cdc13684...5965 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Spyware, Dropper

jma.exe

Windows Exe (x86-32)

Created at 2019-11-07T02:39:00

...

Remarks (2/2)

(0x2000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x200003a): 2 tasks were rescheduled ahead of time to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\5P5NRG~1\AppData\Local\Temp\646D.tmp-shm Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 32.00 KB
MD5 b7c14ec6110fa820ca6b65f5aec85911 Copy to Clipboard
SHA1 608eeb7488042453c9ca40f7e1398fc1a270f3f4 Copy to Clipboard
SHA256 fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb Copy to Clipboard
SSDeep 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-05-09 07:05 (UTC+2)
Last Seen 2019-04-05 01:06 (UTC+2)
C:\Users\5P5NRG~1\AppData\Local\Temp\6DA1.tmp Dropped File Sqlite
Whitelisted
...
»
Mime Type application/x-sqlite3
File Size 18.00 KB
MD5 29844404ae855e9df054833f71888eb1 Copy to Clipboard
SHA1 3e86f08def08fc14ddec0227d0643319562666db Copy to Clipboard
SHA256 c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e Copy to Clipboard
SSDeep 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-08-06 16:42 (UTC+2)
Last Seen 2018-09-13 14:46 (UTC+2)
C:\Users\5P5NRG~1\AppData\Local\Temp\7208.tmp Dropped File Sqlite
Whitelisted
...
»
Mime Type application/x-sqlite3
File Size 7.00 KB
MD5 ccf817a1215b7342f42ab80fc78b5857 Copy to Clipboard
SHA1 195ab6db299b3ee23812722689ca15b4ff2d142d Copy to Clipboard
SHA256 45caa6e0f74afd3544a799ab8fd9987ac6cfee348c66312581b322cbae74a959 Copy to Clipboard
SSDeep 24:rEO15UcJOyTGVZTPaFpEvg3obNmCFk6Uwcm3tm5fB:IwecVTgPOpEveoJZFrU10WB Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-01-27 17:02 (UTC+1)
Last Seen 2019-02-18 04:53 (UTC+1)
C:\Users\5P5NRG~1\AppData\Local\Temp\F3E9.tmp Dropped File Binary
Whitelisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.23 MB
MD5 d124f55b9393c976963407dff51ffa79 Copy to Clipboard
SHA1 2c7bbedd79791bfb866898c85b504186db610b5d Copy to Clipboard
SHA256 ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef Copy to Clipboard
SSDeep 24576:gwS6Xkd14PpBi6vPfdviHPZ2jslseW64AcECwA:lUd1ypBLPdmZ2Ox4AcECwA Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-20 15:42 (UTC+1)
Last Seen 2019-04-17 13:49 (UTC+2)
PE Information
»
Image Base 0x7de70000
Size Of Code 0xd5c00
Size Of Initialized Data 0x63400
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2010-11-20 12:08:56+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription NT Layer DLL
FileVersion 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName ntdll.dll
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename ntdll.dll
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7601.17514
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x7de80000 0xd586b 0xd5a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.79
RT 0x7df60000 0x1c9 0x200 0xd5e00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.55
.data 0x7df70000 0x8248 0x6e00 0xd6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.67
.rsrc 0x7df80000 0x560d8 0x56200 0xdce00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.33
.reloc 0x7dfe0000 0x4d24 0x4e00 0x133000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.71
Exports (2032)
»
Api name EAT Address Ordinal
A_SHAFinal 0x6acd7 0x12
A_SHAInit 0x68d84 0x13
A_SHAUpdate 0x6ada7 0x14
AlpcAdjustCompletionListConcurrencyCount 0xad359 0x15
AlpcFreeCompletionListMessage 0xacfd8 0x16
AlpcGetCompletionListLastMessageInformation 0xad0f4 0x17
AlpcGetCompletionListMessageAttributes 0xad0c0 0x18
AlpcGetHeaderSize 0x7a09a 0x19
AlpcGetMessageAttribute 0x7a02f 0x1a
AlpcGetMessageFromCompletionList 0xace21 0x1b
AlpcGetOutstandingCompletionListMessageCount 0xad11b 0x1c
AlpcInitializeMessageAttribute 0x7a066 0x1d
AlpcMaxAllowedMessageLength 0xad37d 0x1e
AlpcRegisterCompletionList 0xad2d4 0x1f
AlpcRegisterCompletionListWorkerThread 0xad13a 0x20
AlpcRundownCompletionList 0xad33d 0x21
AlpcUnregisterCompletionList 0xad321 0x22
AlpcUnregisterCompletionListWorkerThread 0xad215 0x23
CsrAllocateCaptureBuffer 0xacb0f 0x24
CsrAllocateMessagePointer 0xacb2f 0x25
CsrCaptureMessageBuffer 0xacb3f 0x26
CsrCaptureMessageMultiUnicodeStringsInPlace 0xacbe8 0x27
CsrCaptureMessageString 0xacb4f 0x28
CsrCaptureTimeout 0xacb5f 0x29
CsrClientCallServer 0xacaff 0x2a
CsrClientConnectToServer 0x51a0d 0x2b
CsrFreeCaptureBuffer 0xacb1f 0x2c
CsrGetProcessId 0xacb92 0x2d
CsrIdentifyAlertableThread 0xacaf5 0x2e
CsrSetPriorityClass 0xa1a7f 0x2f
CsrVerifyRegion 0xacc64 0x30
DbgBreakPoint 0x1000c 0x31
DbgPrint 0x7a7a0 0x32
DbgPrintEx 0x75af3 0x33
DbgPrintReturnControlC 0xad44d 0x34
DbgPrompt 0xad388 0x35
DbgQueryDebugFilterState 0xad3ce 0x36
DbgSetDebugFilterState 0xad3de 0x37
DbgUiConnectToDbg 0x9f6fb 0x38
DbgUiContinue 0x9f7a3 0x39
DbgUiConvertStateChangeStructure 0x9f8cc 0x3a
DbgUiDebugActiveProcess 0x9f88a 0x3b
DbgUiGetThreadDebugObject 0x9f74d 0x3c
DbgUiIssueRemoteBreakin 0x9f843 0x3d
DbgUiRemoteBreakin 0x9f7ea 0x3e
DbgUiSetThreadDebugObject 0x9f75f 0x3f
DbgUiStopDebugging 0x9f7c8 0x40
DbgUiWaitStateChange 0x9f77c 0x41
DbgUserBreakPoint 0x10008 0x42
EtwCreateTraceInstanceId 0xdac04 0x43
EtwDeliverDataBlock 0x6154b 0x44
EtwEnumerateProcessRegGuids 0xdb157 0x45
EtwEventActivityIdControl 0x6ebaf 0x46
EtwEventEnabled 0x388e2 0x47
EtwEventProviderEnabled 0xdacf6 0x48
EtwEventRegister 0x3f6ba 0x49
EtwEventUnregister 0x59241 0x4a
EtwEventWrite 0x60c59 0x4b
EtwEventWriteEndScenario 0xdb401 0x4c
EtwEventWriteEx 0xdb254 0x4d
EtwEventWriteFull 0xdb287 0x4e
EtwEventWriteNoRegistration 0x72220 0x4f
EtwEventWriteStartScenario 0xdb2b7 0x50
EtwEventWriteString 0xdadd4 0x51
EtwEventWriteTransfer 0x6ec65 0x52
EtwGetTraceEnableFlags 0x61729 0x53
EtwGetTraceEnableLevel 0x616f3 0x54
EtwGetTraceLoggerHandle 0x6168a 0x55
EtwLogTraceEvent 0xdb4c7 0x56
EtwNotificationRegister 0x3f532 0x57
EtwNotificationUnregister 0x591ab 0x58
EtwProcessPrivateLoggerRequest 0x7255d 0x59
EtwRegisterSecurityProvider 0xdacc6 0x5a
EtwRegisterTraceGuidsA 0x6848f 0x5b
EtwRegisterTraceGuidsW 0x3f843 0x5c
EtwReplyNotification 0xddbea 0x5d
EtwSendNotification 0x76b7c 0x5e
EtwSetMark 0xdb777 0x5f
EtwTraceEventInstance 0xdb532 0x60
EtwTraceMessage 0x679b7 0x61
EtwTraceMessageVa 0x679db 0x62
EtwUnregisterTraceGuids 0x59286 0x63
EtwWriteUMSecurityEvent 0xdb051 0x64
EtwpCreateEtwThread 0xde157 0x65
EtwpGetCpuSpeed 0x77091 0x66
EtwpNotificationThread 0x614f1 0x67
EvtIntReportAuthzEventAndSourceAsync 0xdeb79 0x68
EvtIntReportEventAndSourceAsync 0xdeb43 0x69
ExpInterlockedPopEntrySListEnd 0x326b3 0xf
ExpInterlockedPopEntrySListFault 0x326b1 0x10
ExpInterlockedPopEntrySListResume 0x3267b 0x11
KiFastSystemCall 0x101e0 0x6a
KiFastSystemCallRet 0x101e4 0x6b
KiIntSystemCall 0x101f0 0x6c
KiRaiseUserExceptionDispatcher 0x10184 0x6d
KiUserApcDispatcher 0x10038 0x6e
KiUserCallbackDispatcher 0x100ec 0x6f
KiUserExceptionDispatcher 0x10134 0x70
LdrAccessResource 0x41f10 0x71
LdrAddLoadAsDataTable 0x5ecc0 0x72
LdrAddRefDll 0x3ffdd 0x73
LdrDisableThreadCalloutsForDll 0x40d76 0x74
LdrEnumResources 0xadd19 0x75
LdrEnumerateLoadedModules 0x3bf1f 0x76
LdrFindEntryForAddress 0x5e982 0x77
LdrFindResourceDirectory_U 0xae107 0x78
LdrFindResourceEx_U 0x5b5d5 0x79
LdrFindResource_U 0x41f2d 0x7a
LdrFlushAlternateResourceModules 0xadf5b 0x7b
LdrGetDllHandle 0x2fcf7 0x7c
LdrGetDllHandleByMapping 0x5ec37 0x7d
LdrGetDllHandleByName 0x5cc25 0x7e
LdrGetDllHandleEx 0x2fd18 0x7f
LdrGetFailureData 0xa05c4 0x80
LdrGetFileNameFromLoadAsDataTable 0xad596 0x81
LdrGetProcedureAddress 0x301aa 0x82
LdrGetProcedureAddressEx 0x301cb 0x83
LdrHotPatchRoutine 0x9fbb4 0x84
LdrInitShimEngineDynamic 0x6e118 0x85
LdrInitializeThunk 0x39e49 0x86
LdrLoadAlternateResourceModule 0x76595 0x87
LdrLoadAlternateResourceModuleEx 0x4399a 0x88
LdrLoadDll 0x3c43a 0x89
LdrLockLoaderLock 0x36b95 0x8a
LdrOpenImageFileOptionsKey 0x63588 0x8b
LdrProcessRelocationBlock 0xae9cf 0x8c
LdrQueryImageFileExecutionOptions 0x4c132 0x8d
LdrQueryImageFileExecutionOptionsEx 0x4c159 0x8e
LdrQueryImageFileKeyOption 0x62fd2 0x8f
LdrQueryModuleServiceTags 0xa04fe 0x90
LdrQueryProcessModuleInformation 0xa04d4 0x91
LdrRegisterDllNotification 0x6c8a5 0x92
LdrRemoveLoadAsDataTable 0x5faa2 0x93
LdrResFindResource 0x4e29c 0x94
LdrResFindResourceDirectory 0x3da15 0x95
LdrResGetRCConfig 0x47c5f 0x96
LdrResRelease 0xaef42 0x97
LdrResSearchResource 0x3cd5c 0x98
LdrRscIsTypeExist 0x436dd 0x99
LdrSetAppCompatDllRedirectionCallback 0xa04f4 0x9a
LdrSetDllManifestProber 0x515f6 0x9b
LdrSetMUICacheType 0xae0b3 0x9c
LdrShutdownProcess 0x58e79 0x9d
LdrShutdownThread 0x5d2f9 0x9e
LdrUnloadAlternateResourceModule 0x5f991 0x9f
LdrUnloadAlternateResourceModuleEx 0x5f9a9 0xa0
LdrUnloadDll 0x411d7 0xa1
LdrUnlockLoaderLock 0x36c3c 0xa2
LdrUnregisterDllNotification 0x71bf4 0xa3
LdrVerifyImageMatchesChecksum 0xa05cf 0xa4
LdrVerifyImageMatchesChecksumEx 0xa004a 0xa5
LdrWx86FormatVirtualImage 0xa5cd5 0xa6
LdrpResGetMappingSize 0x3c9fc 0xa7
LdrpResGetResourceDirectory 0x3cbb8 0xa8
MD4Final 0xdab61 0xa9
MD4Init 0xdaa14 0xaa
MD4Update 0xdaa48 0xab
MD5Final 0x729ac 0xac
MD5Init 0x72859 0xad
MD5Update 0x72a3a 0xae
NlsAnsiCodePage 0x100010 0xaf
NlsMbCodePageTag 0x100003 0xb0
NlsMbOemCodePageTag 0x100004 0xb1
NtAcceptConnectPort 0x20200 0xb2
NtAccessCheck 0x20218 0xb3
NtAccessCheckAndAuditAlarm 0x1fc58 0xb4
NtAccessCheckByType 0x20230 0xb5
NtAccessCheckByTypeAndAuditAlarm 0x20104 0xb6
NtAccessCheckByTypeResultList 0x20248 0xb7
NtAccessCheckByTypeResultListAndAuditAlarm 0x20260 0xb8
NtAccessCheckByTypeResultListAndAuditAlarmByHandle 0x20278 0xb9
NtAddAtom 0x1ff48 0xba
NtAddBootEntry 0x20290 0xbb
NtAddDriverEntry 0x202a8 0xbc
NtAdjustGroupsToken 0x202c0 0xbd
NtAdjustPrivilegesToken 0x1feb0 0xbe
NtAlertResumeThread 0x202d8 0xbf
NtAlertThread 0x202f4 0xc0
NtAllocateLocallyUniqueId 0x20310 0xc1
NtAllocateReserveObject 0x2032c 0xc2
NtAllocateUserPhysicalPages 0x20344 0xc3
NtAllocateUuids 0x2035c 0xc4
NtAllocateVirtualMemory 0x1fab0 0xc5
NtAlpcAcceptConnectPort 0x20378 0xc6
NtAlpcCancelMessage 0x20390 0xc7
NtAlpcConnectPort 0x203a8 0xc8
NtAlpcCreatePort 0x203c0 0xc9
NtAlpcCreatePortSection 0x203d8 0xca
NtAlpcCreateResourceReserve 0x203f0 0xcb
NtAlpcCreateSectionView 0x20408 0xcc
NtAlpcCreateSecurityContext 0x20420 0xcd
NtAlpcDeletePortSection 0x20438 0xce
NtAlpcDeleteResourceReserve 0x20450 0xcf
NtAlpcDeleteSectionView 0x20468 0xd0
NtAlpcDeleteSecurityContext 0x20480 0xd1
NtAlpcDisconnectPort 0x20498 0xd2
NtAlpcImpersonateClientOfPort 0x204b0 0xd3
NtAlpcOpenSenderProcess 0x204c8 0xd4
NtAlpcOpenSenderThread 0x204e0 0xd5
NtAlpcQueryInformation 0x204f8 0xd6
NtAlpcQueryInformationMessage 0x20510 0xd7
NtAlpcRevokeSecurityContext 0x20528 0xd8
NtAlpcSendWaitReceivePort 0x20540 0xd9
NtAlpcSetInformation 0x20558 0xda
NtApphelpCacheControl 0x1ffc4 0xdb
NtAreMappedFilesTheSame 0x20570 0xdc
NtAssignProcessToJobObject 0x2058c 0xdd
NtCallbackReturn 0x1f8c8 0xde
NtCancelIoFile 0x2016c 0xdf
NtCancelIoFileEx 0x205a8 0xe0
NtCancelSynchronousIoFile 0x205c0 0xe1
NtCancelTimer 0x201cc 0xe2
NtClearEvent 0x1fe64 0xe3
NtClose 0x1f9d0 0xe4
NtCloseObjectAuditAlarm 0x1fe1c 0xe5
NtCommitComplete 0x205d8 0xe6
NtCommitEnlistment 0x205f0 0xe7
NtCommitTransaction 0x20608 0xe8
NtCompactKeys 0x20620 0xe9
NtCompareTokens 0x20638 0xea
NtCompleteConnectPort 0x20650 0xeb
NtCompressKey 0x20668 0xec
NtConnectPort 0x20684 0xed
NtContinue 0x1fee0 0xee
NtCreateDebugObject 0x2069c 0xef
NtCreateDirectoryObject 0x206b4 0xf0
NtCreateEnlistment 0x206cc 0xf1
NtCreateEvent 0x1ff64 0xf2
NtCreateEventPair 0x206e4 0xf3
NtCreateFile 0x200a4 0xf4
NtCreateIoCompletion 0x206fc 0xf5
NtCreateJobObject 0x20714 0xf6
NtCreateJobSet 0x2072c 0xf7
NtCreateKey 0x1fb30 0xf8
NtCreateKeyTransacted 0x20744 0xf9
NtCreateKeyedEvent 0x2075c 0xfa
NtCreateMailslotFile 0x20774 0xfb
NtCreateMutant 0x2078c 0xfc
NtCreateNamedPipeFile 0x207a4 0xfd
NtCreatePagingFile 0x207bc 0xfe
NtCreatePort 0x207d4 0xff
NtCreatePrivateNamespace 0x207ec 0x100
NtCreateProcess 0x20804 0x101
NtCreateProcessEx 0x1ffdc 0x102
NtCreateProfile 0x2081c 0x103
NtCreateProfileEx 0x20834 0x104
NtCreateResourceManager 0x2084c 0x105
NtCreateSection 0x1ff94 0x106
NtCreateSemaphore 0x20864 0x107
NtCreateSymbolicLinkObject 0x2087c 0x108
NtCreateThread 0x1fff4 0x109
NtCreateThreadEx 0x20894 0x10a
NtCreateTimer 0x208ac 0x10b
NtCreateToken 0x208c4 0x10c
NtCreateTransaction 0x208dc 0x10d
NtCreateTransactionManager 0x208f4 0x10e
NtCreateUserProcess 0x2090c 0x10f
NtCreateWaitablePort 0x20924 0x110
NtCreateWorkerFactory 0x2093c 0x111
NtCurrentTeb 0x9ef53 0x112
NtDebugActiveProcess 0x20954 0x113
NtDebugContinue 0x20970 0x114
NtDelayExecution 0x1fd6c 0x115
NtDeleteAtom 0x20988 0x116
NtDeleteBootEntry 0x209a4 0x117
NtDeleteDriverEntry 0x209bc 0x118
NtDeleteFile 0x209d4 0x119
NtDeleteKey 0x209ec 0x11a
NtDeleteObjectAuditAlarm 0x20a04 0x11b
NtDeletePrivateNamespace 0x20a1c 0x11c
NtDeleteValueKey 0x20a34 0x11d
NtDeviceIoControlFile 0x1f8fc 0x11e
NtDisableLastKnownGood 0x20a4c 0x11f
NtDisplayString 0x20a64 0x120
NtDrawText 0x20a7c 0x121
NtDuplicateObject 0x1fe34 0x122
NtDuplicateToken 0x1fec8 0x123
NtEnableLastKnownGood 0x20a94 0x124
NtEnumerateBootEntries 0x20aac 0x125
NtEnumerateDriverEntries 0x20ac4 0x126
NtEnumerateKey 0x1fd3c 0x127
NtEnumerateSystemEnvironmentValuesEx 0x20adc 0x128
NtEnumerateTransactionObject 0x20af4 0x129
NtEnumerateValueKey 0x1fa30 0x12a
NtExtendSection 0x20b0c 0x12b
NtFilterToken 0x20b24 0x12c
NtFindAtom 0x1fa48 0x12d
NtFlushBuffersFile 0x1ffac 0x12e
NtFlushInstallUILanguage 0x20b3c 0x12f
NtFlushInstructionCache 0x20b54 0x130
NtFlushKey 0x20b70 0x131
NtFlushProcessWriteBuffers 0x20b8c 0x132
NtFlushVirtualMemory 0x20ba4 0x133
NtFlushWriteBuffer 0x20bbc 0x134
NtFreeUserPhysicalPages 0x20bd8 0x135
NtFreeVirtualMemory 0x1fb48 0x136
NtFreezeRegistry 0x20bf0 0x137
NtFreezeTransactions 0x20c08 0x138
NtFsControlFile 0x1fde8 0x139
NtGetContextThread 0x20c20 0x13a
NtGetCurrentProcessorNumber 0x20c38 0x13b
NtGetDevicePowerState 0x20c54 0x13c
NtGetMUIRegistryInfo 0x20c70 0x13d
NtGetNextProcess 0x20c88 0x13e
NtGetNextThread 0x20ca0 0x13f
NtGetNlsSectionPtr 0x20cb8 0x140
NtGetNotificationResourceManager 0x20cd0 0x141
NtGetPlugPlayEvent 0x20ce8 0x142
NtGetTickCount 0xb11dc 0x143
NtGetWriteWatch 0x20d00 0x144
NtImpersonateAnonymousToken 0x20d18 0x145
NtImpersonateClientOfPort 0x1fb60 0x146
NtImpersonateThread 0x20d34 0x147
NtInitializeNlsFiles 0x20d4c 0x148
NtInitializeRegistry 0x20d64 0x149
NtInitiatePowerAction 0x20d7c 0x14a
NtIsProcessInJob 0x2000c 0x14b
NtIsSystemResumeAutomatic 0x20d98 0x14c
NtIsUILanguageComitted 0x20db4 0x14d
NtListenPort 0x20dcc 0x14e
NtLoadDriver 0x20de4 0x14f
NtLoadKey 0x20dfc 0x151
NtLoadKey2 0x20e14 0x150
NtLoadKeyEx 0x20e2c 0x152
NtLockFile 0x20e44 0x153
NtLockProductActivationKeys 0x20e5c 0x154
NtLockRegistryKey 0x20e78 0x155
NtLockVirtualMemory 0x20e94 0x156
NtMakePermanentObject 0x20eac 0x157
NtMakeTemporaryObject 0x20ec8 0x158
NtMapCMFModule 0x20ee4 0x159
NtMapUserPhysicalPages 0x20efc 0x15a
NtMapUserPhysicalPagesScatter 0x1f890 0x15b
NtMapViewOfSection 0x1fc40 0x15c
NtModifyBootEntry 0x20f18 0x15d
NtModifyDriverEntry 0x20f30 0x15e
NtNotifyChangeDirectoryFile 0x20f48 0x15f
NtNotifyChangeKey 0x20f60 0x160
NtNotifyChangeMultipleKeys 0x20f78 0x161
NtNotifyChangeSession 0x20f90 0x162
NtOpenDirectoryObject 0x200ec 0x163
NtOpenEnlistment 0x20fa8 0x164
NtOpenEvent 0x1fe98 0x165
NtOpenEventPair 0x20fc0 0x166
NtOpenFile 0x1fd54 0x167
NtOpenIoCompletion 0x20fd8 0x168
NtOpenJobObject 0x20ff0 0x169
NtOpenKey 0x1fa18 0x16a
NtOpenKeyEx 0x21008 0x16b
NtOpenKeyTransacted 0x21020 0x16c
NtOpenKeyTransactedEx 0x21038 0x16d
NtOpenKeyedEvent 0x21050 0x16e
NtOpenMutant 0x21068 0x16f
NtOpenObjectAuditAlarm 0x21080 0x170
NtOpenPrivateNamespace 0x21098 0x171
NtOpenProcess 0x1fc10 0x172
NtOpenProcessToken 0x210b0 0x173
NtOpenProcessTokenEx 0x1fd08 0x174
NtOpenResourceManager 0x210c8 0x175
NtOpenSection 0x1fdb8 0x176
NtOpenSemaphore 0x210e0 0x177
NtOpenSession 0x210f8 0x178
NtOpenSymbolicLinkObject 0x21110 0x179
NtOpenThread 0x21128 0x17a
NtOpenThreadToken 0x1fbe0 0x17b
NtOpenThreadTokenEx 0x1fcf0 0x17c
NtOpenTimer 0x21140 0x17d
NtOpenTransaction 0x21158 0x17e
NtOpenTransactionManager 0x21170 0x17f
NtPlugPlayControl 0x21188 0x180
NtPowerInformation 0x2019c 0x181
NtPrePrepareComplete 0x211a0 0x182
NtPrePrepareEnlistment 0x211b8 0x183
NtPrepareComplete 0x211d0 0x184
NtPrepareEnlistment 0x211e8 0x185
NtPrivilegeCheck 0x21200 0x186
NtPrivilegeObjectAuditAlarm 0x2121c 0x187
NtPrivilegedServiceAuditAlarm 0x21234 0x188
NtPropagationComplete 0x2124c 0x189
NtPropagationFailed 0x21264 0x18a
NtProtectVirtualMemory 0x20028 0x18b
NtPulseEvent 0x2127c 0x18c
NtQueryAttributesFile 0x1fe4c 0x18d
NtQueryBootEntryOrder 0x21298 0x18e
NtQueryBootOptions 0x212b0 0x18f
NtQueryDebugFilterState 0x212c8 0x190
NtQueryDefaultLocale 0x1fa64 0x191
NtQueryDefaultUILanguage 0x1fef8 0x192
NtQueryDirectoryFile 0x1fd88 0x193
NtQueryDirectoryObject 0x212e4 0x194
NtQueryDriverEntryOrder 0x212fc 0x195
NtQueryEaFile 0x21314 0x196
NtQueryEvent 0x200bc 0x197
NtQueryFullAttributesFile 0x2132c 0x198
NtQueryInformationAtom 0x21344 0x199
NtQueryInformationEnlistment 0x2135c 0x19a
NtQueryInformationFile 0x1fa00 0x19b
NtQueryInformationJobObject 0x21374 0x19c
NtQueryInformationPort 0x2138c 0x19d
NtQueryInformationProcess 0x1fac8 0x19e
NtQueryInformationResourceManager 0x213a4 0x19f
NtQueryInformationThread 0x1fbf8 0x1a0
NtQueryInformationToken 0x1fb98 0x1a1
NtQueryInformationTransaction 0x213bc 0x1a2
NtQueryInformationTransactionManager 0x213d4 0x1a3
NtQueryInformationWorkerFactory 0x213ec 0x1a4
NtQueryInstallUILanguage 0x21404 0x1a5
NtQueryIntervalProfile 0x21420 0x1a6
NtQueryIoCompletion 0x2143c 0x1a7
NtQueryKey 0x1fa80 0x1a8
NtQueryLicenseValue 0x21454 0x1a9
NtQueryMultipleValueKey 0x2146c 0x1aa
NtQueryMutant 0x21484 0x1ab
NtQueryObject 0x1f9e8 0x1ac
NtQueryOpenSubKeys 0x2149c 0x1ad
NtQueryOpenSubKeysEx 0x214b4 0x1ae
NtQueryPerformanceCounter 0x1fd20 0x1af
NtQueryPortInformationProcess 0x214cc 0x1b0
NtQueryQuotaInformationFile 0x214e8 0x1b1
NtQuerySection 0x20040 0x1b2
NtQuerySecurityAttributesToken 0x21500 0x1b3
NtQuerySecurityObject 0x21518 0x1b4
NtQuerySemaphore 0x21530 0x1b5
NtQuerySymbolicLinkObject 0x21548 0x1b6
NtQuerySystemEnvironmentValue 0x21560 0x1b7
NtQuerySystemEnvironmentValueEx 0x21578 0x1b8
NtQuerySystemInformation 0x1fda0 0x1b9
NtQuerySystemInformationEx 0x21590 0x1ba
NtQuerySystemTime 0x2011c 0x1bb
NtQueryTimer 0x1fdd0 0x1bc
NtQueryTimerResolution 0x215a8 0x1bd
NtQueryValueKey 0x1fa98 0x1be
NtQueryVirtualMemory 0x1fbc8 0x1bf
NtQueryVolumeInformationFile 0x1ff7c 0x1c0
NtQueueApcThread 0x1ff14 0x1c1
NtQueueApcThreadEx 0x215c4 0x1c2
NtRaiseException 0x215dc 0x1c3
NtRaiseHardError 0x215f4 0x1c4
NtReadFile 0x1f8e0 0x1c5
NtReadFileScatter 0x1fcd4 0x1c6
NtReadOnlyEnlistment 0x2160c 0x1c7
NtReadRequestData 0x2008c 0x1c8
NtReadVirtualMemory 0x1fe80 0x1c9
NtRecoverEnlistment 0x21624 0x1ca
NtRecoverResourceManager 0x2163c 0x1cb
NtRecoverTransactionManager 0x21654 0x1cc
NtRegisterProtocolAddressInformation 0x2166c 0x1cd
NtRegisterThreadTerminatePort 0x21684 0x1ce
NtReleaseKeyedEvent 0x216a0 0x1cf
NtReleaseMutant 0x1fb7c 0x1d0
NtReleaseSemaphore 0x1f950 0x1d1
NtReleaseWorkerFactoryWorker 0x216bc 0x1d2
NtRemoveIoCompletion 0x1f934 0x1d3
NtRemoveIoCompletionEx 0x216d4 0x1d4
NtRemoveProcessDebug 0x216ec 0x1d5
NtRenameKey 0x21708 0x1d6
NtRenameTransactionManager 0x21720 0x1d7
NtReplaceKey 0x21738 0x1d8
NtReplacePartitionUnit 0x21750 0x1d9
NtReplyPort 0x1f984 0x1da
NtReplyWaitReceivePort 0x1f96c 0x1db
NtReplyWaitReceivePortEx 0x1fc88 0x1dc
NtReplyWaitReplyPort 0x21768 0x1dd
NtRequestPort 0x21780 0x1de
NtRequestWaitReplyPort 0x1fbb0 0x1df
NtResetEvent 0x21798 0x1e0
NtResetWriteWatch 0x217b4 0x1e1
NtRestoreKey 0x217d0 0x1e2
NtResumeProcess 0x217e8 0x1e3
NtResumeThread 0x20058 0x1e4
NtRollbackComplete 0x21804 0x1e5
NtRollbackEnlistment 0x2181c 0x1e6
NtRollbackTransaction 0x21834 0x1e7
NtRollforwardTransactionManager 0x2184c 0x1e8
NtSaveKey 0x21864 0x1e9
NtSaveKeyEx 0x2187c 0x1ea
NtSaveMergedKeys 0x21894 0x1eb
NtSecureConnectPort 0x218b0 0x1ec
NtSerializeBoot 0x218c8 0x1ed
NtSetBootEntryOrder 0x218e0 0x1ee
NtSetBootOptions 0x218f8 0x1ef
NtSetContextThread 0x21910 0x1f0
NtSetDebugFilterState 0x21928 0x1f1
NtSetDefaultHardErrorPort 0x21944 0x1f2
NtSetDefaultLocale 0x21960 0x1f3
NtSetDefaultUILanguage 0x2197c 0x1f4
NtSetDriverEntryOrder 0x21998 0x1f5
NtSetEaFile 0x219b0 0x1f6
NtSetEvent 0x1f9b4 0x1f7
NtSetEventBoostPriority 0x1fcb8 0x1f8
NtSetHighEventPair 0x219c8 0x1f9
NtSetHighWaitLowEventPair 0x219e4 0x1fa
NtSetInformationDebugObject 0x21a00 0x1fb
NtSetInformationEnlistment 0x21a18 0x1fc
NtSetInformationFile 0x1fc28 0x1fd
NtSetInformationJobObject 0x21a30 0x1fe
NtSetInformationKey 0x21a48 0x1ff
NtSetInformationObject 0x20154 0x200
NtSetInformationProcess 0x1fb18 0x201
NtSetInformationResourceManager 0x21a60 0x202
NtSetInformationThread 0x1f99c 0x203
NtSetInformationToken 0x21a78 0x204
NtSetInformationTransaction 0x21a90 0x205
NtSetInformationTransactionManager 0x21aa8 0x206
NtSetInformationWorkerFactory 0x21ac0 0x207
NtSetIntervalProfile 0x21ad8 0x208
NtSetIoCompletion 0x21af4 0x209
NtSetIoCompletionEx 0x21b0c 0x20a
NtSetLdtEntries 0x21b24 0x20b
NtSetLowEventPair 0x21b3c 0x20c
NtSetLowWaitHighEventPair 0x21b58 0x20d
NtSetQuotaInformationFile 0x21b74 0x20e
NtSetSecurityObject 0x21b8c 0x20f
NtSetSystemEnvironmentValue 0x21ba4 0x210
NtSetSystemEnvironmentValueEx 0x21bbc 0x211
NtSetSystemInformation 0x21bd4 0x212
NtSetSystemPowerState 0x21bec 0x213
NtSetSystemTime 0x21c04 0x214
NtSetThreadExecutionState 0x21c20 0x215
NtSetTimer 0x201e8 0x216
NtSetTimerEx 0x21c3c 0x217
NtSetTimerResolution 0x21c54 0x218
NtSetUuidSeed 0x21c70 0x219
NtSetValueKey 0x201b4 0x21a
NtSetVolumeInformationFile 0x21c8c 0x21b
NtShutdownSystem 0x21ca4 0x21c
NtShutdownWorkerFactory 0x21cc0 0x21d
NtSignalAndWaitForSingleObject 0x21cd8 0x21e
NtSinglePhaseReject 0x21cf4 0x21f
NtStartProfile 0x21d0c 0x220
NtStopProfile 0x21d28 0x221
NtSuspendProcess 0x21d44 0x222
NtSuspendThread 0x21d60 0x223
NtSystemDebugControl 0x21d7c 0x224
NtTerminateJobObject 0x21d94 0x225
NtTerminateProcess 0x1fca0 0x226
NtTerminateThread 0x20074 0x227
NtTestAlert 0x21db0 0x228
NtThawRegistry 0x21dcc 0x229
NtThawTransactions 0x21de4 0x22a
NtTraceControl 0x21dfc 0x22b
NtTraceEvent 0x20184 0x22c
NtTranslateFilePath 0x21e14 0x22d
NtUmsThreadYield 0x21e30 0x22e
NtUnloadDriver 0x21e48 0x22f
NtUnloadKey 0x21e60 0x231
NtUnloadKey2 0x21e78 0x230
NtUnloadKeyEx 0x21e90 0x232
NtUnlockFile 0x21ea8 0x233
NtUnlockVirtualMemory 0x21ec0 0x234
NtUnmapViewOfSection 0x1fc70 0x235
NtVdmControl 0x21ed8 0x236
NtWaitForDebugEvent 0x21ef0 0x237
NtWaitForKeyedEvent 0x21f08 0x238
NtWaitForMultipleObjects 0x20138 0x23a
NtWaitForMultipleObjects32 0x1fae0 0x239
NtWaitForSingleObject 0x1f8ac 0x23b
NtWaitForWorkViaWorkerFactory 0x21f24 0x23c
NtWaitHighEventPair 0x21f3c 0x23d
NtWaitLowEventPair 0x21f58 0x23e
NtWorkerFactoryWorkerReady 0x21f74 0x23f
NtWow64CallFunction64 0x2213c 0x240
NtWow64CsrAllocateCaptureBuffer 0x21fd4 0x241
NtWow64CsrAllocateMessagePointer 0x22004 0x242
NtWow64CsrCaptureMessageBuffer 0x2201c 0x243
NtWow64CsrCaptureMessageString 0x22034 0x244
NtWow64CsrClientCallServer 0x21fbc 0x245
NtWow64CsrClientConnectToServer 0x21f8c 0x246
NtWow64CsrFreeCaptureBuffer 0x21fec 0x247
NtWow64CsrGetProcessId 0x2204c 0x248
NtWow64CsrIdentifyAlertableThread 0x21fa4 0x249
NtWow64CsrVerifyRegion 0x22064 0x24a
NtWow64DebuggerCall 0x2207c 0x24b
NtWow64GetCurrentProcessorNumberEx 0x22094 0x24c
NtWow64GetNativeSystemInformation 0x220ac 0x24d
NtWow64InterlockedPopEntrySList 0x220c4 0x24e
NtWow64QueryInformationProcess64 0x220dc 0x24f
NtWow64QueryVirtualMemory64 0x22124 0x250
NtWow64ReadVirtualMemory64 0x220f4 0x251
NtWow64WriteVirtualMemory64 0x2210c 0x252
NtWriteFile 0x1f918 0x253
NtWriteFileGather 0x1fafc 0x254
NtWriteRequestData 0x200d4 0x255
NtWriteVirtualMemory 0x1fe04 0x256
NtYieldExecution 0x1ff2c 0x257
NtdllDefWindowProc_A 0x424e0 0x258
NtdllDefWindowProc_W 0x325dd 0x259
NtdllDialogWndProc_A 0x7aa9d 0x25a
NtdllDialogWndProc_W 0x64100 0x25b
PfxFindPrefix 0xb1562 0x25c
PfxInitialize 0xb1215 0x25d
PfxInsertPrefix 0xb146f 0x25e
PfxRemovePrefix 0xb1237 0x25f
RtlAbortRXact 0xb1684 0x260
RtlAbsoluteToSelfRelativeSD 0x656ae 0x261
RtlAcquirePebLock 0x37f47 0x262
RtlAcquirePrivilege 0x49a6d 0x263
RtlAcquireReleaseSRWLockExclusive 0xa8293 0x264
RtlAcquireResourceExclusive 0x5a355 0x265
RtlAcquireResourceShared 0x4c294 0x266
RtlAcquireSRWLockExclusive 0x329f1 0x267
RtlAcquireSRWLockShared 0x32560 0x268
RtlActivateActivationContext 0x64c86 0x269
RtlActivateActivationContextEx 0x64cc7 0x26a
RtlActivateActivationContextUnsafeFast 0x221f1 0x9
RtlAddAccessAllowedAce 0x42e50 0x26b
RtlAddAccessAllowedAceEx 0x4a01b 0x26c
RtlAddAccessAllowedObjectAce 0xb5098 0x26d
RtlAddAccessDeniedAce 0x72836 0x26e
RtlAddAccessDeniedAceEx 0xb5002 0x26f
RtlAddAccessDeniedObjectAce 0xb50e5 0x270
RtlAddAce 0x6db5e 0x271
RtlAddActionToRXact 0xb185a 0x272
RtlAddAtomToAtomTable 0x650a2 0x273
RtlAddAttributeActionToRXact 0xb16c6 0x274
RtlAddAuditAccessAce 0xb5026 0x275
RtlAddAuditAccessAceEx 0xb505d 0x276
RtlAddAuditAccessObjectAce 0xb5133 0x277
RtlAddCompoundAce 0xb4dbd 0x278
RtlAddIntegrityLabelToBoundaryDescriptor 0xb53cf 0x279
RtlAddMandatoryAce 0x68c1f 0x27a
RtlAddRefActivationContext 0x2f622 0x27b
RtlAddRefMemoryStream 0x5230f 0x27c
RtlAddSIDToBoundaryDescriptor 0x6ae93 0x27d
RtlAddVectoredContinueHandler 0x637e1 0x27e
RtlAddVectoredExceptionHandler 0x7742b 0x27f
RtlAddressInSectionTable 0x43866 0x280
RtlAdjustPrivilege 0xb1f40 0x281
RtlAllocateActivationContextStack 0x39f73 0x282
RtlAllocateAndInitializeSid 0x393e2 0x283
RtlAllocateHandle 0x38200 0x284
RtlAllocateHeap 0x2e026 0x285
RtlAllocateMemoryBlockLookaside 0xf00a0 0x286
RtlAllocateMemoryZone 0xf0010 0x287
RtlAnsiCharToUnicodeChar 0x2f91a 0x288
RtlAnsiStringToUnicodeSize 0xb6262 0x289
RtlAnsiStringToUnicodeString 0x2e6b5 0x28a
RtlAppendAsciizToString 0xb68a1 0x28b
RtlAppendPathElement 0x9f2ac 0x28c
RtlAppendStringToString 0xb6901 0x28d
RtlAppendUnicodeStringToString 0x3855f 0x28e
RtlAppendUnicodeToString 0x38626 0x28f
RtlApplicationVerifierStop 0xa77a7 0x290
RtlApplyRXact 0xb1d13 0x291
RtlApplyRXactNoFlush 0xb1d90 0x292
RtlAreAllAccessesGranted 0xb2324 0x293
RtlAreAnyAccessesGranted 0xb2340 0x294
RtlAreBitsClear 0xb70e6 0x295
RtlAreBitsSet 0x5931d 0x296
RtlAssert 0xb755f 0x297
RtlBarrier 0xb7662 0x298
RtlBarrierForDelete 0xb7774 0x299
RtlCancelTimer 0xe0638 0x29a
RtlCaptureContext 0x46b2b 0x29b
RtlCaptureStackBackTrace 0x64f8f 0x29c
RtlCaptureStackContext 0xb7a36 0x29d
RtlCharToInteger 0x7a1d8 0x29e
RtlCheckForOrphanedCriticalSections 0x64a2b 0x29f
RtlCheckRegistryKey 0xb7f24 0x2a0
RtlCleanUpTEBLangLists 0x5d5fa 0x2a1
RtlClearAllBits 0x6de3b 0x2a2
RtlClearBits 0x592cd 0x2a3
RtlCloneMemoryStream 0xa1aae 0x2a4
RtlCloneUserProcess 0xae60b 0x2a5
RtlCmDecodeMemIoResource 0xbd434 0x2a6
RtlCmEncodeMemIoResource 0xbd240 0x2a7
RtlCommitDebugInfo 0xa36e7 0x2a8
RtlCommitMemoryStream 0xa1aae 0x2a9
RtlCompactHeap 0x4cb4d 0x2aa
RtlCompareAltitudes 0xbfb2a 0x2ab
RtlCompareMemory 0x63b00 0x2ac
RtlCompareMemoryUlong 0x63b50 0x2ad
RtlCompareString 0xb67b8 0x2ae
RtlCompareUnicodeString 0x384b7 0x2af
RtlCompareUnicodeStrings 0x38299 0x2b0
RtlCompressBuffer 0xbfd75 0x2b1
RtlComputeCrc32 0xbffc1 0x2b2
RtlComputeImportTableHash 0xac90d 0x2b3
RtlComputePrivatizedDllName_U 0xa1807 0x2b4
RtlConnectToSm 0xc03fd 0x2b5
RtlConsoleMultiByteToUnicodeN 0xb0c35 0x2b6
RtlContractHashTable 0xc0ccc 0x2b7
RtlConvertExclusiveToShared 0xa228b 0x2b8
RtlConvertLCIDToString 0xb9b8f 0x2b9
RtlConvertLongToLargeInteger 0x4273e 0x2ba
RtlConvertSharedToExclusive 0x6e065 0x2bb
RtlConvertSidToUnicodeString 0x3aec2 0x2bc
RtlConvertToAutoInheritSecurityObject 0xa3043 0x2bd
RtlConvertUiListToApiList 0xa335a 0x2be
RtlConvertUlongToLargeInteger 0x42746 0x2bf
RtlCopyContext 0xc15e6 0x2c0
RtlCopyExtendedContext 0xc15c4 0x2c1
RtlCopyLuid 0xb2297 0x2c2
RtlCopyLuidAndAttributesArray 0xb22b5 0x2c3
RtlCopyMappedMemory 0xc1a44 0x2c4
RtlCopyMemoryStreamTo 0xa1ac8 0x2c5
RtlCopyOutOfProcessMemoryStreamTo 0xa1ac8 0x2c6
RtlCopySecurityDescriptor 0xa2bc8 0x2c7
RtlCopySid 0x392e7 0x2c8
RtlCopySidAndAttributesArray 0xb1ffc 0x2c9
RtlCopyString 0x4e597 0x2ca
RtlCopyUnicodeString 0x385cb 0x2cb
RtlCreateAcl 0x42d21 0x2cc
RtlCreateActivationContext 0x58aff 0x2cd
RtlCreateAndSetSD 0xa2d13 0x2ce
RtlCreateAtomTable 0x587fe 0x2cf
RtlCreateBootStatusDataFile 0xc1c72 0x2d0
RtlCreateBoundaryDescriptor 0x686f1 0x2d1
RtlCreateEnvironment 0xc1dfe 0x2d2
RtlCreateEnvironmentEx 0x4d3a3 0x2d3
RtlCreateHashTable 0xc0dba 0x2d4
RtlCreateHeap 0x40249 0x2d5
RtlCreateMemoryBlockLookaside 0x6b3b9 0x2d6
RtlCreateMemoryZone 0x6b2b8 0x2d7
RtlCreateProcessParameters 0xae7ab 0x2d8
RtlCreateProcessParametersEx 0x4bd9b 0x2d9
RtlCreateProcessReflection 0xa1d35 0x2da
RtlCreateQueryDebugBuffer 0x72745 0x2db
RtlCreateRegistryKey 0xb7f5a 0x2dc
RtlCreateSecurityDescriptor 0x42c94 0x2dd
RtlCreateServiceSid 0x6abe4 0x2de
RtlCreateSystemVolumeInformationFolder 0xc26ef 0x2df
RtlCreateTagHeap 0x50c24 0x2e0
RtlCreateTimer 0x6d248 0x2e1
RtlCreateTimerQueue 0x6d172 0x2e2
RtlCreateUnicodeString 0x5bdee 0x2e3
RtlCreateUnicodeStringFromAsciiz 0x383fc 0x2e4
RtlCreateUserProcess 0xae561 0x2e5
RtlCreateUserSecurityObject 0xa2fca 0x2e6
RtlCreateUserStack 0x70f4f 0x2e7
RtlCreateUserThread 0xae5d1 0x2e8
RtlCreateVirtualAccountSid 0xb2090 0x2e9
RtlCultureNameToLCID 0x5a503 0x2ea
RtlCustomCPToUnicodeN 0xaffff 0x2eb
RtlCutoverTimeToSystemTime 0x748b0 0x2ec
RtlDeCommitDebugInfo 0xa3726 0x2ed
RtlDeNormalizeProcessParams 0xae128 0x2ee
RtlDeactivateActivationContext 0x64ae8 0x2ef
RtlDeactivateActivationContextUnsafeFast 0x22159 0xa
RtlDebugPrintTimes 0xe0508 0x2f0
RtlDecodePointer 0x39d35 0x2f1
RtlDecodeSystemPointer 0x3ad98 0x2f2
RtlDecompressBuffer 0xbfded 0x2f3
RtlDecompressFragment 0xbfe55 0x2f4
RtlDefaultNpAcl 0xa3053 0x2f5
RtlDelete 0x4a22a 0x2f6
RtlDeleteAce 0x636b0 0x2f7
RtlDeleteAtomFromAtomTable 0x65255 0x2f8
RtlDeleteBarrier 0xb794d 0x2f9
RtlDeleteBoundaryDescriptor 0x2e66d 0x2fa
RtlDeleteCriticalSection 0x345f5 0x2fb
RtlDeleteElementGenericTable 0x4a168 0x2fc
RtlDeleteElementGenericTableAvl 0x6d9e1 0x2fd
RtlDeleteHashTable 0xc0880 0x2fe
RtlDeleteNoSplay 0xc2947 0x2ff
RtlDeleteRegistryValue 0xb7f90 0x300
RtlDeleteResource 0x593d9 0x301
RtlDeleteSecurityObject 0x6f159 0x302
RtlDeleteTimer 0x6cd46 0x303
RtlDeleteTimerQueue 0xe0510 0x304
RtlDeleteTimerQueueEx 0x74226 0x305
RtlDeregisterSecureMemoryCacheCallback 0xc2ddb 0x306
RtlDeregisterWait 0xe0663 0x307
RtlDeregisterWaitEx 0x71a30 0x308
RtlDestroyAtomTable 0xb51ca 0x309
RtlDestroyEnvironment 0x4ed9a 0x30a
RtlDestroyHandleTable 0x595a0 0x30b
RtlDestroyHeap 0x49d8e 0x30c
RtlDestroyMemoryBlockLookaside 0x6c33e 0x30d
RtlDestroyMemoryZone 0x6c2c3 0x30e
RtlDestroyProcessParameters 0x4bc52 0x30f
RtlDestroyQueryDebugBuffer 0x73380 0x310
RtlDetectHeapLeaks 0x590cb 0x311
RtlDetermineDosPathNameType_U 0x3a639 0x312
RtlDisableThreadProfiling 0x9f030 0x313
RtlDllShutdownInProgress 0x3260a 0x314
RtlDnsHostNameToComputerName 0xb66fb 0x315
RtlDoesFileExists_U 0x57ecd 0x316
RtlDosApplyFileIsolationRedirection_Ustr 0x2ef8a 0x317
RtlDosPathNameToNtPathName_U 0x5ce41 0x318
RtlDosPathNameToNtPathName_U_WithStatus 0x41660 0x319
RtlDosPathNameToRelativeNtPathName_U 0x4163a 0x31a
RtlDosPathNameToRelativeNtPathName_U_WithStatus 0x3a921 0x31b
RtlDosSearchPath_U 0x9f56a 0x31c
RtlDosSearchPath_Ustr 0x45fdf 0x31d
RtlDowncaseUnicodeChar 0xb61e0 0x31e
RtlDowncaseUnicodeString 0x488c8 0x31f
RtlDumpResource 0xa22da 0x320
RtlDuplicateUnicodeString 0x484d9 0x321
RtlEmptyAtomTable 0xb5281 0x322
RtlEnableEarlyCriticalSectionEventCreation 0xa2357 0x323
RtlEnableThreadProfiling 0x9ef5f 0x324
RtlEncodePointer 0x40fcb 0x325
RtlEncodeSystemPointer 0x3e058 0x326
RtlEndEnumerationHashTable 0xc0b18 0x327
RtlEndWeakEnumerationHashTable 0xc0b6d 0x328
RtlEnlargedIntegerMultiply 0x4251c 0x329
RtlEnlargedUnsignedDivide 0x42534 0x32a
RtlEnlargedUnsignedMultiply 0x42528 0x32b
RtlEnterCriticalSection 0x222b0 0x32c
RtlEnumProcessHeaps 0xbda9a 0x32d
RtlEnumerateEntryHashTable 0xc0a98 0x32e
RtlEnumerateGenericTable 0xc2a56 0x32f
RtlEnumerateGenericTableAvl 0x6d6ae 0x330
RtlEnumerateGenericTableLikeADirectory 0xc2c8e 0x331
RtlEnumerateGenericTableWithoutSplaying 0x5939e 0x332
RtlEnumerateGenericTableWithoutSplayingAvl 0x6d9a2 0x333
RtlEqualComputerName 0xb66ee 0x334
RtlEqualDomainName 0xb6691 0x335
RtlEqualLuid 0xb226e 0x336
RtlEqualPrefixSid 0x6f105 0x337
RtlEqualSid 0x394b1 0x338
RtlEqualString 0x61dcc 0x339
RtlEqualUnicodeString 0x2e7f3 0x33a
RtlEraseUnicodeString 0xb1f09 0x33b
RtlEthernetAddressToStringA 0xc3cbc 0x33c
RtlEthernetAddressToStringW 0xc3cff 0x33d
RtlEthernetStringToAddressA 0xc4124 0x33e
RtlEthernetStringToAddressW 0xc4247 0x33f
RtlExitUserProcess 0x58de8 0x340
RtlExitUserThread 0x5d598 0x341
RtlExpandEnvironmentStrings 0x3ac00 0x342
RtlExpandEnvironmentStrings_U 0x5c9e7 0x343
RtlExpandHashTable 0xc0b7a 0x344
RtlExtendMemoryBlockLookaside 0xb5fc8 0x345
RtlExtendMemoryZone 0xb60e3 0x346
RtlExtendedIntegerMultiply 0x42642 0x347
RtlExtendedLargeIntegerDivide 0x42554 0x348
RtlExtendedMagicDivide 0x425b2 0x349
RtlFillMemory 0x63b80 0x34a
RtlFillMemoryUlong 0x63bf0 0x34b
RtlFillMemoryUlonglong 0x63bc0 0x34c
RtlFinalReleaseOutOfProcessMemoryStream 0xa1a8c 0x34d
RtlFindAceByType 0x6f45a 0x34e
RtlFindActivationContextSectionGuid 0x63ecb 0x34f
RtlFindActivationContextSectionString 0x2ec78 0x350
RtlFindCharInUnicodeString 0x2fb37 0x351
RtlFindClearBits 0x3e7e9 0x352
RtlFindClearBitsAndSet 0x3e8bd 0x353
RtlFindClearRuns 0xb6c5e 0x354
RtlFindClosestEncodableLength 0xbd4af 0x355
RtlFindLastBackwardRunClear 0xb7300 0x356
RtlFindLeastSignificantBit 0xb747b 0x357
RtlFindLongestRunClear 0xb6f8d 0x358
RtlFindMessage 0x4abd8 0x359
RtlFindMostSignificantBit 0xb73d0 0x35a
RtlFindNextForwardRunClear 0xb7176 0x35b
RtlFindSetBits 0xb6983 0x35c
RtlFindSetBitsAndClear 0xb7514 0x35d
RtlFirstEntrySList 0x32718 0x35e
RtlFirstFreeAce 0x42be8 0x35f
RtlFlsAlloc 0x3ea63 0x360
RtlFlsFree 0x5941a 0x361
RtlFlushSecureMemoryCache 0xc2f17 0x362
RtlFormatCurrentUserKeyPath 0x3b141 0x363
RtlFormatMessage 0xc437d 0x364
RtlFormatMessageEx 0x4a851 0x365
RtlFreeActivationContextStack 0x5d484 0x366
RtlFreeAnsiString 0x2e126 0x367
RtlFreeHandle 0x38242 0x368
RtlFreeHeap 0x2df85 0x369
RtlFreeMemoryBlockLookaside 0xf0080 0x36a
RtlFreeOemString 0x9ecca 0x36b
RtlFreeSid 0x393b2 0x36c
RtlFreeThreadActivationContextStack 0x5d460 0x36d
RtlFreeUnicodeString 0x2e126 0x36e
RtlFreeUserStack 0x6e710 0x36f
RtlGUIDFromString 0x4b755 0x370
RtlGenerate8dot3Name 0xc4754 0x371
RtlGetAce 0x5cde6 0x372
RtlGetActiveActivationContext 0x3bd84 0x373
RtlGetCallersAddress 0xb7b3b 0x374
RtlGetCompressionWorkSpaceSize 0xbfd0b 0x375
RtlGetControlSecurityDescriptor 0x64225 0x376
RtlGetCriticalSectionRecursionCount 0xa21b0 0x377
RtlGetCurrentDirectory_U 0x6103d 0x378
RtlGetCurrentPeb 0x3a1cc 0x379
RtlGetCurrentProcessorNumber 0x71e1d 0x37a
RtlGetCurrentProcessorNumberEx 0x32a31 0x37b
RtlGetCurrentTransaction 0x37ff5 0x37c
RtlGetDaclSecurityDescriptor 0x5aa5a 0x37d
RtlGetElementGenericTable 0xc29c7 0x37e
RtlGetElementGenericTableAvl 0xc2ba8 0x37f
RtlGetEnabledExtendedFeatures 0xc4c27 0x380
RtlGetExtendedContextLength 0xc1816 0x381
RtlGetExtendedFeaturesMask 0xc189d 0x382
RtlGetFileMUIPath 0xbbd63 0x383
RtlGetFrame 0x9faba 0x384
RtlGetFullPathName_U 0x5b3e9 0x385
RtlGetFullPathName_UEx 0x3ad15 0x386
RtlGetFullPathName_UstrEx 0x3aaf4 0x387
RtlGetGroupSecurityDescriptor 0x65d13 0x388
RtlGetIntegerAtom 0x423cf 0x389
RtlGetLastNtStatus 0xc4c46 0x38a
RtlGetLastWin32Error 0x5dbcd 0x38b
RtlGetLengthWithoutLastFullDosOrNtPathElement 0x58910 0x38c
RtlGetLengthWithoutTrailingPathSeperators 0x9f485 0x38d
RtlGetLocaleFileMappingAddress 0x513ff 0x38e
RtlGetLongestNtPathLength 0x5cdce 0x38f
RtlGetNativeSystemInformation 0x220ac 0x390
RtlGetNextEntryHashTable 0xc0a07 0x391
RtlGetNtGlobalFlags 0x37dd1 0x392
RtlGetNtProductType 0x38802 0x393
RtlGetNtVersionNumbers 0x52085 0x394
RtlGetOwnerSecurityDescriptor 0x65ccc 0x395
RtlGetParentLocaleName 0x569fd 0x396
RtlGetProcessHeaps 0x76096 0x397
RtlGetProcessPreferredUILanguages 0xb9849 0x398
RtlGetProductInfo 0x4b014 0x399
RtlGetSaclSecurityDescriptor 0x4a03f 0x39a
RtlGetSecurityDescriptorRMControl 0xb2a3f 0x39b
RtlGetSetBootStatusData 0xc1b6d 0x39c
RtlGetSystemPreferredUILanguages 0xba6e5 0x39d
RtlGetThreadErrorMode 0x72108 0x39e
RtlGetThreadLangIdByIndex 0xb8b58 0x39f
RtlGetThreadPreferredUILanguages 0x4f97c 0x3a0
RtlGetUILanguageInfo 0xbb696 0x3a1
RtlGetUnloadEventTrace 0xa003f 0x3a2
RtlGetUnloadEventTraceEx 0x726f5 0x3a3
RtlGetUserInfoHeap 0x67c71 0x3a4
RtlGetUserPreferredUILanguages 0xbc5b3 0x3a5
RtlGetVersion 0x3873a 0x3a6
RtlHashUnicodeString 0x2ee72 0x3a7
RtlHeapTrkInitialize 0xc5fe2 0x3a8
RtlIdentifierAuthoritySid 0x7a8cd 0x3a9
RtlIdnToAscii 0x70bd5 0x3aa
RtlIdnToNameprepUnicode 0xc6e35 0x3ab
RtlIdnToUnicode 0xc6e59 0x3ac
RtlImageDirectoryEntryToData 0x2f546 0x3ad
RtlImageNtHeader 0x33164 0x3ae
RtlImageNtHeaderEx 0x2f495 0x3af
RtlImageRvaToSection 0x43898 0x3b0
RtlImageRvaToVa 0xb54c5 0x3b1
RtlImpersonateSelf 0x7242f 0x3b2
RtlImpersonateSelfEx 0x72449 0x3b3
RtlInitAnsiString 0x2e1d0 0x3b4
RtlInitAnsiStringEx 0x2f79b 0x3b5
RtlInitBarrier 0xb78d4 0x3b6
RtlInitCodePageTable 0x5272e 0x3b7
RtlInitEnumerationHashTable 0xc0a4d 0x3b8
RtlInitMemoryStream 0xa1a8c 0x3b9
RtlInitNlsTables 0x526fd 0x3ba
RtlInitOutOfProcessMemoryStream 0xa1a8c 0x3bb
RtlInitString 0x2e198 0x3bc
RtlInitUnicodeString 0x2e208 0x3bd
RtlInitUnicodeStringEx 0x37d73 0x3be
RtlInitWeakEnumerationHashTable 0xc0b4d 0x3bf
RtlInitializeAtomPackage 0x5230f 0x3c0
RtlInitializeBitMap 0x329d5 0x3c1
RtlInitializeConditionVariable 0x38456 0x3c2
RtlInitializeContext 0xc6ffa 0x3c3
RtlInitializeCriticalSection 0x32c42 0x3c4
RtlInitializeCriticalSectionAndSpinCount 0x325e8 0x3c5
RtlInitializeCriticalSectionEx 0x347a6 0x3c6
RtlInitializeExceptionChain 0x39e6f 0x3c7
RtlInitializeExtendedContext 0xc1728 0x3c8
RtlInitializeGenericTable 0x3ff97 0x3c9
RtlInitializeGenericTableAvl 0x6b5ed 0x3ca
RtlInitializeHandleTable 0x4f5df 0x3cb
RtlInitializeNtUserPfn 0x53812 0x3cc
RtlInitializeRXact 0xb1a2f 0x3cd
RtlInitializeResource 0x5a20e 0x3ce
RtlInitializeSListHead 0x394a4 0x3cf
RtlInitializeSRWLock 0x38456 0x3d0
RtlInitializeSid 0x40f5a 0x3d1
RtlInsertElementGenericTable 0x4939a 0x3d2
RtlInsertElementGenericTableAvl 0x6b636 0x3d3
RtlInsertElementGenericTableFull 0x493cc 0x3d4
RtlInsertElementGenericTableFullAvl 0x6b669 0x3d5
RtlInsertEntryHashTable 0xc0917 0x3d6
RtlInt64ToUnicodeString 0xb7e4d 0x3d7
RtlIntegerToChar 0x389f4 0x3d8
RtlIntegerToUnicodeString 0x38aad 0x3d9
RtlInterlockedClearBitRun 0x76ae9 0x3da
RtlInterlockedCompareExchange64 0x32740 0x3db
RtlInterlockedFlushSList 0x32775 0x3dc
RtlInterlockedPopEntrySList 0x34770 0x3dd
RtlInterlockedPushEntrySList 0x34757 0x3de
RtlInterlockedPushListSList 0x326f0 0xb
RtlInterlockedSetBitRun 0xb726d 0x3df
RtlIoDecodeMemIoResource 0xbd376 0x3e0
RtlIoEncodeMemIoResource 0xbcf8e 0x3e1
RtlIpv4AddressToStringA 0xc3be5 0x3e2
RtlIpv4AddressToStringExA 0xc3c1e 0x3e3
RtlIpv4AddressToStringExW 0x4bb8f 0x3e4
RtlIpv4AddressToStringW 0x4bc16 0x3e5
RtlIpv4StringToAddressA 0x4c411 0x3e6
RtlIpv4StringToAddressExA 0xc3f86 0x3e7
RtlIpv4StringToAddressExW 0x4c51d 0x3e8
RtlIpv4StringToAddressW 0x4b900 0x3e9
RtlIpv6AddressToStringA 0xc38ed 0x3ea
RtlIpv6AddressToStringExA 0xc3b06 0x3eb
RtlIpv6AddressToStringExW 0x4d200 0x3ec
RtlIpv6AddressToStringW 0x4d10b 0x3ed
RtlIpv6StringToAddressA 0x4c855 0x3ee
RtlIpv6StringToAddressExA 0xc3d45 0x3ef
RtlIpv6StringToAddressExW 0x4b9ae 0x3f0
RtlIpv6StringToAddressW 0x4ba09 0x3f1
RtlIsActivationContextActive 0xac1e2 0x3f2
RtlIsCriticalSectionLocked 0xa2194 0x3f3
RtlIsCriticalSectionLockedByThread 0x45734 0x3f4
RtlIsCurrentThreadAttachExempt 0x39a32 0x3f5
RtlIsDosDeviceName_U 0x3a942 0x3f6
RtlIsGenericTableEmpty 0x4bcb5 0x3f7
RtlIsGenericTableEmptyAvl 0xc2b8f 0x3f8
RtlIsNameInExpression 0xc7973 0x3f9
RtlIsNameLegalDOS8Dot3 0xc45da 0x3fa
RtlIsNormalizedString 0xc8a72 0x3fb
RtlIsTextUnicode 0x4a26d 0x3fc
RtlIsThreadWithinLoaderCallout 0x4241f 0x3fd
RtlIsValidHandle 0x381cb 0x3fe
RtlIsValidIndexHandle 0x424af 0x3ff
RtlIsValidLocaleName 0xc529b 0x400
RtlKnownExceptionFilter 0x72120 0x401
RtlLCIDToCultureName 0x4feff 0x402
RtlLargeIntegerAdd 0x42508 0x403
RtlLargeIntegerArithmeticShift 0x426ea 0x404
RtlLargeIntegerDivide 0xc8dee 0x405
RtlLargeIntegerNegate 0x42716 0x406
RtlLargeIntegerShiftLeft 0x4269a 0x407
RtlLargeIntegerShiftRight 0x426c2 0x408
RtlLargeIntegerSubtract 0x4272a 0x409
RtlLargeIntegerToChar 0xb7b85 0x40a
RtlLcidToLocaleName 0x4f816 0x40b
RtlLeaveCriticalSection 0x22270 0x40c
RtlLengthRequiredSid 0x3938f 0x40d
RtlLengthSecurityDescriptor 0x65d84 0x40e
RtlLengthSid 0x3931b 0x40f
RtlLoadString 0x43dc3 0x410
RtlLocalTimeToSystemTime 0xb11a0 0x411
RtlLocaleNameToLcid 0x565b1 0x412
RtlLocateExtendedFeature 0xc1916 0x413
RtlLocateLegacyContext 0xc1412 0x414
RtlLockBootStatusData 0xc1a66 0x415
RtlLockCurrentThread 0xc8f31 0x416
RtlLockHeap 0x3814c 0x417
RtlLockMemoryBlockLookaside 0xb5fe4 0x418
RtlLockMemoryStreamRegion 0xa1ac8 0x419
RtlLockMemoryZone 0x66e11 0x41a
RtlLockModuleSection 0x66ee3 0x41b
RtlLogStackBackTrace 0xc984f 0x41c
RtlLookupAtomInAtomTable 0x43059 0x41d
RtlLookupElementGenericTable 0x4a104 0x41e
RtlLookupElementGenericTableAvl 0x6b6ee 0x41f
RtlLookupElementGenericTableFull 0x4a125 0x420
RtlLookupElementGenericTableFullAvl 0x6b70f 0x421
RtlLookupEntryHashTable 0xc09c3 0x422
RtlMakeSelfRelativeSD 0x654f3 0x423
RtlMapGenericMask 0x6f0b5 0x424
RtlMapSecurityErrorToNtStatus 0xb2b14 0x425
RtlMoveMemory 0x63c40 0x426
RtlMultiAppendUnicodeStringBuffer 0x5a858 0x427
RtlMultiByteToUnicodeN 0x2e545 0x428
RtlMultiByteToUnicodeSize 0x7a0da 0x429
RtlMultipleAllocateHeap 0xbf04f 0x42a
RtlMultipleFreeHeap 0xbf0cc 0x42b
RtlNewInstanceSecurityObject 0xa2a32 0x42c
RtlNewSecurityGrantedAccess 0xa2aa8 0x42d
RtlNewSecurityObject 0x7807e 0x42e
RtlNewSecurityObjectEx 0x6fda5 0x42f
RtlNewSecurityObjectWithMultipleInheritance 0xa25ff 0x430
RtlNormalizeProcessParams 0x52254 0x431
RtlNormalizeString 0x65743 0x432
RtlNtPathNameToDosPathName 0x4eb6b 0x433
RtlNtStatusToDosError 0x361ed 0x434
RtlNtStatusToDosErrorNoTeb 0x3622c 0x435
RtlNumberGenericTableElements 0x5938a 0x436
RtlNumberGenericTableElementsAvl 0xc2c7a 0x437
RtlNumberOfClearBits 0xb70c7 0x438
RtlNumberOfSetBits 0xb6fc4 0x439
RtlNumberOfSetBitsUlongPtr 0xc987f 0x43a
RtlOemStringToUnicodeSize 0xb6262 0x43b
RtlOemStringToUnicodeString 0x6b955 0x43c
RtlOemToUnicodeN 0x6b85b 0x43d
RtlOpenCurrentUser 0x5b06f 0x43e
RtlOwnerAcesPresent 0xb2a27 0x43f
RtlPcToFileHeader 0x40093 0x440
RtlPinAtomInAtomTable 0xb532e 0x441
RtlPopFrame 0x9fa9a 0x442
RtlPrefixString 0x6e0b4 0x443
RtlPrefixUnicodeString 0x42799 0x444
RtlProcessFlsData 0x399a7 0x445
RtlProtectHeap 0xbd5a7 0x446
RtlPushFrame 0x9fa77 0x447
RtlQueryActivationContextApplicationSettings 0x53a09 0x448
RtlQueryAtomInAtomTable 0x6781c 0x449
RtlQueryCriticalSectionOwner 0xa247a 0x44a
RtlQueryDepthSList 0x3471c 0x44b
RtlQueryDynamicTimeZoneInformation 0xb81d5 0x44c
RtlQueryElevationFlags 0x4bc78 0x44d
RtlQueryEnvironmentVariable 0x396ef 0x44e
RtlQueryEnvironmentVariable_U 0x39953 0x44f
RtlQueryHeapInformation 0x736e5 0x450
RtlQueryInformationAcl 0x66965 0x451
RtlQueryInformationActivationContext 0x3b988 0x452
RtlQueryInformationActiveActivationContext 0x423fa 0x453
RtlQueryInterfaceMemoryStream 0xa1ad5 0x454
RtlQueryModuleInformation 0xae7de 0x455
RtlQueryPerformanceCounter 0x38884 0x456
RtlQueryPerformanceFrequency 0x3882c 0x457
RtlQueryProcessBackTraceInformation 0xa38a8 0x458
RtlQueryProcessDebugInformation 0x7348c 0x459
RtlQueryProcessHeapInformation 0xa3e77 0x45a
RtlQueryProcessLockInformation 0xa3bf9 0x45b
RtlQueryRegistryValues 0x74b60 0x45c
RtlQuerySecurityObject 0xa2660 0x45d
RtlQueryTagHeap 0xbd94f 0x45e
RtlQueryThreadProfiling 0x9f07a 0x45f
RtlQueryTimeZoneInformation 0x76edf 0x460
RtlQueueApcWow64Thread 0xa7bd3 0x461
RtlQueueWorkItem 0x680a6 0x462
RtlRaiseException 0x46e68 0x463
RtlRaiseStatus 0x46ea5 0x464
RtlRandom 0xc98c3 0x465
RtlRandomEx 0x401e3 0x466
RtlReAllocateHeap 0x41f6e 0x467
RtlReadMemoryStream 0xa1a94 0x468
RtlReadOutOfProcessMemoryStream 0xa1a94 0x469
RtlReadThreadProfilingData 0x9f099 0x46a
RtlRealPredecessor 0xc290a 0x46b
RtlRealSuccessor 0x4a192 0x46c
RtlRegisterSecureMemoryCacheCallback 0xc2d5d 0x46d
RtlRegisterThreadWithCsrss 0x3a1f2 0x46e
RtlRegisterWait 0x70852 0x46f
RtlReleaseActivationContext 0x3bb43 0x470
RtlReleaseMemoryStream 0x5230f 0x471
RtlReleasePebLock 0x37f5e 0x472
RtlReleasePrivilege 0x49c1c 0x473
RtlReleaseRelativeName 0x3a901 0x474
RtlReleaseResource 0x5a2d9 0x475
RtlReleaseSRWLockExclusive 0x329ab 0x476
RtlReleaseSRWLockShared 0x325a9 0x477
RtlRemoteCall 0xc70b6 0x478
RtlRemoveEntryHashTable 0xc097d 0x479
RtlRemovePrivileges 0xb218a 0x47a
RtlRemoveVectoredContinueHandler 0xa5ed2 0x47b
RtlRemoveVectoredExceptionHandler 0x75f41 0x47c
RtlReplaceSidInSd 0xb3037 0x47d
RtlReportException 0xa850f 0x47e
RtlReportSilentProcessExit 0x58d1d 0x47f
RtlReportSqmEscalation 0xa877d 0x480
RtlResetMemoryBlockLookaside 0xb604f 0x481
RtlResetMemoryZone 0xb619f 0x482
RtlResetRtlTranslations 0x523ad 0x483
RtlRestoreLastWin32Error 0x222ef 0x484
RtlRetrieveNtUserPfn 0x5aabd 0x485
RtlRevertMemoryStream 0xa1abb 0x486
RtlRunDecodeUnicodeString 0xb1ec8 0x487
RtlRunEncodeUnicodeString 0xb1e4e 0x488
RtlRunOnceBeginInitialize 0x37e1b 0x489
RtlRunOnceComplete 0x3bfe5 0x48a
RtlRunOnceExecuteOnce 0x37de3 0x48b
RtlRunOnceInitialize 0x38456 0x48c
RtlSecondsSince1970ToTime 0xb112d 0x48d
RtlSecondsSince1980ToTime 0xb10f6 0x48e
RtlSeekMemoryStream 0xa1aa1 0x48f
RtlSelfRelativeToAbsoluteSD 0x78261 0x491
RtlSelfRelativeToAbsoluteSD2 0xb1db0 0x490
RtlSendMsgToSm 0xc0664 0x492
RtlSetAllBits 0xb6955 0x493
RtlSetAttributesSecurityDescriptor 0xb32ef 0x494
RtlSetBits 0x3e8f0 0x495
RtlSetControlSecurityDescriptor 0xb22e4 0x496
RtlSetCriticalSectionSpinCount 0x394e7 0x497
RtlSetCurrentDirectory_U 0x4920f 0x498
RtlSetCurrentEnvironment 0xc1e23 0x499
RtlSetCurrentTransaction 0x38026 0x49a
RtlSetDaclSecurityDescriptor 0x42cc2 0x49b
RtlSetDynamicTimeZoneInformation 0xb81ba 0x49c
RtlSetEnvironmentStrings 0xc1e9a 0x49d
RtlSetEnvironmentVar 0x5090a 0x49e
RtlSetEnvironmentVariable 0x50b4b 0x49f
RtlSetExtendedFeaturesMask 0xc1482 0x4a0
RtlSetGroupSecurityDescriptor 0x42ec1 0x4a1
RtlSetHeapInformation 0x610d5 0x4a2
RtlSetInformationAcl 0xb4cd6 0x4a3
RtlSetIoCompletionCallback 0x78a7e 0x4a4
RtlSetLastWin32Error 0x222ef 0x4a5
RtlSetLastWin32ErrorAndNtStatusFromNtStatus 0x5c74e 0x4a6
RtlSetMemoryStreamSize 0xa1ad5 0x4a7
RtlSetOwnerSecurityDescriptor 0x42e73 0x4a8
RtlSetProcessDebugInformation 0xa377e 0x4a9
RtlSetProcessIsCritical 0xc4b59 0x4aa
RtlSetProcessPreferredUILanguages 0xbb52a 0x4ab
RtlSetSaclSecurityDescriptor 0x49fbc 0x4ac
RtlSetSecurityDescriptorRMControl 0xb2aa6 0x4ad
RtlSetSecurityObject 0xa260f 0x4ae
RtlSetSecurityObjectEx 0xa2637 0x4af
RtlSetThreadErrorMode 0x4a7be 0x4b0
RtlSetThreadIsCritical 0xc4bc0 0x4b1
RtlSetThreadPoolStartFunc 0x51bf7 0x4b2
RtlSetThreadPreferredUILanguages 0x4d6b7 0x4b3
RtlSetTimeZoneInformation 0xb819f 0x4b4
RtlSetTimer 0xe0653 0x4b5
RtlSetUnhandledExceptionFilter 0x50b8a 0x4b6
RtlSetUserCallbackExceptionFilter 0x522f4 0x4b7
RtlSetUserFlagsHeap 0xbd709 0x4b8
RtlSetUserValueHeap 0x5cff2 0x4b9
RtlSidDominates 0xb2f7d 0x4ba
RtlSidEqualLevel 0xb2efd 0x4bb
RtlSidHashInitialize 0xb2bff 0x4bc
RtlSidHashLookup 0xb2c84 0x4bd
RtlSidIsHigherLevel 0xb2e7d 0x4be
RtlSizeHeap 0x33002 0x4bf
RtlSleepConditionVariableCS 0xa7f2b 0x4c0
RtlSleepConditionVariableSRW 0xa8028 0x4c1
RtlSplay 0x4a0eb 0x4c2
RtlStartRXact 0xb162b 0x4c3
RtlStatMemoryStream 0xa1ad5 0x4c4
RtlStringFromGUID 0x48610 0x4c5
RtlSubAuthorityCountSid 0x5b0dd 0x4c6
RtlSubAuthoritySid 0x40f42 0x4c7
RtlSubtreePredecessor 0x4b524 0x4c8
RtlSubtreeSuccessor 0xc28e7 0x4c9
RtlSystemTimeToLocalTime 0xb1164 0x4ca
RtlTestBit 0x661cb 0x4cb
RtlTimeFieldsToTime 0x608ca 0x4cc
RtlTimeToElapsedTimeFields 0xb108f 0x4cd
RtlTimeToSecondsSince1970 0x4c4ca 0x4ce
RtlTimeToSecondsSince1980 0x538c4 0x4cf
RtlTimeToTimeFields 0x60535 0x4d0
RtlTraceDatabaseAdd 0xc9eb8 0x4d1
RtlTraceDatabaseCreate 0xc9b4a 0x4d2
RtlTraceDatabaseDestroy 0xc9c4f 0x4d3
RtlTraceDatabaseEnumerate 0xc9abd 0x4d4
RtlTraceDatabaseFind 0xc9d02 0x4d5
RtlTraceDatabaseLock 0xc9e98 0x4d6
RtlTraceDatabaseUnlock 0xc9ea8 0x4d7
RtlTraceDatabaseValidate 0xc9cb8 0x4d8
RtlTryAcquirePebLock 0x64654 0x4d9
RtlTryAcquireSRWLockExclusive 0x44892 0x4da
RtlTryAcquireSRWLockShared 0xa8162 0x4db
RtlTryEnterCriticalSection 0x32500 0x4dc
RtlUTF8ToUnicodeN 0x62b6c 0x4dd
RtlUlongByteSwap 0x7d3e0 0xc
RtlUlonglongByteSwap 0x7d3f0 0xd
RtlUnhandledExceptionFilter 0xc8dd3 0x4df
RtlUnhandledExceptionFilter2 0xc8ade 0x4de
RtlUnicodeStringToAnsiSize 0xb623d 0x4e0
RtlUnicodeStringToAnsiString 0x36ac8 0x4e1
RtlUnicodeStringToCountedOemString 0xb6471 0x4e2
RtlUnicodeStringToInteger 0x5cb1e 0x4e3
RtlUnicodeStringToOemSize 0xb623d 0x4e4
RtlUnicodeStringToOemString 0x6ba27 0x4e5
RtlUnicodeToCustomCPN 0xb01e7 0x4e6
RtlUnicodeToMultiByteN 0x3692e 0x4e7
RtlUnicodeToMultiByteSize 0x5c9bc 0x4e8
RtlUnicodeToOemN 0x5f86d 0x4e9
RtlUnicodeToUTF8N 0x62d08 0x4ea
RtlUniform 0x52bd3 0x4eb
RtlUnlockBootStatusData 0xc1b27 0x4ec
RtlUnlockCurrentThread 0xc8fc5 0x4ed
RtlUnlockHeap 0x380ee 0x4ee
RtlUnlockMemoryBlockLookaside 0xb6095 0x4ef
RtlUnlockMemoryStreamRegion 0xa1ac8 0x4f0
RtlUnlockMemoryZone 0x67093 0x4f1
RtlUnlockModuleSection 0x67127 0x4f2
RtlUnwind 0x46d39 0x4f3
RtlUpcaseUnicodeChar 0x2e819 0x4f4
RtlUpcaseUnicodeString 0x5b49f 0x4f5
RtlUpcaseUnicodeStringToAnsiString 0xb6289 0x4f6
RtlUpcaseUnicodeStringToCountedOemString 0xb6581 0x4f7
RtlUpcaseUnicodeStringToOemString 0xb6370 0x4f8
RtlUpcaseUnicodeToCustomCPN 0xb0397 0x4f9
RtlUpcaseUnicodeToMultiByteN 0x490bd 0x4fa
RtlUpcaseUnicodeToOemN 0xaf678 0x4fb
RtlUpdateClonedCriticalSection 0xa2325 0x4fc
RtlUpdateClonedSRWLock 0xa8273 0x4fd
RtlUpdateTimer 0xe0528 0x4fe
RtlUpperChar 0x61e48 0x4ff
RtlUpperString 0xb685b 0x500
RtlUserThreadStart 0x101c4 0x501
RtlUshortByteSwap 0x7d3d0 0xe
RtlValidAcl 0x42c23 0x502
RtlValidRelativeSecurityDescriptor 0x75793 0x503
RtlValidSecurityDescriptor 0x65e16 0x504
RtlValidSid 0x39292 0x505
RtlValidateHeap 0x4ccfd 0x506
RtlValidateProcessHeaps 0xbf46e 0x507
RtlValidateUnicodeString 0x2fc50 0x508
RtlVerifyVersionInfo 0x792fa 0x509
RtlWakeAllConditionVariable 0x6409d 0x50a
RtlWakeConditionVariable 0xa7de4 0x50b
RtlWalkFrameChain 0x6500a 0x50c
RtlWalkHeap 0xbe17a 0x50d
RtlWeaklyEnumerateEntryHashTable 0xc0b5d 0x50e
RtlWerpReportException 0x73ac6 0x50f
RtlWow64CallFunction64 0xa7be3 0x510
RtlWow64EnableFsRedirection 0xa7bf3 0x511
RtlWow64EnableFsRedirectionEx 0x6431a 0x512
RtlWow64LogMessageInEventLogger 0xae4a3 0x513
RtlWriteMemoryStream 0xa1a94 0x514
RtlWriteRegistryValue 0xb7ec5 0x515
RtlZeroHeap 0xb5871 0x516
RtlZeroMemory 0x63c10 0x517
RtlZombifyActivationContext 0xac027 0x518
RtlpApplyLengthFunction 0x5889d 0x519
RtlpCheckDynamicTimeZoneInformation 0x75075 0x51a
RtlpCleanupRegistryKeys 0xba2dd 0x51b
RtlpConvertCultureNamesToLCIDs 0xb9fa8 0x51c
RtlpConvertLCIDsToCultureNames 0xb9d5e 0x51d
RtlpCreateProcessRegistryInfo 0x380b7 0x51e
RtlpEnsureBufferSize 0x62aed 0x51f
RtlpGetLCIDFromLangInfoNode 0xb90d8 0x520
RtlpGetNameFromLangInfoNode 0x53b78 0x521
RtlpGetSystemDefaultUILanguage 0x5649d 0x522
RtlpGetUserOrMachineUILanguage4NLS 0xca597 0x523
RtlpInitializeLangRegistryInfo 0x54a3d 0x524
RtlpIsQualifiedLanguage 0xb990b 0x525
RtlpLoadMachineUIByPolicy 0xcbfe9 0x526
RtlpLoadUserUIByPolicy 0x54035 0x527
RtlpMuiFreeLangRegistryInfo 0xcbb52 0x528
RtlpMuiRegCreateRegistryInfo 0x53fd9 0x529
RtlpMuiRegFreeRegistryInfo 0x54265 0x52a
RtlpMuiRegLoadRegistryInfo 0x54ac3 0x52b
RtlpNotOwnerCriticalSection 0xa236d 0x52c
RtlpNtCreateKey 0xcc9f7 0x52d
RtlpNtEnumerateSubKey 0xccb2e 0x52e
RtlpNtMakeTemporaryKey 0xccb1e 0x52f
RtlpNtOpenKey 0xcc9d2 0x530
RtlpNtQueryValueKey 0xcca24 0x531
RtlpNtSetValueKey 0xccaf2 0x532
RtlpQueryDefaultUILanguage 0x5be87 0x533
RtlpQueryProcessDebugInformationRemote 0xa356a 0x534
RtlpRefreshCachedUILanguage 0xcafb0 0x535
RtlpSetInstallLanguage 0xbca8a 0x536
RtlpSetPreferredUILanguages 0xbaaad 0x537
RtlpSetUserPreferredUILanguages 0xbaaad 0x538
RtlpUnWaitCriticalSection 0x38e7c 0x539
RtlpVerifyAndCommitUILanguageSettings 0xba148 0x53a
RtlpWaitForCriticalSection 0xa21d9 0x53b
RtlxAnsiStringToUnicodeSize 0xb6262 0x53c
RtlxOemStringToUnicodeSize 0xb6262 0x53d
RtlxUnicodeStringToAnsiSize 0xb623d 0x53e
RtlxUnicodeStringToOemSize 0xb623d 0x53f
SbExecuteProcedure 0xe0c9d 0x540
SbSelectProcedure 0x3a9ee 0x541
ShipAssert 0xa8b96 0x542
ShipAssertGetBufferInfo 0xa8c85 0x543
ShipAssertMsgA 0xa8c6c 0x544
ShipAssertMsgW 0xa8c6c 0x545
TpAllocAlpcCompletion 0xdebaf 0x546
TpAllocAlpcCompletionEx 0x65afc 0x547
TpAllocCleanupGroup 0x6853e 0x548
TpAllocIoCompletion 0x480cc 0x549
TpAllocPool 0x5304e 0x54a
TpAllocTimer 0x59f47 0x54b
TpAllocWait 0x6c7f8 0x54c
TpAllocWork 0x6c5b6 0x54d
TpAlpcRegisterCompletionList 0xded41 0x54e
TpAlpcUnregisterCompletionList 0xdef7a 0x54f
TpCallbackIndependent 0x44fcd 0x550
TpCallbackLeaveCriticalSectionOnCompletion 0xdfcbc 0x551
TpCallbackMayRunLong 0x6e162 0x552
TpCallbackReleaseMutexOnCompletion 0xdfba0 0x553
TpCallbackReleaseSemaphoreOnCompletion 0xdfa70 0x554
TpCallbackSetEventOnCompletion 0xdf955 0x555
TpCallbackUnloadDllOnCompletion 0xdfde8 0x556
TpCancelAsyncIoOperation 0x6d77e 0x557
TpCaptureCaller 0x4248d 0x558
TpCheckTerminateWorker 0x39ac8 0x559
TpDbgDumpHeapUsage 0xdff79 0x55a
TpDbgGetFreeInfo 0xdff1b 0x55b
TpDbgSetLogRoutine 0xdff05 0x55c
TpDisablePoolCallbackChecks 0x55fa2 0x55d
TpDisassociateCallback 0x45e2f 0x55e
TpIsTimerSet 0x3951b 0x55f
TpPoolFreeUnusedNodes 0xdf4a0 0x560
TpPostWork 0x78491 0x561
TpQueryPoolStackInformation 0xdf216 0x562
TpReleaseAlpcCompletion 0x6dc5b 0x563
TpReleaseCleanupGroup 0x6d54d 0x564
TpReleaseCleanupGroupMembers 0x7401c 0x565
TpReleaseIoCompletion 0x6d41c 0x566
TpReleasePool 0x474e9 0x567
TpReleaseTimer 0x6c381 0x568
TpReleaseWait 0x6ca24 0x569
TpReleaseWork 0x6d8e2 0x56a
TpSetDefaultPoolMaxThreads 0xdf335 0x56b
TpSetDefaultPoolStackInformation 0xdf396 0x56c
TpSetPoolMaxThreads 0x6d019 0x56d
TpSetPoolMinThreads 0x6cf79 0x56e
TpSetPoolStackInformation 0x55f6c 0x56f
TpSetTimer 0x4441c 0x570
TpSetWait 0x505d7 0x571
TpSimpleTryPost 0x6656e 0x572
TpStartAsyncIoOperation 0x6b532 0x573
TpWaitForAlpcCompletion 0xdebd3 0x574
TpWaitForIoCompletion 0x6d6d3 0x575
TpWaitForTimer 0x6c50e 0x576
TpWaitForWait 0x6c985 0x577
TpWaitForWork 0x6d843 0x578
VerSetConditionMask 0x792b9 0x579
WerReportSQMEvent 0xa94a1 0x57a
WinSqmAddToAverageDWORD 0xaaa85 0x57b
WinSqmAddToStream 0x7638e 0x57c
WinSqmAddToStreamEx 0x6bb14 0x57d
WinSqmCheckEscalationAddToStreamEx 0xa9f56 0x57e
WinSqmCheckEscalationSetDWORD 0xa9c7a 0x580
WinSqmCheckEscalationSetDWORD64 0xa9d41 0x57f
WinSqmCheckEscalationSetString 0xa9e0b 0x581
WinSqmCommonDatapointDelete 0xa9ac1 0x582
WinSqmCommonDatapointSetDWORD 0xa9a4b 0x584
WinSqmCommonDatapointSetDWORD64 0xa9a86 0x583
WinSqmCommonDatapointSetStreamEx 0xaa2c2 0x585
WinSqmCommonDatapointSetString 0xaa206 0x586
WinSqmEndSession 0x767c8 0x587
WinSqmEventEnabled 0x60cd1 0x588
WinSqmEventWrite 0x60d36 0x589
WinSqmGetEscalationRuleStatus 0xaa088 0x58a
WinSqmGetInstrumentationProperty 0xaa11e 0x58b
WinSqmIncrementDWORD 0x60eb5 0x58c
WinSqmIsOptedIn 0x59b58 0x58d
WinSqmIsOptedInEx 0x59b65 0x58e
WinSqmSetDWORD 0x684ce 0x590
WinSqmSetDWORD64 0xaa915 0x58f
WinSqmSetEscalationInfo 0xa99d2 0x591
WinSqmSetIfMaxDWORD 0x71e98 0x592
WinSqmSetIfMinDWORD 0xaaabd 0x593
WinSqmSetString 0xaa6bc 0x594
WinSqmStartSession 0x7688d 0x595
ZwAcceptConnectPort 0x20200 0x596
ZwAccessCheck 0x20218 0x597
ZwAccessCheckAndAuditAlarm 0x1fc58 0x598
ZwAccessCheckByType 0x20230 0x599
ZwAccessCheckByTypeAndAuditAlarm 0x20104 0x59a
ZwAccessCheckByTypeResultList 0x20248 0x59b
ZwAccessCheckByTypeResultListAndAuditAlarm 0x20260 0x59c
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 0x20278 0x59d
ZwAddAtom 0x1ff48 0x59e
ZwAddBootEntry 0x20290 0x59f
ZwAddDriverEntry 0x202a8 0x5a0
ZwAdjustGroupsToken 0x202c0 0x5a1
ZwAdjustPrivilegesToken 0x1feb0 0x5a2
ZwAlertResumeThread 0x202d8 0x5a3
ZwAlertThread 0x202f4 0x5a4
ZwAllocateLocallyUniqueId 0x20310 0x5a5
ZwAllocateReserveObject 0x2032c 0x5a6
ZwAllocateUserPhysicalPages 0x20344 0x5a7
ZwAllocateUuids 0x2035c 0x5a8
ZwAllocateVirtualMemory 0x1fab0 0x5a9
ZwAlpcAcceptConnectPort 0x20378 0x5aa
ZwAlpcCancelMessage 0x20390 0x5ab
ZwAlpcConnectPort 0x203a8 0x5ac
ZwAlpcCreatePort 0x203c0 0x5ad
ZwAlpcCreatePortSection 0x203d8 0x5ae
ZwAlpcCreateResourceReserve 0x203f0 0x5af
ZwAlpcCreateSectionView 0x20408 0x5b0
ZwAlpcCreateSecurityContext 0x20420 0x5b1
ZwAlpcDeletePortSection 0x20438 0x5b2
ZwAlpcDeleteResourceReserve 0x20450 0x5b3
ZwAlpcDeleteSectionView 0x20468 0x5b4
ZwAlpcDeleteSecurityContext 0x20480 0x5b5
ZwAlpcDisconnectPort 0x20498 0x5b6
ZwAlpcImpersonateClientOfPort 0x204b0 0x5b7
ZwAlpcOpenSenderProcess 0x204c8 0x5b8
ZwAlpcOpenSenderThread 0x204e0 0x5b9
ZwAlpcQueryInformation 0x204f8 0x5ba
ZwAlpcQueryInformationMessage 0x20510 0x5bb
ZwAlpcRevokeSecurityContext 0x20528 0x5bc
ZwAlpcSendWaitReceivePort 0x20540 0x5bd
ZwAlpcSetInformation 0x20558 0x5be
ZwApphelpCacheControl 0x1ffc4 0x5bf
ZwAreMappedFilesTheSame 0x20570 0x5c0
ZwAssignProcessToJobObject 0x2058c 0x5c1
ZwCallbackReturn 0x1f8c8 0x5c2
ZwCancelIoFile 0x2016c 0x5c3
ZwCancelIoFileEx 0x205a8 0x5c4
ZwCancelSynchronousIoFile 0x205c0 0x5c5
ZwCancelTimer 0x201cc 0x5c6
ZwClearEvent 0x1fe64 0x5c7
ZwClose 0x1f9d0 0x5c8
ZwCloseObjectAuditAlarm 0x1fe1c 0x5c9
ZwCommitComplete 0x205d8 0x5ca
ZwCommitEnlistment 0x205f0 0x5cb
ZwCommitTransaction 0x20608 0x5cc
ZwCompactKeys 0x20620 0x5cd
ZwCompareTokens 0x20638 0x5ce
ZwCompleteConnectPort 0x20650 0x5cf
ZwCompressKey 0x20668 0x5d0
ZwConnectPort 0x20684 0x5d1
ZwContinue 0x1fee0 0x5d2
ZwCreateDebugObject 0x2069c 0x5d3
ZwCreateDirectoryObject 0x206b4 0x5d4
ZwCreateEnlistment 0x206cc 0x5d5
ZwCreateEvent 0x1ff64 0x5d6
ZwCreateEventPair 0x206e4 0x5d7
ZwCreateFile 0x200a4 0x5d8
ZwCreateIoCompletion 0x206fc 0x5d9
ZwCreateJobObject 0x20714 0x5da
ZwCreateJobSet 0x2072c 0x5db
ZwCreateKey 0x1fb30 0x5dc
ZwCreateKeyTransacted 0x20744 0x5dd
ZwCreateKeyedEvent 0x2075c 0x5de
ZwCreateMailslotFile 0x20774 0x5df
ZwCreateMutant 0x2078c 0x5e0
ZwCreateNamedPipeFile 0x207a4 0x5e1
ZwCreatePagingFile 0x207bc 0x5e2
ZwCreatePort 0x207d4 0x5e3
ZwCreatePrivateNamespace 0x207ec 0x5e4
ZwCreateProcess 0x20804 0x5e5
ZwCreateProcessEx 0x1ffdc 0x5e6
ZwCreateProfile 0x2081c 0x5e7
ZwCreateProfileEx 0x20834 0x5e8
ZwCreateResourceManager 0x2084c 0x5e9
ZwCreateSection 0x1ff94 0x5ea
ZwCreateSemaphore 0x20864 0x5eb
ZwCreateSymbolicLinkObject 0x2087c 0x5ec
ZwCreateThread 0x1fff4 0x5ed
ZwCreateThreadEx 0x20894 0x5ee
ZwCreateTimer 0x208ac 0x5ef
ZwCreateToken 0x208c4 0x5f0
ZwCreateTransaction 0x208dc 0x5f1
ZwCreateTransactionManager 0x208f4 0x5f2
ZwCreateUserProcess 0x2090c 0x5f3
ZwCreateWaitablePort 0x20924 0x5f4
ZwCreateWorkerFactory 0x2093c 0x5f5
ZwDebugActiveProcess 0x20954 0x5f6
ZwDebugContinue 0x20970 0x5f7
ZwDelayExecution 0x1fd6c 0x5f8
ZwDeleteAtom 0x20988 0x5f9
ZwDeleteBootEntry 0x209a4 0x5fa
ZwDeleteDriverEntry 0x209bc 0x5fb
ZwDeleteFile 0x209d4 0x5fc
ZwDeleteKey 0x209ec 0x5fd
ZwDeleteObjectAuditAlarm 0x20a04 0x5fe
ZwDeletePrivateNamespace 0x20a1c 0x5ff
ZwDeleteValueKey 0x20a34 0x600
ZwDeviceIoControlFile 0x1f8fc 0x601
ZwDisableLastKnownGood 0x20a4c 0x602
ZwDisplayString 0x20a64 0x603
ZwDrawText 0x20a7c 0x604
ZwDuplicateObject 0x1fe34 0x605
ZwDuplicateToken 0x1fec8 0x606
ZwEnableLastKnownGood 0x20a94 0x607
ZwEnumerateBootEntries 0x20aac 0x608
ZwEnumerateDriverEntries 0x20ac4 0x609
ZwEnumerateKey 0x1fd3c 0x60a
ZwEnumerateSystemEnvironmentValuesEx 0x20adc 0x60b
ZwEnumerateTransactionObject 0x20af4 0x60c
ZwEnumerateValueKey 0x1fa30 0x60d
ZwExtendSection 0x20b0c 0x60e
ZwFilterToken 0x20b24 0x60f
ZwFindAtom 0x1fa48 0x610
ZwFlushBuffersFile 0x1ffac 0x611
ZwFlushInstallUILanguage 0x20b3c 0x612
ZwFlushInstructionCache 0x20b54 0x613
ZwFlushKey 0x20b70 0x614
ZwFlushProcessWriteBuffers 0x20b8c 0x615
ZwFlushVirtualMemory 0x20ba4 0x616
ZwFlushWriteBuffer 0x20bbc 0x617
ZwFreeUserPhysicalPages 0x20bd8 0x618
ZwFreeVirtualMemory 0x1fb48 0x619
ZwFreezeRegistry 0x20bf0 0x61a
ZwFreezeTransactions 0x20c08 0x61b
ZwFsControlFile 0x1fde8 0x61c
ZwGetContextThread 0x20c20 0x61d
ZwGetCurrentProcessorNumber 0x20c38 0x61e
ZwGetDevicePowerState 0x20c54 0x61f
ZwGetMUIRegistryInfo 0x20c70 0x620
ZwGetNextProcess 0x20c88 0x621
ZwGetNextThread 0x20ca0 0x622
ZwGetNlsSectionPtr 0x20cb8 0x623
ZwGetNotificationResourceManager 0x20cd0 0x624
ZwGetPlugPlayEvent 0x20ce8 0x625
ZwGetWriteWatch 0x20d00 0x626
ZwImpersonateAnonymousToken 0x20d18 0x627
ZwImpersonateClientOfPort 0x1fb60 0x628
ZwImpersonateThread 0x20d34 0x629
ZwInitializeNlsFiles 0x20d4c 0x62a
ZwInitializeRegistry 0x20d64 0x62b
ZwInitiatePowerAction 0x20d7c 0x62c
ZwIsProcessInJob 0x2000c 0x62d
ZwIsSystemResumeAutomatic 0x20d98 0x62e
ZwIsUILanguageComitted 0x20db4 0x62f
ZwListenPort 0x20dcc 0x630
ZwLoadDriver 0x20de4 0x631
ZwLoadKey 0x20dfc 0x633
ZwLoadKey2 0x20e14 0x632
ZwLoadKeyEx 0x20e2c 0x634
ZwLockFile 0x20e44 0x635
ZwLockProductActivationKeys 0x20e5c 0x636
ZwLockRegistryKey 0x20e78 0x637
ZwLockVirtualMemory 0x20e94 0x638
ZwMakePermanentObject 0x20eac 0x639
ZwMakeTemporaryObject 0x20ec8 0x63a
ZwMapCMFModule 0x20ee4 0x63b
ZwMapUserPhysicalPages 0x20efc 0x63c
ZwMapUserPhysicalPagesScatter 0x1f890 0x63d
ZwMapViewOfSection 0x1fc40 0x63e
ZwModifyBootEntry 0x20f18 0x63f
ZwModifyDriverEntry 0x20f30 0x640
ZwNotifyChangeDirectoryFile 0x20f48 0x641
ZwNotifyChangeKey 0x20f60 0x642
ZwNotifyChangeMultipleKeys 0x20f78 0x643
ZwNotifyChangeSession 0x20f90 0x644
ZwOpenDirectoryObject 0x200ec 0x645
ZwOpenEnlistment 0x20fa8 0x646
ZwOpenEvent 0x1fe98 0x647
ZwOpenEventPair 0x20fc0 0x648
ZwOpenFile 0x1fd54 0x649
ZwOpenIoCompletion 0x20fd8 0x64a
ZwOpenJobObject 0x20ff0 0x64b
ZwOpenKey 0x1fa18 0x64c
ZwOpenKeyEx 0x21008 0x64d
ZwOpenKeyTransacted 0x21020 0x64e
ZwOpenKeyTransactedEx 0x21038 0x64f
ZwOpenKeyedEvent 0x21050 0x650
ZwOpenMutant 0x21068 0x651
ZwOpenObjectAuditAlarm 0x21080 0x652
ZwOpenPrivateNamespace 0x21098 0x653
ZwOpenProcess 0x1fc10 0x654
ZwOpenProcessToken 0x210b0 0x655
ZwOpenProcessTokenEx 0x1fd08 0x656
ZwOpenResourceManager 0x210c8 0x657
ZwOpenSection 0x1fdb8 0x658
ZwOpenSemaphore 0x210e0 0x659
ZwOpenSession 0x210f8 0x65a
ZwOpenSymbolicLinkObject 0x21110 0x65b
ZwOpenThread 0x21128 0x65c
ZwOpenThreadToken 0x1fbe0 0x65d
ZwOpenThreadTokenEx 0x1fcf0 0x65e
ZwOpenTimer 0x21140 0x65f
ZwOpenTransaction 0x21158 0x660
ZwOpenTransactionManager 0x21170 0x661
ZwPlugPlayControl 0x21188 0x662
ZwPowerInformation 0x2019c 0x663
ZwPrePrepareComplete 0x211a0 0x664
ZwPrePrepareEnlistment 0x211b8 0x665
ZwPrepareComplete 0x211d0 0x666
ZwPrepareEnlistment 0x211e8 0x667
ZwPrivilegeCheck 0x21200 0x668
ZwPrivilegeObjectAuditAlarm 0x2121c 0x669
ZwPrivilegedServiceAuditAlarm 0x21234 0x66a
ZwPropagationComplete 0x2124c 0x66b
ZwPropagationFailed 0x21264 0x66c
ZwProtectVirtualMemory 0x20028 0x66d
ZwPulseEvent 0x2127c 0x66e
ZwQueryAttributesFile 0x1fe4c 0x66f
ZwQueryBootEntryOrder 0x21298 0x670
ZwQueryBootOptions 0x212b0 0x671
ZwQueryDebugFilterState 0x212c8 0x672
ZwQueryDefaultLocale 0x1fa64 0x673
ZwQueryDefaultUILanguage 0x1fef8 0x674
ZwQueryDirectoryFile 0x1fd88 0x675
ZwQueryDirectoryObject 0x212e4 0x676
ZwQueryDriverEntryOrder 0x212fc 0x677
ZwQueryEaFile 0x21314 0x678
ZwQueryEvent 0x200bc 0x679
ZwQueryFullAttributesFile 0x2132c 0x67a
ZwQueryInformationAtom 0x21344 0x67b
ZwQueryInformationEnlistment 0x2135c 0x67c
ZwQueryInformationFile 0x1fa00 0x67d
ZwQueryInformationJobObject 0x21374 0x67e
ZwQueryInformationPort 0x2138c 0x67f
ZwQueryInformationProcess 0x1fac8 0x680
ZwQueryInformationResourceManager 0x213a4 0x681
ZwQueryInformationThread 0x1fbf8 0x682
ZwQueryInformationToken 0x1fb98 0x683
ZwQueryInformationTransaction 0x213bc 0x684
ZwQueryInformationTransactionManager 0x213d4 0x685
ZwQueryInformationWorkerFactory 0x213ec 0x686
ZwQueryInstallUILanguage 0x21404 0x687
ZwQueryIntervalProfile 0x21420 0x688
ZwQueryIoCompletion 0x2143c 0x689
ZwQueryKey 0x1fa80 0x68a
ZwQueryLicenseValue 0x21454 0x68b
ZwQueryMultipleValueKey 0x2146c 0x68c
ZwQueryMutant 0x21484 0x68d
ZwQueryObject 0x1f9e8 0x68e
ZwQueryOpenSubKeys 0x2149c 0x68f
ZwQueryOpenSubKeysEx 0x214b4 0x690
ZwQueryPerformanceCounter 0x1fd20 0x691
ZwQueryPortInformationProcess 0x214cc 0x692
ZwQueryQuotaInformationFile 0x214e8 0x693
ZwQuerySection 0x20040 0x694
ZwQuerySecurityAttributesToken 0x21500 0x695
ZwQuerySecurityObject 0x21518 0x696
ZwQuerySemaphore 0x21530 0x697
ZwQuerySymbolicLinkObject 0x21548 0x698
ZwQuerySystemEnvironmentValue 0x21560 0x699
ZwQuerySystemEnvironmentValueEx 0x21578 0x69a
ZwQuerySystemInformation 0x1fda0 0x69b
ZwQuerySystemInformationEx 0x21590 0x69c
ZwQuerySystemTime 0x2011c 0x69d
ZwQueryTimer 0x1fdd0 0x69e
ZwQueryTimerResolution 0x215a8 0x69f
ZwQueryValueKey 0x1fa98 0x6a0
ZwQueryVirtualMemory 0x1fbc8 0x6a1
ZwQueryVolumeInformationFile 0x1ff7c 0x6a2
ZwQueueApcThread 0x1ff14 0x6a3
ZwQueueApcThreadEx 0x215c4 0x6a4
ZwRaiseException 0x215dc 0x6a5
ZwRaiseHardError 0x215f4 0x6a6
ZwReadFile 0x1f8e0 0x6a7
ZwReadFileScatter 0x1fcd4 0x6a8
ZwReadOnlyEnlistment 0x2160c 0x6a9
ZwReadRequestData 0x2008c 0x6aa
ZwReadVirtualMemory 0x1fe80 0x6ab
ZwRecoverEnlistment 0x21624 0x6ac
ZwRecoverResourceManager 0x2163c 0x6ad
ZwRecoverTransactionManager 0x21654 0x6ae
ZwRegisterProtocolAddressInformation 0x2166c 0x6af
ZwRegisterThreadTerminatePort 0x21684 0x6b0
ZwReleaseKeyedEvent 0x216a0 0x6b1
ZwReleaseMutant 0x1fb7c 0x6b2
ZwReleaseSemaphore 0x1f950 0x6b3
ZwReleaseWorkerFactoryWorker 0x216bc 0x6b4
ZwRemoveIoCompletion 0x1f934 0x6b5
ZwRemoveIoCompletionEx 0x216d4 0x6b6
ZwRemoveProcessDebug 0x216ec 0x6b7
ZwRenameKey 0x21708 0x6b8
ZwRenameTransactionManager 0x21720 0x6b9
ZwReplaceKey 0x21738 0x6ba
ZwReplacePartitionUnit 0x21750 0x6bb
ZwReplyPort 0x1f984 0x6bc
ZwReplyWaitReceivePort 0x1f96c 0x6bd
ZwReplyWaitReceivePortEx 0x1fc88 0x6be
ZwReplyWaitReplyPort 0x21768 0x6bf
ZwRequestPort 0x21780 0x6c0
ZwRequestWaitReplyPort 0x1fbb0 0x6c1
ZwResetEvent 0x21798 0x6c2
ZwResetWriteWatch 0x217b4 0x6c3
ZwRestoreKey 0x217d0 0x6c4
ZwResumeProcess 0x217e8 0x6c5
ZwResumeThread 0x20058 0x6c6
ZwRollbackComplete 0x21804 0x6c7
ZwRollbackEnlistment 0x2181c 0x6c8
ZwRollbackTransaction 0x21834 0x6c9
ZwRollforwardTransactionManager 0x2184c 0x6ca
ZwSaveKey 0x21864 0x6cb
ZwSaveKeyEx 0x2187c 0x6cc
ZwSaveMergedKeys 0x21894 0x6cd
ZwSecureConnectPort 0x218b0 0x6ce
ZwSerializeBoot 0x218c8 0x6cf
ZwSetBootEntryOrder 0x218e0 0x6d0
ZwSetBootOptions 0x218f8 0x6d1
ZwSetContextThread 0x21910 0x6d2
ZwSetDebugFilterState 0x21928 0x6d3
ZwSetDefaultHardErrorPort 0x21944 0x6d4
ZwSetDefaultLocale 0x21960 0x6d5
ZwSetDefaultUILanguage 0x2197c 0x6d6
ZwSetDriverEntryOrder 0x21998 0x6d7
ZwSetEaFile 0x219b0 0x6d8
ZwSetEvent 0x1f9b4 0x6d9
ZwSetEventBoostPriority 0x1fcb8 0x6da
ZwSetHighEventPair 0x219c8 0x6db
ZwSetHighWaitLowEventPair 0x219e4 0x6dc
ZwSetInformationDebugObject 0x21a00 0x6dd
ZwSetInformationEnlistment 0x21a18 0x6de
ZwSetInformationFile 0x1fc28 0x6df
ZwSetInformationJobObject 0x21a30 0x6e0
ZwSetInformationKey 0x21a48 0x6e1
ZwSetInformationObject 0x20154 0x6e2
ZwSetInformationProcess 0x1fb18 0x6e3
ZwSetInformationResourceManager 0x21a60 0x6e4
ZwSetInformationThread 0x1f99c 0x6e5
ZwSetInformationToken 0x21a78 0x6e6
ZwSetInformationTransaction 0x21a90 0x6e7
ZwSetInformationTransactionManager 0x21aa8 0x6e8
ZwSetInformationWorkerFactory 0x21ac0 0x6e9
ZwSetIntervalProfile 0x21ad8 0x6ea
ZwSetIoCompletion 0x21af4 0x6eb
ZwSetIoCompletionEx 0x21b0c 0x6ec
ZwSetLdtEntries 0x21b24 0x6ed
ZwSetLowEventPair 0x21b3c 0x6ee
ZwSetLowWaitHighEventPair 0x21b58 0x6ef
ZwSetQuotaInformationFile 0x21b74 0x6f0
ZwSetSecurityObject 0x21b8c 0x6f1
ZwSetSystemEnvironmentValue 0x21ba4 0x6f2
ZwSetSystemEnvironmentValueEx 0x21bbc 0x6f3
ZwSetSystemInformation 0x21bd4 0x6f4
ZwSetSystemPowerState 0x21bec 0x6f5
ZwSetSystemTime 0x21c04 0x6f6
ZwSetThreadExecutionState 0x21c20 0x6f7
ZwSetTimer 0x201e8 0x6f8
ZwSetTimerEx 0x21c3c 0x6f9
ZwSetTimerResolution 0x21c54 0x6fa
ZwSetUuidSeed 0x21c70 0x6fb
ZwSetValueKey 0x201b4 0x6fc
ZwSetVolumeInformationFile 0x21c8c 0x6fd
ZwShutdownSystem 0x21ca4 0x6fe
ZwShutdownWorkerFactory 0x21cc0 0x6ff
ZwSignalAndWaitForSingleObject 0x21cd8 0x700
ZwSinglePhaseReject 0x21cf4 0x701
ZwStartProfile 0x21d0c 0x702
ZwStopProfile 0x21d28 0x703
ZwSuspendProcess 0x21d44 0x704
ZwSuspendThread 0x21d60 0x705
ZwSystemDebugControl 0x21d7c 0x706
ZwTerminateJobObject 0x21d94 0x707
ZwTerminateProcess 0x1fca0 0x708
ZwTerminateThread 0x20074 0x709
ZwTestAlert 0x21db0 0x70a
ZwThawRegistry 0x21dcc 0x70b
ZwThawTransactions 0x21de4 0x70c
ZwTraceControl 0x21dfc 0x70d
ZwTraceEvent 0x20184 0x70e
ZwTranslateFilePath 0x21e14 0x70f
ZwUmsThreadYield 0x21e30 0x710
ZwUnloadDriver 0x21e48 0x711
ZwUnloadKey 0x21e60 0x713
ZwUnloadKey2 0x21e78 0x712
ZwUnloadKeyEx 0x21e90 0x714
ZwUnlockFile 0x21ea8 0x715
ZwUnlockVirtualMemory 0x21ec0 0x716
ZwUnmapViewOfSection 0x1fc70 0x717
ZwVdmControl 0x21ed8 0x718
ZwWaitForDebugEvent 0x21ef0 0x719
ZwWaitForKeyedEvent 0x21f08 0x71a
ZwWaitForMultipleObjects 0x20138 0x71c
ZwWaitForMultipleObjects32 0x1fae0 0x71b
ZwWaitForSingleObject 0x1f8ac 0x71d
ZwWaitForWorkViaWorkerFactory 0x21f24 0x71e
ZwWaitHighEventPair 0x21f3c 0x71f
ZwWaitLowEventPair 0x21f58 0x720
ZwWorkerFactoryWorkerReady 0x21f74 0x721
ZwWow64CallFunction64 0x2213c 0x722
ZwWow64CsrAllocateCaptureBuffer 0x21fd4 0x723
ZwWow64CsrAllocateMessagePointer 0x22004 0x724
ZwWow64CsrCaptureMessageBuffer 0x2201c 0x725
ZwWow64CsrCaptureMessageString 0x22034 0x726
ZwWow64CsrClientCallServer 0x21fbc 0x727
ZwWow64CsrClientConnectToServer 0x21f8c 0x728
ZwWow64CsrFreeCaptureBuffer 0x21fec 0x729
ZwWow64CsrGetProcessId 0x2204c 0x72a
ZwWow64CsrIdentifyAlertableThread 0x21fa4 0x72b
ZwWow64CsrVerifyRegion 0x22064 0x72c
ZwWow64DebuggerCall 0x2207c 0x72d
ZwWow64GetCurrentProcessorNumberEx 0x22094 0x72e
ZwWow64GetNativeSystemInformation 0x220ac 0x72f
ZwWow64InterlockedPopEntrySList 0x220c4 0x730
ZwWow64QueryInformationProcess64 0x220dc 0x731
ZwWow64QueryVirtualMemory64 0x22124 0x732
ZwWow64ReadVirtualMemory64 0x220f4 0x733
ZwWow64WriteVirtualMemory64 0x2210c 0x734
ZwWriteFile 0x1f918 0x735
ZwWriteFileGather 0x1fafc 0x736
ZwWriteRequestData 0x200d4 0x737
ZwWriteVirtualMemory 0x1fe04 0x738
ZwYieldExecution 0x1ff2c 0x739
_CIcos 0x7b704 0x73a
_CIlog 0x7b7c4 0x73b
_CIpow 0x7b8a4 0x73c
_CIsin 0x7bac4 0x73d
_CIsqrt 0x7bb80 0x73e
__isascii 0x4c3fa 0x73f
__iscsym 0xd44c4 0x740
__iscsymf 0xd44fc 0x741
__toascii 0xd44b2 0x742
_alldiv 0x78d00 0x743
_alldvrm 0x7bc40 0x744
_allmul 0x42760 0x745
_alloca_probe 0x3ad68 0x746
_alloca_probe_16 0x7bd20 0x747
_alloca_probe_8 0x7bd36 0x748
_allrem 0x7bd80 0x749
_allshl 0x33140 0x74a
_allshr 0x38990 0x74b
_atoi64 0xd4533 0x74c
_aulldiv 0x5b140 0x74d
_aulldvrm 0x2f880 0x74e
_aullrem 0x40a90 0x74f
_aullshr 0x38860 0x750
_chkstk 0x3ad68 0x751
_fltused 0x104328 0x752
_ftol 0x7be40 0x753
_i64toa 0xd4586 0x754
_i64toa_s 0xd7a6f 0x755
_i64tow 0xd4691 0x756
_i64tow_s 0xd7c36 0x757
_itoa 0x4d2c6 0x758
_itoa_s 0xd78df 0x759
_itow 0xd4617 0x75a
_itow_s 0x754a5 0x75b
_lfind 0xd46c9 0x75c
_ltoa 0xd455a 0x75d
_ltoa_s 0xd7910 0x75e
_ltow 0xd4646 0x75f
_ltow_s 0xd7acd 0x760
_makepath_s 0xd7c94 0x761
_memccpy 0x7be80 0x762
_memicmp 0xd4750 0x763
_snprintf 0xd4760 0x764
_snprintf_s 0xd7e16 0x765
_snscanf_s 0xd7e3a 0x766
_snwprintf 0x32417 0x767
_snwprintf_s 0xd7f10 0x768
_snwscanf_s 0xd7f34 0x769
_splitpath 0xd49f7 0x76a
_splitpath_s 0xd7f6e 0x76b
_strcmpi 0x3c7b9 0x76c
_stricmp 0x3c7b9 0x76d
_strlwr 0xd4a48 0x76e
_strnicmp 0x5c27c 0x76f
_strnset_s 0xd816c 0x770
_strset_s 0xd81e0 0x771
_strupr 0xd4a75 0x772
_swprintf 0xd550d 0x773
_ui64toa 0x722fa 0x774
_ui64toa_s 0xd7aa9 0x775
_ui64tow 0x6dda7 0x776
_ui64tow_s 0xd7c70 0x777
_ultoa 0x722db 0x778
_ultoa_s 0xd793e 0x779
_ultow 0xd4672 0x77a
_ultow_s 0xd7af9 0x77b
_vscwprintf 0x774b7 0x77c
_vsnprintf 0x79d88 0x77d
_vsnprintf_s 0xd7d7d 0x77e
_vsnwprintf 0x4ef93 0x77f
_vsnwprintf_s 0xd7e74 0x780
_vswprintf 0xd4b4c 0x781
_wcsicmp 0x39337 0x782
_wcslwr 0xd4b6b 0x783
_wcsnicmp 0x2f63b 0x784
_wcsnset_s 0xd4bba 0x785
_wcsset_s 0xd4c38 0x786
_wcstoui64 0xd4f34 0x787
_wcsupr 0xd4f53 0x788
_wmakepath_s 0xd822f 0x789
_wsplitpath_s 0xd834a 0x78a
_wtoi 0x7aa8d 0x78b
_wtoi64 0xd4f8b 0x78c
_wtol 0x78706 0x78d
abs 0xd4fb2 0x78e
atan 0x7bee0 0x78f
atoi 0x4d2f3 0x790
atol 0x4d300 0x791
bsearch 0x2ebdc 0x792
ceil 0x7bfa0 0x793
cos 0x7b700 0x794
fabs 0xd4fc7 0x795
floor 0x7c0e0 0x796
isalnum 0xd4418 0x797
isalpha 0x67966 0x798
iscntrl 0xd448d 0x799
isdigit 0x4c3d5 0x79a
isgraph 0xd4466 0x79b
islower 0xd43a9 0x79c
isprint 0xd443f 0x79d
ispunct 0xd43f3 0x79e
isspace 0xd43ce 0x79f
isupper 0xd4384 0x7a0
iswalpha 0x5bd44 0x7a1
iswctype 0x5bd15 0x7a2
iswdigit 0x61121 0x7a3
iswlower 0xd50a5 0x7a4
iswspace 0xd50d8 0x7a5
iswxdigit 0xd50bd 0x7a6
isxdigit 0x4c79b 0x7a7
labs 0xd4fb2 0x7a8
log 0x7b7c0 0x7a9
mbstowcs 0x7a152 0x7aa
memchr 0x7c240 0x7ab
memcmp 0x32265 0x7ac
memcpy 0x22340 0x7ad
memcpy_s 0xd8578 0x7ae
memmove 0x38f50 0x7af
memmove_s 0xd85f6 0x7b0
memset 0x2df20 0x7b1
pow 0x7b8a0 0x7b2
qsort 0xd5191 0x7b3
sin 0x7bac0 0x7b4
sprintf 0xd53c3 0x7b5
sprintf_s 0xd86ab 0x7b6
sqrt 0x7bb94 0x7b7
sscanf 0xd54a7 0x7b8
sscanf_s 0xd86cc 0x7b9
strcat 0x7c310 0x7ba
strcat_s 0x6596f 0x7bb
strchr 0x39c70 0x7bc
strcmp 0x7c400 0x7bd
strcpy 0x7c300 0x7be
strcpy_s 0x659cd 0x7bf
strcspn 0x7c490 0x7c0
strlen 0x7c4e0 0x7c1
strncat 0x7c570 0x7c2
strncat_s 0xd8715 0x7c3
strncmp 0x62f65 0x7c4
strncpy 0x75c30 0x7c5
strncpy_s 0x79eaa 0x7c6
strnlen 0xd54cc 0x7c7
strpbrk 0x7c6c0 0x7c8
strrchr 0x7c700 0x7c9
strspn 0x7c730 0x7ca
strstr 0x7c780 0x7cb
strtok_s 0xd87f2 0x7cc
strtol 0x4ca3a 0x7cd
strtoul 0xd54ee 0x7ce
swprintf 0xd550d 0x7cf
swprintf_s 0x6290f 0x7d0
swscanf_s 0xd88da 0x7d1
tan 0x7c810 0x7d2
tolower 0xd559f 0x7d3
toupper 0x48bf5 0x7d4
towlower 0xd55cc 0x7d5
towupper 0xd55ef 0x7d6
vDbgPrintEx 0xad470 0x7d7
vDbgPrintExWithPrefix 0xad496 0x7d8
vsprintf 0xd567b 0x7d9
vsprintf_s 0xd8659 0x7da
vswprintf_s 0x62930 0x7db
wcscat 0xd569a 0x7dc
wcscat_s 0x489aa 0x7dd
wcschr 0x37f1c 0x7de
wcscmp 0x324c4 0x7df
wcscpy 0xd56cd 0x7e0
wcscpy_s 0x386a6 0x7e1
wcscspn 0x79eea 0x7e2
wcslen 0xd56f1 0x7e3
wcsncat 0xd5710 0x7e4
wcsncat_s 0x4e478 0x7e5
wcsncmp 0x37f75 0x7e6
wcsncpy 0xd5755 0x7e7
wcsncpy_s 0x6e4de 0x7e8
wcsnlen 0xd57a4 0x7e9
wcspbrk 0x5b617 0x7ea
wcsrchr 0x37ee9 0x7eb
wcsspn 0xd57c8 0x7ec
wcsstr 0x30c87 0x7ed
wcstol 0x4b4ca 0x7ee
wcstombs 0xd5835 0x7ef
wcstoul 0xd5816 0x7f0
- 0xabbbc 0x1
- 0xabc58 0x2
- 0xab781 0x3
- 0xab915 0x4
- 0xab75d 0x5
- 0xab551 0x6
- 0xabb8d 0x7
- 0x773be 0x8
Digital Signatures (2)
»
Certificate: Microsoft Windows
»
Issued by Microsoft Windows
Parent Certificate Microsoft Windows Verification PCA
Country Name US
Valid From 2009-12-07 21:57:40+00:00
Valid Until 2011-03-07 21:57:40+00:00
Algorithm sha1_rsa
Serial Number 61 15 23 0F 00 00 00 00 00 0A
Thumbprint 02 EC EE A9 D5 E0 A9 F3 E3 9B 6F 4E C3 F7 13 1E D4 E3 52 C4
Certificate: Microsoft Windows Verification PCA
»
Issued by Microsoft Windows Verification PCA
Country Name US
Valid From 2005-09-15 21:55:41+00:00
Valid Until 2016-03-15 22:05:41+00:00
Algorithm sha1_rsa
Serial Number 61 07 02 DC 00 00 00 00 00 0B
Thumbprint 5D F0 D7 57 1B 07 80 78 39 60 C6 8B 78 57 1F FD 7E DA F0 21
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jma.exe Sample File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 164.50 KB
MD5 cfd776b1cb9004e0f214f33431b3646b Copy to Clipboard
SHA1 3af3240893d79897b540f5875b81aaf715efbff2 Copy to Clipboard
SHA256 cdc13684f41107a2ff3c367f50d64af2c71f2f004775d0307deb5ee6980a5965 Copy to Clipboard
SSDeep 3072:h8tdcEQ3QTUrDKVCBwyBrEyDQ/ZqHEBMTFhRME+No7mFHSSIiqjAkNaYuRDJWK:hydc7yWwydcZqHDTFnME7KRqjARYm Copy to Clipboard
ImpHash b18b4e624751116c1a16238e9c729bd5 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x1c49ce0
Size Of Code 0x1e000
Size Of Initialized Data 0xb000
Size Of Uninitialized Data 0x182b000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-11-06 00:00:44+00:00
Version Information (11)
»
CompanyName PGWARE LLC
FileDescription Ignorehostnameverification Impressins Codememberfield Using Upright Westwood
FileVersion 6.5.8.737
InternalName Sectored
Languages English
LegalCopyright (C)
LegalTrademarks (C)
OriginalFilename Sectored
PrivateBuild 6.5.8.737
ProductName Sectored
ProductVersion 6.5.8.737
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x182b000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x1c2c000 0x1e000 0x1e000 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.81
.rsrc 0x1c4a000 0xb000 0xae00 0x1e400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.25
Imports (11)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x1c54b68 0x1854b68 0x28f68 0x0
GetProcAddress 0x0 0x1c54b6c 0x1854b6c 0x28f6c 0x0
VirtualProtect 0x0 0x1c54b70 0x1854b70 0x28f70 0x0
VirtualAlloc 0x0 0x1c54b74 0x1854b74 0x28f74 0x0
VirtualFree 0x0 0x1c54b78 0x1854b78 0x28f78 0x0
ExitProcess 0x0 0x1c54b7c 0x1854b7c 0x28f7c 0x0
ACTIVEDS.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x1e 0x1c54b84 0x1854b84 0x28f84 -
AVIFIL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AVIFileCreateStreamA 0x0 0x1c54b8c 0x1854b8c 0x28f8c 0x0
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LineTo 0x0 0x1c54b94 0x1854b94 0x28f94 0x0
gdiplus.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdiplusStartup 0x0 0x1c54b9c 0x1854b9c 0x28f9c 0x0
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleTranslateColor 0x1a5 0x1c54ba4 0x1854ba4 0x28fa4 -
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHBrowseForFolderA 0x0 0x1c54bac 0x1854bac 0x28fac 0x0
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrChrA 0x0 0x1c54bb4 0x1854bb4 0x28fb4 0x0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDC 0x0 0x1c54bbc 0x1854bbc 0x28fbc 0x0
WINTRUST.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptCATGetMemberInfo 0x0 0x1c54bc4 0x1854bc4 0x28fc4 0x0
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAStartup 0x73 0x1c54bcc 0x1854bcc 0x28fcc -
Icons (1)
»
Memory Dumps (7)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
buffer 1 0x00250000 0x00281FFF First Execution - 32-bit 0x00250000 False False
...
buffer 1 0x00250000 0x00281FFF Content Changed - 32-bit 0x00250026 False False
...
buffer 1 0x00250000 0x00281FFF Content Changed - 32-bit 0x002529BE False False
...
buffer 10 0x00290000 0x002C1FFF First Execution - 32-bit 0x00290000 False False
...
buffer 10 0x00290000 0x002C1FFF Content Changed - 32-bit 0x002929BE False False
...
buffer 38 0x00300000 0x00331FFF First Execution - 32-bit 0x00300000 False False
...
buffer 38 0x00300000 0x00331FFF Content Changed - 32-bit 0x003029BE False False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jgshctw Dropped File Text
Unknown
...
»
Mime Type text/xml
File Size 285 bytes
MD5 b32724389aba0741d7d28f02f124897d Copy to Clipboard
SHA1 ef81cc44cddc9b7cd695903100d817af4427e2a4 Copy to Clipboard
SHA256 6b3005e2b4d0093f7b04e8427f386fac532deb9d84156c7855ace8a2eb23d962 Copy to Clipboard
SSDeep 6:TMVJMpqXO/GGG/1EwkAATkGWHMLF4tTmRk4//sKEQZRvDA9om49NVO9:TMsgeMlZHMJ4tTmRT7EqvD8om49/k Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gaejfer Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 284.14 KB
MD5 2ebb7e4e62b1cae357d0a9720a996e25 Copy to Clipboard
SHA1 acce6121e5f1815f01d6b3468e4c3e51a9f9a20d Copy to Clipboard
SHA256 176c57a929846be8b06ba706bdbc0149ba4c9c2ad9d4ebe86ab94d0627870d1c Copy to Clipboard
SSDeep 6144:pH4t3FN2ujUiF9LrMeO8jZY0VIkR5vmioQZYVnb7qhnqhuLj/:14tVN2oDLImLV6nbWQuLj/ Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Temp\646D.tmp Dropped File Sqlite
Unknown
...
»
Mime Type application/x-sqlite3
File Size 512.00 KB
MD5 ca84b062330bf89c92f6da9fbd818b9e Copy to Clipboard
SHA1 f52fd559629cecf4a02037663c6d9bf171ac7235 Copy to Clipboard
SHA256 3ce8414a491044fca9d5c4de1af15fc54c06ba021a7ba2199e092f35c42fbdf4 Copy to Clipboard
SSDeep 48:DML4nwTqMXQ98wM6ckr3ekPokj+rU+D0KHhS0wy:Dbn39e8DdPHaB33 Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Temp\6F29.tmp Dropped File Sqlite
Unknown
...
»
Mime Type application/x-sqlite3
File Size 7.00 KB
MD5 0111897c22e2ab86bfd65ccf91adc717 Copy to Clipboard
SHA1 c499d8febec0f0cb771a654fc65699c22226fe37 Copy to Clipboard
SHA256 cff896f26e26cdf1a63e312f89795366ee2bc902323cabe44a86aa4ad0977228 Copy to Clipboard
SSDeep 48:tNecVTgPOpEveoJZFrU10WB58PdJAKr1EcO:tVSNDX25E Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image