-
Notifications
You must be signed in to change notification settings - Fork 0
/
log.txt
986 lines (986 loc) · 50.3 KB
/
log.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
Potentially hooked: NtAcceptConnectPort : 77612A90
Potentially hooked: NtAccessCheck : 77612A70
Potentially hooked: NtAccessCheckAndAuditAlarm : 77612D20
Potentially hooked: NtAccessCheckByType : 776130C0
Potentially hooked: NtAccessCheckByTypeAndAuditAlarm : 77613020
Potentially hooked: NtAccessCheckByTypeResultList : 776130D0
Potentially hooked: NtAccessCheckByTypeResultListAndAuditAlarm : 776130E0
Potentially hooked: NtAccessCheckByTypeResultListAndAuditAlarmByHandle : 776130F0
Potentially hooked: NtAcquireCrossVmMutant : 77613100
Potentially hooked: NtAcquireProcessActivityReference : 77613110
Potentially hooked: NtAddAtom : 77612F00
Potentially hooked: NtAddAtomEx : 77613120
Potentially hooked: NtAddBootEntry : 77613130
Potentially hooked: NtAddDriverEntry : 77613140
Potentially hooked: NtAdjustGroupsToken : 77613150
Potentially hooked: NtAdjustPrivilegesToken : 77612EA0
Potentially hooked: NtAdjustTokenClaimsAndDeviceGroups : 77613160
Potentially hooked: NtAlertResumeThread : 77613170
Potentially hooked: NtAlertThread : 77613180
Potentially hooked: NtAlertThreadByThreadId : 77613190
Potentially hooked: NtAllocateLocallyUniqueId : 776131A0
Potentially hooked: NtAllocateReserveObject : 776131B0
Potentially hooked: NtAllocateUserPhysicalPages : 776131C0
Potentially hooked: NtAllocateUserPhysicalPagesEx : 776131D0
Potentially hooked: NtAllocateUuids : 776131E0
Potentially hooked: NtAllocateVirtualMemory : 77612BF0
Potentially hooked: NtAllocateVirtualMemoryEx : 776131F0
Potentially hooked: NtAlpcAcceptConnectPort : 77613200
Potentially hooked: NtAlpcCancelMessage : 77613210
Potentially hooked: NtAlpcConnectPort : 77613220
Potentially hooked: NtAlpcConnectPortEx : 77613230
Potentially hooked: NtAlpcCreatePort : 77613240
Potentially hooked: NtAlpcCreatePortSection : 77613250
Potentially hooked: NtAlpcCreateResourceReserve : 77613260
Potentially hooked: NtAlpcCreateSectionView : 77613270
Potentially hooked: NtAlpcCreateSecurityContext : 77613280
Potentially hooked: NtAlpcDeletePortSection : 77613290
Potentially hooked: NtAlpcDeleteResourceReserve : 776132A0
Potentially hooked: NtAlpcDeleteSectionView : 776132B0
Potentially hooked: NtAlpcDeleteSecurityContext : 776132C0
Potentially hooked: NtAlpcDisconnectPort : 776132D0
Potentially hooked: NtAlpcImpersonateClientContainerOfPort : 776132E0
Potentially hooked: NtAlpcImpersonateClientOfPort : 776132F0
Potentially hooked: NtAlpcOpenSenderProcess : 77613300
Potentially hooked: NtAlpcOpenSenderThread : 77613310
Potentially hooked: NtAlpcQueryInformation : 77613320
Potentially hooked: NtAlpcQueryInformationMessage : 77613330
Potentially hooked: NtAlpcRevokeSecurityContext : 77613340
Potentially hooked: NtAlpcSendWaitReceivePort : 77613350
Potentially hooked: NtAlpcSetInformation : 77613360
Potentially hooked: NtApphelpCacheControl : 77612F50
Potentially hooked: NtAreMappedFilesTheSame : 77613370
Potentially hooked: NtAssignProcessToJobObject : 77613380
Potentially hooked: NtAssociateWaitCompletionPacket : 77613390
Potentially hooked: NtCallEnclave : 776133A0
Potentially hooked: NtCallbackReturn : 77612AC0
Potentially hooked: NtCancelIoFile : 77613060
Potentially hooked: NtCancelIoFileEx : 776133B0
Potentially hooked: NtCancelSynchronousIoFile : 776133C0
Potentially hooked: NtCancelTimer : 776130A0
Potentially hooked: NtCancelTimer2 : 776133D0
Potentially hooked: NtCancelWaitCompletionPacket : 776133E0
Potentially hooked: NtClearEvent : 77612E70
Potentially hooked: NtClose : 77612B60
Potentially hooked: NtCloseObjectAuditAlarm : 77612E40
Potentially hooked: NtCommitComplete : 776133F0
Potentially hooked: NtCommitEnlistment : 77613400
Potentially hooked: NtCommitRegistryTransaction : 77613410
Potentially hooked: NtCommitTransaction : 77613420
Potentially hooked: NtCompactKeys : 77613430
Potentially hooked: NtCompareObjects : 77613440
Potentially hooked: NtCompareSigningLevels : 77613450
Potentially hooked: NtCompareTokens : 77613460
Potentially hooked: NtCompleteConnectPort : 77613470
Potentially hooked: NtCompressKey : 77613480
Potentially hooked: NtConnectPort : 77613490
Potentially hooked: NtContinue : 77612EC0
Potentially hooked: NtContinueEx : 776134A0
Potentially hooked: NtConvertBetweenAuxiliaryCounterAndPerformanceCounter : 776134B0
Potentially hooked: NtCreateCrossVmEvent : 776134C0
Potentially hooked: NtCreateCrossVmMutant : 776134D0
Potentially hooked: NtCreateDebugObject : 776134E0
Potentially hooked: NtCreateDirectoryObject : 776134F0
Potentially hooked: NtCreateDirectoryObjectEx : 77613500
Potentially hooked: NtCreateEnclave : 77613510
Potentially hooked: NtCreateEnlistment : 77613520
Potentially hooked: NtCreateEvent : 77612F10
Potentially hooked: NtCreateEventPair : 77613530
Potentially hooked: NtCreateFile : 77612FE0
Potentially hooked: NtCreateIRTimer : 77613540
Potentially hooked: NtCreateIoCompletion : 77613550
Potentially hooked: NtCreateJobObject : 77613560
Potentially hooked: NtCreateJobSet : 77613570
Potentially hooked: NtCreateKey : 77612C60
Potentially hooked: NtCreateKeyTransacted : 77613580
Potentially hooked: NtCreateKeyedEvent : 77613590
Potentially hooked: NtCreateLowBoxToken : 776135A0
Potentially hooked: NtCreateMailslotFile : 776135B0
Potentially hooked: NtCreateMutant : 776135C0
Potentially hooked: NtCreateNamedPipeFile : 776135D0
Potentially hooked: NtCreatePagingFile : 776135E0
Potentially hooked: NtCreatePartition : 776135F0
Potentially hooked: NtCreatePort : 77613600
Potentially hooked: NtCreatePrivateNamespace : 77613610
Potentially hooked: NtCreateProcess : 77613620
Potentially hooked: NtCreateProcessEx : 77612F60
Potentially hooked: NtCreateProfile : 77613630
Potentially hooked: NtCreateProfileEx : 77613640
Potentially hooked: NtCreateRegistryTransaction : 77613650
Potentially hooked: NtCreateResourceManager : 77613660
Potentially hooked: NtCreateSection : 77612F30
Potentially hooked: NtCreateSectionEx : 77613670
Potentially hooked: NtCreateSemaphore : 77613680
Potentially hooked: NtCreateSymbolicLinkObject : 77613690
Potentially hooked: NtCreateThread : 77612F70
Potentially hooked: NtCreateThreadEx : 776136A0
Potentially hooked: NtCreateTimer : 776136B0
Potentially hooked: NtCreateTimer2 : 776136C0
Potentially hooked: NtCreateToken : 776136D0
Potentially hooked: NtCreateTokenEx : 776136E0
Potentially hooked: NtCreateTransaction : 776136F0
Potentially hooked: NtCreateTransactionManager : 77613700
Potentially hooked: NtCreateUserProcess : 77613710
Potentially hooked: NtCreateWaitCompletionPacket : 77613720
Potentially hooked: NtCreateWaitablePort : 77613730
Potentially hooked: NtCreateWnfStateName : 77613740
Potentially hooked: NtCreateWorkerFactory : 77613750
Potentially hooked: NtCurrentTeb : 77653FD0
Potentially hooked: NtDebugActiveProcess : 77613760
Potentially hooked: NtDebugContinue : 77613770
Potentially hooked: NtDelayExecution : 77612DD0
Potentially hooked: NtDeleteAtom : 77613780
Potentially hooked: NtDeleteBootEntry : 77613790
Potentially hooked: NtDeleteDriverEntry : 776137A0
Potentially hooked: NtDeleteFile : 776137B0
Potentially hooked: NtDeleteKey : 776137C0
Potentially hooked: NtDeleteObjectAuditAlarm : 776137D0
Potentially hooked: NtDeletePrivateNamespace : 776137E0
Potentially hooked: NtDeleteValueKey : 776137F0
Potentially hooked: NtDeleteWnfStateData : 77613800
Potentially hooked: NtDeleteWnfStateName : 77613810
Potentially hooked: NtDeviceIoControlFile : 77612AE0
Potentially hooked: NtDirectGraphicsCall : 77613820
Potentially hooked: NtDisableLastKnownGood : 77613830
Potentially hooked: NtDisplayString : 77613840
Potentially hooked: NtDrawText : 77613850
Potentially hooked: NtDuplicateObject : 77612E50
Potentially hooked: NtDuplicateToken : 77612EB0
Potentially hooked: NtEnableLastKnownGood : 77613860
Potentially hooked: NtEnumerateBootEntries : 77613870
Potentially hooked: NtEnumerateDriverEntries : 77613880
Potentially hooked: NtEnumerateKey : 77612DB0
Potentially hooked: NtEnumerateSystemEnvironmentValuesEx : 77613890
Potentially hooked: NtEnumerateTransactionObject : 776138A0
Potentially hooked: NtEnumerateValueKey : 77612BA0
Potentially hooked: NtExtendSection : 776138B0
Potentially hooked: NtFilterBootOption : 776138C0
Potentially hooked: NtFilterToken : 776138D0
Potentially hooked: NtFilterTokenEx : 776138E0
Potentially hooked: NtFindAtom : 77612BB0
Potentially hooked: NtFlushBuffersFile : 77612F40
Potentially hooked: NtFlushBuffersFileEx : 776138F0
Potentially hooked: NtFlushInstallUILanguage : 77613900
Potentially hooked: NtFlushInstructionCache : 77613910
Potentially hooked: NtFlushKey : 77613920
Potentially hooked: NtFlushProcessWriteBuffers : 77613930
Potentially hooked: NtFlushVirtualMemory : 77613940
Potentially hooked: NtFlushWriteBuffer : 77613950
Potentially hooked: NtFreeUserPhysicalPages : 77613960
Potentially hooked: NtFreeVirtualMemory : 77612C70
Potentially hooked: NtFreezeRegistry : 77613970
Potentially hooked: NtFreezeTransactions : 77613980
Potentially hooked: NtFsControlFile : 77612E20
Potentially hooked: NtGetCachedSigningLevel : 77613990
Potentially hooked: NtGetCompleteWnfStateSubscription : 776139A0
Potentially hooked: NtGetContextThread : 776139B0
Potentially hooked: NtGetCurrentProcessorNumber : 776139C0
Potentially hooked: NtGetCurrentProcessorNumberEx : 776139D0
Potentially hooked: NtGetDevicePowerState : 776139E0
Potentially hooked: NtGetMUIRegistryInfo : 776139F0
Potentially hooked: NtGetNextProcess : 77613A00
Potentially hooked: NtGetNextThread : 77613A10
Potentially hooked: NtGetNlsSectionPtr : 77613A20
Potentially hooked: NtGetNotificationResourceManager : 77613A30
Potentially hooked: NtGetTickCount : 77665230
Potentially hooked: NtGetWriteWatch : 77613A40
Potentially hooked: NtImpersonateAnonymousToken : 77613A50
Potentially hooked: NtImpersonateClientOfPort : 77612C80
Potentially hooked: NtImpersonateThread : 77613A60
Potentially hooked: NtInitializeEnclave : 77613A70
Potentially hooked: NtInitializeNlsFiles : 77613A80
Potentially hooked: NtInitializeRegistry : 77613A90
Potentially hooked: NtInitiatePowerAction : 77613AA0
Potentially hooked: NtIsProcessInJob : 77612F80
Potentially hooked: NtIsSystemResumeAutomatic : 77613AB0
Potentially hooked: NtIsUILanguageComitted : 77613AC0
Potentially hooked: NtListenPort : 77613AD0
Potentially hooked: NtLoadDriver : 77613AE0
Potentially hooked: NtLoadEnclaveData : 77613AF0
Potentially hooked: NtLoadKey : 77613B00
Potentially hooked: NtLoadKey2 : 77613B10
Potentially hooked: NtLoadKey3 : 776147F0
Potentially hooked: NtLoadKeyEx : 77613B20
Potentially hooked: NtLockFile : 77613B30
Potentially hooked: NtLockProductActivationKeys : 77613B40
Potentially hooked: NtLockRegistryKey : 77613B50
Potentially hooked: NtLockVirtualMemory : 77613B60
Potentially hooked: NtMakePermanentObject : 77613B70
Potentially hooked: NtMakeTemporaryObject : 77613B80
Potentially hooked: NtManageHotPatch : 77613B90
Potentially hooked: NtManagePartition : 77613BA0
Potentially hooked: NtMapCMFModule : 77613BB0
Potentially hooked: NtMapUserPhysicalPages : 77613BC0
Potentially hooked: NtMapUserPhysicalPagesScatter : 77612AA0
Potentially hooked: NtMapViewOfSection : 77612D10
Potentially hooked: NtMapViewOfSectionEx : 77613BD0
Potentially hooked: NtModifyBootEntry : 77613BE0
Potentially hooked: NtModifyDriverEntry : 77613BF0
Potentially hooked: NtNotifyChangeDirectoryFile : 77613C00
Potentially hooked: NtNotifyChangeDirectoryFileEx : 77613C10
Potentially hooked: NtNotifyChangeKey : 77613C20
Potentially hooked: NtNotifyChangeMultipleKeys : 77613C30
Potentially hooked: NtNotifyChangeSession : 77613C40
Potentially hooked: NtOpenDirectoryObject : 77613010
Potentially hooked: NtOpenEnlistment : 77613C50
Potentially hooked: NtOpenEvent : 77612E90
Potentially hooked: NtOpenEventPair : 77613C60
Potentially hooked: NtOpenFile : 77612DC0
Potentially hooked: NtOpenIoCompletion : 77613C70
Potentially hooked: NtOpenJobObject : 77613C80
Potentially hooked: NtOpenKey : 77612B90
Potentially hooked: NtOpenKeyEx : 77613C90
Potentially hooked: NtOpenKeyTransacted : 77613CA0
Potentially hooked: NtOpenKeyTransactedEx : 77613CB0
Potentially hooked: NtOpenKeyedEvent : 77613CC0
Potentially hooked: NtOpenMutant : 77613CD0
Potentially hooked: NtOpenObjectAuditAlarm : 77613CE0
Potentially hooked: NtOpenPartition : 77613CF0
Potentially hooked: NtOpenPrivateNamespace : 77613D00
Potentially hooked: NtOpenProcess : 77612CF0
Potentially hooked: NtOpenProcessToken : 77613D10
Potentially hooked: NtOpenProcessTokenEx : 77612D90
Potentially hooked: NtOpenRegistryTransaction : 77613D20
Potentially hooked: NtOpenResourceManager : 77613D30
Potentially hooked: NtOpenSection : 77612E00
Potentially hooked: NtOpenSemaphore : 77613D40
Potentially hooked: NtOpenSession : 77613D50
Potentially hooked: NtOpenSymbolicLinkObject : 77613D60
Potentially hooked: NtOpenThread : 77613D70
Potentially hooked: NtOpenThreadToken : 77612CD0
Potentially hooked: NtOpenThreadTokenEx : 77612D80
Potentially hooked: NtOpenTimer : 77613D80
Potentially hooked: NtOpenTransaction : 77613D90
Potentially hooked: NtOpenTransactionManager : 77613DA0
Potentially hooked: NtPlugPlayControl : 77613DB0
Potentially hooked: NtPowerInformation : 77613080
Potentially hooked: NtPrePrepareComplete : 77613DC0
Potentially hooked: NtPrePrepareEnlistment : 77613DD0
Potentially hooked: NtPrepareComplete : 77613DE0
Potentially hooked: NtPrepareEnlistment : 77613DF0
Potentially hooked: NtPrivilegeCheck : 77613E00
Potentially hooked: NtPrivilegeObjectAuditAlarm : 77613E10
Potentially hooked: NtPrivilegedServiceAuditAlarm : 77613E20
Potentially hooked: NtPropagationComplete : 77613E30
Potentially hooked: NtPropagationFailed : 77613E40
Potentially hooked: NtProtectVirtualMemory : 77612F90
Potentially hooked: NtPssCaptureVaSpaceBulk : 77613E50
Potentially hooked: NtPulseEvent : 77613E60
Potentially hooked: NtQueryAttributesFile : 77612E60
Potentially hooked: NtQueryAuxiliaryCounterFrequency : 77613E70
Potentially hooked: NtQueryBootEntryOrder : 77613E80
Potentially hooked: NtQueryBootOptions : 77613E90
Potentially hooked: NtQueryDebugFilterState : 77613EA0
Potentially hooked: NtQueryDefaultLocale : 77612BC0
Potentially hooked: NtQueryDefaultUILanguage : 77612ED0
Potentially hooked: NtQueryDirectoryFile : 77612DE0
Potentially hooked: NtQueryDirectoryFileEx : 77613EB0
Potentially hooked: NtQueryDirectoryObject : 77613EC0
Potentially hooked: NtQueryDriverEntryOrder : 77613ED0
Potentially hooked: NtQueryEaFile : 77613EE0
Potentially hooked: NtQueryEvent : 77612FF0
Potentially hooked: NtQueryFullAttributesFile : 77613EF0
Potentially hooked: NtQueryInformationAtom : 77613F00
Potentially hooked: NtQueryInformationByName : 77613F10
Potentially hooked: NtQueryInformationEnlistment : 77613F20
Potentially hooked: NtQueryInformationFile : 77612B80
Potentially hooked: NtQueryInformationJobObject : 77613F30
Potentially hooked: NtQueryInformationPort : 77613F40
Potentially hooked: NtQueryInformationProcess : 77612C00
Potentially hooked: NtQueryInformationResourceManager : 77613F50
Potentially hooked: NtQueryInformationThread : 77612CE0
Potentially hooked: NtQueryInformationToken : 77612CA0
Potentially hooked: NtQueryInformationTransaction : 77613F60
Potentially hooked: NtQueryInformationTransactionManager : 77613F70
Potentially hooked: NtQueryInformationWorkerFactory : 77613F80
Potentially hooked: NtQueryInstallUILanguage : 77613F90
Potentially hooked: NtQueryIntervalProfile : 77613FA0
Potentially hooked: NtQueryIoCompletion : 77613FB0
Potentially hooked: NtQueryKey : 77612BD0
Potentially hooked: NtQueryLicenseValue : 77613FC0
Potentially hooked: NtQueryMultipleValueKey : 77613FD0
Potentially hooked: NtQueryMutant : 77613FE0
Potentially hooked: NtQueryObject : 77612B70
Potentially hooked: NtQueryOpenSubKeys : 77613FF0
Potentially hooked: NtQueryOpenSubKeysEx : 77614000
Potentially hooked: NtQueryPerformanceCounter : 77612DA0
Potentially hooked: NtQueryPortInformationProcess : 77614010
Potentially hooked: NtQueryQuotaInformationFile : 77614020
Potentially hooked: NtQuerySection : 77612FA0
Potentially hooked: NtQuerySecurityAttributesToken : 77614030
Potentially hooked: NtQuerySecurityObject : 77614040
Potentially hooked: NtQuerySecurityPolicy : 77614050
Potentially hooked: NtQuerySemaphore : 77614060
Potentially hooked: NtQuerySymbolicLinkObject : 77614070
Potentially hooked: NtQuerySystemEnvironmentValue : 77614080
Potentially hooked: NtQuerySystemEnvironmentValueEx : 77614090
Potentially hooked: NtQuerySystemInformation : 77612DF0
Potentially hooked: NtQuerySystemInformationEx : 776140A0
Potentially hooked: NtQuerySystemTime : 77613030
Potentially hooked: NtQueryTimer : 77612E10
Potentially hooked: NtQueryTimerResolution : 776140B0
Potentially hooked: NtQueryValueKey : 77612BE0
Potentially hooked: NtQueryVirtualMemory : 77612CC0
Potentially hooked: NtQueryVolumeInformationFile : 77612F20
Potentially hooked: NtQueryWnfStateData : 776140C0
Potentially hooked: NtQueryWnfStateNameInformation : 776140D0
Potentially hooked: NtQueueApcThread : 77612EE0
Potentially hooked: NtQueueApcThreadEx : 776140E0
Potentially hooked: NtRaiseException : 776140F0
Potentially hooked: NtRaiseHardError : 77614100
Potentially hooked: NtReadFile : 77612AD0
Potentially hooked: NtReadFileScatter : 77612D70
Potentially hooked: NtReadOnlyEnlistment : 77614110
Potentially hooked: NtReadRequestData : 77612FD0
Potentially hooked: NtReadVirtualMemory : 77612E80
Potentially hooked: NtRecoverEnlistment : 77614120
Potentially hooked: NtRecoverResourceManager : 77614130
Potentially hooked: NtRecoverTransactionManager : 77614140
Potentially hooked: NtRegisterProtocolAddressInformation : 77614150
Potentially hooked: NtRegisterThreadTerminatePort : 77614160
Potentially hooked: NtReleaseKeyedEvent : 77614170
Potentially hooked: NtReleaseMutant : 77612C90
Potentially hooked: NtReleaseSemaphore : 77612B10
Potentially hooked: NtReleaseWorkerFactoryWorker : 77614180
Potentially hooked: NtRemoveIoCompletion : 77612B00
Potentially hooked: NtRemoveIoCompletionEx : 77614190
Potentially hooked: NtRemoveProcessDebug : 776141A0
Potentially hooked: NtRenameKey : 776141B0
Potentially hooked: NtRenameTransactionManager : 776141C0
Potentially hooked: NtReplaceKey : 776141D0
Potentially hooked: NtReplacePartitionUnit : 776141E0
Potentially hooked: NtReplyPort : 77612B30
Potentially hooked: NtReplyWaitReceivePort : 77612B20
Potentially hooked: NtReplyWaitReceivePortEx : 77612D40
Potentially hooked: NtReplyWaitReplyPort : 776141F0
Potentially hooked: NtRequestPort : 77614200
Potentially hooked: NtRequestWaitReplyPort : 77612CB0
Potentially hooked: NtResetEvent : 77614210
Potentially hooked: NtResetWriteWatch : 77614220
Potentially hooked: NtRestoreKey : 77614230
Potentially hooked: NtResumeProcess : 77614240
Potentially hooked: NtResumeThread : 77612FB0
Potentially hooked: NtRevertContainerImpersonation : 77614250
Potentially hooked: NtRollbackComplete : 77614260
Potentially hooked: NtRollbackEnlistment : 77614270
Potentially hooked: NtRollbackRegistryTransaction : 77614280
Potentially hooked: NtRollbackTransaction : 77614290
Potentially hooked: NtRollforwardTransactionManager : 776142A0
Potentially hooked: NtSaveKey : 776142B0
Potentially hooked: NtSaveKeyEx : 776142C0
Potentially hooked: NtSaveMergedKeys : 776142D0
Potentially hooked: NtSecureConnectPort : 776142E0
Potentially hooked: NtSerializeBoot : 776142F0
Potentially hooked: NtSetBootEntryOrder : 77614300
Potentially hooked: NtSetBootOptions : 77614310
Potentially hooked: NtSetCachedSigningLevel : 77614320
Potentially hooked: NtSetCachedSigningLevel2 : 77614330
Potentially hooked: NtSetContextThread : 77614340
Potentially hooked: NtSetDebugFilterState : 77614350
Potentially hooked: NtSetDefaultHardErrorPort : 77614360
Potentially hooked: NtSetDefaultLocale : 77614370
Potentially hooked: NtSetDefaultUILanguage : 77614380
Potentially hooked: NtSetDriverEntryOrder : 77614390
Potentially hooked: NtSetEaFile : 776143A0
Potentially hooked: NtSetEvent : 77612B50
Potentially hooked: NtSetEventBoostPriority : 77612D60
Potentially hooked: NtSetHighEventPair : 776143B0
Potentially hooked: NtSetHighWaitLowEventPair : 776143C0
Potentially hooked: NtSetIRTimer : 776143D0
Potentially hooked: NtSetInformationDebugObject : 776143E0
Potentially hooked: NtSetInformationEnlistment : 776143F0
Potentially hooked: NtSetInformationFile : 77612D00
Potentially hooked: NtSetInformationJobObject : 77614400
Potentially hooked: NtSetInformationKey : 77614410
Potentially hooked: NtSetInformationObject : 77613050
Potentially hooked: NtSetInformationProcess : 77612C50
Potentially hooked: NtSetInformationResourceManager : 77614420
Potentially hooked: NtSetInformationSymbolicLink : 77614430
Potentially hooked: NtSetInformationThread : 77612B40
Potentially hooked: NtSetInformationToken : 77614440
Potentially hooked: NtSetInformationTransaction : 77614450
Potentially hooked: NtSetInformationTransactionManager : 77614460
Potentially hooked: NtSetInformationVirtualMemory : 77614470
Potentially hooked: NtSetInformationWorkerFactory : 77614480
Potentially hooked: NtSetIntervalProfile : 77614490
Potentially hooked: NtSetIoCompletion : 776144A0
Potentially hooked: NtSetIoCompletionEx : 776144B0
Potentially hooked: NtSetLdtEntries : 776144C0
Potentially hooked: NtSetLowEventPair : 776144D0
Potentially hooked: NtSetLowWaitHighEventPair : 776144E0
Potentially hooked: NtSetQuotaInformationFile : 776144F0
Potentially hooked: NtSetSecurityObject : 77614500
Potentially hooked: NtSetSystemEnvironmentValue : 77614510
Potentially hooked: NtSetSystemEnvironmentValueEx : 77614520
Potentially hooked: NtSetSystemInformation : 77614530
Potentially hooked: NtSetSystemPowerState : 77614540
Potentially hooked: NtSetSystemTime : 77614550
Potentially hooked: NtSetThreadExecutionState : 77614560
Potentially hooked: NtSetTimer : 776130B0
Potentially hooked: NtSetTimer2 : 77614570
Potentially hooked: NtSetTimerEx : 77614580
Potentially hooked: NtSetTimerResolution : 77614590
Potentially hooked: NtSetUuidSeed : 776145A0
Potentially hooked: NtSetValueKey : 77613090
Potentially hooked: NtSetVolumeInformationFile : 776145B0
Potentially hooked: NtSetWnfProcessNotificationEvent : 776145C0
Potentially hooked: NtShutdownSystem : 776145D0
Potentially hooked: NtShutdownWorkerFactory : 776145E0
Potentially hooked: NtSignalAndWaitForSingleObject : 776145F0
Potentially hooked: NtSinglePhaseReject : 77614600
Potentially hooked: NtStartProfile : 77614610
Potentially hooked: NtStopProfile : 77614620
Potentially hooked: NtSubscribeWnfStateChange : 77614630
Potentially hooked: NtSuspendProcess : 77614640
Potentially hooked: NtSuspendThread : 77614650
Potentially hooked: NtSystemDebugControl : 77614660
Potentially hooked: NtTerminateEnclave : 77614670
Potentially hooked: NtTerminateJobObject : 77614680
Potentially hooked: NtTerminateProcess : 77612D50
Potentially hooked: NtTerminateThread : 77612FC0
Potentially hooked: NtTestAlert : 77614690
Potentially hooked: NtThawRegistry : 776146A0
Potentially hooked: NtThawTransactions : 776146B0
Potentially hooked: NtTraceControl : 776146C0
Potentially hooked: NtTraceEvent : 77613070
Potentially hooked: NtTranslateFilePath : 776146D0
Potentially hooked: NtUmsThreadYield : 776146E0
Potentially hooked: NtUnloadDriver : 776146F0
Potentially hooked: NtUnloadKey : 77614700
Potentially hooked: NtUnloadKey2 : 77614710
Potentially hooked: NtUnloadKeyEx : 77614720
Potentially hooked: NtUnlockFile : 77614730
Potentially hooked: NtUnlockVirtualMemory : 77614740
Potentially hooked: NtUnmapViewOfSection : 77612D30
Potentially hooked: NtUnmapViewOfSectionEx : 77614750
Potentially hooked: NtUnsubscribeWnfStateChange : 77614760
Potentially hooked: NtUpdateWnfStateData : 77614770
Potentially hooked: NtVdmControl : 77614780
Potentially hooked: NtWaitForAlertByThreadId : 77614790
Potentially hooked: NtWaitForDebugEvent : 776147A0
Potentially hooked: NtWaitForKeyedEvent : 776147B0
Potentially hooked: NtWaitForMultipleObjects : 77613040
Potentially hooked: NtWaitForMultipleObjects32 : 77612C30
Potentially hooked: NtWaitForSingleObject : 77612AB0
Potentially hooked: NtWaitForWorkViaWorkerFactory : 776147C0
Potentially hooked: NtWaitHighEventPair : 776147D0
Potentially hooked: NtWaitLowEventPair : 776147E0
Potentially hooked: NtWorkerFactoryWorkerReady : 77612A80
Potentially hooked: NtWow64AllocateVirtualMemory64 : 776148E0
Potentially hooked: NtWow64CallFunction64 : 77614910
Potentially hooked: NtWow64CsrAllocateCaptureBuffer : 77614830
Potentially hooked: NtWow64CsrAllocateMessagePointer : 77614850
Potentially hooked: NtWow64CsrCaptureMessageBuffer : 77614860
Potentially hooked: NtWow64CsrCaptureMessageString : 77614870
Potentially hooked: NtWow64CsrClientCallServer : 77614820
Potentially hooked: NtWow64CsrClientConnectToServer : 77614800
Potentially hooked: NtWow64CsrFreeCaptureBuffer : 77614840
Potentially hooked: NtWow64CsrGetProcessId : 77614880
Potentially hooked: NtWow64CsrIdentifyAlertableThread : 77614810
Potentially hooked: NtWow64CsrVerifyRegion : 77614890
Potentially hooked: NtWow64DebuggerCall : 776148A0
Potentially hooked: NtWow64GetCurrentProcessorNumberEx : 776148B0
Potentially hooked: NtWow64GetNativeSystemInformation : 776148C0
Potentially hooked: NtWow64IsProcessorFeaturePresent : 77614920
Potentially hooked: NtWow64QueryInformationProcess64 : 776148D0
Potentially hooked: NtWow64ReadVirtualMemory64 : 776148F0
Potentially hooked: NtWow64WriteVirtualMemory64 : 77614900
Potentially hooked: NtWriteFile : 77612AF0
Potentially hooked: NtWriteFileGather : 77612C40
Potentially hooked: NtWriteRequestData : 77613000
Potentially hooked: NtWriteVirtualMemory : 77612E30
Potentially hooked: NtYieldExecution : 77612EF0
Potentially hooked: NtdllDefWindowProc_A : 77627F90
Potentially hooked: NtdllDefWindowProc_W : 77627FA0
Potentially hooked: NtdllDialogWndProc_A : 77628050
Potentially hooked: NtdllDialogWndProc_W : 77628060
Potentially hooked: ZwAcceptConnectPort : 77612A90
Potentially hooked: ZwAccessCheck : 77612A70
Potentially hooked: ZwAccessCheckAndAuditAlarm : 77612D20
Potentially hooked: ZwAccessCheckByType : 776130C0
Potentially hooked: ZwAccessCheckByTypeAndAuditAlarm : 77613020
Potentially hooked: ZwAccessCheckByTypeResultList : 776130D0
Potentially hooked: ZwAccessCheckByTypeResultListAndAuditAlarm : 776130E0
Potentially hooked: ZwAccessCheckByTypeResultListAndAuditAlarmByHandle : 776130F0
Potentially hooked: ZwAcquireCrossVmMutant : 77613100
Potentially hooked: ZwAcquireProcessActivityReference : 77613110
Potentially hooked: ZwAddAtom : 77612F00
Potentially hooked: ZwAddAtomEx : 77613120
Potentially hooked: ZwAddBootEntry : 77613130
Potentially hooked: ZwAddDriverEntry : 77613140
Potentially hooked: ZwAdjustGroupsToken : 77613150
Potentially hooked: ZwAdjustPrivilegesToken : 77612EA0
Potentially hooked: ZwAdjustTokenClaimsAndDeviceGroups : 77613160
Potentially hooked: ZwAlertResumeThread : 77613170
Potentially hooked: ZwAlertThread : 77613180
Potentially hooked: ZwAlertThreadByThreadId : 77613190
Potentially hooked: ZwAllocateLocallyUniqueId : 776131A0
Potentially hooked: ZwAllocateReserveObject : 776131B0
Potentially hooked: ZwAllocateUserPhysicalPages : 776131C0
Potentially hooked: ZwAllocateUserPhysicalPagesEx : 776131D0
Potentially hooked: ZwAllocateUuids : 776131E0
Potentially hooked: ZwAllocateVirtualMemory : 77612BF0
Potentially hooked: ZwAllocateVirtualMemoryEx : 776131F0
Potentially hooked: ZwAlpcAcceptConnectPort : 77613200
Potentially hooked: ZwAlpcCancelMessage : 77613210
Potentially hooked: ZwAlpcConnectPort : 77613220
Potentially hooked: ZwAlpcConnectPortEx : 77613230
Potentially hooked: ZwAlpcCreatePort : 77613240
Potentially hooked: ZwAlpcCreatePortSection : 77613250
Potentially hooked: ZwAlpcCreateResourceReserve : 77613260
Potentially hooked: ZwAlpcCreateSectionView : 77613270
Potentially hooked: ZwAlpcCreateSecurityContext : 77613280
Potentially hooked: ZwAlpcDeletePortSection : 77613290
Potentially hooked: ZwAlpcDeleteResourceReserve : 776132A0
Potentially hooked: ZwAlpcDeleteSectionView : 776132B0
Potentially hooked: ZwAlpcDeleteSecurityContext : 776132C0
Potentially hooked: ZwAlpcDisconnectPort : 776132D0
Potentially hooked: ZwAlpcImpersonateClientContainerOfPort : 776132E0
Potentially hooked: ZwAlpcImpersonateClientOfPort : 776132F0
Potentially hooked: ZwAlpcOpenSenderProcess : 77613300
Potentially hooked: ZwAlpcOpenSenderThread : 77613310
Potentially hooked: ZwAlpcQueryInformation : 77613320
Potentially hooked: ZwAlpcQueryInformationMessage : 77613330
Potentially hooked: ZwAlpcRevokeSecurityContext : 77613340
Potentially hooked: ZwAlpcSendWaitReceivePort : 77613350
Potentially hooked: ZwAlpcSetInformation : 77613360
Potentially hooked: ZwApphelpCacheControl : 77612F50
Potentially hooked: ZwAreMappedFilesTheSame : 77613370
Potentially hooked: ZwAssignProcessToJobObject : 77613380
Potentially hooked: ZwAssociateWaitCompletionPacket : 77613390
Potentially hooked: ZwCallEnclave : 776133A0
Potentially hooked: ZwCallbackReturn : 77612AC0
Potentially hooked: ZwCancelIoFile : 77613060
Potentially hooked: ZwCancelIoFileEx : 776133B0
Potentially hooked: ZwCancelSynchronousIoFile : 776133C0
Potentially hooked: ZwCancelTimer : 776130A0
Potentially hooked: ZwCancelTimer2 : 776133D0
Potentially hooked: ZwCancelWaitCompletionPacket : 776133E0
Potentially hooked: ZwClearEvent : 77612E70
Potentially hooked: ZwClose : 77612B60
Potentially hooked: ZwCloseObjectAuditAlarm : 77612E40
Potentially hooked: ZwCommitComplete : 776133F0
Potentially hooked: ZwCommitEnlistment : 77613400
Potentially hooked: ZwCommitRegistryTransaction : 77613410
Potentially hooked: ZwCommitTransaction : 77613420
Potentially hooked: ZwCompactKeys : 77613430
Potentially hooked: ZwCompareObjects : 77613440
Potentially hooked: ZwCompareSigningLevels : 77613450
Potentially hooked: ZwCompareTokens : 77613460
Potentially hooked: ZwCompleteConnectPort : 77613470
Potentially hooked: ZwCompressKey : 77613480
Potentially hooked: ZwConnectPort : 77613490
Potentially hooked: ZwContinue : 77612EC0
Potentially hooked: ZwContinueEx : 776134A0
Potentially hooked: ZwConvertBetweenAuxiliaryCounterAndPerformanceCounter : 776134B0
Potentially hooked: ZwCreateCrossVmEvent : 776134C0
Potentially hooked: ZwCreateCrossVmMutant : 776134D0
Potentially hooked: ZwCreateDebugObject : 776134E0
Potentially hooked: ZwCreateDirectoryObject : 776134F0
Potentially hooked: ZwCreateDirectoryObjectEx : 77613500
Potentially hooked: ZwCreateEnclave : 77613510
Potentially hooked: ZwCreateEnlistment : 77613520
Potentially hooked: ZwCreateEvent : 77612F10
Potentially hooked: ZwCreateEventPair : 77613530
Potentially hooked: ZwCreateFile : 77612FE0
Potentially hooked: ZwCreateIRTimer : 77613540
Potentially hooked: ZwCreateIoCompletion : 77613550
Potentially hooked: ZwCreateJobObject : 77613560
Potentially hooked: ZwCreateJobSet : 77613570
Potentially hooked: ZwCreateKey : 77612C60
Potentially hooked: ZwCreateKeyTransacted : 77613580
Potentially hooked: ZwCreateKeyedEvent : 77613590
Potentially hooked: ZwCreateLowBoxToken : 776135A0
Potentially hooked: ZwCreateMailslotFile : 776135B0
Potentially hooked: ZwCreateMutant : 776135C0
Potentially hooked: ZwCreateNamedPipeFile : 776135D0
Potentially hooked: ZwCreatePagingFile : 776135E0
Potentially hooked: ZwCreatePartition : 776135F0
Potentially hooked: ZwCreatePort : 77613600
Potentially hooked: ZwCreatePrivateNamespace : 77613610
Potentially hooked: ZwCreateProcess : 77613620
Potentially hooked: ZwCreateProcessEx : 77612F60
Potentially hooked: ZwCreateProfile : 77613630
Potentially hooked: ZwCreateProfileEx : 77613640
Potentially hooked: ZwCreateRegistryTransaction : 77613650
Potentially hooked: ZwCreateResourceManager : 77613660
Potentially hooked: ZwCreateSection : 77612F30
Potentially hooked: ZwCreateSectionEx : 77613670
Potentially hooked: ZwCreateSemaphore : 77613680
Potentially hooked: ZwCreateSymbolicLinkObject : 77613690
Potentially hooked: ZwCreateThread : 77612F70
Potentially hooked: ZwCreateThreadEx : 776136A0
Potentially hooked: ZwCreateTimer : 776136B0
Potentially hooked: ZwCreateTimer2 : 776136C0
Potentially hooked: ZwCreateToken : 776136D0
Potentially hooked: ZwCreateTokenEx : 776136E0
Potentially hooked: ZwCreateTransaction : 776136F0
Potentially hooked: ZwCreateTransactionManager : 77613700
Potentially hooked: ZwCreateUserProcess : 77613710
Potentially hooked: ZwCreateWaitCompletionPacket : 77613720
Potentially hooked: ZwCreateWaitablePort : 77613730
Potentially hooked: ZwCreateWnfStateName : 77613740
Potentially hooked: ZwCreateWorkerFactory : 77613750
Potentially hooked: ZwDebugActiveProcess : 77613760
Potentially hooked: ZwDebugContinue : 77613770
Potentially hooked: ZwDelayExecution : 77612DD0
Potentially hooked: ZwDeleteAtom : 77613780
Potentially hooked: ZwDeleteBootEntry : 77613790
Potentially hooked: ZwDeleteDriverEntry : 776137A0
Potentially hooked: ZwDeleteFile : 776137B0
Potentially hooked: ZwDeleteKey : 776137C0
Potentially hooked: ZwDeleteObjectAuditAlarm : 776137D0
Potentially hooked: ZwDeletePrivateNamespace : 776137E0
Potentially hooked: ZwDeleteValueKey : 776137F0
Potentially hooked: ZwDeleteWnfStateData : 77613800
Potentially hooked: ZwDeleteWnfStateName : 77613810
Potentially hooked: ZwDeviceIoControlFile : 77612AE0
Potentially hooked: ZwDirectGraphicsCall : 77613820
Potentially hooked: ZwDisableLastKnownGood : 77613830
Potentially hooked: ZwDisplayString : 77613840
Potentially hooked: ZwDrawText : 77613850
Potentially hooked: ZwDuplicateObject : 77612E50
Potentially hooked: ZwDuplicateToken : 77612EB0
Potentially hooked: ZwEnableLastKnownGood : 77613860
Potentially hooked: ZwEnumerateBootEntries : 77613870
Potentially hooked: ZwEnumerateDriverEntries : 77613880
Potentially hooked: ZwEnumerateKey : 77612DB0
Potentially hooked: ZwEnumerateSystemEnvironmentValuesEx : 77613890
Potentially hooked: ZwEnumerateTransactionObject : 776138A0
Potentially hooked: ZwEnumerateValueKey : 77612BA0
Potentially hooked: ZwExtendSection : 776138B0
Potentially hooked: ZwFilterBootOption : 776138C0
Potentially hooked: ZwFilterToken : 776138D0
Potentially hooked: ZwFilterTokenEx : 776138E0
Potentially hooked: ZwFindAtom : 77612BB0
Potentially hooked: ZwFlushBuffersFile : 77612F40
Potentially hooked: ZwFlushBuffersFileEx : 776138F0
Potentially hooked: ZwFlushInstallUILanguage : 77613900
Potentially hooked: ZwFlushInstructionCache : 77613910
Potentially hooked: ZwFlushKey : 77613920
Potentially hooked: ZwFlushProcessWriteBuffers : 77613930
Potentially hooked: ZwFlushVirtualMemory : 77613940
Potentially hooked: ZwFlushWriteBuffer : 77613950
Potentially hooked: ZwFreeUserPhysicalPages : 77613960
Potentially hooked: ZwFreeVirtualMemory : 77612C70
Potentially hooked: ZwFreezeRegistry : 77613970
Potentially hooked: ZwFreezeTransactions : 77613980
Potentially hooked: ZwFsControlFile : 77612E20
Potentially hooked: ZwGetCachedSigningLevel : 77613990
Potentially hooked: ZwGetCompleteWnfStateSubscription : 776139A0
Potentially hooked: ZwGetContextThread : 776139B0
Potentially hooked: ZwGetCurrentProcessorNumber : 776139C0
Potentially hooked: ZwGetCurrentProcessorNumberEx : 776139D0
Potentially hooked: ZwGetDevicePowerState : 776139E0
Potentially hooked: ZwGetMUIRegistryInfo : 776139F0
Potentially hooked: ZwGetNextProcess : 77613A00
Potentially hooked: ZwGetNextThread : 77613A10
Potentially hooked: ZwGetNlsSectionPtr : 77613A20
Potentially hooked: ZwGetNotificationResourceManager : 77613A30
Potentially hooked: ZwGetWriteWatch : 77613A40
Potentially hooked: ZwImpersonateAnonymousToken : 77613A50
Potentially hooked: ZwImpersonateClientOfPort : 77612C80
Potentially hooked: ZwImpersonateThread : 77613A60
Potentially hooked: ZwInitializeEnclave : 77613A70
Potentially hooked: ZwInitializeNlsFiles : 77613A80
Potentially hooked: ZwInitializeRegistry : 77613A90
Potentially hooked: ZwInitiatePowerAction : 77613AA0
Potentially hooked: ZwIsProcessInJob : 77612F80
Potentially hooked: ZwIsSystemResumeAutomatic : 77613AB0
Potentially hooked: ZwIsUILanguageComitted : 77613AC0
Potentially hooked: ZwListenPort : 77613AD0
Potentially hooked: ZwLoadDriver : 77613AE0
Potentially hooked: ZwLoadEnclaveData : 77613AF0
Potentially hooked: ZwLoadKey : 77613B00
Potentially hooked: ZwLoadKey2 : 77613B10
Potentially hooked: ZwLoadKey3 : 776147F0
Potentially hooked: ZwLoadKeyEx : 77613B20
Potentially hooked: ZwLockFile : 77613B30
Potentially hooked: ZwLockProductActivationKeys : 77613B40
Potentially hooked: ZwLockRegistryKey : 77613B50
Potentially hooked: ZwLockVirtualMemory : 77613B60
Potentially hooked: ZwMakePermanentObject : 77613B70
Potentially hooked: ZwMakeTemporaryObject : 77613B80
Potentially hooked: ZwManageHotPatch : 77613B90
Potentially hooked: ZwManagePartition : 77613BA0
Potentially hooked: ZwMapCMFModule : 77613BB0
Potentially hooked: ZwMapUserPhysicalPages : 77613BC0
Potentially hooked: ZwMapUserPhysicalPagesScatter : 77612AA0
Potentially hooked: ZwMapViewOfSection : 77612D10
Potentially hooked: ZwMapViewOfSectionEx : 77613BD0
Potentially hooked: ZwModifyBootEntry : 77613BE0
Potentially hooked: ZwModifyDriverEntry : 77613BF0
Potentially hooked: ZwNotifyChangeDirectoryFile : 77613C00
Potentially hooked: ZwNotifyChangeDirectoryFileEx : 77613C10
Potentially hooked: ZwNotifyChangeKey : 77613C20
Potentially hooked: ZwNotifyChangeMultipleKeys : 77613C30
Potentially hooked: ZwNotifyChangeSession : 77613C40
Potentially hooked: ZwOpenDirectoryObject : 77613010
Potentially hooked: ZwOpenEnlistment : 77613C50
Potentially hooked: ZwOpenEvent : 77612E90
Potentially hooked: ZwOpenEventPair : 77613C60
Potentially hooked: ZwOpenFile : 77612DC0
Potentially hooked: ZwOpenIoCompletion : 77613C70
Potentially hooked: ZwOpenJobObject : 77613C80
Potentially hooked: ZwOpenKey : 77612B90
Potentially hooked: ZwOpenKeyEx : 77613C90
Potentially hooked: ZwOpenKeyTransacted : 77613CA0
Potentially hooked: ZwOpenKeyTransactedEx : 77613CB0
Potentially hooked: ZwOpenKeyedEvent : 77613CC0
Potentially hooked: ZwOpenMutant : 77613CD0
Potentially hooked: ZwOpenObjectAuditAlarm : 77613CE0
Potentially hooked: ZwOpenPartition : 77613CF0
Potentially hooked: ZwOpenPrivateNamespace : 77613D00
Potentially hooked: ZwOpenProcess : 77612CF0
Potentially hooked: ZwOpenProcessToken : 77613D10
Potentially hooked: ZwOpenProcessTokenEx : 77612D90
Potentially hooked: ZwOpenRegistryTransaction : 77613D20
Potentially hooked: ZwOpenResourceManager : 77613D30
Potentially hooked: ZwOpenSection : 77612E00
Potentially hooked: ZwOpenSemaphore : 77613D40
Potentially hooked: ZwOpenSession : 77613D50
Potentially hooked: ZwOpenSymbolicLinkObject : 77613D60
Potentially hooked: ZwOpenThread : 77613D70
Potentially hooked: ZwOpenThreadToken : 77612CD0
Potentially hooked: ZwOpenThreadTokenEx : 77612D80
Potentially hooked: ZwOpenTimer : 77613D80
Potentially hooked: ZwOpenTransaction : 77613D90
Potentially hooked: ZwOpenTransactionManager : 77613DA0
Potentially hooked: ZwPlugPlayControl : 77613DB0
Potentially hooked: ZwPowerInformation : 77613080
Potentially hooked: ZwPrePrepareComplete : 77613DC0
Potentially hooked: ZwPrePrepareEnlistment : 77613DD0
Potentially hooked: ZwPrepareComplete : 77613DE0
Potentially hooked: ZwPrepareEnlistment : 77613DF0
Potentially hooked: ZwPrivilegeCheck : 77613E00
Potentially hooked: ZwPrivilegeObjectAuditAlarm : 77613E10
Potentially hooked: ZwPrivilegedServiceAuditAlarm : 77613E20
Potentially hooked: ZwPropagationComplete : 77613E30
Potentially hooked: ZwPropagationFailed : 77613E40
Potentially hooked: ZwProtectVirtualMemory : 77612F90
Potentially hooked: ZwPssCaptureVaSpaceBulk : 77613E50
Potentially hooked: ZwPulseEvent : 77613E60
Potentially hooked: ZwQueryAttributesFile : 77612E60
Potentially hooked: ZwQueryAuxiliaryCounterFrequency : 77613E70
Potentially hooked: ZwQueryBootEntryOrder : 77613E80
Potentially hooked: ZwQueryBootOptions : 77613E90
Potentially hooked: ZwQueryDebugFilterState : 77613EA0
Potentially hooked: ZwQueryDefaultLocale : 77612BC0
Potentially hooked: ZwQueryDefaultUILanguage : 77612ED0
Potentially hooked: ZwQueryDirectoryFile : 77612DE0
Potentially hooked: ZwQueryDirectoryFileEx : 77613EB0
Potentially hooked: ZwQueryDirectoryObject : 77613EC0
Potentially hooked: ZwQueryDriverEntryOrder : 77613ED0
Potentially hooked: ZwQueryEaFile : 77613EE0
Potentially hooked: ZwQueryEvent : 77612FF0
Potentially hooked: ZwQueryFullAttributesFile : 77613EF0
Potentially hooked: ZwQueryInformationAtom : 77613F00
Potentially hooked: ZwQueryInformationByName : 77613F10
Potentially hooked: ZwQueryInformationEnlistment : 77613F20
Potentially hooked: ZwQueryInformationFile : 77612B80
Potentially hooked: ZwQueryInformationJobObject : 77613F30
Potentially hooked: ZwQueryInformationPort : 77613F40
Potentially hooked: ZwQueryInformationProcess : 77612C00
Potentially hooked: ZwQueryInformationResourceManager : 77613F50
Potentially hooked: ZwQueryInformationThread : 77612CE0
Potentially hooked: ZwQueryInformationToken : 77612CA0
Potentially hooked: ZwQueryInformationTransaction : 77613F60
Potentially hooked: ZwQueryInformationTransactionManager : 77613F70
Potentially hooked: ZwQueryInformationWorkerFactory : 77613F80
Potentially hooked: ZwQueryInstallUILanguage : 77613F90
Potentially hooked: ZwQueryIntervalProfile : 77613FA0
Potentially hooked: ZwQueryIoCompletion : 77613FB0
Potentially hooked: ZwQueryKey : 77612BD0
Potentially hooked: ZwQueryLicenseValue : 77613FC0
Potentially hooked: ZwQueryMultipleValueKey : 77613FD0
Potentially hooked: ZwQueryMutant : 77613FE0
Potentially hooked: ZwQueryObject : 77612B70
Potentially hooked: ZwQueryOpenSubKeys : 77613FF0
Potentially hooked: ZwQueryOpenSubKeysEx : 77614000
Potentially hooked: ZwQueryPerformanceCounter : 77612DA0
Potentially hooked: ZwQueryPortInformationProcess : 77614010
Potentially hooked: ZwQueryQuotaInformationFile : 77614020
Potentially hooked: ZwQuerySection : 77612FA0
Potentially hooked: ZwQuerySecurityAttributesToken : 77614030
Potentially hooked: ZwQuerySecurityObject : 77614040
Potentially hooked: ZwQuerySecurityPolicy : 77614050
Potentially hooked: ZwQuerySemaphore : 77614060
Potentially hooked: ZwQuerySymbolicLinkObject : 77614070
Potentially hooked: ZwQuerySystemEnvironmentValue : 77614080
Potentially hooked: ZwQuerySystemEnvironmentValueEx : 77614090
Potentially hooked: ZwQuerySystemInformation : 77612DF0
Potentially hooked: ZwQuerySystemInformationEx : 776140A0
Potentially hooked: ZwQuerySystemTime : 77613030
Potentially hooked: ZwQueryTimer : 77612E10
Potentially hooked: ZwQueryTimerResolution : 776140B0
Potentially hooked: ZwQueryValueKey : 77612BE0
Potentially hooked: ZwQueryVirtualMemory : 77612CC0
Potentially hooked: ZwQueryVolumeInformationFile : 77612F20
Potentially hooked: ZwQueryWnfStateData : 776140C0
Potentially hooked: ZwQueryWnfStateNameInformation : 776140D0
Potentially hooked: ZwQueueApcThread : 77612EE0
Potentially hooked: ZwQueueApcThreadEx : 776140E0
Potentially hooked: ZwRaiseException : 776140F0
Potentially hooked: ZwRaiseHardError : 77614100
Potentially hooked: ZwReadFile : 77612AD0
Potentially hooked: ZwReadFileScatter : 77612D70
Potentially hooked: ZwReadOnlyEnlistment : 77614110
Potentially hooked: ZwReadRequestData : 77612FD0
Potentially hooked: ZwReadVirtualMemory : 77612E80
Potentially hooked: ZwRecoverEnlistment : 77614120
Potentially hooked: ZwRecoverResourceManager : 77614130
Potentially hooked: ZwRecoverTransactionManager : 77614140
Potentially hooked: ZwRegisterProtocolAddressInformation : 77614150
Potentially hooked: ZwRegisterThreadTerminatePort : 77614160
Potentially hooked: ZwReleaseKeyedEvent : 77614170
Potentially hooked: ZwReleaseMutant : 77612C90
Potentially hooked: ZwReleaseSemaphore : 77612B10
Potentially hooked: ZwReleaseWorkerFactoryWorker : 77614180
Potentially hooked: ZwRemoveIoCompletion : 77612B00
Potentially hooked: ZwRemoveIoCompletionEx : 77614190
Potentially hooked: ZwRemoveProcessDebug : 776141A0
Potentially hooked: ZwRenameKey : 776141B0
Potentially hooked: ZwRenameTransactionManager : 776141C0
Potentially hooked: ZwReplaceKey : 776141D0
Potentially hooked: ZwReplacePartitionUnit : 776141E0
Potentially hooked: ZwReplyPort : 77612B30
Potentially hooked: ZwReplyWaitReceivePort : 77612B20
Potentially hooked: ZwReplyWaitReceivePortEx : 77612D40
Potentially hooked: ZwReplyWaitReplyPort : 776141F0
Potentially hooked: ZwRequestPort : 77614200
Potentially hooked: ZwRequestWaitReplyPort : 77612CB0
Potentially hooked: ZwResetEvent : 77614210
Potentially hooked: ZwResetWriteWatch : 77614220
Potentially hooked: ZwRestoreKey : 77614230
Potentially hooked: ZwResumeProcess : 77614240
Potentially hooked: ZwResumeThread : 77612FB0
Potentially hooked: ZwRevertContainerImpersonation : 77614250
Potentially hooked: ZwRollbackComplete : 77614260
Potentially hooked: ZwRollbackEnlistment : 77614270
Potentially hooked: ZwRollbackRegistryTransaction : 77614280
Potentially hooked: ZwRollbackTransaction : 77614290
Potentially hooked: ZwRollforwardTransactionManager : 776142A0
Potentially hooked: ZwSaveKey : 776142B0
Potentially hooked: ZwSaveKeyEx : 776142C0
Potentially hooked: ZwSaveMergedKeys : 776142D0
Potentially hooked: ZwSecureConnectPort : 776142E0
Potentially hooked: ZwSerializeBoot : 776142F0
Potentially hooked: ZwSetBootEntryOrder : 77614300
Potentially hooked: ZwSetBootOptions : 77614310
Potentially hooked: ZwSetCachedSigningLevel : 77614320
Potentially hooked: ZwSetCachedSigningLevel2 : 77614330
Potentially hooked: ZwSetContextThread : 77614340
Potentially hooked: ZwSetDebugFilterState : 77614350
Potentially hooked: ZwSetDefaultHardErrorPort : 77614360
Potentially hooked: ZwSetDefaultLocale : 77614370
Potentially hooked: ZwSetDefaultUILanguage : 77614380
Potentially hooked: ZwSetDriverEntryOrder : 77614390
Potentially hooked: ZwSetEaFile : 776143A0
Potentially hooked: ZwSetEvent : 77612B50
Potentially hooked: ZwSetEventBoostPriority : 77612D60
Potentially hooked: ZwSetHighEventPair : 776143B0
Potentially hooked: ZwSetHighWaitLowEventPair : 776143C0
Potentially hooked: ZwSetIRTimer : 776143D0
Potentially hooked: ZwSetInformationDebugObject : 776143E0
Potentially hooked: ZwSetInformationEnlistment : 776143F0
Potentially hooked: ZwSetInformationFile : 77612D00
Potentially hooked: ZwSetInformationJobObject : 77614400
Potentially hooked: ZwSetInformationKey : 77614410
Potentially hooked: ZwSetInformationObject : 77613050
Potentially hooked: ZwSetInformationProcess : 77612C50
Potentially hooked: ZwSetInformationResourceManager : 77614420
Potentially hooked: ZwSetInformationSymbolicLink : 77614430
Potentially hooked: ZwSetInformationThread : 77612B40
Potentially hooked: ZwSetInformationToken : 77614440
Potentially hooked: ZwSetInformationTransaction : 77614450
Potentially hooked: ZwSetInformationTransactionManager : 77614460
Potentially hooked: ZwSetInformationVirtualMemory : 77614470
Potentially hooked: ZwSetInformationWorkerFactory : 77614480
Potentially hooked: ZwSetIntervalProfile : 77614490
Potentially hooked: ZwSetIoCompletion : 776144A0
Potentially hooked: ZwSetIoCompletionEx : 776144B0
Potentially hooked: ZwSetLdtEntries : 776144C0
Potentially hooked: ZwSetLowEventPair : 776144D0
Potentially hooked: ZwSetLowWaitHighEventPair : 776144E0
Potentially hooked: ZwSetQuotaInformationFile : 776144F0
Potentially hooked: ZwSetSecurityObject : 77614500
Potentially hooked: ZwSetSystemEnvironmentValue : 77614510
Potentially hooked: ZwSetSystemEnvironmentValueEx : 77614520
Potentially hooked: ZwSetSystemInformation : 77614530
Potentially hooked: ZwSetSystemPowerState : 77614540
Potentially hooked: ZwSetSystemTime : 77614550
Potentially hooked: ZwSetThreadExecutionState : 77614560
Potentially hooked: ZwSetTimer : 776130B0
Potentially hooked: ZwSetTimer2 : 77614570
Potentially hooked: ZwSetTimerEx : 77614580
Potentially hooked: ZwSetTimerResolution : 77614590
Potentially hooked: ZwSetUuidSeed : 776145A0
Potentially hooked: ZwSetValueKey : 77613090
Potentially hooked: ZwSetVolumeInformationFile : 776145B0
Potentially hooked: ZwSetWnfProcessNotificationEvent : 776145C0
Potentially hooked: ZwShutdownSystem : 776145D0
Potentially hooked: ZwShutdownWorkerFactory : 776145E0
Potentially hooked: ZwSignalAndWaitForSingleObject : 776145F0
Potentially hooked: ZwSinglePhaseReject : 77614600
Potentially hooked: ZwStartProfile : 77614610
Potentially hooked: ZwStopProfile : 77614620
Potentially hooked: ZwSubscribeWnfStateChange : 77614630
Potentially hooked: ZwSuspendProcess : 77614640
Potentially hooked: ZwSuspendThread : 77614650
Potentially hooked: ZwSystemDebugControl : 77614660
Potentially hooked: ZwTerminateEnclave : 77614670
Potentially hooked: ZwTerminateJobObject : 77614680
Potentially hooked: ZwTerminateProcess : 77612D50
Potentially hooked: ZwTerminateThread : 77612FC0
Potentially hooked: ZwTestAlert : 77614690
Potentially hooked: ZwThawRegistry : 776146A0
Potentially hooked: ZwThawTransactions : 776146B0
Potentially hooked: ZwTraceControl : 776146C0
Potentially hooked: ZwTraceEvent : 77613070
Potentially hooked: ZwTranslateFilePath : 776146D0
Potentially hooked: ZwUmsThreadYield : 776146E0
Potentially hooked: ZwUnloadDriver : 776146F0
Potentially hooked: ZwUnloadKey : 77614700
Potentially hooked: ZwUnloadKey2 : 77614710
Potentially hooked: ZwUnloadKeyEx : 77614720
Potentially hooked: ZwUnlockFile : 77614730
Potentially hooked: ZwUnlockVirtualMemory : 77614740
Potentially hooked: ZwUnmapViewOfSection : 77612D30
Potentially hooked: ZwUnmapViewOfSectionEx : 77614750
Potentially hooked: ZwUnsubscribeWnfStateChange : 77614760
Potentially hooked: ZwUpdateWnfStateData : 77614770
Potentially hooked: ZwVdmControl : 77614780
Potentially hooked: ZwWaitForAlertByThreadId : 77614790
Potentially hooked: ZwWaitForDebugEvent : 776147A0
Potentially hooked: ZwWaitForKeyedEvent : 776147B0
Potentially hooked: ZwWaitForMultipleObjects : 77613040
Potentially hooked: ZwWaitForMultipleObjects32 : 77612C30
Potentially hooked: ZwWaitForSingleObject : 77612AB0
Potentially hooked: ZwWaitForWorkViaWorkerFactory : 776147C0
Potentially hooked: ZwWaitHighEventPair : 776147D0
Potentially hooked: ZwWaitLowEventPair : 776147E0
Potentially hooked: ZwWorkerFactoryWorkerReady : 77612A80
Potentially hooked: ZwWow64AllocateVirtualMemory64 : 776148E0
Potentially hooked: ZwWow64CallFunction64 : 77614910
Potentially hooked: ZwWow64CsrAllocateCaptureBuffer : 77614830
Potentially hooked: ZwWow64CsrAllocateMessagePointer : 77614850
Potentially hooked: ZwWow64CsrCaptureMessageBuffer : 77614860
Potentially hooked: ZwWow64CsrCaptureMessageString : 77614870
Potentially hooked: ZwWow64CsrClientCallServer : 77614820
Potentially hooked: ZwWow64CsrClientConnectToServer : 77614800
Potentially hooked: ZwWow64CsrFreeCaptureBuffer : 77614840
Potentially hooked: ZwWow64CsrGetProcessId : 77614880
Potentially hooked: ZwWow64CsrIdentifyAlertableThread : 77614810
Potentially hooked: ZwWow64CsrVerifyRegion : 77614890
Potentially hooked: ZwWow64DebuggerCall : 776148A0
Potentially hooked: ZwWow64GetCurrentProcessorNumberEx : 776148B0
Potentially hooked: ZwWow64GetNativeSystemInformation : 776148C0
Potentially hooked: ZwWow64IsProcessorFeaturePresent : 77614920
Potentially hooked: ZwWow64QueryInformationProcess64 : 776148D0
Potentially hooked: ZwWow64ReadVirtualMemory64 : 776148F0
Potentially hooked: ZwWow64WriteVirtualMemory64 : 77614900
Potentially hooked: ZwWriteFile : 77612AF0
Potentially hooked: ZwWriteFileGather : 77612C40
Potentially hooked: ZwWriteRequestData : 77613000
Potentially hooked: ZwWriteVirtualMemory : 77612E30
Potentially hooked: ZwYieldExecution : 77612EF0