PDB Symbols - WdFilter.sys (0x7E510269FE9984CDAB42A6C053F18C9B65A3DAD431D3050F83192995E83FDF7C)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\drivers\WdFilter.sys Base=0x1C0000000 SHA-256=7E510269FE9984CDAB42A6C053F18C9B65A3DAD431D3050F83192995E83FDF7C
PDB: WdFilter.pdb GUID={D3E0E60B-F29C-562A-0D3F2CF1D95A8321} Age=1

1363 located named symbols:
0x1C000C4E0: "\MicrosoftMalwareProtectionAsync" ??_C@_1EK@EJJJLKBI@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAA?$AAs?$AAy?$AAn?$AAc@
0x1C001F378: MpHandleProcessNotification
0x1C0016068: "__cdecl _imp_FltIs32bitProcess" __imp_FltIs32bitProcess
0x1C0032020: MpFreeFileStateGenericTableEntry
0x1C0016130: "__cdecl _imp_FltSetCallbackDataDirty" __imp_FltSetCallbackDataDirty
0x1C00086E0: WppClassicProviderCallback
0x1C000D670: "FALSE" ??_C@_05MAJJAKPI@FALSE?$AA@
0x1C004A424: MpRegisterThreadBoost
0x1C000C7F0: "\poqexec.exe" ??_C@_1BK@IEJLLEA@?$AA?2?$AAp?$AAo?$AAq?$AAe?$AAx?$AAe?$AAc?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C004779C: MpShutdownProcessTable
0x1C0016410: "__cdecl _imp_SeCaptureSubjectContext" __imp_SeCaptureSubjectContext
0x1C000CED8: "FsRtlQueryCachedVdl" ??_C@_1CI@MLLDPLKE@?$AAF?$AAs?$AAR?$AAt?$AAl?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAC?$AAa?$AAc?$AAh?$AAe?$AAd?$AAV?$AAd?$AAl?$AA?$AA@
0x1C0016698: "__cdecl _imp_ExAcquireFastMutex" __imp_ExAcquireFastMutex
0x1C002C228: MpDeleteProcessExclusionEntry
0x1C0016408: "__cdecl _imp_ExDesktopObjectType" __imp_ExDesktopObjectType
0x1C0012790: MpBmDocOpenRules
0x1C000A2C4: RtlWideCharArrayCopyStringWorker
0x1C000D060: "PsSetCreateProcessNotifyRoutineE" ??_C@_1EG@NCCPPAMD@?$AAP?$AAs?$AAS?$AAe?$AAt?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAN?$AAo?$AAt?$AAi?$AAf?$AAy?$AAR?$AAo?$AAu?$AAt?$AAi?$AAn?$AAe?$AAE@
0x1C000CC58: "DisableThreadBoosting" ??_C@_1CM@CNMGPOCE@?$AAD?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AAT?$AAh?$AAr?$AAe?$AAa?$AAd?$AAB?$AAo?$AAo?$AAs?$AAt?$AAi?$AAn?$AAg?$AA?$AA@
0x1C0052070: CallbacksWithoutRead
0x1C0016330: "__cdecl _imp_RtlFreeUnicodeString" __imp_RtlFreeUnicodeString
0x1C0016530: "__cdecl _imp_KeSetTimer" __imp_KeSetTimer
0x1C001F6F8: MpIsAMPath
0x1C000B7F8: WPP_af845c4f93393f0b2cfa57f7eaf1dd76_Traceguids
0x1C0028BA0: MpAppendUnicodeStringToUnicodeString
0x1C000D700: "untrusted" ??_C@_1BE@IPCCBEFC@?$AAu?$AAn?$AAt?$AAr?$AAu?$AAs?$AAt?$AAe?$AAd?$AA?$AA@
0x1C00462BC: MpUnregisterRegCallback
0x1C0016108: "__cdecl _imp_FltGetFileNameInformation" __imp_FltGetFileNameInformation
0x1C0012368: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1C0043650: WppTraceCallback
0x1C0046454: MpRegpGetKeyDestinationName
0x1C002CE50: MpPreAcquireSectionSync
0x1C00166F8: "__cdecl _imp_ObfDereferenceObject" __imp_ObfDereferenceObject
0x1C00451F8: MpRegPreQueryValueKey
0x1C0001A48: RtlStringExValidateDestW
0x1C004662C: MpRegpFreeAllCallContextsUnsafe
0x1C000D780: "\Callback\WdEbNotificationCallba" ??_C@_1EG@LOIFINMJ@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAW?$AAd?$AAE?$AAb?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa@
0x1C000C2E0: "\MicrosoftMalwareProtectionPort" ??_C@_1EA@LNDEKGLC@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAP?$AAo?$AAr?$AAt?$AA?$AA@
0x1C001AF5C: MpScanBootSector
0x1C002B028: MpSeqDetectCtxLookupEntry
0x1C0043F60: MpRemoveGoodBootSector
0x1C00419B0: MpFreeCommPorts
0x1C004AAF0: MpReadCsvRevisionECP
0x1C003048C: MpPurgeScannedFileCache
0x1C0003A5C: mbtowc
0x1C000CE00: "\Registry\Machine\SYSTEM\Current" ??_C@_1KK@PJBACOMO@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C00425B8: MpFreeHardeningExcludeData
0x1C0016288: "__cdecl _imp_ExInitializeNPagedLookasideList" __imp_ExInitializeNPagedLookasideList
0x1C0027BA0: MpRegpDoesKeyExist
0x1C00452E8: MpRegPreRenameKey
0x1C00023B0: WPP_SF_L
0x1C0047004: MpSendCheckJournalNotification
0x1C0016618: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1C000BA48: WPP_63c4930ec7c635aa952a78966815efa6_Traceguids
0x1C000CF60: "SeGetCachedSigningLevel" ??_C@_1DA@FJMHKGOI@?$AAS?$AAe?$AAG?$AAe?$AAt?$AAC?$AAa?$AAc?$AAh?$AAe?$AAd?$AAS?$AAi?$AAg?$AAn?$AAi?$AAn?$AAg?$AAL?$AAe?$AAv?$AAe?$AAl?$AA?$AA@
0x1C001AA10: MpRegpFreeDeleteValueContext
0x1C0005410: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x1C0016558: "__cdecl _imp_PsGetProcessCreateTimeQuadPart" __imp_PsGetProcessCreateTimeQuadPart
0x1C000B980: WPP_276d5dae661832c4167bcb815aede60f_Traceguids
0x1C00123A0: MpSeqDetectCtx
0x1C00467DC: MpRWLAcquireShared
0x1C0016098: "__cdecl _imp_FltCancellableWaitForSingleObject" __imp_FltCancellableWaitForSingleObject
0x1C0041E64: MpQueryName
0x1C0016460: "__cdecl _imp_PoRegisterPowerSettingCallback" __imp_PoRegisterPowerSettingCallback
0x1C004B424: MpFgSendNotification
0x1C002D080: MpFsCtlDispatcher
0x1C001D0E4: MpSetProcessHardeningExclusion
0x1C001D764: MpSetProcessInfoByContext
0x1C0016540: "__cdecl _imp_PsLookupProcessByProcessId" __imp_PsLookupProcessByProcessId
0x1C002C930: MpCreateWriteContext
0x1C00161E8: "__cdecl _imp_FltGetFileNameInformationUnsafe" __imp_FltGetFileNameInformationUnsafe
0x1C0002470: "__cdecl vsnwprintf" _vsnwprintf
0x1C0031A88: MpFgFreeProtectedFolderTable
0x1C0016668: "__cdecl _imp_PsTerminateSystemThread" __imp_PsTerminateSystemThread
0x1C0016778: "__cdecl _imp_ZwOpenProcess" __imp_ZwOpenProcess
0x1C0012718: MpAsync
0x1C000C798: "\csrss.exe" ??_C@_1BG@MNMECAKF@?$AA?2?$AAc?$AAs?$AAr?$AAs?$AAs?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C0016758: "__cdecl _imp_SeAccessCheck" __imp_SeAccessCheck
0x1C00465C4: MpRegpAllocRenameKeyContext
0x1C00438A4: MpGetMappedPurgeExclusionLock
0x1C00166F0: "__cdecl _imp_ExpInterlockedPushEntrySList" __imp_ExpInterlockedPushEntrySList
0x1C000C970: "ResetToUnknownTimer" ??_C@_1CI@KKGOGFOF@?$AAR?$AAe?$AAs?$AAe?$AAt?$AAT?$AAo?$AAU?$AAn?$AAk?$AAn?$AAo?$AAw?$AAn?$AAT?$AAi?$AAm?$AAe?$AAr?$AA?$AA@
0x1C001C550: MpCopyCacheSetTimeStamp
0x1C00161B8: "__cdecl _imp_FltCloseCommunicationPort" __imp_FltCloseCommunicationPort
0x1C00160C0: "__cdecl _imp_FltGetRoutineAddress" __imp_FltGetRoutineAddress
0x1C000BF38: Microsoft_Antimalware_AMFilterKeywords
0x1C000C580: "\Program Files\" ??_C@_1CA@MHAOAMEC@?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe?$AAs?$AA?2?$AA?$AA@
0x1C00163B8: "__cdecl _imp_SeQueryInformationToken" __imp_SeQueryInformationToken
0x1C001C224: MpRegpCopyStringToNotification
0x1C000D438: WPP_7ca72353e05c34db9cdf71fa32074436_Traceguids
0x1C000BD38: WPP_836444750f6738891b493c0430c8fbd2_Traceguids
0x1C00165B0: "__cdecl _imp_ObDereferenceObjectDeferDelete" __imp_ObDereferenceObjectDeferDelete
0x1C000855C: RtlStringCbPrintfA
0x1C0048A54: MpPackBootProcessInfo
0x1C0030E74: MpIsVolumeOnCsvDisk
0x1C0019C1C: MpIsUnNamedDataAttribute
0x1C000C8E0: "WmiTraceMessage" ??_C@_1CA@OFIBBPKJ@?$AAW?$AAm?$AAi?$AAT?$AAr?$AAa?$AAc?$AAe?$AAM?$AAe?$AAs?$AAs?$AAa?$AAg?$AAe?$AA?$AA@
0x1C0006C08: McTemplateMofK0qzqqqz
0x1C002C1FC: MpDeleteProcessExclusionList
0x1C004D0AC: MpInitializeFltMgr
0x1C000BF30: Microsoft_Antimalware_AMFilterLevels
0x1C000A100: MpFgEventTimerDpc
0x1C001C1C0: MpRegpCalculateNextOffset
0x1C00127C8: BreakOnStream
0x1C000B010: PlatformUpdateDriverDirPath
0x1C004688C: MpRWLReleaseExclusive
0x1C000CAB0: "StartScanningAgainTimer" ??_C@_1DA@OGPMLJCO@?$AAS?$AAt?$AAa?$AAr?$AAt?$AAS?$AAc?$AAa?$AAn?$AAn?$AAi?$AAn?$AAg?$AAA?$AAg?$AAa?$AAi?$AAn?$AAT?$AAi?$AAm?$AAe?$AAr?$AA?$AA@
0x1C0006DD4: WPP_SF_qDL
0x1C00080E0: WPP_SF_IDD
0x1C0004280: WPP_SF_iDD
0x1C00165E8: "__cdecl _imp_CmRegisterCallbackEx" __imp_CmRegisterCallbackEx
0x1C00165C8: "__cdecl _imp_RtlCreateSecurityDescriptor" __imp_RtlCreateSecurityDescriptor
0x1C000BA88: WPP_d9afc682f6c436151b00f3ace496fb11_Traceguids
0x1C000B1B0: ProgramFilesDirPathX86
0x1C000217C: WPP_SF_qLL
0x1C00285B0: MpRegpGetKeyName
0x1C00167BC: "__cdecl _IMPORT_DESCRIPTOR_HAL" __IMPORT_DESCRIPTOR_HAL
0x1C0007494: WPP_SF_qqL
0x1C00161A8: "__cdecl _imp_FltAllocateContext" __imp_FltAllocateContext
0x1C000D408: WPP_3b7ae5c0aa3a34d0350d15e0c88f0464_Traceguids
0x1C0008DEC: WPP_SF_qSL
0x1C000C5A0: "\Windows\System32\Drivers\Wd\" ??_C@_1DM@KMFBEGOD@?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA3?$AA2?$AA?2?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2?$AAW?$AAd?$AA?2?$AA?$AA@
0x1C0004E58: WPP_SF_iZd
0x1C0004B90: WPP_SF_iZD
0x1C0007ACC: WPP_SF_qZL
0x1C004D830: MpCreatePort
0x1C0019184: MpSendAsyncDirectoryNotification
0x1C004AB78: MpDumpUntrustedProcesses
0x1C0016538: "__cdecl _imp_wcschr" __imp_wcschr
0x1C0004B0C: WPP_SF_Diiii
0x1C004A824: MppFindBoostControlUnsafe
0x1C000D748: "alltrusted" ??_C@_1BG@GAIJMGKJ@?$AAa?$AAl?$AAl?$AAt?$AAr?$AAu?$AAs?$AAt?$AAe?$AAd?$AA?$AA@
0x1C00160A0: "__cdecl _imp_FltQuerySecurityObject" __imp_FltQuerySecurityObject
0x1C0009D64: WPP_SF_qLLL
0x1C00040E8: WPP_SF_qiLL
0x1C0001168: RtlStringCopyWorkerW
0x1C0007F64: WPP_SF_qLLD
0x1C00040E8: WPP_SF_qiLD
0x1C0021590: MpAmPreCreate
0x1C00167A0: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1C0043EA8: MpQueryKnownBadTable
0x1C00443C0: MpTxfUpdateStreamData
0x1C002F630: MpCreateDocOpenRules
0x1C0016120: "__cdecl _imp_FltCreateFileEx2" __imp_FltCreateFileEx2
0x1C000D4C8: "ObUnRegisterCallbacks" ??_C@_1CM@LLAEENJI@?$AAO?$AAb?$AAU?$AAn?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AAs?$AA?$AA@
0x1C0050A28: MpSetProcessNotifyRoutine
0x1C000CDF0: "SR" ??_C@_15KFCDODCM@?$AAS?$AAR?$AA?$AA@
0x1C00160D8: "__cdecl _imp_FltGetDestinationFileNameInformation" __imp_FltGetDestinationFileNameInformation
0x1C0023650: MpPostCreate
0x1C00166D0: "__cdecl _imp_ExDeletePagedLookasideList" __imp_ExDeletePagedLookasideList
0x1C00164B0: "__cdecl _imp_RtlEnumerateGenericTableAvl" __imp_RtlEnumerateGenericTableAvl
0x1C0019ACC: MpStoreGoodBootSector
0x1C000D0E8: "OnOpen" ??_C@_1O@LICLKJEN@?$AAO?$AAn?$AAO?$AAp?$AAe?$AAn?$AA?$AA@
0x1C0028D50: MpCreateThreadNotifyRoutine
0x1C004B190: MpFgAuditTableCompareRoutine
0x1C0016458: "__cdecl _imp_ExQueueWorkItem" __imp_ExQueueWorkItem
0x1C00428A0: MpWriteBootSector
0x1C004271C: MpPostVerify
0x1C00013C0: RtlUnicodeStringValidateSrcWorker
0x1C0016660: "__cdecl _imp_IoGetStackLimits" __imp_IoGetStackLimits
0x1C002E080: MpPreQueryEa
0x1C002F248: MpDeleteDocOpenRules
0x1C0016060: "__cdecl _imp_FltSetTransactionContext" __imp_FltSetTransactionContext
0x1C0027230: MpCopyCacheAddEntry
0x1C000D4F8: "CreateHandle" ??_C@_1BK@PDHBHJJJ@?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAH?$AAa?$AAn?$AAd?$AAl?$AAe?$AA?$AA@
0x1C004A890: MpFindAckedECP
0x1C002AFDC: MpSeqDetectCtxCheck
0x1C0016290: "__cdecl _imp_MmGetSystemRoutineAddress" __imp_MmGetSystemRoutineAddress
0x1C004EFA0: MpIsDriverVerified
0x1C000D428: WPP_81ad0ad9e8e33e4e1d03d063d8d09339_Traceguids
0x1C000B7D0: AMFilter_CacheHitId
0x1C0002254: RtlUnicodeStringCopy
0x1C002AF04: MpQuerySessionId
0x1C002BE98: MpCreateProcessExclusionList
0x1C004B220: MpFgAvlCompareRoutine
0x1C0016450: "__cdecl _imp_KeInitializeTimerEx" __imp_KeInitializeTimerEx
0x1C000B6F0: WPP_73c4999ee94f3089cdd1526f95dc664f_Traceguids
0x1C002B5EC: MpRegpFreeCallContext
0x1C000D0A8: "$MpEa_%I64X" ??_C@_0M@KPJDOEIE@$MpEa_?$CFI64X?$AA@
0x1C0044D84: MpRegPostReplaceKey
0x1C0001E8C: MpQueueWriteContextForRelease
0x1C000C530: "328010" ??_C@_1O@MAAFPCNE@?$AA3?$AA2?$AA8?$AA0?$AA1?$AA0?$AA?$AA@
0x1C00163C8: "__cdecl _imp_ZwQueryInformationToken" __imp_ZwQueryInformationToken
0x1C000B2F0: ":Zone.Identifier:$DATA" ??_C@_1CO@EDHIKHJO@?$AA?3?$AAZ?$AAo?$AAn?$AAe?$AA?4?$AAI?$AAd?$AAe?$AAn?$AAt?$AAi?$AAf?$AAi?$AAe?$AAr?$AA?3?$AA$?$AAD?$AAA?$AAT?$AAA?$AA?$AA@
0x1C0016418: "__cdecl _imp_ExNotifyCallback" __imp_ExNotifyCallback
0x1C000B380: GUID_ECP_CSV_DOWN_LEVEL_OPEN
0x1C000C168: AMFilter_SeqReadFlagId
0x1C000C240: "\MicrosoftMalwareProtectionContr" ??_C@_1EO@FADAIDJC@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAC?$AAo?$AAn?$AAt?$AAr@
0x1C00160E0: "__cdecl _imp_FltParseFileName" __imp_FltParseFileName
0x1C00017A4: ExAllocateFromPagedLookasideList
0x1C00095A4: McTemplateMofK0qzqqzxx
0x1C00442BC: MpTxfPreSavepointNotification
0x1C000C1E0: "\MicrosoftMalwareProtectionContr" ??_C@_1FC@EFOKBMNE@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAC?$AAo?$AAn?$AAt?$AAr@
0x1C002BDD0: MpHardenSectorWrites
0x1C0016678: "__cdecl _imp_KeWaitForSingleObject" __imp_KeWaitForSingleObject
0x1C0016388: "__cdecl _imp_RtlAppendUnicodeStringToString" __imp_RtlAppendUnicodeStringToString
0x1C0028960: MpAsyncDereferenceNotification
0x1C001BECC: MpRegpCopyVariableNotificationData
0x1C0016150: "__cdecl _imp_FltSetInstanceContext" __imp_FltSetInstanceContext
0x1C001AB14: MpFileHasMotwAds
0x1C0008F60: WPP_SF_dDZ
0x1C000418C: WPP_SF_ZDd
0x1C0007EAC: WPP_SF_ZDD
0x1C000BC80: "\Callback\MpNriNotificationCallb" ??_C@_1EI@OFFHLABD@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAM?$AAp?$AAN?$AAr?$AAi?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb@
0x1C00471B0: MpObShutdown
0x1C0047880: MpSendDocOpenMessage
0x1C0007908: WPP_SF_ZZD
0x1C0052190: Callbacks
0x1C000258C: "__cdecl vsnprintf_l" _vsnprintf_l
0x1C0002110: MpDeleteWriteContext
0x1C000B3D8: " _Classes" ??_C@_1BI@PBEENNOP@?$AA?$AN?$AA?7?$AA?6?$AA_?$AAC?$AAl?$AAa?$AAs?$AAs?$AAe?$AAs?$AA?$AA@
0x1C000B7E0: Microsoft_Antimalware_AMFilter
0x1C0016020: "__cdecl _imp_FltFreeExtraCreateParameter" __imp_FltFreeExtraCreateParameter
0x1C000C1B8: AMFilter_ProcessContextEvent
0x1C002B610: MpRegpSendNotification
0x1C002C9D0: MpUpdateFileSize
0x1C0044B70: MpRegPostRenameKey
0x1C000B2C0: "__cdecl _guard_iat_table" __guard_iat_table
0x1C000899C: WPP_SF_ZqDD
0x1C00074F4: McTemplateMofK0x
0x1C0005440: memcpy
0x1C0006744: WPP_SF_ddZZ
0x1C0008B50: WPP_SF_ZZDD
0x1C004A384: MpClearBoostControlList
0x1C000BF58: "Folder" ??_C@_1O@MLIMHFEH@?$AAF?$AAo?$AAl?$AAd?$AAe?$AAr?$AA?$AA@
0x1C0020570: MpLoadImageNotifyRoutine
0x1C0016648: "__cdecl _imp_PsGetCurrentThreadId" __imp_PsGetCurrentThreadId
0x1C0046EA0: MpPostFsControl
0x1C00190CC: MpGetPriorityInfo
0x1C00522D0: CallbacksWithoutReadRs3
0x1C000CEB0: "VerifyDriverLevel" ??_C@_1CE@OMAJLJIP@?$AAV?$AAe?$AAr?$AAi?$AAf?$AAy?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AAL?$AAe?$AAv?$AAe?$AAl?$AA?$AA@
0x1C000CB10: "MaxAsyncNotificationCount" ??_C@_1DE@PNBLMPFI@?$AAM?$AAa?$AAx?$AAA?$AAs?$AAy?$AAn?$AAc?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAo?$AAu?$AAn?$AAt?$AA?$AA@
0x1C0016208: "__cdecl _imp_FltSupportsStreamHandleContexts" __imp_FltSupportsStreamHandleContexts
0x1C004776C: MpReleaseProcessContextList
0x1C0043CF8: MpAddKnownBadEntry
0x1C0016768: "__cdecl _imp_RtlSetGroupSecurityDescriptor" __imp_RtlSetGroupSecurityDescriptor
0x1C00164F0: "__cdecl _imp_KeInitializeDpc" __imp_KeInitializeDpc
0x1C000D2E0: "\Services\WdNisDrv" ??_C@_1CG@CHPLJAON@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAW?$AAd?$AAN?$AAi?$AAs?$AAD?$AAr?$AAv?$AA?$AA@
0x1C0012780: MpRegData
0x1C0047B48: MpAddBootProcessEntry
0x1C000C0B0: "[Mini-filter] OpenWithoutRead no" ??_C@_1JI@GFCLFBIH@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAO?$AAp?$AAe?$AAn?$AAW?$AAi?$AAt?$AAh?$AAo?$AAu?$AAt?$AAR?$AAe?$AAa?$AAd?$AA?5?$AAn?$AAo@
0x1C0019080: MpTearDownFltMgr
0x1C0016650: "__cdecl _imp_IoGetCurrentProcess" __imp_IoGetCurrentProcess
0x1C00511B8: MpSetImageVerificationCallback
0x1C00165D0: "__cdecl _imp_IoWMIWriteEvent" __imp_IoWMIWriteEvent
0x1C00163A0: "__cdecl _imp_RtlSubAuthoritySid" __imp_RtlSubAuthoritySid
0x1C0016218: "__cdecl _imp_FltGetStreamHandleContext" __imp_FltGetStreamHandleContext
0x1C0050BE0: MpInitializeProcessTable
0x1C0040E84: MpAsyncCleanupQueue
0x1C000CC20: "DisableQueryNameNormalize" ??_C@_1DE@HDFLGKBC@?$AAD?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAN?$AAa?$AAm?$AAe?$AAN?$AAo?$AAr?$AAm?$AAa?$AAl?$AAi?$AAz?$AAe?$AA?$AA@
0x1C00127A8: pfnWppGetVersion
0x1C0016788: "__cdecl _imp_wcscmp" __imp_wcscmp
0x1C001D8CC: MpSetTrustedProcess
0x1C000CFC0: "PsSetCreateProcessNotifyRoutineE" ??_C@_1EE@JKFIMLMH@?$AAP?$AAs?$AAS?$AAe?$AAt?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAN?$AAo?$AAt?$AAi?$AAf?$AAy?$AAR?$AAo?$AAu?$AAt?$AAi?$AAn?$AAe?$AAE@
0x1C0021C70: MpHardenPathOnPreCreate
0x1C00164A0: "__cdecl _imp_RtlInsertElementGenericTableAvl" __imp_RtlInsertElementGenericTableAvl
0x1C0002463: "__cdecl _C_specific_handler" __C_specific_handler
0x1C000BB78: WPP_b32d6f603e0931970e412d496071fd47_Traceguids
0x1C001CC90: MpCopyCacheProcessTerminate
0x1C0016588: "__cdecl _imp_IofCallDriver" __imp_IofCallDriver
0x1C000BCE8: WPP_9b20183b542e36ddbabead6924c4bfc5_Traceguids
0x1C001F118: MpRemoveKnownBadEntry
0x1C0029EE4: MpRegpFreeKeyName
0x1C00432A0: MpUnload
0x1C004F680: MpVerifyWindowsVersion
0x1C00161F8: "__cdecl _imp_FltGetVolumeInstanceFromName" __imp_FltGetVolumeInstanceFromName
0x1C004E7CC: MpInitializeGlobals
0x1C0005440: memmove
0x1C002B15C: MpQueryFileName
0x1C000D8D0: GUID_LOW_POWER_EPOCH
0x1C00090E4: WPP_SF_DZDZD
0x1C000C5F0: "\Program Files\Windows Defender\" ??_C@_1FE@JNPCGNFN@?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe?$AAs?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAD?$AAe?$AAf?$AAe?$AAn?$AAd?$AAe?$AAr?$AA?2@
0x1C000B408: "(unknown)" ??_C@_1BE@CIGHCOHA@?$AA?$CI?$AAu?$AAn?$AAk?$AAn?$AAo?$AAw?$AAn?$AA?$CJ?$AA?$AA@
0x1C0041A88: MpGetInstanceFromFileHandle
0x1C0006490: MpAsyncpShutdownWorkerThreads
0x1C001AA9C: MpQueryMotwAds
0x1C00163C0: "__cdecl _imp_RtlLengthRequiredSid" __imp_RtlLengthRequiredSid
0x1C0016368: "__cdecl _imp_RtlCopyUnicodeString" __imp_RtlCopyUnicodeString
0x1C00165D8: "__cdecl _imp_RtlCreateAcl" __imp_RtlCreateAcl
0x1C002E2B0: MpApplyVolumeExclusions
0x1C0016448: "__cdecl _imp_ExUnregisterCallback" __imp_ExUnregisterCallback
0x1C001D09C: MpInitializeCsrssHookDataIfNeeded
0x1C0031950: MpGetFileId
0x1C00314B0: MpCompareFileStateGenericTableEntry
0x1C0003AD4: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1C0016328: "__cdecl _imp_KeIsExecutingDpc" __imp_KeIsExecutingDpc
0x1C000126C: ExFreeToPagedLookasideList
0x1C004A280: MpPowerStatusUninitialize
0x1C0027C9C: MpRegPostCreateKeyEx
0x1C0016048: "__cdecl _imp_FltCreateFileEx" __imp_FltCreateFileEx
0x1C00160C8: "__cdecl _imp_FltRegisterFilter" __imp_FltRegisterFilter
0x1C000B420: "[Mini-filter] %ls: %ls. Process:" ??_C@_1CDG@EMJLBGEG@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AA?$CF?$AAl?$AAs?$AA?3?$AA?5?$AA?$CF?$AAl?$AAs?$AA?4?$AA?5?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AA?3@
0x1C002FB70: MpRegpProcessClientList
0x1C000B700: WPP_89930a43b32e371389234402b51c0c7c_Traceguids
0x1C00161C0: "__cdecl _imp_FltReleaseFileNameInformation" __imp_FltReleaseFileNameInformation
0x1C0016320: "__cdecl _imp_RtlLookupElementGenericTable" __imp_RtlLookupElementGenericTable
0x1C0046374: MpRegpPushEntryToStack
0x1C00475E0: MpRemoveProcessNotifyRoutine
0x1C00162C0: "__cdecl _imp_PsSetCreateThreadNotifyRoutine" __imp_PsSetCreateThreadNotifyRoutine
0x1C0016478: "__cdecl _imp_RtlIsGenericTableEmpty" __imp_RtlIsGenericTableEmpty
0x1C0016590: "__cdecl _imp_IoBuildDeviceIoControlRequest" __imp_IoBuildDeviceIoControlRequest
0x1C001F7DC: MpGetProcessCreationTimeById
0x1C000C178: WPP_ThisDir_CTLGUID_MpFilter
0x1C000C380: "\MicrosoftMalwareProtectionVeryL" ??_C@_1FC@HFPHFKFA@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAV?$AAe?$AAr?$AAy?$AAL@
0x1C0031860: MpAddBackupFile
0x1C0019BA8: MpGetFileAttributes
0x1C00160F0: "__cdecl _imp_FltClose" __imp_FltClose
0x1C00319C0: MpFgUpdateUserData
0x1C0016490: "__cdecl _imp_RtlDeleteElementGenericTableAvl" __imp_RtlDeleteElementGenericTableAvl
0x1C0016568: "__cdecl _imp_PsInitialSystemProcess" __imp_PsInitialSystemProcess
0x1C000D738: "exit" ??_C@_19JPKILLMB@?$AAe?$AAx?$AAi?$AAt?$AA?$AA@
0x1C0012480: WPP_MAIN_CB
0x1C0016598: "__cdecl _imp_ExDeleteResourceLite" __imp_ExDeleteResourceLite
0x1C001D010: MpSetProcessPreScanHook
0x1C0016198: "__cdecl _imp_FltGetVolumeName" __imp_FltGetVolumeName
0x1C0016510: "__cdecl _imp_ObfReferenceObject" __imp_ObfReferenceObject
0x1C001CBFC: MpDeleteProcessContext
0x1C0046C04: MpFsCtlQuerySyncMonitorInformation
0x1C0006E34: WPP_SF_qLLLL
0x1C001EAD0: MpQueryEaFile
0x1C00421D8: MpApplyFolderGuard
0x1C000BCF8: WPP_c9856cab9c9b37799a4e4b7194fbd045_Traceguids
0x1C000D458: "\SystemRoot\" ??_C@_1BK@DHFJHPDK@?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAo?$AAo?$AAt?$AA?2?$AA?$AA@
0x1C001D58C: MpSetProcessHardening
0x1C002C07C: MpIsEmptySparseFile
0x1C000D418: "<N/A>" ??_C@_1M@OBNMFDKH@?$AA?$DM?$AAN?$AA?1?$AAA?$AA?$DO?$AA?$AA@
0x1C0016058: "__cdecl _imp_FltAcquirePushLockExclusiveEx" __imp_FltAcquirePushLockExclusiveEx
0x1C000B2E0: WPP_58a9bf73fbf03f207d054e9dff7974ef_Traceguids
0x1C000BBE0: "\Callback\MpProcessNotificationC" ??_C@_1FA@GKHEBDOD@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAM?$AAp?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC@
0x1C0016710: "__cdecl _imp_ExReleaseFastMutex" __imp_ExReleaseFastMutex
0x1C000C560: "Unknown Volume" ??_C@_1BO@BEEPPNDO@?$AAU?$AAn?$AAk?$AAn?$AAo?$AAw?$AAn?$AA?5?$AAV?$AAo?$AAl?$AAu?$AAm?$AAe?$AA?$AA@
0x1C000A1CC: WPP_SF_qDi
0x1C002DE50: MpSeqDetectGCWorker
0x1C000CDB0: "DisableTransactionCallback" ??_C@_1DG@EOCJCKBJ@?$AAD?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AAT?$AAr?$AAa?$AAn?$AAs?$AAa?$AAc?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?$AA@
0x1C002F278: MpReleaseDocOpenRule
0x1C00161A0: "__cdecl _imp_FltIsVolumeSnapshot" __imp_FltIsVolumeSnapshot
0x1C000BF68: "File" ??_C@_19DDLLJDOO@?$AAF?$AAi?$AAl?$AAe?$AA?$AA@
0x1C00094E0: WPP_SF_qZI
0x1C000D490: "\??\" ??_C@_19JHEHLFPM@?$AA?2?$AA?$DP?$AA?$DP?$AA?2?$AA?$AA@
0x1C00468E8: MpRWLTryAcquireExclusive
0x1C001DBC0: MpMessage
0x1C0004A8C: WPP_SF_qiiL
0x1C000BA68: WPP_101957927ce2318478a2b027a0eca3c3_Traceguids
0x1C0048B8C: MpPackElamRegistryInfo
0x1C00506C4: MpObAddCallback
0x1C000D0F8: "Blocked file" ??_C@_1BK@EILDOIOO@?$AAB?$AAl?$AAo?$AAc?$AAk?$AAe?$AAd?$AA?5?$AAf?$AAi?$AAl?$AAe?$AA?$AA@
0x1C0016560: "__cdecl _imp_RtlPrefixUnicodeString" __imp_RtlPrefixUnicodeString
0x1C000B2D0: WPP_8fb438ad93ca3430d6b3c54f2a90aaf3_Traceguids
0x1C0028C74: MpGetProcessById
0x1C002973C: MpGetProcessNameByHandle
0x1C00021E4: WPP_SF_IIqq
0x1C0016690: "__cdecl _imp_ExAllocatePoolWithTag" __imp_ExAllocatePoolWithTag
0x1C0030B80: MpAllocateDriverInfoEx
0x1C004B160: MpFgAuditTableAllocateRoutine
0x1C0002570: "__cdecl vsnprintf" _vsnprintf
0x1C000CCE8: "FileStateCachePolicy" ??_C@_1CK@MEMLLDCM@?$AAF?$AAi?$AAl?$AAe?$AAS?$AAt?$AAa?$AAt?$AAe?$AAC?$AAa?$AAc?$AAh?$AAe?$AAP?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x1C0046D30: MpFsCtlResetFileInCache
0x1C000D1F0: "\Services\NisSrv" ??_C@_1CC@CBAENLFP@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAN?$AAi?$AAs?$AAS?$AAr?$AAv?$AA?$AA@
0x1C001ACAC: MpIsGoodBootSector
0x1C00274B0: MpRegCallback
0x1C0026C60: MpCreateStreamContext
0x1C001EFFC: MpIsHardeningExemptByContext
0x1C000BA20: "EtwWrite" ??_C@_1BC@KLNGNCHO@?$AAE?$AAt?$AAw?$AAW?$AAr?$AAi?$AAt?$AAe?$AA?$AA@
0x1C004631C: MpRegpPopEntryFromStack
0x1C00127B8: pfnWppQueryTraceInformation
0x1C000CD78: "FolderGuardDispatchLimit" ??_C@_1DC@HAJKHGOC@?$AAF?$AAo?$AAl?$AAd?$AAe?$AAr?$AAG?$AAu?$AAa?$AAr?$AAd?$AAD?$AAi?$AAs?$AAp?$AAa?$AAt?$AAc?$AAh?$AAL?$AAi?$AAm?$AAi?$AAt?$AA?$AA@
0x1C00084C0: MpReactivateDpc
0x1C0021B00: MpAddECP
0x1C00166C8: "__cdecl _imp_PsGetCurrentProcessId" __imp_PsGetCurrentProcessId
0x1C0049F94: MpRemoveImageVerificationCallback
0x1C000308C: "__cdecl output_l" _output_l
0x1C00164E8: "__cdecl _imp_PsSetLoadImageNotifyRoutine" __imp_PsSetLoadImageNotifyRoutine
0x1C00509B8: MpInitializeCopyCache
0x1C00162F8: "__cdecl _imp_FsRtlCreateSectionForDataScan" __imp_FsRtlCreateSectionForDataScan
0x1C0009388: WPP_SF_qDddd
0x1C0006E34: WPP_SF_qdddd
0x1C0030064: MpDasdWrite
0x1C002CA90: MpSeqDetectCtxUpdate
0x1C000C320: "\MicrosoftMalwareProtectionVeryL" ??_C@_1FG@NEEJKBCI@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAV?$AAe?$AAr?$AAy?$AAL@
0x1C000D218: "\Services\NisDrv" ??_C@_1CC@FHHKODGN@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAN?$AAi?$AAs?$AAD?$AAr?$AAv?$AA?$AA@
0x1C0004F7C: WPP_SF_dDDiiii
0x1C001CD70: MpFreeProcessContext
0x1C001F8E4: MpSendProcessMessage
0x1C001AD60: MpPreMountVolume
0x1C004C3F8: MpGetSystemFolderPath
0x1C0016438: "__cdecl _imp_RtlUpcaseUnicodeChar" __imp_RtlUpcaseUnicodeChar
0x1C00161C8: "__cdecl _imp_FltFsControlFile" __imp_FltFsControlFile
0x1C000B7F0: "" ??_C@_13BLAPAIAM@?$AA?$AI?$AA?$AA@
0x1C0016390: "__cdecl _imp_ZwOpenThreadTokenEx" __imp_ZwOpenThreadTokenEx
0x1C00166B8: "__cdecl _imp_KeInitializeSemaphore" __imp_KeInitializeSemaphore
0x1C0016258: FLTMGR_NULL_THUNK_DATA
0x1C000A16C: WPP_SF_ii
0x1C0006618: WPP_SF_II
0x1C000D760: "(empty)" ??_C@_1BA@OGKPHKHF@?$AA?$CI?$AAe?$AAm?$AAp?$AAt?$AAy?$AA?$CJ?$AA?$AA@
0x1C004D260: MpAsyncInitialize
0x1C004FC20: MpRegInitialize
0x1C004309C: MpDeleteLookasideLists
0x1C000D008: "FltRegisterForDataScan" ??_C@_0BH@EAHFNEJA@FltRegisterForDataScan?$AA@
0x1C0004F1C: WPP_SF_id
0x1C0004774: WPP_SF_iD
0x1C0004DAC: WPP_SF_iZ
0x1C0005288: "__cdecl _GSHandlerCheck_SEH" __GSHandlerCheck_SEH
0x1C00046D8: WPP_SF_iS
0x1C0016728: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x1C000D960: "async" ??_C@_1M@ICNBJLBA@?$AAa?$AAs?$AAy?$AAn?$AAc?$AA?$AA@
0x1C000B020: ProductDirFullPathX86
0x1C000B1E0: PlatformUpdateDriverFullPath
0x1C0007D88: MpRegisterFriendlyProcess
0x1C002FE70: MpRegpValidateUserModeData
0x1C000B7A0: AMFilter_CacheHitEvent
0x1C000B6A0: WPP_8f5014d9beab33b9f27f395719f65357_Traceguids
0x1C004F778: MpInitBootSectorCache
0x1C0005020: MpPostDirectoryCtrl
0x1C00160F8: "__cdecl _imp_FltCancelFileOpen" __imp_FltCancelFileOpen
0x1C000B990: "RtlQueryRegistryValuesEx" ??_C@_1DC@OAPHKEJN@?$AAR?$AAt?$AAl?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AAV?$AAa?$AAl?$AAu?$AAe?$AAs?$AAE?$AAx?$AA?$AA@
0x1C00165B8: "__cdecl _imp_KeLeaveCriticalRegion" __imp_KeLeaveCriticalRegion
0x1C0008090: WPP_SF_I
0x1C000423C: WPP_SF_i
0x1C00163E0: "__cdecl _imp_PsReferenceImpersonationToken" __imp_PsReferenceImpersonationToken
0x1C002C530: MpSendPostMountAsyncMessage
0x1C00313F0: MpAsyncQueryStatistics
0x1C004820C: MpCleanupDriverInfoListsUnsafe
0x1C004C15C: MpUpdateSyncMonitorConfig
0x1C002EC6C: MpInitFileStateGenericTable
0x1C0003AB0: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1C0016748: "__cdecl _imp_RtlSetOwnerSecurityDescriptor" __imp_RtlSetOwnerSecurityDescriptor
0x1C0016340: TmTransactionObjectType
0x1C004C284: MpCreateCallback
0x1C0016420: "__cdecl _imp_PsSetCreateProcessNotifyRoutine" __imp_PsSetCreateProcessNotifyRoutine
0x1C000C540: "328000" ??_C@_1O@LFJCBHB@?$AA3?$AA2?$AA8?$AA0?$AA0?$AA0?$AA?$AA@
0x1C0016628: "__cdecl _imp_CmUnRegisterCallback" __imp_CmUnRegisterCallback
0x1C0016070: "__cdecl _imp_FltGetTransactionContext" __imp_FltGetTransactionContext
0x1C0016000: "__cdecl _imp_FltAllocateExtraCreateParameterList" __imp_FltAllocateExtraCreateParameterList
0x1C000BF48: "::$DATA" ??_C@_1BA@LCOICFNN@?$AA?3?$AA?3?$AA$?$AAD?$AAA?$AAT?$AAA?$AA?$AA@
0x1C000B9C8: "PsGetVersion" ??_C@_1BK@DHLDGJM@?$AAP?$AAs?$AAG?$AAe?$AAt?$AAV?$AAe?$AAr?$AAs?$AAi?$AAo?$AAn?$AA?$AA@
0x1C0012370: "__cdecl _mb_cur_max" __mb_cur_max
0x1C002BC98: MpSetOneProcessInfo
0x1C0002344: RtlUnicodeStringValidateDestWorker
0x1C00163D8: "__cdecl _imp_ExTryToAcquireFastMutex" __imp_ExTryToAcquireFastMutex
0x1C00165F8: "__cdecl _imp_RtlAddAccessAllowedAce" __imp_RtlAddAccessAllowedAce
0x1C000C3E0: "\MicrosoftMalwareProtectionRemot" ??_C@_1FE@NDLOGEHI@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAR?$AAe?$AAm?$AAo?$AAt@
0x1C0003C08: "__cdecl flswbuf" _flswbuf
0x1C00018EC: RtlStringLengthWorkerW
0x1C000C148: AMFilter_SeqReadFlagEvent
0x1C00466F0: MpFreeNullTerminatedUnicode
0x1C0016640: "__cdecl _imp_ExAllocatePoolWithQuotaTag" __imp_ExAllocatePoolWithQuotaTag
0x1C0044704: MpRegFreeHardeningList
0x1C0028ADC: MpGetProcessContextByIdAndCreationTime
0x1C0016718: "__cdecl _imp_ExpInterlockedPopEntrySList" __imp_ExpInterlockedPopEntrySList
0x1C0016548: "__cdecl _imp_SeExports" __imp_SeExports
0x1C000C188: AMFilter_ProcessContextId
0x1C004876C: MpCopyElamRegistryEntry
0x1C00166E0: "__cdecl _imp_PsCreateSystemThread" __imp_PsCreateSystemThread
0x1C001ECA4: MpCopyCacheSetFileSize
0x1C000B718: "(null)" ??_C@_1O@CEDCILHN@?$AA?$CI?$AAn?$AAu?$AAl?$AAl?$AA?$CJ?$AA?$AA@
0x1C000BA78: WPP_dc5478acb9bf3270b2da578941c93ba9_Traceguids
0x1C0016378: "__cdecl _imp_CmGetBoundTransaction" __imp_CmGetBoundTransaction
0x1C000C9F0: "MaxProcessCreationMessageTimeout" ??_C@_1EC@GHPHOENJ@?$AAM?$AAa?$AAx?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAC?$AAr?$AAe?$AAa?$AAt?$AAi?$AAo?$AAn?$AAM?$AAe?$AAs?$AAs?$AAa?$AAg?$AAe?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt@
0x1C003086C: MpRemoveAllKnownBadEntries
0x1C000B790: "NULL" ??_C@_19CIJIHAKK@?$AAN?$AAU?$AAL?$AAL?$AA?$AA@
0x1C0052000: FilterRegistration
0x1C00127A0: pfnEtwRegisterClassicProvider
0x1C0016110: "__cdecl _imp_FltIsDirectory" __imp_FltIsDirectory
0x1C001CDBC: MpCreateProcessHardeningExcludeDataIfNeeded
0x1C0016140: "__cdecl _imp_FltGetDiskDeviceObject" __imp_FltGetDiskDeviceObject
0x1C004264C: MpIsProcessExemptById
0x1C0016100: "__cdecl _imp_FltGetFileSystemType" __imp_FltGetFileSystemType
0x1C0023EC0: MpReleaseProcessContext
0x1C001E7BC: MpCreateSection
0x1C000B1F0: PlatformUpdateDriverDirName
0x1C0012388: gbl_errno
0x1C0041230: MpConnect
0x1C0016280: "__cdecl _imp_RtlGetVersion" __imp_RtlGetVersion
0x1C0016200: "__cdecl _imp_FltGetInstanceContext" __imp_FltGetInstanceContext
0x1C000D330: "CmCallbackGetKeyObjectIDEx" ??_C@_1DG@JFFKGAIP@?$AAC?$AAm?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AAG?$AAe?$AAt?$AAK?$AAe?$AAy?$AAO?$AAb?$AAj?$AAe?$AAc?$AAt?$AAI?$AAD?$AAE?$AAx?$AA?$AA@
0x1C0003F14: WPP_SF_Zi
0x1C000248C: "__cdecl vsnwprintf_l" _vsnwprintf_l
0x1C0006FDC: WPP_SF_Zd
0x1C0006FDC: WPP_SF_ZD
0x1C000CBC0: "KnownBadHashSize" ??_C@_1CC@DMIIANAC@?$AAK?$AAn?$AAo?$AAw?$AAn?$AAB?$AAa?$AAd?$AAH?$AAa?$AAs?$AAh?$AAS?$AAi?$AAz?$AAe?$AA?$AA@
0x1C0008A70: WPP_SF_ZZ
0x1C000BF78: "\Windows\System32\Wow64cpu.dll" ??_C@_1DO@BFANGABH@?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA3?$AA2?$AA?2?$AAW?$AAo?$AAw?$AA6?$AA4?$AAc?$AAp?$AAu?$AA?4?$AAd?$AAl?$AAl?$AA?$AA@
0x1C00088F8: WPP_SF_Zq
0x1C000B1C0: ProgramFilesDirPath
0x1C0040EE8: MpAsyncShutdown
0x1C001F014: MpHardenPathOnPostCreate
0x1C002CCD0: MpDeleteStreamContext
0x1C00162A8: "__cdecl _imp_VerSetConditionMask" __imp_VerSetConditionMask
0x1C000BCC8: WPP_90af9fa3761d3c45444009a959b1391f_Traceguids
0x1C001FE20: MpSendFileAsyncMessage
0x1C000CF20: "KeSetActualBasePriorityThread" ??_C@_1DM@MJHNBKDA@?$AAK?$AAe?$AAS?$AAe?$AAt?$AAA?$AAc?$AAt?$AAu?$AAa?$AAl?$AAB?$AAa?$AAs?$AAe?$AAP?$AAr?$AAi?$AAo?$AAr?$AAi?$AAt?$AAy?$AAT?$AAh?$AAr?$AAe?$AAa?$AAd?$AA?$AA@
0x1C0006670: WPP_SF_Z
0x1C00069F8: WPP_SF_qLqZqq
0x1C0016238: "__cdecl _imp_FltReleaseContext" __imp_FltReleaseContext
0x1C000B040: ProductDirFullPath
0x1C004DA1C: MpSetBufferLimits
0x1C000B404: "\" ??_C@_13FPGAJAPJ@?$AA?2?$AA?$AA@
0x1C0003C30: WPP_SF_
0x1C000BB90: "\Callback\WdProcessNotificationC" ??_C@_1FA@FIJDGHAB@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAW?$AAd?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC@
0x1C00163B0: "__cdecl _imp_ZwQueryInformationTransaction" __imp_ZwQueryInformationTransaction
0x1C0016738: "__cdecl _imp_RtlUnicodeToMultiByteN" __imp_RtlUnicodeToMultiByteN
0x1C0022090: MpPreCleanup
0x1C000D518: "DuplicateHandle" ??_C@_1CA@MAEHINNP@?$AAD?$AAu?$AAp?$AAl?$AAi?$AAc?$AAa?$AAt?$AAe?$AAH?$AAa?$AAn?$AAd?$AAl?$AAe?$AA?$AA@
0x1C001F1C0: MpCreateProcessNotifyRoutineEx
0x1C000BDB0: "__cdecl _xmm@7fffffffffffffff0000000000000000" __xmm@7fffffffffffffff0000000000000000
0x1C000D8F0: WPP_75800ad1814f319767c371a99eeb392c_Traceguids
0x1C00127C0: pfnEtwUnregister
0x1C0016170: "__cdecl _imp_FltSetStreamHandleContext" __imp_FltSetStreamHandleContext
0x1C0016230: "__cdecl _imp_FltAcquirePushLockSharedEx" __imp_FltAcquirePushLockSharedEx
0x1C0046730: MpUnicodeToNullTerminatedUnicode
0x1C000D290: "\Services\WdBoot" ??_C@_1CC@DHFNGPGH@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAW?$AAd?$AAB?$AAo?$AAo?$AAt?$AA?$AA@
0x1C0049FBC: MpSeqDetectCtxAllocResources
0x1C00049B0: WPP_SF_diSdd
0x1C00162F0: "__cdecl _imp_KeClearEvent" __imp_KeClearEvent
0x1C0044130: MpTxfPostSavepointNotification
0x1C000D668: "TRUE" ??_C@_04HCDDPBNL@TRUE?$AA@
0x1C000BCD8: WPP_f01012847eb1394dff2a9aa3e1bf2f8d_Traceguids
0x1C0009A40: WPP_SF_DqSDd
0x1C0016028: "__cdecl _imp_FltIsEcpAcknowledged" __imp_FltIsEcpAcknowledged
0x1C0047D80: MpBootDriverCallback
0x1C0009C4C: WPP_SF_qqLqLD
0x1C0016570: "__cdecl _imp_RtlEqualUnicodeString" __imp_RtlEqualUnicodeString
0x1C0016360: "__cdecl _imp_FsRtlDissectName" __imp_FsRtlDissectName
0x1C000BAA8: "ALLOWED" ??_C@_1BA@LGMGLNCL@?$AAA?$AAL?$AAL?$AAO?$AAW?$AAE?$AAD?$AA?$AA@
0x1C0045CD4: MpRegPreRestoreKey
0x1C000B6B8: "policy" ??_C@_1O@CMFALII@?$AAp?$AAo?$AAl?$AAi?$AAc?$AAy?$AA?$AA@
0x1C00279F0: MpRegpCheckExistingKey
0x1C0047708: MpFreeCsrssHookData
0x1C00073D4: WPP_SF_qdZ
0x1C000693C: WPP_SF_qDZ
0x1C0016400: "__cdecl _imp_SeReleaseSubjectContext" __imp_SeReleaseSubjectContext
0x1C000693C: WPP_SF_qLZ
0x1C0046820: MpRWLInitialize
0x1C0016160: "__cdecl _imp_FltInitializePushLock" __imp_FltInitializePushLock
0x1C0007FD0: WPP_SF_qqZ
0x1C000BD28: WPP_27d139de14d338c9757a4292348eadab_Traceguids
0x1C0008C64: WPP_SF_qZZ
0x1C0029484: MpCreateProcessContext
0x1C000BA38: WPP_36b8ba6b3c223e4240cb818be8dd7840_Traceguids
0x1C000BDC0: "\Program Files\Windows Defender\" ??_C@_1EC@NOKFPIBH@?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe?$AAs?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAD?$AAe?$AAf?$AAe?$AAn?$AAd?$AAe?$AAr?$AA?2@
0x1C0047688: MpCleanupProcessContexts
0x1C001A758: MpGetVolumeProperties
0x1C000C8D0: WPP_7749882f164233959b484ef8324ab1dc_Traceguids
0x1C002B1E4: MpQueryObjectName
0x1C0001528: MpFileTimeFromUlong64
0x1C000B338: "nissrv.exe" ??_C@_1BG@DOCNJGGO@?$AAn?$AAi?$AAs?$AAs?$AAr?$AAv?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C004D010: GsDriverEntry
0x1C00012BC: RtlStringCopyWorkerA
0x1C0016798: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1C000D1C8: "\Services\MpFilter" ??_C@_1CG@NIELEJDJ@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAM?$AAp?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$AA@
0x1C0019638: MpTxfGetContext
0x1C000B7B0: GUID_ECP_CSV_QUERY_FILE_REVISION
0x1C0007078: WPP_SF_qDZq
0x1C0009884: WPP_SF_qqZD
0x1C0009964: WPP_SF_qqZL
0x1C0029F20: MpScanFile
0x1C0008F30: MpRWLReleaseShared
0x1C000B828: "NULL" ??_C@_04HIBGFPH@NULL?$AA@
0x1C00166A0: "__cdecl _imp_KeReleaseSemaphore" __imp_KeReleaseSemaphore
0x1C002FA30: MpRegpProcessValueList
0x1C0050858: MpObInitialize
0x1C000BE80: "\Program Files (x86)\Windows Def" ??_C@_1EO@IGCNHEA@?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe?$AAs?$AA?5?$AA?$CI?$AAx?$AA8?$AA6?$AA?$CJ?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAD?$AAe?$AAf@
0x1C000B9E8: "EtwRegister" ??_C@_1BI@CJKCJCOJ@?$AAE?$AAt?$AAw?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AA?$AA@
0x1C00416A0: MpDisconnect
0x1C002BACC: MpRegpAllocDeleteValueContext
0x1C000BA98: WPP_7e29e7ae2cff3300961fea7d30371757_Traceguids
0x1C004AA4C: MpQueryCsvRevisionNumbers
0x1C00166A8: "__cdecl _imp_ObReferenceObjectByHandle" __imp_ObReferenceObjectByHandle
0x1C001A700: MpIsSystemVolume
0x1C000D478: "\Device\" ??_C@_1BC@IDABLMPM@?$AA?2?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe?$AA?2?$AA?$AA@
0x1C0044688: MpTxfpValidateSavepointInfo
0x1C000BC30: "\Callback\WdNriNotificationCallb" ??_C@_1EI@LHEKKECM@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAW?$AAd?$AAN?$AAr?$AAi?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb@
0x1C00022E0: RtlWideCharArrayCopyWorker
0x1C00161B0: "__cdecl _imp_FltGetVolumeFromFileObject" __imp_FltGetVolumeFromFileObject
0x1C0001808: RtlULongSub
0x1C000B818: WPP_651185ab50223e074857a4db2c4e6c2e_Traceguids
0x1C0046DFC: MpMarkStreamDataChanged
0x1C000C780: "\lsass.exe" ??_C@_1BG@HOLENKOI@?$AA?2?$AAl?$AAs?$AAa?$AAs?$AAs?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C004EF40: MpIsDefender
0x1C0046F8C: MpPreDuplicateExtentsToFile
0x1C000D688: "\SystemRoot\System32\csrss.exe" ??_C@_1DO@HGNCOAJI@?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAo?$AAo?$AAt?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA3?$AA2?$AA?2?$AAc?$AAs?$AAr?$AAs?$AAs?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C002C130: MpSetProcessExclusions
0x1C000C158: AMFilter_CacheFlushEvent
0x1C000213C: ExFreeToNPagedLookasideList
0x1C004F818: MpTxfInitialize
0x1C0003BEC: wctomb_s
0x1C004BC04: MpSendSyncMonitorNotification
0x1C0041C38: MpQueryDosName
0x1C00164A8: "__cdecl _imp_RtlNumberGenericTableElementsAvl" __imp_RtlNumberGenericTableElementsAvl
0x1C000D8E0: WPP_03cdb9f4392a397d75e50fc47f27557c_Traceguids
0x1C0032040: MpAllocateFileStateGenericTableEntry
0x1C0019960: MpRegpFreeCreateKeyContext
0x1C00164F8: "__cdecl _imp_PsRemoveLoadImageNotifyRoutine" __imp_PsRemoveLoadImageNotifyRoutine
0x1C0016508: "__cdecl _imp_IoBuildSynchronousFsdRequest" __imp_IoBuildSynchronousFsdRequest
0x1C000D728: "delete" ??_C@_1O@MEFPJPNF@?$AAd?$AAe?$AAl?$AAe?$AAt?$AAe?$AA?$AA@
0x1C00065C4: WPP_SF_Di
0x1C0030400: MpPurgeCache
0x1C000CDE8: "AM" ??_C@_15ODEHAHHF@?$AAA?$AAM?$AA?$AA@
0x1C004A958: MpPreCleanupCsvfs
0x1C000B1D0: PlatformDirFullPath
0x1C0016500: "__cdecl _imp_KeResetEvent" __imp_KeResetEvent
0x1C00066F4: WPP_SF_DD
0x1C00066F4: WPP_SF_dD
0x1C0003E6C: WPP_SF_dZ
0x1C0003E6C: WPP_SF_DZ
0x1C00162E0: "__cdecl _imp_KeReadStateSemaphore" __imp_KeReadStateSemaphore
0x1C00163F0: PsProcessType
0x1C000B860: "[Mini-Filter] Blocked rename of " ??_C@_1GM@EGINNCMD@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAB?$AAl?$AAo?$AAc?$AAk?$AAe?$AAd?$AA?5?$AAr?$AAe?$AAn?$AAa?$AAm?$AAe?$AA?5?$AAo?$AAf?$AA?5@
0x1C0012078: WPP_GLOBAL_Control
0x1C000B710: "(null)" ??_C@_06OJHGLDPL@?$CInull?$CJ?$AA@
0x1C00162A0: "__cdecl _imp_ZwQueryValueKey" __imp_ZwQueryValueKey
0x1C0016158: "__cdecl _imp_FltQueryVolumeInformation" __imp_FltQueryVolumeInformation
0x1C000C848: "\svchost.exe" ??_C@_1BK@HDEGLNOJ@?$AA?2?$AAs?$AAv?$AAc?$AAh?$AAo?$AAs?$AAt?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C002E810: MpTxfCallback
0x1C000B37C: "" ??_C@_11LOCGONAA@?$AA?$AA@
0x1C0050540: MpCreateTrustedInstallerSID
0x1C0016770: "__cdecl _imp_ZwDuplicateToken" __imp_ZwDuplicateToken
0x1C001CE94: MpSetProcessDocOpenRule
0x1C00023B0: WPP_SF_d
0x1C00023B0: WPP_SF_D
0x1C000D114: "is" ??_C@_15BIEMAPLM@?$AAi?$AAs?$AA?$AA@
0x1C000CB48: "AsyncStarvationLimit" ??_C@_1CK@BLPAKLOM@?$AAA?$AAs?$AAy?$AAn?$AAc?$AAS?$AAt?$AAa?$AAr?$AAv?$AAa?$AAt?$AAi?$AAo?$AAn?$AAL?$AAi?$AAm?$AAi?$AAt?$AA?$AA@
0x1C0016008: "__cdecl _imp_FltInsertExtraCreateParameter" __imp_FltInsertExtraCreateParameter
0x1C000D970: "SetProcessFilterInfo" ??_C@_1CK@IONMJHII@?$AAS?$AAe?$AAt?$AAP?$AAr?$AAo?$AAc?$AAe?$AAs?$AAs?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AAI?$AAn?$AAf?$AAo?$AA?$AA@
0x1C0004340: McTemplateMofK0
0x1C002E220: MpSetVolumeExclusions
0x1C001AC1C: MpRegpCopyBufferToNotification
0x1C00160B0: "__cdecl _imp_FltStartFiltering" __imp_FltStartFiltering
0x1C000CC88: "CsvFileStateCacheType" ??_C@_1CM@CHBGGDBK@?$AAC?$AAs?$AAv?$AAF?$AAi?$AAl?$AAe?$AAS?$AAt?$AAa?$AAt?$AAe?$AAC?$AAa?$AAc?$AAh?$AAe?$AAT?$AAy?$AAp?$AAe?$AA?$AA@
0x1C002DBB4: MpCheckForAmHardening
0x1C00166E8: "__cdecl _imp_ExInitializePagedLookasideList" __imp_ExInitializePagedLookasideList
0x1C000C868: "\setupcl.exe" ??_C@_1BK@DLCIDKGH@?$AA?2?$AAs?$AAe?$AAt?$AAu?$AAp?$AAc?$AAl?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C00047CC: WPP_SF_dDDddii
0x1C0030540: MpSendTrustedProcessMessage
0x1C0016188: "__cdecl _imp_FltAllocateGenericWorkItem" __imp_FltAllocateGenericWorkItem
0x1C0019DE8: MpCreateInstanceContext
0x1C000D240: "\Services\WdFilter" ??_C@_1CG@NGHLKCLH@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAW?$AAd?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$AA@
0x1C000B730: "__cdecl _lookuptable" __lookuptable
0x1C000D0D0: "WdFilter" ??_C@_1BC@HGNKLABK@?$AAW?$AAd?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$AA@
0x1C0016480: "__cdecl _imp_RtlCompareUnicodeString" __imp_RtlCompareUnicodeString
0x1C001D35C: MpCheckTokenMembership
0x1C000BAD0: "[Mini-filter] Applying HipsRule " ??_C@_1KG@BLCEKPBI@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAA?$AAp?$AAp?$AAl?$AAy?$AAi?$AAn?$AAg?$AA?5?$AAH?$AAi?$AAp?$AAs?$AAR?$AAu?$AAl?$AAe?$AA?5@
0x1C0028634: MpRegPostSetValueKey
0x1C002E060: MpDeleteHandleContext
0x1C0044790: MpRegHardeningIsMatch
0x1C0002400: "__cdecl _security_check_cookie" __security_check_cookie
0x1C004C3A0: MpRegisterCallback
0x1C0043124: MpFreeGlobals
0x1C0016440: "__cdecl _imp_ExCreateCallback" __imp_ExCreateCallback
0x1C0050EEC: MpInitializeDocOpenRules
0x1C000C8A0: "\SystemRoot\System32" ??_C@_1CK@MNDDGGOL@?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAo?$AAo?$AAt?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA3?$AA2?$AA?$AA@
0x1C000B690: "OnClose" ??_C@_1BA@PADFLEHE@?$AAO?$AAn?$AAC?$AAl?$AAo?$AAs?$AAe?$AA?$AA@
0x1C002E420: MpRegpInsertCallContext
0x1C00161D8: "__cdecl _imp_FltObjectDereference" __imp_FltObjectDereference
0x1C0009220: WPP_SF_SZZdD
0x1C00161D0: "__cdecl _imp_FltCreateCommunicationPort" __imp_FltCreateCommunicationPort
0x1C00167D0: "__cdecl _IMPORT_DESCRIPTOR_FLTMGR" __IMPORT_DESCRIPTOR_FLTMGR
0x1C001C630: MpRefreshProcessNotifications
0x1C00167A8: "__cdecl _IMPORT_DESCRIPTOR_ntoskrnl" __IMPORT_DESCRIPTOR_ntoskrnl
0x1C0001140: RtlULongLongSub
0x1C0052560: CallbacksRs3
0x1C0041024: MpSendOpenWithoutReadNotification
0x1C0016760: SeTokenObjectType
0x1C00161E0: "__cdecl _imp_FltCloseClientPort" __imp_FltCloseClientPort
0x1C0031EC4: MpSetFileTimeouts
0x1C00164C0: "__cdecl _imp_PsRemoveCreateThreadNotifyRoutine" __imp_PsRemoveCreateThreadNotifyRoutine
0x1C0048F1C: MpQueryLoadedDrivers
0x1C0003C24: RtlUnicodeToMultiByteN
0x1C0006DD4: WPP_SF_qDD
0x1C001CE14: MpGetImageNormalizedName
0x1C00164D0: "__cdecl _imp_RtlRandomEx" __imp_RtlRandomEx
0x1C0008D7C: WPP_SF_qLD
0x1C0007494: WPP_SF_qqD
0x1C0030D94: MpPurgeFileStateGenericTable
0x1C000B838: "blocked for execution" ??_C@_0BG@OICBJFCC@blocked?5for?5execution?$AA@
0x1C0016128: "__cdecl _imp_FltSupportsStreamContexts" __imp_FltSupportsStreamContexts
0x1C002CF60: MpPreFsControl
0x1C0007ACC: WPP_SF_qZd
0x1C0007A04: WPP_SF_qZD
0x1C002F128: MpSetDocOpenData
0x1C000C1A8: AMFilter_TrustedProcessEvent
0x1C002ECE0: CsrssPreScanHook
0x1C000C998: "MaxLocalScanTimeout" ??_C@_1CI@LAFNICPO@?$AAM?$AAa?$AAx?$AAL?$AAo?$AAc?$AAa?$AAl?$AAS?$AAc?$AAa?$AAn?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AA?$AA@
0x1C002E6FC: MpGetFileIdAndUsnFromFileObject
0x1C00044D8: WPP_SF_qdZiSDDDDDDDiiii
0x1C0016190: "__cdecl _imp_FltGetVolumeProperties" __imp_FltGetVolumeProperties
0x1C000B850: "blocked access" ??_C@_0P@INFPAHHO@blocked?5access?$AA@
0x1C00039F0: "__cdecl get_printf_count_output" _get_printf_count_output
0x1C0020270: MpAsyncSendNotification
0x1C000C9C0: "MaxNetworkScanTimeout" ??_C@_1CM@GADDKCLP@?$AAM?$AAa?$AAx?$AAN?$AAe?$AAt?$AAw?$AAo?$AAr?$AAk?$AAS?$AAc?$AAa?$AAn?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AA?$AA@
0x1C000D120: "was already" ??_C@_1BI@PFDONCGO@?$AAw?$AAa?$AAs?$AA?5?$AAa?$AAl?$AAr?$AAe?$AAa?$AAd?$AAy?$AA?$AA@
0x1C0009414: WPP_SF_qddd
0x1C000B8D0: "[Mini-filter] Denied rename/hard" ??_C@_1KA@LPFBGFJP@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAD?$AAe?$AAn?$AAi?$AAe?$AAd?$AA?5?$AAr?$AAe?$AAn?$AAa?$AAm?$AAe?$AA?1?$AAh?$AAa?$AAr?$AAd@
0x1C0007F64: WPP_SF_qDDL
0x1C0007B88: WPP_SF_qsDZ
0x1C0016358: "__cdecl _imp_CmRegisterCallback" __imp_CmRegisterCallback
0x1C0042E50: McGenEventTracingRegister
0x1C0003C5C: WPP_SF_qidd
0x1C000CB98: "AllowManualDetach" ??_C@_1CE@OLODAMPP@?$AAA?$AAl?$AAl?$AAo?$AAw?$AAM?$AAa?$AAn?$AAu?$AAa?$AAl?$AAD?$AAe?$AAt?$AAa?$AAc?$AAh?$AA?$AA@
0x1C00162C8: "__cdecl _imp_MmIsDriverVerifyingByAddress" __imp_MmIsDriverVerifyingByAddress
0x1C0006F00: WPP_SF_qqDD
0x1C0001DC0: MpPostWrite
0x1C000B000: ProductDirName
0x1C0009728: WPP_SF_DDqZ
0x1C0006860: WPP_SF_qDDZ
0x1C00082AC: WPP_SF_qZdd
0x1C001EFE4: MpIsProcessExemptByContext
0x1C0016340: "__cdecl _imp_TmTransactionObjectType" __imp_TmTransactionObjectType
0x1C002D724: MpHardenPathOnRenameLink
0x1C000CBE8: "DirectionalScanningNonNTFS" ??_C@_1DG@CNDLJJIA@?$AAD?$AAi?$AAr?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAa?$AAl?$AAS?$AAc?$AAa?$AAn?$AAn?$AAi?$AAn?$AAg?$AAN?$AAo?$AAn?$AAN?$AAT?$AAF?$AAS?$AA?$AA@
0x1C0016308: "__cdecl _imp_RtlDeleteElementGenericTable" __imp_RtlDeleteElementGenericTable
0x1C000D7D0: "\Callback\MpEbNotificationCallba" ??_C@_1EG@CCCPKCAL@?$AA?2?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AA?2?$AAM?$AAp?$AAE?$AAb?$AAN?$AAo?$AAt?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa@
0x1C002C6E4: MpLogPrintfW
0x1C0016300: "__cdecl _imp_RtlHashUnicodeString" __imp_RtlHashUnicodeString
0x1C00471F8: MpCleanupCopyCache
0x1C0043DF4: MpCleanupBackupFiles
0x1C000D678: "sync" ??_C@_19KJHJBFGO@?$AAs?$AAy?$AAn?$AAc?$AA?$AA@
0x1C00077F4: WPP_SF_ZDDDDDD
0x1C000B3A0: GUID_ECP_PREFETCH_OPEN
0x1C0003B3C: "__cdecl wctomb_s_l" _wctomb_s_l
0x1C0003080: "__cdecl invalid_parameter" _invalid_parameter
0x1C000D6C8: "\SystemRoot\WinSxs\" ??_C@_1CI@LDFFIOOJ@?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAo?$AAo?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAS?$AAx?$AAs?$AA?2?$AA?$AA@
0x1C0030628: MpQueryNetworkSharePath
0x1C0016608: "__cdecl _imp_IoQueryFileDosDeviceName" __imp_IoQueryFileDosDeviceName
0x1C00124C0: Microsoft_Antimalware_AMFilterEnableBits
0x1C0001A48: RtlStringExValidateSrcW
0x1C004D51C: MpCreateCommPorts
0x1C000B6E0: WPP_bd33b4398698300f288e9463456f08da_Traceguids
0x1C000B390: GUID_ECP_MSSECFLT_OPEN
0x1C0052410: ContextRegistration
0x1C0043448: WppCleanupKm
0x1C000C7B0: "\services.exe" ??_C@_1BM@NJJOCGDO@?$AA?2?$AAs?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C000B030: ProgramDataPlatformPath
0x1C0016600: "__cdecl _imp_ProbeForWrite" __imp_ProbeForWrite
0x1C000C290: "\MicrosoftMalwareProtectionPortW" ??_C@_1EE@GBIJGMCA@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAP?$AAo?$AAr?$AAt?$AAW@
0x1C002E670: MpDeleteSectionContext
0x1C0016168: "__cdecl _imp_FltReferenceContext" __imp_FltReferenceContext
0x1C000D820: "SeRegisterImageVerificationCallb" ??_C@_1EI@PBHBLLDF@?$AAS?$AAe?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAI?$AAm?$AAa?$AAg?$AAe?$AAV?$AAe?$AAr?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl?$AAl?$AAb@
0x1C002D220: MpPreSetInfo
0x1C0016040: "__cdecl _imp_FltAllocateExtraCreateParameterFromLookasideList" __imp_FltAllocateExtraCreateParameterFromLookasideList
0x1C00043C0: WPP_SF_qdZiDd
0x1C001C49C: MpRegFreeMatchingInfo
0x1C0053000: "__cdecl _guard_fids_table" __guard_fids_table
0x1C0016620: "__cdecl _imp_ExAcquireResourceExclusiveLite" __imp_ExAcquireResourceExclusiveLite
0x1C0016210: "__cdecl _imp_FltGetStreamContext" __imp_FltGetStreamContext
0x1C002BB24: MpRegpQueryValueKeyByPointer
0x1C000B090: "__cdecl load_config_used" _load_config_used
0x1C00482A8: MpCopyDriverEntry
0x1C0027FC0: MpRegMatchData
0x1C00124D0: ExDefaultNonPagedPoolType
0x1C00017E0: RtlULongToUShort
0x1C00020C0: MpSeqDetectCtxGCDpc
0x1C0016428: "__cdecl _imp_ZwQueryInformationProcess" __imp_ZwQueryInformationProcess
0x1C0026560: MpCreateHandleContext
0x1C002C890: MpTxfResolveTransaction
0x1C00163A8: "__cdecl _imp_PsDereferencePrimaryToken" __imp_PsDereferencePrimaryToken
0x1C0016038: "__cdecl _imp_FltFindExtraCreateParameter" __imp_FltFindExtraCreateParameter
0x1C00480A8: MpCleanupDriverInfo
0x1C001CF98: MpSetDocOpenRule
0x1C00166B0: PsThreadType
0x1C002F9E8: MpMultiStringCbLen
0x1C000CD18: "DisableReadHooking" ??_C@_1CG@LENPGIAP@?$AAD?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AAR?$AAe?$AAa?$AAd?$AAH?$AAo?$AAo?$AAk?$AAi?$AAn?$AAg?$AA?$AA@
0x1C0016720: "__cdecl _imp_ZwOpenProcessTokenEx" __imp_ZwOpenProcessTokenEx
0x1C002EB1C: MpTxfIsFileLockByTransaction
0x1C0030900: MpImageVerificationCallback
0x1C0016240: "__cdecl _imp_FltGetRequestorProcess" __imp_FltGetRequestorProcess
0x1C0016528: "__cdecl _imp_ObQueryNameString" __imp_ObQueryNameString
0x1C0016670: "__cdecl _imp_ZwClose" __imp_ZwClose
0x1C001ED84: MpCopyCacheMatch
0x1C002E4D0: MpDeleteInstanceContext
0x1C0001940: MpPostMountVolume
0x1C000D910: "dump" ??_C@_19PPJMBAGP@?$AAd?$AAu?$AAm?$AAp?$AA?$AA@
0x1C001A8B4: MpGetStorageDeviceAttributes
0x1C004B120: MpFgAuditShutdown
0x1C002EAC8: MpRegpMatchName
0x1C0016488: "__cdecl _imp_RtlInitializeGenericTableAvl" __imp_RtlInitializeGenericTableAvl
0x1C000CA38: "MaxCopyCacheSize" ??_C@_1CC@JDKKCMJO@?$AAM?$AAa?$AAx?$AAC?$AAo?$AAp?$AAy?$AAC?$AAa?$AAc?$AAh?$AAe?$AAS?$AAi?$AAz?$AAe?$AA?$AA@
0x1C00163F8: "__cdecl _imp_PsGetProcessId" __imp_PsGetProcessId
0x1C0029A30: MpRegpCopyUnicodeString
0x1C000D5D0: "[Mini-filter] Blocked transacted" ??_C@_1JG@JLECMAME@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAB?$AAl?$AAo?$AAc?$AAk?$AAe?$AAd?$AA?5?$AAt?$AAr?$AAa?$AAn?$AAs?$AAa?$AAc?$AAt?$AAe?$AAd@
0x1C0016250: "__cdecl _imp_FltSendMessage" __imp_FltSendMessage
0x1C0012530: FunctionMinimumOutputBufferLength
0x1C0019338: MpUpdateDirectoryMonitorConfig
0x1C0016090: "__cdecl _imp_FltIsOperationSynchronous" __imp_FltIsOperationSynchronous
0x1C000130C: RtlStringCbCopyUnicodeString
0x1C0027DA0: MpRegPreSetValueKey
0x1C00163E8: "__cdecl _imp_PsDereferenceImpersonationToken" __imp_PsDereferenceImpersonationToken
0x1C000D368: "CmCallbackReleaseKeyObjectIDEx" ??_C@_1DO@NODJNCGF@?$AAC?$AAm?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AAR?$AAe?$AAl?$AAe?$AAa?$AAs?$AAe?$AAK?$AAe?$AAy?$AAO?$AAb?$AAj?$AAe?$AAc?$AAt?$AAI?$AAD?$AAE?$AAx?$AA?$AA@
0x1C0051654: MpInitializeBoostManager
0x1C002F040: MpSaveCsvStreamStateToCacheEntry
0x1C004D8E8: MpCreateSecurityDescriptor
0x1C00165F0: IoFileObjectType
0x1C00162E8: "__cdecl _imp_NtClose" __imp_NtClose
0x1C0002060: RtlStringCbLengthA
0x1C0012720: MpConfig
0x1C004A7FC: MpShutdownBoostManager
0x1C0008714: ExAllocateFromNPagedLookasideList
0x1C0016680: "__cdecl _imp_KeInitializeEvent" __imp_KeInitializeEvent
0x1C000A290: RtlStringValidateDestA
0x1C0016370: "__cdecl _imp_ObOpenObjectByPointer" __imp_ObOpenObjectByPointer
0x1C002B2F4: MpRegAddMatches
0x1C00160A8: "__cdecl _imp_FltInitExtraCreateParameterLookasideList" __imp_FltInitExtraCreateParameterLookasideList
0x1C000C900: "WmiQueryTraceInformation" ??_C@_1DC@DOCOAJH@?$AAW?$AAm?$AAi?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAT?$AAr?$AAa?$AAc?$AAe?$AAI?$AAn?$AAf?$AAo?$AAr?$AAm?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?$AA@
0x1C0016740: "__cdecl _imp_RtlValidSid" __imp_RtlValidSid
0x1C00164D8: "__cdecl _imp_WmiQueryTraceInformation" __imp_WmiQueryTraceInformation
0x1C00124E0: FunctionInputBufferLength
0x1C004B2A8: MpFgCleanup
0x1C001D28C: MpMatchPerServiceSidByObj
0x1C002F0D0: MpRegpFreeDeleteKeyContext
0x1C002BD60: MpSetProcessInfo
0x1C0003C18: RtlAnsiCharToUnicodeChar
0x1C000D138: "\Services\MpHardCodedBlockHive" ??_C@_1DO@FBGHDKBA@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAM?$AAp?$AAH?$AAa?$AAr?$AAd?$AAC?$AAo?$AAd?$AAe?$AAd?$AAB?$AAl?$AAo?$AAc?$AAk?$AAH?$AAi?$AAv?$AAe?$AA?$AA@
0x1C00162B8: InitSafeBootMode
0x1C0028998: MpGetProcessContextById
0x1C0028850: MpRegpMatchUserClasses
0x1C000BA00: "EtwUnregister" ??_C@_1BM@CJMKDOJH@?$AAE?$AAt?$AAw?$AAU?$AAn?$AAr?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AA?$AA@
0x1C004B318: MpFgFreeAuditTable
0x1C000D900: "refresh" ??_C@_1BA@JNAAFBIF@?$AAr?$AAe?$AAf?$AAr?$AAe?$AAs?$AAh?$AA?$AA@
0x1C000C490: "\MicrosoftMalwareProtectionAsync" ??_C@_1EO@PHBKDLPE@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAA?$AAs?$AAy?$AAn?$AAc@
0x1C004A850: MppReleaseBoostControl
0x1C000B320: "msmpeng.exe" ??_C@_1BI@EGPLNILF@?$AAm?$AAs?$AAm?$AAp?$AAe?$AAn?$AAg?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C001DA88: MpSetProcessExempt
0x1C0028410: MpRegpMatchEntry
0x1C0016580: "__cdecl _imp_InitializeSListHead" __imp_InitializeSListHead
0x1C0008800: WPP_SF_DZS
0x1C000C888: "msseces.exe" ??_C@_1BI@GGCLIBIC@?$AAm?$AAs?$AAs?$AAe?$AAc?$AAe?$AAs?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C000CF00: "IoBoostThreadIo" ??_C@_1CA@HKDODENE@?$AAI?$AAo?$AAB?$AAo?$AAo?$AAs?$AAt?$AAT?$AAh?$AAr?$AAe?$AAa?$AAd?$AAI?$AAo?$AA?$AA@
0x1C000D308: "LoadAppInit_DLLs" ??_C@_1CC@CEEDBKEJ@?$AAL?$AAo?$AAa?$AAd?$AAA?$AAp?$AAp?$AAI?$AAn?$AAi?$AAt?$AA_?$AAD?$AAL?$AAL?$AAs?$AA?$AA@
0x1C0016138: "__cdecl _imp_FltFreeGenericWorkItem" __imp_FltFreeGenericWorkItem
0x1C00164C8: "__cdecl _imp_ExDeleteNPagedLookasideList" __imp_ExDeleteNPagedLookasideList
0x1C001D854: MpReleaseProcessContextListEntry
0x1C0001058: RtlStringCbCopyW
0x1C002FC38: MpConvertOffsetToPointer
0x1C001D7E8: MpUpdateProcessesWithExclusions
0x1C0003080: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1C0005320: memcmp
0x1C0043E6C: MpDeleteBootSectorCache
0x1C0016658: "__cdecl _imp_PsIsSystemThread" __imp_PsIsSystemThread
0x1C002E690: MpQueryFileUsn
0x1C002D100: MpFsCtlQueryNormalizedName
0x1C0028930: MpShouldSendBmMessage
0x1C00447F0: MpRegHardenningBlockOperation
0x1C000BE10: "\ProgramData\Microsoft\Windows D" ??_C@_1GE@NFEOGLNH@?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AAD?$AAa?$AAt?$AAa?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAD@
0x1C002DB80: MpCheckForFolderGuard
0x1C0023A00: MpObPreOperationCallback
0x1C00163D0: "__cdecl _imp_PsReferencePrimaryToken" __imp_PsReferencePrimaryToken
0x1C00165A8: "__cdecl _imp_RtlGUIDFromString" __imp_RtlGUIDFromString
0x1C0016228: "__cdecl _imp_FltDeleteStreamHandleContext" __imp_FltDeleteStreamHandleContext
0x1C000C440: "\MicrosoftMalwareProtectionRemot" ??_C@_1FA@DIEGKIB@?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AAM?$AAa?$AAl?$AAw?$AAa?$AAr?$AAe?$AAP?$AAr?$AAo?$AAt?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AAR?$AAe?$AAm?$AAo?$AAt@
0x1C000CAE0: "DebugPassthroughEnabled" ??_C@_1DA@MEFCHBLH@?$AAD?$AAe?$AAb?$AAu?$AAg?$AAP?$AAa?$AAs?$AAs?$AAt?$AAh?$AAr?$AAo?$AAu?$AAg?$AAh?$AAE?$AAn?$AAa?$AAb?$AAl?$AAe?$AAd?$AA?$AA@
0x1C000B3C0: "\Registry" ??_C@_1BE@BNJCNEJN@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?$AA@
0x1C001F644: MpQueryNetworkOpenInformation
0x1C000D770: WPP_1105110f9d013a1af36523fa45571c17_Traceguids
0x1C000D9B0: WPP_9c03e9b33546366b2b250d9e87f4a20e_Traceguids
0x1C000B050: $DATA
0x1C0043550: WppLoadTracingSupport
0x1C001C2E8: MpSetUntrustedProcess
0x1C0016430: "__cdecl _imp_ExRegisterCallback" __imp_ExRegisterCallback
0x1C001EF04: MpAllowCodeInjection
0x1C00162B0: "__cdecl _imp_IoWMIRegistrationControl" __imp_IoWMIRegistrationControl
0x1C000C648: "\Program Files (x86)\" ??_C@_1CM@CJOMGIHN@?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe?$AAs?$AA?5?$AA?$CI?$AAx?$AA8?$AA6?$AA?$CJ?$AA?2?$AA?$AA@
0x1C00516F8: MpFgInitialize
0x1C0047828: MpCleanupDocOpenRules
0x1C000D718: "create" ??_C@_1O@KBENBEFG@?$AAc?$AAr?$AAe?$AAa?$AAt?$AAe?$AA?$AA@
0x1C000D870: "SeUnregisterImageVerificationCal" ??_C@_1EM@NNFHNH@?$AAS?$AAe?$AAU?$AAn?$AAr?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAI?$AAm?$AAa?$AAg?$AAe?$AAV?$AAe?$AAr?$AAi?$AAf?$AAi?$AAc?$AAa?$AAt?$AAi?$AAo?$AAn?$AAC?$AAa?$AAl@
0x1C001938C: MpBoostLowPriThreads
0x1C000C810: "\Register-CimProvider.exe" ??_C@_1DE@FEDAGPP@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AA?9?$AAC?$AAi?$AAm?$AAP?$AAr?$AAo?$AAv?$AAi?$AAd?$AAe?$AAr?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C002EEB0: MpTxfDeleteContext
0x1C000B3B0: GUID_ECP_CREATE_REDIRECTION
0x1C000D020: "FltCreateSectionForDataScan" ??_C@_0BM@OHPFJFKD@FltCreateSectionForDataScan?$AA@
0x1C0031AA8: MpFgCreateProtectedFoldersTable
0x1C00489C0: MpFreeDriverInfoEx
0x1C0019610: MpNriNotificationCallback
0x1C000CB78: "AsyncTimeout" ??_C@_1BK@PLPOAKJI@?$AAA?$AAs?$AAy?$AAn?$AAc?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AA?$AA@
0x1C002F8E8: MpConvertMultiSzOffsetToPointer
0x1C004C4B8: MpQueryObjectNameByHandle
0x1C000CCB8: "RefsFileStateCacheType" ??_C@_1CO@HMHJLLEE@?$AAR?$AAe?$AAf?$AAs?$AAF?$AAi?$AAl?$AAe?$AAS?$AAt?$AAa?$AAt?$AAe?$AAC?$AAa?$AAc?$AAh?$AAe?$AAT?$AAy?$AAp?$AAe?$AA?$AA@
0x1C0016750: "__cdecl _imp_ZwQuerySystemInformation" __imp_ZwQuerySystemInformation
0x1C0016610: "__cdecl _imp_ExAcquireResourceSharedLite" __imp_ExAcquireResourceSharedLite
0x1C0016550: "__cdecl _imp_SeSinglePrivilegeCheck" __imp_SeSinglePrivilegeCheck
0x1C0004868: WPP_SF_DZDiis
0x1C00165A0: "__cdecl _imp_KeBugCheckEx" __imp_KeBugCheckEx
0x1C000D8C0: WPP_8e11d6527dcf3164a1e3696bbc6cb050_Traceguids
0x1C004F8E0: MpRegCreateHardeningList
0x1C0029CB0: MpObHandleOpenDesktopCallback
0x1C0029824: MpRegPreDeleteValueKey
0x1C0042A5C: MpWriteRawDevice
0x1C0006D78: WPP_SF_ddd
0x1C0006D78: WPP_SF_DDD
0x1C00163F0: "__cdecl _imp_PsProcessType" __imp_PsProcessType
0x1C00427F0: MpValidateAndReferenceBootScanDevice
0x1C0004D48: WPP_SF_iii
0x1C0029438: MpAllocateProcessContextListEntry
0x1C0006BAC: WPP_SF_qqq
0x1C004694C: MpFsCtlQueryProcessInformation
0x1C000A038: WPP_SF_dZD
0x1C0007158: WPP_SF_qZq
0x1C00166B0: "__cdecl _imp_PsThreadType" __imp_PsThreadType
0x1C000D1A0: "\Services\MpBoot" ??_C@_1CC@IMMGFPBD@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAM?$AAp?$AAB?$AAo?$AAo?$AAt?$AA?$AA@
0x1C0028A90: MpGetProcessContextByObject
0x1C002F060: MpRegpAllocDeleteKeyContext
0x1C000C1C8: AMFilter_CacheFlushId
0x1C0009804: WPP_SF_IIIII
0x1C0016260: "__cdecl _imp_KeQueryPerformanceCounter" __imp_KeQueryPerformanceCounter
0x1C0012578: MpData
0x1C0004C58: WPP_SF_iZiii
0x1C0044770: MpRegHardeningCallback
0x1C00165E0: "__cdecl _imp_ExReleaseResourceLite" __imp_ExReleaseResourceLite
0x1C0009BDC: WPP_SF_dddD
0x1C0006F6C: WPP_SF_qqqq
0x1C0016760: "__cdecl _imp_SeTokenObjectType" __imp_SeTokenObjectType
0x1C002F2C4: MpRegUpdateData
0x1C001C710: MpPostSetInfo
0x1C00081B8: WPP_SF_qDqL
0x1C002DC50: MpSaveStreamStateToFileStateGenericTable
0x1C000D448: WPP_c31070052f05389cb9a038180f83550c_Traceguids
0x1C002F030: MpRedirectionEcpContextInitializer
0x1C000C680: "[Mini-filter] Denied access to f" ??_C@_1GE@NGNPNLDP@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAD?$AAe?$AAn?$AAi?$AAe?$AAd?$AA?5?$AAa?$AAc?$AAc?$AAe?$AAs?$AAs?$AA?5?$AAt?$AAo?$AA?5?$AAf@
0x1C00072F4: WPP_SF_qZqL
0x1C0012360: "__cdecl _security_cookie" __security_cookie
0x1C0009020: WPP_SF_DDDS
0x1C0009B1C: WPP_SF_dSdd
0x1C0009CE4: WPP_SF_qqqD
0x1C0007218: WPP_SF_qZqD
0x1C000822C: WPP_SF_qPqL
0x1C000C7D0: "\msiexec.exe" ??_C@_1BK@HMAEIBGN@?$AA?2?$AAm?$AAs?$AAi?$AAe?$AAx?$AAe?$AAc?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C0002648: "__cdecl woutput_l" _woutput_l
0x1C0016518: "__cdecl _imp_KeCancelTimer" __imp_KeCancelTimer
0x1C0029B7C: MpRegPostDeleteValueKey
0x1C0031318: MpGetInstanceStatistics
0x1C002C364: MpTxfAddStream
0x1C00514A8: MpSeqDetectCtxInitialize
0x1C0031F70: MpSetMonitorFlags
0x1C0001AB0: MpPreWrite
0x1C0016010: "__cdecl _imp_FltIsEcpFromUserMode" __imp_FltIsEcpFromUserMode
0x1C000D4A0: "ObRegisterCallbacks" ??_C@_1CI@BDIOJKKO@?$AAO?$AAb?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAC?$AAa?$AAl?$AAl?$AAb?$AAa?$AAc?$AAk?$AAs?$AA?$AA@
0x1C000B808: WPP_d45b2feee36232710d46d09624685ed4_Traceguids
0x1C0016078: "__cdecl _imp_FltEnlistInTransaction" __imp_FltEnlistInTransaction
0x1C0016350: "__cdecl _imp_RtlCompareMemory" __imp_RtlCompareMemory
0x1C005154C: MpPowerStatusInitialize
0x1C000D040: "FltCloseSectionForDataScan" ??_C@_0BL@FGFKBLMB@FltCloseSectionForDataScan?$AA@
0x1C004AD50: FgSendEventsWorker
0x1C000188C: RtlStringCbLengthW
0x1C0008390: McGenControlCallbackV2
0x1C000C938: "EtwRegisterClassicProvider" ??_C@_1DG@PFOPAIND@?$AAE?$AAt?$AAw?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAe?$AAr?$AAC?$AAl?$AAa?$AAs?$AAs?$AAi?$AAc?$AAP?$AAr?$AAo?$AAv?$AAi?$AAd?$AAe?$AAr?$AA?$AA@
0x1C000B6C8: "manifest" ??_C@_1BC@MEAJDFGD@?$AAm?$AAa?$AAn?$AAi?$AAf?$AAe?$AAs?$AAt?$AA?$AA@
0x1C000A2AC: RtlStringValidateDestW
0x1C0016310: "__cdecl _imp_RtlInsertElementGenericTable" __imp_RtlInsertElementGenericTable
0x1C0044FA4: MpRegPostRestoreKey
0x1C00013FC: RtlUnicodeStringValidateWorker
0x1C000C198: AMFilter_TrustedProcessId
0x1C004F150: MpLoadRegistryParameters
0x1C0016220: "__cdecl _imp_FltQueryInformationFile" __imp_FltQueryInformationFile
0x1C000B6B0: "dat" ??_C@_17OJIJGFOD@?$AAd?$AAa?$AAt?$AA?$AA@
0x1C00160B8: "__cdecl _imp_FltDeleteExtraCreateParameterLookasideList" __imp_FltDeleteExtraCreateParameterLookasideList
0x1C003161C: MpRemoveBackupFile
0x1C0016398: "__cdecl _imp_KeInitializeTimer" __imp_KeInitializeTimer
0x1C000BA58: WPP_22bc16caa04a32c651fe4ea420c81cd8_Traceguids
0x1C0048CC0: MpPackLoadedDriverInfo
0x1C004C2F0: MpGetProcessName
0x1C00165C0: "__cdecl _imp_ProbeForRead" __imp_ProbeForRead
0x1C0016018: "__cdecl _imp_FltGetEcpListFromCallbackData" __imp_FltGetEcpListFromCallbackData
0x1C004A180: MpPowerStatusCallback
0x1C0050158: MpCreateMpServiceSID
0x1C0016278: "__cdecl _imp_RtlQueryRegistryValues" __imp_RtlQueryRegistryValues
0x1C00160D0: "__cdecl _imp_FltUnregisterFilter" __imp_FltUnregisterFilter
0x1C004B1F0: MpFgAuditTableFreeRoutine
0x1C000C6F0: "[Mini-filter] Denied access to f" ??_C@_1IO@NCJCMBEF@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAD?$AAe?$AAn?$AAi?$AAe?$AAd?$AA?5?$AAa?$AAc?$AAc?$AAe?$AAs?$AAs?$AA?5?$AAt?$AAo?$AA?5?$AAf@
0x1C0002638: "__cdecl flsbuf" _flsbuf
0x1C0016178: "__cdecl _imp_FltGetVolumeGuidName" __imp_FltGetVolumeGuidName
0x1C0009488: WPP_SF_qI
0x1C00042E8: WPP_SF_qi
0x1C0001A54: WPP_SF_qL
0x1C00440E4: MpTxfCleanup
0x1C0016338: "__cdecl _imp_RtlStringFromGUID" __imp_RtlStringFromGUID
0x1C0001A54: WPP_SF_qD
0x1C0001A54: WPP_SF_qd
0x1C0006B04: WPP_SF_qZ
0x1C000D268: "\Services\WinDefend" ??_C@_1CI@OHMGGK@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAW?$AAi?$AAn?$AAD?$AAe?$AAf?$AAe?$AAn?$AAd?$AA?$AA@
0x1C0006EB0: WPP_SF_qq
0x1C00199BC: MpReadRawDevice
0x1C0008644: WPP_SF_qS
0x1C0032064: MpFgUpdateDispatchConfig
0x1C00423F8: MpRemoveWriteAccess
0x1C0016030: "__cdecl _imp_FltSetEcpListIntoCallbackData" __imp_FltSetEcpListIntoCallbackData
0x1C00162D0: "__cdecl _imp_KeFlushQueuedDpcs" __imp_KeFlushQueuedDpcs
0x1C0016498: "__cdecl _imp_RtlLookupElementGenericTableAvl" __imp_RtlLookupElementGenericTableAvl
0x1C000B970: WPP_bece0e1adb6030f825cc23b3163dd9cf_Traceguids
0x1C00162B8: "__cdecl _imp_InitSafeBootMode" __imp_InitSafeBootMode
0x1C004D044: "__cdecl _security_init_cookie" __security_init_cookie
0x1C0016180: "__cdecl _imp_FltDeletePushLock" __imp_FltDeletePushLock
0x1C004DB90: MpInitializeProcessExclusions
0x1C000423C: WPP_SF_q
0x1C0031028: MpQueryStatistics
0x1C002B28C: MpRegpParseInfiniteWildcard
0x1C00314CC: MpCreateBootScanContext
0x1C0016298: "__cdecl _imp_KeQueryTimeIncrement" __imp_KeQueryTimeIncrement
0x1C00127B0: WPPTraceSuite
0x1C002EC00: MpReleaseWriteContextWorker
0x1C00166C0: "__cdecl _imp_KeSetEvent" __imp_KeSetEvent
0x1C0001F50: MpPostRead
0x1C0031598: MpDeleteBootScanContext
0x1C00426C0: MpShutdownProcessExclusions
0x1C00053F6: wcscmp
0x1C000B830: "bad" ??_C@_03HBABANP@bad?$AA@
0x1C000BD08: WPP_7c5668faffcf35fc26363346b5a7df67_Traceguids
0x1C004B1F0: MpFgAvlFreeRoutine
0x1C000B7C0: GUID_ECP_CREATE_USER_PROCESS
0x1C0016080: "__cdecl _imp_FltDeleteContext" __imp_FltDeleteContext
0x1C000D6F0: "trusted" ??_C@_1BA@HGOCJFHE@?$AAt?$AAr?$AAu?$AAs?$AAt?$AAe?$AAd?$AA?$AA@
0x1C000B658: "Unsuccessful scan status" ??_C@_1DC@DGMADFJF@?$AAU?$AAn?$AAs?$AAu?$AAc?$AAc?$AAe?$AAs?$AAs?$AAf?$AAu?$AAl?$AA?5?$AAs?$AAc?$AAa?$AAn?$AA?5?$AAs?$AAt?$AAa?$AAt?$AAu?$AAs?$AA?$AA@
0x1C0046AF8: MpFsCtlQueryStreamInformation
0x1C0043240: MpQueryTeardown
0x1C0001528: MpFileTimeToUlong64
0x1C0049E50: MpReleaseBootProcessEntry
0x1C0019CE0: MpInstanceSetup
0x1C0042FF0: McGenEventTracingUnregister
0x1C0009F48: WPP_SF_DdZDD
0x1C000D3B0: "\Registry\Machine\SYSTEM\Current" ??_C@_1FG@PANEFCNO@?$AA?2?$AAR?$AAe?$AAg?$AAi?$AAs?$AAt?$AAr?$AAy?$AA?2?$AAM?$AAa?$AAc?$AAh?$AAi?$AAn?$AAe?$AA?2?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt@
0x1C000D0B8: "\Parameters" ??_C@_1BI@BPNCJPFJ@?$AA?2?$AAP?$AAa?$AAr?$AAa?$AAm?$AAe?$AAt?$AAe?$AAr?$AAs?$AA?$AA@
0x1C0019534: MpQueryTransactionId
0x1C00194DC: MppBoostThread
0x1C00472B4: MpCopyCacheFreeString
0x1C000BAB8: "BLOCKED" ??_C@_1BA@NJLIBPMD@?$AAB?$AAL?$AAO?$AAC?$AAK?$AAE?$AAD?$AA?$AA@
0x1C000D178: "\Services\MsMpSvc" ??_C@_1CE@PEFCFOCK@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAM?$AAs?$AAM?$AAp?$AAS?$AAv?$AAc?$AA?$AA@
0x1C001259C: ExDefaultMdlProtection
0x1C0003FB8: WPP_SF_qdZiddD
0x1C0016148: "__cdecl _imp_FltSetStreamContext" __imp_FltSetStreamContext
0x1C000C550: "query" ??_C@_1M@ODHDFHNE@?$AAq?$AAu?$AAe?$AAr?$AAy?$AA?$AA@
0x1C00160E8: "__cdecl _imp_FltGetRequestorProcessId" __imp_FltGetRequestorProcessId
0x1C0046680: MpRegpFreeRenameKeyContext
0x1C000C5DC: "Wd" ??_C@_15OLPCAGEH@?$AAW?$AAd?$AA?$AA@
0x1C000B3F0: "_Classes" ??_C@_1BC@PGMOPNLK@?$AA_?$AAC?$AAl?$AAa?$AAs?$AAs?$AAe?$AAs?$AA?$AA@
0x1C004F5C8: MpSetDefaultConfigs
0x1C004B384: MpFgIsFileProtected
0x1C002F020: MpInstanceTeardownComplete
0x1C0040950: MpAsyncpWorkerThread
0x1C0024020: MpAmPostCreate
0x1C0002430: "__cdecl _report_gsfailure" __report_gsfailure
0x1C001D890: MpUpdateProcessTrust
0x1C000CA60: "MaxConsecutiveTimeoutsUntilPassT" ??_C@_1EO@GKMHDOG@?$AAM?$AAa?$AAx?$AAC?$AAo?$AAn?$AAs?$AAe?$AAc?$AAu?$AAt?$AAi?$AAv?$AAe?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AAs?$AAU?$AAn?$AAt?$AAi?$AAl?$AAP?$AAa?$AAs?$AAs?$AAT@
0x1C000D930: "untrust" ??_C@_1BA@KJJGDIHC@?$AAu?$AAn?$AAt?$AAr?$AAu?$AAs?$AAt?$AA?$AA@
0x1C001F5B0: MpAsyncCreateNotification
0x1C0016088: "__cdecl _imp_FltQueueGenericWorkItem" __imp_FltQueueGenericWorkItem
0x1C0050DB8: MpUpdateRunningProcesses
0x1C004B160: MpFgAvlAllocateRoutine
0x1C0045834: MpRegPreReplaceKey
0x1C0046188: MpRegShutdown
0x1C0016700: "__cdecl _imp_KeWaitForMultipleObjects" __imp_KeWaitForMultipleObjects
0x1C002B400: MpRegpCalculateNotificationSize
0x1C004EDF8: MpInitializeLookasideLists
0x1C0016270: "__cdecl _imp_RtlVerifyVersionInfo" __imp_RtlVerifyVersionInfo
0x1C0009DE4: MpSeqDetectCtxShutdown
0x1C00498C8: MpQueryRuntimeDrivers
0x1C000D540: "[Mini-filter] Injection into pro" ??_C@_1II@MCEHBKAA@?$AA?$FL?$AAM?$AAi?$AAn?$AAi?$AA?9?$AAf?$AAi?$AAl?$AAt?$AAe?$AAr?$AA?$FN?$AA?5?$AAI?$AAn?$AAj?$AAe?$AAc?$AAt?$AAi?$AAo?$AAn?$AA?5?$AAi?$AAn?$AAt?$AAo?$AA?5?$AAp?$AAr?$AAo@
0x1C00166D8: "__cdecl _imp_ExQueryDepthSList" __imp_ExQueryDepthSList
0x1C00126F8: MpTxfData
0x1C0007C9C: WPP_SF_qssL
0x1C0016730: "__cdecl _imp_RtlAnsiCharToUnicodeChar" __imp_RtlAnsiCharToUnicodeChar
0x1C00165F0: "__cdecl _imp_IoFileObjectType" __imp_IoFileObjectType
0x1C0016578: "__cdecl _imp_ExInitializeResourceLite" __imp_ExInitializeResourceLite
0x1C002F1C8: MpUpdateProcessesWithDocOpenRules
0x1C0042C20: McGenControlCallback
0x1C0050FE4: MpInitializeDriverInfo
0x1C00164E0: "__cdecl _imp_RtlInitializeGenericTable" __imp_RtlInitializeGenericTable
0x1C0030170: MpDasdVolumeWriteNotify
0x1C001E9CC: MpValidateAndReferenceStream
0x1C0023A50: MpObHandleOpenProcessCallback
0x1C00164B8: "__cdecl _imp_KeReadStateTimer" __imp_KeReadStateTimer
0x1C0016520: "__cdecl _imp_KeRemoveQueueDpc" __imp_KeRemoveQueueDpc
0x1C002E1C4: MpAllowAccessBasedOnHipsRule
0x1C000BED0: "Windows Defender" ??_C@_1CC@BGCBEJJH@?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAD?$AAe?$AAf?$AAe?$AAn?$AAd?$AAe?$AAr?$AA?$AA@
0x1C0049EA0: MpReleaseDriverEntry
0x1C005034C: MpCreateNriServiceSID
0x1C001BE80: MpIsProcessExemptByData
0x1C00500A4: MpRegisterRegCallback
0x1C000B360: "mpcmdrun.exe" ??_C@_1BK@PPDNOEJP@?$AAm?$AAp?$AAc?$AAm?$AAd?$AAr?$AAu?$AAn?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x1C0049F44: MpReleaseElamRegistryEntry
0x1C0016790: ntoskrnl_NULL_THUNK_DATA
0x1C0016470: "__cdecl _imp_IoGetAttachedDeviceReference" __imp_IoGetAttachedDeviceReference
0x1C0008EA0: RtlUnicodeStringCat
0x1C0016688: "__cdecl _imp_ExFreePoolWithTag" __imp_ExFreePoolWithTag
0x1C0016630: "__cdecl _imp_KeEnterCriticalRegion" __imp_KeEnterCriticalRegion
0x1C001C4E0: MpRegpFreeSetValueContext
0x1C0047494: MpGetProcessFileObject
0x1C0016348: "__cdecl _imp_IoGetTransactionParameterBlock" __imp_IoGetTransactionParameterBlock
0x1C0016780: "__cdecl _imp_ZwOpenFile" __imp_ZwOpenFile
0x1C000A234: RtlStringVPrintfWorkerA
0x1C0040F60: MpAsyncpRemoveNotificationsUnsafe
0x1C0016248: "__cdecl _imp_FltReleasePushLockEx" __imp_FltReleasePushLockEx
0x1C000D2B8: "\Services\WdNisSvc" ??_C@_1CG@KNNDENGE@?$AA?2?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAs?$AA?2?$AAW?$AAd?$AAN?$AAi?$AAs?$AAS?$AAv?$AAc?$AA?$AA@
0x1C000B080: Wow64cpuModulePath
0x1C000BD18: WPP_10113ad8427a35f85362d363111a1812_Traceguids
0x1C0016380: "__cdecl _imp_RtlInitializeSid" __imp_RtlInitializeSid
0x1C00019C0: RtlStringVPrintfWorkerW
0x1C00161F0: "__cdecl _imp_FltQueryEaFile" __imp_FltQueryEaFile
0x1C000D9A0: WPP_0b0b9a2142e53efd8d8e0b4d91399f82_Traceguids
0x1C0016638: "__cdecl _imp_RtlSetDaclSecurityDescriptor" __imp_RtlSetDaclSecurityDescriptor
0x1C0047300: MpCreateProcessNotifyRoutine
0x1C003023C: MpSendRawVolumeWriteAsyncMessage
0x1C004DC28: DriverEntry
0x1C004AB50: MpValidateCsvStreamState
0x1C0029080: MpGetProcessContextList
0x1C0003CD0: WPP_SF_ZDi
0x1C000651C: WPP_SF_SDP
0x1C002B594: MpRegpAllocSetValueContext
0x1C002FD20: MpConvertStringOffsetToPointer
0x1C00085B4: WPP_SF_Sd
0x1C0016468: "__cdecl _imp_PoUnregisterPowerSettingCallback" __imp_PoUnregisterPowerSettingCallback
0x1C000BEF8: "\Windows\System32\Drivers\" ??_C@_1DG@DIBNDECO@?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA3?$AA2?$AA?2?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2?$AA?$AA@
0x1C0012000: Microsoft_Antimalware_AMFilter_Context
0x1C0003A10: "__cdecl fputwc_nolock" _fputwc_nolock
0x1C0031728: MpFsCtlSetFileStateFlags
0x1C0026740: MpObSendOpenProcessBMNotification
0x1C0016708: "__cdecl _imp_memcpy_s" __imp_memcpy_s
0x1C0012788: MpProcessTable
0x1C000D940: "firstuntrusted" ??_C@_1BO@BLJNPJBI@?$AAf?$AAi?$AAr?$AAs?$AAt?$AAu?$AAn?$AAt?$AAr?$AAu?$AAs?$AAt?$AAe?$AAd?$AA?$AA@
0x1C0012710: pfnWppTraceMessage
0x1C0020480: MpGetInstanceFromFileObject
0x1C0016050: "__cdecl _imp_FltRetrieveIoPriorityInfo" __imp_FltRetrieveIoPriorityInfo
0x1C00162D8: "__cdecl _imp_ZwOpenKey" __imp_ZwOpenKey
0x1C0003D80: WPP_SF_qqqiZ
0x1C0016408: ExDesktopObjectType
0x1C00434C4: WppInitKm
0x1C0016118: "__cdecl _imp_FltParseFileNameInformation" __imp_FltParseFileNameInformation
0x1C002FF70: MpValidateDocOpenUserData
0x1C0016318: "__cdecl _imp_RtlGetElementGenericTable" __imp_RtlGetElementGenericTable
0x1C001AE2C: MpIsHotPluggable
0x1C0016268: HAL_NULL_THUNK_DATA
0x1C0008148: WPP_SF_S
0x1C002C264: MpRegPostDeleteKey
0x1C002E040: MpCompareBackupFileMapKeys
0x1C0005780: memset
0x1C00167E4: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
0x1C004E4DC: MpGetSystemRoutines
0x1C000CD40: "FolderGuardDispatchTimer" ??_C@_1DC@CICHHCEH@?$AAF?$AAo?$AAl?$AAd?$AAe?$AAr?$AAG?$AAu?$AAa?$AAr?$AAd?$AAD?$AAi?$AAs?$AAp?$AAa?$AAt?$AAc?$AAh?$AAT?$AAi?$AAm?$AAe?$AAr?$AA?$AA@
0x1C000B200: MpCmdRunFileName
0x1C000CF90: "IoGetSiloParameters" ??_C@_1CI@POOIPGIP@?$AAI?$AAo?$AAG?$AAe?$AAt?$AAS?$AAi?$AAl?$AAo?$AAP?$AAa?$AAr?$AAa?$AAm?$AAe?$AAt?$AAe?$AAr?$AAs?$AA?$AA@
0x1C000D920: "trust" ??_C@_1M@NMIBABOO@?$AAt?$AAr?$AAu?$AAs?$AAt?$AA?$AA@
0x1C0043A70: MpSendAsyncPanicModeMessage

[JEB Decompiler by PNF Software]