Edit tour

Windows Analysis Report
ntoskrnl.exe

Overview

General Information

Sample Name:	ntoskrnl.exe
Analysis ID:	1325053
MD5:	9ab0549d50a61aae2e4e85987d8f09ce
SHA1:	7fb4e37be58b2a84dc246729ca5f722af06d2cda
SHA256:	519979c376bcc3400d83c790602cfb2de2bc8a031fc1a1d70eaf8d6a508cf155
Errors Corrupt sample or wrongly selected analyzer. Details: The %1 application cannot be run in Win32 mode.

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

PE file contains more sections than normal

Sample file is different than original file name gathered from version info

Program does not show much activity (idle)

Entry point lies outside standard sections

PE file contains sections with non-standard names

Classification

Process Tree

System is w7x64

ntoskrnl.exe (PID: 1660 cmdline: C:\Users\user\Desktop\ntoskrnl.exe MD5: 9AB0549D50A61AAE2E4E85987D8F09CE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: ntoskrnl.exe

Static PE information: certificate valid

Source: ntoskrnl.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source:	Binary string: ntkrnlmp.pdbUGP source: ntoskrnl.exe
Source:	Binary string: ntkrnlmp.pdb source: ntoskrnl.exe

Source: ntoskrnl.exe

String found in binary or memory: https://www.windows.com/stopcodeYour

Source: ntoskrnl.exe

Static PE information: Number of sections : 34 > 10

Source: ntoskrnl.exe, 00000000.00000002.340447558.0000000140A4E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamentkrnlmp.exej% vs ntoskrnl.exe
Source: ntoskrnl.exe, 00000000.00000000.339720903.000000013FA20000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: \SwDevice\CMNotify\Dev\QueryParametersCompanyNameProductNameFileVersionRPC ControlSharedStateInternalName\Dev\NoStateSecure SystemProductVersionLegalCopyrightisolatedWin32-FileDescriptionOriginalFilenameMemory CompressionKernel-ProductInfo\SystemRoot\System32\AppContainerNamedObjectsSecurity-System-Capability-Kernel-ProductInfoLegacyMapping\Registry\Machine\SYSTEM\CurrentControlSet\Control\KernelVelocity vs ntoskrnl.exe
Source: ntoskrnl.exe	Binary or memory string: \SwDevice\CMNotify\Dev\QueryParametersCompanyNameProductNameFileVersionRPC ControlSharedStateInternalName\Dev\NoStateSecure SystemProductVersionLegalCopyrightisolatedWin32-FileDescriptionOriginalFilenameMemory CompressionKernel-ProductInfo\SystemRoot\System32\AppContainerNamedObjectsSecurity-System-Capability-Kernel-ProductInfoLegacyMapping\Registry\Machine\SYSTEM\CurrentControlSet\Control\KernelVelocity vs ntoskrnl.exe
Source: ntoskrnl.exe	Binary or memory string: OriginalFilenamentkrnlmp.exej% vs ntoskrnl.exe

Source: ntoskrnl.exe	String found in binary or memory: If you call a support person, give them this info:We're just collecting some error info, and then we'll restart for you.Your device ran into a problem and needs to restart.Stop Code:For more information about this issue and possible fixes, visit 1What failed:You can restart.%1% completeWe're just collecting some error info, and then you can restart.We'll restart for you. It is now safe to power off the system.Please release the power button.We just need a few more seconds to shut down.https://www.windows.com/stopcodeYour Windows Insider Build ran into a problem and needs to restart.
Source: ntoskrnl.exe	String found in binary or memory: If you call a support person, give them this info:We're just collecting some error info, and then we'll restart for you.Your device ran into a problem and needs to restart.Stop Code:For more information about this issue and possible fixes, visit 1What failed:You can restart.%1% completeWe're just collecting some error info, and then you can restart.We'll restart for you. It is now safe to power off the system.Please release the power button.We just need a few more seconds to shut down.https://www.windows.com/stopcodeYour Windows Insider Build ran into a problem and needs to restart.

Source: ntoskrnl.exe	Binary string: \Device\Unknownnt!store memory compression
Source: ntoskrnl.exe	Binary string: \Device\FileInfo
Source: ntoskrnl.exe	Binary string: \Device\Harddisk%d\Partition0
Source: ntoskrnl.exe	Binary string: \\Device\Ramdisk%wZ
Source: ntoskrnl.exe	Binary string: \Device\HarddiskVolume
Source: ntoskrnl.exe	Binary string: \Device\Mup
Source: ntoskrnl.exe	Binary string: \Device\PhysicalMemory
Source: ntoskrnl.exe	Binary string: @\Device\NamedPipe
Source: ntoskrnl.exe	Binary string: \Registry\Machine\SYSTEM\CurrentControlSet\Control\WindowsFullProcessInformationSID\Device\UwfvolControl
Source: ntoskrnl.exe	Binary string: \Device\WMIDataDevice
Source: ntoskrnl.exe	Binary string: \SystemRoot\ntbtlog.txt\Device\%08lx
Source: ntoskrnl.exe	Binary string: )Microsoft Root Certificate Authority 2011\Device\VMBus\{4d12e519-17a0-4ae4-8eaa-5270fc6abdb7}-{dcc079ae-60ba-4d07-847c-3493609c0870}-0000\Device\LanmanRedirector\Device\vmsmb\Silos
Source: ntoskrnl.exe	Binary string: \Device\Harddisk%lu\Partition%lu
Source: ntoskrnl.exe	Binary string: \Device\cimfs\%wZ
Source: ntoskrnl.exe	Binary string: \Device\%s\Partition%lu\DeviceHarddisk
Source: ntoskrnl.exe	Binary string: \Device\RamdiskRDIMAGELENGTH
Source: ntoskrnl.exe	Binary string: \Device\RdyBoost
Source: ntoskrnl.exe	Binary string: \Device\CdRom%d\Device\Harddisk%d\Partition0
Source: ntoskrnl.exe	Binary string: \Device\CdRom%d\ArcName\%s
Source: ntoskrnl.exe	Binary string: \Device\RawTapelpacAppExperience
Source: ntoskrnl.exe	Binary string: \Device\DeviceApi
Source: ntoskrnl.exe	Binary string: \Device\Harddisk%u\Partition%u
Source: ntoskrnl.exe	Binary string: \Device\Harddisk%lu\Partition0
Source: ntoskrnl.exe	Binary string: \\Device\HarddiskVolume%lu
Source: ntoskrnl.exe	Binary string: \Device\Device\BootDevice
Source: ntoskrnl.exe	Binary string: \Device\VolumesSafeForWriteAccess
Source: ntoskrnl.exe	Binary string: \KernelObjects\MemoryPartition0\Device\RawDisk\Device\RawCdRom
Source: ntoskrnl.exe	Binary string: \Device\OSDataDevice
Source: ntoskrnl.exe	Binary string: \Device\Ramdisk%wZ
Source: ntoskrnl.exe	Binary string: \Device\Harddisk%d\Partition%d
Source: ntoskrnl.exe	Binary string: \Device\CdRom%d
Source: ntoskrnl.exe	Binary string: \Device\ahcache\Device\VRegDriver
Source: ntoskrnl.exe	Binary string: \Device\MountPointManager
Source: ntoskrnl.exe	Binary string: EnableDynamicLowMemoryThreshold\Device\WindowsTrustedRT\{699AA2F1-A42E-40DF-BABE-3AAAD2BB6A47}\Device\SysEnv

Source: classification engine

Classification label: unknown1.winEXE@1/0@0/0

Source: ntoskrnl.exe

Static file information: File size 12092800 > 1048576

Source: ntoskrnl.exe

Static PE information: More than 3256 > 100 exports found

Source: initial sample

Static PE information: Valid certificate with Microsoft Issuer

Source: ntoskrnl.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: ntoskrnl.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: ntoskrnl.exe

Static PE information: certificate valid

Source: ntoskrnl.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x47d000
Source: ntoskrnl.exe	Static PE information: Raw size of PAGE is bigger than: 0x100000 < 0x40b000

Source: ntoskrnl.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ntoskrnl.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ntoskrnl.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ntoskrnl.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ntoskrnl.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ntoskrnl.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: ntoskrnl.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source: ntoskrnl.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: ntkrnlmp.pdbUGP source: ntoskrnl.exe
Source:	Binary string: ntkrnlmp.pdb source: ntoskrnl.exe

Source: initial sample

Static PE information: section where entry point is pointing to: PAGELK

Source: ntoskrnl.exe	Static PE information: section name: PROTDATA
Source: ntoskrnl.exe	Static PE information: section name: GFIDS
Source: ntoskrnl.exe	Static PE information: section name: Pad1
Source: ntoskrnl.exe	Static PE information: section name: PAGELK
Source: ntoskrnl.exe	Static PE information: section name: POOLCODE
Source: ntoskrnl.exe	Static PE information: section name: PAGEKD
Source: ntoskrnl.exe	Static PE information: section name: PAGEVRFY
Source: ntoskrnl.exe	Static PE information: section name: PAGEHDLS
Source: ntoskrnl.exe	Static PE information: section name: PAGEBGFX
Source: ntoskrnl.exe	Static PE information: section name: TRACESUP
Source: ntoskrnl.exe	Static PE information: section name: PAGECMRC
Source: ntoskrnl.exe	Static PE information: section name: KVASCODE
Source: ntoskrnl.exe	Static PE information: section name: RETPOL
Source: ntoskrnl.exe	Static PE information: section name: INITKDBG
Source: ntoskrnl.exe	Static PE information: section name: MINIEX
Source: ntoskrnl.exe	Static PE information: section name: Pad2
Source: ntoskrnl.exe	Static PE information: section name: ALMOSTRO
Source: ntoskrnl.exe	Static PE information: section name: CACHEALI
Source: ntoskrnl.exe	Static PE information: section name: PAGEDATA
Source: ntoskrnl.exe	Static PE information: section name: PAGEVRFD
Source: ntoskrnl.exe	Static PE information: section name: INITDATA
Source: ntoskrnl.exe	Static PE information: section name: Pad3
Source: ntoskrnl.exe	Static PE information: section name: CFGRO
Source: ntoskrnl.exe	Static PE information: section name: Pad4

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: ntoskrnl.exe	Binary or memory string: AVMWAREEtw5
Source: ntoskrnl.exe	Binary or memory string: AVMWARE

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Command and Scripting Interpreter	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.windows.com/stopcodeYour	ntoskrnl.exe	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1325053
Start date and time:	2023-10-13 03:28:31 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	ntoskrnl.exe
Detection:	UNKNOWN
Classification:	unknown1.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Unable to launch sample, stop analysis

Errors

Corrupt sample or wrongly selected analyzer. Details: The %1 application cannot be run in Win32 mode.

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 8.250.163.254, 8.253.129.113, 8.250.169.254, 8.250.177.254, 8.249.55.254, 209.197.3.8
Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32+ executable (native) x86-64, for MS Windows
Entropy (8bit):	6.514197846890028
TrID:	Win64 Device Driver (generic) (12004/3) 43.57% OS/2 Executable (generic) (11537/16) 41.87% Generic Win/DOS Executable (2004/3) 7.27% DOS Executable Generic (2002/1) 7.27% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.03%
File name:	ntoskrnl.exe
File size:	12'092'800 bytes
MD5:	9ab0549d50a61aae2e4e85987d8f09ce
SHA1:	7fb4e37be58b2a84dc246729ca5f722af06d2cda
SHA256:	519979c376bcc3400d83c790602cfb2de2bc8a031fc1a1d70eaf8d6a508cf155
SHA512:	2195bbe6ce48cc0943a4980d69b4bcae44ef5c0bced1d399db3d0ab8a159612b9c885a1e85d4dac166ff4b03c074aca47d67e118d3a175e0c85b6b2ff24f96d7
SSDEEP:	196608:+yGx8xruHKQYQUL7n2+j6rBizpU83Srr5x1xyxfC5:Ux8xgU7n2+jKPTyA5
TLSH:	7AC69E62E3E951E4D6BBC179C656861BEBF1B81513305BCF11A08A5A1F33BE16B3D302
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...............................................G.......G...........M.....p............................................................

File Icon


Icon Hash:	aaf3e3e3918382a0

Static PE Info

General

Entrypoint:	0x140a88010
Entrypoint Section:	PAGELK
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	native
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Time Stamp:	0x37351BFE [Sun May 9 05:24:14 1999 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	d0c837d6735a7d6b2623d0b0d818e0b8

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	2/2/2023 4:05:41 PM 1/31/2024 4:05:41 PM
Subject Chain	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:	3
Thumbprint MD5:	8BA9D783638C7A19E193C5B6A251F742
Thumbprint SHA-1:	58FD671E2D4D200CE92D6E799EC70DF96E6D2664
Thumbprint SHA-256:	1721693D3E23C7ABF800AE7B86654ED86DCEAB48C530A57C00D24EF23FF7407E
Serial:	330000041331BC198807A90774000000000413

Entrypoint Preview

Instruction
dec eax
sub esp, 38h
dec esp
mov dword ptr [esp+30h], edi
dec esp
mov edi, esp
dec eax
mov dword ptr [00295A35h], ecx
mov ecx, FFFFFFFFh
dec eax
mov edx, dword ptr [00295A29h]
dec esp
mov edx, dword ptr [edx+00000088h]
inc ecx
cmp dword ptr [edx+24h], 00000000h
jne 00007F06804CC987h
call 00007F06804F6983h
dec eax
mov ecx, dword ptr [00295A0Fh]
dec eax
mov edx, dword ptr [ecx+00000088h]
dec esp
mov edx, edx
dec eax
sub edx, 00000180h
dec eax
mov dword ptr [edx+18h], edx
dec esp
mov dword ptr [edx+20h], edx
inc ecx
mov eax, cr0
dec esp
mov dword ptr [edx+00000280h], eax
inc ecx
mov eax, cr2
dec esp
mov dword ptr [edx+00000288h], eax
inc ecx
mov eax, cr3
dec esp
mov dword ptr [edx+00000290h], eax
inc ecx
mov eax, cr4
dec esp
mov dword ptr [edx+00000298h], eax
sgdt fword ptr [edx+000002D6h]
dec esp
mov eax, dword ptr [edx+000002D8h]
dec esp
mov dword ptr [edx], eax
sidt fword ptr [edx+000002E6h]
dec esp
mov ecx, dword ptr [edx+000002E8h]
dec esp
mov dword ptr [edx+38h], ecx
str word ptr [edx+000002F0h]
sldt word ptr [edx+000002F2h]
mov dword ptr [edx+00000180h], 00001F80h
ldmxcsr dword ptr [edx+00000180h]
inc ecx
cmp dword ptr [edx+24h], 00000000h
jne 00007F06804CC98Bh

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x148000	0x1a662	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x145678	0x190	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1000000	0x3bef0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xd2000	0x72204	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0xb86000	0x2580	INIT
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x103c000	0x59cc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x15870	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x6230	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x145000	0x648	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.rdata	0x1000	0xd01b0	0xd1000	False	0.4160144568630383	Targa image data - RGB - RLE 1 x 65536 x 8 +32336 +16519 ""	5.912077794271982	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
.pdata	0xd2000	0x72204	0x73000	False	0.5167841372282609	data	6.525442531490713	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
.idata	0x145000	0x21ec	0x3000	False	0.223876953125	data	3.7094861816298264	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
.edata	0x148000	0x1a662	0x1b000	False	0.3699273003472222	data	5.974751793449492	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
PROTDATA	0x163000	0x1	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
GFIDS	0x164000	0xa1ac	0xb000	False	0.4186345880681818	data	5.133044845280196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
Pad1	0x16f000	0x91000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.text	0x200000	0x47c6ad	0x47d000	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGE	0x67d000	0x40a52e	0x40b000	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGELK	0xa88000	0x26f14	0x27000	False	0.6187650240384616	data	6.544126606005152	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
POOLCODE	0xaaf000	0x10c9	0x2000	False	0.368408203125	data	4.054811726645037	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGEKD	0xab1000	0x5ef8	0x6000	False	0.6277262369791666	data	6.491978032068894	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGEVRFY	0xab7000	0x327fb	0x33000	False	0.4615933287377451	GTA audio index data (SDT)	6.378776394854519	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGEHDLS	0xaea000	0x2703	0x3000	False	0.4554036458333333	data	5.485591349857722	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGEBGFX	0xaed000	0x6afd	0x7000	False	0.5697195870535714	data	6.371166395036924	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
TRACESUP	0xaf4000	0x1903	0x2000	False	0.478515625	data	5.481195045946051	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
PAGECMRC	0xaf6000	0xf77	0x1000	False	0.634033203125	data	6.169861400433646	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
KVASCODE	0xaf7000	0x242a	0x3000	False	0.18351236979166666	data	4.6254812455642655	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
RETPOL	0xafa000	0x8c0	0x1000	False	0.165283203125	data	3.366634209041384	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
INITKDBG	0xafb000	0x19982	0x1a000	False	0.45150052584134615	data	6.2549293586754535	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
MINIEX	0xb15000	0x25ae	0x3000	False	0.251953125	data	5.101845815901387	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
INIT	0xb18000	0x95ccc	0x96000	False	0.5132535807291667	data	6.384058513400966	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Pad2	0xbae000	0x52000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xc00000	0x11bfd0	0xe000	False	0.14362444196428573	data	1.78133618942209	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ALMOSTRO	0xd1c000	0x2b970	0x2000	False	0.2301025390625	data	2.3530710499638707	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
CACHEALI	0xd48000	0x8fc0	0x1000	False	0.010986328125	data	0.026252510236084957	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
PAGEDATA	0xd51000	0x13b20	0x3000	False	0.10465494791666667	Windows Precompiled iNF, version 1.0, InfStyle 1, at 0 "", WinDirPath "", LanguageID 0, at 0x3	1.324276214587048	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
PAGEVRFD	0xd65000	0x19650	0xa000	False	0.1708984375	data	2.644485753915372	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
INITDATA	0xd7f000	0x1c5b4	0x1000	False	0.135009765625	data	1.3813629983287186	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Pad3	0xd9c000	0x64000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
CFGRO	0xe00000	0x2030	0x3000	False	0.013102213541666666	data	0.12238358425161193	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Pad4	0xe03000	0x1fd000	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1000000	0x3bef0	0x3c000	False	0.16601969401041666	data	2.2916456584490446	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.reloc	0x103c000	0xa58c	0xb000	False	0.4164373224431818	data	5.645705404031137	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_BITMAP	0x1000278	0x2586a	Device independent bitmap graphic, 640 x 480 x 4, image size 153602, resolution 2834 x 2834 px/m	English	United States	0.004430536218495049
RT_BITMAP	0x1025ae4	0x22a	Device independent bitmap graphic, 278 x 15 x 4, 2 compression, image size 450, resolution 2834 x 2834 px/m	English	United States	0.5848375451263538
RT_BITMAP	0x1025d10	0x50e	Device independent bitmap graphic, 213 x 11 x 4, image size 1190, resolution 2834 x 2834 px/m	English	United States	0.41653786707882534
RT_BITMAP	0x1026220	0xd6	Device independent bitmap graphic, 22 x 9 x 4, image size 110, resolution 2834 x 2834 px/m	English	United States	0.19158878504672897
RT_BITMAP	0x10262f8	0x3e6e	Device independent bitmap graphic, 215 x 147 x 4, image size 15878, resolution 2834 x 2834 px/m	English	United States	0.008134150919784758
RT_BITMAP	0x102a168	0x4528	Device independent bitmap graphic, 640 x 55 x 4, image size 17600, resolution 2834 x 2834 px/m	English	United States	0.008303208314505197
RT_BITMAP	0x102e690	0x42a	Device independent bitmap graphic, 640 x 3 x 4, image size 962, resolution 2834 x 2834 px/m	English	United States	0.0947467166979362
RT_RCDATA	0x102eabc	0x889a	data			0.9086359736917358
RT_MESSAGETABLE	0x1037358	0x47fc	data	English	United States	0.32222704579986977
RT_VERSION	0x103bb54	0x39c	OpenPGP Public Key	English	United States	0.4556277056277056

Imports

DLL	Import
ext-ms-win-ntos-processparameters-l1-1-0.dll	PsDestroyProcessParameterOverrides, PsGetProcessParameterOverrides
ext-ms-win-ntos-tm-l1-1-0.dll	TmIsKTMCommitCoordinator, TmInitializeTransactionManager, TmGetTransactionId, TmFreezeTransactions, TmEndPropagationRequest, TmEnableCallbacks, TmDereferenceEnlistmentKey, TmCurrentTransaction, TmCreateEnlistment, TmCommitTransaction, TmCommitEnlistment, TmCommitComplete, TmCancelPropagationRequest, NtThawTransactions, NtSetInformationTransaction, NtSetInformationResourceManager, NtSetInformationEnlistment, NtRollbackTransaction, NtRollbackEnlistment, NtRollbackComplete, NtRecoverTransactionManager, NtRecoverResourceManager, NtRecoverEnlistment, NtRegisterProtocolAddressInformation, TmIsTransactionActive, TmInitSystemPhase2, TmInitSystem, NtCommitComplete, NtCommitEnlistment, TmPrePrepareComplete, TmRecoverEnlistment, TmRecoverResourceManager, TmRecoverTransactionManager, TmReferenceEnlistmentKey, TmRenameTransactionManager, TmRequestOutcomeEnlistment, TmRollbackComplete, TmRollbackEnlistment, TmRollbackTransaction, TmSetCurrentTransaction, TmSinglePhaseReject, NtCommitTransaction, TmShutdownSystem, NtRollforwardTransactionManager, NtSinglePhaseReject, NtCreateEnlistment, NtCreateResourceManager, NtSetInformationTransactionManager, NtRenameTransactionManager, NtCreateTransaction, TmThawTransactions, NtCreateTransactionManager, NtEnumerateTransactionObject, NtFreezeTransactions, NtGetNotificationResourceManager, NtOpenEnlistment, NtOpenResourceManager, NtOpenTransaction, NtOpenTransactionManager, NtPrePrepareComplete, TmPrePrepareEnlistment, TmPrepareComplete, TmPrepareEnlistment, TmPropagationComplete, TmReadOnlyEnlistment, TmPropagationFailed, NtReadOnlyEnlistment, NtQueryInformationTransactionManager, NtQueryInformationTransaction, NtQueryInformationResourceManager, NtQueryInformationEnlistment, NtPropagationFailed, NtPropagationComplete, NtPrepareEnlistment, NtPrepareComplete, NtPrePrepareEnlistment
PSHED.dll	PshedGetBootErrorPacket, PshedInitialize, PshedGetAllErrorSources, PshedAttemptErrorRecovery, PshedWriteErrorRecord, PshedBugCheckSystem, PshedFreeMemory, PshedDoPluginCtl, PshedAllocateMemory, PshedDoPfa, PshedEnableErrorSource, PshedGetInjectionCapabilities, PshedInjectError, PshedSetErrorSourceInfo, PshedSetHalEnlightenments, PshedMarkHiberPhase, PshedInitProc, PshedIsSystemWheaEnabled, PshedClearErrorRecord, PshedArePluginsPresent, PshedReadErrorRecord, PshedInitGlobal, PshedDisableErrorSource, PshedInitAvailable, PshedGetErrorSourceInfo, PshedFinalizeErrorRecord, PshedRetrieveErrorInfo
BOOTVID.dll	VidInitialize, VidBitBltEx, VidDisplayString, VidSetScrollRegion, VidSetTextColor, VidCleanUp, VidBitBlt, VidScreenToBufferBlt, VidBufferToScreenBlt, VidSolidColorFill, VidResetDisplay
ext-ms-win-ntos-clipsp-l1-1-0.dll	ClipSpInitialize
kdcom.dll	KdSetHiberRange, KdInitialize, KdSendPacket, KdReceivePacket, KdPower
ext-ms-win-ntos-kcminitcfg-l1-1-0.dll	CmCompleteInitMachineConfig, CmSetInitMachineConfig
ext-ms-win-ntos-ksr-l1-1-4.dll	KsrCleanupPageDatabase, KsrInitPageDatabase, KsrFreePersistedMemory, KsrInitSystem, KsrMdlToMemoryRuns, KsrFreePersistedMemoryBlock, KsrQueryMetadata, KsrEnumeratePersistedMemory, KsrGetFirmwareInformation, KsrClaimPersistedMemory, KsrPersistMemoryWithMetadata
ext-ms-win-ntos-trace-l1-1-0.dll	TraceInitSystem
ext-ms-win-ntos-ksecurity-l1-1-1.dll	QueryUpdateFileEaAllowedExt
ext-ms-win-ntos-werkernel-l1-1-1.dll	WerLiveKernelCancelReport, WerLiveKernelSubmitReport, WerLiveKernelInitSystem, WerLiveKernelCreateReport, WerLiveKernelCloseHandle, WerLiveKernelOpenDumpFile
ext-ms-win-ntos-ucode-l1-1-0.dll	ExpMicrocodeInformationLoad, ExpMicrocodeInformationUnload, ExpMicrocodeInitialization
ext-ms-win-ntos-runlevels-l1-1-0.dll	ExpInitializeRunLevel0
ext-ms-win-ntos-stateseparation-l1-1-0.dll	ExpInitializeStateSeparationPhase1, ExpInitializeStateSeparationPhase0, ExpInitializeStateSeparationPhase2
ext-ms-win-fs-clfs-l1-1-0.dll	ClfsMgmtInstallPolicy, ClfsCloseLogFileObject, ClfsMgmtDeregisterManagedClient, ClfsMgmtRegisterManagedClient, ClfsCreateLogFile, ClfsGetLogFileInformation, ClfsReadRestartArea, ClfsLsnEqual, ClfsReadLogRecord, ClfsReadNextLogRecord, ClfsTerminateReadLog, ClfsWriteRestartArea, ClfsDeleteLogByPointer, ClfsDeleteMarshallingArea, ClfsReserveAndAppendLog, ClfsLsnInvalid, ClfsFlushToLsn, ClfsLsnContainer, ClfsLsnLess, ClfsCreateMarshallingArea, ClfsAddLogContainer, ClfsLsnDifference
CI.dll	CiInitialize
msrpc.sys	MesIncrementalHandleReset, NdrMesTypeDecode3, MesEncodeIncrementalHandleCreate, NdrMesTypeEncode3, MesDecodeBufferHandleCreate, MesHandleFree, RpcExceptionFilter
cng.sys	BCryptExportKey
ext-ms-win-ntos-globmerger-l1-1-0.dll	CimfsMountBootVolume

Exports

Name	Ordinal	Address
AlpcCreateSecurityContext	8	0x140978f20
AlpcGetHeaderSize	10	0x1402b6320
AlpcGetMessageAttribute	11	0x1402b6280
AlpcInitializeMessageAttribute	18	0x1402b62c0
AsanWrapperMemcmp	26	0x1405627f0
BgkDisplayCharacter	40	0x140af1f80
BgkGetConsoleState	41	0x140af2050
BgkGetCursorState	42	0x140af20a0
BgkSetCursor	43	0x140af2130
CarCopyRuleViolationDetails	44	0x1405d1aa0
CarCreateRuleViolationDetails	45	0x1405d1ce0
CarDeleteRuleViolationDetails	46	0x1405d1e30
CarDeregisterRuleClassConfiguration	47	0x1405d1e90
CarDeregisterRuleOverride	48	0x1405d1f30
CarInitializeRuleViolationDetails	49	0x1405d2070
CarQueryReportAction	50	0x1405d2240
CarQueryReportActionForTriage	51	0x1405d2270
CarRegisterDefaultRuleClassConfiguration	52	0x1405d2350
CarRegisterRuleClassConfiguration	53	0x1405d23b0
CarRegisterRuleOverride	54	0x1405d2480
CarRegisterRuleOverrideAllContexts	55	0x1405d2570
CarRegisterRuleOverridesAllContexts	56	0x1405d2640
CarReportRuleViolation	57	0x1405d2690
CarReportRuleViolationForTriage	58	0x1405d26d0
CarSetCustomIdInRuleOverride	59	0x1405d2920
CarSetCustomRuleIdRange	60	0x1405d2970
CcAddDirtyPagesToExternalCache	61	0x1403c8700
CcAsyncCopyRead	62	0x14020e0a0
CcCanIWrite	63	0x140259150
CcCoherencyFlushAndPurgeCache	64	0x14025e500
CcCopyRead	65	0x1407a2960
CcCopyReadEx	66	0x140339510
CcCopyWrite	67	0x1403a2e00
CcCopyWriteEx	68	0x1402324d0
CcCopyWriteWontFlush	69	0x140298dd0
CcDeductDirtyPagesFromExternalCache	70	0x1403c8590
CcDeferWrite	71	0x140534930
CcErrorCallbackRoutine	72	0x140534bc0
CcFastCopyRead	73	0x140937350
CcFastCopyWrite	74	0x140534be0
CcFastMdlReadWait	75	0x140c5f6ac
CcFlushCache	76	0x1402e3030
CcFlushCacheToLsn	77	0x1403cd3d0
CcGetCachedDirtyPageCountForFile	78	0x140534e40
CcGetDirtyPages	79	0x140208290
CcGetFileObjectFromBcb	80	0x140532c60
CcGetFileObjectFromSectionPtrs	81	0x140532c80
CcGetFileObjectFromSectionPtrsRef	82	0x140532d50
CcGetFlushedValidData	83	0x14025f790
CcGetLsnForFileObject	84	0x140534e60
CcGetNumberOfMappedPages	85	0x1403cf4a0
CcInitializeCacheMap	86	0x1402f4ec0
CcInitializeCacheMapEx	87	0x140532e20
CcInitializeCacheMapEx2	88	0x1402df900
CcIsCacheManagerCallbackNeeded	89	0x1402c77e0
CcIsThereDirtyData	90	0x1403a6440
CcIsThereDirtyDataEx	91	0x140534f20
CcIsThereDirtyLoggedPages	92	0x1402103e0
CcMapData	93	0x1407d7270
CcMdlRead	94	0x1406f6b40
CcMdlReadComplete	95	0x140799cb0
CcMdlWriteAbort	96	0x140535ea0
CcMdlWriteComplete	97	0x1407a4010
CcPinMappedData	98	0x1407d70b0
CcPinRead	99	0x1407d6b20
CcPrepareMdlWrite	100	0x1402f3690
CcPreparePinWrite	101	0x1406985b0
CcPurgeCacheSection	102	0x14025f510
CcRegisterExternalCache	103	0x1403cf9e0
CcRemapBcb	104	0x1402bcd40
CcRepinBcb	105	0x1403a2e30
CcScheduleReadAhead	106	0x140534dd0
CcScheduleReadAheadEx	107	0x14028af60
CcSetAdditionalCacheAttributes	108	0x1402dbea0
CcSetAdditionalCacheAttributesEx	109	0x1402dbd90
CcSetBcbOwnerPointer	110	0x1409373e0
CcSetDirtyPageThreshold	111	0x140532e50
CcSetDirtyPinnedData	112	0x14026a390
CcSetFileSizes	113	0x140260af0
CcSetFileSizesEx	114	0x14025fce0
CcSetLogHandleForFile	115	0x140535070
CcSetLogHandleForFileEx	116	0x1402df5f0
CcSetLoggedDataThreshold	117	0x1403bf510
CcSetParallelFlushFile	118	0x1402d4c50
CcSetReadAheadGranularity	119	0x1402e1f50
CcSetReadAheadGranularityEx	120	0x140534df0
CcTestControl	121	0x1403b0400
CcUninitializeCacheMap	122	0x140211b20
CcUnmapFileOffsetFromSystemCache	123	0x1403bcb60
CcUnpinData	124	0x1407d6aa0
CcUnpinDataForThread	125	0x140937440
CcUnpinRepinnedBcb	126	0x14038e330
CcUnregisterExternalCache	127	0x1405348a0
CcWaitForCurrentLazyWriterActivity	128	0x1403cfc70
CcZeroData	129	0x1402e1fa0
CcZeroDataOnDisk	130	0x1403ba250
CmCallbackGetKeyObjectID	131	0x14089e5e0
CmCallbackGetKeyObjectIDEx	132	0x1406b4df0
CmCallbackReleaseKeyObjectIDEx	133	0x1406bc940
CmGetBoundTransaction	134	0x14079eec0
CmGetCallbackVersion	135	0x140a0f6e0
CmKeyObjectType	136	0x140d1da38
CmRegisterCallback	137	0x140843d70
CmRegisterCallbackEx	138	0x140843cd0
CmRegisterMachineHiveLoadedNotification	139	0x140800a40
CmSetCallbackObjectContext	140	0x14075c9e0
CmUnRegisterCallback	141	0x140a0f700
CmUnregisterMachineHiveLoadedNotification	142	0x140a0fb00
DbgBreakPoint	143	0x14041c630
DbgBreakPointWithStatus	144	0x14041c650
DbgCommandString	145	0x1405a59c0
DbgLoadImageSymbols	146	0x1402cdd40
DbgPrint	147	0x1402b7f40
DbgPrintEx	148	0x1402b7f90
DbgPrintReturnControlC	149	0x1405a5a60
DbgPrompt	150	0x1405a5ab0
DbgQueryDebugFilterState	151	0x1405a5b00
DbgSetDebugFilterState	152	0x14038ddc0
DbgSetDebugPrintCallback	153	0x1405a5b20
DbgkLkmdRegisterCallback	154	0x140837610
DbgkLkmdUnregisterCallback	155	0x14093b4c0
DbgkWerCaptureLiveKernelDump	156	0x1408751b0
DbgkWerCaptureLiveKernelDump2	157	0x140875230
DifFindThreadContextData	158	0x1405d29b0
DifGetPluginPerDriverData	159	0x1405d2d60
DifPluginSimplePerfControl	160	0x1405d2db0
DifPopThreadContextData	161	0x1405d2a10
DifPushThreadContextData	162	0x1405d2b00
DifRegisterPlugin	163	0x1405d3380
DifUtilDbgPrint	164	0x1405d2e50
EmClientQueryRuleState	165	0x140a88fc0
EmClientRuleDeregisterNotification	166	0x14093cb90
EmClientRuleEvaluate	167	0x140a890b0
EmClientRuleRegisterNotification	168	0x14093cc70
EmProviderDeregister	169	0x14093cee0
EmProviderDeregisterEntry	170	0x14093d090
EmProviderRegister	171	0x1408194b0
EmProviderRegisterEntry	172	0x14093d0f0
EmpProviderRegister	173	0x140819520
EtwActivityIdControl	174	0x140285550
EtwEnableTrace	175	0x1408245a0
EtwEventEnabled	176	0x14030b9e0
EtwProviderEnabled	177	0x140272890
EtwRegister	178	0x140797e20
EtwRegisterClassicProvider	179	0x14079f8a0
EtwSendTraceBuffer	180	0x1405fd510
EtwSetInformation	181	0x1407916e0
EtwTelemetryCoverageReport	182	0x1402efd60
EtwUnregister	183	0x14077ca70
EtwWrite	184	0x14030ad10
EtwWriteEndScenario	185	0x1408387c0
EtwWriteEx	186	0x14030b7a0
EtwWriteStartScenario	187	0x14084fdc0
EtwWriteString	188	0x1405fd1b0
EtwWriteTransfer	189	0x1402db9a0
EtwpDisableStackWalkApc	190	0x1402f7ed0
EtwpReenableStackWalkApc	191	0x1402f7f90
ExAcquireAutoExpandPushLockExclusive	192	0x14026bf20
ExAcquireAutoExpandPushLockShared	193	0x140327110
ExAcquireCacheAwarePushLockExclusive	194	0x140303d40
ExAcquireCacheAwarePushLockExclusiveEx	195	0x1404093e0
ExAcquireCacheAwarePushLockSharedEx	196	0x140327490
ExAcquireFastMutex	197	0x140327d00
ExAcquireFastMutexUnsafe	198	0x140280690
ExAcquireFastResourceExclusive	199	0x1403c2960
ExAcquireFastResourceShared	200	0x1403c1d20
ExAcquireFastResourceSharedStarveExclusive	201	0x1403c2480
ExAcquireFastResourceWithFlags	202	0x1404094f0
ExAcquirePushLockExclusiveEx	203	0x140327880
ExAcquirePushLockSharedEx	204	0x1403275e0
ExAcquireResourceExclusiveLite	205	0x14031e140
ExAcquireResourceSharedLite	206	0x1403226c0
ExAcquireRundownProtection	207	0x1402b2790
ExAcquireRundownProtectionCacheAware	208	0x1402b2740
ExAcquireRundownProtectionCacheAwareEx	209	0x1402adc90
ExAcquireRundownProtectionEx	210	0x1402a9370
ExAcquireSharedStarveExclusive	211	0x1402d4550
ExAcquireSharedWaitForExclusive	212	0x1403c14f0
ExAcquireSpinLockExclusive	213	0x14024bf90
ExAcquireSpinLockExclusiveAtDpcLevel	214	0x140218590
ExAcquireSpinLockShared	215	0x14020c2b0
ExAcquireSpinLockSharedAtDpcLevel	216	0x140332520
ExActivationObjectType	217	0x140d1ddf8
ExAllocateAutoExpandPushLock	218	0x1403c8530
ExAllocateCacheAwarePushLock	219	0x1403a1f70
ExAllocateCacheAwareRundownProtection	220	0x14075e3b0
ExAllocateFromLookasideListEx	221	0x1403122b0
ExAllocateFromNPagedLookasideList	222	0x1402712d0
ExAllocateFromPagedLookasideList	223	0x1402712d0
ExAllocatePool	224	0x1402ad530
ExAllocatePool2	225	0x140aaf2d0
ExAllocatePool3	226	0x140aaf050
ExAllocatePoolWithQuota	227	0x140604fa0
ExAllocatePoolWithQuotaTag	228	0x140284580
ExAllocatePoolWithTag	229	0x140aaf890
ExAllocatePoolWithTagPriority	230	0x1402dc560
ExAllocateTimer	231	0x1402a1290
ExBlockOnAddressPushLock	232	0x14029d730
ExBlockPushLock	233	0x14029d7f0
ExCancelDpcEventWait	234	0x14060a220
ExCancelTimer	235	0x1402a19a0
ExCleanupAutoExpandPushLock	236	0x14026bbc0
ExCleanupRundownProtectionCacheAware	237	0x1402f8890
ExCompositionObjectType	238	0x140d1de10
ExConvertExclusiveToSharedLite	239	0x1402d3150
ExConvertFastResourceExclusiveToShared	240	0x140607ed0
ExConvertPushLockExclusiveToShared	241	0x1404093c0
ExCoreMessagingObjectType	242	0x140d1de00
ExCreateCallback	243	0x140796e70
ExCreateDpcEvent	244	0x14060a240
ExCreatePool	245	0x140604fd0
ExDeleteDpcEvent	246	0x14060a350
ExDeleteFastResource	247	0x1403cd610
ExDeleteLookasideListEx	248	0x1402e3d20
ExDeleteNPagedLookasideList	249	0x1403bf870
ExDeletePagedLookasideList	250	0x1402e3ca0
ExDeleteResourceLite	251	0x1402ffc70
ExDeleteTimer	252	0x1402a15d0
ExDesktopObjectType	253	0x140d1de18
ExDestroyPool	254	0x1406051c0
ExDisableResourceBoostLite	255	0x1403bbc50
ExDisownFastResource	256	0x1403c4fa0
ExEnterCriticalRegionAndAcquireFastMutexUnsafe	257	0x140280660
ExEnterCriticalRegionAndAcquireResourceExclusive	258	0x1402bd4f0
ExEnterCriticalRegionAndAcquireResourceShared	259	0x1402c39b0
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive	260	0x14045fe50
ExEnterPriorityRegionAndAcquireResourceExclusive	261	0x140608d10
ExEnterPriorityRegionAndAcquireResourceShared	262	0x1402c3d80
ExEnumHandleTable	263	0x1406f9bb0
ExEnumerateSystemFirmwareTables	264	0x1409f63c0
ExEventObjectType	265	0x140d1dab8
ExExtendZone	266	0x14060a3c0
ExFetchLicenseData	267	0x1409f9be0
ExFlushLookasideListEx	268	0x1402e3d60
ExFreeAutoExpandPushLock	269	0x1403c86a0
ExFreeCacheAwarePushLock	270	0x140607c70
ExFreeCacheAwareRundownProtection	271	0x1402ae1a0
ExFreePool	272	0x140aaf010
ExFreePool2	273	0x1406051e0
ExFreePoolWithTag	274	0x140aaf950
ExFreeToLookasideListEx	275	0x14029dcf0
ExFreeToNPagedLookasideList	276	0x140292e10
ExFreeToPagedLookasideList	277	0x140292e10
ExGetCurrentProcessorCounts	278	0x1402d01d0
ExGetCurrentProcessorCpuUsage	279	0x14045fc10
ExGetExclusiveWaiterCount	280	0x1403b8030
ExGetFirmwareEnvironmentVariable	281	0x14076b4e0
ExGetFirmwareType	282	0x1403afe70
ExGetLicenseTamperState	283	0x1409f9d50
ExGetPreviousMode	284	0x1402856d0
ExGetSharedWaiterCount	285	0x1403b95b0
ExGetSystemFirmwareTable	286	0x140852ca0
ExInitializeAutoExpandPushLock	287	0x1402c3bf0
ExInitializeDeviceAts	288	0x14060a5d0
ExInitializeFastOwnerEntry	289	0x1402ca0b0
ExInitializeFastResource	290	0x1403bda90
ExInitializeFastResourceAcquired	291	0x140409a80
ExInitializeLookasideListEx	292	0x14028efa0
ExInitializeNPagedLookasideList	293	0x1403bbe30
ExInitializePagedLookasideList	294	0x140791200
ExInitializePushLock	295	0x14028f900
ExInitializeResourceLite	296	0x1402789c0
ExInitializeRundownProtection	297	0x14028f900
ExInitializeRundownProtectionCacheAware	298	0x14075e310
ExInitializeRundownProtectionCacheAwareEx	299	0x1402f8890
ExInitializeZone	300	0x14060a430
ExInterlockedAddLargeInteger	301	0x14060ad80
ExInterlockedAddUlong	302	0x1403c7db0
ExInterlockedExtendZone	303	0x14060a4b0
ExInterlockedInsertHeadList	304	0x1402de630
ExInterlockedInsertTailList	305	0x1402b3570
ExInterlockedPopEntryList	306	0x14060ae10
ExInterlockedPushEntryList	307	0x14060aea0
ExInterlockedRemoveHeadList	308	0x1402b27e0
ExIsFastResourceContended	309	0x140608060
ExIsFastResourceHeld	310	0x1403c3030
ExIsFastResourceHeldExclusive	311	0x1403c2ec0
ExIsManufacturingModeEnabled	312	0x1407956f0
ExIsProcessorFeaturePresent	313	0x1402f0130
ExIsResourceAcquiredExclusiveLite	314	0x1402b1f20
ExIsResourceAcquiredSharedLite	315	0x14021a520
ExIsSoftBoot	316	0x1403713a0
ExLocalTimeToSystemTime	317	0x1402c7b00
ExMoveFastResourceOwnershipWithFlags	318	0x140409ac0
ExNotifyBootDeviceRemoval	319	0x1406077c0
ExNotifyCallback	320	0x1402c9810
ExQueryDepthSList	321	0x1402bdfa0
ExQueryFastCacheDevLicense	322	0x14079b980
ExQueryPoolBlockSize	323	0x140605ce0
ExQueryTimerResolution	324	0x1403b00d0
ExQueryWnfStateData	325	0x14079bd90
ExQueueDpcEventWait	326	0x14060a380
ExQueueWorkItem	327	0x1403109c0
ExRaiseAccessViolation	328	0x140865df0
ExRaiseDatatypeMisalignment	329	0x140a011b0
ExRaiseException	330	0x1402758c0
ExRaiseHardError	331	0x140a011d0
ExRaiseStatus	332	0x1402a0160
ExRawInputManagerObjectType	333	0x140d1de08
ExReInitializeRundownProtection	334	0x1402ec9a0
ExReInitializeRundownProtectionCacheAware	335	0x1402ae100
ExRealTimeIsUniversal	336	0x1402c7ae0
ExRegisterBootDevice	337	0x140607810
ExRegisterCallback	338	0x1402f1f20
ExRegisterExtension	339	0x14080aef0
ExReinitializeFastResource	340	0x1403cee30
ExReinitializeResourceLite	341	0x1402be280
ExReleaseAutoExpandPushLockExclusive	342	0x14026bce0
ExReleaseAutoExpandPushLockShared	343	0x140327300
ExReleaseCacheAwarePushLockExclusive	344	0x140302ab0
ExReleaseCacheAwarePushLockExclusiveEx	345	0x140409430
ExReleaseCacheAwarePushLockSharedEx	346	0x140246b10
ExReleaseDisownedFastResource	347	0x1403c34f0
ExReleaseDisownedFastResourceExclusive	348	0x1406080e0
ExReleaseDisownedFastResourceShared	349	0x140608200
ExReleaseFastMutex	350	0x1403270b0
ExReleaseFastMutexUnsafe	351	0x140280620
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion	352	0x1402805f0
ExReleaseFastResource	353	0x1403c39f0
ExReleaseFastResourceExclusive	354	0x140608330
ExReleaseFastResourceShared	355	0x140608480
ExReleasePushLockEx	356	0x1403279e0
ExReleasePushLockExclusiveEx	357	0x140327a50
ExReleasePushLockSharedEx	358	0x140301ac0
ExReleaseResourceAndLeaveCriticalRegion	359	0x140337c40
ExReleaseResourceAndLeavePriorityRegion	360	0x140608d70
ExReleaseResourceForThreadLite	361	0x140337520
ExReleaseResourceLite	362	0x140322450
ExReleaseRundownProtection	363	0x1402bd2f0
ExReleaseRundownProtectionCacheAware	364	0x1402bb010
ExReleaseRundownProtectionCacheAwareEx	365	0x14030cb70
ExReleaseRundownProtectionEx	366	0x14045fe90
ExReleaseSpinLockExclusive	367	0x1402c37d0
ExReleaseSpinLockExclusiveFromDpcLevel	368	0x140217b80
ExReleaseSpinLockShared	369	0x1402c3220
ExReleaseSpinLockSharedFromDpcLevel	370	0x140360c60
ExRundownCompleted	371	0x140284d70
ExRundownCompletedCacheAware	372	0x1402ae150
ExSecurePoolUpdate	373	0x14060b250
ExSecurePoolValidate	374	0x14060b2a0
ExSemaphoreObjectType	375	0x140d1c298
ExSetFirmwareEnvironmentVariable	376	0x1409fc060
ExSetLicenseTamperState	377	0x1409f9e10
ExSetResourceOwnerPointer	378	0x1402996d0
ExSetResourceOwnerPointerEx	379	0x140299690
ExSetTimer	380	0x1402a1910
ExSetTimerResolution	381	0x1403ae480
ExShareAddressSpaceWithDevice	382	0x140a01cb0
ExShareUltraSpaceWithDevice	383	0x140a01cd0
ExSizeOfAutoExpandPushLock	384	0x1402eddf0
ExSizeOfRundownProtectionCacheAware	385	0x140866300
ExSubscribeWnfStateChange	386	0x140795360
ExSvmBeginDeviceReset	387	0x14060b420
ExSvmFinalizeDeviceReset	388	0x14060b5f0
ExSystemExceptionFilter	389	0x140857a80
ExSystemTimeToLocalTime	390	0x1402c7b50
ExTimedWaitForUnblockPushLock	391	0x14029d810
ExTimerObjectType	392	0x140d1dcc8
ExTryAcquireAutoExpandPushLockExclusive	393	0x1403c7e40
ExTryAcquireAutoExpandPushLockShared	394	0x1403c6620
ExTryAcquireCacheAwarePushLockExclusiveEx	395	0x140607ce0
ExTryAcquireCacheAwarePushLockSharedEx	396	0x140607db0
ExTryAcquirePushLockExclusiveEx	397	0x1402b3000
ExTryAcquirePushLockSharedEx	398	0x1402b2eb0
ExTryAcquireSpinLockExclusiveAtDpcLevel	399	0x140209d00
ExTryAcquireSpinLockSharedAtDpcLevel	400	0x14045ff00
ExTryConvertPushLockSharedToExclusiveEx	401	0x1402d1b60
ExTryConvertSharedSpinLockExclusive	402	0x1403c02d0
ExTryQueueWorkItem	403	0x14020ce30
ExTryToAcquireFastMutex	404	0x1402cc560
ExTryToAcquireResourceExclusiveLite	405	0x140608df0
ExTryToConvertFastResourceSharedToExclusive	406	0x1406085e0
ExUnblockOnAddressPushLockEx	407	0x1403ce3f0
ExUnblockPushLockEx	408	0x1403147d0
ExUnregisterCallback	409	0x1402f8b20
ExUnregisterExtension	410	0x140a01a50
ExUnsubscribeWnfStateChange	411	0x140776c60
ExUpdateLicenseData	412	0x1407a4d40
ExUuidCreate	413	0x140720850
ExVerifySuite	414	0x1403a08a0
ExWaitForRundownProtectionRelease	415	0x140302a50
ExWaitForRundownProtectionReleaseCacheAware	416	0x1402ae040
ExWaitForUnblockPushLock	417	0x140607e70
ExWindowStationObjectType	418	0x140d1de20
ExfAcquirePushLockExclusive	419	0x14026b610
ExfAcquirePushLockShared	420	0x14026b840
ExfReleasePushLock	421	0x140302b20
ExfReleasePushLockExclusive	422	0x140302c00
ExfReleasePushLockShared	423	0x140302b50
ExfTryAcquirePushLockShared	424	0x140607e90
ExfTryToWakePushLock	425	0x140302c50
ExfUnblockPushLock	426	0x1404094d0
ExpInterlockedFlushSList	427	0x14041c750
ExpInterlockedPopEntrySList	428	0x14041c6d0
ExpInterlockedPushEntrySList	429	0x14041c710
FirstEntrySList	430	0x14041c6c0
FsRtlAcknowledgeEcp	431	0x140698940
FsRtlAcquireEofLock	432	0x14026af30
FsRtlAcquireFileExclusive	433	0x14067ff80
FsRtlAcquireHeaderMutex	434	0x14026b3e0
FsRtlAddBaseMcbEntry	435	0x1402c7110
FsRtlAddBaseMcbEntryEx	436	0x1402c7130
FsRtlAddLargeMcbEntry	437	0x1402c6b20
FsRtlAddMcbEntry	438	0x140539f90
FsRtlAddToTunnelCache	439	0x14093e240
FsRtlAddToTunnelCacheEx	440	0x140760640
FsRtlAllocateAePushLock	441	0x14053a450
FsRtlAllocateExtraCreateParameter	442	0x140685330
FsRtlAllocateExtraCreateParameterFromLookasideList	443	0x1407bb1c0
FsRtlAllocateExtraCreateParameterList	444	0x1407bb160
FsRtlAllocateFileLock	445	0x1402f3640
FsRtlAllocatePool	446	0x14053b070
FsRtlAllocatePoolWithQuota	447	0x14053b0a0
FsRtlAllocatePoolWithQuotaTag	448	0x14053b0d0
FsRtlAllocatePoolWithTag	449	0x14053b100
FsRtlAllocateResource	450	0x14093d530
FsRtlAreNamesEqual	451	0x1402ae790
FsRtlAreThereCurrentOrInProgressFileLocks	452	0x14053a740
FsRtlAreThereWaitingFileLocks	453	0x140453bb0
FsRtlAreVolumeStartupApplicationsComplete	454	0x14079ec80
FsRtlBalanceReads	455	0x140866cb0
FsRtlCancellableWaitForMultipleObjects	456	0x140768a90
FsRtlCancellableWaitForSingleObject	457	0x140768840
FsRtlChangeBackingFileObject	458	0x1403cf3a0
FsRtlCheckLockForOplockRequest	459	0x14053a770
FsRtlCheckLockForReadAccess	460	0x1402bb510
FsRtlCheckLockForWriteAccess	461	0x1402bb5a0
FsRtlCheckOplock	462	0x14026cfb0
FsRtlCheckOplockEx	463	0x14026c2a0
FsRtlCheckOplockEx2	464	0x14026c2f0
FsRtlCheckOplockForFsFilterCallback	465	0x14067d390
FsRtlCheckUpperOplock	466	0x14093e400
FsRtlCopyRead	467	0x14093d590
FsRtlCopyWrite	468	0x140842b60
FsRtlCreateSectionForDataScan	469	0x1402e4280
FsRtlCurrentBatchOplock	470	0x1407768f0
FsRtlCurrentOplock	471	0x1403cf380
FsRtlCurrentOplockH	472	0x140876f50
FsRtlDedupChangeInit	473	0x14093ee30
FsRtlDedupChangeLogOverwriteOrFree	474	0x14093ef20
FsRtlDedupChangeLogWrite	475	0x14093ef60
FsRtlDedupChangeUninit	476	0x14093efb0
FsRtlDeleteExtraCreateParameterLookasideList	477	0x14093d560
FsRtlDeleteKeyFromTunnelCache	478	0x1407600a0
FsRtlDeleteTunnelCache	479	0x1408642d0
FsRtlDeregisterUncProvider	480	0x14093e2c0
FsRtlDisallowLegacyFilterOnDevice	481	0x140408570
FsRtlDismountComplete	482	0x140877a30
FsRtlDissectDbcs	483	0x14093f780
FsRtlDissectName	484	0x1402b2940
FsRtlDoesDbcsContainWildCards	485	0x140897990
FsRtlDoesNameContainWildCards	486	0x1402cdb70
FsRtlFastCheckLockForRead	487	0x1402bb7f0
FsRtlFastCheckLockForWrite	488	0x1402bb690
FsRtlFastUnlockAll	489	0x1402b0250
FsRtlFastUnlockAllByKey	490	0x14053a8e0
FsRtlFastUnlockSingle	491	0x1402b08d0
FsRtlFindExtraCreateParameter	492	0x140698970
FsRtlFindInTunnelCache	493	0x14093e280
FsRtlFindInTunnelCacheEx	494	0x140760970
FsRtlFreeAePushLock	495	0x14053a490
FsRtlFreeExtraCreateParameter	496	0x140705c10
FsRtlFreeExtraCreateParameterList	497	0x140705b90
FsRtlFreeFileLock	498	0x1402f5690
FsRtlGetCurrentProcessLoaderList	499	0x14093f4d0
FsRtlGetEcpListFromIrp	500	0x140698950
FsRtlGetFileNameInformation	501	0x1407959d0
FsRtlGetFileSize	502	0x140694a50
FsRtlGetIoAtEof	503	0x1402c47f0
FsRtlGetNextBaseMcbEntry	504	0x1402cd250
FsRtlGetNextExtraCreateParameter	505	0x140873dd0
FsRtlGetNextFileLock	506	0x14053a950
FsRtlGetNextLargeMcbEntry	507	0x1403a0690
FsRtlGetNextMcbEntry	508	0x140539fb0
FsRtlGetSectorSizeInformation	509	0x14085f090
FsRtlGetSupportedFeatures	510	0x1402c3260
FsRtlGetVirtualDiskNestingLevel	511	0x1403bcc40
FsRtlHeatInit	512	0x1409400b0
FsRtlHeatLogIo	513	0x1409401f0
FsRtlHeatLogTierMove	514	0x1409402d0
FsRtlHeatUninit	515	0x140940330
FsRtlIncrementCcFastMdlReadWait	516	0x1403ccf80
FsRtlIncrementCcFastReadNoWait	517	0x140539ee0
FsRtlIncrementCcFastReadNotPossible	518	0x1407a4ff0
FsRtlIncrementCcFastReadResourceMiss	519	0x140539ef0
FsRtlIncrementCcFastReadWait	520	0x14077bc40
FsRtlInitExtraCreateParameterLookasideList	521	0x14084b2b0
FsRtlInitializeBaseMcb	522	0x14053a030
FsRtlInitializeBaseMcbEx	523	0x1402d8660
FsRtlInitializeEofLock	524	0x1402d0ab0
FsRtlInitializeExtraCreateParameter	525	0x1407a10f0
FsRtlInitializeExtraCreateParameterList	526	0x1407a26a0
FsRtlInitializeFileLock	527	0x1403c0480
FsRtlInitializeLargeMcb	528	0x1402d85f0
FsRtlInitializeMcb	529	0x14093e200
FsRtlInitializeOplock	530	0x1407efc80
FsRtlInitializeTunnelCache	531	0x140864020
FsRtlInsertExtraCreateParameter	532	0x1407045b0
FsRtlInsertPerFileContext	533	0x1402eeb10
FsRtlInsertPerFileObjectContext	534	0x14026c070
FsRtlInsertPerStreamContext	535	0x1402bcf10
FsRtlIs32BitProcess	536	0x14093f500
FsRtlIsDaxVolume	537	0x140539f00
FsRtlIsDbcsInExpression	538	0x14093f860
FsRtlIsEcpAcknowledged	539	0x140774c60
FsRtlIsEcpFromUserMode	540	0x14077cd20
FsRtlIsExtentDangling	541	0x14093f530
FsRtlIsFatDbcsLegal	542	0x14076f650
FsRtlIsHpfsDbcsLegal	543	0x14093fed0
FsRtlIsMobileOS	544	0x140816f40
FsRtlIsNameInExpression	545	0x140273da0
FsRtlIsNameInUnUpcasedExpression	546	0x140273f20
FsRtlIsNonEmptyDirectoryReparsePointAllowed	547	0x1402ed670
FsRtlIsNtstatusExpected	548	0x1402e4a70
FsRtlIsPagingFile	549	0x1402cb710
FsRtlIsSystemPagingFile	550	0x14053a4c0
FsRtlIsTotalDeviceFailure	551	0x140263db0
FsRtlIssueDeviceIoControl	552	0x14085f4a0
FsRtlKernelFsControlFile	553	0x140768510
FsRtlLegalAnsiCharacterArray	554	0x14000abe0
FsRtlLogCcFlushError	555	0x14093d910
FsRtlLookupBaseMcbEntry	556	0x1402b2d40
FsRtlLookupLargeMcbEntry	557	0x14039cb70
FsRtlLookupLastBaseMcbEntry	558	0x1402d0a20
FsRtlLookupLastBaseMcbEntryAndIndex	559	0x1402ec130
FsRtlLookupLastLargeMcbEntry	560	0x14053a050
FsRtlLookupLastLargeMcbEntryAndIndex	561	0x1403a6270
FsRtlLookupLastMcbEntry	562	0x14053a0d0
FsRtlLookupMcbEntry	563	0x14053a130
FsRtlLookupPerFileContext	564	0x1402f3410
FsRtlLookupPerFileObjectContext	565	0x1402af960
FsRtlLookupPerStreamContextInternal	566	0x14026aa80
FsRtlMdlRead	567	0x1407a3a60
FsRtlMdlReadComplete	568	0x140539f30
FsRtlMdlReadCompleteDev	569	0x1402e0ef0
FsRtlMdlReadDev	570	0x14093db80
FsRtlMdlReadEx	571	0x1407a39e0
FsRtlMdlWriteComplete	572	0x14093dd70
FsRtlMdlWriteCompleteDev	573	0x1407a26e0
FsRtlMupGetProviderIdFromName	574	0x14093e320
FsRtlMupGetProviderInfoFromFileObject	575	0x14093e350
FsRtlNormalizeNtstatus	576	0x14053b130
FsRtlNotifyChangeDirectory	577	0x140940770
FsRtlNotifyCleanup	578	0x14078c510
FsRtlNotifyCleanupAll	579	0x1409407d0
FsRtlNotifyFilterChangeDirectory	580	0x140844ce0
FsRtlNotifyFilterChangeDirectoryLite	581	0x14069bc20
FsRtlNotifyFilterReportChange	582	0x14083ea60
FsRtlNotifyFilterReportChangeLite	583	0x1409408a0
FsRtlNotifyFilterReportChangeLiteEx	584	0x1406c8da0
FsRtlNotifyFullChangeDirectory	585	0x140844c70
FsRtlNotifyFullReportChange	586	0x14083ea00
FsRtlNotifyInitializeSync	587	0x140792930
FsRtlNotifyReportChange	588	0x140940900
FsRtlNotifyUninitializeSync	589	0x1408655a0
FsRtlNotifyVolumeEvent	590	0x140866c50
FsRtlNotifyVolumeEventEx	591	0x14075e0c0
FsRtlNumberOfRunsInBaseMcb	592	0x1402c31c0
FsRtlNumberOfRunsInLargeMcb	593	0x1403a9e90
FsRtlNumberOfRunsInMcb	594	0x14053a1c0
FsRtlOpenFileSystemRegistryKeyFromFsGuid	595	0x14067d670
FsRtlOplockBreakH	596	0x14093e910
FsRtlOplockBreakH2	597	0x14079bfd0
FsRtlOplockBreakToNone	598	0x14053b1e0
FsRtlOplockBreakToNoneEx	599	0x14053b240
FsRtlOplockFsctrl	600	0x140699e10
FsRtlOplockFsctrlEx	601	0x140699910
FsRtlOplockGetAnyBreakOwnerProcess	602	0x14053b400
FsRtlOplockIsFastIoPossible	603	0x14076e130
FsRtlOplockIsSharedRequest	604	0x14077ca30
FsRtlOplockKeysEqual	605	0x14053b480
FsRtlPostPagingFileStackOverflow	606	0x14053c9d0
FsRtlPostStackOverflow	607	0x14053c9f0
FsRtlPrepareMdlWrite	608	0x1407a3940
FsRtlPrepareMdlWriteDev	609	0x14093dde0
FsRtlPrepareMdlWriteEx	610	0x1407a38c0
FsRtlPrepareToReuseEcp	611	0x1408777e0
FsRtlPrivateLock	612	0x1402b0d70
FsRtlProcessFileLock	613	0x14053aee0
FsRtlQueryCachedVdl	614	0x140792d00
FsRtlQueryInformationFile	615	0x14093f550
FsRtlQueryKernelEaFile	616	0x140768880
FsRtlQueryMaximumVirtualDiskNestingLevel	617	0x1403bcde0
FsRtlRegisterFileSystemFilterCallbacks	618	0x1403bff90
FsRtlRegisterFltMgrCalls	619	0x140858000
FsRtlRegisterMupCalls	620	0x140857ff0
FsRtlRegisterUncProvider	621	0x14093e380
FsRtlRegisterUncProviderEx	622	0x14093e3c0
FsRtlRegisterUncProviderEx2	623	0x140844470
FsRtlReleaseEofLock	624	0x1402b2020
FsRtlReleaseFile	625	0x14067ffb0
FsRtlReleaseFileNameInformation	626	0x140798800
FsRtlReleaseHeaderMutex	627	0x14026b360
FsRtlRemoveBaseMcbEntry	628	0x1402c6cd0
FsRtlRemoveDotsFromPath	629	0x14086aa70
FsRtlRemoveExtraCreateParameter	630	0x140698a00
FsRtlRemoveLargeMcbEntry	631	0x1403a5ae0
FsRtlRemoveMcbEntry	632	0x14053a1e0
FsRtlRemovePerFileContext	633	0x14053a4e0
FsRtlRemovePerFileObjectContext	634	0x14026bbf0
FsRtlRemovePerStreamContext	635	0x14053a5e0
FsRtlResetBaseMcb	636	0x1402f84b0
FsRtlResetLargeMcb	637	0x14053a200
FsRtlSendModernAppTermination	638	0x1402e7190
FsRtlSetDriverBacking	639	0x140863a80
FsRtlSetEcpListIntoIrp	640	0x14076cdd0
FsRtlSetKernelEaFile	641	0x140768380
FsRtlSplitBaseMcb	642	0x14053a240
FsRtlSplitLargeMcb	643	0x14053a3b0
FsRtlSyncVolumes	644	0x14079cf20
FsRtlTeardownPerFileContexts	645	0x140777e00
FsRtlTeardownPerStreamContexts	646	0x14075e5f0
FsRtlTruncateBaseMcb	647	0x1402c6bd0
FsRtlTruncateLargeMcb	648	0x1402c6b90
FsRtlTruncateMcb	649	0x14053a430
FsRtlTryToAcquireHeaderMutex	650	0x140539d80
FsRtlUninitializeBaseMcb	651	0x140292e50
FsRtlUninitializeFileLock	652	0x1402f56c0
FsRtlUninitializeLargeMcb	653	0x140292bf0
FsRtlUninitializeMcb	654	0x14093e220
FsRtlUninitializeOplock	655	0x1402d9d30
FsRtlUpdateDiskCounters	656	0x1402da450
FsRtlUpperOplockFsctrl	657	0x14093e950
FsRtlValidateReparsePointBuffer	658	0x1402a6670
FsRtlVolumeDeviceToCorrelationId	659	0x14085f000
HalAcpiGetTableEx	660	0x1404fe260
HalAcquireDisplayOwnership	661	0x1402f8890
HalAdjustResourceList	662	0x140261580
HalAllProcessorsStarted	663	0x140b75f00
HalAllocateAdapterChannel	664	0x14044fd50
HalAllocateCommonBuffer	665	0x1404fe430
HalAllocateCrashDumpRegisters	666	0x1404fe600
HalAllocateHardwareCounters	667	0x140933a30
HalAssignSlotResources	668	0x1409339a0
HalBugCheckSystem	669	0x1404ff1a0
HalCalibratePerformanceCounter	670	0x1404fb690
HalClearSoftwareInterrupt	671	0x1402f8890
HalConvertDeviceIdtToIrql	672	0x14082bd90
HalDisableInterrupt	673	0x14029e000
HalDispatchTable	674	0x140c020e0
HalDisplayString	675	0x1402f8890
HalDmaAllocateCrashDumpRegistersEx	676	0x1403a8cb0
HalDmaFreeCrashDumpRegistersEx	677	0x1404fe700
HalEnableInterrupt	678	0x14029ed30
HalEnumerateEnvironmentVariablesEx	679	0x140501c80
HalEnumerateProcessors	680	0x140376530
HalExamineMBR	681	0x140940de0
HalFlushCommonBuffer	682	0x14036d400
HalFreeCommonBuffer	683	0x1404fe450
HalFreeHardwareCounters	684	0x140933b70
HalGetAdapter	685	0x140933a10
HalGetBusData	686	0x140390c40
HalGetBusDataByOffset	687	0x140390c70
HalGetEnvironmentVariable	688	0x140501ca0
HalGetEnvironmentVariableEx	689	0x1402fb260
HalGetInterruptTargetInformation	690	0x140382100
HalGetInterruptVector	691	0x140501470
HalGetMemoryCachingRequirements	692	0x1402efb10
HalGetMessageRoutingInfo	693	0x14029e820
HalGetProcessorIdByNtNumber	694	0x140371d50
HalGetVectorInput	695	0x1403a7460
HalHandleMcheck	696	0x140502b90
HalHandleNMI	697	0x1405037a0
HalInitSystem	698	0x140a8c840
HalInitializeBios	699	0x140399db0
HalInitializeOnResume	700	0x140503ab0
HalInitializeProcessor	701	0x140382950
HalIsHyperThreadingEnabled	702	0x140383e90
HalMakeBeep	703	0x140503ad0
HalPerformEndOfInterrupt	704	0x1402baf60
HalPrivateDispatchTable	705	0x140c019a0
HalProcessorIdle	706	0x14040e2a0
HalQueryDisplayParameters	707	0x1402f8890
HalQueryEnvironmentVariableInfoEx	708	0x140501d40
HalQueryMaximumProcessorCount	709	0x14037aa10
HalQueryRealTimeClock	710	0x1402c7990
HalReadDmaCounter	711	0x1404fe480
HalRegisterDynamicProcessor	712	0x140503dc0
HalRegisterErrataCallbacks	713	0x140b591c0
HalReportResourceUsage	714	0x140b46910
HalRequestClockInterrupt	715	0x1402efc60
HalRequestDeferredRecoveryServiceInterrupt	716	0x140503df0
HalRequestIpi	717	0x1402e7040
HalRequestIpiSpecifyVector	718	0x140330c10
HalRequestSoftwareInterrupt	719	0x140331290
HalReturnToFirmware	720	0x140503e30
HalSendNMI	721	0x1402665b0
HalSendSoftwareInterrupt	722	0x140330cb0
HalSetBusData	723	0x1404fe400
HalSetBusDataByOffset	724	0x140390aa0
HalSetDisplayParameters	725	0x1402f8890
HalSetEnvironmentVariable	726	0x140501e40
HalSetEnvironmentVariableEx	727	0x140501f20
HalSetProfileInterval	728	0x140504360
HalSetRealTimeClock	729	0x1404fc180
HalStartDynamicProcessor	730	0x1405020b0
HalStartNextProcessor	731	0x140376fb0
HalStartProfileInterrupt	732	0x1405043a0
HalStopProfileInterrupt	733	0x1405043c0
HalSystemVectorDispatchEntry	734	0x140261580
HalTranslateBusAddress	735	0x1403758f0
HalWheaUpdateCmciPolicy	736	0x1403a6e10
HeadlessDispatch	737	0x140377750
HviGetHardwareFeatures	738	0x1406136e0
HviGetHypervisorFeatures	739	0x140384360
HviIsAnyHypervisorPresent	740	0x140383c10
HviIsHypervisorVendorMicrosoft	741	0x140384d50
HvlGetApicIdFromLpIndex	742	0x14053d5b0
HvlGetLpIndexFromApicId	743	0x14053d5e0
HvlGetLpIndexFromProcessorIndex	744	0x140453ea0
HvlInvokeFastExtendedHypercall	745	0x1403c4d50
HvlInvokeHypercall	746	0x1403c5ed0
HvlIsSchedulerAssistAvailable	747	0x14053fd80
HvlLpReadMultipleMsr	748	0x140541f30
HvlLpWriteMultipleMsr	749	0x140542080
HvlPerformEndOfInterrupt	750	0x140453ef0
HvlQueryActiveHypervisorProcessorCount	751	0x14053d610
HvlQueryActiveProcessors	752	0x14053d640
HvlQueryConnection	753	0x140384ca0
HvlQueryHypervisorProcessorNodeNumber	754	0x14053d6d0
HvlQueryNumaDistance	755	0x14053d890
HvlQueryProcessorTopology	756	0x14053d990
HvlQueryProcessorTopologyCount	757	0x14053d9b0
HvlQueryProcessorTopologyEx	758	0x14053d9f0
HvlQueryProcessorTopologyHighestId	759	0x14053da80
HvlQueryStartedProcessors	760	0x14053dac0
HvlReadPerformanceStateCounters	761	0x1403c7560
HvlRegisterInterruptCallback	762	0x14053d230
HvlRegisterWheaErrorNotification	763	0x140941930
HvlSchedulerAssistAcknowledgeEvents	764	0x14053fda0
HvlUnregisterInterruptCallback	765	0x14053d3f0
HvlUnregisterWheaErrorNotification	766	0x140941970
HvlUpdatePerformanceStateCountersForLp	767	0x1403c5e90
InbvAcquireDisplayOwnership	768	0x14054bb10
InbvCheckDisplayOwnership	769	0x14054bb70
InbvDisplayString	770	0x140371880
InbvEnableBootDriver	771	0x14054bba0
InbvEnableDisplayString	772	0x1403b0360
InbvInstallDisplayStringFilter	773	0x1403b03d0
InbvIsBootDriverInstalled	774	0x1403a3cb0
InbvNotifyDisplayOwnershipChange	775	0x1403afff0
InbvNotifyDisplayOwnershipLost	776	0x14054bc40
InbvResetDisplay	777	0x14054bca0
InbvSetScrollRegion	778	0x14054bcd0
InbvSetTextColor	779	0x14054bd00
InbvSetVirtualFrameBuffer	780	0x1403affb0
InbvSolidColorFill	781	0x14054bd30
InitSafeBootMode	782	0x140c64284
InitializeSListHead	783	0x14028f5a0
InterlockedPushListSList	784	0x14041c780
IoAcquireCancelSpinLock	785	0x1402c6420
IoAcquireKsrPersistentMemory	786	0x140952c50
IoAcquireKsrPersistentMemoryEx	787	0x140952c80
IoAcquireRemoveLockEx	788	0x14020a1d0
IoAcquireVpbSpinLock	789	0x1402ee9e0
IoAdapterObjectType	790	0x140d1e3c8
IoAddBugcheckTriageThread	791	0x14054cd10
IoAdjustStackSizeForRedirection	792	0x140553c90
IoAllocateAdapterChannel	793	0x140553d50
IoAllocateController	794	0x140553d80
IoAllocateDriverObjectExtension	795	0x14039f400
IoAllocateErrorLogEntry	796	0x1403bfc80
IoAllocateIrp	797	0x140314590
IoAllocateIrpEx	798	0x1402c45e0
IoAllocateMdl	799	0x140313c30
IoAllocateMiniCompletionPacket	800	0x140732fd0
IoAllocateSfioStreamIdentifier	801	0x140553e20
IoAllocateWorkItem	802	0x1402a0ae0
IoApplyPriorityInfoThread	803	0x1402763b0
IoAssignResources	804	0x140954360
IoAttachDevice	805	0x1409473e0
IoAttachDeviceByPointer	806	0x140553e70
IoAttachDeviceToDeviceStack	807	0x1402eadf0
IoAttachDeviceToDeviceStackSafe	808	0x1402eae10
IoBoostThreadIo	809	0x14036eae0
IoBuildAsynchronousFsdRequest	810	0x1402a02d0
IoBuildDeviceIoControlRequest	811	0x1403626f0
IoBuildPartialMdl	812	0x1402aea90
IoBuildSynchronousFsdRequest	813	0x14072bc00
IoCallDriver	814	0x140553ea0
IoCancelFileOpen	815	0x1409474e0
IoCancelIrp	816	0x1402de520
IoCancelMiniCompletionPacket	817	0x140555470
IoCheckDesiredAccess	818	0x140947630
IoCheckEaBufferValidity	819	0x140789ab0
IoCheckFileObjectOpenedAsCopyDestination	820	0x140947680
IoCheckFileObjectOpenedAsCopySource	821	0x1409476a0
IoCheckFunctionAccess	822	0x140871050
IoCheckLinkShareAccess	823	0x140699690
IoCheckQuerySetFileInformation	824	0x140871820
IoCheckQuerySetVolumeInformation	825	0x140871bb0
IoCheckQuotaBufferValidity	826	0x1409476c0
IoCheckRedirectionTrustLevel	827	0x1403c9be0
IoCheckShareAccess	828	0x14079b8b0
IoCheckShareAccessEx	829	0x140877a50
IoCleanupIrp	830	0x1403c9bb0
IoClearActivityIdThread	831	0x140285710
IoClearAdapterCryptoEngineExtension	832	0x140556320
IoClearFsTrackOffsetState	833	0x140556370
IoClearIrpExtraCreateParameter	834	0x140553ec0
IoCompleteRequest	835	0x140553ee0
IoCompletionObjectType	836	0x140d1dbf8
IoComputeRedirectionTrustLevel	837	0x1405561e0
IoConnectInterrupt	838	0x14084d530
IoConnectInterruptEx	839	0x1407280d0
IoConvertFileHandleToKernelHandle	840	0x140947780
IoCopyDeviceObjectHint	841	0x1409478e0
IoCreateArcName	842	0x140861820
IoCreateController	843	0x140947970
IoCreateDevice	844	0x14069ab40
IoCreateDeviceSecure	845	0x14082f530
IoCreateDisk	846	0x140940df0
IoCreateDriver	847	0x140802ab0
IoCreateFile	848	0x14078b070
IoCreateFileEx	849	0x140704610
IoCreateFileSpecifyDeviceObjectHint	850	0x14079b590
IoCreateNotificationEvent	851	0x1407a35f0
IoCreateStreamFileObject	852	0x1408655d0
IoCreateStreamFileObjectEx	853	0x140867460
IoCreateStreamFileObjectEx2	854	0x14069a1d0
IoCreateStreamFileObjectLite	855	0x14069a180
IoCreateSymbolicLink	856	0x140861c70
IoCreateSymbolicLink2	857	0x140861cb0
IoCreateSynchronizationEvent	858	0x140856980
IoCreateSystemThread	859	0x140863cb0
IoCreateUnprotectedSymbolicLink	860	0x140947a80
IoCsqInitialize	861	0x1402f0060
IoCsqInitializeEx	862	0x1402f5f30
IoCsqInsertIrp	863	0x1402c4050
IoCsqInsertIrpEx	864	0x1402c4070
IoCsqRemoveIrp	865	0x1403cfca0
IoCsqRemoveNextIrp	866	0x1402c4a40
IoDecrementKeepAliveCount	867	0x140555660
IoDeleteController	868	0x1407cf2b0
IoDeleteDevice	869	0x1402ae1d0
IoDeleteDriver	870	0x140947b00
IoDeleteSymbolicLink	871	0x140865c90
IoDetachDevice	872	0x1402f0cc0
IoDeviceHandlerObjectSize	873	0x140d1ee78
IoDeviceHandlerObjectType	874	0x140d23f58
IoDeviceObjectType	875	0x140d1ddd0
IoDisconnectInterrupt	876	0x14075ced0
IoDisconnectInterruptEx	877	0x14075ce80
IoDriverObjectType	878	0x140d1dbb8
IoDuplicateDependency	879	0x140954950
IoEnqueueIrp	880	0x140947b30
IoEnumerateDeviceObjectList	881	0x1403bf6b0
IoEnumerateKsrPersistentMemoryEx	882	0x14055cfe0
IoEnumerateRegisteredFiltersList	883	0x140796010
IoFastQueryNetworkAttributes	884	0x140947b50
IoFileObjectType	885	0x140d1da50
IoFlushAdapterBuffers	886	0x1404fe550
IoForwardAndCatchIrp	887	0x14077f420
IoForwardIrpSynchronously	888	0x14077f420
IoFreeAdapterChannel	889	0x14044fed0
IoFreeController	890	0x140553f00
IoFreeErrorLogEntry	891	0x140553f50
IoFreeIrp	892	0x14027ae80
IoFreeKsrPersistentMemory	893	0x140952e80
IoFreeMapRegisters	894	0x14044fef0
IoFreeMdl	895	0x140316ef0
IoFreeMiniCompletionPacket	896	0x140720290
IoFreeSfioStreamIdentifier	897	0x140553fb0
IoFreeWorkItem	898	0x1402a1030
IoGetActivityIdIrp	899	0x1402afc30
IoGetActivityIdThread	900	0x1402a64e0
IoGetAdapterCryptoEngineExtension	901	0x1405563a0
IoGetAffinityInterrupt	902	0x1403af690
IoGetAttachedDevice	903	0x14027b080
IoGetAttachedDeviceReference	904	0x140331910
IoGetBaseFileSystemDeviceObject	905	0x1402128d0
IoGetBootDiskInformation	906	0x140947b90
IoGetBootDiskInformationLite	907	0x1408194f0
IoGetConfigurationInformation	908	0x1408677e0
IoGetContainerInformation	909	0x140948930
IoGetCopyInformationExtension	910	0x1405563e0
IoGetCurrentProcess	911	0x140283a70
IoGetDeviceAttachmentBaseRef	912	0x1402715b0
IoGetDeviceDirectory	913	0x1409557f0
IoGetDeviceInterfaceAlias	914	0x140781490
IoGetDeviceInterfacePropertyData	915	0x140796910
IoGetDeviceInterfaces	916	0x1406cd150
IoGetDeviceNumaNode	917	0x1408561b0
IoGetDeviceObjectPointer	918	0x1406f37c0
IoGetDeviceProperty	919	0x1406cd2a0
IoGetDevicePropertyData	920	0x14072a4f0
IoGetDeviceToVerify	921	0x1404086a0
IoGetDiskDeviceObject	922	0x1403bf8a0
IoGetDmaAdapter	923	0x14082adb0
IoGetDriverDirectory	924	0x140955be0
IoGetDriverObjectExtension	925	0x1402f02f0
IoGetFileObjectGenericMapping	926	0x140710520
IoGetFsTrackOffsetState	927	0x1402a5df0
IoGetFsZeroingOffset	928	0x1403a6160
IoGetGenericIrpExtension	929	0x1402be1b0
IoGetInitialStack	930	0x140947bc0
IoGetInitiatorProcess	931	0x1402f8a90
IoGetIoAttributionHandle	932	0x1402bd360
IoGetIoPriorityHint	933	0x140360ac0
IoGetIommuInterface	934	0x140956dd0
IoGetIommuInterfaceEx	935	0x140857640
IoGetIrpExtraCreateParameter	936	0x140698950
IoGetLowerDeviceObject	937	0x1402f10a0
IoGetOplockKeyContext	938	0x1405540d0
IoGetOplockKeyContextEx	939	0x140270050
IoGetPagingIoPriority	940	0x1402ca170
IoGetRelatedDeviceObject	941	0x140314900
IoGetRequestorProcess	942	0x1402bb640
IoGetRequestorProcessId	943	0x1402bb900
IoGetRequestorSessionId	944	0x1402f68f0
IoGetSfioStreamIdentifier	945	0x1404541c0
IoGetShadowFileInformation	946	0x140554110
IoGetSilo	947	0x140271610
IoGetSiloParameters	948	0x1402ca120
IoGetStackLimits	949	0x1403150d0
IoGetSymlinkSupportInformation	950	0x140948d10
IoGetTopLevelIrp	951	0x140212d90
IoGetTransactionParameterBlock	952	0x1402b2910
IoIncrementKeepAliveCount	953	0x1405557c0
IoInitializeIrp	954	0x1402be110
IoInitializeIrpEx	955	0x1403c9600
IoInitializeMiniCompletionPacket	956	0x1409483f0
IoInitializeRemoveLockEx	957	0x1403bdc40
IoInitializeTimer	958	0x140854a40
IoInitializeWorkItem	959	0x1402f1160
IoInvalidateDeviceRelations	960	0x1402a7870
IoInvalidateDeviceState	961	0x1403a1b80
IoIrpHasFsTrackOffsetExtensionType	962	0x1402c3760
IoIs32bitProcess	963	0x140285f10
IoIsActivityTracingEnabled	964	0x1402c5370
IoIsFileObjectIgnoringSharing	965	0x1408678c0
IoIsFileOriginRemote	966	0x1402f3ac0
IoIsInitiator32bitProcess	967	0x1403aff70
IoIsOperationSynchronous	968	0x140270fb0
IoIsSystemThread	969	0x1402dfdf0
IoIsValidIrpStatus	970	0x140ac3f50
IoIsValidNameGraftingBuffer	971	0x140948d60
IoIsWdmVersionAvailable	972	0x140897d20
IoLoadCrashDumpDriver	973	0x14054de50
IoMakeAssociatedIrp	974	0x1403a6a00
IoMakeAssociatedIrpEx	975	0x1402a5ad0
IoMapTransfer	976	0x1404fe5c0
IoOpenDeviceInterfaceRegistryKey	977	0x14083c2c0
IoOpenDeviceRegistryKey	978	0x14077ee40
IoOpenDriverRegistryKey	979	0x1406c8aa0
IoPageRead	980	0x1403ce610
IoPropagateActivityIdToThread	981	0x1402a5e20
IoPropagateIrpExtension	982	0x1402a61e0
IoPropagateIrpExtensionEx	983	0x1402a6200
IoQueryDeviceDescription	984	0x1407a7080
IoQueryFileDosDeviceName	985	0x1406f2e20
IoQueryFileInformation	986	0x1407a4570
IoQueryFullDriverPath	987	0x1403a0e40
IoQueryInformationByName	988	0x14077b5d0
IoQueryInterface	989	0x14082b4f0
IoQueryKsrPersistentMemorySize	990	0x140952f20
IoQueryKsrPersistentMemorySizeEx	991	0x140952f50
IoQueryVolumeInformation	992	0x1407a3d90
IoQueueThreadIrp	993	0x1403c0320
IoQueueWorkItem	994	0x1402d8100
IoQueueWorkItemEx	995	0x140312160
IoQueueWorkItemToNode	996	0x140555930
IoRaiseHardError	997	0x140554130
IoRaiseInformationalHardError	998	0x140554410
IoReadDiskSignature	999	0x140940ea0
IoReadOperationCount	1000	0x140c5d328
IoReadPartitionTable	1001	0x140940fa0
IoReadPartitionTableEx	1002	0x140941170
IoReadTransferCount	1003	0x140c5d338
IoRecordIoAttribution	1004	0x140297b60
IoRegisterBootDriverCallback	1005	0x140855c60
IoRegisterBootDriverReinitialization	1006	0x140842a70
IoRegisterContainerNotification	1007	0x1409489b0
IoRegisterDeviceInterface	1008	0x140858820
IoRegisterDriverReinitialization	1009	0x140842af0
IoRegisterFileSystem	1010	0x1408638c0
IoRegisterFsRegistrationChange	1011	0x140947be0
IoRegisterFsRegistrationChangeMountAware	1012	0x1408494a0
IoRegisterIoTracking	1013	0x140949750
IoRegisterLastChanceShutdownNotification	1014	0x140801360
IoRegisterPlugPlayNotification	1015	0x140728460
IoRegisterPriorityCallback	1016	0x14039ab00
IoRegisterShutdownNotification	1017	0x1408013e0
IoReleaseCancelSpinLock	1018	0x1402d1ac0
IoReleaseRemoveLockAndWaitEx	1019	0x1403cf750
IoReleaseRemoveLockEx	1020	0x1402d0300
IoReleaseVpbSpinLock	1021	0x140271910
IoRemoveIoCompletion	1022	0x14030dca0
IoRemoveLinkShareAccess	1023	0x140947c00
IoRemoveLinkShareAccessEx	1024	0x14075dae0
IoRemoveShareAccess	1025	0x14075dac0
IoReplaceFileObjectName	1026	0x140855b10
IoReplacePartitionUnit	1027	0x140955420
IoReportDetectedDevice	1028	0x140827340
IoReportHalResourceUsage	1029	0x140b4d820
IoReportInterruptActive	1030	0x1403d05f0
IoReportInterruptInactive	1031	0x1403ad230
IoReportResourceForDetection	1032	0x140957340
IoReportResourceUsage	1033	0x140957530
IoReportRootDevice	1034	0x1408277e0
IoReportTargetDeviceChange	1035	0x1408739e0
IoReportTargetDeviceChangeAsynchronous	1036	0x1402a1dd0
IoRequestDeviceEject	1037	0x14055d450
IoRequestDeviceEjectEx	1038	0x14055d470
IoRequestDeviceRemovalForReset	1039	0x140957a10
IoReserveDependency	1040	0x14082c1b0
IoReserveKsrPersistentMemory	1041	0x140953160
IoReserveKsrPersistentMemoryEx	1042	0x1409531a0
IoResolveDependency	1043	0x140393220
IoRetrievePriorityInfo	1044	0x1402fe820
IoReuseIrp	1045	0x1402a5fb0
IoSetActivityIdIrp	1046	0x1402a6180
IoSetActivityIdThread	1047	0x1402856f0
IoSetAdapterCryptoEngineExtension	1048	0x140556420
IoSetCompletionRoutineEx	1049	0x1402e7970
IoSetDependency	1050	0x140954a80
IoSetDeviceInterfacePropertyData	1051	0x14085f870
IoSetDeviceInterfaceState	1052	0x14074a8b0
IoSetDevicePropertyData	1053	0x140858620
IoSetDeviceToVerify	1054	0x1404086b0
IoSetFileObjectIgnoreSharing	1055	0x140897c10
IoSetFileOrigin	1056	0x1403c8320
IoSetFsTrackOffsetState	1057	0x140556480
IoSetFsZeroingOffset	1058	0x1405564e0
IoSetFsZeroingOffsetRequired	1059	0x140556520
IoSetGenericIrpExtension	1060	0x14038e2c0
IoSetHardErrorOrVerifyDevice	1061	0x140454200
IoSetInformation	1062	0x140874ec0
IoSetIoAttributionIrp	1063	0x140554790
IoSetIoCompletion	1064	0x140723c20
IoSetIoCompletionEx	1065	0x140298490
IoSetIoCompletionEx3	1066	0x1402984e0
IoSetIoPriorityHint	1067	0x1402c3bc0
IoSetIoPriorityHintIntoFileObject	1068	0x1405547d0
IoSetIoPriorityHintIntoThread	1069	0x14029cbe0
IoSetIrpExtraCreateParameter	1070	0x14076cdd0
IoSetLinkShareAccess	1071	0x14075db70
IoSetMasterIrpStatus	1072	0x1402be220
IoSetPartitionInformation	1073	0x140941220
IoSetPartitionInformationEx	1074	0x140941300
IoSetShadowFileInformation	1075	0x140554810
IoSetShareAccess	1076	0x14075d4f0
IoSetShareAccessEx	1077	0x1408763b0
IoSetStartIoAttributes	1078	0x1403b00a0
IoSetSystemPartition	1079	0x140947c20
IoSetThreadHardErrorMode	1080	0x140284db0
IoSetTopLevelIrp	1081	0x140212d70
IoSizeOfIrpEx	1082	0x1405548a0
IoSizeofGenericIrpExtension	1083	0x1404086c0
IoSizeofWorkItem	1084	0x1402ef290
IoStartNextPacket	1085	0x1405548e0
IoStartNextPacketByKey	1086	0x140554930
IoStartPacket	1087	0x140554980
IoStartTimer	1088	0x140554b30
IoStatisticsLock	1089	0x140d48900
IoSteerInterrupt	1090	0x140954650
IoStopTimer	1091	0x140554b60
IoSynchronousCallDriver	1092	0x1402e0ff0
IoSynchronousPageWrite	1093	0x1402e7940
IoTestDependency	1094	0x1403acb00
IoThreadToProcess	1095	0x1402469c0
IoTransferActivityId	1096	0x1403bbbe0
IoTranslateBusAddress	1097	0x14055da00
IoTryQueueWorkItem	1098	0x1402f62f0
IoUninitializeWorkItem	1099	0x1402f84c0
IoUnregisterBootDriverCallback	1100	0x140b76080
IoUnregisterContainerNotification	1101	0x140948bf0
IoUnregisterFileSystem	1102	0x1408672a0
IoUnregisterFsRegistrationChange	1103	0x140947dc0
IoUnregisterIoTracking	1104	0x140949870
IoUnregisterPlugPlayNotification	1105	0x140727980
IoUnregisterPlugPlayNotificationEx	1106	0x1407279b0
IoUnregisterPriorityCallback	1107	0x140554b80
IoUnregisterShutdownNotification	1108	0x140a9add0
IoUpdateLinkShareAccess	1109	0x140947e70
IoUpdateLinkShareAccessEx	1110	0x140699600
IoUpdateShareAccess	1111	0x140867370
IoValidateDeviceIoControlAccess	1112	0x1402f5500
IoVerifyPartitionTable	1113	0x1409413c0
IoVerifyVolume	1114	0x140947e90
IoVolumeDeviceNameToGuid	1115	0x14094b2a0
IoVolumeDeviceNameToGuidPath	1116	0x1407489c0
IoVolumeDeviceToDosName	1117	0x1406f34f0
IoVolumeDeviceToGuid	1118	0x1407487c0
IoVolumeDeviceToGuidPath	1119	0x140748850
IoWMIAllocateInstanceIds	1120	0x1409df1b0
IoWMIDeviceObjectToInstanceName	1121	0x14077f480
IoWMIDeviceObjectToProviderId	1122	0x1403bb0a0
IoWMIExecuteMethod	1123	0x1409df300
IoWMIHandleToInstanceName	1124	0x14077f2b0
IoWMIOpenBlock	1125	0x1406dcd50
IoWMIQueryAllData	1126	0x14084f8e0
IoWMIQueryAllDataMultiple	1127	0x1409df480
IoWMIQuerySingleInstance	1128	0x1406dc790
IoWMIQuerySingleInstanceMultiple	1129	0x1409df570
IoWMIRegistrationControl	1130	0x14085dec0
IoWMISetNotificationCallback	1131	0x140854dd0
IoWMISetSingleInstance	1132	0x1409df670
IoWMISetSingleItem	1133	0x1409df7a0
IoWMISuggestInstanceName	1134	0x1409df8d0
IoWMIWriteEvent	1135	0x1403a23d0
IoWithinStackLimits	1136	0x1402aeb90
IoWriteErrorLogEntry	1137	0x1403bfeb0
IoWriteKsrPersistentMemory	1138	0x140953690
IoWriteOperationCount	1139	0x140c5d320
IoWritePartitionTable	1140	0x140941470
IoWritePartitionTableEx	1141	0x1409415e0
IoWriteTransferCount	1142	0x140c5d340
IofCallDriver	1143	0x140314d50
IofCompleteRequest	1144	0x140233160
KasanMarkAddressInvalid	1145	0x140562850
KasanMarkAddressRedZone	1146	0x1403a62e0
KasanMarkAddressValid	1147	0x140562930
KasanTrackAddress	1148	0x1402e2470
KasanValidateAddress	1149	0x140562a40
KdAcquireDebuggerLock	1150	0x1403acd30
KdChangeOption	1151	0x140564b30
KdComPortInUse	1152	0x140d17b28
KdDebuggerEnabled	1153	0x140c5aada
KdDebuggerNotPresent	1154	0x140c5aaa0
KdDeregisterPowerHandler	1155	0x140564860
KdDisableDebugger	1156	0x140564ba0
KdEnableDebugger	1157	0x140564dd0
KdEnteredDebugger	1158	0x140c56990
KdEventLoggingEnabled	1159	0x140c5aad8
KdGetDebugDevice	1160	0x140390a70
KdHvComPortInUse	1161	0x140d17b20
KdLogDbgPrint	1162	0x140ab6000
KdPollBreakIn	1163	0x1402bb320
KdPowerTransition	1164	0x140565040
KdPowerTransitionEx	1165	0x1403a74d0
KdRefreshDebuggerNotPresent	1166	0x1403ab6f0
KdRegisterPowerHandler	1167	0x1403ac590
KdReleaseDebuggerLock	1168	0x1403aec10
KdSetEventLoggingPresent	1169	0x140ab4ef0
KdSystemDebugControl	1170	0x1409728d0
KeAcquireGuardedMutex	1171	0x14026b480
KeAcquireGuardedMutexUnsafe	1172	0x1404547e0
KeAcquireInStackQueuedSpinLock	1173	0x140338620
KeAcquireInStackQueuedSpinLockAtDpcLevel	1174	0x140212e50
KeAcquireInStackQueuedSpinLockForDpc	1175	0x14056f430
KeAcquireInStackQueuedSpinLockRaiseToSynch	1176	0x14056f030
KeAcquireInterruptSpinLock	1177	0x14035fa60
KeAcquireQueuedSpinLock	1178	0x14021a490
KeAcquireQueuedSpinLockRaiseToSynch	1179	0x14056f0c0
KeAcquireSpinLockAtDpcLevel	1180	0x14024dd80
KeAcquireSpinLockForDpc	1181	0x14056f470
KeAcquireSpinLockRaiseToDpc	1182	0x14024dc80
KeAcquireSpinLockRaiseToSynch	1183	0x14056f5f0
KeAddGroupAffinityEx	1184	0x1402fe220
KeAddProcessorAffinityEx	1185	0x14030a810
KeAddProcessorGroupAffinity	1186	0x140380250
KeAddSystemServiceTable	1187	0x14082dd80
KeAddTriageDumpDataBlock	1188	0x1403a2080
KeAlertThread	1189	0x140300310
KeAllocateCalloutStack	1190	0x1408434e0
KeAllocateCalloutStackEx	1191	0x1408635b0
KeAllocateProcessorProfileStructures	1192	0x1403a3d10
KeAndAffinityEx	1193	0x14056d150
KeAndAffinityEx2	1194	0x14056d170
KeAndGroupAffinityEx	1195	0x140330a00
KeAreAllApcsDisabled	1196	0x14036c220
KeAreApcsDisabled	1197	0x1402a2040
KeAttachProcess	1198	0x1402ef2a0
KeBugCheck	1199	0x140412650
KeBugCheckEx	1200	0x140412670
KeCancelTimer	1201	0x1402294d0
KeCancelTimer2	1202	0x1402a1a00
KeCapturePersistentThreadState	1203	0x140551900
KeCheckProcessorAffinityEx	1204	0x14030a7d0
KeCheckProcessorGroupAffinity	1205	0x1403bedc0
KeClearEvent	1206	0x140313af0
KeClockInterruptNotify	1207	0x140226090
KeClockTimerPowerChange	1208	0x14056d6a0
KeComplementAffinityEx	1209	0x14056d1a0
KeComplementAffinityEx2	1210	0x14056d1c0
KeConnectInterruptForHal	1211	0x14037ee00
KeConvertAuxiliaryCounterToPerformanceCounter	1212	0x140454840
KeConvertPerformanceCounterToAuxiliaryCounter	1213	0x140569920
KeCopyAffinityEx	1214	0x14056d1e0
KeCopyAffinityEx2	1215	0x1402f2d80
KeCountSetBitsAffinityEx	1216	0x140307f00
KeCountSetBitsGroupAffinity	1217	0x1403aeef0
KeDelayExecutionThread	1218	0x140328f50
KeDeregisterBoundCallback	1219	0x140569940
KeDeregisterBugCheckCallback	1220	0x1405668b0
KeDeregisterBugCheckReasonCallback	1221	0x1402f50c0
KeDeregisterNmiCallback	1222	0x140569a20
KeDeregisterProcessorChangeCallback	1223	0x140974ec0
KeDetachProcess	1224	0x1402f4a20
KeDispatchSecondaryInterrupt	1225	0x14039d650
KeDynamicPartitioningSupported	1226	0x140d1da2d
KeEnterCriticalRegion	1227	0x140283a00
KeEnterGuardedRegion	1228	0x1402b27c0
KeEnterKernelDebugger	1229	0x140566a00
KeEnumerateNextProcessor	1230	0x14030a720
KeExpandKernelStackAndCallout	1231	0x1403cf520
KeExpandKernelStackAndCalloutEx	1232	0x140348b90
KeFindConfigurationEntry	1233	0x140b97320
KeFindConfigurationNextEntry	1234	0x140b70120
KeFindFirstSetLeftAffinityEx	1235	0x1402c3b60
KeFindFirstSetLeftGroupAffinity	1236	0x1402e15d0
KeFindFirstSetRightAffinityEx	1237	0x14056d200
KeFindFirstSetRightGroupAffinity	1238	0x140306a20
KeFirstGroupAffinityEx	1239	0x1402ff5a0
KeFlushCurrentTbImmediately	1240	0x140384330
KeFlushEntireTb	1241	0x1403ac200
KeFlushIoBuffers	1242	0x1402d30a0
KeFlushQueuedDpcs	1243	0x1402fb5d0
KeFlushWriteBuffer	1244	0x1402f8890
KeForceEnableNx	1245	0x140a8a980
KeFreeCalloutStack	1246	0x140876670
KeGenericCallDpc	1247	0x1402f62b0
KeGetClockOwner	1248	0x140408750
KeGetClockTimerResolution	1249	0x14056d6b0
KeGetCurrentIrql	1250	0x1402ae780
KeGetCurrentNodeNumber	1251	0x14028b660
KeGetCurrentProcessorNumberEx	1252	0x1402af800
KeGetCurrentThread	1253	0x140283a90
KeGetEffectiveIrql	1254	0x14029de00
KeGetNextClockTickDuration	1255	0x14056d730
KeGetProcessorIndexFromNumber	1256	0x1403082d0
KeGetProcessorNumberFromIndex	1257	0x140276270
KeGetRecommendedSharedDataAlignment	1258	0x1402ae190
KeGetXSaveFeatureFlags	1259	0x140382b30
KeHwPolicyLocateResource	1260	0x140b61b40
KeInitializeAffinityEx	1261	0x1404549a0
KeInitializeAffinityEx2	1262	0x140307fb0
KeInitializeApc	1263	0x1402090b0
KeInitializeCrashDumpHeader	1264	0x140551f00
KeInitializeDeviceQueue	1265	0x1402efae0
KeInitializeDpc	1266	0x140306640
KeInitializeEnumerationContext	1267	0x140307d40
KeInitializeEnumerationContextFromAffinity	1268	0x14056f710
KeInitializeEnumerationContextFromGroup	1269	0x140455000
KeInitializeEvent	1270	0x14027b4e0
KeInitializeGuardedMutex	1271	0x1402a1da0
KeInitializeInterrupt	1272	0x14037ee70
KeInitializeMutant	1273	0x1403cfdd0
KeInitializeMutex	1274	0x1402d0490
KeInitializeQueue	1275	0x1402df590
KeInitializeSecondaryInterruptServices	1276	0x1408389a0
KeInitializeSemaphore	1277	0x14027bda0
KeInitializeSpinLock	1278	0x1402c3bb0
KeInitializeThreadedDpc	1279	0x140370b70
KeInitializeTimer	1280	0x140209010
KeInitializeTimer2	1281	0x1402a1430
KeInitializeTimerEx	1282	0x140209040
KeInitializeTriageDumpDataArray	1283	0x1403a2380
KeInsertByKeyDeviceQueue	1284	0x140455060
KeInsertDeviceQueue	1285	0x140571090
KeInsertHeadQueue	1286	0x140571690
KeInsertQueue	1287	0x1402e95e0
KeInsertQueueApc	1288	0x140235ad0
KeInsertQueueDpc	1289	0x140330cf0
KeInterlockedClearProcessorAffinityEx	1290	0x1402d09b0
KeInterlockedSetProcessorAffinityEx	1291	0x1402d3db0
KeInvalidateAllCaches	1292	0x1402f8110
KeInvalidateRangeAllCaches	1293	0x140455120
KeInvalidateRangeAllCachesNoIpi	1294	0x140230e90
KeIpiGenericCall	1295	0x140385300
KeIsAttachedProcess	1296	0x140305cb0
KeIsEmptyAffinityEx	1297	0x140306200
KeIsEqualAffinityEx	1298	0x140306440
KeIsExecutingDpc	1299	0x1402cc670
KeIsSingleGroupAffinityEx	1300	0x1402f1c40
KeIsSubsetAffinityEx	1301	0x1402d65c0
KeIsWaitListEmpty	1302	0x1409730b0
KeLastBranchMSR	1303	0x140d1e204
KeLeaveCriticalRegion	1304	0x140327cb0
KeLeaveGuardedRegion	1305	0x140203720
KeLoadMTRR	1306	0x140a8fa40
KeLoaderBlock	1307	0x140d23e48
KeLowerIrql	1308	0x1403234d0
KeNotifyProcessorFreezeSupported	1309	0x1402f8890
KeNumberProcessors	1310	0x140d1dbca
KeOrAffinityEx	1311	0x14056d250
KeOrAffinityEx2	1312	0x14056d270
KePrepareToDispatchVirtualProcessor	1313	0x140455260
KeProcessorGroupAffinity	1314	0x140306a50
KeProfileInterruptWithSource	1315	0x140571e10
KePulseEvent	1316	0x1402cf0a0
KeQueryActiveGroupCount	1317	0x140272fa0
KeQueryActiveProcessorAffinity	1318	0x14056e5c0
KeQueryActiveProcessorAffinity2	1319	0x14038da90
KeQueryActiveProcessorCount	1320	0x1403b0070
KeQueryActiveProcessorCountEx	1321	0x140307520
KeQueryActiveProcessors	1322	0x140454b70
KeQueryAuxiliaryCounterFrequency	1323	0x140569da0
KeQueryDpcWatchdogInformation	1324	0x1402ae650
KeQueryEffectivePriorityThread	1325	0x1403a8c20
KeQueryGroupAffinity	1326	0x1402948d0
KeQueryGroupAffinityEx	1327	0x1403b0140
KeQueryHardwareCounterConfiguration	1328	0x140975660
KeQueryHeteroCpuPolicyThread	1329	0x14056cc20
KeQueryHighestNodeNumber	1330	0x1402fbc20
KeQueryInterruptPartitionCount	1331	0x14029ebc0
KeQueryInterruptPartitionInformation	1332	0x14029eb50
KeQueryInterruptTimePrecise	1333	0x140225cd0
KeQueryLogicalProcessorRelationship	1334	0x1402fcf30
KeQueryMaximumGroupCount	1335	0x140305090
KeQueryMaximumProcessorCount	1336	0x14056e610
KeQueryMaximumProcessorCountEx	1337	0x1402ff8f0
KeQueryNodeActiveAffinity	1338	0x1402fbff0
KeQueryNodeActiveAffinity2	1339	0x1402f6110
KeQueryNodeActiveProcessorCount	1340	0x1403ad9c0
KeQueryNodeMaximumProcessorCount	1341	0x1403ad060
KeQueryPerformanceCounter	1342	0x140224c60
KeQueryPrcbAddress	1343	0x140569dc0
KeQueryPriorityThread	1344	0x14026b310
KeQueryRuntimeThread	1345	0x1402f92f0
KeQuerySystemCpuPartitionAffinity	1346	0x1403a7e40
KeQuerySystemTimePrecise	1347	0x140304fa0
KeQueryTimeIncrement	1348	0x1402c4630
KeQueryTotalCycleTimeThread	1349	0x140294360
KeQueryTypeEvent	1350	0x14056f6a0
KeQueryUnbiasedInterruptTime	1351	0x14028f910
KeQueryUnbiasedInterruptTimePrecise	1352	0x140297830
KeRaiseIrqlToDpcLevel	1353	0x1402ae6e0
KeRaiseUserException	1354	0x14056ecb0
KeReadStateEvent	1355	0x1402c31c0
KeReadStateMutant	1356	0x1402c31c0
KeReadStateMutex	1357	0x1402c31c0
KeReadStateQueue	1358	0x1402c31c0
KeReadStateSemaphore	1359	0x1402c31c0
KeReadStateTimer	1360	0x140454b80
KeReenterRetpolinedCode	1361	0x1404087e0
KeRegisterBoundCallback	1362	0x14056a030
KeRegisterBugCheckCallback	1363	0x1403a8740
KeRegisterBugCheckReasonCallback	1364	0x1402e0800
KeRegisterNmiCallback	1365	0x14056a0a0
KeRegisterProcessorChangeCallback	1366	0x14080c200
KeReinitializeAffinityEx	1367	0x140306240
KeReleaseGuardedMutex	1368	0x1403013a0
KeReleaseGuardedMutexUnsafe	1369	0x140454800
KeReleaseInStackQueuedSpinLock	1370	0x140321bf0
KeReleaseInStackQueuedSpinLockForDpc	1371	0x14056f4b0
KeReleaseInStackQueuedSpinLockFromDpcLevel	1372	0x140299c00
KeReleaseInterruptSpinLock	1373	0x1402d0370
KeReleaseMutant	1374	0x14030f4d0
KeReleaseMutex	1375	0x14030f4b0
KeReleaseQueuedSpinLock	1376	0x140271080
KeReleaseSemaphore	1377	0x14029fde0
KeReleaseSpinLock	1378	0x140323490
KeReleaseSpinLockForDpc	1379	0x14056f550
KeReleaseSpinLockFromDpcLevel	1380	0x1402b9290
KeRemoveByKeyDeviceQueue	1381	0x140571120
KeRemoveByKeyDeviceQueueIfBusy	1382	0x140571200
KeRemoveDeviceQueue	1383	0x1405712d0
KeRemoveEntryDeviceQueue	1384	0x140571370
KeRemoveGroupAffinityEx	1385	0x14056d2a0
KeRemoveProcessorAffinityEx	1386	0x140307ff0
KeRemoveProcessorGroupAffinity	1387	0x1402fdc00
KeRemoveQueue	1388	0x1402e0f10
KeRemoveQueueApc	1389	0x1402edad0
KeRemoveQueueDpc	1390	0x1402adab0
KeRemoveQueueDpcEx	1391	0x1402adad0
KeRemoveQueueEx	1392	0x14030df80
KeRemoveSystemServiceTable	1393	0x140974570
KeReportCacheIncoherentDevice	1394	0x14056ffb0
KeResetEvent	1395	0x140313af0
KeRestoreExtendedProcessorState	1396	0x140267730
KeRestoreFloatingPointState	1397	0x140261580
KeRevertToUserAffinityThread	1398	0x14056cd90
KeRevertToUserAffinityThreadEx	1399	0x140454940
KeRevertToUserGroupAffinityThread	1400	0x1402fcd80
KeRundownQueue	1401	0x1402d1220
KeSaveExtendedProcessorState	1402	0x1402674b0
KeSaveFloatingPointState	1403	0x140261580
KeSaveStateForHibernate	1404	0x1404136b0
KeSetActualBasePriorityThread	1405	0x1402764f0
KeSetAffinityThread	1406	0x14056ce10
KeSetBasePriorityThread	1407	0x140276da0
KeSetCoalescableTimer	1408	0x14022de70
KeSetDmaIoCoherency	1409	0x1402f8890
KeSetEvent	1410	0x140321620
KeSetEventBoostPriority	1411	0x14056f6b0
KeSetHardwareCounterConfiguration	1412	0x140975720
KeSetHeteroCpuPolicyThread	1413	0x14056ce30
KeSetIdealProcessorThread	1414	0x1403c7940
KeSetImportanceDpc	1415	0x1402f8930
KeSetKernelStackSwapEnable	1416	0x14027bd10
KeSetLastBranchRecordInUse	1417	0x140974600
KeSetPriorityThread	1418	0x14032ec30
KeSetProfileIrql	1419	0x140b96aa0
KeSetSelectedCpuSetsThread	1420	0x140573ab0
KeSetSystemAffinityThread	1421	0x14056ce40
KeSetSystemAffinityThreadEx	1422	0x14056ce60
KeSetSystemGroupAffinityThread	1423	0x1402fdce0
KeSetTargetProcessorDpc	1424	0x1405701e0
KeSetTargetProcessorDpcEx	1425	0x1402f6260
KeSetTimer	1426	0x14022de10
KeSetTimer2	1427	0x14024d070
KeSetTimerEx	1428	0x14022cce0
KeShouldYieldProcessor	1429	0x1402bcdc0
KeSignalCallDpcDone	1430	0x1403bf840
KeSignalCallDpcSynchronize	1431	0x140570250
KeSizeOfAffinityEx	1432	0x14056f730
KeStackAttachProcess	1433	0x1402db650
KeStallExecutionProcessor	1434	0x140224a20
KeStallWhileFrozen	1435	0x140574ad0
KeStartDynamicProcessor	1436	0x140974ee0
KeSubtractAffinityEx	1437	0x1404549d0
KeSubtractAffinityEx2	1438	0x14056d2c0
KeSweepLocalCaches	1439	0x14036d890
KeSynchronizeExecution	1440	0x140413dc0
KeSynchronizeTimeToQpc	1441	0x140568610
KeSystemFullyCacheCoherent	1442	0x14056ffd0
KeTestAlertThread	1443	0x140275410
KeTestSpinLock	1444	0x1402a3c90
KeTryToAcquireGuardedMutex	1445	0x1402cc540
KeTryToAcquireQueuedSpinLock	1446	0x14056f150
KeTryToAcquireQueuedSpinLockRaiseToSynch	1447	0x14056f260
KeTryToAcquireSpinLockAtDpcLevel	1448	0x1403c5c30
KeUnstackDetachProcess	1449	0x1402dc990
KeUpdateThreadTag	1450	0x1402f0760
KeUserModeCallback	1451	0x1407addc0
KeWaitForMultipleObjects	1452	0x140312f70
KeWaitForMutexObject	1453	0x140313db0
KeWaitForSingleObject	1454	0x140313db0
KeWriteProtectPAT	1455	0x140aa0c40
KfRaiseIrql	1456	0x1402ae750
KiBugCheckData	1457	0x140c42300
KiCheckForKernelApcDelivery	1458	0x140203760
KitLogFeatureUsage	1459	0x14060cf10
KseQueryDeviceData	1460	0x140809980
KseQueryDeviceDataList	1461	0x140976f60
KseQueryDeviceFlags	1462	0x140809770
KseRegisterShim	1463	0x140809150
KseRegisterShimEx	1464	0x140809170
KseSetDeviceFlags	1465	0x140977190
KseUnregisterShim	1466	0x140977700
LdrAccessResource	1467	0x14080c4a0
LdrEnumResources	1468	0x1409b9bd0
LdrFindResourceDirectory_U	1469	0x1409b9ea0
LdrFindResourceEx_U	1470	0x1409b9ec0
LdrFindResource_U	1471	0x14080c4c0
LdrResFindResource	1472	0x1407978e0
LdrResFindResourceDirectory	1473	0x1407a3eb0
LdrResSearchResource	1474	0x1406f1b70
LpcPortObjectType	1475	0x140d1c2a8
LpcReplyWaitReplyPort	1476	0x1407efc50
LpcRequestPort	1477	0x1407add50
LpcRequestWaitReplyPort	1478	0x140897dd0
LpcRequestWaitReplyPortEx	1479	0x140978860
LpcSendWaitReceivePort	1480	0x14079f820
LsaCallAuthenticationPackage	1481	0x1409c9810
LsaDeregisterLogonProcess	1482	0x1409c98c0
LsaFreeReturnBuffer	1483	0x140877910
LsaLogonUser	1484	0x1409c9920
LsaLookupAuthenticationPackage	1485	0x140857320
LsaRegisterLogonProcess	1486	0x1408572a0
Mm64BitPhysicalAddress	1487	0x140d1dc32
MmAddPhysicalMemory	1488	0x140a2e320
MmAddVerifierSpecialThunks	1489	0x140a2e600
MmAddVerifierThunks	1490	0x140a2e710
MmAdjustWorkingSetSize	1491	0x14061a800
MmAdvanceMdl	1492	0x14061b450
MmAllocateContiguousMemory	1493	0x14061c430
MmAllocateContiguousMemoryEx	1494	0x140392e60
MmAllocateContiguousMemorySpecifyCache	1495	0x14061c4a0
MmAllocateContiguousMemorySpecifyCacheNode	1496	0x14061c4d0
MmAllocateContiguousNodeMemory	1497	0x1403b33a0
MmAllocateMappingAddress	1498	0x14085e470
MmAllocateMappingAddressEx	1499	0x14085e490
MmAllocateMdlForIoSpace	1500	0x14061ce90
MmAllocateMemoryRanges	1501	0x140a2f4b0
MmAllocateNodePagesForMdlEx	1502	0x1403bcba0
MmAllocateNonCachedMemory	1503	0x140a2eae0
MmAllocatePagesForMdl	1504	0x1403a43c0
MmAllocatePagesForMdlEx	1505	0x1402898b0
MmAllocatePartitionNodePagesForMdlEx	1506	0x140289910
MmAreMdlPagesCached	1507	0x1403d0800
MmBadPointer	1508	0x140d1db68
MmBuildMdlForNonPagedPool	1509	0x140267070
MmCanFileBeTruncated	1510	0x1402d8020
MmChangeImageProtection	1511	0x1407e1a20
MmCommitSessionMappedView	1512	0x140780150
MmConfigureGraphicsPtes	1513	0x1407efc50
MmCopyMemory	1514	0x14025c9a0
MmCopyVirtualMemory	1515	0x1407d8b30
MmCreateMdl	1516	0x1402e27e0
MmCreateMirror	1517	0x140a30330
MmCreateSection	1518	0x1406e1580
MmDisableModifiedWriteOfSection	1519	0x14025c5a0
MmDoesFileHaveUserWritableReferences	1520	0x140215fa0
MmFlushImageSection	1521	0x1402dbaf0
MmForceSectionClosed	1522	0x1402eaa60
MmForceSectionClosedEx	1523	0x1406246e0
MmFreeContiguousMemory	1524	0x1403bc1a0
MmFreeContiguousMemorySpecifyCache	1525	0x1403b03b0
MmFreeMappingAddress	1526	0x14085f780
MmFreeMemoryRanges	1527	0x140a2f6b0
MmFreeNonCachedMemory	1528	0x140a2ecd0
MmFreePagesFromMdl	1529	0x1402af3b0
MmFreePagesFromMdlEx	1530	0x1403b0110
MmGetCacheAttribute	1531	0x14061cfc0
MmGetCacheAttributeEx	1532	0x14061cfe0
MmGetMaximumFileSectionSize	1533	0x140877a10
MmGetPageBadStatus	1534	0x140629810
MmGetPhysicalAddress	1535	0x140280bc0
MmGetPhysicalMemoryRanges	1536	0x140826c90
MmGetPhysicalMemoryRangesEx	1537	0x140826c70
MmGetPhysicalMemoryRangesEx2	1538	0x140826cb0
MmGetSectionInformation	1539	0x1407e36f0
MmGetSystemRoutineAddress	1540	0x1406edfc0
MmGetVirtualForPhysical	1541	0x1403af960
MmGrowKernelStack	1542	0x14062ba30
MmHighestUserAddress	1543	0x1400236c0
MmIsAddressValid	1544	0x1403a8c00
MmIsDriverSuspectForVerifier	1545	0x140ac3060
MmIsDriverVerifying	1546	0x1402fa190
MmIsDriverVerifyingByAddress	1547	0x1407e1f60
MmIsFileSectionActive	1548	0x1403be4f0
MmIsIoSpaceActive	1549	0x14062ce40
MmIsNonPagedSystemAddressValid	1550	0x140460670
MmIsRecursiveIoFault	1551	0x14062d390
MmIsThisAnNtAsSystem	1552	0x1402a64d0
MmIsVerifierEnabled	1553	0x140abe2c0
MmLoadSystemImage	1554	0x1407468e0
MmLockPagableDataSection	1555	0x1407e35c0
MmLockPagableImageSection	1556	0x1407e35c0
MmLockPagableSectionByHandle	1557	0x1407d69b0
MmLockPreChargedPagedPool	1558	0x140a31b40
MmMapIoSpace	1559	0x1402c1320
MmMapIoSpaceEx	1560	0x1402c1780
MmMapLockedPages	1561	0x14061cc20
MmMapLockedPagesSpecifyCache	1562	0x1403545c0
MmMapLockedPagesWithReservedMapping	1563	0x1403a1330
MmMapMdl	1564	0x14062d420
MmMapMemoryDumpMdl	1565	0x14062e9c0
MmMapMemoryDumpMdlEx	1566	0x14062ea00
MmMapUserAddressesToPage	1567	0x140a89930
MmMapVideoDisplay	1568	0x1402c1320
MmMapViewInSessionSpace	1569	0x140798c30
MmMapViewInSessionSpaceEx	1570	0x14079abe0
MmMapViewInSystemSpace	1571	0x140798c30
MmMapViewInSystemSpaceEx	1572	0x14079abe0
MmMapViewOfSection	1573	0x1406df4c0
MmMarkPhysicalMemoryAsBad	1574	0x140629930
MmMarkPhysicalMemoryAsGood	1575	0x14062a8d0
MmMdlPageContentsState	1576	0x1402c99d0
MmMdlPagesAreZero	1577	0x1403cd5a0
MmObtainChargesToLockPagedPool	1578	0x140852a00
MmPageEntireDriver	1579	0x1407ac100
MmPrefetchPages	1580	0x1406f6860
MmPrefetchVirtualAddresses	1581	0x14067dff0
MmProbeAndLockPages	1582	0x14031d7a0
MmProbeAndLockProcessPages	1583	0x1406f70e0
MmProbeAndLockSelectedPages	1584	0x1403ce000
MmProtectDriverSection	1585	0x1402f8d10
MmProtectMdlSystemAddress	1586	0x14061d110
MmQueryMemoryRanges	1587	0x14084f740
MmQuerySystemSize	1588	0x1403b0160
MmRemovePhysicalMemory	1589	0x140a2e3e0
MmResetDriverPaging	1590	0x1407ab8f0
MmReturnChargesToLockPagedPool	1591	0x140a31b90
MmRotatePhysicalView	1592	0x140a32dc0
MmSectionObjectType	1593	0x140d1db28
MmSecureVirtualMemory	1594	0x140777870
MmSecureVirtualMemoryEx	1595	0x1407778a0
MmSetAddressRangeModified	1596	0x1402eea30
MmSetBankedSection	1597	0x14036d200
MmSetGraphicsPtes	1598	0x140a2fce0
MmSetPermanentCacheAttribute	1599	0x140a31980
MmSizeOfMdl	1600	0x1402c6930
MmSystemRangeStart	1601	0x1400236c8
MmTrimAllSystemPagableMemory	1602	0x140633a00
MmUnloadSystemImage	1603	0x1407a3580
MmUnlockPagableImageSection	1604	0x140331c50
MmUnlockPages	1605	0x140233fa0
MmUnlockPreChargedPagedPool	1606	0x140a31c20
MmUnmapIoSpace	1607	0x1402c1aa0
MmUnmapLockedPages	1608	0x140234b90
MmUnmapReservedMapping	1609	0x14061cc50
MmUnmapVideoDisplay	1610	0x1402c1aa0
MmUnmapViewInSessionSpace	1611	0x14079a6f0
MmUnmapViewInSystemSpace	1612	0x14079a6f0
MmUnmapViewOfSection	1613	0x140791ff0
MmUnsecureVirtualMemory	1614	0x1407e19b0
MmUserProbeAddress	1615	0x1400236b8
NlsAnsiCodePage	1616	0x140d510c4
NlsLeadByteInfo	1617	0x140d512e8
NlsMbCodePageTag	1618	0x140d51037
NlsMbOemCodePageTag	1619	0x140d51000
NlsOemCodePage	1620	0x140d510c0
NlsOemLeadByteInfo	1621	0x140d51090
NtAddAtom	1622	0x140a01d30
NtAdjustPrivilegesToken	1623	0x1406df7d0
NtAllocateLocallyUniqueId	1624	0x140766a60
NtAllocateUuids	1625	0x14067e4f0
NtAllocateVirtualMemory	1626	0x140766ba0
NtBuildGUID	1627	0x14003b608
NtBuildLab	1628	0x140c643a0
NtBuildNumber	1629	0x140c0ca40
NtClose	1630	0x1407c9270
NtCommitComplete	1631	0x1403d0bb0
NtCommitEnlistment	1632	0x1403d0bd0
NtCommitTransaction	1633	0x1403d0bf0
NtCompareSigningLevels	1634	0x1407a1430
NtConnectPort	1635	0x14077f7b0
NtCopyFileChunk	1636	0x1407524f0
NtCreateCrossVmEvent	1637	0x1409fbf30
NtCreateEnlistment	1638	0x1403d0c10
NtCreateEvent	1639	0x1406f5370
NtCreateFile	1640	0x1407bd970
NtCreateResourceManager	1641	0x1403d0c30
NtCreateSection	1642	0x140680380
NtCreateTransaction	1643	0x1403d0c50
NtCreateTransactionManager	1644	0x1403d0c70
NtDeleteAtom	1645	0x140789f20
NtDeleteFile	1646	0x140866340
NtDeviceIoControlFile	1647	0x1407ca840
NtDuplicateObject	1648	0x1406822c0
NtDuplicateToken	1649	0x1406a3b00
NtEnumerateTransactionObject	1650	0x1403d0c90
NtFindAtom	1651	0x1406f2800
NtFreeVirtualMemory	1652	0x1407dba60
NtFreezeTransactions	1653	0x1403d0cb0
NtFsControlFile	1654	0x140778130
NtGetEnvironmentVariableEx	1655	0x1408547e0
NtGetNotificationResourceManager	1656	0x1403d0cd0
NtGlobalFlag	1657	0x140c64380
NtImageInfo	1658	0x140a7a888
NtLockFile	1659	0x140698ab0
NtMakePermanentObject	1660	0x14097b2f0
NtMapViewOfSection	1661	0x1407ddaa0
NtNotifyChangeDirectoryFile	1662	0x1407866e0
NtNotifyChangeDirectoryFileEx	1663	0x140786740
NtOpenEnlistment	1664	0x1403d0cf0
NtOpenFile	1665	0x140755860
NtOpenProcess	1666	0x1407b1870
NtOpenProcessToken	1667	0x140781050
NtOpenProcessTokenEx	1668	0x1407c7d80
NtOpenResourceManager	1669	0x1403d0d10
NtOpenThread	1670	0x140751cc0
NtOpenThreadToken	1671	0x1406aea70
NtOpenThreadTokenEx	1672	0x1406aea90
NtOpenTransaction	1673	0x1403d0d30
NtOpenTransactionManager	1674	0x1403d0d50
NtPrePrepareComplete	1675	0x1403d0d70
NtPrePrepareEnlistment	1676	0x1403d0d90
NtPrepareComplete	1677	0x1403d0db0
NtPrepareEnlistment	1678	0x1403d0dd0
NtPropagationComplete	1679	0x1403d0df0
NtPropagationFailed	1680	0x1403d0e10
NtQueryDirectoryFile	1681	0x14069a4a0
NtQueryDirectoryFileEx	1682	0x140698e00
NtQueryEaFile	1683	0x14074de80
NtQueryEnvironmentVariableInfoEx	1684	0x1409ffbb0
NtQueryInformationAtom	1685	0x140795bb0
NtQueryInformationByName	1686	0x14077b5a0
NtQueryInformationEnlistment	1687	0x1403d0e30
NtQueryInformationFile	1688	0x1406acf00
NtQueryInformationProcess	1689	0x1407e5760
NtQueryInformationResourceManager	1690	0x1403d0e50
NtQueryInformationThread	1691	0x14070c570
NtQueryInformationToken	1692	0x1407b6480
NtQueryInformationTransaction	1693	0x1403d0e70
NtQueryInformationTransactionManager	1694	0x1403d0e90
NtQueryQuotaInformationFile	1695	0x14094ba50
NtQuerySecurityAttributesToken	1696	0x1407b3c40
NtQuerySecurityObject	1697	0x140766db0
NtQuerySystemInformation	1698	0x1407b4150
NtQuerySystemInformationEx	1699	0x14077d800
NtQueryVolumeInformationFile	1700	0x1407507a0
NtReadFile	1701	0x140755970
NtReadFileScatter	1702	0x1407a14e0
NtReadOnlyEnlistment	1703	0x1403d0eb0
NtRecoverEnlistment	1704	0x1403d0ed0
NtRecoverResourceManager	1705	0x1403d0ef0
NtRecoverTransactionManager	1706	0x1403d0f10
NtRequestPort	1707	0x140786460
NtRequestWaitReplyPort	1708	0x1406e64f0
NtRollbackComplete	1709	0x1403d0f30
NtRollbackEnlistment	1710	0x1403d0f50
NtRollbackTransaction	1711	0x1403d0f70
NtSetCachedSigningLevel	1712	0x1407f1ec0
NtSetEaFile	1713	0x14094b440
NtSetEvent	1714	0x1407677c0
NtSetInformationEnlistment	1715	0x1403d0f90
NtSetInformationFile	1716	0x14035fab0
NtSetInformationProcess	1717	0x140682eb0
NtSetInformationResourceManager	1718	0x1403d0fb0
NtSetInformationThread	1719	0x1406a0db0
NtSetInformationToken	1720	0x140719430
NtSetInformationTransaction	1721	0x1403d0fd0
NtSetInformationVirtualMemory	1722	0x1407696e0
NtSetQuotaInformationFile	1723	0x14094c1b0
NtSetSecurityObject	1724	0x140778930
NtSetVolumeInformationFile	1725	0x1408735a0
NtShutdownSystem	1726	0x140604c00
NtThawTransactions	1727	0x1403d0ff0
NtTraceControl	1728	0x1407b3150
NtTraceEvent	1729	0x14030aea0
NtUnlockFile	1730	0x14076df20
NtVdmControl	1731	0x1407efd00
NtWaitForSingleObject	1732	0x1407c8aa0
NtWriteFile	1733	0x1407022b0
NtWriteFileGather	1734	0x1407a2710
ObAssignSecurity	1735	0x1407793b0
ObCheckCreateObjectAccess	1736	0x14077a480
ObCheckObjectAccess	1737	0x1407120f0
ObCloseHandle	1738	0x14069b400
ObCreateObject	1739	0x140701be0
ObCreateObjectType	1740	0x1408177f0
ObCreateObjectTypeEx	1741	0x140817810
ObDeleteCapturedInsertInfo	1742	0x1406c7c10
ObDereferenceObject	1743	0x1402f4980
ObDereferenceObjectDeferDelete	1744	0x14029dd30
ObDereferenceObjectDeferDeleteWithTag	1745	0x14027bd40
ObDereferenceSecurityDescriptor	1746	0x1407b92d0
ObDuplicateObject	1747	0x140682480
ObFindHandleForObject	1748	0x1406f8ea0
ObGetFilterVersion	1749	0x14097c8e0
ObGetObjectSecurity	1750	0x1406a3780
ObGetObjectType	1751	0x14078fe00
ObInsertObject	1752	0x14069b100
ObIsDosDeviceLocallyMapped	1753	0x140864480
ObIsKernelHandle	1754	0x1402f9490
ObLogSecurityDescriptor	1755	0x1407b8f60
ObMakeTemporaryObject	1756	0x14075e8d0
ObOpenObjectByName	1757	0x1406cd0d0
ObOpenObjectByNameEx	1758	0x1407cce50
ObOpenObjectByPointer	1759	0x1407c7830
ObOpenObjectByPointerWithTag	1760	0x14097c740
ObQueryNameInfo	1761	0x140789a80
ObQueryNameString	1762	0x1406f38d0
ObQueryObjectAuditingByHandle	1763	0x1407b0100
ObReferenceObjectByHandle	1764	0x1407cbea0
ObReferenceObjectByHandleWithTag	1765	0x1407b8b50
ObReferenceObjectByName	1766	0x1406b1f30
ObReferenceObjectByPointer	1767	0x140286c90
ObReferenceObjectByPointerWithTag	1768	0x1403138a0
ObReferenceObjectSafe	1769	0x1402c33a0
ObReferenceObjectSafeWithTag	1770	0x140225040
ObReferenceSecurityDescriptor	1771	0x140794bb0
ObRegisterCallbacks	1772	0x14084a980
ObReleaseObjectSecurity	1773	0x1406a39b0
ObSetHandleAttributes	1774	0x1407afef0
ObSetSecurityDescriptorInfo	1775	0x1407151c0
ObSetSecurityObjectByPointer	1776	0x1406a3500
ObUnRegisterCallbacks	1777	0x14097c8f0
ObWaitForMultipleObjects	1778	0x1407c8c70
ObWaitForSingleObject	1779	0x1407c8b20
ObfDereferenceObject	1780	0x140319be0
ObfDereferenceObjectWithTag	1781	0x140314810
ObfReferenceObject	1782	0x140319ca0
ObfReferenceObjectWithTag	1783	0x14027bdd0
POGOBuffer	1784	0x140c64258
PcwAddInstance	1785	0x14085f6f0
PcwCloseInstance	1786	0x14070a510
PcwCreateInstance	1787	0x140707280
PcwRegister	1788	0x140865d90
PcwUnregister	1789	0x140a01e10
PfFileInfoNotify	1790	0x1402223c0
PfxFindPrefix	1791	0x1409bb010
PfxInitialize	1792	0x1409bb0f0
PfxInsertPrefix	1793	0x1409bb110
PfxRemovePrefix	1794	0x1409bb230
PoCallDriver	1795	0x1402f8700
PoCancelDeviceNotify	1796	0x14036d200
PoClearPowerRequest	1797	0x1402b36e0
PoCpuIdledSinceLastCallImprecise	1798	0x1402ebc20
PoCreatePowerRequest	1799	0x1403bf480
PoCreateThermalRequest	1800	0x140840fc0
PoDeletePowerRequest	1801	0x140867610
PoDeleteThermalRequest	1802	0x140983270
PoDirectedDripsClearDeviceFlags	1803	0x140585340
PoDirectedDripsSetDeviceFlags	1804	0x1403a5fd0
PoDisableSleepStates	1805	0x140984620
PoEndDeviceBusy	1806	0x1405858f0
PoEnergyEstimationEnabled	1807	0x1402464d0
PoFxActivateComponent	1808	0x140209f30
PoFxAddComponentRelation	1809	0x140585b70
PoFxAddDeviceRelation	1810	0x140585f90
PoFxCompleteDevicePowerNotRequired	1811	0x1402f8c40
PoFxCompleteDirectedPowerDown	1812	0x1405863b0
PoFxCompleteIdleCondition	1813	0x1402e2f00
PoFxCompleteIdleState	1814	0x1402e7230
PoFxEnableDStateReporting	1815	0x140984d80
PoFxIdleComponent	1816	0x14020ac60
PoFxIssueComponentPerfStateChange	1817	0x1405863d0
PoFxIssueComponentPerfStateChangeMultiple	1818	0x140586400
PoFxNotifySurprisePowerOn	1819	0x1405864b0
PoFxPowerControl	1820	0x1402d0260
PoFxPowerOnCrashdumpDevice	1821	0x140586550
PoFxProcessorNotification	1822	0x1403ac9e0
PoFxQueryCurrentComponentPerfState	1823	0x1405865b0
PoFxRegisterComponentPerfStates	1824	0x140984e80
PoFxRegisterCoreDevice	1825	0x140828580
PoFxRegisterCrashdumpDevice	1826	0x140854060
PoFxRegisterDevice	1827	0x140828840
PoFxRegisterDripsWatchdogCallback	1828	0x1403ada50
PoFxRegisterPlugin	1829	0x140984f00
PoFxRegisterPluginEx	1830	0x1403a2a60
PoFxRegisterPrimaryDevice	1831	0x140828450
PoFxRemoveComponentRelation	1832	0x140586610
PoFxRemoveDeviceRelation	1833	0x140586a00
PoFxReportDevicePoweredOn	1834	0x1402b3770
PoFxSetComponentLatency	1835	0x1402e5d10
PoFxSetComponentResidency	1836	0x1403ad410
PoFxSetComponentWake	1837	0x140586d90
PoFxSetDeviceIdleTimeout	1838	0x1402f57a0
PoFxSetTargetDripsDevicePowerState	1839	0x140984f20
PoFxStartDevicePowerManagement	1840	0x140391b60
PoFxUnregisterDevice	1841	0x1409851c0
PoGetProcessorIdleAccounting	1842	0x1405821f0
PoGetSystemWake	1843	0x140581fd0
PoGetThermalRequestSupport	1844	0x140852f10
PoInitiateProcessorWake	1845	0x140582220
PoLatencySensitivityHint	1846	0x1402c92a0
PoNotifyMediaBuffering	1847	0x1403a9190
PoNotifyVSyncChange	1848	0x1402c8710
PoQueryWatchdogTime	1849	0x140298980
PoQueueShutdownWorkItem	1850	0x140987430
PoReenableSleepStates	1851	0x1409846e0
PoRegisterCoalescingCallback	1852	0x1408378f0
PoRegisterDeviceForIdleDetection	1853	0x1402ae400
PoRegisterDeviceNotify	1854	0x14036d200
PoRegisterPowerSettingCallback	1855	0x140761cc0
PoRegisterSystemState	1856	0x14058c1a0
PoRequestPowerIrp	1857	0x1402b4af0
PoRequestShutdownEvent	1858	0x14081e3b0
PoSetDeviceBusyEx	1859	0x140457820
PoSetFixedWakeSource	1860	0x140aa1d30
PoSetHiberRange	1861	0x14058cda0
PoSetPowerButtonHoldState	1862	0x140585640
PoSetPowerRequest	1863	0x1402b5fc0
PoSetPowerState	1864	0x1402f0150
PoSetSystemState	1865	0x14058c270
PoSetSystemWake	1866	0x140582000
PoSetSystemWakeDevice	1867	0x140582030
PoSetThermalActiveCooling	1868	0x1409832b0
PoSetThermalPassiveCooling	1869	0x140983360
PoSetUserPresent	1870	0x14058c2c0
PoShutdownBugCheck	1871	0x140989c20
PoStartDeviceBusy	1872	0x140585900
PoStartNextPowerIrp	1873	0x1402f8890
PoUnregisterCoalescingCallback	1874	0x1409874b0
PoUnregisterPowerSettingCallback	1875	0x1409876e0
PoUnregisterSystemState	1876	0x14058c360
PoUserShutdownCancelled	1877	0x14067f990
PoUserShutdownInitiated	1878	0x14067f960
ProbeForRead	1879	0x140776920
ProbeForWrite	1880	0x1407b4020
PsAcquireProcessExitSynchronization	1881	0x140682e60
PsAcquireSiloHardReference	1882	0x1402f1030
PsAllocSiloContextSlot	1883	0x140817490
PsAllocateAffinityToken	1884	0x1402f8e30
PsAssignImpersonationToken	1885	0x140870e40
PsAssignProcessToJobObject	1886	0x140720e00
PsAttachSiloToCurrentThread	1887	0x1402b0210
PsChargePoolQuota	1888	0x1402843c0
PsChargeProcessNonPagedPoolQuota	1889	0x140246490
PsChargeProcessPagedPoolQuota	1890	0x14076c400
PsChargeProcessPoolQuota	1891	0x140284690
PsChargeProcessWakeCounter	1892	0x14079c820
PsCheckProcessFileSigningLevel	1893	0x1409b0ec0
PsCreateSiloContext	1894	0x14075c5c0
PsCreateSystemThread	1895	0x14069bf60
PsCreateSystemThreadEx	1896	0x14069b960
PsDereferenceImpersonationToken	1897	0x140777de0
PsDereferenceKernelStack	1898	0x1407a4370
PsDereferencePrimaryToken	1899	0x1407cf2b0
PsDereferenceSiloContext	1900	0x1402f4980
PsDetachSiloFromCurrentThread	1901	0x1402b0230
PsDisableImpersonation	1902	0x1406af030
PsEnterPriorityRegion	1903	0x1402c9a20
PsEstablishWin32Callouts	1904	0x1408376d0
PsFreeAffinityToken	1905	0x1402f9450
PsFreeSiloContextSlot	1906	0x1409acc40
PsGetContextThread	1907	0x140898ad0
PsGetCurrentProcess	1908	0x140283a70
PsGetCurrentProcessId	1909	0x14027b510
PsGetCurrentProcessSessionId	1910	0x14029f9e0
PsGetCurrentProcessWin32Process	1911	0x1402c6550
PsGetCurrentProcessWow64Process	1912	0x1402d1b30
PsGetCurrentServerSilo	1913	0x1402469d0
PsGetCurrentServerSiloName	1914	0x1409accd0
PsGetCurrentSilo	1915	0x14030f9d0
PsGetCurrentThread	1916	0x140283a90
PsGetCurrentThreadId	1917	0x1402c9790
PsGetCurrentThreadPreviousMode	1918	0x1402dd6e0
PsGetCurrentThreadProcess	1919	0x1402e3920
PsGetCurrentThreadProcessId	1920	0x14027b510
PsGetCurrentThreadStackBase	1921	0x1405a1ff0
PsGetCurrentThreadStackLimit	1922	0x1405a2010
PsGetCurrentThreadTeb	1923	0x140300730
PsGetCurrentThreadWin32Thread	1924	0x1402c3810
PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion	1925	0x1402c31f0
PsGetEffectiveContainerId	1926	0x1402cad90
PsGetEffectiveServerSilo	1927	0x14029b360
PsGetHostSilo	1928	0x140261580
PsGetJobLock	1929	0x1405a2040
PsGetJobProperty	1930	0x1402bbb90
PsGetJobServerSilo	1931	0x14029d360
PsGetJobSessionId	1932	0x1402f91d0
PsGetJobSilo	1933	0x1402ad570
PsGetJobUIRestrictionsClass	1934	0x1402f86f0
PsGetParentSilo	1935	0x14067f660
PsGetPermanentSiloContext	1936	0x1402ad5d0
PsGetProcessCommonJob	1937	0x1405a2050
PsGetProcessCreateTimeQuadPart	1938	0x1402d1ab0
PsGetProcessDebugPort	1939	0x1402f5a50
PsGetProcessDxgProcess	1940	0x14077de00
PsGetProcessExitProcessCalled	1941	0x1402f1140
PsGetProcessExitStatus	1942	0x14067f9f0
PsGetProcessExitTime	1943	0x140797710
PsGetProcessId	1944	0x1402930b0
PsGetProcessImageFileName	1945	0x1402dbc80
PsGetProcessInheritedFromUniqueProcessId	1946	0x14030f9c0
PsGetProcessJob	1947	0x1402ec690
PsGetProcessMachine	1948	0x140702220
PsGetProcessPeb	1949	0x1402e4610
PsGetProcessPriorityClass	1950	0x1405a2090
PsGetProcessProtection	1951	0x1402f4f00
PsGetProcessSectionBaseAddress	1952	0x14028ddb0
PsGetProcessSecurityPort	1953	0x14085eff0
PsGetProcessSequenceNumber	1954	0x1402f0700
PsGetProcessServerSilo	1955	0x14036c590
PsGetProcessSessionId	1956	0x140287cd0
PsGetProcessSessionIdEx	1957	0x14029cee0
PsGetProcessSignatureLevel	1958	0x1403cfd80
PsGetProcessSilo	1959	0x1405a20a0
PsGetProcessStartKey	1960	0x1402dbbe0
PsGetProcessWin32Process	1961	0x1402e57a0
PsGetProcessWin32WindowStation	1962	0x1402eea10
PsGetProcessWow64Process	1963	0x1402c31d0
PsGetServerSiloServiceSessionId	1964	0x140285ad0
PsGetSiloContainerId	1965	0x1409acd00
PsGetSiloContext	1966	0x1402ee1e0
PsGetSiloIdentifier	1967	0x140857af0
PsGetSiloMonitorContextSlot	1968	0x140867780
PsGetThreadCreateTime	1969	0x1405a20c0
PsGetThreadExitStatus	1970	0x14070cff0
PsGetThreadFreezeCount	1971	0x1402f8bd0
PsGetThreadHardErrorsAreDisabled	1972	0x1403c0460
PsGetThreadId	1973	0x1402d2640
PsGetThreadProcess	1974	0x1402469c0
PsGetThreadProcessId	1975	0x1402ed120
PsGetThreadProperty	1976	0x1402bb960
PsGetThreadServerSilo	1977	0x14036c5a0
PsGetThreadSessionId	1978	0x1407e0900
PsGetThreadTeb	1979	0x1402945c0
PsGetThreadWin32Thread	1980	0x1402cc600
PsGetVersion	1981	0x1402f3ad0
PsGetWin32KFilterSet	1982	0x1402db5a0
PsImpersonateClient	1983	0x1406a2230
PsInitialSystemProcess	1984	0x140d1da20
PsInsertPermanentSiloContext	1985	0x140856e40
PsInsertSiloContext	1986	0x14075c2c0
PsIsComponentEnabled	1987	0x1402f5890
PsIsCurrentThreadInServerSilo	1988	0x140285fd0
PsIsCurrentThreadPrefetching	1989	0x1402d3130
PsIsDiskCountersEnabled	1990	0x1403a6020
PsIsHostSilo	1991	0x14027b570
PsIsProcessBeingDebugged	1992	0x140898a90
PsIsProcessCommitRelinquished	1993	0x1409ae8b0
PsIsProcessInAppSilo	1994	0x1409acd20
PsIsProtectedProcess	1995	0x14028dd50
PsIsProtectedProcessLight	1996	0x140292f80
PsIsSystemProcess	1997	0x14035f660
PsIsSystemThread	1998	0x1402dfdf0
PsIsThreadImpersonating	1999	0x140871630
PsIsThreadTerminating	2000	0x140278200
PsIsWin32KFilterAuditEnabled	2001	0x1402f23e0
PsIsWin32KFilterAuditEnabledForProcess	2002	0x1402f2410
PsIsWin32KFilterEnabled	2003	0x1402e7a30
PsIsWin32KFilterEnabledForProcess	2004	0x1402e7a60
PsJobType	2005	0x140d1db98
PsLeavePriorityRegion	2006	0x1402c64d0
PsLoadedModuleList	2007	0x140c130c0
PsLoadedModuleResource	2008	0x140c130e0
PsLookupProcessByProcessId	2009	0x1407b18a0
PsLookupProcessThreadByCid	2010	0x1407520c0
PsLookupThreadByThreadId	2011	0x1406879b0
PsMakeSiloContextPermanent	2012	0x1409acd50
PsPartitionType	2013	0x140d1ddb8
PsProcessType	2014	0x140d1da18
PsQueryProcessAttributesByToken	2015	0x14068d590
PsQueryProcessCommandLine	2016	0x1402e04e0
PsQueryProcessExceptionFlags	2017	0x1409ae8d0
PsQuerySyscallProviderInformation	2018	0x1409b4bb0
PsQueryTotalCycleTimeProcess	2019	0x14070c4b0
PsReferenceImpersonationToken	2020	0x1406addc0
PsReferenceKernelStack	2021	0x1407a4d80
PsReferencePrimaryToken	2022	0x1407cf290
PsReferenceProcessFilePointer	2023	0x140785cc0
PsReferenceSiloContext	2024	0x1403bf850
PsRegisterAltSystemCallHandler	2025	0x1409b5990
PsRegisterPicoProvider	2026	0x1409b5a80
PsRegisterSiloMonitor	2027	0x1408174b0
PsRegisterSyscallProvider	2028	0x1409b4c10
PsReleaseProcessExitSynchronization	2029	0x140682e90
PsReleaseProcessWakeCounter	2030	0x1406e1390
PsReleaseSiloHardReference	2031	0x1402e0340
PsRemoveCreateThreadNotifyRoutine	2032	0x1409b62c0
PsRemoveLoadImageNotifyRoutine	2033	0x1409b63b0
PsRemoveSiloContext	2034	0x1409acd80
PsReplaceSiloContext	2035	0x1409acdc0
PsRestoreImpersonation	2036	0x1406af170
PsResumeProcess	2037	0x1407a0cf0
PsReturnPoolQuota	2038	0x140284420
PsReturnProcessNonPagedPoolQuota	2039	0x140284a70
PsReturnProcessPagedPoolQuota	2040	0x140284aa0
PsRevertThreadToSelf	2041	0x1409b2330
PsRevertToSelf	2042	0x1409b2360
PsRevertToUserMultipleGroupAffinityThread	2043	0x1405a23e0
PsSetContextThread	2044	0x1409b46a0
PsSetCreateProcessNotifyRoutine	2045	0x1408378a0
PsSetCreateProcessNotifyRoutineEx	2046	0x140837880
PsSetCreateProcessNotifyRoutineEx2	2047	0x1408378c0
PsSetCreateThreadNotifyRoutine	2048	0x140837740
PsSetCreateThreadNotifyRoutineEx	2049	0x1408375c0
PsSetCurrentThreadPrefetching	2050	0x1406f4ea0
PsSetJobProperty	2051	0x1405a21b0
PsSetLegoNotifyRoutine	2052	0x1409b3be0
PsSetLoadImageNotifyRoutine	2053	0x140837720
PsSetLoadImageNotifyRoutineEx	2054	0x140837760
PsSetProcessDxgProcess	2055	0x1407a26d0
PsSetProcessFaultInformation	2056	0x14067f4b0
PsSetProcessPriorityByClass	2057	0x140720340
PsSetProcessPriorityClass	2058	0x1405a2220
PsSetProcessSecurityPort	2059	0x1409aeaf0
PsSetProcessWin32Process	2060	0x14078e1f0
PsSetProcessWindowStation	2061	0x1407a34f0
PsSetSystemMultipleGroupAffinityThread	2062	0x1405a2400
PsSetThreadHardErrorsAreDisabled	2063	0x1403c02b0
PsSetThreadProperty	2064	0x1403bd730
PsSetThreadWin32Thread	2065	0x14078b7e0
PsSiloContextNonPagedType	2066	0x140c37db0
PsSiloContextPagedType	2067	0x140c37db8
PsStartSiloMonitor	2068	0x14083d6d0
PsSuspendProcess	2069	0x1409b6750
PsTerminateServerSilo	2070	0x1409acf50
PsTerminateSystemThread	2071	0x140760f60
PsThreadType	2072	0x140d1da40
PsTlsAlloc	2073	0x14083f520
PsTlsFree	2074	0x1409b6820
PsTlsGetValue	2075	0x140765be0
PsTlsSetValue	2076	0x140779a60
PsUILanguageComitted	2077	0x140d53534
PsUnregisterSiloMonitor	2078	0x1409b46c0
PsUnregisterSyscallProvider	2079	0x1409b4f00
PsUpdateComponentPower	2080	0x1402a3f80
PsUpdateDiskCounters	2081	0x1402d78f0
PsWow64GetProcessMachine	2082	0x14069e6c0
PsWow64IsMachineSupported	2083	0x14077b490
PsWrapApcWow64Thread	2084	0x1405a2ec0
RtlAbsoluteToSelfRelativeSD	2085	0x140715fc0
RtlAddAccessAllowedAce	2086	0x140713750
RtlAddAccessAllowedAceEx	2087	0x140866c20
RtlAddAccessAllowedObjectAce	2088	0x1409bb490
RtlAddAccessDeniedAceEx	2089	0x140805de0
RtlAddAccessDeniedObjectAce	2090	0x1409bb4f0
RtlAddAccessFilterAce	2091	0x1409bb550
RtlAddAce	2092	0x1406a4110
RtlAddAtomToAtomTable	2093	0x14079dd10
RtlAddAtomToAtomTableEx	2094	0x1402891b0
RtlAddAuditAccessAceEx	2095	0x1409bb790
RtlAddAuditAccessObjectAce	2096	0x1409bb7e0
RtlAddMandatoryAce	2097	0x1407117f0
RtlAddProcessTrustLabelAce	2098	0x1406a3380
RtlAddRange	2099	0x1408071a0
RtlAddResourceAttributeAce	2100	0x1409bb870
RtlAllocateHeap	2101	0x1402da1e0
RtlAnsiCharToUnicodeChar	2102	0x1407cf590
RtlAnsiStringToUnicodeSize	2103	0x1406f03d0
RtlAnsiStringToUnicodeString	2104	0x1406f0400
RtlAppendAsciizToString	2105	0x1409b9b60
RtlAppendStringToString	2106	0x140797a90
RtlAppendUnicodeStringToString	2107	0x1402854b0
RtlAppendUnicodeToString	2108	0x140286be0
RtlAreAllAccessesGranted	2109	0x140787500
RtlAreAnyAccessesGranted	2110	0x14079cc80
RtlAreBitsClear	2111	0x14025c4d0
RtlAreBitsClearEx	2112	0x140231b20
RtlAreBitsSet	2113	0x14025c400
RtlAreBitsSetEx	2114	0x140458780
RtlAssert	2115	0x1405a83b0
RtlAvlInsertNodeEx	2116	0x140216780
RtlAvlRemoveNode	2117	0x140218bb0
RtlCapabilityCheck	2118	0x1407154f0
RtlCapabilityCheckForSingleSessionSku	2119	0x1409bc660
RtlCaptureContext	2120	0x14041c7f0
RtlCaptureStackBackTrace	2121	0x1402a3aa0
RtlCharToInteger	2122	0x1408197e0
RtlCheckPortableOperatingSystem	2123	0x1402f3590
RtlCheckRegistryKey	2124	0x14079ee80
RtlCheckSystemBootStatusIntegrity	2125	0x14084e460
RtlCheckTokenCapability	2126	0x140296620
RtlCheckTokenMembership	2127	0x140296c20
RtlCheckTokenMembershipEx	2128	0x1402a21e0
RtlClearAllBits	2129	0x1402a4ce0
RtlClearAllBitsEx	2130	0x1402699f0
RtlClearBit	2131	0x1402de2a0
RtlClearBitEx	2132	0x1402e3020
RtlClearBits	2133	0x140312ac0
RtlClearBitsEx	2134	0x1402150a0
RtlCmDecodeMemIoResource	2135	0x1403757c0
RtlCmEncodeMemIoResource	2136	0x140375850
RtlCompareAltitudes	2137	0x1402dcec0
RtlCompareExchangePointerMapping	2138	0x1405a85e0
RtlCompareExchangePropertyStore	2139	0x1405a87a0
RtlCompareMemory	2140	0x14041d040
RtlCompareMemoryUlong	2141	0x14041d0c0
RtlCompareString	2142	0x14076c520
RtlCompareUnicodeString	2143	0x1407cf2d0
RtlCompareUnicodeStrings	2144	0x14072e5b0
RtlCompressBuffer	2145	0x1402ee950
RtlCompressChunks	2146	0x1409b9640
RtlComputeCrc32	2147	0x1402b8400
RtlConstructCrossVmEventPath	2148	0x1409be280
RtlConstructCrossVmMutexPath	2149	0x1409be280
RtlContractHashTable	2150	0x1402c63f0
RtlConvertHostPerfCounterToPerfCounter	2151	0x1405a5860
RtlConvertSidToUnicodeString	2152	0x1407ed340
RtlCopyBitMap	2153	0x1402a7780
RtlCopyBitMapEx	2154	0x1402cd170
RtlCopyContext	2155	0x14069def0
RtlCopyExtendedContext	2156	0x1405a90b0
RtlCopyLuid	2157	0x140877aa0
RtlCopyLuidAndAttributesArray	2158	0x1409bc6d0
RtlCopyMemory	2159	0x140428640
RtlCopyMemoryNonTemporal	2160	0x14041d0f0
RtlCopyRangeList	2161	0x140807730
RtlCopySid	2162	0x1406e8b60
RtlCopySidAndAttributesArray	2163	0x1406e8aa0
RtlCopyString	2164	0x140458600
RtlCopyUnicodeString	2165	0x14027abf0
RtlCrc32	2166	0x140458e10
RtlCrc64	2167	0x1403b7190
RtlCreateAcl	2168	0x1406a35a0
RtlCreateAtomTable	2169	0x14076b9e0
RtlCreateAtomTableEx	2170	0x1402c69f0
RtlCreateHashTable	2171	0x140295c60
RtlCreateHashTableEx	2172	0x1403c04e0
RtlCreateHeap	2173	0x140793870
RtlCreateRegistryKey	2174	0x140856510
RtlCreateSecurityDescriptor	2175	0x1406a3690
RtlCreateSystemVolumeInformationFolder	2176	0x1409be990
RtlCreateUnicodeString	2177	0x1407ed660
RtlCreateUnicodeStringFromAsciiz	2178	0x140800470
RtlCreateUserThread	2179	0x1409b9410
RtlCultureNameToLCID	2180	0x14081b180
RtlCustomCPToUnicodeN	2181	0x1406f0630
RtlDecompressBuffer	2182	0x140458580
RtlDecompressBufferEx	2183	0x1402a9570
RtlDecompressBufferEx2	2184	0x1402a9070
RtlDecompressChunks	2185	0x1409b97b0
RtlDecompressFragment	2186	0x1409b9a10
RtlDecompressFragmentEx	2187	0x1402f51a0
RtlDelete	2188	0x1402b1500
RtlDeleteAce	2189	0x140710530
RtlDeleteAtomFromAtomTable	2190	0x140789f70
RtlDeleteElementGenericTable	2191	0x1402b1470
RtlDeleteElementGenericTableAvl	2192	0x1402860c0
RtlDeleteElementGenericTableAvlEx	2193	0x1405ac840
RtlDeleteHashTable	2194	0x1403ba650
RtlDeleteNoSplay	2195	0x1402b0770
RtlDeleteOwnersRanges	2196	0x140807dd0
RtlDeleteRange	2197	0x140807d00
RtlDeleteRegistryValue	2198	0x140865d10
RtlDeriveCapabilitySidsFromName	2199	0x1402a2060
RtlDescribeChunk	2200	0x1409b9aa0
RtlDestroyAtomTable	2201	0x140706720
RtlDestroyHeap	2202	0x1407a3730
RtlDowncaseUnicodeChar	2203	0x140898e90
RtlDowncaseUnicodeString	2204	0x14077a700
RtlDrainNonVolatileFlush	2205	0x1405a5f00
RtlDuplicateUnicodeString	2206	0x140770b50
RtlEmptyAtomTable	2207	0x1409bc3c0
RtlEndEnumerationHashTable	2208	0x140295900
RtlEndStrongEnumerationHashTable	2209	0x1402f8890
RtlEndWeakEnumerationHashTable	2210	0x1403d07e0
RtlEnumerateEntryHashTable	2211	0x140295780
RtlEnumerateGenericTable	2212	0x1403aeba0
RtlEnumerateGenericTableAvl	2213	0x1402e67a0
RtlEnumerateGenericTableLikeADirectory	2214	0x140285cf0
RtlEnumerateGenericTableWithoutSplaying	2215	0x1402f1d30
RtlEnumerateGenericTableWithoutSplayingAvl	2216	0x1402e67d0
RtlEqualLuid	2217	0x1409bc700
RtlEqualSid	2218	0x140278590
RtlEqualString	2219	0x1402c7800
RtlEqualUnicodeString	2220	0x1407cf480
RtlEqualWnfChangeStamps	2221	0x1409bf310
RtlEthernetAddressToStringA	2222	0x1405ac9d0
RtlEthernetAddressToStringW	2223	0x1403af340
RtlEthernetStringToAddressA	2224	0x1405aceb0
RtlEthernetStringToAddressW	2225	0x1405ad8d0
RtlExpandHashTable	2226	0x140295a60
RtlExtendCorrelationVector	2227	0x1409bf320
RtlExtractBitMap	2228	0x1405a5fc0
RtlExtractBitMapEx	2229	0x1405a6160
RtlFillMemory	2230	0x1405adab0
RtlFillMemoryNonTemporal	2231	0x14041d230
RtlFillNonVolatileMemory	2232	0x1405adad0
RtlFindAceByType	2233	0x140278e10
RtlFindClearBits	2234	0x14027fea0
RtlFindClearBitsAndSet	2235	0x140280810
RtlFindClearBitsAndSetEx	2236	0x140255030
RtlFindClearBitsEx	2237	0x14035c710
RtlFindClearRuns	2238	0x140295300
RtlFindClosestEncodableLength	2239	0x1405a8530
RtlFindExportedRoutineByName	2240	0x1406ee050
RtlFindFirstRunClear	2241	0x14039c950
RtlFindLastBackwardRunClear	2242	0x140281dd0
RtlFindLeastSignificantBit	2243	0x1402e76a0
RtlFindLongestRunClear	2244	0x1405a6320
RtlFindMessage	2245	0x14076db10
RtlFindMostSignificantBit	2246	0x1402e23e0
RtlFindNextForwardRunClear	2247	0x1402a4bd0
RtlFindNextForwardRunClearCapped	2248	0x1405a65d0
RtlFindNextForwardRunClearEx	2249	0x140458860
RtlFindRange	2250	0x14081c410
RtlFindSetBits	2251	0x140280230
RtlFindSetBitsAndClear	2252	0x1405a67e0
RtlFindSetBitsAndClearEx	2253	0x1402d8130
RtlFindSetBitsEx	2254	0x1403589e0
RtlFindUnicodePrefix	2255	0x140760390
RtlFindUnicodeSubstring	2256	0x1407711c0
RtlFirstFreeAce	2257	0x140711970
RtlFlushNonVolatileMemory	2258	0x1405a5f30
RtlFlushNonVolatileMemoryRanges	2259	0x1405adb80
RtlFormatCurrentUserKeyPath	2260	0x1407ed0d0
RtlFormatMessage	2261	0x1409ba0f0
RtlFreeAnsiString	2262	0x1406edf90
RtlFreeHeap	2263	0x1402da100
RtlFreeNonVolatileToken	2264	0x1405adc10
RtlFreeOemString	2265	0x1408540a0
RtlFreeRangeList	2266	0x140807eb0
RtlFreeUTF8String	2267	0x1406edf90
RtlFreeUnicodeString	2268	0x14069c1a0
RtlGUIDFromString	2269	0x1406d7ab0
RtlGenerate8dot3Name	2270	0x140776350
RtlGenerateClass5Guid	2271	0x140803090
RtlGetAce	2272	0x1402779f0
RtlGetActiveConsoleId	2273	0x1402b8d70
RtlGetAppContainerNamedObjectPath	2274	0x1405a8180
RtlGetAppContainerParent	2275	0x1409bc720
RtlGetAppContainerSidType	2276	0x14071c410
RtlGetCallersAddress	2277	0x1403bb740
RtlGetCompressionWorkSpaceSize	2278	0x1402a9510
RtlGetConsoleSessionForegroundProcessId	2279	0x1409bf850
RtlGetControlSecurityDescriptor	2280	0x140719330
RtlGetCurrentServiceSessionId	2281	0x1402f8940
RtlGetDaclSecurityDescriptor	2282	0x140287c70
RtlGetDefaultCodePage	2283	0x1407a4090
RtlGetElementGenericTable	2284	0x1402e4bf0
RtlGetElementGenericTableAvl	2285	0x1405ac8a0
RtlGetEnabledExtendedAndSupervisorFeatures	2286	0x1405add10
RtlGetEnabledExtendedFeatures	2287	0x1403ade50
RtlGetExtendedContextLength	2288	0x140275760
RtlGetFirstRange	2289	0x14081c2e0
RtlGetGroupSecurityDescriptor	2290	0x1407193f0
RtlGetIntegerAtom	2291	0x1406f2c70
RtlGetLastRange	2292	0x14081c6f0
RtlGetMultiTimePrecise	2293	0x1402ef830
RtlGetNextEntryHashTable	2294	0x1402c3790
RtlGetNextRange	2295	0x14081c640
RtlGetNonVolatileToken	2296	0x1405adc30
RtlGetNtGlobalFlags	2297	0x1409bdce0
RtlGetNtProductType	2298	0x140288bc0
RtlGetNtSystemRoot	2299	0x14076fe70
RtlGetOwnerSecurityDescriptor	2300	0x1407193b0
RtlGetPersistedStateLocation	2301	0x1406dd740
RtlGetProductInfo	2302	0x1402f4f10
RtlGetSaclSecurityDescriptor	2303	0x1406ec4e0
RtlGetSessionProperties	2304	0x1409bc7f0
RtlGetSetBootStatusData	2305	0x140793dd0
RtlGetSuiteMask	2306	0x1406f0e20
RtlGetSystemBootStatus	2307	0x140855df0
RtlGetSystemBootStatusEx	2308	0x14084e430
RtlGetSystemGlobalData	2309	0x1402d03c0
RtlGetThreadLangIdByIndex	2310	0x1402f1a90
RtlGetTokenNamedObjectPath	2311	0x1409bc900
RtlGetVersion	2312	0x1406f0d60
RtlHashUnicodeString	2313	0x14074d9a0
RtlIdnToAscii	2314	0x1409bf8e0
RtlIdnToNameprepUnicode	2315	0x1409bf910
RtlIdnToUnicode	2316	0x1409bf940
RtlImageDirectoryEntryToData	2317	0x14036be10
RtlImageNtHeader	2318	0x14036bf20
RtlImageNtHeaderEx	2319	0x14036bf50
RtlIncrementCorrelationVector	2320	0x1409bf370
RtlInitAnsiString	2321	0x14028dd70
RtlInitAnsiStringEx	2322	0x14036f5c0
RtlInitCodePageTable	2323	0x14080add0
RtlInitEnumerationHashTable	2324	0x140295950
RtlInitString	2325	0x14028dd70
RtlInitStringEx	2326	0x1405a5980
RtlInitStrongEnumerationHashTable	2327	0x1403cec70
RtlInitUTF8String	2328	0x1405a59a0
RtlInitUTF8StringEx	2329	0x1405a5980
RtlInitUnicodeString	2330	0x14027ae30
RtlInitUnicodeStringEx	2331	0x14024f600
RtlInitWeakEnumerationHashTable	2332	0x1403d07c0
RtlInitializeBitMap	2333	0x1402dc9b0
RtlInitializeBitMapEx	2334	0x1403ae3b0
RtlInitializeCorrelationVector	2335	0x1409bf460
RtlInitializeExtendedContext	2336	0x1402756e0
RtlInitializeGenericTable	2337	0x1402f0520
RtlInitializeGenericTableAvl	2338	0x140285970
RtlInitializeRangeList	2339	0x140806310
RtlInitializeSid	2340	0x140736dc0
RtlInitializeSidEx	2341	0x1402f2f20
RtlInitializeUnicodePrefix	2342	0x140855260
RtlInsertElementGenericTable	2343	0x1402b15a0
RtlInsertElementGenericTableAvl	2344	0x140286320
RtlInsertElementGenericTableFull	2345	0x1402b1610
RtlInsertElementGenericTableFullAvl	2346	0x1402863e0
RtlInsertEntryHashTable	2347	0x1402929e0
RtlInsertUnicodePrefix	2348	0x140760250
RtlInt64ToUnicodeString	2349	0x1406ed0a0
RtlIntegerToChar	2350	0x1407a6f60
RtlIntegerToUnicode	2351	0x1407ed520
RtlIntegerToUnicodeString	2352	0x1407a6ed0
RtlInterlockedClearBitRun	2353	0x1402832b0
RtlInterlockedClearBitRunEx	2354	0x140458960
RtlInterlockedSetBitRun	2355	0x1405a6bb0
RtlInterlockedSetBitRunEx	2356	0x140458a20
RtlInterlockedSetClearRun	2357	0x140281120
RtlIntersectBitMaps	2358	0x1405a6c70
RtlIntersectBitMapsEx	2359	0x1402d3960
RtlInvertRangeList	2360	0x140806e70
RtlInvertRangeListEx	2361	0x140807060
RtlIoDecodeMemIoResource	2362	0x1403757f0
RtlIoEncodeMemIoResource	2363	0x14039f370
RtlIpv4AddressToStringA	2364	0x1403c6960
RtlIpv4AddressToStringExA	2365	0x1405aca40
RtlIpv4AddressToStringExW	2366	0x1403b81b0
RtlIpv4AddressToStringW	2367	0x1403b8280
RtlIpv4StringToAddressA	2368	0x1403c8010
RtlIpv4StringToAddressExA	2369	0x1405acff0
RtlIpv4StringToAddressExW	2370	0x1403bf7c0
RtlIpv4StringToAddressW	2371	0x1402e75a0
RtlIpv6AddressToStringA	2372	0x1405acb00
RtlIpv6AddressToStringExA	2373	0x1405acd90
RtlIpv6AddressToStringExW	2374	0x14039e400
RtlIpv6AddressToStringW	2375	0x14039e4e0
RtlIpv6StringToAddressA	2376	0x1405ad1c0
RtlIpv6StringToAddressExA	2377	0x1405ad620
RtlIpv6StringToAddressExW	2378	0x1402e3f30
RtlIpv6StringToAddressW	2379	0x1402e3fd0
RtlIsApiSetImplemented	2380	0x14078e530
RtlIsCloudFilesPlaceholder	2381	0x140458e30
RtlIsElevatedRid	2382	0x140719040
RtlIsGenericTableEmpty	2383	0x1403bf780
RtlIsGenericTableEmptyAvl	2384	0x1402858e0
RtlIsMultiSessionSku	2385	0x14078b3a0
RtlIsMultiUsersInSessionSku	2386	0x1409bc930
RtlIsNameLegalDOS8Dot3	2387	0x140780e80
RtlIsNonEmptyDirectoryReparsePointAllowed	2388	0x1402ed690
RtlIsNormalizedString	2389	0x1409c2160
RtlIsNtDdiVersionAvailable	2390	0x1403af3e0
RtlIsPartialPlaceholder	2391	0x140898f80
RtlIsPartialPlaceholderFileHandle	2392	0x1409c0810
RtlIsPartialPlaceholderFileInfo	2393	0x1409c0870
RtlIsProcessorFeaturePresent	2394	0x1402f0130
RtlIsRangeAvailable	2395	0x14081c220
RtlIsSandboxedToken	2396	0x140712d60
RtlIsServicePackVersionInstalled	2397	0x1405ade50
RtlIsStateSeparationEnabled	2398	0x14079bbf0
RtlIsUntrustedObject	2399	0x140200e40
RtlIsValidOemCharacter	2400	0x1409bf750
RtlIsZeroMemory	2401	0x1405ae610
RtlLCIDToCultureName	2402	0x1409bf290
RtlLargeIntegerToChar	2403	0x1406ecf70
RtlLengthRequiredSid	2404	0x1406e8940
RtlLengthSecurityDescriptor	2405	0x1406ec6c0
RtlLengthSid	2406	0x140277a50
RtlLoadString	2407	0x1409ba970
RtlLocalTimeToSystemTime	2408	0x1409b9510
RtlLocateSupervisorFeature	2409	0x1405add40
RtlLockBootStatusData	2410	0x140713c90
RtlLookupAtomInAtomTable	2411	0x1406f2970
RtlLookupElementGenericTable	2412	0x1402b13e0
RtlLookupElementGenericTableAvl	2413	0x140286020
RtlLookupElementGenericTableFull	2414	0x1405ac7e0
RtlLookupElementGenericTableFullAvl	2415	0x140285e40
RtlLookupEntryHashTable	2416	0x140296370
RtlLookupFirstMatchingElementGenericTableAvl	2417	0x1403cdd10
RtlLookupFunctionEntry	2418	0x14035e300
RtlMapGenericMask	2419	0x14077ea60
RtlMapSecurityErrorToNtStatus	2420	0x1403c87f0
RtlMergeBitMaps	2421	0x1402a5930
RtlMergeBitMapsEx	2422	0x14039eab0
RtlMergeRangeLists	2423	0x1409b9300
RtlMoveMemory	2424	0x140428640
RtlMultiByteToUnicodeN	2425	0x1406f0560
RtlMultiByteToUnicodeSize	2426	0x1406f04d0
RtlNextUnicodePrefix	2427	0x140857aa0
RtlNormalizeSecurityDescriptor	2428	0x1403bd110
RtlNormalizeString	2429	0x1409c21f0
RtlNotifyFeatureUsage	2430	0x1405aee90
RtlNtStatusToDosError	2431	0x140765730
RtlNtStatusToDosErrorNoTeb	2432	0x1402bd180
RtlNumberGenericTableElements	2433	0x1402eea20
RtlNumberGenericTableElementsAvl	2434	0x1402f9ed0
RtlNumberOfClearBits	2435	0x1402a48e0
RtlNumberOfClearBitsEx	2436	0x1405a6e50
RtlNumberOfClearBitsInRange	2437	0x1405a6e80
RtlNumberOfSetBits	2438	0x1402a4910
RtlNumberOfSetBitsEx	2439	0x1405a6eb0
RtlNumberOfSetBitsInRange	2440	0x1405a7050
RtlNumberOfSetBitsInRangeEx	2441	0x1405a72d0
RtlNumberOfSetBitsUlongPtr	2442	0x1403aba00
RtlOemStringToCountedUnicodeString	2443	0x140795290
RtlOemStringToUnicodeSize	2444	0x1406f03d0
RtlOemStringToUnicodeString	2445	0x14085d6a0
RtlOemToUnicodeN	2446	0x1406f0360
RtlOpenCurrentUser	2447	0x1407eaa00
RtlOpenImageFileOptionsKey	2448	0x1406fdf50
RtlOsDeploymentState	2449	0x1409c2400
RtlOwnerAcesPresent	2450	0x1402c3290
RtlPcToFileHeader	2451	0x1403bcbe0
RtlPcToFileName	2452	0x1403a3f10
RtlPcToFilePath	2453	0x140898ff0
RtlPinAtomInAtomTable	2454	0x14078b680
RtlPrefetchMemoryNonTemporal	2455	0x14041d210
RtlPrefixString	2456	0x14076c480
RtlPrefixUnicodeString	2457	0x14068ce40
RtlQueryAllFeatureConfigurations	2458	0x1409c2320
RtlQueryAtomInAtomTable	2459	0x1406f25a0
RtlQueryDynamicTimeZoneInformation	2460	0x1409bdcf0
RtlQueryElevationFlags	2461	0x14078ed40
RtlQueryFeatureConfiguration	2462	0x1402e7a80
RtlQueryFeatureConfigurationChangeStamp	2463	0x1402f6210
RtlQueryImageFileKeyOption	2464	0x140701900
RtlQueryInformationAcl	2465	0x1406a36c0
RtlQueryModuleInformation	2466	0x14077b900
RtlQueryPackageClaims	2467	0x1402923a0
RtlQueryPackageIdentity	2468	0x1402922f0
RtlQueryPointerMapping	2469	0x1405a8ae0
RtlQueryProcessPlaceholderCompatibilityMode	2470	0x1409c08f0
RtlQueryPropertyStore	2471	0x1405a8c20
RtlQueryRegistryValueWithFallback	2472	0x1406b2af0
RtlQueryRegistryValues	2473	0x1407a3b60
RtlQueryRegistryValuesEx	2474	0x1406dc770
RtlQueryThreadPlaceholderCompatibilityMode	2475	0x1409c0920
RtlQueryTimeZoneInformation	2476	0x1409bdd10
RtlQueryValidationRunlevel	2477	0x1405af1d0
RtlRaiseCustomSystemEventTrigger	2478	0x1405af2b0
RtlRaiseException	2479	0x1402758c0
RtlRaiseStatus	2480	0x1402a0160
RtlRandom	2481	0x14079fcb0
RtlRandomEx	2482	0x14028e960
RtlRbInsertNodeEx	2483	0x14024b8f0
RtlRbRemoveNode	2484	0x14024a560
RtlRbReplaceNode	2485	0x1402d4440
RtlRealPredecessor	2486	0x1405ac760
RtlRealSuccessor	2487	0x1402b0530
RtlRegisterFeatureConfigurationChangeNotification	2488	0x14036f680
RtlRemoveEntryHashTable	2489	0x1402958a0
RtlRemovePointerMapping	2490	0x1405a8d10
RtlRemovePropertyStore	2491	0x1405a8e70
RtlRemoveUnicodePrefix	2492	0x140760170
RtlReplaceSidInSd	2493	0x1409bc9e0
RtlReserveChunk	2494	0x1409b9b00
RtlRestoreContext	2495	0x14041caf0
RtlRestoreSystemBootStatusDefaults	2496	0x1409be210
RtlRunOnceBeginInitialize	2497	0x1406ef7c0
RtlRunOnceComplete	2498	0x14076d8e0
RtlRunOnceExecuteOnce	2499	0x1406ef6e0
RtlRunOnceInitialize	2500	0x140800a30
RtlSecondsSince1970ToTime	2501	0x1403aa1e0
RtlSecondsSince1980ToTime	2502	0x1405a5910
RtlSelfRelativeToAbsoluteSD	2503	0x140863e50
RtlSelfRelativeToAbsoluteSD2	2504	0x1409bb2f0
RtlSetActiveConsoleId	2505	0x1407a4b90
RtlSetAllBits	2506	0x140222270
RtlSetAllBitsEx	2507	0x1403ae590
RtlSetBit	2508	0x1402dc5a0
RtlSetBitEx	2509	0x1402dfe40
RtlSetBits	2510	0x1402221c0
RtlSetBitsEx	2511	0x1402520f0
RtlSetConsoleSessionForegroundProcessId	2512	0x1407a3e70
RtlSetControlSecurityDescriptor	2513	0x14084ede0
RtlSetDaclSecurityDescriptor	2514	0x14069fe90
RtlSetDynamicTimeZoneInformation	2515	0x1409bdd30
RtlSetGroupSecurityDescriptor	2516	0x140713780
RtlSetOwnerSecurityDescriptor	2517	0x140736df0
RtlSetPortableOperatingSystem	2518	0x1405a84e0
RtlSetProcessPlaceholderCompatibilityMode	2519	0x1409c0960
RtlSetSaclSecurityDescriptor	2520	0x1406a3620
RtlSetSystemBootStatus	2521	0x140761200
RtlSetSystemBootStatusEx	2522	0x1409be250
RtlSetSystemGlobalData	2523	0x1402e6ed0
RtlSetThreadPlaceholderCompatibilityMode	2524	0x140898fa0
RtlSetTimeZoneInformation	2525	0x1409bdd50
RtlShiftLeftBitMap	2526	0x1405a7550
RtlShiftLeftBitMapEx	2527	0x1405a75c0
RtlSidHashInitialize	2528	0x140278d60
RtlSidHashLookup	2529	0x1402d84e0
RtlSizeHeap	2530	0x1405a8050
RtlSplay	2531	0x1402b1710
RtlStringFromGUID	2532	0x1407ef630
RtlStringFromGUIDEx	2533	0x1407ef650
RtlStronglyEnumerateEntryHashTable	2534	0x1403c4890
RtlSubAuthorityCountSid	2535	0x140297170
RtlSubAuthoritySid	2536	0x140297180
RtlSubtreePredecessor	2537	0x1402b19d0
RtlSubtreeSuccessor	2538	0x1405ac7b0
RtlSuffixUnicodeString	2539	0x1409b9120
RtlSystemTimeToLocalTime	2540	0x14084bb10
RtlTestBit	2541	0x1402d7950
RtlTestBitEx	2542	0x140408d10
RtlTimeFieldsToTime	2543	0x1402c7bb0
RtlTimeToElapsedTimeFields	2544	0x1409b9590
RtlTimeToSecondsSince1970	2545	0x140458540
RtlTimeToSecondsSince1980	2546	0x1405a5940
RtlTimeToTimeFields	2547	0x1402c7f10
RtlTraceDatabaseAdd	2548	0x1405af530
RtlTraceDatabaseCreate	2549	0x1405af590
RtlTraceDatabaseDestroy	2550	0x1405af700
RtlTraceDatabaseEnumerate	2551	0x1405af750
RtlTraceDatabaseFind	2552	0x1405af810
RtlTraceDatabaseLock	2553	0x1405af880
RtlTraceDatabaseUnlock	2554	0x1405af8a0
RtlTraceDatabaseValidate	2555	0x1405af8c0
RtlUTF8StringToUnicodeString	2556	0x1409c29b0
RtlUTF8ToUnicodeN	2557	0x1406ed180
RtlUdiv128	2558	0x14039ff60
RtlUnicodeStringToAnsiSize	2559	0x1406ed150
RtlUnicodeStringToAnsiString	2560	0x1406efef0
RtlUnicodeStringToCountedOemString	2561	0x14078b810
RtlUnicodeStringToInt64	2562	0x1409bdbc0
RtlUnicodeStringToInteger	2563	0x14075fec0
RtlUnicodeStringToOemSize	2564	0x1406ed150
RtlUnicodeStringToOemString	2565	0x140853220
RtlUnicodeStringToUTF8String	2566	0x1409c2ac0
RtlUnicodeToCustomCPN	2567	0x14078b950
RtlUnicodeToMultiByteN	2568	0x1406f0070
RtlUnicodeToMultiByteSize	2569	0x1406effe0
RtlUnicodeToOemN	2570	0x14078b8f0
RtlUnicodeToUTF8N	2571	0x1406f0170
RtlUnlockBootStatusData	2572	0x1407941b0
RtlUnregisterFeatureConfigurationChangeNotification	2573	0x1409c23e0
RtlUnsignedMultiplyHigh	2574	0x140409220
RtlUnwind	2575	0x1403bd290
RtlUnwindEx	2576	0x14035dbb0
RtlUpcaseUnicodeChar	2577	0x1407cf410
RtlUpcaseUnicodeString	2578	0x1406f0940
RtlUpcaseUnicodeStringToAnsiString	2579	0x1409b91e0
RtlUpcaseUnicodeStringToCountedOemString	2580	0x1406ecd00
RtlUpcaseUnicodeStringToOemString	2581	0x1408660e0
RtlUpcaseUnicodeToCustomCPN	2582	0x1409b9f80
RtlUpcaseUnicodeToMultiByteN	2583	0x1406ecc60
RtlUpcaseUnicodeToOemN	2584	0x1406ecba0
RtlUpperChar	2585	0x14076c5d0
RtlUpperString	2586	0x140765ce0
RtlValidAcl	2587	0x1406a46d0
RtlValidRelativeSecurityDescriptor	2588	0x1406bb820
RtlValidSecurityDescriptor	2589	0x1406b0000
RtlValidSid	2590	0x1406ae7f0
RtlValidateCorrelationVector	2591	0x1409bf4e0
RtlValidateUnicodeString	2592	0x1402d0210
RtlVerifyVersionInfo	2593	0x140371420
RtlVirtualUnwind	2594	0x1402759f0
RtlVirtualUnwind2	2595	0x14035e850
RtlVolumeDeviceToDosName	2596	0x1406f34f0
RtlWalkFrameChain	2597	0x1402a3b20
RtlWeaklyEnumerateEntryHashTable	2598	0x1403d07a0
RtlWriteNonVolatileMemory	2599	0x1405adc50
RtlWriteRegistryValue	2600	0x1406df600
RtlZeroHeap	2601	0x1409be400
RtlZeroMemory	2602	0x140563c70
RtlxAnsiStringToUnicodeSize	2603	0x1406f03d0
RtlxOemStringToUnicodeSize	2604	0x1406f03d0
RtlxUnicodeStringToAnsiSize	2605	0x1406ed150
RtlxUnicodeStringToOemSize	2606	0x1406ed150
SeAccessCheck	2607	0x140317560
SeAccessCheckEx	2608	0x1403c8b40
SeAccessCheckFromState	2609	0x1402a27b0
SeAccessCheckFromStateEx	2610	0x1402a28b0
SeAccessCheckWithHint	2611	0x1403175d0
SeAdjustAccessStateForAccessConstraints	2612	0x1406afaf0
SeAdjustAccessStateForTrustLabel	2613	0x1409ca1d0
SeAdjustObjectSecurity	2614	0x1407efd00
SeAppendPrivileges	2615	0x140712550
SeAssignSecurity	2616	0x1406b8ce0
SeAssignSecurityEx	2617	0x14077bd10
SeAuditFipsCryptoSelftests	2618	0x1409caca0
SeAuditHardLinkCreation	2619	0x1409cb040
SeAuditHardLinkCreationWithTransaction	2620	0x1409cb060
SeAuditTransactionStateChange	2621	0x1409cb930
SeAuditingAnyFileEventsWithContext	2622	0x1409cdb60
SeAuditingAnyFileEventsWithContextEx	2623	0x14027ee10
SeAuditingFileEvents	2624	0x1409cdb80
SeAuditingFileEventsWithContext	2625	0x1409cdbc0
SeAuditingFileEventsWithContextEx	2626	0x1405b7090
SeAuditingFileOrGlobalEvents	2627	0x1409cdbe0
SeAuditingHardLinkEvents	2628	0x1409cdcd0
SeAuditingHardLinkEventsWithContext	2629	0x140867900
SeAuditingWithTokenForSubcategory	2630	0x1406e03e0
SeCaptureSecurityDescriptor	2631	0x1406adfa0
SeCaptureSubjectContext	2632	0x1406adc60
SeCaptureSubjectContextEx	2633	0x1406adc90
SeCheckForCriticalAceRemoval	2634	0x140715810
SeCloseObjectAuditAlarm	2635	0x1409ce6a0
SeCloseObjectAuditAlarmForNonObObject	2636	0x1409ce710
SeCompareSigningLevels	2637	0x1407a3ba0
SeComputeAutoInheritByObjectType	2638	0x1402e1f70
SeConvertSecurityDescriptorToStringSecurityDescriptor	2639	0x1402970e0
SeConvertSidToStringSid	2640	0x1405b7d80
SeConvertStringSecurityDescriptorToSecurityDescriptor	2641	0x140297090
SeConvertStringSidToSid	2642	0x14029d530
SeCreateAccessState	2643	0x1406b2140
SeCreateAccessStateEx	2644	0x1406b2180
SeCreateAndRegisterAccessCheckDebugContext	2645	0x1405b5bf0
SeCreateClientSecurity	2646	0x1406af4f0
SeCreateClientSecurityEx	2647	0x1406af950
SeCreateClientSecurityFromSubjectContext	2648	0x14079f710
SeCreateClientSecurityFromSubjectContextEx	2649	0x1405b7370
SeDeassignSecurity	2650	0x14077bb40
SeDeleteAccessState	2651	0x140795470
SeDeleteClientSecurity	2652	0x14069ffb0
SeDeleteObjectAuditAlarm	2653	0x1409ce740
SeDeleteObjectAuditAlarmWithTransaction	2654	0x1409ce760
SeEtwWriteKMCveEvent	2655	0x1405fd0c0
SeExamineSacl	2656	0x1408991b0
SeExports	2657	0x140d53438
SeFilterToken	2658	0x1407fd700
SeFreePrivileges	2659	0x140283ae0
SeGetCachedSigningLevel	2660	0x140783a20
SeGetLinkedToken	2661	0x1409cf7c0
SeGetLogonSessionToken	2662	0x140799530
SeILSigningPolicyPtr	2663	0x140c09300
SeImpersonateClient	2664	0x1409cf610
SeImpersonateClientEx	2665	0x1407ef3d0
SeIsParentOfChildAppContainer	2666	0x1409c9c60
SeLocateProcessImageName	2667	0x1406f8b60
SeLockSubjectContext	2668	0x1406b2450
SeMarkLogonSessionForTerminationNotification	2669	0x140877220
SeMarkLogonSessionForTerminationNotificationEx	2670	0x140877240
SeOpenObjectAuditAlarm	2671	0x1407124f0
SeOpenObjectAuditAlarmForNonObObject	2672	0x140854cc0
SeOpenObjectAuditAlarmWithTransaction	2673	0x1407c7b80
SeOpenObjectForDeleteAuditAlarm	2674	0x1409ce7d0
SeOpenObjectForDeleteAuditAlarmWithTransaction	2675	0x1409ce830
SePrivilegeCheck	2676	0x1406ab060
SePrivilegeObjectAuditAlarm	2677	0x1406b25f0
SePublicDefaultDacl	2678	0x140d53588
SeQueryAuthenticationIdToken	2679	0x140779570
SeQueryInformationToken	2680	0x1406ab0b0
SeQuerySecureBootPlatformManifest	2681	0x1409d0f40
SeQuerySecureBootPolicyValue	2682	0x140857b70
SeQuerySecurityAttributesToken	2683	0x140703170
SeQuerySecurityAttributesTokenAccessInformation	2684	0x1402a3ce0
SeQuerySecurityDescriptorInfo	2685	0x1406b53b0
SeQueryServerSiloToken	2686	0x140798c60
SeQuerySessionIdToken	2687	0x14077e960
SeQuerySessionIdTokenEx	2688	0x1406d3d20
SeRegisterImageVerificationCallback	2689	0x140856e80
SeRegisterLogonSessionTerminatedRoutine	2690	0x1409d0290
SeRegisterLogonSessionTerminatedRoutineEx	2691	0x140852d90
SeReleaseSecurityDescriptor	2692	0x1406ae820
SeReleaseSubjectContext	2693	0x1406adee0
SeReportSecurityEvent	2694	0x1405b6f40
SeReportSecurityEventWithSubCategory	2695	0x140286f70
SeSecurityAttributePresent	2696	0x14024f570
SeSetAccessStateGenericMapping	2697	0x1409ca6d0
SeSetAuditParameter	2698	0x1402c3c10
SeSetSecurityAttributesToken	2699	0x14071c3f0
SeSetSecurityAttributesTokenEx	2700	0x14039c510
SeSetSecurityDescriptorInfo	2701	0x140715c80
SeSetSecurityDescriptorInfoEx	2702	0x140799d80
SeSetSessionIdTokenWithLinked	2703	0x1409c9d30
SeShouldCheckForAccessRightsFromParent	2704	0x1406ae850
SeSinglePrivilegeCheck	2705	0x1406adba0
SeSrpAccessCheck	2706	0x1402f3ee0
SeSystemDefaultDacl	2707	0x140d53590
SeSystemDefaultSd	2708	0x140d53858
SeTokenFromAccessInformation	2709	0x1402f2bf0
SeTokenImpersonationLevel	2710	0x1408711c0
SeTokenIsAdmin	2711	0x14071e9f0
SeTokenIsRestricted	2712	0x14027fb70
SeTokenIsWriteRestricted	2713	0x140295640
SeTokenObjectType	2714	0x140d51020
SeTokenType	2715	0x1408678f0
SeUnRegisterAndFreeAccessCheckDebugContext	2716	0x1403b0400
SeUnlockSubjectContext	2717	0x1406b2410
SeUnregisterImageVerificationCallback	2718	0x1409c93b0
SeUnregisterLogonSessionTerminatedRoutine	2719	0x1409d0330
SeUnregisterLogonSessionTerminatedRoutineEx	2720	0x1409d0400
SeValidSecurityDescriptor	2721	0x14076ce80
SkAcquirePushLockExclusive	2722	0x1405a3180
SkAllocatePool	2723	0x1405a3180
SkFreePool	2724	0x1405a3180
SkInitializePushLock	2725	0x1405a3180
SkIsSecureKernel	2726	0x1403b0400
SkQuerySecureKernelInformation	2727	0x1405a3180
SkReleasePushLockExclusive	2728	0x1405a3180
TmCancelPropagationRequest	2729	0x1403d1010
TmCommitComplete	2730	0x1403d1030
TmCommitEnlistment	2731	0x1403d1050
TmCommitTransaction	2732	0x1403d1070
TmCreateEnlistment	2733	0x1403d1090
TmCurrentTransaction	2734	0x1403d10b0
TmDereferenceEnlistmentKey	2735	0x1403d10d0
TmEnableCallbacks	2736	0x1403d10f0
TmEndPropagationRequest	2737	0x1403d1110
TmEnlistmentObjectType	2738	0x140d1e3d0
TmFreezeTransactions	2739	0x1403d1130
TmGetTransactionId	2740	0x1403d1150
TmInitSystem	2741	0x1403d0b90
TmInitSystemPhase2	2742	0x1403d0b70
TmInitializeTransactionManager	2743	0x1403d1170
TmIsKTMCommitCoordinator	2744	0x1403d1190
TmIsTransactionActive	2745	0x1403d11b0
TmPrePrepareComplete	2746	0x1403d11d0
TmPrePrepareEnlistment	2747	0x1403d11f0
TmPrepareComplete	2748	0x1403d1210
TmPrepareEnlistment	2749	0x1403d1230
TmPropagationComplete	2750	0x1403d1250
TmPropagationFailed	2751	0x1403d1270
TmReadOnlyEnlistment	2752	0x1403d1290
TmRecoverEnlistment	2753	0x1403d12b0
TmRecoverResourceManager	2754	0x1403d12d0
TmRecoverTransactionManager	2755	0x1403d12f0
TmReferenceEnlistmentKey	2756	0x1403d1310
TmRenameTransactionManager	2757	0x1403d1330
TmRequestOutcomeEnlistment	2758	0x1403d1350
TmResourceManagerObjectType	2759	0x140d1e1b0
TmRollbackComplete	2760	0x1403d1370
TmRollbackEnlistment	2761	0x1403d1390
TmRollbackTransaction	2762	0x1403d13b0
TmSetCurrentTransaction	2763	0x1403d13d0
TmSinglePhaseReject	2764	0x1403d13f0
TmThawTransactions	2765	0x1403d1410
TmTransactionManagerObjectType	2766	0x140d1e1a8
TmTransactionObjectType	2767	0x140d1dde0
TtmNotifyDeviceArrival	2768	0x1409a2c10
TtmNotifyDeviceDeparture	2769	0x1409a2f10
TtmNotifyDeviceInput	2770	0x1409a2fd0
VerSetConditionMask	2771	0x14038eb60
VfCheckNxPagePriority	2772	0x1405cc680
VfCheckNxPageProtection	2773	0x1405cc6a0
VfCheckNxPoolType	2774	0x1405cc6c0
VfFailDeviceNode	2775	0x1403ad810
VfFailDriver	2776	0x1405cc6e0
VfFailSystemBIOS	2777	0x1405cc710
VfInsertContext	2778	0x1405cc750
VfIsRuleClassEnabled	2779	0x140abe450
VfIsVerificationEnabled	2780	0x1403ad850
VfQueryDeviceContext	2781	0x1405cc820
VfQueryDispatchTable	2782	0x1405cc9e0
VfQueryDriverContext	2783	0x1405cc860
VfQueryIrpContext	2784	0x1405cc8a0
VfRemoveContext	2785	0x1405cc8e0
VslCreateSecureSection	2786	0x140942420
VslDeleteSecureSection	2787	0x140942840
VslExchangeEntropy	2788	0x1403bf940
VslGetSecurePciDeviceAlternateFunctionNumberForVtl0Dma	2789	0x140548910
VslGetSecurePciDeviceBootConfiguration	2790	0x1405489b0
VslGetSecurePciEnabled	2791	0x1403afcc0
VslQuerySecureDevice	2792	0x14084ad60
VslRetrieveMailbox	2793	0x140549a80
WheaAddErrorSource	2794	0x140817140
WheaAddErrorSourceDeviceDriver	2795	0x140816f70
WheaAddErrorSourceDeviceDriverV1	2796	0x1403ae810
WheaAddHwErrorReportSectionDeviceDriver	2797	0x14060f4d0
WheaAttemptClearPoison	2798	0x140a08240
WheaAttemptPhysicalPageOffline	2799	0x140a08310
WheaConfigureErrorSource	2800	0x140a90d40
WheaCreateHwErrorReportDeviceDriver	2801	0x14060f5e0
WheaDeferredRecoveryService	2802	0x140611030
WheaEnterCriticalState	2803	0x14060e900
WheaErrorSourceGetState	2804	0x14060e910
WheaExitCriticalState	2805	0x14060e950
WheaGetCurrentProcessName	2806	0x140610010
WheaGetErrorSource	2807	0x14060e960
WheaGetNotifyAllOfflinesPolicy	2808	0x14040dc70
WheaHighIrqlLogSelEventHandlerRegister	2809	0x140611420
WheaHighIrqlLogSelEventHandlerUnregister	2810	0x140611490
WheaHwErrorReportAbandonDeviceDriver	2811	0x14060f610
WheaHwErrorReportGetLogDataBufferDeviceDriver	2812	0x14060f640
WheaHwErrorReportMarkAsCriticalDeviceDriver	2813	0x14060f690
WheaHwErrorReportSetFatalSeverityDeviceDriver	2814	0x14060f6c0
WheaHwErrorReportSetSectionNameDeviceDriver	2815	0x14060f720
WheaHwErrorReportSetSeverityDeviceDriver	2816	0x14060f770
WheaHwErrorReportSubmitDeviceDriver	2817	0x14060f7b0
WheaInitializeDeferredRecoveryObject	2818	0x140611070
WheaInitializeRecordHeader	2819	0x1406108c0
WheaIsAltContextAllocPossible	2820	0x1406100b0
WheaIsCriticalState	2821	0x140382490
WheaLogInternalEvent	2822	0x140382370
WheaProcessWaitingETWEvents	2823	0x1406114d0
WheaRecoveryBugCheck	2824	0x14060e990
WheaRegisterErrorSourceOverride	2825	0x1406118a0
WheaRegisterInUsePageOfflineNotification	2826	0x140a084b0
WheaRemoveErrorSource	2827	0x140a07e50
WheaRemoveErrorSourceDeviceDriver	2828	0x140a08030
WheaReportFatalHwErrorDeviceDriverEx	2829	0x14060f8d0
WheaReportHwError	2830	0x14060ea00
WheaReportHwErrorDeviceDriver	2831	0x140a08170
WheaReportHwErrorDeviceDriverEx	2832	0x14060f9f0
WheaRequestDeferredRecovery	2833	0x140611090
WheaSignalHandlerOverride	2834	0x1403afbe0
WheaTerminateProcess	2835	0x140a085b0
WheaUnconfigureErrorSource	2836	0x140aac7f0
WheaUnregisterErrorSourceOverride	2837	0x140611b90
WheaUnregisterInUsePageOfflineNotification	2838	0x140a08630
WmiGetClock	2839	0x1405fda90
WmiQueryTraceInformation	2840	0x140824780
WmiTraceMessage	2841	0x1402a3da0
WmiTraceMessageVa	2842	0x14045d360
XIPDispatch	2843	0x14060d0c0
ZwAccessCheckAndAuditAlarm	2844	0x14040eea0
ZwAddBootEntry	2845	0x14040f6c0
ZwAddDriverEntry	2846	0x14040f6e0
ZwAdjustPrivilegesToken	2847	0x14040f1a0
ZwAlertThread	2848	0x14040f760
ZwAllocateLocallyUniqueId	2849	0x14040f7a0
ZwAllocateReserveObject	2850	0x14040f7c0
ZwAllocateVirtualMemory	2851	0x14040ec80
ZwAllocateVirtualMemoryEx	2852	0x14040f840
ZwAlpcAcceptConnectPort	2853	0x14040f860
ZwAlpcCancelMessage	2854	0x14040f880
ZwAlpcConnectPort	2855	0x14040f8a0
ZwAlpcConnectPortEx	2856	0x14040f8c0
ZwAlpcCreatePort	2857	0x14040f8e0
ZwAlpcCreatePortSection	2858	0x14040f900
ZwAlpcCreateResourceReserve	2859	0x14040f920
ZwAlpcCreateSectionView	2860	0x14040f940
ZwAlpcCreateSecurityContext	2861	0x14040f960
ZwAlpcDeletePortSection	2862	0x14040f980
ZwAlpcDeleteResourceReserve	2863	0x14040f9a0
ZwAlpcDeleteSectionView	2864	0x14040f9c0
ZwAlpcDeleteSecurityContext	2865	0x14040f9e0
ZwAlpcDisconnectPort	2866	0x14040fa00
ZwAlpcOpenSenderProcess	2867	0x14040fa60
ZwAlpcOpenSenderThread	2868	0x14040fa80
ZwAlpcQueryInformation	2869	0x14040faa0
ZwAlpcQueryInformationMessage	2870	0x14040fac0
ZwAlpcSendWaitReceivePort	2871	0x14040fb00
ZwAlpcSetInformation	2872	0x14040fb20
ZwAssignProcessToJobObject	2873	0x14040fb60
ZwAssociateWaitCompletionPacket	2874	0x14040fb80
ZwCancelIoFile	2875	0x14040f520
ZwCancelIoFileEx	2876	0x14040fbc0
ZwCancelTimer	2877	0x14040f5a0
ZwCancelWaitCompletionPacket	2878	0x14040fc20
ZwClearEvent	2879	0x14040f140
ZwClose	2880	0x14040eb60
ZwCloseObjectAuditAlarm	2881	0x14040f0e0
ZwCommitComplete	2882	0x14040fc80
ZwCommitEnlistment	2883	0x14040fca0
ZwCommitRegistryTransaction	2884	0x14040fcc0
ZwCommitTransaction	2885	0x14040fce0
ZwCompareTokens	2886	0x14040fd60
ZwConnectPort	2887	0x14040fdc0
ZwCreateCrossVmEvent	2888	0x14040fe60
ZwCreateDirectoryObject	2889	0x14040fec0
ZwCreateEnlistment	2890	0x14040ff20
ZwCreateEvent	2891	0x14040f280
ZwCreateFile	2892	0x14040f420
ZwCreateIoCompletion	2893	0x14040ff80
ZwCreateJobObject	2894	0x14040ffc0
ZwCreateKey	2895	0x14040ed20
ZwCreateKeyTransacted	2896	0x140410000
ZwCreatePartition	2897	0x1404100e0
ZwCreateProcessEx	2898	0x14040f320
ZwCreateProfileEx	2899	0x1404101a0
ZwCreateRegistryTransaction	2900	0x1404101c0
ZwCreateResourceManager	2901	0x1404101e0
ZwCreateSection	2902	0x14040f2c0
ZwCreateSectionEx	2903	0x140410200
ZwCreateSemaphore	2904	0x140410220
ZwCreateSymbolicLinkObject	2905	0x140410240
ZwCreateTimer	2906	0x1404102a0
ZwCreateTransaction	2907	0x140410320
ZwCreateTransactionManager	2908	0x140410340
ZwCreateWaitCompletionPacket	2909	0x140410380
ZwCreateWnfStateName	2910	0x1404103c0
ZwDeleteBootEntry	2911	0x140410460
ZwDeleteDriverEntry	2912	0x140410480
ZwDeleteFile	2913	0x1404104a0
ZwDeleteKey	2914	0x1404104c0
ZwDeleteValueKey	2915	0x140410520
ZwDeleteWnfStateData	2916	0x140410540
ZwDeleteWnfStateName	2917	0x140410560
ZwDeviceIoControlFile	2918	0x14040ea60
ZwDisplayString	2919	0x1404105c0
ZwDuplicateObject	2920	0x14040f100
ZwDuplicateToken	2921	0x14040f1c0
ZwEnumerateBootEntries	2922	0x140410620
ZwEnumerateDriverEntries	2923	0x140410640
ZwEnumerateKey	2924	0x14040efc0
ZwEnumerateTransactionObject	2925	0x140410680
ZwEnumerateValueKey	2926	0x14040ebe0
ZwFlushBuffersFile	2927	0x14040f2e0
ZwFlushBuffersFileEx	2928	0x140410720
ZwFlushInstructionCache	2929	0x140410760
ZwFlushKey	2930	0x140410780
ZwFlushVirtualMemory	2931	0x1404107c0
ZwFreeVirtualMemory	2932	0x14040ed40
ZwFsControlFile	2933	0x14040f0a0
ZwGetCachedSigningLevel	2934	0x140410860
ZwGetNextProcess	2935	0x140410940
ZwGetNextThread	2936	0x140410960
ZwGetNotificationResourceManager	2937	0x1404109a0
ZwGetWriteWatch	2938	0x1404109c0
ZwImpersonateAnonymousToken	2939	0x1404109e0
ZwInitiatePowerAction	2940	0x140410a80
ZwIsProcessInJob	2941	0x14040f360
ZwLoadDriver	2942	0x140410b00
ZwLoadKey	2943	0x140410b40
ZwLoadKeyEx	2944	0x140410ba0
ZwLockFile	2945	0x140410bc0
ZwLockProductActivationKeys	2946	0x140410be0
ZwLockVirtualMemory	2947	0x140410c20
ZwMakeTemporaryObject	2948	0x140410c60
ZwManagePartition	2949	0x140410ca0
ZwMapViewOfSection	2950	0x14040ee80
ZwModifyBootEntry	2951	0x140410d20
ZwModifyDriverEntry	2952	0x140410d40
ZwNotifyChangeDirectoryFile	2953	0x140410d60
ZwNotifyChangeDirectoryFileEx	2954	0x140410d80
ZwNotifyChangeKey	2955	0x140410da0
ZwNotifyChangeSession	2956	0x140410de0
ZwOpenDirectoryObject	2957	0x14040f480
ZwOpenEnlistment	2958	0x140410e20
ZwOpenEvent	2959	0x14040f180
ZwOpenFile	2960	0x14040efe0
ZwOpenJobObject	2961	0x140410e80
ZwOpenKey	2962	0x14040ebc0
ZwOpenKeyEx	2963	0x140410ea0
ZwOpenKeyTransacted	2964	0x140410ec0
ZwOpenKeyTransactedEx	2965	0x140410ee0
ZwOpenPartition	2966	0x140410f60
ZwOpenProcess	2967	0x14040ee40
ZwOpenProcessToken	2968	0x140410fa0
ZwOpenProcessTokenEx	2969	0x14040ef80
ZwOpenRegistryTransaction	2970	0x140410fc0
ZwOpenResourceManager	2971	0x140410fe0
ZwOpenSection	2972	0x14040f060
ZwOpenSession	2973	0x140411020
ZwOpenSymbolicLinkObject	2974	0x140411040
ZwOpenThread	2975	0x140411060
ZwOpenThreadToken	2976	0x14040ee00
ZwOpenThreadTokenEx	2977	0x14040ef60
ZwOpenTimer	2978	0x140411080
ZwOpenTransaction	2979	0x1404110a0
ZwOpenTransactionManager	2980	0x1404110c0
ZwPowerInformation	2981	0x14040f560
ZwPrePrepareComplete	2982	0x140411100
ZwPrePrepareEnlistment	2983	0x140411120
ZwPrepareComplete	2984	0x140411140
ZwPrepareEnlistment	2985	0x140411160
ZwPropagationComplete	2986	0x1404111e0
ZwPropagationFailed	2987	0x140411200
ZwProtectVirtualMemory	2988	0x14040f380
ZwPulseEvent	2989	0x140411240
ZwQueryBootEntryOrder	2990	0x140411280
ZwQueryBootOptions	2991	0x1404112a0
ZwQueryDefaultLocale	2992	0x14040ec20
ZwQueryDefaultUILanguage	2993	0x14040f200
ZwQueryDirectoryFile	2994	0x14040f020
ZwQueryDirectoryFileEx	2995	0x1404112e0
ZwQueryDirectoryObject	2996	0x140411300
ZwQueryDriverEntryOrder	2997	0x140411320
ZwQueryEaFile	2998	0x140411340
ZwQueryFullAttributesFile	2999	0x140411360
ZwQueryInformationByName	3000	0x1404113a0
ZwQueryInformationEnlistment	3001	0x1404113e0
ZwQueryInformationFile	3002	0x14040eba0
ZwQueryInformationJobObject	3003	0x140411400
ZwQueryInformationProcess	3004	0x14040eca0
ZwQueryInformationResourceManager	3005	0x140411440
ZwQueryInformationThread	3006	0x14040ee20
ZwQueryInformationToken	3007	0x14040eda0
ZwQueryInformationTransaction	3008	0x140411460
ZwQueryInformationTransactionManager	3009	0x140411480
ZwQueryInstallUILanguage	3010	0x1404114c0
ZwQueryIntervalProfile	3011	0x1404114e0
ZwQueryKey	3012	0x14040ec40
ZwQueryLicenseValue	3013	0x140411540
ZwQueryObject	3014	0x14040eb80
ZwQueryQuotaInformationFile	3015	0x140411600
ZwQuerySection	3016	0x14040f3a0
ZwQuerySecurityAttributesToken	3017	0x140411620
ZwQuerySecurityObject	3018	0x140411640
ZwQuerySecurityPolicy	3019	0x140411660
ZwQuerySymbolicLinkObject	3020	0x1404116a0
ZwQuerySystemEnvironmentValueEx	3021	0x1404116e0
ZwQuerySystemInformation	3022	0x14040f040
ZwQuerySystemInformationEx	3023	0x140411700
ZwQueryTimerResolution	3024	0x140411720
ZwQueryValueKey	3025	0x14040ec60
ZwQueryVirtualMemory	3026	0x14040ede0
ZwQueryVolumeInformationFile	3027	0x14040f2a0
ZwQueryWnfStateData	3028	0x140411740
ZwQueryWnfStateNameInformation	3029	0x140411760
ZwReadFile	3030	0x14040ea40
ZwReadOnlyEnlistment	3031	0x140411800
ZwRecoverEnlistment	3032	0x140411840
ZwRecoverResourceManager	3033	0x140411860
ZwRecoverTransactionManager	3034	0x140411880
ZwReleaseSemaphore	3035	0x14040eac0
ZwRemoveIoCompletion	3036	0x14040eaa0
ZwRemoveIoCompletionEx	3037	0x140411920
ZwRenameKey	3038	0x140411960
ZwReplaceKey	3039	0x1404119a0
ZwRequestPort	3040	0x140411a00
ZwRequestWaitReplyPort	3041	0x14040edc0
ZwResetEvent	3042	0x140411a20
ZwResetWriteWatch	3043	0x140411a40
ZwRestoreKey	3044	0x140411a60
ZwRollbackComplete	3045	0x140411ac0
ZwRollbackEnlistment	3046	0x140411ae0
ZwRollbackRegistryTransaction	3047	0x140411b00
ZwRollbackTransaction	3048	0x140411b20
ZwSaveKey	3049	0x140411b60
ZwSaveKeyEx	3050	0x140411b80
ZwSecureConnectPort	3051	0x140411bc0
ZwSetBootEntryOrder	3052	0x140411c00
ZwSetBootOptions	3053	0x140411c20
ZwSetCachedSigningLevel	3054	0x140411c40
ZwSetDefaultLocale	3055	0x140411ce0
ZwSetDefaultUILanguage	3056	0x140411d00
ZwSetDriverEntryOrder	3057	0x140411d20
ZwSetEaFile	3058	0x140411d40
ZwSetEvent	3059	0x14040eb40
ZwSetInformationEnlistment	3060	0x140411e00
ZwSetInformationFile	3061	0x14040ee60
ZwSetInformationJobObject	3062	0x140411e40
ZwSetInformationKey	3063	0x140411e60
ZwSetInformationObject	3064	0x14040f500
ZwSetInformationProcess	3065	0x14040ed00
ZwSetInformationResourceManager	3066	0x140411e80
ZwSetInformationThread	3067	0x14040eb20
ZwSetInformationToken	3068	0x140411ec0
ZwSetInformationTransaction	3069	0x140411ee0
ZwSetInformationVirtualMemory	3070	0x140411f20
ZwSetIntervalProfile	3071	0x140411f60
ZwSetIoCompletion	3072	0x140411f80
ZwSetIoCompletionEx	3073	0x140411fa0
ZwSetQuotaInformationFile	3074	0x140412020
ZwSetSecurityObject	3075	0x140412040
ZwSetSystemEnvironmentValueEx	3076	0x140412080
ZwSetSystemInformation	3077	0x1404120a0
ZwSetSystemTime	3078	0x1404120e0
ZwSetTimer	3079	0x14040f5c0
ZwSetTimerEx	3080	0x140412140
ZwSetTimerResolution	3081	0x140412160
ZwSetValueKey	3082	0x14040f580
ZwSetVolumeInformationFile	3083	0x1404121a0
ZwStartProfile	3084	0x140412260
ZwStopProfile	3085	0x140412280
ZwSystemDebugControl	3086	0x140412320
ZwTerminateJobObject	3087	0x140412360
ZwTerminateProcess	3088	0x14040ef00
ZwTraceControl	3089	0x1404123e0
ZwTraceEvent	3090	0x14040f540
ZwTranslateFilePath	3091	0x140412400
ZwUnloadDriver	3092	0x140412440
ZwUnloadKey	3093	0x140412460
ZwUnloadKey2	3094	0x140412480
ZwUnloadKeyEx	3095	0x1404124a0
ZwUnlockFile	3096	0x1404124c0
ZwUnlockVirtualMemory	3097	0x1404124e0
ZwUnmapViewOfSection	3098	0x14040eec0
ZwUpdateWnfStateData	3099	0x140412540
ZwWaitForMultipleObjects	3100	0x14040f4e0
ZwWaitForSingleObject	3101	0x14040ea00
ZwWriteFile	3102	0x14040ea80
ZwYieldExecution	3103	0x14040f240
__C_specific_handler	3104	0x1403d0950
__asan_alloca_poison	3105	0x140562b40
__asan_allocas_unpoison	3106	0x140562e00
__asan_load1	3107	0x140562ee0
__asan_load16	3108	0x140562f60
__asan_load16_noabort	3109	0x140562f60
__asan_load1_noabort	3110	0x140562ee0
__asan_load2	3111	0x140563410
__asan_load2_noabort	3112	0x140563410
__asan_load4	3113	0x1405634d0
__asan_load4_noabort	3114	0x1405634d0
__asan_load8	3115	0x140563640
__asan_load8_noabort	3116	0x140563640
__asan_loadN	3117	0x1405638d0
__asan_loadN_noabort	3118	0x1405638d0
__asan_memcpy	3119	0x140563970
__asan_memmove	3120	0x140563970
__asan_memset	3121	0x1405639e0
__asan_report_load1	3122	0x140563a30
__asan_report_load16	3123	0x140563a60
__asan_report_load2	3124	0x140563a90
__asan_report_load4	3125	0x140563ac0
__asan_report_load8	3126	0x140563af0
__asan_report_load_n	3127	0x140563b20
__asan_report_store1	3128	0x140563b50
__asan_report_store16	3129	0x140563b80
__asan_report_store2	3130	0x140563bb0
__asan_report_store4	3131	0x140563be0
__asan_report_store8	3132	0x140563c10
__asan_report_store_n	3133	0x140563c40
__asan_set_shadow_00	3134	0x140563c70
__asan_set_shadow_f8	3135	0x140563c90
__asan_store1	3136	0x140563cb0
__asan_store16	3137	0x140563d30
__asan_store16_noabort	3138	0x140563d30
__asan_store1_noabort	3139	0x140563cb0
__asan_store2	3140	0x1405641e0
__asan_store2_noabort	3141	0x1405641e0
__asan_store4	3142	0x1405642b0
__asan_store4_noabort	3143	0x1405642b0
__asan_store8	3144	0x140564420
__asan_store8_noabort	3145	0x140564420
__asan_storeN	3146	0x1405646c0
__asan_storeN_noabort	3147	0x1405646c0
__chkstk	3148	0x14041d330
__misaligned_access	3149	0x1402f8890
_atoi64	3150	0x1403d1e70
_finite	3151	0x1403d1f50
_i64toa_s	3152	0x1403d7090
_i64tow_s	3153	0x1403d73b0
_itoa	3154	0x1403d1f90
_itoa_s	3155	0x1403d70c0
_itow	3156	0x1403d2050
_itow_s	3157	0x1403d73e0
_local_unwind	3158	0x1403d2150
_ltoa_s	3159	0x1403d70c0
_ltow_s	3160	0x1403d73e0
_makepath_s	3161	0x1403d76f0
_purecall	3162	0x14060b230
_setjmp	3163	0x14041e6c0
_setjmpex	3164	0x14041e780
_snprintf	3165	0x1403d2190
_snprintf_s	3166	0x1403d7850
_snscanf_s	3167	0x1403d7920
_snwprintf	3168	0x1403d2250
_snwprintf_s	3169	0x1403d7960
_snwscanf_s	3170	0x1403d7a40
_splitpath_s	3171	0x1403d7a80
_stricmp	3172	0x1403d2390
_strlwr	3173	0x1403d23b0
_strnicmp	3174	0x1403d2440
_strnset	3175	0x1403d2460
_strnset_s	3176	0x1403d7d20
_strrev	3177	0x1403d2480
_strset	3178	0x1403d24c0
_strset_s	3179	0x1403d7db0
_strtoui64	3180	0x1403d1de0
_strupr	3181	0x1403d15a0
_swprintf	3182	0x1403d24e0
_ui64toa_s	3183	0x1403d70f0
_ui64tow_s	3184	0x1403d7410
_ultoa_s	3185	0x1403d7110
_ultow_s	3186	0x1403d7430
_vsnprintf	3187	0x1403d1710
_vsnprintf_s	3188	0x1403d7880
_vsnwprintf	3189	0x1403d15f0
_vsnwprintf_s	3190	0x1403d7990
_vswprintf	3191	0x1403d25b0
_wcsicmp	3192	0x1403d2690
_wcslwr	3193	0x1403d26f0
_wcslwr_s	3194	0x1403d2750
_wcsnicmp	3195	0x1403d27d0
_wcsnset	3196	0x1403d2840
_wcsnset_s	3197	0x1403d2870
_wcsrev	3198	0x1403d2900
_wcsset_s	3199	0x1403d2950
_wcsupr	3200	0x1403d29b0
_wmakepath_s	3201	0x1403d7e10
_wsplitpath_s	3202	0x1403d7fa0
_wtoi	3203	0x1403d29f0
_wtol	3204	0x1403d2a10
atoi	3205	0x1403d1ea0
atol	3206	0x1403d1ec0
bsearch	3207	0x1403d2a40
bsearch_s	3208	0x1403d2b50
isdigit	3209	0x1403d2c90
islower	3210	0x1403d2cc0
isprint	3211	0x1403d2cf0
isspace	3212	0x1403d2d20
isupper	3213	0x1403d2d50
iswalnum	3214	0x1403d2db0
iswdigit	3215	0x1403d2df0
iswspace	3216	0x1403d2e10
isxdigit	3217	0x1403d2d80
longjmp	3218	0x1403d0b20
mbstowcs	3219	0x1403d2e30
mbtowc	3220	0x1403d2ef0
memchr	3221	0x1403d2f50
memcmp	3222	0x1403d2f90
memcpy	3223	0x140428640
memcpy_s	3224	0x1403d8260
memmove	3225	0x140428640
memmove_s	3226	0x1403d8300
memset	3227	0x140428940
psMUITest	3228	0x140d53900
qsort	3229	0x1403d3070
qsort_s	3230	0x1403d3450
rand	3231	0x1403d3860
sprintf	3232	0x1403d38a0
sprintf_s	3233	0x1403d8360
sqrt	3234	0x1403d3940
sqrtf	3235	0x1403d3a50
srand	3236	0x1403d3890
sscanf_s	3237	0x1403d83e0
strcat	3238	0x1403d3b60
strcat_s	3239	0x1403d8440
strchr	3240	0x1403d3ce0
strcmp	3241	0x1403d3d30
strcpy	3242	0x1403d3c20
strcpy_s	3243	0x1403d84d0
strlen	3244	0x1403d3e00
strncat	3245	0x1403d3ed0
strncat_s	3246	0x1403d8560
strncmp	3247	0x1403d1ad0
strncpy	3248	0x1403d4090
strncpy_s	3249	0x1403d8660
strnlen	3250	0x1403d4200
strrchr	3251	0x1403d4220
strspn	3252	0x1403d4260
strstr	3253	0x1403d1e10
strtok_s	3254	0x1403d8760
swprintf	3255	0x1403d24e0
swprintf_s	3256	0x1403d7000
swscanf_s	3257	0x1403d88d0
tolower	3258	0x1403d4330
toupper	3259	0x1403d4370
towlower	3260	0x1403d43e0
towupper	3261	0x1403d4410
vDbgPrintEx	3262	0x1402b7fd0
vDbgPrintExWithPrefix	3263	0x140458640
vsprintf	3264	0x1403d44c0
vsprintf_s	3265	0x1403d8390
vswprintf_s	3266	0x1403d7030
wcscat	3267	0x1403d44e0
wcscat_s	3268	0x1403d8930
wcschr	3269	0x1403d4550
wcscmp	3270	0x1403d4590
wcscpy	3271	0x1403d4520
wcscpy_s	3272	0x1403d89d0
wcscspn	3273	0x1403d45d0
wcslen	3274	0x1403d4620
wcsncat	3275	0x1403d4640
wcsncat_s	3276	0x1403d8a60
wcsncmp	3277	0x1403d4690
wcsncpy	3278	0x1403d46d0
wcsncpy_s	3279	0x1403d8b70
wcsnlen	3280	0x1403d4720
wcsrchr	3281	0x1403d4750
wcsspn	3282	0x1403d4790
wcsstr	3283	0x1403d47e0
wcstombs	3284	0x1403d4840
wcstoul	3285	0x1403d4b30
wctomb	3286	0x1403d4c20
x86BiosAllocateBuffer	3287	0x1403a72d0
x86BiosCall	3288	0x1403b6ea0
x86BiosFreeBuffer	3289	0x1403a7760
x86BiosReadMemory	3290	0x140393620
x86BiosWriteMemory	3291	0x14039b650

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

• ntoskrnl.exe

Click to jump to process

Memory Usage

• ntoskrnl.exe

Click to jump to process

System Behavior

Analysis Process: ntoskrnl.exePID: 1660, Parent PID: 1244

Function Logs

General

Target ID:	0
Start time:	03:29:17
Start date:	13/10/2023
Path:	C:\Users\user\Desktop\ntoskrnl.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\ntoskrnl.exe
Imagebase:	0x13fa20000
File size:	12'092'800 bytes
MD5 hash:	9AB0549D50A61AAE2E4E85987D8F09CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ntoskrnl.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: ntoskrnl.exePID: 1660, Parent PID: 1244

General

Chronological Activities

Disassembly

Windows Analysis Report
ntoskrnl.exe