterLsn + 178                                                             fffff80776742b52 6 bytes {CALL 0x5574e}
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsLaterLsn + 375                                                             fffff80776742c17 6 bytes {CALL 0x55689}
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsAlignReservedLog + 217                                                     fffff80776742e19 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsAlignReservedLog + 224                                                     fffff80776742e20 5 bytes {CALL 0xfffffffffd0fad80}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsAllocReservedLog + 156                                                     fffff8077674302c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsAllocReservedLog + 163                                                     fffff80776743033 5 bytes {CALL 0xfffffffffd0fab6d}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsGetIoStatistics + 451                                                      fffff80776743393 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsGetIoStatistics + 458                                                      fffff8077674339a 5 bytes {CALL 0xfffffffffd0fa806}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivQueryErrorState + 94                                                   fffff807767437de 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsPrivQueryErrorState + 101                                                  fffff807767437e5 5 bytes {CALL 0xfffffffffd0fa3bb}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsReadPreviousRestartArea + 266                                              fffff80776743a4a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsReadPreviousRestartArea + 273                                              fffff80776743a51 5 bytes {CALL 0xfffffffffd0fa14f}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsSetEndOfLog + 273                                                          fffff80776743d11 6 bytes {CALL 0x5458f}
.text    C:\Windows\System32\drivers\CLFS.SYS!ClfsSetEndOfLog + 455                                                          fffff80776743dc7 6 bytes {CALL 0x544d9}
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtQueryPolicy + 56                                                       fffff80776757598 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtQueryPolicy + 63                                                       fffff8077675759f 5 bytes {CALL 0xfffffffffd0e6601}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsAdvanceLogBase + 134                                                       fffff80776757ca6 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsAdvanceLogBase + 141                                                       fffff80776757cad 5 bytes {CALL 0xfffffffffd0e5ef3}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteLogByPointer + 69                                                    fffff80776758215 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteLogByPointer + 76                                                    fffff8077675821c 5 bytes {CALL 0xfffffffffd0e5984}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsFreeReservedLog + 105                                                      fffff807767584f9 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsFreeReservedLog + 112                                                      fffff80776758500 5 bytes {CALL 0xfffffffffd0e56a0}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRegisterManagedClient + 93                                             fffff807767588fd 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRegisterManagedClient + 100                                            fffff80776758904 5 bytes {CALL 0xfffffffffd0e529c}
PAGE     ...                                                                                                                 * 23
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateMarshallingArea + 363                                                fffff8077675951b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateMarshallingArea + 370                                                fffff80776759522 5 bytes {CALL 0xfffffffffd0df3fe}
PAGE     ...                                                                                                                 * 17
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtSetLogFileSizeAsClient + 56                                            fffff80776759978 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtSetLogFileSizeAsClient + 63                                            fffff8077675997f 5 bytes {CALL 0xfffffffffd0e4221}
PAGE     ...                                                                                                                 * 12
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsAddLogContainerSet + 121                                                   fffff8077675b259 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsAddLogContainerSet + 128                                                   fffff8077675b260 5 bytes {CALL 0xfffffffffd0e2940}
PAGE     ...                                                                                                                 * 10
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtDeregisterManagedClient + 22                                           fffff8077675b506 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtDeregisterManagedClient + 29                                           fffff8077675b50d 5 bytes {CALL 0xfffffffffd0e2693}
PAGE     ...                                                                                                                 * 27
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsWriteRestartArea + 193                                                     fffff8077675c6a1 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsWriteRestartArea + 200                                                     fffff8077675c6a8 5 bytes {CALL 0xfffffffffd0e14f8}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteMarshallingArea + 93                                                 fffff8077675dd6d 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsDeleteMarshallingArea + 100                                                fffff8077675dd74 5 bytes {CALL 0xfffffffffd0dfe2c}
PAGE     ...                                                                                                                 * 24
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsTerminateReadLog + 93                                                      fffff8077675e24d 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsTerminateReadLog + 100                                                     fffff8077675e254 5 bytes {CALL 0xfffffffffd0df94c}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReadLogRecord + 246                                                        fffff8077675e4c6 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReadLogRecord + 253                                                        fffff8077675e4cd 5 bytes {CALL 0xfffffffffd0df6d3}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReserveAndAppendLogAligned + 275                                           fffff8077675f6d3 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReserveAndAppendLogAligned + 282                                           fffff8077675f6da 5 bytes {CALL 0xfffffffffd0de4c6}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateLogFile + 328                                                        fffff80776763f38 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateLogFile + 335                                                        fffff80776763f3f 5 bytes {CALL 0xfffffffffd679851}
PAGE     ...                                                                                                                 * 15
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsGetLogFileInformation + 119                                                fffff80776764b07 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsGetLogFileInformation + 126                                                fffff80776764b0e 5 bytes {CALL 0xfffffffffd0d9092}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsDispatchIoRequest + 114                                                    fffff80776764fc2 6 bytes {CALL 0x332de}
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsDispatchIoRequest + 434                                                    fffff80776765102 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtInstallPolicy + 58                                                     fffff80776765a0a 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtInstallPolicy + 65                                                     fffff80776765a11 5 bytes {CALL 0xfffffffffd0d818f}
PAGE     ...                                                                                                                 * 29
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseLogFileObject + 50                                                    fffff80776767c52 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseLogFileObject + 57                                                    fffff80776767c59 5 bytes {CALL 0xfffffffffd0d5f47}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReadNextLogRecord + 313                                                    fffff807767693b9 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReadNextLogRecord + 320                                                    fffff807767693c0 5 bytes {CALL 0xfffffffffd0d47e0}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReadRestartArea + 171                                                      fffff8077676a1db 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsReadRestartArea + 178                                                      fffff8077676a1e2 5 bytes {CALL 0xfffffffffd0d39be}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsFlushToLsn + 139                                                           fffff8077676b02b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsFlushToLsn + 146                                                           fffff8077676b032 5 bytes {CALL 0xfffffffffd0d2b6e}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateScanContext + 178                                                    fffff80776770322 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCreateScanContext + 185                                                    fffff80776770329 5 bytes {CALL 0xfffffffffd0cd877}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsInitialize + 260                                                           fffff80776773fc4 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsInitialize + 267                                                           fffff80776773fcb 5 bytes {CALL 0xfffffffffd1fc7f5}
PAGE     ...                                                                                                                 * 23
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseAndResetLogFile + 101                                                 fffff8077678bf85 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsCloseAndResetLogFile + 108                                                 fffff8077678bf8c 5 bytes {CALL 0xfffffffffd0b1c14}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsFinalize + 91                                                              fffff8077678c42b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsFinalize + 98                                                              fffff8077678c432 5 bytes {CALL 0xfffffffffd1e645e}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsGetContainerName + 390                                                     fffff8077678c756 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsGetContainerName + 397                                                     fffff8077678c75d 5 bytes {CALL 0xfffffffffd0b1443}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsRemoveLogContainerSet + 292                                                fffff8077678cc54 2 bytes {JMP 0xffffffffffffffab}
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsRemoveLogContainerSet + 299                                                fffff8077678cc5b 5 bytes {CALL 0xfffffffffd0b0f45}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsScanLogContainers + 504                                                    fffff8077678d0f8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsScanLogContainers + 511                                                    fffff8077678d0ff 5 bytes {CALL 0xfffffffffd0b0aa1}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsSetArchiveTail + 133                                                       fffff8077678d455 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsSetArchiveTail + 140                                                       fffff8077678d45c 5 bytes {CALL 0xfffffffffd0b0744}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsSetLogFileInformation + 133                                                fffff8077678d6c5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsSetLogFileInformation + 140                                                fffff8077678d6cc 5 bytes {CALL 0xfffffffffd0b04d4}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtHandleLogFileFull + 25                                                 fffff8077678dfe9 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtHandleLogFileFull + 32                                                 fffff8077678dff0 5 bytes {CALL 0xfffffffffd0afbb0}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRemovePolicy + 42                                                      fffff8077678e06a 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtRemovePolicy + 49                                                      fffff8077678e071 5 bytes {CALL 0xfffffffffd0afb2f}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtTailAdvanceFailure + 36                                                fffff8077678e124 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLFS.SYS!ClfsMgmtTailAdvanceFailure + 43                                                fffff8077678e12b 5 bytes {CALL 0xfffffffffd0afa75}
.text    C:\Windows\System32\drivers\tm.sys!TmShutdownSystem + 367                                                           fffff80776701b9f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\tm.sys!TmShutdownSystem + 374                                                           fffff80776701ba6 5 bytes {CALL 0xfffffffffd6c3aca}
PAGE     C:\Windows\System32\drivers\tm.sys!TmCurrentTransaction + 47                                                        fffff8077670b03f 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmCurrentTransaction + 54                                                        fffff8077670b046 5 bytes {CALL 0xfffffffffd1ba04a}
PAGE     C:\Windows\System32\drivers\tm.sys!DllUnload + 352                                                                  fffff8077670b210 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!DllUnload + 359                                                                  fffff8077670b217 5 bytes {CALL 0xfffffffffd132989}
PAGE     ...                                                                                                                 * 15
PAGE     C:\Windows\System32\drivers\tm.sys!TmInitSystemPhase2 + 337                                                         fffff8077670c1a1 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmInitSystemPhase2 + 344                                                         fffff8077670c1a8 5 bytes {CALL 0xfffffffffd6b94c8}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\tm.sys!TmRecoverTransactionManager + 250                                                fffff8077670c3ea 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRecoverTransactionManager + 257                                                fffff8077670c3f1 4 bytes [E8, 1A, D5, 04]
PAGE     C:\Windows\System32\drivers\tm.sys!TmCommitEnlistment + 69                                                          fffff80776710665 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmCommitEnlistment + 76                                                          fffff8077671066c 5 bytes {CALL 0xfffffffffd212544}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\System32\drivers\tm.sys!TmDereferenceEnlistmentKey + 44                                                  fffff8077671088c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmDereferenceEnlistmentKey + 51                                                  fffff80776710893 5 bytes {CALL 0xfffffffffd129b2d}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!TmPrePrepareEnlistment + 66                                                      fffff807767109a2 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmPrePrepareEnlistment + 73                                                      fffff807767109a9 5 bytes {CALL 0xfffffffffd212207}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!TmPrepareEnlistment + 66                                                         fffff80776710b32 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmPrepareEnlistment + 73                                                         fffff80776710b39 5 bytes {CALL 0xfffffffffd212077}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!TmRecoverEnlistment + 74                                                         fffff80776710d5a 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRecoverEnlistment + 81                                                         fffff80776710d61 5 bytes {CALL 0xfffffffffd12965f}
PAGE     ...                                                                                                                 * 17
PAGE     C:\Windows\System32\drivers\tm.sys!TmReferenceEnlistmentKey + 57                                                    fffff80776710f69 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmReferenceEnlistmentKey + 64                                                    fffff80776710f70 5 bytes {CALL 0xfffffffffd129450}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!TmRequestOutcomeEnlistment + 78                                                  fffff8077671102e 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRequestOutcomeEnlistment + 85                                                  fffff80776711035 5 bytes {CALL 0xfffffffffd211b7b}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\tm.sys!TmRollbackEnlistment + 69                                                        fffff807767112e5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRollbackEnlistment + 76                                                        fffff807767112ec 5 bytes {CALL 0xfffffffffd2118c4}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\tm.sys!TmSinglePhaseReject + 65                                                         fffff80776711521 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmSinglePhaseReject + 72                                                         fffff80776711528 5 bytes {CALL 0xfffffffffd211688}
PAGE     ...                                                                                                                 * 39
PAGE     C:\Windows\System32\drivers\tm.sys!TmCommitTransaction + 51                                                         fffff80776712573 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmCommitTransaction + 58                                                         fffff8077671257a 5 bytes {CALL 0xfffffffffd210636}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\tm.sys!TmFreezeTransactions + 90                                                        fffff807767128ba 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmFreezeTransactions + 97                                                        fffff807767128c1 5 bytes {CALL 0xfffffffffd127aff}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\tm.sys!TmGetTransactionId + 62                                                          fffff80776712b2e 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmGetTransactionId + 69                                                          fffff80776712b35 5 bytes {CALL 0xfffffffffd11e1db}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\tm.sys!TmIsKTMCommitCoordinator + 56                                                    fffff80776712db8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmIsKTMCommitCoordinator + 63                                                    fffff80776712dbf 5 bytes {CALL 0xfffffffffd138651}
PAGE     C:\Windows\System32\drivers\tm.sys!TmRollbackTransaction + 51                                                       fffff80776712e43 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRollbackTransaction + 58                                                       fffff80776712e4a 5 bytes {CALL 0xfffffffffd20fd66}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\tm.sys!TmThawTransactions + 40                                                          fffff80776713078 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmThawTransactions + 47                                                          fffff8077671307f 5 bytes {CALL 0xfffffffffd134931}
PAGE     ...                                                                                                                 * 29
PAGE     C:\Windows\System32\drivers\tm.sys!TmEnableCallbacks + 68                                                           fffff80776715184 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmEnableCallbacks + 75                                                           fffff8077671518b 5 bytes {CALL 0xfffffffffd125235}
PAGE     ...                                                                                                                 * 37
PAGE     C:\Windows\System32\drivers\tm.sys!TmRecoverResourceManager + 86                                                    fffff80776715596 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRecoverResourceManager + 93                                                    fffff8077671559d 5 bytes {CALL 0xfffffffffd124e23}
PAGE     ...                                                                                                                 * 30
PAGE     C:\Windows\System32\drivers\tm.sys!NtCommitComplete + 117                                                           fffff80776716b65 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCommitComplete + 124                                                           fffff80776716b6c 1 byte [E8]
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\tm.sys!NtCommitEnlistment + 117                                                         fffff80776716c45 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCommitEnlistment + 124                                                         fffff80776716c4c 5 bytes {CALL 0xfffffffffd6dc444}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateEnlistment + 224                                                         fffff80776716d90 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateEnlistment + 231                                                         fffff80776716d97 5 bytes {CALL 0xfffffffffd6dc2f9}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenEnlistment + 212                                                           fffff80776716f54 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenEnlistment + 219                                                           fffff80776716f5b 5 bytes {CALL 0xfffffffffd9f9f75}
PAGE     ...                                                                                                                 * 18
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrePrepareComplete + 117                                                       fffff807767171b5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrePrepareComplete + 124                                                       fffff807767171bc 5 bytes {CALL 0xfffffffffd6dbed4}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrePrepareEnlistment + 117                                                     fffff80776717295 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrePrepareEnlistment + 124                                                     fffff8077671729c 5 bytes {CALL 0xfffffffffd6dbdf4}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrepareComplete + 117                                                          fffff80776717375 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrepareComplete + 124                                                          fffff8077671737c 5 bytes {CALL 0xfffffffffd6dbd14}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrepareEnlistment + 117                                                        fffff80776717455 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtPrepareEnlistment + 124                                                        fffff8077671745c 5 bytes {CALL 0xfffffffffd6dbc34}
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationEnlistment + 126                                               fffff8077671753e 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationEnlistment + 133                                               fffff80776717545 5 bytes {CALL 0xfffffffffd6d205b}
PAGE     ...                                                                                                                 * 17
PAGE     C:\Windows\System32\drivers\tm.sys!NtReadOnlyEnlistment + 117                                                       fffff80776717825 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtReadOnlyEnlistment + 124                                                       fffff8077671782c 5 bytes {CALL 0xfffffffffd6db864}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtRecoverEnlistment + 56                                                         fffff807767178c8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRecoverEnlistment + 63                                                         fffff807767178cf 5 bytes {CALL 0xfffffffffd6db7c1}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollbackComplete + 117                                                         fffff80776717985 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollbackComplete + 124                                                         fffff8077671798c 5 bytes {CALL 0xfffffffffd6db704}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollbackEnlistment + 117                                                       fffff80776717a65 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollbackEnlistment + 124                                                       fffff80776717a6c 1 byte [E8]
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationEnlistment + 220                                                 fffff80776717bac 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationEnlistment + 227                                                 fffff80776717bb3 5 bytes {CALL 0xfffffffffd6db4dd}
PAGE     ...                                                                                                                 * 25
PAGE     C:\Windows\System32\drivers\tm.sys!NtSinglePhaseReject + 117                                                        fffff80776717e45 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtSinglePhaseReject + 124                                                        fffff80776717e4c 5 bytes {CALL 0xfffffffffd6db244}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!TmCreateEnlistment + 169                                                         fffff80776717f59 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmCreateEnlistment + 176                                                         fffff80776717f60 5 bytes {CALL 0xfffffffffd718210}
PAGE     ...                                                                                                                 * 12
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateResourceManager + 206                                                    fffff8077671816e 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateResourceManager + 213                                                    fffff80776718175 5 bytes {CALL 0xfffffffffd9f8d5b}
PAGE     ...                                                                                                                 * 22
PAGE     C:\Windows\System32\drivers\tm.sys!NtGetNotificationResourceManager + 80                                            fffff80776718510 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtGetNotificationResourceManager + 87                                            fffff80776718517 5 bytes {CALL 0xfffffffffd6d1089}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenResourceManager + 171                                                      fffff8077671870b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenResourceManager + 178                                                      fffff80776718712 5 bytes {CALL 0xfffffffffd9f87be}
PAGE     ...                                                                                                                 * 17
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationResourceManager + 119                                          fffff80776718967 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationResourceManager + 126                                          fffff8077671896e 5 bytes {CALL 0xfffffffffd6d0c32}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\tm.sys!NtRecoverResourceManager + 53                                                    fffff80776718bc5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRecoverResourceManager + 60                                                    fffff80776718bcc 5 bytes {CALL 0xfffffffffd6da4c4}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationResourceManager + 272                                            fffff80776718d20 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationResourceManager + 279                                            fffff80776718d27 5 bytes {CALL 0xfffffffffd6da369}
PAGE     ...                                                                                                                 * 25
PAGE     C:\Windows\System32\drivers\tm.sys!TmInitializeTransactionManager + 67                                              fffff80776718ee3 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmInitializeTransactionManager + 74                                              fffff80776718eea 5 bytes {CALL 0xfffffffffd1c1f86}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\tm.sys!TmRenameTransactionManager + 133                                                 fffff80776719305 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmRenameTransactionManager + 140                                                 fffff8077671930c 5 bytes {CALL 0xfffffffffd1106b4}
PAGE     ...                                                                                                                 * 37
PAGE     C:\Windows\System32\drivers\tm.sys!NtCommitTransaction + 70                                                         fffff8077671baf6 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCommitTransaction + 77                                                         fffff8077671bafd 5 bytes {CALL 0xfffffffffd6d7593}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateTransaction + 227                                                        fffff8077671bc33 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateTransaction + 234                                                        fffff8077671bc3a 5 bytes {CALL 0xfffffffffd9f5296}
PAGE     ...                                                                                                                 * 17
PAGE     C:\Windows\System32\drivers\tm.sys!NtEnumerateTransactionObject + 152                                               fffff8077671c0d8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtEnumerateTransactionObject + 159                                               fffff8077671c0df 5 bytes {CALL 0xfffffffffd6cd4c1}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\tm.sys!NtFreezeTransactions + 232                                                       fffff8077671c3b8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtFreezeTransactions + 239                                                       fffff8077671c3bf 5 bytes {CALL 0xfffffffffd81f551}
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenTransaction + 183                                                          fffff8077671c497 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenTransaction + 190                                                          fffff8077671c49e 5 bytes {CALL 0xfffffffffd9f4a32}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransaction + 283                                              fffff8077671c7cb 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransaction + 290                                              fffff8077671c7d2 5 bytes {CALL 0xfffffffffd6ccdce}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollbackTransaction + 70                                                       fffff8077671ce26 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollbackTransaction + 77                                                       fffff8077671ce2d 5 bytes {CALL 0xfffffffffd6d6263}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationTransaction + 261                                                fffff8077671cf85 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationTransaction + 268                                                fffff8077671cf8c 5 bytes {CALL 0xfffffffffd6d6104}
PAGE     ...                                                                                                                 * 23
PAGE     C:\Windows\System32\drivers\tm.sys!NtThawTransactions + 71                                                          fffff8077671d1e7 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtThawTransactions + 78                                                          fffff8077671d1ee 5 bytes {CALL 0xfffffffffd6ad572}
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateTransactionManager + 181                                                 fffff8077671d2c5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtCreateTransactionManager + 188                                                 fffff8077671d2cc 5 bytes {CALL 0xfffffffffd9f3c04}
PAGE     ...                                                                                                                 * 17
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenTransactionManager + 229                                                   fffff8077671d605 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtOpenTransactionManager + 236                                                   fffff8077671d60c 5 bytes {CALL 0xfffffffffd9f38c4}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransactionManager + 280                                       fffff8077671d9c8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtQueryInformationTransactionManager + 287                                       fffff8077671d9cf 5 bytes {CALL 0xfffffffffd6cbbd1}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\tm.sys!NtRecoverTransactionManager + 53                                                 fffff8077671de95 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRecoverTransactionManager + 60                                                 fffff8077671de9c 5 bytes {CALL 0xfffffffffd6d51f4}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\tm.sys!NtRenameTransactionManager + 155                                                 fffff8077671df7b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRenameTransactionManager + 162                                                 fffff8077671df82 5 bytes {CALL 0xfffffffffd9f2f4e}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollforwardTransactionManager + 117                                            fffff8077671e165 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRollforwardTransactionManager + 124                                            fffff8077671e16c 1 byte [E8]
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationTransactionManager + 83                                          fffff8077671e223 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtSetInformationTransactionManager + 90                                          fffff8077671e22a 5 bytes {CALL 0xfffffffffd6d4e66}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtPropagationComplete + 137                                                      fffff8077671e309 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtPropagationComplete + 144                                                      fffff8077671e310 5 bytes {CALL 0xfffffffffd6d4d80}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\tm.sys!NtPropagationFailed + 69                                                         fffff8077671e3e5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtPropagationFailed + 76                                                         fffff8077671e3ec 5 bytes {CALL 0xfffffffffd6d4ca4}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!NtRegisterProtocolAddressInformation + 102                                       fffff8077671e4b6 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!NtRegisterProtocolAddressInformation + 109                                       fffff8077671e4bd 5 bytes {CALL 0xfffffffffd9f2a13}
PAGE     ...                                                                                                                 * 31
PAGE     C:\Windows\System32\drivers\tm.sys!TmEndPropagationRequest + 34                                                     fffff8077671e852 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmEndPropagationRequest + 41                                                     fffff8077671e859 5 bytes {CALL 0xfffffffffd11bb67}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\tm.sys!TmPropagationFailed + 48                                                         fffff8077671e950 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\tm.sys!TmPropagationFailed + 55                                                         fffff8077671e957 5 bytes {CALL 0xfffffffffd11ba69}
.text    C:\Windows\system32\PSHED.dll!PshedRetrieveErrorInfo + 82                                                           fffff807767a1062 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedRetrieveErrorInfo + 89                                                           fffff807767a1069 5 bytes {CALL 0xfffffffffd0d08f7}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\PSHED.dll!PshedWriteErrorRecord + 217                                                           fffff807767a1599 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedWriteErrorRecord + 224                                                           fffff807767a15a0 5 bytes {CALL 0xfffffffffd96e200}
.text    C:\Windows\system32\PSHED.dll!PshedReadErrorRecord + 90                                                             fffff807767a166a 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedReadErrorRecord + 97                                                             fffff807767a1671 5 bytes {CALL 0xfffffffffd3c899f}
.text    C:\Windows\system32\PSHED.dll!PshedClearErrorRecord + 42                                                            fffff807767a170a 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedClearErrorRecord + 49                                                            fffff807767a1711 5 bytes {CALL 0xfffffffffd0d024f}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\PSHED.dll!PshedFinalizeErrorRecord + 39                                                         fffff807767a17c7 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedFinalizeErrorRecord + 46                                                         fffff807767a17ce 5 bytes {CALL 0xfffffffffd0d0192}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\PSHED.dll!PshedAttemptErrorRecovery + 30                                                        fffff807767a187e 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedAttemptErrorRecovery + 37                                                        fffff807767a1885 5 bytes {CALL 0xfffffffffd0d00db}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\PSHED.dll!PshedBugCheckSystem + 4                                                               fffff807767a1914 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedBugCheckSystem + 11                                                              fffff807767a191b 5 bytes {CALL 0xfffffffffdb57df5}
.text    C:\Windows\system32\PSHED.dll!PshedGetErrorSourceInfo + 65                                                          fffff807767a1971 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedGetErrorSourceInfo + 72                                                          fffff807767a1978 5 bytes {CALL 0xfffffffffd0cffe8}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\PSHED.dll!PshedSetErrorSourceInfo + 26                                                          fffff807767a1a0a 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedSetErrorSourceInfo + 33                                                          fffff807767a1a11 5 bytes {CALL 0xfffffffffd39ba0f}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\PSHED.dll!PshedEnableErrorSource + 47                                                           fffff807767a1aef 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedEnableErrorSource + 54                                                           fffff807767a1af6 5 bytes {CALL 0xfffffffffd0cfe6a}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\PSHED.dll!PshedDisableErrorSource + 75                                                          fffff807767a1bcb 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedDisableErrorSource + 82                                                          fffff807767a1bd2 5 bytes {CALL 0xfffffffffd0cfd8e}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\PSHED.dll!PshedGetInjectionCapabilities + 139                                                   fffff807767a1cdb 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedGetInjectionCapabilities + 146                                                   fffff807767a1ce2 5 bytes {CALL 0xfffffffffd0cfc7e}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\PSHED.dll!PshedInjectError + 325                                                                fffff807767a1eb5 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedInjectError + 332                                                                fffff807767a1ebc 5 bytes {CALL 0xfffffffffd1f23d4}
.text    C:\Windows\system32\PSHED.dll!PshedMarkHiberPhase + 29                                                              fffff807767a1f0d 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedMarkHiberPhase + 36                                                              fffff807767a1f14 5 bytes {CALL 0xfffffffffd1b8d7c}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\PSHED.dll!PshedGetBootErrorPacket + 88                                                          fffff807767a23d8 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedGetBootErrorPacket + 95                                                          fffff807767a23df 5 bytes {CALL 0xfffffffffd3c7c31}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\PSHED.dll!PshedIsSystemWheaEnabled + 522                                                        fffff807767a288a 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedIsSystemWheaEnabled + 529                                                        fffff807767a2891 5 bytes {CALL 0xfffffffffd10d77f}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\PSHED.dll!PshedSynchronizeExecution + 78                                                        fffff807767a2a1e 2 bytes [4C, 8B]
.text    C:\Windows\system32\PSHED.dll!PshedSynchronizeExecution + 85                                                        fffff807767a2a25 5 bytes {CALL 0xfffffffffd09b12b}
PAGE     C:\Windows\system32\PSHED.dll!PshedGetAllErrorSources + 58                                                          fffff807767ac04a 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\PSHED.dll!PshedGetAllErrorSources + 65                                                          fffff807767ac051 5 bytes {CALL 0xfffffffffd08e36f}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\system32\PSHED.dll!PshedRegisterPlugin + 166                                                             fffff807767ac276 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\PSHED.dll!PshedRegisterPlugin + 173                                                             fffff807767ac27d 5 bytes {CALL 0xfffffffffd091923}
PAGE     ...                                                                                                                 * 10
PAGE     C:\Windows\system32\PSHED.dll!PshedUnregisterPlugin + 27                                                            fffff807767ac65b 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\PSHED.dll!PshedUnregisterPlugin + 34                                                            fffff807767ac662 5 bytes {CALL 0xfffffffffd09153e}
PAGE     ...                                                                                                                 * 8
PAGE     C:\Windows\system32\PSHED.dll!PshedAllocateMemory + 17                                                              fffff807767ac6f1 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\PSHED.dll!PshedAllocateMemory + 24                                                              fffff807767ac6f8 5 bytes {CALL 0xfffffffffd3bd918}
PAGE     C:\Windows\system32\PSHED.dll!PshedFreeMemory + 9                                                                   fffff807767ac719 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\PSHED.dll!PshedFreeMemory + 16                                                                  fffff807767ac720 5 bytes {CALL 0xfffffffffd3bd980}
PAGE     C:\Windows\System32\drivers\cmimcext.sys!CmCompleteInitMachineConfig + 325                                          fffff80776967175 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\cmimcext.sys!CmCompleteInitMachineConfig + 332                                          fffff8077696717c 5 bytes {CALL 0xfffffffffd055784}
PAGE     C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationLoad + 76                                            fffff8077697606c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationLoad + 83                                            fffff80776976073 5 bytes {CALL 0xfffffffffd4546ed}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationUnload + 76                                          fffff8077697618c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\ntosext.sys!ExpMicrocodeInformationUnload + 83                                          fffff80776976193 5 bytes {CALL 0xfffffffffd4545cd}
.text    C:\Windows\system32\drivers\WDFLDR.SYS!DllInitialize + 139                                                          fffff8077698149b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WDFLDR.SYS!DllInitialize + 146                                                          fffff807769814a2 5 bytes {CALL 0xfffffffffd55041e}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBindClass + 67                                                     fffff80776981643 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBindClass + 74                                                     fffff8077698164a 5 bytes {CALL 0xfffffffffd1e89c6}
.text    ...                                                                                                                 * 24
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrDiagnosticsValueByNameAsULONG + 131                                    fffff80776981ed3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrDiagnosticsValueByNameAsULONG + 138                                    fffff80776981eda 5 bytes {CALL 0xfffffffffd037236}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\WDFLDR.SYS!DllUnload + 33                                                               fffff807769860f1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WDFLDR.SYS!DllUnload + 40                                                               fffff807769860f8 5 bytes {CALL 0xfffffffffcf9caf8}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrQueryInterface + 43                                                    fffff807769862eb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfLdrQueryInterface + 50                                                    fffff807769862f2 5 bytes {CALL 0xfffffffffd03ec2e}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbindClass + 68                                                   fffff80776986414 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbindClass + 75                                                   fffff8077698641b 5 bytes {CALL 0xfffffffffcf9c7d5}
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfRegisterLibrary + 157                                                     fffff8077698d0ad 6 bytes {CALL 0x61f3}
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfRegisterLibrary + 266                                                     fffff8077698d11a 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfRegisterClassLibrary + 205                                                fffff8077698d30d 6 bytes {CALL 0x5f93}
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBind + 208                                                         fffff8077698d480 6 bytes {CALL 0x5e20}
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionBind + 398                                                         fffff8077698d53e 6 bytes {CALL 0x5d62}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbind + 37                                                        fffff8077698dc15 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\drivers\WDFLDR.SYS!WdfVersionUnbind + 44                                                        fffff8077698dc1c 5 bytes {CALL 0xfffffffffcf94fd4}
.text    C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStart + 114                                                   fffff807769b18d2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStart + 121                                                   fffff807769b18d9 5 bytes {CALL 0xfffffffffd51ffe7}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStop + 80                                                     fffff807769b1da0 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!WppAutoLogStop + 87                                                     fffff807769b1da7 5 bytes {CALL 0xfffffffffcfc8b69}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderConfigure + 97                                           fffff807769b2131 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderConfigure + 104                                          fffff807769b2138 5 bytes {CALL 0xfffffffffce88288}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDelete + 58                                           fffff807769b241a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDelete + 65                                           fffff807769b2421 5 bytes {CALL 0xfffffffffcfc84ef}
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDumpLiveData + 185                                    fffff807769b2619 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderLogDumpLiveData + 192                                    fffff807769b2620 5 bytes {CALL 0xfffffffffd1b79f0}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderReplay + 79                                              fffff807769b348f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!imp_WppRecorderReplay + 86                                              fffff807769b3496 5 bytes {CALL 0xfffffffffce86f2a}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\WppRecorder.sys!DllInitialize + 212                                                     fffff807769b39a4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!DllInitialize + 219                                                     fffff807769b39ab 5 bytes {CALL 0xfffffffffcee8195}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\WppRecorder.sys!DllUnload + 86                                                          fffff807769b3cd6 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\WppRecorder.sys!DllUnload + 93                                                          fffff807769b3cdd 5 bytes {CALL 0xfffffffffd1b63c3}
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Initialize + 100                                  fffff807769a2154 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Initialize + 107                                  fffff807769a215b 5 bytes {CALL 0xfffffffffcf07ca5}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Uninitialize + 130                                fffff807769a2692 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_Uninitialize + 137                                fffff807769a2699 5 bytes {CALL 0xfffffffffcf07767}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_RegisterComponentEx + 172                         fffff807769a2f5c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_RegisterComponentEx + 179                         fffff807769a2f63 5 bytes {CALL 0xfffffffffd1c70ad}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UnregisterComponent + 126                         fffff807769a324e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UnregisterComponent + 133                         fffff807769a3255 5 bytes {CALL 0xfffffffffcf06bab}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentActive + 43                              fffff807769a342b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentActive + 50                              fffff807769a3432 5 bytes {CALL 0xfffffffffcf069ce}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentInactive + 48                            fffff807769a3520 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ComponentInactive + 55                            fffff807769a3527 5 bytes {CALL 0xfffffffffcf068d9}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_AcquireComponentLock + 38                         fffff807769a35d6 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_AcquireComponentLock + 45                         fffff807769a35dd 5 bytes {CALL 0xfffffffffcf06823}
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ReleaseComponentLock + 31                         fffff807769a361f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ReleaseComponentLock + 38                         fffff807769a3626 5 bytes {CALL 0xfffffffffcf0656a}
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UpdateFriendlyName + 142                          fffff807769a36ce 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_UpdateFriendlyName + 149                          fffff807769a36d5 5 bytes {CALL 0xfffffffffd1c693b}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ResetComponentsStartTime + 43                     fffff807769a384b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_ResetComponentsStartTime + 50                     fffff807769a3852 5 bytes {CALL 0xfffffffffcf065ae}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_GetPdoFriendlyName + 327                          fffff807769a4607 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!SleepstudyHelper_GetPdoFriendlyName + 334                          fffff807769a460e 5 bytes {CALL 0xfffffffffd1c5a92}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!DllInitialize + 101                                                fffff807769a4a25 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!DllInitialize + 108                                                fffff807769a4a2c 5 bytes {CALL 0xfffffffffcef7114}
.text    C:\Windows\system32\drivers\SleepStudyHelper.sys!DllUnload + 272                                                    fffff807769a4b60 5 bytes JMP fffff807769af2e0
.text    C:\Windows\System32\drivers\WMILIB.SYS!WmiCompleteRequest + 169                                                     fffff80776dc10b9 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\WMILIB.SYS!WmiCompleteRequest + 176                                                     fffff80776dc10c0 5 bytes {CALL 0xfffffffffca85a90}
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\WMILIB.SYS!WmiFireEvent + 69                                                            fffff80776dc15b5 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\WMILIB.SYS!WmiFireEvent + 76                                                            fffff80776dc15bc 5 bytes {CALL 0xfffffffffcda8a54}
PAGE     C:\Windows\System32\drivers\WMILIB.SYS!WmiSystemControl + 281                                                       fffff80776dc6129 5 bytes {CALL 0x5f97}
PAGE     C:\Windows\System32\drivers\WMILIB.SYS!WmiSystemControl + 386                                                       fffff80776dc6192 6 bytes {CALL 0x610e}
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoAlloc + 93                                                          fffff807778b11ad 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoAlloc + 100                                                         fffff807778b11b4 5 bytes {CALL 0xfffffffffc11356c}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoDestroyIfUnused + 181                                               fffff807778b1315 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoDestroyIfUnused + 188                                               fffff807778b131c 5 bytes {CALL 0xfffffffffc055864}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferAndNetBufferListChain + 36                              fffff807778b13b4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferAndNetBufferListChain + 43                              fffff807778b13bb 5 bytes {CALL 0xffffffffffe8c775}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeMdl + 111                                                            fffff807778b14cf 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeMdl + 118                                                            fffff807778b14d6 5 bytes {CALL 0xfffffffffc0556aa}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCopyNetBufferListChain + 140                                     fffff807778b15ac 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCopyNetBufferListChain + 147                                     fffff807778b15b3 5 bytes {CALL 0xffffffffffe8c57d}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpFree + 100                                                                 fffff807778b16e4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpFree + 107                                                                 fffff807778b16eb 5 bytes {CALL 0xfffffffffc113075}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateMdl + 84                                                         fffff807778b18f4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateMdl + 91                                                         fffff807778b18fb 5 bytes {CALL 0xfffffffffbfb4d05}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdDiagnoseEvent + 256                                                        fffff807778b2020 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdDiagnoseEvent + 263                                                        fffff807778b2027 5 bytes {CALL 0xfffffffffbf8e4d9}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdIsDiagnoseEventEnabled + 58                                                fffff807778b23ca 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdIsDiagnoseEventEnabled + 65                                                fffff807778b23d1 5 bytes {CALL 0xfffffffffbf8e12f}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferAndNetBufferList + 52                       fffff807778b2924 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferAndNetBufferList + 59                       fffff807778b292b 5 bytes {CALL 0xffffffffffe8a3f5}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferListChain + 235                                      fffff807778b2e2b 6 bytes {CALL 0x91475}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferListChain + 297                                      fffff807778b2e69 6 bytes {CALL 0x91437}
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdReleaseTerminatingFilters + 167                                            fffff807778b3f47 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdReleaseTerminatingFilters + 174                                            fffff807778b3f4e 5 bytes {CALL 0xfffffffffc2b6152}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleNotifyFlowDeletion + 123                                                fffff807778b405b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleNotifyFlowDeletion + 130                                                fffff807778b4062 5 bytes {CALL 0xfffffffffbfb5d7e}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleRemoveFlowContextTable + 151                                            fffff807778b42e7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleRemoveFlowContextTable + 158                                            fffff807778b42ee 5 bytes {CALL 0xfffffffffbf8a012}
.text    ...                                                                                                                 * 28
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlow + 193                                                fffff807778b4831 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlow + 200                                                fffff807778b4838 5 bytes {CALL 0xfffffffffbfb55a8}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectDisconnect + 306                                              fffff807778b4b32 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectDisconnect + 313                                              fffff807778b4b39 5 bytes {CALL 0xfffffffffc052047}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdIsLayerEmpty + 234                                                         fffff807778b4dda 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdIsLayerEmpty + 241                                                         fffff807778b4de1 5 bytes {CALL 0xfffffffffc10f93f}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectRemoteDisconnect + 298                                        fffff807778b50ba 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectRemoteDisconnect + 305                                        fffff807778b50c1 5 bytes {CALL 0xfffffffffc051abf}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferList + 177                                           fffff807778b51e1 6 bytes {CALL 0x8f0bf}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioDereferenceNetBufferList + 250                                           fffff807778b522a 6 bytes {CALL 0x8f076}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdEnumLayer + 89                                                             fffff807778b5369 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdEnumLayer + 96                                                             fffff807778b5370 5 bytes {CALL 0xffffffffffe89340}
.text    ...                                                                                                                 * 12
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlowFast + 148                                           fffff807778b5784 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlowFast + 155                                           fffff807778b578b 5 bytes {CALL 0xffffffffffe88865}
.text    ...                                                                                                                 * 12
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireEndpointContextFromFlow + 100                                    fffff807778b5a34 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireEndpointContextFromFlow + 107                                    fffff807778b5a3b 5 bytes {CALL 0xfffffffffbf888c5}
.text    ...                                                                                                                 * 21
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInsertWorkQueue + 39                                                     fffff807778b5dd7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInsertWorkQueue + 46                                                     fffff807778b5dde 5 bytes {CALL 0xfffffffffbf88522}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoInit + 78                                                           fffff807778b5e9e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoInit + 85                                                           fffff807778b5ea5 5 bytes {CALL 0xfffffffffc2b416b}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectSend + 216                                                    fffff807778b8708 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectSend + 223                                                    fffff807778b870f 5 bytes {CALL 0xfffffffffc10c011}
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectReceive + 231                                                 fffff807778b8b27 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStreamInspectReceive + 238                                                 fffff807778b8b2e 5 bytes {CALL 0xfffffffffc10bbf2}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdClassify + 236                                                             fffff807778b96dc 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdClassify + 243                                                             fffff807778b96e3 5 bytes {CALL 0xffffffffffe84fcd}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlow + 74                                                fffff807778bdd3a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpAssociateContextToFlow + 81                                                fffff807778bdd41 5 bytes {CALL 0xffffffffffe8096f}
.text    ...                                                                                                                 * 20
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiSetParameterEx + 327                                                       fffff807778be577 6 bytes {CALL 0x85d29}
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterChangeNotificationEx + 194                                       fffff807778be712 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterChangeNotificationEx + 201                                       fffff807778be719 5 bytes {CALL 0xfffffffffbf7bca7}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotificationEx + 229                                         fffff807778be9a5 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotificationEx + 236                                         fffff807778be9ac 5 bytes {CALL 0xfffffffffbf7ba14}
.text    ...                                                                                                                 * 23
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiEnumerateObjectsAllParametersEx + 252                                      fffff807778beedc 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiEnumerateObjectsAllParametersEx + 259                                      fffff807778beee3 5 bytes {CALL 0xfffffffffbfa771d}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetAllParametersEx + 200                                                   fffff807778bf668 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetAllParametersEx + 207                                                   fffff807778bf66f 5 bytes {CALL 0xfffffffffbfa6f91}
.text    ...                                                                                                                 * 6
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetParameterEx + 238                                                       fffff807778bf9ee 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetParameterEx + 245                                                       fffff807778bf9f5 5 bytes {CALL 0xfffffffffbfa6c0b}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData + 27                fffff807778c054b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData + 34                fffff807778c0552 5 bytes {CALL 0xffffffffffe7cb3e}
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbAllocateAtDpcLevel + 93                                                    fffff807778c06cd 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbAllocateAtDpcLevel + 100                                                   fffff807778c06d4 5 bytes {CALL 0xfffffffffc10404c}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToMdlIndirect + 409                                                 fffff807778c0bb9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToMdlIndirect + 416                                                 fffff807778c0bc0 5 bytes {CALL 0xfffffffffc104530}
.text    ...                                                                                                                 * 6
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListContext + 214                                     fffff807778c10a6 6 bytes {CALL 0x831fa}
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbFree + 98                                                                  fffff807778c1342 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbFree + 105                                                                 fffff807778c1349 5 bytes {CALL 0xfffffffffc103417}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbAllocate + 33                                                              fffff807778c1461 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbAllocate + 40                                                              fffff807778c1468 5 bytes {CALL 0xfffffffffbfa5198}
.text    ...                                                                                                                 * 20
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCopyNetBufferListEx + 66                             fffff807778c1952 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCopyNetBufferListEx + 73                             fffff807778c1959 5 bytes {CALL 0xffffffffffe7b3c7}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheAcceptBypass + 95                                             fffff807778c1b6f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheAcceptBypass + 102                                            fffff807778c1b76 5 bytes {CALL 0xffffffffffe7cb3a}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAcceptBypass + 90                                                     fffff807778c24ea 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAcceptBypass + 97                                                     fffff807778c24f1 5 bytes {CALL 0xffffffffffe7c1bf}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListAndFirstNetBufferContext + 179                    fffff807778c2893 6 bytes {CALL 0x81a0d}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireFlowHandleForFlow + 351                                          fffff807778c2a2f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleAcquireFlowHandleForFlow + 358                                          fffff807778c2a36 5 bytes {CALL 0xfffffffffbf7b8ca}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferAndNetBufferList + 4                                        fffff807778c2db4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferAndNetBufferList + 11                                       fffff807778c2dbb 5 bytes {CALL 0xffffffffffe7ad75}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdClassify2 + 212                                                            fffff807778c2ec4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdClassify2 + 219                                                            fffff807778c2ecb 5 bytes {CALL 0xfffffffffbfa3735}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!PtGetLongestMatch + 79                                                        fffff807778c30bf 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtGetLongestMatch + 86                                                        fffff807778c30c6 5 bytes {CALL 0xfffffffffc101e5a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckOffloadFastLayers + 316                                               fffff807778c32ec 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckOffloadFastLayers + 323                                               fffff807778c32f3 5 bytes {CALL 0xffffffffffe7b3bd}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferListEx + 54                            fffff807778c3736 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferListEx + 61                            fffff807778c373d 5 bytes {CALL 0xffffffffffe78d53}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!PtEnumOverTable + 133                                                         fffff807778c3a65 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtEnumOverTable + 140                                                         fffff807778c3a6c 5 bytes {CALL 0xfffffffffc1014b4}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!PtGetExactMatch + 80                                                          fffff807778c3d10 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtGetExactMatch + 87                                                          fffff807778c3d17 5 bytes {CALL 0xfffffffffc101209}
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToBuffer + 212                                                      fffff807778c3f74 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCopyMdlToBuffer + 219                                                      fffff807778c3f7b 5 bytes {CALL 0xfffffffffbf5bb75}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAdvanceNetBufferList + 75                                                fffff807778c402b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAdvanceNetBufferList + 82                                                fffff807778c4032 5 bytes {CALL 0xffffffffffe7b7fe}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAuditEvent + 99                                                            fffff807778c40a3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAuditEvent + 106                                                           fffff807778c40aa 5 bytes {CALL 0xfffffffffbfa5d36}
.text    ...                                                                                                                 * 23
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBufferList + 56                                                fffff807778c4498 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBufferList + 63                                                fffff807778c449f 5 bytes {CALL 0xffffffffffe7b401}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowTable + 117                                               fffff807778c4565 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowTable + 124                                               fffff807778c456c 5 bytes {CALL 0xfffffffffbf79d94}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheConnectBypass + 337                                           fffff807778c47a1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckAndCacheConnectBypass + 344                                           fffff807778c47a8 5 bytes {CALL 0xfffffffffc2a5868}
.text    ...                                                                                                                 * 22
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckConnectBypass + 79                                                    fffff807778c4abf 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdCheckConnectBypass + 86                                                    fffff807778c4ac6 5 bytes {CALL 0xffffffffffe79bea}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoCleanup + 77                                                        fffff807778c4e2d 6 bytes {CALL 0x7f473}
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppCopyStreamDataToBuffer + 292                                              fffff807778c4f94 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppCopyStreamDataToBuffer + 299                                              fffff807778c4f9b 5 bytes {CALL 0xfffffffffbf5ab55}
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppStreamDeleteDpcQueue + 55                                                 fffff807778c4ff7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppStreamDeleteDpcQueue + 62                                                 fffff807778c4ffe 5 bytes {CALL 0xfffffffffc041b82}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCloneNetBufferList + 6                                               fffff807778c5056 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCloneNetBufferList + 13                                              fffff807778c505d 5 bytes {CALL 0xffffffffffe7d223}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdGetNextFilter + 368                                                        fffff807778c5250 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdGetNextFilter + 375                                                        fffff807778c5257 5 bytes {CALL 0xfffffffffc041929}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpFreeReassemblyContext + 9                                                  fffff807778c5b89 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpFreeReassemblyContext + 16                                                 fffff807778c5b90 5 bytes {CALL 0xffffffffffe77fa0}
.text    ...                                                                                                                 * 12
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTlObjectRequest + 114                                                 fffff807778c5d72 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTlObjectRequest + 121                                                 fffff807778c5d79 5 bytes {CALL 0xfffffffffc2a4327}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastActiveReferenceRequest + 27                                       fffff807778c5eab 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastActiveReferenceRequest + 34                                       fffff807778c5eb2 5 bytes {CALL 0xffffffffffe7bcbe}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdQueryEnumFilters + 77                                                 fffff807778c5fcd 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdQueryEnumFilters + 84                                                 fffff807778c5fd4 5 bytes {CALL 0xfffffffffbf7832c}
.text    ...                                                                                                                 * 16
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferList + 33                                   fffff807778c64f1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceNetBufferList + 40                                   fffff807778c64f8 5 bytes {CALL 0xffffffffffe76b98}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferListChain + 41                                          fffff807778c65f9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteNetBufferListChain + 48                                          fffff807778c6600 5 bytes {CALL 0xffffffffffe77530}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBuffer + 20                                                   fffff807778c6a84 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBuffer + 27                                                   fffff807778c6a8b 5 bytes {CALL 0xffffffffffe83a65}
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToAlias + 320                                             fffff807778c6e90 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToAlias + 327                                             fffff807778c6e97 5 bytes {CALL 0xfffffffffc0d2e99}
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceEntry + 807                                             fffff807778c7217 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceEntry + 814                                             fffff807778c721e 5 bytes {CALL 0xfffffffffbfa2bc2}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmActiveReferenceRequest + 249                                          fffff807778c7509 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmActiveReferenceRequest + 256                                          fffff807778c7510 5 bytes {CALL 0xfffffffffbf69800}
.text    ...                                                                                                                 * 21
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdCommitTransaction + 360                                               fffff807778c8b18 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdCommitTransaction + 367                                               fffff807778c8b1f 5 bytes {CALL 0xffffffffffe78231}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBatchUpdate + 104                                                     fffff807778ca298 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBatchUpdate + 111                                                     fffff807778ca29f 5 bytes {CALL 0xfffffffffc052b21}
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToGuid + 222                                              fffff807778cbc7e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToGuid + 229                                              fffff807778cbc85 5 bytes {CALL 0xfffffffffc29e38b}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!FreeMibTable + 9                                                              fffff807778cc019 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FreeMibTable + 16                                                             fffff807778cc020 5 bytes {CALL 0xfffffffffc29e080}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiSetAllParametersEx + 285                                                   fffff807778cc47d 6 bytes {CALL 0x77e23}
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCopyBufferToMdl + 162                                                      fffff807778cc6a2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCopyBufferToMdl + 169                                                      fffff807778cc6a9 5 bytes {CALL 0xfffffffffbf53447}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCloneNetBufferListChain + 37                                     fffff807778cc855 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCompleteCloneNetBufferListChain + 44                                     fffff807778cc85c 1 byte [E8]
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!PtGetNextShorterMatch + 129                                                   fffff807778cc951 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtGetNextShorterMatch + 136                                                   fffff807778cc958 5 bytes {CALL 0xfffffffffbf659c8}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferList + 201                             fffff807778ccbb9 6 bytes {CALL 0x776e7}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceCloneNetBufferList + 292                             fffff807778ccc14 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiFreeTable + 31                                                             fffff807778ccd7f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiFreeTable + 38                                                             fffff807778ccd86 5 bytes {CALL 0xfffffffffc29d31a}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!GetUnicastIpAddressTable + 537                                                fffff807778cd0a9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetUnicastIpAddressTable + 544                                                fffff807778cd0b0 5 bytes {CALL 0xfffffffffc29cf60}
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiAllocateAndGetTable + 190                                                  fffff807778cd5de 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiAllocateAndGetTable + 197                                                  fffff807778cd5e5 5 bytes {CALL 0xfffffffffbf64d3b}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndData + 15                                         fffff807778cd7ff 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndData + 22                                         fffff807778cd806 5 bytes {CALL 0xffffffffffe6f23a}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBuffer + 4                                                        fffff807778cd864 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBuffer + 11                                                       fffff807778cd86b 5 bytes {CALL 0xffffffffffe71205}
.text    ...                                                                                                                 * 23
.text    C:\Windows\system32\drivers\NETIO.SYS!CreateSortedAddressPairs + 134                                                fffff807778ced76 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!CreateSortedAddressPairs + 141                                                fffff807778ced7d 5 bytes {CALL 0xfffffffffc29b293}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdDeleteCalloutEntry + 34                                                    fffff807778cf042 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdDeleteCalloutEntry + 41                                                    fffff807778cf049 5 bytes {CALL 0xfffffffffc04dd77}
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdDeleteIndex + 60                                                      fffff807778cf2ac 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdDeleteIndex + 67                                                      fffff807778cf2b3 5 bytes {CALL 0xfffffffffc04db0d}
.text    C:\Windows\system32\drivers\NETIO.SYS!CancelMibChangeNotify2 + 106                                                  fffff807778cf39a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!CancelMibChangeNotify2 + 113                                                  fffff807778cf3a1 5 bytes {CALL 0xfffffffffc29acff}
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterChangeNotification + 409                                         fffff807778cf559 6 bytes {CALL 0x74d47}
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddIndex + 71                                                         fffff807778cf607 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddIndex + 78                                                         fffff807778cf60e 5 bytes {CALL 0xfffffffffc04d7b2}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAddCalloutEntry + 92                                                       fffff807778cfa4c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAddCalloutEntry + 99                                                       fffff807778cfa53 5 bytes {CALL 0xfffffffffc04d36d}
.text    ...                                                                                                                 * 16
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyUnicastIpAddressChange + 89                                             fffff807778cffa9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyUnicastIpAddressChange + 96                                             fffff807778cffb0 5 bytes {CALL 0xfffffffffc29a060}
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotification + 426                                           fffff807778d02da 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiRegisterChangeNotification + 433                                           fffff807778d02e1 5 bytes {CALL 0xfffffffffc53bc9f}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddCache + 89                                                         fffff807778d0cb9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAddCache + 96                                                         fffff807778d0cc0 5 bytes {CALL 0xfffffffffc2993e0}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowHandles + 13                                              fffff807778d136d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleInitializeFlowHandles + 20                                              fffff807778d1374 5 bytes {CALL 0xfffffffffbfca7cc}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!GetIfTable2 + 103                                                             fffff807778d1447 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetIfTable2 + 110                                                             fffff807778d144e 5 bytes {CALL 0xfffffffffbf6c702}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStart + 56                                                            fffff807778d1788 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStart + 63                                                            fffff807778d178f 5 bytes {CALL 0xfffffffffbf6c3c1}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmInitializeState + 73                                                  fffff807778d1c59 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmInitializeState + 80                                                  fffff807778d1c60 5 bytes {CALL 0xfffffffffc0a0fe0}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCloseKey + 17                                                            fffff807778d20c1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCloseKey + 24                                                            fffff807778d20c8 5 bytes {CALL 0xfffffffffc0e6fe8}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioOpenKey + 57                                                             fffff807778d25f9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioOpenKey + 64                                                             fffff807778d2600 5 bytes {CALL 0xfffffffffbf6b550}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncInterface + 131                                                   fffff807778d26e3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncInterface + 138                                                   fffff807778d26ea 5 bytes {CALL 0xfffffffffc539896}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncQueryAndUpdateKeyValue + 55                                       fffff807778d2867 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncQueryAndUpdateKeyValue + 62                                       fffff807778d286e 5 bytes {CALL 0xfffffffffc2977a2}
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioQueryValueKey + 81                                                       fffff807778d29f1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioQueryValueKey + 88                                                       fffff807778d29f8 5 bytes {CALL 0xfffffffffbf6b158}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitNetworkRegistry + 52                                                 fffff807778d2cf4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitNetworkRegistry + 59                                                 fffff807778d2cfb 5 bytes {CALL 0xfffffffffc607875}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegisterProcessorAddCallback + 72                                        fffff807778d2d78 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegisterProcessorAddCallback + 79                                        fffff807778d2d7f 5 bytes {CALL 0xfffffffffbf6add1}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListLibrary + 56                                      fffff807778d2e58 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeNetBufferListLibrary + 63                                      fffff807778d2e5f 5 bytes {CALL 0xfffffffffbfd6fa1}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStartStreamShim + 178                                                      fffff807778d3082 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpStartStreamShim + 185                                                      fffff807778d3089 5 bytes {CALL 0xfffffffffc88a4a7}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeFlowsManager + 59                                              fffff807778d322b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeFlowsManager + 66                                              fffff807778d3232 5 bytes {CALL 0xfffffffffc07f72e}
.text    ...                                                                                                                 * 21
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpCreatePool + 45                                                            fffff807778d397d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpCreatePool + 52                                                            fffff807778d3984 5 bytes {CALL 0xfffffffffbfdbc9c}
.text    ...                                                                                                                 * 14
.text    C:\Windows\system32\drivers\NETIO.SYS!WskRegister + 50                                                              fffff807778d3ca2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WskRegister + 57                                                              fffff807778d3ca9 5 bytes {CALL 0xfffffffffc296367}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrRegisterProvider + 185                                                     fffff807778d3fd9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrRegisterProvider + 192                                                     fffff807778d3fe0 5 bytes {CALL 0xfffffffffc296030}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeToeplitzHash + 92                                                fffff807778d4aec 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeToeplitzHash + 99                                                fffff807778d4af3 5 bytes {CALL 0xfffffffffc29551d}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlReinitializeToeplitzHash + 607                                             fffff807778d4dbf 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlReinitializeToeplitzHash + 614                                             fffff807778d4dc6 5 bytes {CALL 0xfffffffffbf72bea}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmGetAllNotificationChannelContextParameters + 78                       fffff807778d4e3e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmGetAllNotificationChannelContextParameters + 85                       fffff807778d4e45 3 bytes [E8, 06, 63]
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetModuleHandle + 121                                                      fffff807778d50a9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetModuleHandle + 128                                                      fffff807778d50b0 5 bytes {CALL 0xfffffffffc294f60}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiSetObjectSecurity + 66                                                     fffff807778d5352 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiSetObjectSecurity + 73                                                     fffff807778d5359 5 bytes {CALL 0xfffffffffc5077f7}
.text    ...                                                                                                                 * 20
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrClientAttachProvider + 102                                                 fffff807778d5746 6 bytes {CALL 0x6eb5a}
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrClientAttachProvider + 301                                                 fffff807778d580d 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 10
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbCreatePool + 51                                                            fffff807778d5e43 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbCreatePool + 58                                                            fffff807778d5e4a 5 bytes {CALL 0xfffffffffbfd97d6}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!PtInsertEntry + 303                                                           fffff807778d65ef 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtInsertEntry + 310                                                           fffff807778d65f6 5 bytes {CALL 0xfffffffffc293a1a}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeWorkQueue + 46                                                 fffff807778d6a3e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioInitializeWorkQueue + 53                                                 fffff807778d6a45 5 bytes {CALL 0xfffffffffbfc50fb}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpInitializeLeastRecentlyUsedList + 303                                      fffff807778d6bef 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpInitializeLeastRecentlyUsedList + 310                                      fffff807778d6bf6 5 bytes {CALL 0xfffffffffbfc4f4a}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateOpaquePerProcessorContext + 64                                   fffff807778d6d60 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateOpaquePerProcessorContext + 71                                   fffff807778d6d67 5 bytes {CALL 0xfffffffffc2932a9}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndInitializeStackBlock + 35                                     fffff807778d6e03 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndInitializeStackBlock + 42                                     fffff807778d6e0a 5 bytes {CALL 0xfffffffffbfd8816}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\drivers\NETIO.SYS!HfCreateFactory + 29                                                          fffff807778d703d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!HfCreateFactory + 36                                                          fffff807778d7044 5 bytes {CALL 0xfffffffffc292fcc}
.text    ...                                                                                                                 * 20
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncDefaultChangeHandler + 117                                        fffff807778d7d95 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRegSyncDefaultChangeHandler + 124                                        fffff807778d7d9c 1 byte [E8]
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterRscIncompatCalloutNotify + 117                                     fffff807778d8535 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterRscIncompatCalloutNotify + 124                                     fffff807778d853c 5 bytes {CALL 0xfffffffffbf918a4}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceCompartmentId + 128                                               fffff807778d8650 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceCompartmentId + 135                                               fffff807778d8657 5 bytes {CALL 0xfffffffffc2919b9}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterUsoIncompatCalloutNotify + 98                                      fffff807778d8792 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterUsoIncompatCalloutNotify + 105                                     fffff807778d8799 5 bytes {CALL 0xfffffffffbf91647}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferListNetBufferMdlAndDataPool + 60                        fffff807778d882c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferListNetBufferMdlAndDataPool + 67                        fffff807778d8833 5 bytes {CALL 0xffffffffffe7fd9d}
.text    C:\Windows\system32\drivers\NETIO.SYS!PtCreateTable + 40                                                            fffff807778d8878 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtCreateTable + 47                                                            fffff807778d887f 5 bytes {CALL 0xfffffffffc291791}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdSetBfeEngineSd + 185                                                  fffff807778d8a39 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdSetBfeEngineSd + 192                                                  fffff807778d8a40 5 bytes {CALL 0xfffffffffbf658c0}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndDataPool + 47                                     fffff807778d8d6f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateNetBufferMdlAndDataPool + 54                                     fffff807778d8d76 5 bytes {CALL 0xffffffffffe9414a}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdFreeEnumHandle + 50                                                        fffff807778d8ea2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdFreeEnumHandle + 57                                                        fffff807778d8ea9 5 bytes {CALL 0xfffffffffbfc2c97}
.text    C:\Windows\system32\drivers\NETIO.SYS!FeGetWfpGlobalPtr + 109                                                       fffff807778d8f3d 3 bytes [4C, 8B, 15]
.text    C:\Windows\system32\drivers\NETIO.SYS!FeGetWfpGlobalPtr + 116                                                       fffff807778d8f44 5 bytes JMP fffff80773999140
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceFragmentNetBufferList + 60                           fffff807778eab1c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceFragmentNetBufferList + 67                           fffff807778eab23 5 bytes {CALL 0xffffffffffebf42d}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceReassembledNetBufferList + 43                        fffff807778eabfb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceReassembledNetBufferList + 50                        fffff807778eac02 5 bytes {CALL 0xffffffffffebf77e}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceVacantNetBufferListEx + 47                           fffff807778eacff 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAllocateAndReferenceVacantNetBufferListEx + 54                           fffff807778ead06 5 bytes {CALL 0xffffffffffe5238a}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCopyNetBufferList + 25                                               fffff807778eaf59 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeCopyNetBufferList + 32                                               fffff807778eaf60 5 bytes {CALL 0xffffffffffe52bd0}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferListNetBufferMdlAndDataPool + 4                             fffff807778eaf84 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferListNetBufferMdlAndDataPool + 11                            fffff807778eaf8b 5 bytes {CALL 0xffffffffffe669d5}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferMdlAndDataPool + 4                                          fffff807778eafa4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeNetBufferMdlAndDataPool + 11                                         fffff807778eafab 5 bytes {CALL 0xffffffffffebf7f5}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBuffer + 33                                                    fffff807778eb021 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRetreatNetBuffer + 40                                                    fffff807778eb028 5 bytes {CALL 0xffffffffffe54878}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeNetBufferListLibrary + 13                                    fffff807778eb04d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeNetBufferListLibrary + 20                                    fffff807778eb054 5 bytes {CALL 0xfffffffffbfbedac}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioValidateNetBufferList + 136                                              fffff807778eb1a8 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioValidateNetBufferList + 143                                              fffff807778eb1af 5 bytes {CALL 0xffffffffffebf5f1}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioAssociateQoSFlowWithNbl + 58                                             fffff807778eb57a 6 bytes {CALL 0x58d26}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreateQoSFlow + 123                                                      fffff807778eb61b 6 bytes {CALL 0x58c85}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioDeleteQoSFlow + 52                                                       fffff807778eb684 6 bytes {CALL 0x58c1c}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioGetStatsForQoSFlow + 113                                                 fffff807778eb721 6 bytes {CALL 0x58b7f}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioQueryNetBufferListTrafficClass + 75                                      fffff807778eb7bb 6 bytes {CALL 0x58ae5}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioQueryNetBufferListTrafficClass + 248                                     fffff807778eb868 2 bytes [E8, 33]
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhClampMssOnTcpPkt + 67                                                  fffff807778eba23 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhClampMssOnTcpPkt + 74                                                  fffff807778eba2a 5 bytes {CALL 0xffffffffffe526a6}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhGetIpUlProtocol + 66                                                   fffff807778ebcc2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhGetIpUlProtocol + 73                                                   fffff807778ebcc9 5 bytes {CALL 0xffffffffffe52407}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhIsIcmpErrorForIcmpMessage + 166                                        fffff807778ebdc6 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhIsIcmpErrorForIcmpMessage + 173                                        fffff807778ebdcd 5 bytes {CALL 0xffffffffffe52303}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipIpv6ExtHdr + 66                                                    fffff807778ebe52 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipIpv6ExtHdr + 73                                                    fffff807778ebe59 5 bytes {CALL 0xffffffffffe52277}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipToTransHdr + 71                                                    fffff807778ebef7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPhSkipToTransHdr + 78                                                    fffff807778ebefe 5 bytes {CALL 0xffffffffffe521d2}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbDestroyPool + 23                                                           fffff807778ec0e7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FsbDestroyPool + 30                                                           fffff807778ec0ee 5 bytes {CALL 0xfffffffffbfc3532}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!HfDestroyFactory + 30                                                         fffff807778ec1ce 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!HfDestroyFactory + 37                                                         fffff807778ec1d5 5 bytes {CALL 0xfffffffffc27decb}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!HfSuspendHandle32 + 162                                                       fffff807778ec332 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!HfSuspendHandle32 + 169                                                       fffff807778ec339 5 bytes {CALL 0xfffffffffc27dcd7}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpAllocate + 23                                                              fffff807778ecb67 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpAllocate + 30                                                              fffff807778ecb6e 5 bytes {CALL 0xfffffffffbf79a92}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpAllocateAtDpcLevel + 125                                                   fffff807778ecc2d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpAllocateAtDpcLevel + 132                                                   fffff807778ecc34 5 bytes {CALL 0xfffffffffc0d7aec}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpDestroyPool + 23                                                           fffff807778ecd17 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!MdpDestroyPool + 30                                                           fffff807778ecd1e 5 bytes {CALL 0xfffffffffbfc2902}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeOpaquePerProcessorContext + 31                                       fffff807778ecd9f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeOpaquePerProcessorContext + 38                                       fffff807778ecda6 5 bytes {CALL 0xfffffffffbfc287a}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioUnRegisterProcessorAddCallback + 18                                      fffff807778ece22 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioUnRegisterProcessorAddCallback + 25                                      fffff807778ece29 5 bytes {CALL 0xfffffffffc08f657}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlAllocateDummyMdlChain + 66                                                 fffff807778ecf22 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlAllocateDummyMdlChain + 73                                                 fffff807778ecf29 5 bytes {CALL 0xfffffffffbf44207}
.text    ...                                                                                                                 * 27
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlFreeDummyMdlChain + 29                                                     fffff807778ed4ed 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlFreeDummyMdlChain + 36                                                     fffff807778ed4f4 5 bytes {CALL 0xfffffffffbf5d22c}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCleanupToeplitzHash + 14                                                   fffff807778ed53e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlCleanupToeplitzHash + 21                                                   fffff807778ed545 5 bytes {CALL 0xfffffffffc27cb5b}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!CloseCompartment + 4                                                          fffff807778ed704 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!CloseCompartment + 11                                                         fffff807778ed70b 5 bytes {CALL 0xfffffffffc0cb9a5}
.text    C:\Windows\system32\drivers\NETIO.SYS!InitializeCompartmentEntry + 174                                              fffff807778eda7e 6 bytes {CALL 0x56822}
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyCompartmentChange + 53                                                  fffff807778edaf5 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyCompartmentChange + 60                                                  fffff807778edafc 5 bytes {CALL 0xfffffffffc27c514}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!OpenCompartment + 92                                                          fffff807778edc0c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!OpenCompartment + 99                                                          fffff807778edc13 5 bytes {CALL 0xfffffffffbf4ff3d}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceAliasToLuid + 262                                             fffff807778ee036 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceAliasToLuid + 269                                             fffff807778ee03d 5 bytes {CALL 0xfffffffffc0acad3}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToNameA + 95                                              fffff807778ee13f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceLuidToNameA + 102                                             fffff807778ee146 5 bytes {CALL 0xfffffffffbf4fa0a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidA + 147                                             fffff807778ee333 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidA + 154                                             fffff807778ee33a 5 bytes {CALL 0xfffffffffbfb5636}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidW + 147                                             fffff807778ee423 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!ConvertInterfaceNameToLuidW + 154                                             fffff807778ee42a 5 bytes {CALL 0xfffffffffc0ae506}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalFindInterfaceByAddress + 196                                          fffff807778eecc4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalFindInterfaceByAddress + 203                                          fffff807778eeccb 5 bytes {CALL 0xfffffffffc27b3d5}
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalSetUnicastIpAddressEntry + 907                                        fffff807778ef3fb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalSetUnicastIpAddressEntry + 914                                        fffff807778ef402 5 bytes {CALL 0xfffffffffc27ac0e}
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetForwardIpTable2 + 489                                              fffff807778efd19 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetForwardIpTable2 + 496                                              fffff807778efd20 5 bytes {CALL 0xfffffffffc27a2f0}
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalSetIpForwardEntry2 + 858                                              fffff807778f047a 6 bytes {CALL 0x53e26}
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyRouteChange2 + 54                                                       fffff807778f04e6 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyRouteChange2 + 61                                                       fffff807778f04ed 5 bytes {CALL 0xfffffffffc279b23}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpNetTable2 + 413                                                  fffff807778f0e3d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpNetTable2 + 420                                                  fffff807778f0e44 5 bytes {CALL 0xfffffffffc2791cc}
.text    C:\Windows\system32\drivers\NETIO.SYS!GetIpPathTable + 420                                                          fffff807778f19f4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetIpPathTable + 427                                                          fffff807778f19fb 5 bytes {CALL 0xfffffffffc278615}
.text    C:\Windows\system32\drivers\NETIO.SYS!FreeDnsSettings + 29                                                          fffff807778f1b4d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FreeDnsSettings + 36                                                          fffff807778f1b54 5 bytes {CALL 0xfffffffffc27854c}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!FreeInterfaceDnsSettings + 33                                                 fffff807778f1bd1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FreeInterfaceDnsSettings + 40                                                 fffff807778f1bd8 5 bytes {CALL 0xfffffffffc2784c8}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!GetDnsSettings + 93                                                           fffff807778f1cad 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetDnsSettings + 100                                                          fffff807778f1cb4 5 bytes {CALL 0xfffffffffeda035c}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceDnsSettings + 127                                                 fffff807778f1dff 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetInterfaceDnsSettings + 134                                                 fffff807778f1e06 5 bytes {CALL 0xfffffffffeda020a}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!SetDnsSettings + 126                                                          fffff807778f1fae 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!SetDnsSettings + 133                                                          fffff807778f1fb5 5 bytes {CALL 0xfffffffffeda005b}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!SetInterfaceDnsSettings + 249                                                 fffff807778f2149 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!SetInterfaceDnsSettings + 256                                                 fffff807778f2150 5 bytes {CALL 0xfffffffffed9fec0}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!GetIfStackTable + 178                                                         fffff807778f25f2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!GetIfStackTable + 185                                                         fffff807778f25f9 5 bytes {CALL 0xfffffffffc277a17}
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceTable + 420                                             fffff807778f2c34 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalGetIpInterfaceTable + 427                                             fffff807778f2c3b 5 bytes {CALL 0xfffffffffc2773d5}
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalSetIpInterfaceEntry + 904                                             fffff807778f3128 6 bytes {CALL 0x51178}
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyIpInterfaceChange + 54                                                  fffff807778f3196 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyIpInterfaceChange + 61                                                  fffff807778f319d 5 bytes {CALL 0xfffffffffc276e73}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!InternalSetTeredoPort + 113                                                   fffff807778f3381 6 bytes {CALL 0x50f1f}
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyTeredoPortChange + 71                                                   fffff807778f33e7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NotifyTeredoPortChange + 78                                                   fffff807778f33ee 5 bytes {CALL 0xfffffffffc276c22}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeStackBlock + 40                                                      fffff807778f34a8 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFreeStackBlock + 47                                                      fffff807778f34af 5 bytes {CALL 0xfffffffffc62dbb1}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioStackBlockProcessorAddHandler + 62                                       fffff807778f352e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioStackBlockProcessorAddHandler + 69                                       fffff807778f3535 5 bytes {CALL 0xfffffffffc62db2b}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreateKey + 74                                                           fffff807778f365a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreateKey + 81                                                           fffff807778f3661 5 bytes {CALL 0xfffffffffbf4a4ef}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioWriteKey + 39                                                            fffff807778f3707 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioWriteKey + 46                                                            fffff807778f370e 5 bytes {CALL 0xfffffffffbf4a442}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioShutdownWorkQueue + 34                                                   fffff807778f3782 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioShutdownWorkQueue + 41                                                   fffff807778f3789 5 bytes {CALL 0xfffffffffbf4ab77}
.text    ...                                                                                                                 * 27
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmCleanupState + 17                                                     fffff807778f3aa1 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmCleanupState + 24                                                     fffff807778f3aa8 5 bytes {CALL 0xfffffffffc07c368}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastCheckIsMobileCore + 116                                           fffff807778f3be4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmFastCheckIsMobileCore + 123                                           fffff807778f3beb 5 bytes {CALL 0xfffffffffc276425}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmHandlePatternEviction + 96                                            fffff807778f3d80 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmHandlePatternEviction + 103                                           fffff807778f3d87 5 bytes {CALL 0xfffffffffbf4a579}
.text    ...                                                                                                                 * 26
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmIsOwningProcessRtcApp + 40                                            fffff807778f4028 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmIsOwningProcessRtcApp + 47                                            fffff807778f402f 5 bytes {CALL 0xfffffffffbf7a101}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmNotifyRedirectOnInterface + 18                                        fffff807778f40d2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmNotifyRedirectOnInterface + 25                                        fffff807778f40d9 5 bytes {CALL 0xfffffffffff59817}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmPatternCoalescingRequired + 59                                        fffff807778f416b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmPatternCoalescingRequired + 66                                        fffff807778f4172 5 bytes {CALL 0xfffffffffbfdc47e}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortHint + 64                                                 fffff807778f41d0 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortHint + 71                                                 fffff807778f41d7 5 bytes {CALL 0xfffffffffbfdc419}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortRange + 76                                                fffff807778f423c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmQueryRtcPortRange + 83                                                fffff807778f4243 5 bytes {CALL 0xfffffffffbfdc3ad}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmSignalNcContextWorkQueueRoutine + 66                                  fffff807778f42a2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmSignalNcContextWorkQueueRoutine + 73                                  fffff807778f42a9 5 bytes {CALL 0xfffffffffbfb5b57}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreBaseSupportedSlots + 135                                         fffff807778f43c7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreBaseSupportedSlots + 142                                         fffff807778f43ce 5 bytes {CALL 0xfffffffffc4cfd82}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreRtcPortHint + 41                                                 fffff807778f46c9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmStoreRtcPortHint + 48                                                 fffff807778f46d0 5 bytes {CALL 0xfffffffffbf49c30}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTrackIsLegitimateWake + 88                                            fffff807778f4778 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNcmTrackIsLegitimateWake + 95                                            fffff807778f477f 5 bytes {CALL 0xfffffffffbfe5ba1}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPdcDeactivateNetwork + 410                                               fffff807778f4cea 6 bytes {CALL 0x4f5b6}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioPdcDeactivateNetwork + 476                                               fffff807778f4d2c 6 bytes {CALL 0x4f574}
.text    ...                                                                                                                 * 6
.text    C:\Windows\system32\drivers\NETIO.SYS!PtDeleteEntry + 237                                                           fffff807778f51bd 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtDeleteEntry + 244                                                           fffff807778f51c4 5 bytes {CALL 0xfffffffffc274edc}
.text    C:\Windows\system32\drivers\NETIO.SYS!PtDestroyTable + 27                                                           fffff807778f520b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!PtDestroyTable + 34                                                           fffff807778f5212 5 bytes {CALL 0xfffffffffc274e8e}
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeTimerWheelEnumeration + 172                                      fffff807778f56fc 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!RtlInitializeTimerWheelEnumeration + 179                                      fffff807778f5703 5 bytes {CALL 0xfffffffffbf4844d}
.text    ...                                                                                                                 * 16
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrProviderDetachClientComplete + 111                                         fffff807778f5baf 6 bytes {CALL 0x4e6f1}
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrProviderDetachClientComplete + 130                                         fffff807778f5bc2 6 bytes {CALL 0x4e6de}
.text    ...                                                                                                                 * 14
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrWaitForProviderDeregisterComplete + 117                                    fffff807778f5eb5 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NmrWaitForProviderDeregisterComplete + 124                                    fffff807778f5ebc 5 bytes {CALL 0xfffffffffbf48444}
.text    ...                                                                                                                 * 21
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterLegacyHandler + 27                                               fffff807778f75cb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiDeregisterLegacyHandler + 34                                               fffff807778f75d2 5 bytes {CALL 0xfffffffffbf3973e}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiSetAllPersistentParametersWithMask + 136                                   fffff807778f7878 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiSetAllPersistentParametersWithMask + 143                                   fffff807778f787f 5 bytes {CALL 0xfffffffffbfb2581}
.text    ...                                                                                                                 * 23
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetObjectSecurity + 289                                                    fffff807778f7f81 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiGetObjectSecurity + 296                                                    fffff807778f7f88 5 bytes {CALL 0xfffffffffc4fb108}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiReferenceDefaultObjectSecurity + 22                                        fffff807778f8056 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NsiReferenceDefaultObjectSecurity + 29                                        fffff807778f805d 5 bytes {CALL 0xfffffffffc4d5563}
.text    ...                                                                                                                 * 26
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAbortTransaction + 51                                                 fffff807778f93b3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdAbortTransaction + 58                                                 fffff807778f93ba 5 bytes {CALL 0xfffffffffc023a06}
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBeginEnumFilters + 75                                                 fffff807778f94bb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdBeginEnumFilters + 82                                                 fffff807778f94c2 5 bytes {CALL 0xfffffffffc0238fe}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdMoveFilter + 58                                                       fffff807778f967a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdMoveFilter + 65                                                       fffff807778f9681 5 bytes {CALL 0xfffffffffc02373f}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdResetState + 52                                                       fffff807778f9844 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!IoctlKfdResetState + 59                                                       fffff807778f984b 5 bytes {CALL 0xfffffffffc023575}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpDecodedBufferFreeHelper + 11                                               fffff807778f9bcb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpDecodedBufferFreeHelper + 18                                               fffff807778f9bd2 5 bytes {CALL 0xfffffffffc2704ce}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleUpdateEndpointContextStatus + 158                                       fffff807778f9e8e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdAleUpdateEndpointContextStatus + 165                                       fffff807778f9e95 2 bytes [E8, 66]
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdNotifyFlowDeletion + 53                                                    fffff807778fa005 5 bytes {CALL 0x4a0bb}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdNotifyFlowDeletion + 145                                                   fffff807778fa061 5 bytes {CALL 0x4a05f}
.text    ...                                                                                                                 * 16
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdBfeEngineAccessCheck + 68                                                  fffff807778faee4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdBfeEngineAccessCheck + 75                                                  fffff807778faeeb 5 bytes {CALL 0xfffffffffbf72315}
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpDeleteEntryLru + 97                                                        fffff807778faf91 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpDeleteEntryLru + 104                                                       fffff807778faf98 5 bytes {CALL 0xfffffffffbf6ee48}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpExpireEntryLru + 32                                                        fffff807778fb000 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpExpireEntryLru + 39                                                        fffff807778fb007 5 bytes {CALL 0xfffffffffbf0c0e9}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpInsertEntryLru + 178                                                       fffff807778fb132 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpInsertEntryLru + 185                                                       fffff807778fb139 5 bytes {CALL 0xfffffffffbf6eca7}
.text    ...                                                                                                                 * 14
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpLruProcessExpiredEndpoint + 63                                             fffff807778fb3cf 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpLruProcessExpiredEndpoint + 70                                             fffff807778fb3d6 5 bytes {CALL 0xfffffffffbf0bd1a}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpLruQueueLruCleanupWorkItemForContext + 142                                 fffff807778fb53e 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpLruQueueLruCleanupWorkItemForContext + 149                                 fffff807778fb545 5 bytes {CALL 0xfffffffffbf0bbab}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpRefreshEntryLru + 131                                                      fffff807778fb6a3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpRefreshEntryLru + 138                                                      fffff807778fb6aa 5 bytes {CALL 0xfffffffffbf6e736}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpScavangeLeastRecentlyUsedList + 63                                         fffff807778fb7ff 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpScavangeLeastRecentlyUsedList + 70                                         fffff807778fb806 5 bytes {CALL 0xfffffffffbf0b8ea}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpUninitializeLeastRecentlyUsedList + 69                                     fffff807778fb9a5 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpUninitializeLeastRecentlyUsedList + 76                                     fffff807778fb9ac 5 bytes {CALL 0xfffffffffbf3ea14}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\NETIO.SYS!FeAcquireClassifyHandle + 210                                                 fffff807778fc2b2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FeAcquireClassifyHandle + 217                                                 fffff807778fc2b9 5 bytes {CALL 0xfffffffffbf9f887}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!FeAcquireWritableLayerDataPointer + 305                                       fffff807778fc511 6 bytes {CALL 0x47d8f}
.text    C:\Windows\system32\drivers\NETIO.SYS!FeAcquireWritableLayerDataPointer + 359                                       fffff807778fc547 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 6
.text    C:\Windows\system32\drivers\NETIO.SYS!FeCompleteClassify + 407                                                      fffff807778fc9b7 6 bytes {CALL 0x478e9}
.text    C:\Windows\system32\drivers\NETIO.SYS!FeCopyIncomingValues + 431                                                    fffff807778fcb8f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FeCopyIncomingValues + 438                                                    fffff807778fcb96 5 bytes {CALL 0xfffffffffbf06d8a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!FePendClassify + 522                                                          fffff807778fcf5a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FePendClassify + 529                                                          fffff807778fcf61 5 bytes {CALL 0xfffffffffbf6ce7f}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!FeReleaseClassifyHandle + 360                                                 fffff807778fd178 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FeReleaseClassifyHandle + 367                                                 fffff807778fd17f 5 bytes {CALL 0xfffffffffbf067a1}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdIsTfoIncompatibleFilterPresent + 115                                       fffff807778fd4b3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdIsTfoIncompatibleFilterPresent + 122                                       fffff807778fd4ba 5 bytes {CALL 0xfffffffffbf6c926}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdToggleFilterActivation + 225                                               fffff807778fe021 6 bytes {CALL 0x4627f}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdToggleFilterActivation + 328                                               fffff807778fe088 6 bytes {CALL 0x46218}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdPreClassify + 304                                                          fffff807778fe820 6 bytes {CALL 0x45a80}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterLayerChangeCallback2 + 136                                         fffff807778ffb48 6 bytes {CALL 0x44758}
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdRegisterLayerChangeCallback2 + 189                                         fffff807778ffb7d 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 6
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdFindFilterById + 201                                                       fffff807778ffcc9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!KfdFindFilterById + 208                                                       fffff807778ffcd0 5 bytes {CALL 0xffffffffffe3e320}
.text    ...                                                                                                                 * 9
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlowFast + 191                                            fffff80777901c8f 6 bytes {CALL 0x42611}
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpRemoveContextFromFlowFast + 223                                            fffff80777901caf 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppStreamInject + 197                                                        fffff80777903e35 6 bytes {CALL 0x4046b}
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppStreamInject + 370                                                        fffff80777903ee2 6 bytes {CALL 0x403be}
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppTruncateStreamDataAfterOffset + 90                                        fffff80777903f7a 6 bytes {CALL 0x40326}
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppTruncateStreamDataAfterOffset + 235                                       fffff8077790400b 6 bytes {CALL 0x40295}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!AgileVPNFindCompartmentIdFromTunnelId + 20                                    fffff8077790aff4 6 bytes {CALL 0x392ac}
.text    C:\Windows\system32\drivers\NETIO.SYS!AgileVPNFindTunnelInfoFromInterfaceIndex + 33                                 fffff8077790b051 6 bytes {CALL 0x3924f}
.text    C:\Windows\system32\drivers\NETIO.SYS!IPsecGwGetTunnelInfoFromIPInformation + 44                                    fffff8077790b0ac 6 bytes {CALL 0x391f4}
.text    C:\Windows\system32\drivers\NETIO.SYS!IPsecGwIsUdpEspPacket + 11                                                    fffff8077790b0cb 6 bytes {CALL 0x391d5}
.text    C:\Windows\system32\drivers\NETIO.SYS!IPsecGwProcessSecureNbl + 115                                                 fffff8077790b153 6 bytes {CALL 0x3914d}
.text    C:\Windows\system32\drivers\NETIO.SYS!IPsecGwSetCallbackDispatch + 16                                               fffff8077790b180 6 bytes {CALL 0x39120}
.text    C:\Windows\system32\drivers\NETIO.SYS!IPsecGwTransformClearTextPacket + 138                                         fffff8077790b22a 6 bytes {CALL 0x39076}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreateForwardFlow + 141                                                  fffff8077790b2cd 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreateForwardFlow + 148                                                  fffff8077790b2d4 5 bytes {CALL 0xfffffffffbf3302c}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreatevSwitchForwardFlow + 180                                           fffff8077790b4d4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioCreatevSwitchForwardFlow + 187                                           fffff8077790b4db 5 bytes {CALL 0xfffffffffbf32e25}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFlowAssociateContext + 47                                                fffff8077790b6af 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFlowAssociateContext + 54                                                fffff8077790b6b6 5 bytes {CALL 0xfffffffffbf9e74a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRemoveContext + 36                                                   fffff8077790b744 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRemoveContext + 43                                                   fffff8077790b74b 5 bytes {CALL 0xfffffffffbf9e6b5}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRetrieveContext + 51                                                 fffff8077790b7f3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioFlowRetrieveContext + 58                                                 fffff8077790b7fa 5 bytes {CALL 0xfffffffffbf9e606}
.text    ...                                                                                                                 * 36
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioLookupForwardFlow + 137                                                  fffff8077790bcf9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioLookupForwardFlow + 144                                                  fffff8077790bd00 5 bytes {CALL 0xfffffffffbfc48f0}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioLookupvSwitchForwardFlow + 228                                           fffff8077790be24 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioLookupvSwitchForwardFlow + 235                                           fffff8077790be2b 5 bytes {CALL 0xfffffffffbfc47c5}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRefreshFlow + 52                                                         fffff8077790bea4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioRefreshFlow + 59                                                         fffff8077790beab 5 bytes {CALL 0xfffffffffbf9df55}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioReleaseFlow + 120                                                        fffff8077790bfc8 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioReleaseFlow + 127                                                        fffff8077790bfcf 5 bytes {CALL 0xfffffffffbffabb1}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeFlowsManager + 52                                            fffff8077790c054 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioUnInitializeFlowsManager + 59                                            fffff8077790c05b 5 bytes {CALL 0xfffffffffc063db5}
.text    ...                                                                                                                 * 18
.text    C:\Windows\system32\drivers\NETIO.SYS!WskDeregister + 46                                                            fffff8077790cbae 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WskDeregister + 53                                                            fffff8077790cbb5 5 bytes {CALL 0xfffffffffbf2415b}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\NETIO.SYS!WskReleaseProviderNPI + 79                                                    fffff8077790cd4f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WskReleaseProviderNPI + 86                                                    fffff8077790cd56 5 bytes {CALL 0xfffffffffbf3ac5a}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpCreateReassemblyContext + 34                                               fffff8077790cef2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpCreateReassemblyContext + 41                                               fffff8077790cef9 5 bytes {CALL 0xffffffffffe30197}
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoClone + 179                                                         fffff8077790cff3 6 bytes {CALL 0x372ad}
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoClone + 222                                                         fffff8077790d01e 6 bytes {CALL 0x37282}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoGetFlags + 43                                                       fffff8077790d0eb 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!WfpNblInfoGetFlags + 50                                                       fffff8077790d0f2 5 bytes {CALL 0xffffffffffe4486e}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderIsNetEventTypeEnabled0 + 58                                  fffff8077790d20a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderIsNetEventTypeEnabled0 + 65                                  fffff8077790d211 5 bytes {CALL 0xfffffffffbf332ef}
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppLogVpnEvent + 169                                                         fffff8077790d2e9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!FwppLogVpnEvent + 176                                                         fffff8077790d2f0 5 bytes {CALL 0xfffffffffc62e6b0}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDereferenceRecord + 91                                                fffff8077790e34b 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDereferenceRecord + 98                                                fffff8077790e352 5 bytes {CALL 0xfffffffffbfcbf1e}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordByHandle + 48                                   fffff8077790e4c0 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordByHandle + 55                                   fffff8077790e4c7 5 bytes {CALL 0xfffffffffc4e4bc9}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordById + 167                                      fffff8077790e667 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindAndReferenceRecordById + 174                                      fffff8077790e66e 5 bytes {CALL 0xfffffffffbf2fd22}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindOrCreateRecord + 281                                              fffff8077790e7e9 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtFindOrCreateRecord + 288                                              fffff8077790e7f0 5 bytes {CALL 0xfffffffffbf391c0}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtIsProxyInRecord + 63                                                  fffff8077790ea3f 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtIsProxyInRecord + 70                                                  fffff8077790ea46 5 bytes {CALL 0xfffffffffc08e01a}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtJoinRecords + 163                                                     fffff8077790eb23 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtJoinRecords + 170                                                     fffff8077790eb2a 5 bytes {CALL 0xfffffffffbf2f866}
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtWppLogRecord + 803                                                    fffff8077790ef03 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtWppLogRecord + 810                                                    fffff8077790ef0a 5 bytes {CALL 0xffffffffff1e6606}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDispatch + 184                                                        fffff807779106b8 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtDispatch + 191                                                        fffff807779106bf 5 bytes {CALL 0xfffffffffbf5f331}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStop + 16                                                             fffff80777910f00 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\NETIO.SYS!NetioNrtStop + 23                                                             fffff80777910f07 5 bytes {CALL 0xfffffffffbfc5ab9}
PAGE     C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderCreate0 + 350                                                fffff8077793180e 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderCreate0 + 357                                                fffff80777931815 5 bytes {CALL 0xfffffffffc08789b}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStartRoutines + 53                                                   fffff80777931d45 6 bytes {CALL 0x1255b}
PAGE     C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStartRoutines + 196                                                  fffff80777931dd4 6 bytes {CALL 0x124cc}
PAGE     ...                                                                                                                 * 24
PAGE     C:\Windows\system32\drivers\NETIO.SYS!KfdSetWfpPerProcContextPtr + 35                                               fffff80777932913 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\drivers\NETIO.SYS!KfdSetWfpPerProcContextPtr + 42                                               fffff8077793291a 5 bytes {CALL 0xffffffffffea9116}
PAGE     ...                                                                                                                 * 19
PAGE     C:\Windows\system32\drivers\NETIO.SYS!DllUnload + 46                                                                fffff8077793342e 6 bytes {CALL 0x10e72}
PAGE     C:\Windows\system32\drivers\NETIO.SYS!DllUnload + 145                                                               fffff80777933491 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStopRoutines + 46                                                    fffff8077793376e 6 bytes {CALL 0x10b32}
PAGE     C:\Windows\system32\drivers\NETIO.SYS!RtlInvokeStopRoutines + 127                                                   fffff807779337bf 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 30
PAGE     C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderDestroy0 + 269                                               fffff80777933d6d 2 bytes [4C, 8B]
PAGE     C:\Windows\system32\drivers\NETIO.SYS!FwpmEventProviderDestroy0 + 276                                               fffff80777933d74 5 bytes {CALL 0xfffffffffc23629c}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCopyStreamDataToBuffer0 + 43                                           fffff80777cb103b 6 bytes {CALL 0x79265}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCopyStreamDataToBuffer0 + 143                                          fffff80777cb109f 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 10
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAssociateContext0 + 4                                              fffff80777cb11c4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAssociateContext0 + 11                                             fffff80777cb11cb 5 bytes {CALL 0xffffffffffc0cb25}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowRemoveContext0 + 8                                                 fffff80777cb11e8 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowRemoveContext0 + 15                                                fffff80777cb11ef 5 bytes {CALL 0xffffffffffc03581}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleDestroy0 + 106                                          fffff80777cb127a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleDestroy0 + 113                                          fffff80777cb1281 5 bytes {CALL 0xfffffffffbbb8b5f}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListEventNotify + 66                                          fffff80777cb14d2 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListEventNotify + 73                                          fffff80777cb14d9 5 bytes {CALL 0xffffffffffc103e7}
.text    ...                                                                                                                 * 10
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListAssociateContext + 65                                     fffff80777cb1771 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppNetBufferListAssociateContext + 72                                     fffff80777cb1778 5 bytes {CALL 0xffffffffffc10148}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsNetBufferListRetrieveContext0 + 66                                     fffff80777cb18f2 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsNetBufferListRetrieveContext0 + 73                                     fffff80777cb18f9 5 bytes {CALL 0xffffffffffc0ffc7}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiGetValueFromClassifyContext + 51                                       fffff80777cb19e3 6 bytes {CALL 0x788bd}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsIPSecGetPacketListSecurityInformation + 23                             fffff80777cb1b07 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsIPSecGetPacketListSecurityInformation + 30                             fffff80777cb1b0e 5 bytes {CALL 0xffffffffffc0fdb2}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowAssociateContextFast + 4                                           fffff80777cb1ba4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowAssociateContextFast + 11                                          fffff80777cb1bab 5 bytes {CALL 0xffffffffffc03b45}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsForceReclassifyLayer0 + 53                                             fffff80777cb1e75 6 bytes {CALL 0x7842b}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiCalloutRegisterWithoutDeviceFast0 + 62                                 fffff80777cb1f0e 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiCalloutRegisterWithoutDeviceFast0 + 69                                 fffff80777cb1f15 5 bytes {CALL 0xfffffffffbc2a9fb}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateGet0 + 99                                                      fffff80777cb2803 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateGet0 + 106                                                     fffff80777cb280a 5 bytes {CALL 0xfffffffffbc63b66}
.text    ...                                                                                                                 * 13
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleCreate0 + 308                                           fffff80777cb2c34 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectionHandleCreate0 + 315                                           fffff80777cb2c3b 5 bytes {CALL 0xfffffffffbbb71a5}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DllInitialize + 225                                                        fffff80777cb2e91 6 bytes {CALL 0x7740f}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DllInitialize + 409                                                        fffff80777cb2f49 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 18
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableAndGlobalsSet0 + 197                                 fffff80777cb31b5 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableAndGlobalsSet0 + 204                                 fffff80777cb31bc 5 bytes {CALL 0xfffffffffbcbd604}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableAndGlobalsSet0 + 99                                     fffff80777cb3303 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableAndGlobalsSet0 + 106                                    fffff80777cb330a 5 bytes {CALL 0xfffffffffbcbd4b6}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointWasRedirectedToProxy + 18                               fffff80777cb3532 6 bytes {CALL 0x76d6e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReserveFlowLocation + 4                                                fffff80777cb3574 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReserveFlowLocation + 11                                               fffff80777cb357b 5 bytes {CALL 0xffffffffffc25645}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsRedirectHandleDestroy0 + 390                                           fffff80777cb3786 3 bytes [4C, 8B, 15]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsRedirectHandleDestroy0 + 397                                           fffff80777cb378d 5 bytes JMP fffff8077399c110
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DllUnload + 209                                                            fffff80777cb4dd1 6 bytes {CALL 0x754cf}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DllUnload + 603                                                            fffff80777cb4f5b 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetById0 + 107                                               fffff80777cb526b 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetById0 + 114                                               fffff80777cb5272 5 bytes {CALL 0xfffffffffe9dcd9e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetSecurityInfo0 + 147                                       fffff80777cb5343 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionGetSecurityInfo0 + 154                                       fffff80777cb534a 5 bytes {CALL 0xfffffffffe9dccc6}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionSetSecurityInfo0 + 236                                       fffff80777cb54cc 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmConnectionSetSecurityInfo0 + 243                                       fffff80777cb54d3 5 bytes {CALL 0xfffffffffe9dcb3d}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFreeMemory0 + 144                                                      fffff80777cb55b0 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFreeMemory0 + 151                                                      fffff80777cb55b7 5 bytes {CALL 0xfffffffffe9dca59}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppVpnTriggerEventFire0 + 77                                              fffff80777cb58cd 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppVpnTriggerEventFire0 + 84                                              fffff80777cb58d4 5 bytes {CALL 0xfffffffffe9dc73c}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverExpire + 98                                                     fffff80777cb5972 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverExpire + 105                                                    fffff80777cb5979 5 bytes {CALL 0xfffffffffe9dc697}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverInitiateAcquire + 205                                           fffff80777cb5a7d 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverInitiateAcquire + 212                                           fffff80777cb5a84 5 bytes {CALL 0xfffffffffe9dc58c}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverProcessClearTextResponse + 88                                   fffff80777cb5b18 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverProcessClearTextResponse + 95                                   fffff80777cb5b1f 5 bytes {CALL 0xfffffffffe9dc4f1}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverSaOffloaded + 93                                                fffff80777cb5bad 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IPsecDriverSaOffloaded + 100                                               fffff80777cb5bb4 5 bytes {CALL 0xfffffffffe9dc45c}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextGetStatistics1 + 73                                                  fffff80777cb5e29 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextGetStatistics1 + 80                                                  fffff80777cb5e30 5 bytes {CALL 0xfffffffffe9dc1e0}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaCreateEnumHandle0 + 87                                             fffff80777cb5ec7 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaCreateEnumHandle0 + 94                                             fffff80777cb5ece 5 bytes {CALL 0xfffffffffe9dc142}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbGetSecurityInfo0 + 131                                           fffff80777cb5f93 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbGetSecurityInfo0 + 138                                           fffff80777cb5f9a 5 bytes {CALL 0xfffffffffe9dc076}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbSetSecurityInfo0 + 206                                           fffff80777cb60fe 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDbSetSecurityInfo0 + 213                                           fffff80777cb6105 5 bytes {CALL 0xfffffffffe9dbf0b}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDeleteById0 + 74                                                   fffff80777cb619a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDeleteById0 + 81                                                   fffff80777cb61a1 5 bytes {CALL 0xfffffffffe9dbe6f}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDestroyEnumHandle0 + 83                                            fffff80777cb6233 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaDestroyEnumHandle0 + 90                                            fffff80777cb623a 5 bytes {CALL 0xfffffffffe9dbdd6}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaEnum2 + 125                                                        fffff80777cb656d 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaEnum2 + 132                                                        fffff80777cb6574 5 bytes {CALL 0xfffffffffe9dba9c}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaGetById2 + 116                                                     fffff80777cb67c4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!IkeextSaGetById2 + 123                                                     fffff80777cb67cb 5 bytes {CALL 0xfffffffffe9db845}
.text    ...                                                                                                                 * 24
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DPChannelCreate0 + 11                                                      fffff80777cc1e3b 6 bytes {CALL 0x68465}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DPChannelDestroy0 + 11                                                     fffff80777cc1e5b 6 bytes {CALL 0x68445}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DPGetProcessIdFromProfileName0 + 11                                        fffff80777cc1e7b 6 bytes {CALL 0x68425}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DPReceiveNetBufferListComplete0 + 11                                       fffff80777cc1e9b 6 bytes {CALL 0x68405}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!DPSendNetBufferList0 + 11                                                  fffff80777cc1ebb 6 bytes {CALL 0x683e5}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowRemoveContextFast + 8                                              fffff80777cc1ed8 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiFlowRemoveContextFast + 15                                             fffff80777cc1edf 5 bytes {CALL 0xffffffffffc3fcf1}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiGetConnectionLuid0 + 142                                               fffff80777cc1f9e 6 bytes {CALL 0x68302}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiGetConnectionLuid0 + 209                                               fffff80777cc1fe1 6 bytes {CALL 0x682bf}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiIsConnectionEdgeTraversed0 + 48                                        fffff80777cc2040 6 bytes {CALL 0x68260}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReleaseFlowLocation + 4                                                fffff80777cc2064 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiReleaseFlowLocation + 11                                               fffff80777cc206b 5 bytes {CALL 0xffffffffffc3faf5}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppProcessorAddHandler + 16                                               fffff80777cc2240 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppProcessorAddHandler + 23                                               fffff80777cc2247 5 bytes {CALL 0xffffffffffc312a9}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCancelEndpointDeleteNotification0 + 47                                 fffff80777cc22ef 6 bytes {CALL 0x67fb1}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsClassifyOptionSet0 + 296                                               fffff80777cc2448 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsClassifyOptionSet0 + 303                                               fffff80777cc244f 5 bytes {CALL 0xfffffffffbba7991}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCompleteOperation0 + 30                                                fffff80777cc24fe 6 bytes {CALL 0x67da2}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAbort0 + 43                                                        fffff80777cc253b 2 bytes {JMP 0x41}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFlowAbort0 + 50                                                        fffff80777cc2542 5 bytes {CALL 0xffffffffffc3f4de}
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableClear0 + 45                                             fffff80777cc266d 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsL2DispatchTableClear0 + 52                                             fffff80777cc2674 5 bytes {CALL 0xfffffffffbb7bc8c}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsPendOperation0 + 62                                                    fffff80777cc271e 6 bytes {CALL 0x67b82}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointClassifiableFieldGet + 28                               fffff80777cc276c 6 bytes {CALL 0x67b34}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointDereferenceEndpoint + 18                                fffff80777cc2792 6 bytes {CALL 0x67b0e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointMetadataValueGet + 18                                   fffff80777cc27c2 6 bytes {CALL 0x67ade}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointReferenceEndpoint + 18                                  fffff80777cc27f2 6 bytes {CALL 0x67aae}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointRegisterForExitingEndpoint + 18                         fffff80777cc2822 6 bytes {CALL 0x67a7e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsProxiedEndpointUnRegisterForExitingEndpoint + 18                       fffff80777cc2852 6 bytes {CALL 0x67a4e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsQueryConnectionRedirectState0 + 27                                     fffff80777cc288b 6 bytes {CALL 0x67a15}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsQueryConnectionSioFormatRedirectRecords0 + 27                          fffff80777cc28bb 6 bytes {CALL 0x679e5}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsRequestEndpointDeleteNotification0 + 71                                fffff80777cc2977 6 bytes {CALL 0x67929}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsSignalIPsecDecryptCompleteIkeV20 + 18                                  fffff80777cc29c2 6 bytes {CALL 0x678de}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsStreamContinue0 + 47                                                   fffff80777cc2a0f 6 bytes {CALL 0x67891}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableClear0 + 45                                          fffff80777cc2a6d 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsTcpIpDispatchTableClear0 + 52                                          fffff80777cc2a74 5 bytes {CALL 0xfffffffffbb7b88c}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsVirtualIfTunnelInfoSet0 + 104                                          fffff80777cc2b88 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsVirtualIfTunnelInfoSet0 + 111                                          fffff80777cc2b8f 5 bytes {CALL 0xffffffffffbfed31}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpFreeMemory0 + 16                                                     fffff80777cc2bd0 6 bytes {CALL 0x676d0}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpGetEnterpriseId0 + 25                                                fffff80777cc2c09 6 bytes {CALL 0x67697}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpGetEnterpriseIdAsync0 + 45                                           fffff80777cc2c4d 6 bytes {CALL 0x67653}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpGetEnterpriseIdClose0 + 16                                           fffff80777cc2c70 6 bytes {CALL 0x67630}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpNotifyProcessTokenChange0 + 44                                       fffff80777cc2cbc 6 bytes {CALL 0x675e4}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!NikEdpNotifyProcessTokenChange0 + 72                                       fffff80777cc2cd8 6 bytes {CALL 0x675c8}
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiParseIPv6Protocol0 + 98                                                fffff80777cc2e62 6 bytes {CALL 0x6743e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpiParseIPv6Protocol0 + 218                                               fffff80777cc2eda 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppAllocateNetioCloneNetBufferList + 124                                  fffff80777cc314c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppAllocateNetioCloneNetBufferList + 131                                  fffff80777cc3153 5 bytes {CALL 0xffffffffffa7933d}
.text    ...                                                                                                                 * 18
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppDeepCloneNetBufferList + 39                                            fffff80777cc3487 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppDeepCloneNetBufferList + 46                                            fffff80777cc348e 5 bytes {CALL 0xffffffffffa79002}
.text    ...                                                                                                                 * 21
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppFreeDeepCloneNetBufferList + 28                                        fffff80777cc389c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppFreeDeepCloneNetBufferList + 35                                        fffff80777cc38a3 5 bytes {CALL 0xffffffffffbedbbd}
.text    ...                                                                                                                 * 27
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateCloneNetBufferList0 + 60                                       fffff80777cc45ec 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateCloneNetBufferList0 + 67                                       fffff80777cc45f3 5 bytes {CALL 0xffffffffffc48acd}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateNetBufferAndNetBufferList0 + 91                                fffff80777cc46cb 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAllocateNetBufferAndNetBufferList0 + 98                                fffff80777cc46d2 5 bytes {CALL 0xffffffffffa7864e}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCloneStreamData0 + 176                                                 fffff80777cc4890 6 bytes {CALL 0x65a10}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCloneStreamData0 + 284                                                 fffff80777cc48fc 6 bytes {CALL 0x659a4}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsDereferenceNetBufferList0 + 16                                         fffff80777cc4960 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsDereferenceNetBufferList0 + 23                                         fffff80777cc4967 5 bytes {CALL 0xffffffffffc48759}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeCloneNetBufferList0 + 105                                          fffff80777cc4a59 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeCloneNetBufferList0 + 112                                          fffff80777cc4a60 5 bytes {CALL 0xffffffffffc48660}
.text    ...                                                                                                                 * 19
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeNetBufferList0 + 76                                                fffff80777cc4c6c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsFreeNetBufferList0 + 83                                                fffff80777cc4c73 5 bytes {CALL 0xffffffffffc4844d}
.text    ...                                                                                                                 * 25
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReassembleForwardFragmentGroup0 + 281                                  fffff80777cc51d9 6 bytes {CALL 0x650c7}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReassembleForwardFragmentGroup0 + 400                                  fffff80777cc5250 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReferenceNetBufferList0 + 16                                           fffff80777cc5640 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReferenceNetBufferList0 + 23                                           fffff80777cc5647 5 bytes {CALL 0xffffffffffc47a79}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppDereferencevSwitchNblContext + 22                                      fffff80777cc5776 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppDereferencevSwitchNblContext + 29                                      fffff80777cc577d 5 bytes {CALL 0xfffffffffbea4923}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppGetvSwitchNblContext + 252                                             fffff80777cc588c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppGetvSwitchNblContext + 259                                             fffff80777cc5893 5 bytes {CALL 0xfffffffffbba454d}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCopyVmSwitchNblInfo + 15                                        fffff80777cc5b3f 6 bytes {CALL 0x64761}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCopyVmSwitchNblInfo + 153                                       fffff80777cc5bc9 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 4
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCreateNotify + 97                                               fffff80777cc5c81 6 bytes {CALL 0x6461f}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchCreateNotify + 200                                              fffff80777cc5ce8 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchDeleteNotify + 76                                               fffff80777cc5dcc 6 bytes {CALL 0x644d4}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchFreeVmSwitchNblInfo + 15                                        fffff80777cc5e0f 6 bytes {CALL 0x64491}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchGetDestinationArray + 15                                        fffff80777cc5e5f 6 bytes {CALL 0x64441}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchGetDestinationInterface + 15                                    fffff80777cc5e7f 6 bytes {CALL 0x64421}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchLwfReorderEventNotify + 124                                     fffff80777cc5f0c 6 bytes {CALL 0x64394}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchLwfReorderEventNotify + 242                                     fffff80777cc5f82 6 bytes {CALL 0x6431e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPolicyEventNotify + 204                                         fffff80777cc60ac 6 bytes {CALL 0x641f4}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPolicyEventNotify + 317                                         fffff80777cc611d 6 bytes {CALL 0x64183}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPortEventNotify + 231                                           fffff80777cc6237 6 bytes {CALL 0x64069}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchPortEventNotify + 360                                           fffff80777cc62b8 6 bytes {CALL 0x63fe8}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateRestoreNotify + 375                                 fffff80777cc6467 6 bytes {CALL 0x63e39}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateRestoreNotify + 532                                 fffff80777cc6504 6 bytes {CALL 0x63d9c}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateSaveNotify + 257                                    fffff80777cc6681 6 bytes {CALL 0x63c1f}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwppvSwitchRuntimeStateSaveNotify + 499                                    fffff80777cc6773 6 bytes {CALL 0x63b2d}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsSubscribe0 + 273                                          fffff80777cc6971 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsSubscribe0 + 280                                          fffff80777cc6978 5 bytes {CALL 0xfffffffffbba3468}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsUnsubscribe0 + 129                                        fffff80777cc6a51 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchEventsUnsubscribe0 + 136                                        fffff80777cc6a58 5 bytes {CALL 0xfffffffffbba3388}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchNotifyComplete0 + 184                                           fffff80777cc6b78 6 bytes {CALL 0x63728}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsvSwitchNotifyComplete0 + 210                                           fffff80777cc6b92 6 bytes {CALL 0x6370e}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireClassifyHandle0 + 49                                            fffff80777cc6be1 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireClassifyHandle0 + 56                                            fffff80777cc6be8 5 bytes {CALL 0xffffffffffc355f8}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireWritableLayerDataPointer0 + 37                                  fffff80777cc6c25 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsAcquireWritableLayerDataPointer0 + 44                                  fffff80777cc6c2c 5 bytes {CALL 0xffffffffffc357b4}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsApplyModifiedLayerData0 + 14                                           fffff80777cc6c6e 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsApplyModifiedLayerData0 + 21                                           fffff80777cc6c75 5 bytes {CALL 0xffffffffffc35adb}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCompleteClassify0 + 9                                                  fffff80777cc6c99 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCompleteClassify0 + 16                                                 fffff80777cc6ca0 5 bytes {CALL 0xffffffffffc35b80}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsPendClassify0 + 44                                                     fffff80777cc6cdc 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsPendClassify0 + 51                                                     fffff80777cc6ce3 5 bytes {CALL 0xffffffffffc3606d}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReleaseClassifyHandle0 + 9                                             fffff80777cc6d09 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsReleaseClassifyHandle0 + 16                                            fffff80777cc6d10 5 bytes {CALL 0xffffffffffc36300}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsConstructIpHeaderForTransportPacket0 + 263                             fffff80777cc85e7 6 bytes {CALL 0x61cb9}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsConstructIpHeaderForTransportPacket0 + 327                             fffff80777cc8627 6 bytes {CALL 0x61c79}
.text    ...                                                                                                                 * 4
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectForwardAsync0 + 58                                               fffff80777cc876a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectForwardAsync0 + 65                                               fffff80777cc8771 5 bytes {CALL 0xfffffffffbb9de8f}
.text    ...                                                                                                                 * 6
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkReceiveAsync0 + 52                                        fffff80777cc8a44 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkReceiveAsync0 + 59                                        fffff80777cc8a4b 5 bytes {CALL 0xfffffffffbb9dbb5}
.text    ...                                                                                                                 * 6
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkSendAsync0 + 60                                           fffff80777cc8c6c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectNetworkSendAsync0 + 67                                           fffff80777cc8c73 5 bytes {CALL 0xfffffffffbb9d98d}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectTransportReceiveAsync0 + 70                                      fffff80777cc8ee6 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsInjectTransportReceiveAsync0 + 77                                      fffff80777cc8eed 5 bytes {CALL 0xfffffffffbb9d713}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsStreamInjectAsync0 + 247                                               fffff80777cc9407 6 bytes {CALL 0x60e99}
.text    C:\Windows\System32\drivers\fwpkclnt.sys!FwpsStreamInjectAsync0 + 424                                               fffff80777cc94b8 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterById0 + 27                                            fffff80777cf61eb 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterById0 + 34                                            fffff80777cf61f2 5 bytes {CALL 0xfffffffffbbe671e}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterDeleteByKey0 + 413                                               fffff80777cf65ad 6 bytes {CALL 0x33cf3}
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterDeleteByKey0 + 554                                               fffff80777cf663a 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 2
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwppDispatchDevCtl0 + 508                                                  fffff80777cf694c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwppDispatchDevCtl0 + 515                                                  fffff80777cf6953 5 bytes {CALL 0xfffffffffbb36e1d}
PAGE     ...                                                                                                                 * 10
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister3 + 82                                                  fffff80777cf6e32 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister3 + 89                                                  fffff80777cf6e39 5 bytes {CALL 0xfffffffffbbe5ad7}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegisterWithoutDevice0 + 62                                     fffff80777cf6ece 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegisterWithoutDevice0 + 69                                     fffff80777cf6ed5 5 bytes {CALL 0xfffffffffbbe5a3b}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwppBfeStateGetResetCount0 + 71                                            fffff80777cf7357 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwppBfeStateGetResetCount0 + 78                                            fffff80777cf735e 5 bytes {CALL 0xfffffffffbc13092}
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateSubscribeChangesWithoutDevice0 + 229                           fffff80777cf7645 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateSubscribeChangesWithoutDevice0 + 236                           fffff80777cf764c 5 bytes {CALL 0xfffffffffbc12da4}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterAdd0 + 304                                                       fffff80777cf7b40 6 bytes {CALL 0x32760}
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmFilterAdd0 + 366                                                       fffff80777cf7b7e 2 bytes [4C, 8B]
PAGE     ...                                                                                                                 * 25
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister0 + 101                                                 fffff80777cf8bd5 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister0 + 108                                                 fffff80777cf8bdc 5 bytes {CALL 0xfffffffffbbe3d34}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister1 + 101                                                 fffff80777cf8c95 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister1 + 108                                                 fffff80777cf8c9c 5 bytes {CALL 0xfffffffffbbe3c74}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister2 + 101                                                 fffff80777cf8d55 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutRegister2 + 108                                                 fffff80777cf8d5c 5 bytes {CALL 0xfffffffffbbe3bb4}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterByKey0 + 60                                           fffff80777cf8dec 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpsCalloutUnregisterByKey0 + 67                                           fffff80777cf8df3 5 bytes {CALL 0xfffffffffbbe3b1d}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateUnsubscribeChanges0 + 121                                      fffff80777cf8eb9 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmBfeStateUnsubscribeChanges0 + 128                                      fffff80777cf8ec0 5 bytes {CALL 0xfffffffffbc11530}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketAddAsync0 + 169                                            fffff80777cfc429 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketAddAsync0 + 176                                            fffff80777cfc430 5 bytes {CALL 0xfffffffffe9c0940}
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketDeleteByKeyAsync0 + 124                                    fffff80777cfc57c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\fwpkclnt.sys!FwpmSecureSocketDeleteByKeyAsync0 + 131                                    fffff80777cfc583 5 bytes {CALL 0xfffffffffe9c07ed}
.text    C:\Windows\System32\Drivers\mup.sys!MupPinKnownPrefix + 133                                                         fffff80777f13375 2 bytes [4C, 8B]
.text    C:\Windows\System32\Drivers\mup.sys!MupPinKnownPrefix + 140                                                         fffff80777f1337c 1 byte [E8]
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\Drivers\mup.sys!MupUnpinKnownPrefix + 99                                                        fffff80777f13573 2 bytes [4C, 8B]
.text    C:\Windows\System32\Drivers\mup.sys!MupUnpinKnownPrefix + 106                                                       fffff80777f1357a 5 bytes {CALL 0xfffffffffb92a626}
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\Drivers\mup.sys!DllInitialize + 101                                                             fffff80777f141b5 2 bytes [4C, 8B]
.text    C:\Windows\System32\Drivers\mup.sys!DllInitialize + 108                                                             fffff80777f141bc 5 bytes {CALL 0xfffffffffb9fa564}
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateCheckNegativeCache + 141                                            fffff80777f1d14d 2 bytes {JMP 0xffffffffffffffee}
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateCheckNegativeCache + 148                                            fffff80777f1d154 5 bytes {CALL 0xfffffffffb8e5b1c}
PAGE     ...                                                                                                                 * 12
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateGetUncProviderDeviceObject + 148                                    fffff80777f208d4 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateGetUncProviderDeviceObject + 155                                    fffff80777f208db 5 bytes {CALL 0xfffffffffbf285a5}
PAGE     ...                                                                                                                 * 10
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProviderEx + 108                                            fffff80777f23f9c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProviderEx + 115                                            fffff80777f23fa3 5 bytes {CALL 0xfffffffffb919bfd}
PAGE     ...                                                                                                                 * 14
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProvider + 134                                              fffff80777f243a6 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateRegisterProvider + 141                                              fffff80777f243ad 5 bytes {CALL 0xfffffffffbc45cf3}
PAGE     ...                                                                                                                 * 15
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateDeregisterProvider + 85                                             fffff80777f29635 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateDeregisterProvider + 92                                             fffff80777f2963c 5 bytes {CALL 0xfffffffffb914564}
PAGE     ...                                                                                                                 * 11
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateSetUndecoratedFileName + 130                                        fffff80777f29b02 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\Drivers\mup.sys!MupSurrogateSetUndecoratedFileName + 137                                        fffff80777f29b09 5 bytes {CALL 0xfffffffffbc40507}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendIrpSynchronous + 42                                               fffff80777f91a2a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendIrpSynchronous + 49                                               fffff80777f91a31 5 bytes {CALL 0xfffffffffb89f2df}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSignalCompletion + 20                                                 fffff80777f91ac4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSignalCompletion + 27                                                 fffff80777f91acb 5 bytes {CALL 0xfffffffffb8b5ee5}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbSynchronous + 205                                              fffff80777f91d8d 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbSynchronous + 212                                              fffff80777f91d94 5 bytes {CALL 0xfffffffffbbd827c}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCompleteRequest + 71                                                  fffff80777f93d27 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCompleteRequest + 78                                                  fffff80777f93d2e 5 bytes {CALL 0xfffffffffb96e012}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoComplete + 562                                                      fffff80777f94032 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoComplete + 569                                                      fffff80777f94039 5 bytes {CALL 0xfffffffffb96dd07}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeviceControl + 104                                                   fffff80777f94158 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeviceControl + 111                                                   fffff80777f9415f 5 bytes {CALL 0xfffffffffb96dbe1}
.text    ...                                                                                                                 * 20
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseRemoveLock + 38                                                fffff80777f96556 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseRemoveLock + 45                                                fffff80777f9655d 5 bytes {CALL 0xfffffffffb970913}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireRemoveLockEx + 21                                              fffff80777f965d5 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireRemoveLockEx + 28                                              fffff80777f965dc 5 bytes {CALL 0xfffffffffb96f814}
.text    ...                                                                                                                 * 21
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReadDriveCapacity + 228                                               fffff80777f99964 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReadDriveCapacity + 235                                               fffff80777f9996b 5 bytes {CALL 0xfffffffffb8973a5}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSpinDownPowerHandler + 524                                            fffff80777f9a49c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSpinDownPowerHandler + 531                                            fffff80777f9a4a3 5 bytes {CALL 0xfffffffffb9d7e1d}
.text    ...                                                                                                                 * 4
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInterpretSenseInfo + 937                                              fffff80777f9c459 6 bytes {CALL 0x5ee47}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetMediaChangeState + 156                                             fffff80777f9d17c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetMediaChangeState + 163                                             fffff80777f9d183 5 bytes {CALL 0xfffffffffb89d23d}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCheckMediaState + 326                                                 fffff80777f9e616 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCheckMediaState + 333                                                 fffff80777f9e61d 5 bytes {CALL 0xfffffffffb893653}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseChildLock + 33                                                 fffff80777f9e8d1 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseChildLock + 40                                                 fffff80777f9e8d8 5 bytes {CALL 0xfffffffffb8a90d8}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbAsynchronous + 335                                             fffff80777f9ea9f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendSrbAsynchronous + 342                                             fffff80777f9eaa6 5 bytes {CALL 0xfffffffffb8931ca}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassForwardIrpSynchronous + 492                                           fffff80777fa233c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassForwardIrpSynchronous + 499                                           fffff80777fa2343 5 bytes {CALL 0xfffffffffb94f06d}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassNotifyFailurePredicted + 142                                          fffff80777fb0d6e 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassNotifyFailurePredicted + 149                                          fffff80777fb0d75 5 bytes {CALL 0xfffffffffb9c167b}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendNotification + 81                                                 fffff80777fb0f31 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendNotification + 88                                                 fffff80777fb0f38 5 bytes {CALL 0xfffffffffbbb90d8}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAsynchronousCompletion + 145                                          fffff80777fb1fc1 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAsynchronousCompletion + 152                                          fffff80777fb1fc8 5 bytes {CALL 0xfffffffffb897de8}
.text    ...                                                                                                                 * 13
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDriverExtension + 11                                               fffff80777fb252b 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDriverExtension + 18                                               fffff80777fb2532 5 bytes {CALL 0xfffffffffb982d9e}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInternalIoControl + 180                                               fffff80777fb2614 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInternalIoControl + 187                                               fffff80777fb261b 5 bytes {CALL 0xfffffffffb87f655}
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseQueue + 216                                                    fffff80777fb2738 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassReleaseQueue + 223                                                    fffff80777fb273f 5 bytes {CALL 0xfffffffffb8f76c1}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendStartUnit + 47                                                    fffff80777fb28bf 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendStartUnit + 54                                                    fffff80777fb28c6 5 bytes {CALL 0xfffffffffbbb774a}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!DllUnload + 19                                                             fffff80777fb5943 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!DllUnload + 26                                                             fffff80777fb594a 5 bytes {CALL 0xfffffffffb96d266}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassWmiFireEvent + 70                                                     fffff80777fb75f6 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassWmiFireEvent + 77                                                     fffff80777fb75fd 5 bytes {CALL 0xfffffffffbbb2a13}
.text    ...                                                                                                                 * 20
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassStopUnitPowerHandler + 363                                            fffff80777fb7f7b 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassStopUnitPowerHandler + 370                                            fffff80777fb7f82 5 bytes {CALL 0xfffffffffb9b8ace}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoCompleteAssociated + 643                                            fffff80777fc31e3 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\CLASSPNP.SYS!ClassIoCompleteAssociated + 650                                            fffff80777fc31ea 5 bytes {CALL 0xfffffffffbad3b66}
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendDeviceIoControlSynchronous + 48                                   fffff80777fd8040 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSendDeviceIoControlSynchronous + 55                                   fffff80777fd8047 5 bytes {CALL 0xfffffffffb8cc8c9}
PAGE     ...                                                                                                                 * 9
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassRemoveDevice + 46                                                     fffff80777fd994e 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassRemoveDevice + 53                                                     fffff80777fd9955 5 bytes {CALL 0xfffffffffb95b97b}
PAGE     ...                                                                                                                 * 30
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireChildLock + 48                                                 fffff80777fd9fd0 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassAcquireChildLock + 55                                                 fffff80777fd9fd7 5 bytes {CALL 0xfffffffffb8603e9}
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCleanupMediaChangeDetection + 240                                     fffff80777fda0f0 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCleanupMediaChangeDetection + 247                                     fffff80777fda0f7 5 bytes {CALL 0xfffffffffbb8ff19}
PAGE     ...                                                                                                                 * 7
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeleteSrbLookasideList + 27                                           fffff80777fda92b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDeleteSrbLookasideList + 34                                           fffff80777fda932 5 bytes {CALL 0xfffffffffb997f5e}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCreateDeviceObject + 64                                               fffff80777fda9e0 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassCreateDeviceObject + 71                                               fffff80777fda9e7 5 bytes {CALL 0xfffffffffbf53c89}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDeviceParameter + 92                                               fffff80777fdad3c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDeviceParameter + 99                                               fffff80777fdad43 5 bytes {CALL 0xfffffffffbef0a4d}
PAGE     ...                                                                                                                 * 27
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDescriptor + 157                                                   fffff80777fdba5d 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetDescriptor + 164                                                   fffff80777fdba64 5 bytes {CALL 0xfffffffffbb8e5ac}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassScanForSpecial + 299                                                  fffff80777fdc41b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassScanForSpecial + 306                                                  fffff80777fdc422 5 bytes {CALL 0xfffffffffb9bdb3e}
PAGE     ...                                                                                                                 * 13
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassQueryTimeOutRegistryValue + 30                                        fffff80777fdc5ee 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassQueryTimeOutRegistryValue + 37                                        fffff80777fdc5f5 5 bytes {CALL 0xfffffffffb958cdb}
PAGE     ...                                                                                                                 * 22
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassClaimDevice + 117                                                     fffff80777fdd275 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassClaimDevice + 124                                                     fffff80777fdd27c 5 bytes {CALL 0xfffffffffb853a94}
PAGE     ...                                                                                                                 * 5
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeSrbLookasideList + 82                                       fffff80777fdd382 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeSrbLookasideList + 89                                       fffff80777fdd389 5 bytes {CALL 0xfffffffffb993437}
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitialize + 177                                                      fffff80777fdd451 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitialize + 184                                                      fffff80777fdd458 5 bytes {CALL 0xfffffffffb8606f8}
PAGE     ...                                                                                                                 * 30
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeEx + 28                                                     fffff80777fddefc 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeEx + 35                                                     fffff80777fddf03 5 bytes {CALL 0xfffffffffb9573cd}
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetFailurePredictionPoll + 67                                         fffff80777fde023 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetFailurePredictionPoll + 74                                         fffff80777fde02a 5 bytes {CALL 0xfffffffffbb8bfe6}
PAGE     ...                                                                                                                 * 21
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDisableMediaChangeDetection + 37                                      fffff80777fe2785 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassDisableMediaChangeDetection + 44                                      fffff80777fe278c 5 bytes {CALL 0xfffffffffb857c34}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassEnableMediaChangeDetection + 125                                      fffff80777fe286d 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassEnableMediaChangeDetection + 132                                      fffff80777fe2874 5 bytes {CALL 0xfffffffffb857b4c}
PAGE     ...                                                                                                                 * 3
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeMediaChangeDetection + 539                                  fffff80777fe2b7b 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInitializeMediaChangeDetection + 546                                  fffff80777fe2b82 5 bytes {CALL 0xfffffffffb94707e}
PAGE     ...                                                                                                                 * 15
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInvalidateBusRelations + 28                                           fffff80777fe471c 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassInvalidateBusRelations + 35                                           fffff80777fe4723 5 bytes {CALL 0xfffffffffb950bad}
PAGE     ...                                                                                                                 * 4
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassModeSenseEx + 64                                                      fffff80777fe4870 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassModeSenseEx + 71                                                      fffff80777fe4877 5 bytes {CALL 0xfffffffffb950a59}
PAGE     ...                                                                                                                 * 20
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassUpdateInformationInRegistry + 418                                     fffff80777fe4e22 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassUpdateInformationInRegistry + 425                                     fffff80777fe4e29 5 bytes {CALL 0xfffffffffb880747}
PAGE     ...                                                                                                                 * 24
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetFsContext + 113                                                    fffff80777fe5761 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassGetFsContext + 120                                                    fffff80777fe5768 5 bytes {CALL 0xfffffffffb8f71a8}
PAGE     ...                                                                                                                 * 6
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetDeviceParameter + 63                                               fffff80777fe596f 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\drivers\CLASSPNP.SYS!ClassSetDeviceParameter + 70                                               fffff80777fe5976 5 bytes {CALL 0xfffffffffbee5e1a}
PAGE     C:\Windows\System32\Drivers\crashdmp.sys!DriverEntry + 99                                                           fffff807807f3073 2 bytes [4C, 8B]
PAGE     C:\Windows\System32\Drivers\crashdmp.sys!DriverEntry + 106                                                          fffff807807f307a 3 bytes [E8, A1, A3]
.text    C:\Windows\system32\drivers\tbs.sys!DllInitialize + 272                                                             fffff80780551120 5 bytes JMP fffff8078055e2e0
.text    C:\Windows\system32\drivers\tbs.sys!Tbsi_Context_Create + 229                                                       fffff80780552125 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\tbs.sys!Tbsi_Context_Create + 236                                                       fffff8078055212c 5 bytes {CALL 0xfffffffff3466f84}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\tbs.sys!Tbsi_GetDeviceInfo + 124                                                        fffff8078055229c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\tbs.sys!Tbsi_GetDeviceInfo + 131                                                        fffff807805522a3 5 bytes {CALL 0xfffffffff3466e0d}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\tbs.sys!Tbsip_Context_Close + 4                                                         fffff80780552ce4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\tbs.sys!Tbsip_Context_Close + 11                                                        fffff80780552ceb 5 bytes {CALL 0xfffffffff34663c5}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\tbs.sys!Tbsip_TestMorBit + 458                                                          fffff8078055302a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\tbs.sys!Tbsip_TestMorBit + 465                                                          fffff80780553031 5 bytes {CALL 0xfffffffff331d68f}
.text    C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetCommitVidPnStatus + 38                            fffff807814613f6 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetCommitVidPnStatus + 45                            fffff807814613fd 5 bytes {CALL 0xfffffffff24b3863}
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdError + 168                                                  fffff80781461c38 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdError + 175                                                  fffff80781461c3f 5 bytes {CALL 0xfffffffff23a0451}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\drivers\watchdog.sys!SMgrRegisterSessionChangeCallout + 48                                      fffff80781461e70 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!SMgrRegisterSessionChangeCallout + 55                                      fffff80781461e77 5 bytes {CALL 0xfffffffff23d8549}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\watchdog.sys!WdIsDebuggerPresent + 8                                                    fffff80781461f38 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdIsDebuggerPresent + 15                                                   fffff80781461f3f 5 bytes {CALL 0xfffffffff251b391}
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdAssertion + 44                                               fffff80781463e5c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdAssertion + 51                                               fffff80781463e63 5 bytes {CALL 0xfffffffff240279d}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdCriticalError + 20                                           fffff807814640d4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdCriticalError + 27                                           fffff807814640db 5 bytes {CALL 0xfffffffff2402525}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdDebug + 43                                                   fffff807814641db 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdDebug + 50                                                   fffff807814641e2 5 bytes {CALL 0xfffffffff240241e}
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdLowResource + 43                                             fffff8078146446b 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdLogEvent5_WdLowResource + 50                                             fffff80781464472 5 bytes {CALL 0xfffffffff240218e}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\drivers\watchdog.sys!WdQueryDebugFlag + 52                                                      fffff80781464a14 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdQueryDebugFlag + 59                                                      fffff80781464a1b 5 bytes {CALL 0xfffffffff255fd05}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\watchdog.sys!SMgrUnregisterSessionChangeCallout + 35                                    fffff80781464ad3 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!SMgrUnregisterSessionChangeCallout + 42                                    fffff80781464ada 5 bytes {CALL 0xfffffffff23d58e6}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetSetTimingPathInfo + 75                            fffff80781464b6b 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!DisplayScenarioJournalSetSetTimingPathInfo + 82                            fffff80781464b72 5 bytes {CALL 0xfffffffff24b00ee}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\watchdog.sys!WdEnterMonitoredSection + 47                                               fffff80781464d1f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdEnterMonitoredSection + 54                                               fffff80781464d26 5 bytes {CALL 0xfffffffff24450da}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\watchdog.sys!WdExitMonitoredSection + 31                                                fffff80781464daf 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdExitMonitoredSection + 38                                                fffff80781464db6 5 bytes {CALL 0xfffffffff244504a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\watchdog.sys!WdResetDeferredWatch + 17                                                  fffff80781464e31 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdResetDeferredWatch + 24                                                  fffff80781464e38 5 bytes {CALL 0xfffffffff2444fc8}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\watchdog.sys!WdStartDeferredWatch + 33                                                  fffff80781464ed1 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdStartDeferredWatch + 40                                                  fffff80781464ed8 5 bytes {CALL 0xfffffffff2444f28}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\watchdog.sys!WdStopDeferredWatch + 22                                                   fffff80781464f76 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdStopDeferredWatch + 29                                                   fffff80781464f7d 5 bytes {CALL 0xfffffffff2444e83}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\watchdog.sys!WdSuspendDeferredWatch + 33                                                fffff80781465071 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdSuspendDeferredWatch + 40                                                fffff80781465078 5 bytes {CALL 0xfffffffff23c2ab8}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\drivers\watchdog.sys!WdResetWatch + 22                                                          fffff80781465356 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdResetWatch + 29                                                          fffff8078146535d 5 bytes {CALL 0xfffffffff2444aa3}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\watchdog.sys!WdResumeWatch + 39                                                         fffff80781465417 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdResumeWatch + 46                                                         fffff8078146541e 5 bytes {CALL 0xfffffffff24449e2}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\watchdog.sys!WdStartWatch + 47                                                          fffff8078146550f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdStartWatch + 54                                                          fffff80781465516 5 bytes {CALL 0xfffffffff24448ea}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\watchdog.sys!WdStopWatch + 30                                                           fffff807814655de 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdStopWatch + 37                                                           fffff807814655e5 5 bytes {CALL 0xfffffffff244481b}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\watchdog.sys!WdSuspendWatch + 22                                                        fffff807814656b6 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdSuspendWatch + 29                                                        fffff807814656bd 5 bytes {CALL 0xfffffffff2444743}
.text    ...                                                                                                                 * 20
.text    C:\Windows\System32\drivers\watchdog.sys!WdAttachContext + 20                                                       fffff807814658b4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdAttachContext + 27                                                       fffff807814658bb 5 bytes {CALL 0xfffffffff2704755}
.text    C:\Windows\System32\drivers\watchdog.sys!WdCompleteEvent + 30                                                       fffff807814658ee 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdCompleteEvent + 37                                                       fffff807814658f5 5 bytes {CALL 0xfffffffff23d2f5b}
.text    C:\Windows\System32\drivers\watchdog.sys!WdDetachContext + 15                                                       fffff8078146595f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdDetachContext + 22                                                       fffff80781465966 5 bytes {CALL 0xfffffffff270473a}
.text    C:\Windows\System32\drivers\watchdog.sys!WdGetDeviceObject + 13                                                     fffff8078146598d 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdGetDeviceObject + 20                                                     fffff80781465994 5 bytes {CALL 0xfffffffff23d2f8c}
.text    C:\Windows\System32\drivers\watchdog.sys!WdGetLowestDeviceObject + 8                                                fffff807814659c8 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdGetLowestDeviceObject + 15                                               fffff807814659cf 5 bytes {CALL 0xfffffffff23ffe51}
.text    C:\Windows\System32\drivers\watchdog.sys!WdReferenceObject + 25                                                     fffff807814659f9 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdReferenceObject + 32                                                     fffff80781465a00 5 bytes {CALL 0xfffffffff23d2e50}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\watchdog.sys!WdDiagIsTracingEnabled + 19                                                fffff80781465b63 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\watchdog.sys!WdDiagIsTracingEnabled + 26                                                fffff80781465b6a 5 bytes {CALL 0xfffffffff23da996}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiMapUserRequest + 141                                                         fffff8078153116d 3 bytes [4C, 8B, 15]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiMapUserRequest + 148                                                         fffff80781531174 5 bytes JMP fffff80773999140
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiInitialize + 176                                                             fffff80781531230 5 bytes JMP fffff807815402e0
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEAllocateString + 31                                                          fffff80781531adf 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEAllocateString + 38                                                          fffff80781531ae6 5 bytes {CALL 0xfffffffff263852a}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEBlock + 32                                                                   fffff80781531b40 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEBlock + 39                                                                   fffff80781531b47 5 bytes {CALL 0xfffffffff2308879}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitEvent + 23                                                               fffff80781531bc7 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitEvent + 30                                                               fffff80781531bce 5 bytes {CALL 0xfffffffff2369f72}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitString + 30                                                              fffff80781531c1e 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitString + 37                                                              fffff80781531c25 5 bytes {CALL 0xfffffffff233394b}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitTimer + 33                                                               fffff80781531cc1 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInitTimer + 40                                                               fffff80781531cc8 5 bytes {CALL 0xfffffffff237d938}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInsertBlockTracker + 33                                                      fffff80781531d21 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEInsertBlockTracker + 40                                                      fffff80781531d28 5 bytes {CALL 0xfffffffff23780d8}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTERemoveBlockTracker + 16                                                      fffff80781531d90 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTERemoveBlockTracker + 23                                                      fffff80781531d97 5 bytes {CALL 0xfffffffff2378069}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleCriticalEvent + 30                                                   fffff80781531dfe 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleCriticalEvent + 37                                                   fffff80781531e05 5 bytes {CALL 0xfffffffff2377ffb}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleDelayedEvent + 30                                                    fffff80781531e8e 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEScheduleDelayedEvent + 37                                                    fffff80781531e95 5 bytes {CALL 0xfffffffff2377f6b}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTESignal + 15                                                                  fffff80781531f0f 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTESignal + 22                                                                  fffff80781531f16 5 bytes {CALL 0xfffffffff2315a9a}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEStartTimer + 41                                                              fffff80781531f59 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTEStartTimer + 48                                                              fffff80781531f60 5 bytes {CALL 0xfffffffff23397d0}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTESystemUpTime + 108                                                           fffff80781531fec 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!CTESystemUpTime + 115                                                           fffff80781531ff3 5 bytes {CALL 0xfffffffff2377e0d}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\DRIVERS\TDI.SYS!DllInitialize + 16                                                              fffff80781532080 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!DllInitialize + 23                                                              fffff80781532087 5 bytes {CALL 0xfffffffff2369ab9}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\DRIVERS\TDI.SYS!DllUnload + 4                                                                   fffff80781532194 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!DllUnload + 11                                                                  fffff8078153219b 5 bytes {CALL 0xfffffffff627b6f5}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyBufferToMdlWithReservedMappingAtDpcLevel + 79                            fffff8078153230f 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyBufferToMdlWithReservedMappingAtDpcLevel + 86                            fffff80781532316 5 bytes {CALL 0xfffffffff22f581a}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlChainToMdlChain + 102                                                 fffff807815324a6 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlChainToMdlChain + 109                                                 fffff807815324ad 5 bytes {CALL 0xfffffffff22ed643}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlToBuffer + 78                                                         fffff8078153274e 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiCopyMdlToBuffer + 85                                                         fffff80781532755 5 bytes {CALL 0xfffffffff22ed39b}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiOpenNetbiosAddress + 356                                                     fffff80781532ab4 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiOpenNetbiosAddress + 363                                                     fffff80781532abb 5 bytes {CALL 0xfffffffff28faab5}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiReturnChainedReceives + 4                                                    fffff80781532af4 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiReturnChainedReceives + 11                                                   fffff80781532afb 5 bytes {CALL 0xfffffffff6295e95}
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiEnumerateAddresses + 102                                                     fffff80781532d36 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiEnumerateAddresses + 109                                                     fffff80781532d3d 5 bytes {CALL 0xfffffffff23770c3}
.text    ...                                                                                                                 * 22
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiGet9FTriageBlock + 86                                                        fffff807815332a6 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiGet9FTriageBlock + 93                                                        fffff807815332ad 5 bytes {CALL 0xfffffffff28f30e3}
.text    ...                                                                                                                 * 28
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiIsIPTransportSupported + 16                                                  fffff80781533990 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiIsIPTransportSupported + 23                                                  fffff80781533997 5 bytes {CALL 0xfffffffff29ab379}
.text    ...                                                                                                                 * 25
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerComplete + 135                                                       fffff80781533f47 4 bytes [E8, 54, C3, 00]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerComplete + 140                                                       fffff80781533f4c 1 byte [90]
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerRequest + 41                                                         fffff80781534019 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiPnPPowerRequest + 48                                                         fffff80781534020 5 bytes {CALL 0xfffffffff2635ff0}
.text    ...                                                                                                                 * 25
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterDeviceObject + 38                                                    fffff80781534346 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterDeviceObject + 45                                                    fffff8078153434d 5 bytes {CALL 0xfffffffff2635cc3}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterNetAddress + 49                                                      fffff80781534471 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterNetAddress + 56                                                      fffff80781534478 5 bytes {CALL 0xfffffffff2635b98}
.text    ...                                                                                                                 * 16
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterPnPHandlers + 82                                                     fffff807815346d2 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterPnPHandlers + 89                                                     fffff807815346d9 5 bytes {CALL 0xfffffffff2635937}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterProvider + 38                                                        fffff807815348b6 2 bytes [4C, 8B]
.text    C:\Windows\system32\DRIVERS\TDI.SYS!TdiRegisterProvider + 45                                                        fffff807815348bd 5 bytes {CALL 0xfffffffff2635753}
.text    C:\Windows\System32\drivers\vwififlt.sys!DllInitialize + 749                                                        fffff80780cf20bd 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\vwififlt.sys!DllInitialize + 756                                                        fffff80780cf20c4 5 bytes {CALL 0xfffffffff6a5812c}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\vwififlt.sys!FExCancelSendNetBufferLists + 126                                          fffff80780cfafde 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\vwififlt.sys!FExCancelSendNetBufferLists + 133                                          fffff80780cfafe5 5 bytes {CALL 0xfffffffff6ac246b}
.text    C:\Windows\System32\drivers\vwififlt.sys!FExMpRegistrationComplete + 31                                             fffff80780cfb30f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\vwififlt.sys!FExMpRegistrationComplete + 38                                             fffff80780cfb316 5 bytes {CALL 0xfffffffff6a4eeda}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\vwififlt.sys!FExRegisterMp + 631                                                        fffff80780cfb747 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\vwififlt.sys!FExRegisterMp + 638                                                        fffff80780cfb74e 5 bytes {CALL 0xfffffffff6a72792}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\vwififlt.sys!FExStopMp + 899                                                            fffff80780cfcb63 4 bytes [E8, 38, D7, 00]
.text    C:\Windows\System32\drivers\vwififlt.sys!FExStopMp + 904                                                            fffff80780cfcb68 1 byte [90]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvFlushEventLogBuffer + 731                                               fffff807818e13fb 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvFlushEventLogBuffer + 738                                               fffff807818e1402 5 bytes {CALL 0xfffffffff1f5764e}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSignalEvent + 151                                                       fffff807818e1647 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSignalEvent + 158                                                       fffff807818e164e 5 bytes {CALL 0xfffffffff2260142}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvGetVpRegisters + 301                                                    fffff807818e17fd 3 bytes [4C, 8B, 15]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvGetVpRegisters + 308                                                    fffff807818e1804 5 bytes JMP fffff80773999140
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateOverlayPages + 96                                               fffff807818e4140 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateOverlayPages + 103                                              fffff807818e4147 5 bytes {CALL 0xfffffffff2015419}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvFreeOverlayPages + 4                                                    fffff807818e41b4 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvFreeOverlayPages + 11                                                   fffff807818e41bb 5 bytes {CALL 0xfffffffff2014585}
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvAllocatePartitionSintIndex + 151                                        fffff807818e4617 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvAllocatePartitionSintIndex + 158                                        fffff807818e461e 5 bytes {CALL 0xfffffffff1fcb9f2}
.text    ...                                                                                                                 * 19
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateSingleSintIndex + 157                                           fffff807818e48fd 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvAllocateSingleSintIndex + 164                                           fffff807818e4904 5 bytes {CALL 0xfffffffff1fcb70c}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetSint + 72                                                            fffff807818e4f38 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetSint + 79                                                            fffff807818e4f3f 5 bytes {CALL 0xfffffffff201aea1}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetSintOnCurrentProcessor + 191                                         fffff807818e50af 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetSintOnCurrentProcessor + 198                                         fffff807818e50b6 5 bytes {CALL 0xfffffffff1fcaf5a}
.text    ...                                                                                                                 * 21
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvCancelTimer + 113                                                       fffff807818e5581 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvCancelTimer + 120                                                       fffff807818e5588 5 bytes {CALL 0xfffffffff1feb0a8}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetAbsoluteTimer + 54                                                   fffff807818e5706 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetAbsoluteTimer + 61                                                   fffff807818e570d 5 bytes {CALL 0xfffffffff1f80ef3}
.text    ...                                                                                                                 * 23
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvGetXsaveData + 202                                                      fffff807818e5e4a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvGetXsaveData + 209                                                      fffff807818e5e51 5 bytes {CALL 0xfffffffff228424f}
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvProcessorNumberToVpIndex + 27                                           fffff807818e5f8b 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvProcessorNumberToVpIndex + 34                                           fffff807818e5f92 5 bytes {CALL 0xfffffffff1fc980e}
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetXsaveData + 198                                                      fffff807818e6166 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetXsaveData + 205                                                      fffff807818e616d 5 bytes {CALL 0xfffffffff2283f33}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvEnableVpVtl + 339                                                       fffff807818e68d3 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvEnableVpVtl + 346                                                       fffff807818e68da 5 bytes {CALL 0xfffffffff1f7fd26}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvFinalizePartition + 53                                                  fffff807818e7005 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvFinalizePartition + 60                                                  fffff807818e700c 5 bytes {CALL 0xfffffffff1f7f5f4}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetInterceptRoutine + 36                                                fffff807818e7354 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetInterceptRoutine + 43                                                fffff807818e735b 5 bytes {CALL 0xfffffffff1f516f5}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetLowMemoryPolicyRoutine + 36                                          fffff807818e7434 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetLowMemoryPolicyRoutine + 43                                          fffff807818e743b 5 bytes {CALL 0xfffffffff1f51615}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetPartitionProperty + 533                                              fffff807818e7705 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetPartitionProperty + 540                                              fffff807818e770c 5 bytes {CALL 0xfffffffff2282904}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetLogicalProcessorRegisters + 335                                      fffff807818e8c1f 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetLogicalProcessorRegisters + 342                                      fffff807818e8c26 5 bytes {CALL 0xfffffffff203826a}
.text    ...                                                                                                                 * 13
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvWithdrawAllMemory + 260                                                 fffff807818e9594 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvWithdrawAllMemory + 267                                                 fffff807818e959b 5 bytes {CALL 0xfffffffff201af35}
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvNotifyStandbyTransition + 188                                           fffff807818e969c 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvNotifyStandbyTransition + 195                                           fffff807818e96a3 5 bytes {CALL 0xfffffffff22809fd}
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetDispatchNotificationEvent + 190                                      fffff807818e9cbe 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\winhvr.sys!WinHvSetDispatchNotificationEvent + 197                                      fffff807818e9cc5 5 bytes {CALL 0xfffffffff2257a7b}
.text    C:\Windows\System32\drivers\kdnic.sys!CreateNetworkAdapter + 33                                                     fffff80781921751 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\kdnic.sys!CreateNetworkAdapter + 40                                                     fffff80781921758 5 bytes {CALL 0xfffffffff2214218}
.text    C:\Windows\system32\drivers\ks.sys!KsFreeObjectHeader + 65                                                          fffff80781e11051 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsFreeObjectHeader + 72                                                          fffff80781e11058 5 bytes {CALL 0xfffffffff1d59048}
.text    ...                                                                                                                 * 14
.text    C:\Windows\system32\drivers\ks.sys!KsGetFilterFromIrp + 306                                                         fffff80781e117c2 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGetFilterFromIrp + 313                                                         fffff80781e117c9 5 bytes {CALL 0xfffffffff1b88567}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\ks.sys!KsUnregisterWorker + 20                                                          fffff80781e119f4 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsUnregisterWorker + 27                                                          fffff80781e119fb 5 bytes {CALL 0xfffffffff1a98405}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\ks.sys!KsRemoveIrpFromCancelableQueue + 44                                              fffff80781e11a7c 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsRemoveIrpFromCancelableQueue + 51                                              fffff80781e11a83 5 bytes {CALL 0xfffffffff1a9837d}
.text    ...                                                                                                                 * 19
.text    C:\Windows\system32\drivers\ks.sys!KsGetDefaultClockTime + 57                                                       fffff80781e14629 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGetDefaultClockTime + 64                                                       fffff80781e14630 5 bytes {CALL 0xfffffffff249f190}
.text    C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockState + 53                                                      fffff80781e146c5 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockState + 60                                                      fffff80781e146cc 5 bytes {CALL 0xfffffffff249f0f4}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockTime + 49                                                       fffff80781e14831 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsSetDefaultClockTime + 56                                                       fffff80781e14838 5 bytes {CALL 0xfffffffff249ef88}
.text    C:\Windows\system32\drivers\ks.sys!KsiDefaultClockAddMarkEvent + 87                                                 fffff80781e148f7 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsiDefaultClockAddMarkEvent + 94                                                 fffff80781e148fe 5 bytes {CALL 0xfffffffff1a95502}
.text    ...                                                                                                                 * 23
.text    C:\Windows\system32\drivers\ks.sys!KsDiscardEvent + 22                                                              fffff80781e14d36 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsDiscardEvent + 29                                                              fffff80781e14d3d 5 bytes {CALL 0xfffffffff1ac5ca3}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateDataEvent + 81                                                         fffff80781e14e91 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateDataEvent + 88                                                         fffff80781e14e98 5 bytes {CALL 0xfffffffff1d55178}
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateEvent + 160                                                            fffff80781e14fb0 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateEvent + 167                                                            fffff80781e14fb7 5 bytes {CALL 0xfffffffff1ab10c9}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateEventList + 305                                                        fffff80781e15301 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateEventList + 312                                                        fffff80781e15308 5 bytes {CALL 0xfffffffff1d54d08}
.text    ...                                                                                                                 * 13
.text    C:\Windows\system32\drivers\ks.sys!KsAddIrpToCancelableQueue + 70                                                   fffff80781e15476 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsAddIrpToCancelableQueue + 77                                                   fffff80781e1547d 5 bytes {CALL 0xfffffffff1a94983}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\ks.sys!KsCancelIo + 29                                                                  fffff80781e1557d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsCancelIo + 36                                                                  fffff80781e15584 5 bytes {CALL 0xfffffffff1a9487c}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\ks.sys!KsCancelRoutine + 23                                                             fffff80781e15637 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsCancelRoutine + 30                                                             fffff80781e1563e 5 bytes {CALL 0xfffffffff1a124f2}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\ks.sys!KsDefaultDispatchPower + 74                                                      fffff80781e1570a 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsDefaultDispatchPower + 81                                                      fffff80781e15711 5 bytes {CALL 0xfffffffff1a2848f}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\ks.sys!KsMoveIrpsOnCancelableQueue + 54                                                 fffff80781e15846 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsMoveIrpsOnCancelableQueue + 61                                                 fffff80781e1584d 5 bytes {CALL 0xfffffffff1a92503}
.text    ...                                                                                                                 * 17
.text    C:\Windows\system32\drivers\ks.sys!KsReleaseIrpOnCancelableQueue + 42                                               fffff80781e159fa 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsReleaseIrpOnCancelableQueue + 49                                               fffff80781e15a01 5 bytes {CALL 0xfffffffff1a943ff}
.text    ...                                                                                                                 * 8
.text    C:\Windows\system32\drivers\ks.sys!KsRemoveSpecificIrpFromCancelableQueue + 16                                      fffff80781e15a90 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsRemoveSpecificIrpFromCancelableQueue + 23                                      fffff80781e15a97 5 bytes {CALL 0xfffffffff1a94369}
.text    ...                                                                                                                 * 3
.text    C:\Windows\system32\drivers\ks.sys!KsSetPowerDispatch + 81                                                          fffff80781e15b41 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsSetPowerDispatch + 88                                                          fffff80781e15b48 5 bytes {CALL 0xfffffffff1a28058}
.text    ...                                                                                                                 * 21
.text    C:\Windows\system32\drivers\ks.sys!KsQueueWorkItem + 30                                                             fffff80781e15fde 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsQueueWorkItem + 37                                                             fffff80781e15fe5 5 bytes {CALL 0xfffffffff1a93e1b}
.text    ...                                                                                                                 * 21
.text    C:\Windows\system32\drivers\ks.sys!KsGetImageNameAndResourceId + 149                                                fffff80781e16215 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGetImageNameAndResourceId + 156                                                fffff80781e1621c 5 bytes {CALL 0xfffffffff1d53df4}
.text    ...                                                                                                                 * 15
.text    C:\Windows\system32\drivers\ks.sys!??_FCBaseUnknown@@QEAAXXZ + 462                                                  fffff80781e1665e 6 bytes {CALL 0x71c42}
.text    C:\Windows\system32\drivers\ks.sys!??_FCBaseUnknown@@QEAAXXZ + 543                                                  fffff80781e166af 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\ks.sys!KsCompletePendingRequest + 77                                                    fffff80781e16e8d 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsCompletePendingRequest + 84                                                    fffff80781e16e94 5 bytes {CALL 0xfffffffff1a2fcbc}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\ks.sys!KsDeviceGetBusData + 119                                                         fffff80781e16fa7 6 bytes {CALL 0x712f9}
.text    C:\Windows\system32\drivers\ks.sys!KsDeviceSetBusData + 119                                                         fffff80781e17057 6 bytes {CALL 0x71249}
.text    C:\Windows\system32\drivers\ks.sys!KsDeviceSetBusData + 381                                                         fffff80781e1715d 6 bytes {CALL 0x71143}
.text    ...                                                                                                                 * 7
.text    C:\Windows\system32\drivers\ks.sys!KsFilterAttemptProcessing + 79                                                   fffff80781e18f3f 6 bytes {CALL 0x6f361}
.text    C:\Windows\system32\drivers\ks.sys!KsFilterAttemptProcessing + 95                                                   fffff80781e18f4f 6 bytes {CALL 0x6f351}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\ks.sys!KsFilterGetAndGate + 69                                                          fffff80781e18fd5 6 bytes {CALL 0x6f2cb}
.text    C:\Windows\system32\drivers\ks.sys!KsGetNodeIdFromIrp + 253                                                         fffff80781e1915d 6 bytes {CALL 0x6f143}
.text    C:\Windows\system32\drivers\ks.sys!KsGetNodeIdFromIrp + 367                                                         fffff80781e191cf 6 bytes {CALL 0x6f0d1}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateEvents + 131                                                           fffff80781e192c3 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsGenerateEvents + 138                                                           fffff80781e192ca 5 bytes {CALL 0xfffffffff1a90b36}
.text    ...                                                                                                                 * 4
.text    C:\Windows\system32\drivers\ks.sys!KsGetObjectTypeFromIrp + 182                                                     fffff80781e194f6 6 bytes {CALL 0x6edaa}
.text    C:\Windows\system32\drivers\ks.sys!KsGetObjectTypeFromIrp + 303                                                     fffff80781e1956f 6 bytes {CALL 0x6ed31}
.text    ...                                                                                                                 * 11
.text    C:\Windows\system32\drivers\ks.sys!KsPinAttemptProcessing + 79                                                      fffff80781e1a79f 6 bytes {CALL 0x6db01}
.text    C:\Windows\system32\drivers\ks.sys!KsPinAttemptProcessing + 95                                                      fffff80781e1a7af 6 bytes {CALL 0x6daf1}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\ks.sys!KsPinGetAndGate + 69                                                             fffff80781e1a835 6 bytes {CALL 0x6da6b}
.text    C:\Windows\system32\drivers\ks.sys!KsPinSubmitFrameMdl + 120                                                        fffff80781e1aa48 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\ks.sys!KsPinSubmitFrameMdl + 127                                                        fffff80781e1aa4f 5 bytes {CALL 0xfffffffff1a050a1}
.text    C:\Windows\system32\drivers\ks.sys!KsProcessPinUpdate + 138                                                         fffff80781e1ab3a 6 bytes {CALL 0x6d766}
.text    C:\Windows\system32\drivers\ks.sys!KsProcessPinUpdate + 692                                                         fffff80781e1ad64 6 bytes {CALL 0x6d53c}
.text    ...                                                                                                                 * 5
.text    C:\Windows\system32\drivers\ks.sys!KsPinGetAvailableByteCount + 113                                                 fffff80781e1f121 6 bytes {CALL 0x6917f}
.text    C:\Windows\system32\drivers\ks.sys!KsPinGetFirstCloneStreamPointer + 92                                             fffff80781e1f1ac 6 bytes {CALL 0x690f4}
.text    C:\Windows\system32\drivers\ks.sys!KsPinGetLeadingEdgeStreamPointer + 100                                           fffff80781e1f234 6 bytes {CALL 0x6906c}
.text    C:\Windows\system32\drivers\ks.sys!KsPinGetTrailingEdgeStreamPointer + 100                                          fffff80781e1f2c4 6 bytes {CALL 0x68fdc}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvance + 91                                                      fffff80781e1f34b 6 bytes {CALL 0x68f55}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvance + 111                                                     fffff80781e1f35f 6 bytes {CALL 0x68f41}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsets + 248                                              fffff80781e1f4a8 6 bytes {CALL 0x68df8}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsets + 276                                              fffff80781e1f4c4 6 bytes {CALL 0x68ddc}
.text    ...                                                                                                                 * 2
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsetsAndUnlock + 230                                     fffff80781e1f606 6 bytes {CALL 0x68c9a}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerAdvanceOffsetsAndUnlock + 261                                     fffff80781e1f625 6 bytes {CALL 0x68c7b}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerCancelTimeout + 73                                                fffff80781e1f699 6 bytes {CALL 0x68c07}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerClone + 127                                                       fffff80781e1f72f 6 bytes {CALL 0x68b71}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerDelete + 75                                                       fffff80781e1f7ab 6 bytes {CALL 0x68af5}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerGetNextClone + 73                                                 fffff80781e1f919 6 bytes {CALL 0x68987}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerLock + 88                                                         fffff80781e1f998 6 bytes {CALL 0x68908}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerScheduleTimeout + 94                                              fffff80781e1fa1e 6 bytes {CALL 0x68882}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerSetStatusCode + 87                                                fffff80781e1fa97 6 bytes {CALL 0x68809}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerUnlock + 93                                                       fffff80781e1fb0d 6 bytes {CALL 0x68793}
.text    C:\Windows\system32\drivers\ks.sys!KsStreamPointerUnlock + 138                                                      fffff80781e1fb3a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!DllInitialize + 158                                                            fffff807839410ae 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!DllInitialize + 165                                                            fffff807839410b5 5 bytes {CALL 0xfffffffff059080b}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_AllocateHubNumber + 43                                                    fffff807839411db 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_AllocateHubNumber + 50                                                    fffff807839411e2 5 bytes {CALL 0xffffffffefef91de}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_RegisterHcFilter + 176                                                    fffff80783941370 5 bytes JMP fffff8078394e2e0
.text    C:\Windows\System32\drivers\USBD.SYS!DllUnload + 73                                                                 fffff80783941839 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!DllUnload + 80                                                                 fffff80783941840 5 bytes {CALL 0xfffffffff0228860}
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequest + 166                                          fffff80783941996 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequest + 173                                          fffff8078394199d 5 bytes {CALL 0xfffffffff0228673}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequestEx + 199                                        fffff80783941b17 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_CreateConfigurationRequestEx + 206                                        fffff80783941b1e 5 bytes {CALL 0xfffffffff02284f2}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_GetPdoRegistryParameter + 40                                              fffff80783941db8 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_GetPdoRegistryParameter + 47                                              fffff80783941dbf 5 bytes {CALL 0xfffffffff05899d1}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_GetRegistryKeyValue + 35                                                  fffff80783941e33 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_GetRegistryKeyValue + 42                                                  fffff80783941e3a 5 bytes {CALL 0xffffffffefefbd16}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_ValidateConfigurationDescriptor + 256                                     fffff807839425b0 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_ValidateConfigurationDescriptor + 263                                     fffff807839425b7 5 bytes {CALL 0xfffffffff0227a59}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_AddDeviceToGlobalList + 50                                                fffff80783942a92 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_AddDeviceToGlobalList + 57                                                fffff80783942a99 5 bytes {CALL 0xffffffffeff67367}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_MarkDeviceAsDisconnected + 16                                             fffff80783942d00 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_MarkDeviceAsDisconnected + 23                                             fffff80783942d07 5 bytes {CALL 0xffffffffeff670f9}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_ReleaseHubNumber + 42                                                     fffff80783942d8a 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_ReleaseHubNumber + 49                                                     fffff80783942d91 5 bytes {CALL 0xffffffffefef762f}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_RemoveDeviceFromGlobalList + 25                                           fffff80783942df9 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\USBD.SYS!USBD_RemoveDeviceFromGlobalList + 32                                           fffff80783942e00 5 bytes {CALL 0xffffffffeff67000}
.text    C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_UsageAndPageListDifference + 688                                      fffff80783db2910 5 bytes JMP fffff80783dc32e0
.text    C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_FreeCollectionDescription + 32                                        fffff80783db3140 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_FreeCollectionDescription + 39                                        fffff80783db3147 5 bytes {CALL 0xffffffffefdb6f59}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_SetUsageValueArray + 867                                              fffff80783db4d93 4 bytes [E8, 08, E5, 00]
.text    C:\Windows\System32\drivers\HIDPARSE.SYS!HidP_SetUsageValueArray + 872                                              fffff80783db4d98 1 byte [90]
.text    C:\Windows\System32\drivers\HIDCLASS.SYS!HidNotifyPresence + 149                                                    fffff80783a12e45 2 bytes [4C, 8B]
.text    C:\Windows\System32\drivers\HIDCLASS.SYS!HidNotifyPresence + 156                                                    fffff80783a12e4c 5 bytes {CALL 0xffffffffeff45904}
.text    C:\Windows\system32\drivers\winquic.sys!WinQuicOpen + 787                                                           fffff80783eb1b23 2 bytes [4C, 8B]
.text    C:\Windows\system32\drivers\winquic.sys!WinQuicOpen + 794                                                           fffff80783eb1b2a 5 bytes {CALL 0xffffffffefa2b296}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreePool + 32                                                          fffff807bfc72030 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreePool + 39                                                          fffff807bfc72037 5 bytes {CALL 0xffffffffb3ef8069}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTag + 47                                               fffff807bfc7207f 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTag + 54                                               fffff807bfc72086 5 bytes {CALL 0xffffffffb3ef7f8a}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateMemStatistics + 526                                              fffff807bfc722de 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateMemStatistics + 533                                              fffff807bfc722e5 5 bytes {CALL 0xffffffffb3bc4a3b}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibIsNetworkAddress + 148                                                 fffff807bfc726a4 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibIsNetworkAddress + 155                                                 fffff807bfc726ab 5 bytes {CALL 0xffffffffb3cbb645}
.text    ...                                                                                                                 * 23
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSendData + 204                                                         fffff807bfc7514c 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSendData + 211                                                         fffff807bfc75153 5 bytes {CALL 0xffffffffb3bdf35d}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreeBuffer + 311                                                       fffff807bfc75847 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetFreeBuffer + 318                                                       fffff807bfc7584e 5 bytes {CALL 0xffffffffb3c91332}
.text    ...                                                                                                                 * 13
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBufferNoTransportHeader + 135                                  fffff807bfc765d7 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBufferNoTransportHeader + 142                                  fffff807bfc765de 5 bytes {CALL 0xffffffffb3d4e142}
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBuffer + 146                                                   fffff807bfc767c2 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateBuffer + 153                                                   fffff807bfc767c9 5 bytes {CALL 0xffffffffb3d4df57}
.text    ...                                                                                                                 * 22
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetRegisterClient + 106                                                   fffff807bfc76a9a 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetRegisterClient + 113                                                   fffff807bfc76aa1 5 bytes {CALL 0xffffffffb3c2509f}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisconnectConnection + 67                                              fffff807bfc76ec3 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisconnectConnection + 74                                              fffff807bfc76eca 5 bytes {CALL 0xffffffffb3c32f36}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetCloseConnection + 22                                                   fffff807bfc76fe6 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetCloseConnection + 29                                                   fffff807bfc76fed 5 bytes {CALL 0xffffffffb3c32e13}
.text    ...                                                                                                                 * 29
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterFile + 46                                                    fffff807bfc7757e 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterFile + 53                                                    fffff807bfc77585 5 bytes {CALL 0xffffffffb3bbf79b}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterProvider + 17                                              fffff807bfc78361 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterProvider + 24                                              fffff807bfc78368 5 bytes {CALL 0xffffffffb3bbe5d8}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterProvider + 189                                               fffff807bfc7868d 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterProvider + 196                                               fffff807bfc78694 5 bytes {CALL 0xffffffffb3bbe2ac}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAnonymousLists + 15                                           fffff807bfc787df 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAnonymousLists + 22                                           fffff807bfc787e6 5 bytes {CALL 0xffffffffb3bbe15a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterSession + 285                                              fffff807bfc78a6d 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterSession + 292                                              fffff807bfc78a74 5 bytes {CALL 0xffffffffb3bc0aac}
.text    ...                                                                                                                 * 4
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterTreeConnect + 378                                            fffff807bfc791da 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRegisterTreeConnect + 385                                            fffff807bfc791e1 5 bytes {CALL 0xffffffffb3bc017f}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterFile + 35                                                  fffff807bfc792d3 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDeregisterFile + 42                                                  fffff807bfc792da 5 bytes {CALL 0xffffffffb3bbda46}
.text    ...                                                                                                                 * 16
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAllowedServerNameList + 13                                    fffff807bfc79b9d 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshAllowedServerNameList + 20                                    fffff807bfc79ba4 5 bytes {CALL 0xffffffffb3bbcd9c}
.text    ...                                                                                                                 * 20
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCheckAccess + 60                                                       fffff807bfc7a0bc 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCheckAccess + 67                                                       fffff807bfc7a0c3 5 bytes {CALL 0xffffffffb4168c7d}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshPipeList + 24                                                 fffff807bfc7a298 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRefreshPipeList + 31                                                 fffff807bfc7a29f 5 bytes {CALL 0xffffffffb3bbc6a1}
.text    ...                                                                                                                 * 24
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibSeAccessCheck + 313                                                    fffff807bfc7b509 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibSeAccessCheck + 320                                                    fffff807bfc7b510 5 bytes {CALL 0xffffffffb3cd4940}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibQueryLicensingDWord + 39                                               fffff807bfc7cce7 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibQueryLicensingDWord + 46                                               fffff807bfc7ccee 5 bytes {CALL 0xffffffffb3bc0e62}
.text    ...                                                                                                                 * 25
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsRdmaConnection + 155                                                 fffff807bfc7d31b 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsRdmaConnection + 162                                                 fffff807bfc7d322 5 bytes {CALL 0xffffffffb3c7db2e}
.text    ...                                                                                                                 * 17
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementClose + 106                                         fffff807bfc7d69a 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementClose + 113                                         fffff807bfc7d6a1 5 bytes {CALL 0xffffffffb3be724f}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementPreventIdle + 69                                    fffff807bfc7d6f5 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFilePowerManagementPreventIdle + 76                                    fffff807bfc7d6fc 1 byte [E8]
.text    ...                                                                                                                 * 2
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableRemove + 115                                                fffff807bfc7d943 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableRemove + 122                                                fffff807bfc7d94a 5 bytes {CALL 0xffffffffb69e4366}
.text    ...                                                                                                                 * 9
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableInsert + 52                                                 fffff807bfc7db04 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyTableInsert + 59                                                 fffff807bfc7db0b 5 bytes {CALL 0xffffffffb3eec505}
.text    ...                                                                                                                 * 14
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditForceAccess + 26                                                  fffff807bfc7de0a 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditForceAccess + 33                                                  fffff807bfc7de11 5 bytes {CALL 0xffffffffb417527f}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateStatisticsFromQueues + 42                                        fffff807bfc7de7a 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetUpdateStatisticsFromQueues + 49                                        fffff807bfc7de81 5 bytes {CALL 0xffffffffb3c2bf7f}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSuccessEnabled + 6                                                fffff807bfc7dfa6 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSuccessEnabled + 13                                               fffff807bfc7dfad 5 bytes {CALL 0xffffffffb41e9f93}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoCreateSigningKey + 238                                              fffff807bfc7e21e 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoCreateSigningKey + 245                                              fffff807bfc7e225 5 bytes {CALL 0xffffffffb3eebdeb}
.text    ...                                                                                                                 * 13
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAddOrDelete + 349                                            fffff807bfc7e64d 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAddOrDelete + 356                                            fffff807bfc7e654 5 bytes {CALL 0xffffffffb3bbf4fc}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareConnect + 130                                                fffff807bfc7e822 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareConnect + 137                                                fffff807bfc7e829 5 bytes {CALL 0xffffffffb3bbf327}
.text    ...                                                                                                                 * 24
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminEvaluateServerAlias + 51                                             fffff807bfc7ec43 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminEvaluateServerAlias + 58                                             fffff807bfc7ec4a 5 bytes {CALL 0xffffffffb3bb80d6}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringA + 83                                       fffff807bfc7f033 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringA + 90                                       fffff807bfc7f03a 5 bytes {CALL 0xffffffffb3cc03f6}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAllocateNameList + 343                                                 fffff807bfc7f517 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAllocateNameList + 350                                                 fffff807bfc7f51e 5 bytes {CALL 0xffffffffb3bb7422}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoUpdatePreauthIntegrityHashValue + 38                                fffff807bfc7f666 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoUpdatePreauthIntegrityHashValue + 45                                fffff807bfc7f66d 5 bytes {CALL 0xffffffffb69e2103}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCreateSelfSD + 107                                                     fffff807bfc7f73b 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibCreateSelfSD + 114                                                     fffff807bfc7f742 5 bytes {CALL 0xffffffffb3b841de}
.text    ...                                                                                                                 * 23
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminTakeActionToAllowPowerDown + 131                                     fffff807bfc7fe13 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminTakeActionToAllowPowerDown + 138                                     fffff807bfc7fe1a 5 bytes {CALL 0xffffffffb3bbdd86}
.text    ...                                                                                                                 * 18
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetMarkConnectionAuthenticated + 33                                       fffff807bfc80141 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetMarkConnectionAuthenticated + 40                                       fffff807bfc80148 5 bytes {CALL 0xffffffffb3c29cb8}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetInitializeStatisticsQueues + 75                                        fffff807bfc8023b 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetInitializeStatisticsQueues + 82                                        fffff807bfc80242 5 bytes {CALL 0xffffffffb3c29bbe}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionServerName + 97                                           fffff807bfc80341 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionServerName + 104                                          fffff807bfc80348 5 bytes {CALL 0xffffffffb41a9cc8}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyDereference + 30                                                 fffff807bfc8043e 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoKeyDereference + 37                                                 fffff807bfc80445 5 bytes {CALL 0xffffffffb69e186b}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringW + 91                                       fffff807bfc804cb 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetHostAddressAndPortToStringW + 98                                       fffff807bfc804d2 5 bytes {CALL 0xffffffffb3cf194e}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetOutputLength + 40                                            fffff807bfc80788 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetOutputLength + 47                                            fffff807bfc8078f 5 bytes {CALL 0xffffffffb69e1141}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibUpdateIdleLogic + 127                                                  fffff807bfc8085f 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibUpdateIdleLogic + 134                                                  fffff807bfc80866 5 bytes {CALL 0xffffffffb41ef68a}
.text    ...                                                                                                                 * 55
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetRecommendedSaltSize + 32                                     fffff807bfc80cf0 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashGetRecommendedSaltSize + 39                                     fffff807bfc80cf7 5 bytes {CALL 0xffffffffb3c45389}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetQueueStatistics + 58                                                fffff807bfc80e7a 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetQueueStatistics + 65                                                fffff807bfc80e81 5 bytes {CALL 0xffffffffb3c0fb4f}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsIdle + 15                                                  fffff807bfc80faf 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsIdle + 22                                                  fffff807bfc80fb6 5 bytes {CALL 0xffffffffb3be564a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionInstanceId + 87                                           fffff807bfc81057 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetSetConnectionInstanceId + 94                                           fffff807bfc8105e 5 bytes {CALL 0xffffffffb41a5262}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStartClient + 20                                                       fffff807bfc81164 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStartClient + 27                                                       fffff807bfc8116b 5 bytes {CALL 0xffffffffb3c28c95}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateStatisticsQueuesEx + 13                                        fffff807bfc811ed 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocateStatisticsQueuesEx + 20                                        fffff807bfc811f4 5 bytes {CALL 0xffffffffb3c28c0c}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStopClient + 20                                                        fffff807bfc81254 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetStopClient + 27                                                        fffff807bfc8125b 5 bytes {CALL 0xffffffffb3c28ba5}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsDriverLoaded + 93                                                    fffff807bfc8132d 3 bytes [4C, 8B, 15]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetIsDriverLoaded + 100                                                   fffff807bfc81334 5 bytes JMP fffff80773999140
.text    ...                                                                                                                 * 19
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoIsHashAlgIdValid + 544                                              fffff807bfc81b00 5 bytes JMP fffff807bfcc32e0
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTagPriority + 39                                       fffff807bfc88217 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetAllocatePoolWithTagPriority + 46                                       fffff807bfc8821e 5 bytes {CALL 0xffffffffb3baa102}
.text    ...                                                                                                                 * 5
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisableStatisticsQueue + 15                                            fffff807bfc8830f 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetDisableStatisticsQueue + 22                                            fffff807bfc88316 5 bytes {CALL 0xffffffffb3c21aea}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetQueryRssScalability + 39                                               fffff807bfc883a7 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetQueryRssScalability + 46                                               fffff807bfc883ae 5 bytes {CALL 0xffffffffb3b9f782}
.text    ...                                                                                                                 * 34
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetConnectionWillSign + 109                                               fffff807bfc89a0d 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetConnectionWillSign + 116                                               fffff807bfc89a14 5 bytes {CALL 0xffffffffb3c1b60c}
.text    ...                                                                                                                 * 21
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetReceiveData + 30                                                       fffff807bfc8a47e 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetReceiveData + 37                                                       fffff807bfc8a485 5 bytes {CALL 0xffffffffb3c1f97b}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectFreeBuffer + 6                                          fffff807bfc8ab66 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectFreeBuffer + 13                                         fffff807bfc8ab6d 5 bytes {CALL 0xffffffffb3edf533}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetRdmaNicInfo + 39                                                    fffff807bfc8b337 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvNetGetRdmaNicInfo + 46                                                    fffff807bfc8b33e 5 bytes {CALL 0xffffffffb3c7ab02}
.text    ...                                                                                                                 * 14
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoDecrypt + 188                                                       fffff807bfc8e28c 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoDecrypt + 195                                                       fffff807bfc8e293 5 bytes {CALL 0xffffffffb69dedcd}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashFinish + 10                                                     fffff807bfc8e3da 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashFinish + 17                                                     fffff807bfc8e3e1 5 bytes {CALL 0xffffffffb69d343f}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashUpdate + 10                                                     fffff807bfc8e41a 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCryptoHashUpdate + 17                                                     fffff807bfc8e421 5 bytes {CALL 0xffffffffb69d334f}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCompressionDecompress + 102                                               fffff807bfc8e516 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SmbCompressionDecompress + 109                                               fffff807bfc8e51d 5 bytes {CALL 0xffffffffb3bd0a13}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowClusterPipeAccess + 32                                          fffff807bfc8e5f0 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowClusterPipeAccess + 39                                          fffff807bfc8e5f7 5 bytes {CALL 0xffffffffb3ba8349}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesPipeAllowAnonymous + 40                                          fffff807bfc8e6b8 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesPipeAllowAnonymous + 47                                          fffff807bfc8e6bf 5 bytes {CALL 0xffffffffb3ba8661}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesShareAllowAnonymous + 109                                        fffff807bfc8e7cd 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminDoesShareAllowAnonymous + 116                                        fffff807bfc8e7d4 5 bytes {CALL 0xffffffffb3ba854c}
.text    ...                                                                                                                 * 7
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRemapPipeName + 73                                                   fffff807bfc8e8b9 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminRemapPipeName + 80                                                   fffff807bfc8e8c0 5 bytes {CALL 0xffffffffb3ba8080}
.text    ...                                                                                                                 * 19
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForActivity + 39                                   fffff807bfc8eb27 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForActivity + 46                                   fffff807bfc8eb2e 5 bytes {CALL 0xffffffffb3bd5dc2}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForOpenFiles + 39                                  fffff807bfc8eb67 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminAllowIdlePowerDownForOpenFiles + 46                                  fffff807bfc8eb6e 5 bytes {CALL 0xffffffffb3bd5d82}
.text    ...                                                                                                                 * 47
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForActivity + 42                                 fffff807bfc8efaa 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForActivity + 49                                 fffff807bfc8efb1 5 bytes {CALL 0xffffffffb3bd596f}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForOpenFiles + 42                                fffff807bfc8effa 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminInhibitIdlePowerDownForOpenFiles + 49                                fffff807bfc8f001 5 bytes {CALL 0xffffffffb3bd591f}
.text    ...                                                                                                                 * 8
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminUpdateFileSessionID + 185                                            fffff807bfc8f759 6 bytes {CALL 0x33b47}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvAdminUpdateFileSessionID + 509                                            fffff807bfc8f89d 2 bytes [4C, 8B]
.text    ...                                                                                                                 * 14
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFreeNameList + 18                                                      fffff807bfc92ab2 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibFreeNameList + 25                                                      fffff807bfc92ab9 5 bytes {CALL 0xffffffffb3ba3e87}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibStandardizeIpAddress + 132                                             fffff807bfc92b74 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibStandardizeIpAddress + 139                                             fffff807bfc92b7b 5 bytes {CALL 0xffffffffb3c9b175}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAccess + 176                                                 fffff807bfc92d40 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareAccess + 183                                                 fffff807bfc92d47 5 bytes {CALL 0xffffffffb3baae09}
.text    ...                                                                                                                 * 27
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareModification + 418                                           fffff807bfc93312 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditShareModification + 425                                           fffff807bfc93319 5 bytes {CALL 0xffffffffb3baa837}
.text    ...                                                                                                                 * 26
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSpnCheck + 150                                                    fffff807bfc93756 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibAuditSpnCheck + 157                                                    fffff807bfc9375d 5 bytes {CALL 0xffffffffb3baa3f3}
.text    ...                                                                                                                 * 21
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsNotIdle + 15                                               fffff807bfc93a0f 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibMarkServerAsNotIdle + 22                                               fffff807bfc93a16 5 bytes {CALL 0xffffffffb3bd2bea}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLogError + 176                                                         fffff807bfc93b80 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLogError + 183                                                         fffff807bfc93b87 5 bytes {CALL 0xffffffffb3cde869}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideAllocate + 77                                                 fffff807bfc93ccd 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideAllocate + 84                                                 fffff807bfc93cd4 5 bytes {CALL 0xffffffffb3d30a4c}
.text    ...                                                                                                                 * 6
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideCreatePool + 89                                               fffff807bfc93d99 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideCreatePool + 96                                               fffff807bfc93da0 5 bytes {CALL 0xffffffffb3b9e580}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDestroyPool + 50                                              fffff807bfc93e72 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDestroyPool + 57                                              fffff807bfc93e79 5 bytes {CALL 0xffffffffb3cdea17}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectNonPagedAllocateBuffer + 14                             fffff807bfc93ece 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectNonPagedAllocateBuffer + 21                             fffff807bfc93ed5 5 bytes {CALL 0xffffffffb3b9e44b}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectPagedAllocateBuffer + 13                                fffff807bfc93efd 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideDirectPagedAllocateBuffer + 20                                fffff807bfc93f04 5 bytes {CALL 0xffffffffb3b9e41c}
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFlush + 47                                                    fffff807bfc93f4f 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFlush + 54                                                    fffff807bfc93f56 5 bytes {CALL 0xffffffffb3d3084a}
.text    ...                                                                                                                 * 3
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFree + 79                                                     fffff807bfc93fef 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\srvnet.sys!SrvLibLookasideFree + 86                                                     fffff807bfc93ff6 5 bytes {CALL 0xffffffffb3c72b8a}
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiRegisterProvider + 52                                              fffff807bfde1594 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiRegisterProvider + 59                                              fffff807bfde159b 5 bytes {CALL 0xffffffffb3ac8865}
.text    ...                                                                                                                 * 27
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiDeregisterProvider + 34                                            fffff807bfde18d2 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiDeregisterProvider + 41                                            fffff807bfde18d9 5 bytes {CALL 0xffffffffb3ac8527}
.text    ...                                                                                                                 * 11
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiIndicateStatus + 46                                                fffff807bfde1a4e 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiIndicateStatus + 53                                                fffff807bfde1a55 5 bytes {CALL 0xffffffffb3ac83ab}
.text    ...                                                                                                                 * 15
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiCompleteRequest + 101                                              fffff807bfde1c75 2 bytes [4C, 8B]
.text    C:\Windows\System32\DRIVERS\ndistapi.sys!NdisTapiCompleteRequest + 108                                              fffff807bfde1c7c 5 bytes {CALL 0xffffffffb3ac8184}

---- User code sections - GMER 2.2 ----

?        C:\Windows\SYSTEM32\WININET.dll [13104] entry point in &quot;.rdata&quot; section                                             0000000072d96830
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                                       00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                                     00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                            00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                              00007ffc67d9c550 5 bytes JMP 00007ffc67ef0046
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                              00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                      00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                               00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                    00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                   00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                             00007ffc67d9d8c0 5 bytes JMP 00007ffc67ef001c
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                                    00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                                     00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                                     00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Windows\system32\sihost.exe[17924] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                                     00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
?        C:\Windows\SYSTEM32\WININET.dll [54040] entry point in &quot;.rdata&quot; section                                             0000000072d96830
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!BaseThreadInitThunk            00007ffc676b7bc0 13 bytes {MOV R11, 0x7ffc56473470; JMP R11}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateFileMappingA             00007ffc676bab30 5 bytes JMP 00007ffc00010074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessA                 00007ffc676bb660 5 bytes JMP 00007ffc000101e8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessW                 00007ffc676bbe40 5 bytes JMP 00007ffc0001035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy            00007ffc676bfd50 5 bytes JMP 00007ffc000104d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessInternalA         00007ffc676d5870 5 bytes JMP 00007ffc00010644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!CreateProcessInternalW         00007ffc676d58f0 5 bytes JMP 00007ffc000107b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\KERNEL32.DLL!WinExec                        00007ffc676fe800 5 bytes JMP 00007ffc0001092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\user32.dll!GetWindowInfo                    00007ffc65dcba80 13 bytes {MOV R11, 0x7ffc1d676ae0; JMP R11}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\user32.dll!SendMessageTimeoutW              00007ffc65de2a50 13 bytes {MOV R11, 0x7ffc1d514aa0; JMP R11}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToFileW               00007ffc584fec90 5 bytes JMP 00007ffc000401e8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW          00007ffc5850fbd0 5 bytes JMP 00007ffc0004035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileA          00007ffc58599740 5 bytes JMP 00007ffc000404d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[51008] C:\Windows\System32\urlmon.dll!URLDownloadToFileA               00007ffc585998c0 5 bytes JMP 00007ffc00040644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread            00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx               00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx              00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile             00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile         00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[46352] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread            00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx               00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx              00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile             00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile         00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[25104] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread            00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx               00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx              00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile             00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile         00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[43976] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread            00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx               00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx              00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile             00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile         00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[40660] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread            00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx               00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx              00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile             00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile         00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54788] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                                      00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                                    00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile                           00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                             00007ffc67d9c550 5 bytes JMP 00007ffc67ef0046
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                             00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                     00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                              00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                   00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                  00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess                            00007ffc67d9d8c0 5 bytes JMP 00007ffc67ef001c
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                                   00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                                    00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                               00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                                    00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Windows\system32\AUDIODG.EXE[29020] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                                    00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!LdrAccessResource + 1          00007ffc67d1f401 4 bytes {JMP 0x1f0c0f}
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U              00007ffc67d6f2f0 5 bytes JMP 00007ffc67f0000f
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                      00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                    00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile           00007ffc67d9c530 5 bytes JMP 00007ffc67ef009a
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection             00007ffc67d9c550 5 bytes JMP 00007ffc67ef0046
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess             00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                     00007ffc67d9c6b0 5 bytes JMP 00007ffc67ef0054
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory         00007ffc67d9ca50 5 bytes JMP 00007ffc67f20015
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread              00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                   00007ffc67d9caf0 5 bytes JMP 00007ffc67ef0000
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                  00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess            00007ffc67d9d8c0 5 bytes JMP 00007ffc67ef001c
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                   00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                    00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey               00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                    00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Windows\SysWOW64\hu-HU\S-1-5-15\TiWorker.exe[60160] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                    00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                        00007ffc67d21610 5 bytes JMP 00007ffc0003035c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateHeap                     00007ffc67d48a90 5 bytes JMP 00007ffc000304d0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread            00007ffc67d9c1f0 16 bytes {MOV RAX, 0x7ff6e3bec9a0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey                         00007ffc67d9c290 5 bytes JMP 00007ffc67ef0062
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess           00007ffc67d9c3d0 5 bytes JMP 00007ffc00030644
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey                       00007ffc67d9c3f0 5 bytes JMP 00007ffc67ef000e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken                 00007ffc67d9c4d0 16 bytes {MOV RAX, 0x7ff6e3bec9d0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     00007ffc67d9c510 16 bytes {MOV RAX, 0x7ff6e3becc20; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile              00007ffc67d9c530 16 bytes JMP 00007ffc67ef009a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                00007ffc67d9c550 5 bytes JMP 00007ffc000307b8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                00007ffc67d9c5d0 5 bytes JMP 00007ffc67ef00b6
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx               00007ffc67d9c630 16 bytes {MOV RAX, 0x7ff6e3beca00; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx              00007ffc67d9c650 16 bytes {MOV RAX, 0x7ff6e3becc70; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                        00007ffc67d9c6b0 16 bytes JMP 00007ffc67ef0054
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              00007ffc67d9c790 5 bytes JMP 00007ffc0003092c
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile             00007ffc67d9c7f0 16 bytes {MOV RAX, 0x7ff6e3becb10; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   00007ffc67d9c990 5 bytes JMP 00007ffc00030aa0
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory            00007ffc67d9ca50 5 bytes JMP 00007ffc00030c14
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 00007ffc67d9cab0 5 bytes JMP 00007ffc67ef00c4
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                      00007ffc67d9caf0 16 bytes JMP 00007ffc67ef0000
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                     00007ffc67d9cc40 5 bytes JMP 00007ffc67ef00a8
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                   00007ffc67d9d6e0 5 bytes JMP 00007ffc00030d88
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  00007ffc67d9d7e0 5 bytes JMP 00007ffc00030efc
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess               00007ffc67d9d8c0 5 bytes JMP 00007ffc00040074
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile                      00007ffc67d9da00 5 bytes JMP 00007ffc67ef002a
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey                       00007ffc67d9da20 5 bytes JMP 00007ffc67ef007e
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                  00007ffc67d9da80 5 bytes JMP 00007ffc67ef0038
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx                       00007ffc67d9e3a0 5 bytes JMP 00007ffc67ef0070
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken                00007ffc67d9e4a0 16 bytes {MOV RAX, 0x7ff6e3becc50; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      00007ffc67d9e560 16 bytes {MOV RAX, 0x7ff6e3becbf0; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile         00007ffc67d9e840 16 bytes {MOV RAX, 0x7ff6e3becb30; JMP RAX}
.text    C:\Program Files\Mozilla Firefox\firefox.exe[54772] C:\Windows\SYSTEM32\ntdll.dll!NtRenameKey                       00007ffc67d9edc0 5 bytes JMP 00007ffc67ef008c
?        C:\Windows\System32\iertutil.dll [37072] entry point in &quot;.rdata&quot; section                                            00000000714e89e0

---- User IAT/EAT - GMER 2.2 ----

IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!calloc]                                 [6553657461657243] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!wcsrchr]                                [4565726f6870616d] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_vsnprintf]                             [6548000600005778] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!wcsstr]                                 [656572467061] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_vsnwprintf]                            [73614c746553000d] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!strncmp]                                [726f72724574] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!localtime]                              [7361656c65520026] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_getdrive]                              [6f6870616d655365] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!gmtime]                                 [6547001300006572] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!time]                                   [48656c75646f4d74] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!wcschr]                                 [577845656c646e61] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!qsort]                                  [7469615700360000] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memcmp]                                 [6c676e6953726f46] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memcpy]                                 [7463656a624f65] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memmove]                                [7275437465470011] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!__CxxFrameHandler3]                     [65726854746e6572] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_onexit]                                [23000064496461] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!__dllonexit]                            [4d657361656c6552] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_unlock]                                [9000078657475] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_lock]                                  [654d74616d726f46] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!__C_specific_handler]                   [576567617373] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_initterm]                              [73614c7465470005] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!malloc]                                 [726f72724574] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!free]                                   [74757074754f0007] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_amsg_exit]                             [7274536775626544] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_XcptFilter]                            [37000057676e69] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!swscanf_s]                              [53726f4674696157] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memmove_s]                              [6a624f656c676e69] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_errno]                                 [21007845746365] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_ismbstrail]                            [616d65536e65704f] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!_access]                                [5765726f6870] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memcpy_s]                               [4865736f6c430000] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!mktime]                                 [200656c646e61] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[msvcrt.dll!memset]                                 [6f6c6c4170616548] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PropVariantToVariant]                  [6b4ee] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PSFormatForDisplay]                    [6b4be] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantToPropVariant]                  [8000000000000073] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantCompare]                        [6b4d8] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantToBuffer]                       [800000000000006f] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!VariantToStringArrayAlloc]             [6b8d0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PropVariantGetElementCount]            [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PSCreateSimplePropertyChange]          [6b2d8] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!PSCreatePropertyChangeArray]           [6b210] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!InitVariantFromFileTime]               [6b2ca] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[PROPSYS.dll!InitVariantFromBuffer]                 [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHChangeNotifySuspendResume]           [6b82c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHFileOperationW]                      [6b178] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetIDListFromObject]                 [6b810] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToObject]                        [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetFolderPathEx]                     [6b9be] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!ShellExecuteW]                         [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateItemWithParent]                [6b250] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateDataObject]                    [6b88c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!ShellExecuteExW]                       [6b2a4] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!ExtractIconExW]                        [6b480] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateItemFromIDList]                [6b64a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetSpecialFolderPathW]               [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToParent]                        [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetPathFromIDListW]                  [6b9e6] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToFolderIDListParent]            [6b140] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHBindToFolderIDListParentEx]          [6b26a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!AssocCreateForClasses]                 [6b42a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHAddToRecentDocs]                     [6b9f8] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetSpecialFolderLocation]            [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHParseDisplayName]                    [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!DragQueryFileW]                        [6b906] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateShellItemArrayFromDataObject]  [6b91a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetItemFromDataObject]               [6b1c8] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetNameFromIDList]                   [6b84a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHChangeNotify]                        [6b8f4] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetFileInfoW]                        [6b85e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHCreateItemFromParsingName]           [6b872] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHELL32.dll!SHGetStockIconInfo]                    [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathAppendW]                           [6b6d4] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFindFileNameW]                     [6b394] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathCombineW]                          [6b784] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathStripToRootW]                      [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveFileSpecW]                   [6b7e2] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathStripPathW]                        [6b7fc] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFileExistsW]                       [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrCmpNIW]                             [6bed6] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveBackslashW]                  [6beca] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathAddBackslashW]                     [6beb2] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!SHAutoComplete]                        [6beea] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrTrimW]                              [6b468] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsRelativeW]                       [6b48c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsDirectoryW]                      [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveBlanksW]                     [6b546] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!SHCreateStreamOnFileW]                 [6b556] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathRemoveExtensionW]                  [6bf02] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathCompactPathW]                      [6b1b2] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrChrW]                               [6b188] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrCmpIW]                              [6b318] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsPrefixW]                         [6b156] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrDupW]                               [6b63c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathCanonicalizeW]                     [6b2fc] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathMatchSpecExA]                      [6b27c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsSameRootW]                       [6b23e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFindExtensionA]                    [6b226] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathGetDriveNumberW]                   [6b6b6] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathFindExtensionW]                    [6b330] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathSkipRootW]                         [6b8e6] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!PathIsUNCW]                            [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrRetToBufW]                          [6b5e0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!SHStrDupW]                             [6b60e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[SHLWAPI.dll!StrFormatKBSizeW]                      [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[GDI32.dll!GetStockObject]                          [6be2e00000000] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrlenA]                             [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!FileTimeToDosDateTime]                [5bb400006be5a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!DosDateTimeToFileTime]                [6a908] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpA]                             [6be8800000000] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalReAlloc]                        [6a9200005b980] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!CreateActCtxW]                        [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!ReleaseActCtx]                        [5b9980006bf1e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!ActivateActCtx]                       [6a9a8] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!DeactivateActCtx]                     [6bf4a00000000] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpiA]                            [6ad580005ba20] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpiW]                            [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrlenW]                             [5bdd00006c062] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalHandle]                         [6a710] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!lstrcmpW]                             [6c09c00000000] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalLock]                           [6a7000005b788] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalSize]                           [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[KERNEL32.dll!GlobalUnlock]                         [5b7780006c0c2] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ntdll.dll!RtlIsPartialPlaceholder]                 [6572646441636f72] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ntdll.dll!WinSqmAddToStream]                       [7243000900007373] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ntdll.dll!RtlGetLastNtStatus]                      [6574754d65746165] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!ReleaseStgMedium]                        [6572727543746547] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!CreateBindCtx]                           [7365636f7250746e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!CoAllowSetForegroundWindow]              [6547000000644973] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!OleSetClipboard]                         [737365636f725074] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[ole32.dll!OleGetClipboard]                         [14000070616548] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SendDlgItemMessageW]                    [6b89a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DestroyIcon]                            [6b506] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!ShowCursor]                             [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!LoadCursorW]                            [6b69e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetCursor]                              [6b706] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!EndDialog]                              [6b6e4] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DeleteMenu]                             [6b688] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DispatchMessageW]                       [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!TranslateMessage]                       [6bdce] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!PeekMessageW]                           [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetThreadDpiAwarenessContext]           [6bd82] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetFocus]                               [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!IsDlgButtonChecked]                     [6b3e6] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetWindowTextW]                         [6b3b8] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetDlgItemTextW]                        [6b412] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetDlgItem]                             [6b2ec] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!EnableWindow]                           [6b3d0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!PostMessageW]                           [6b3fc] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SendMessageW]                           [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetWindowLongPtrW]                      [6b9b0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetWindowLongPtrW]                      [6b9a2] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetParent]                              [6b990] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DestroyMenu]                            [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetMenuDefaultItem]                     [6b56c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!OemToCharBuffA]                         [6b456] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharToOemA]                             [6b446] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!RegisterClipboardFormatW]               [6b582] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!InsertMenuW]                            [6b360] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CheckDlgButton]                         [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetDlgItemTextW]                        [6b5d0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetWindowRect]                          [6b92e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetForegroundWindow]                    [6b93c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetAsyncKeyState]                       [6b8b0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!RegisterClassW]                         [6b730] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetForegroundWindow]                    [6b75e] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!TrackPopupMenu]                         [6b746] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DestroyWindow]                          [6b96c] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!LoadMenuW]                              [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!SetWindowTextW]                         [6b028] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetSubMenu]                             [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!RemoveMenu]                             [6af5a] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DialogBoxParamW]                        [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!GetDesktopWindow]                       [6afa6] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!PeekMessageA]                           [6afcc] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!DispatchMessageA]                       [6af86] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharNextA]                              [6af98] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CreateWindowExW]                        [6afdc] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharLowerA]                             [6aff0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharToOemBuffA]                         [6af78] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharUpperBuffA]                         [0] 
IAT      C:\Windows\Explorer.EXE[24616] @ C:\Windows\system32\zipfldr.dll[USER32.dll!CharPrevA]                              [6b038]

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

Reply to "Untitled"