hasherezade/KUSER_SHARED_DATA_Win10_dump.txt Secret

## KUSER_SHARED_DATA_Win10_dump.txt
0:000> dt _KUSER_SHARED_DATA
ntdll!_KUSER_SHARED_DATA
   +0x000 TickCountLowDeprecated : Uint4B
   +0x004 TickCountMultiplier : Uint4B
   +0x008 InterruptTime    : _KSYSTEM_TIME
   +0x014 SystemTime       : _KSYSTEM_TIME
   +0x020 TimeZoneBias     : _KSYSTEM_TIME
   +0x02c ImageNumberLow   : Uint2B
   +0x02e ImageNumberHigh  : Uint2B
   +0x030 NtSystemRoot     : [260] Wchar
   +0x238 MaxStackTraceDepth : Uint4B
   +0x23c CryptoExponent   : Uint4B
   +0x240 TimeZoneId       : Uint4B
   +0x244 LargePageMinimum : Uint4B
   +0x248 AitSamplingValue : Uint4B
   +0x24c AppCompatFlag    : Uint4B
   +0x250 RNGSeedVersion   : Uint8B
   +0x258 GlobalValidationRunlevel : Uint4B
   +0x25c TimeZoneBiasStamp : Int4B
   +0x260 NtBuildNumber    : Uint4B
   +0x264 NtProductType    : _NT_PRODUCT_TYPE
   +0x268 ProductTypeIsValid : UChar
   +0x269 Reserved0        : [1] UChar
   +0x26a NativeProcessorArchitecture : Uint2B
   +0x26c NtMajorVersion   : Uint4B
   +0x270 NtMinorVersion   : Uint4B
   +0x274 ProcessorFeatures : [64] UChar
   +0x2b4 Reserved1        : Uint4B
   +0x2b8 Reserved3        : Uint4B
   +0x2bc TimeSlip         : Uint4B
   +0x2c0 AlternativeArchitecture : _ALTERNATIVE_ARCHITECTURE_TYPE
   +0x2c4 BootId           : Uint4B
   +0x2c8 SystemExpirationDate : _LARGE_INTEGER
   +0x2d0 SuiteMask        : Uint4B
   +0x2d4 KdDebuggerEnabled : UChar
   +0x2d5 MitigationPolicies : UChar
   +0x2d5 NXSupportPolicy  : Pos 0, 2 Bits
   +0x2d5 SEHValidationPolicy : Pos 2, 2 Bits
   +0x2d5 CurDirDevicesSkippedForDlls : Pos 4, 2 Bits
   +0x2d5 Reserved         : Pos 6, 2 Bits
   +0x2d6 CyclesPerYield   : Uint2B
   +0x2d8 ActiveConsoleId  : Uint4B
   +0x2dc DismountCount    : Uint4B
   +0x2e0 ComPlusPackage   : Uint4B
   +0x2e4 LastSystemRITEventTickCount : Uint4B
   +0x2e8 NumberOfPhysicalPages : Uint4B
   +0x2ec SafeBootMode     : UChar
   +0x2ed VirtualizationFlags : UChar
   +0x2ee Reserved12       : [2] UChar
   +0x2f0 SharedDataFlags  : Uint4B
   +0x2f0 DbgErrorPortPresent : Pos 0, 1 Bit
   +0x2f0 DbgElevationEnabled : Pos 1, 1 Bit
   +0x2f0 DbgVirtEnabled   : Pos 2, 1 Bit
   +0x2f0 DbgInstallerDetectEnabled : Pos 3, 1 Bit
   +0x2f0 DbgLkgEnabled    : Pos 4, 1 Bit
   +0x2f0 DbgDynProcessorEnabled : Pos 5, 1 Bit
   +0x2f0 DbgConsoleBrokerEnabled : Pos 6, 1 Bit
   +0x2f0 DbgSecureBootEnabled : Pos 7, 1 Bit
   +0x2f0 DbgMultiSessionSku : Pos 8, 1 Bit
   +0x2f0 DbgMultiUsersInSessionSku : Pos 9, 1 Bit
   +0x2f0 DbgStateSeparationEnabled : Pos 10, 1 Bit
   +0x2f0 SpareBits        : Pos 11, 21 Bits
   +0x2f4 DataFlagsPad     : [1] Uint4B
   +0x2f8 TestRetInstruction : Uint8B
   +0x300 QpcFrequency     : Int8B
   +0x308 SystemCall       : Uint4B
   +0x30c Reserved2        : Uint4B
   +0x310 SystemCallPad    : [2] Uint8B
   +0x320 TickCount        : _KSYSTEM_TIME
   +0x320 TickCountQuad    : Uint8B
   +0x320 ReservedTickCountOverlay : [3] Uint4B
   +0x32c TickCountPad     : [1] Uint4B
   +0x330 Cookie           : Uint4B
   +0x334 CookiePad        : [1] Uint4B
   +0x338 ConsoleSessionForegroundProcessId : Int8B
   +0x340 TimeUpdateLock   : Uint8B
   +0x348 BaselineSystemTimeQpc : Uint8B
   +0x350 BaselineInterruptTimeQpc : Uint8B
   +0x358 QpcSystemTimeIncrement : Uint8B
   +0x360 QpcInterruptTimeIncrement : Uint8B
   +0x368 QpcSystemTimeIncrementShift : UChar
   +0x369 QpcInterruptTimeIncrementShift : UChar
   +0x36a UnparkedProcessorCount : Uint2B
   +0x36c EnclaveFeatureMask : [4] Uint4B
   +0x37c TelemetryCoverageRound : Uint4B
   +0x380 UserModeGlobalLogger : [16] Uint2B
   +0x3a0 ImageFileExecutionOptions : Uint4B
   +0x3a4 LangGenerationCount : Uint4B
   +0x3a8 Reserved4        : Uint8B
   +0x3b0 InterruptTimeBias : Uint8B
   +0x3b8 QpcBias          : Uint8B
   +0x3c0 ActiveProcessorCount : Uint4B
   +0x3c4 ActiveGroupCount : UChar
   +0x3c5 Reserved9        : UChar
   +0x3c6 QpcData          : Uint2B
   +0x3c6 QpcBypassEnabled : UChar
   +0x3c7 QpcShift         : UChar
   +0x3c8 TimeZoneBiasEffectiveStart : _LARGE_INTEGER
   +0x3d0 TimeZoneBiasEffectiveEnd : _LARGE_INTEGER
   +0x3d8 XState           : _XSTATE_CONFIGURATION
   +0x710 FeatureConfigurationChangeStamp : _KSYSTEM_TIME
   +0x71c Spare            : Uint4B

## KUSER_SHARED_DATA_Win10_resolved_dump.txt
0:000> dt _KUSER_SHARED_DATA 07FFE0000
ntdll!_KUSER_SHARED_DATA
   +0x000 TickCountLowDeprecated : 0
   +0x004 TickCountMultiplier : 0xfa00000
   +0x008 InterruptTime    : _KSYSTEM_TIME
   +0x014 SystemTime       : _KSYSTEM_TIME
   +0x020 TimeZoneBias     : _KSYSTEM_TIME
   +0x02c ImageNumberLow   : 0x8664
   +0x02e ImageNumberHigh  : 0x8664
   +0x030 NtSystemRoot     : [260]  "C:\Windows"
   +0x238 MaxStackTraceDepth : 0
   +0x23c CryptoExponent   : 0
   +0x240 TimeZoneId       : 2
   +0x244 LargePageMinimum : 0x200000
   +0x248 AitSamplingValue : 0
   +0x24c AppCompatFlag    : 0
   +0x250 RNGSeedVersion   : 8
   +0x258 GlobalValidationRunlevel : 0
   +0x25c TimeZoneBiasStamp : 0n6
   +0x260 NtBuildNumber    : 0x4a63
   +0x264 NtProductType    : 1 ( NtProductWinNt )
   +0x268 ProductTypeIsValid : 0x1 ''
   +0x269 Reserved0        : [1]  ""
   +0x26a NativeProcessorArchitecture : 9
   +0x26c NtMajorVersion   : 0xa
   +0x270 NtMinorVersion   : 0
   +0x274 ProcessorFeatures : [64]  ""
   +0x2b4 Reserved1        : 0x7ffeffff
   +0x2b8 Reserved3        : 0x80000000
   +0x2bc TimeSlip         : 0
   +0x2c0 AlternativeArchitecture : 0 ( StandardDesign )
   +0x2c4 BootId           : 0x13
   +0x2c8 SystemExpirationDate : _LARGE_INTEGER 0x0
   +0x2d0 SuiteMask        : 0x110
   +0x2d4 KdDebuggerEnabled : 0x1 ''
   +0x2d5 MitigationPolicies : 0xa ''
   +0x2d5 NXSupportPolicy  : 0y10
   +0x2d5 SEHValidationPolicy : 0y10
   +0x2d5 CurDirDevicesSkippedForDlls : 0y00
   +0x2d5 Reserved         : 0y00
   +0x2d6 CyclesPerYield   : 0x60
   +0x2d8 ActiveConsoleId  : 1
   +0x2dc DismountCount    : 0
   +0x2e0 ComPlusPackage   : 1
   +0x2e4 LastSystemRITEventTickCount : 0x1c08c
   +0x2e8 NumberOfPhysicalPages : 0x27bb8d
   +0x2ec SafeBootMode     : 0 ''
   +0x2ed VirtualizationFlags : 0 ''
   +0x2ee Reserved12       : [2]  ""
   +0x2f0 SharedDataFlags  : 0x10e
   +0x2f0 DbgErrorPortPresent : 0y0
   +0x2f0 DbgElevationEnabled : 0y1
   +0x2f0 DbgVirtEnabled   : 0y1
   +0x2f0 DbgInstallerDetectEnabled : 0y1
   +0x2f0 DbgLkgEnabled    : 0y0
   +0x2f0 DbgDynProcessorEnabled : 0y0
   +0x2f0 DbgConsoleBrokerEnabled : 0y0
   +0x2f0 DbgSecureBootEnabled : 0y0
   +0x2f0 DbgMultiSessionSku : 0y1
   +0x2f0 DbgMultiUsersInSessionSku : 0y0
   +0x2f0 DbgStateSeparationEnabled : 0y0
   +0x2f0 SpareBits        : 0y000000000000000000000 (0)
   +0x2f4 DataFlagsPad     : [1] 0
   +0x2f8 TestRetInstruction : 0xc3
   +0x300 QpcFrequency     : 0n10000000
   +0x308 SystemCall       : 0
   +0x30c Reserved2        : 0
   +0x310 SystemCallPad    : [2] 0
   +0x320 TickCount        : _KSYSTEM_TIME
   +0x320 TickCountQuad    : 0x1cb6
   +0x320 ReservedTickCountOverlay : [3] 0x1cb6
   +0x32c TickCountPad     : [1] 0
   +0x330 Cookie           : 0x5ca4e04a
   +0x334 CookiePad        : [1] 0
   +0x338 ConsoleSessionForegroundProcessId : 0n6408
   +0x340 TimeUpdateLock   : 0x3fe8
   +0x348 BaselineSystemTimeQpc : 0x44759c94
   +0x350 BaselineInterruptTimeQpc : 0x44759c94
   +0x358 QpcSystemTimeIncrement : 0x80000000`00000000
   +0x360 QpcInterruptTimeIncrement : 0x80000000`00000000
   +0x368 QpcSystemTimeIncrementShift : 0x1 ''
   +0x369 QpcInterruptTimeIncrementShift : 0x1 ''
   +0x36a UnparkedProcessorCount : 4
   +0x36c EnclaveFeatureMask : [4] 0
   +0x37c TelemetryCoverageRound : 1
   +0x380 UserModeGlobalLogger : [16] 0
   +0x3a0 ImageFileExecutionOptions : 0
   +0x3a4 LangGenerationCount : 1
   +0x3a8 Reserved4        : 0
   +0x3b0 InterruptTimeBias : 0
   +0x3b8 QpcBias          : 0xffffffff`fe19729b
   +0x3c0 ActiveProcessorCount : 4
   +0x3c4 ActiveGroupCount : 0x1 ''
   +0x3c5 Reserved9        : 0 ''
   +0x3c6 QpcData          : 0x83
   +0x3c6 QpcBypassEnabled : 0x83 ''
   +0x3c7 QpcShift         : 0 ''
   +0x3c8 TimeZoneBiasEffectiveStart : _LARGE_INTEGER 0x01d961c1`4730c060
   +0x3d0 TimeZoneBiasEffectiveEnd : _LARGE_INTEGER 0x01da0fc6`74e5a800
   +0x3d8 XState           : _XSTATE_CONFIGURATION
   +0x710 FeatureConfigurationChangeStamp : _KSYSTEM_TIME
   +0x71c Spare            : 0

0:000> dx -r1 (*((ntdll!_KSYSTEM_TIME *)0x7ffe0014))
(*((ntdll!_KSYSTEM_TIME *)0x7ffe0014))                 [Type: _KSYSTEM_TIME]
    [+0x000] LowPart          : 0xf2740776 [Type: unsigned long]
    [+0x004] High1Time        : 31023553 [Type: long]
    [+0x008] High2Time        : 31023553 [Type: long]
	0:000> dt _KUSER_SHARED_DATA
	ntdll!_KUSER_SHARED_DATA
	+0x000 TickCountLowDeprecated : Uint4B
	+0x004 TickCountMultiplier : Uint4B
	+0x008 InterruptTime : _KSYSTEM_TIME
	+0x014 SystemTime : _KSYSTEM_TIME
	+0x020 TimeZoneBias : _KSYSTEM_TIME
	+0x02c ImageNumberLow : Uint2B
	+0x02e ImageNumberHigh : Uint2B
	+0x030 NtSystemRoot : [260] Wchar
	+0x238 MaxStackTraceDepth : Uint4B
	+0x23c CryptoExponent : Uint4B
	+0x240 TimeZoneId : Uint4B
	+0x244 LargePageMinimum : Uint4B
	+0x248 AitSamplingValue : Uint4B
	+0x24c AppCompatFlag : Uint4B
	+0x250 RNGSeedVersion : Uint8B
	+0x258 GlobalValidationRunlevel : Uint4B
	+0x25c TimeZoneBiasStamp : Int4B
	+0x260 NtBuildNumber : Uint4B
	+0x264 NtProductType : _NT_PRODUCT_TYPE
	+0x268 ProductTypeIsValid : UChar
	+0x269 Reserved0 : [1] UChar
	+0x26a NativeProcessorArchitecture : Uint2B
	+0x26c NtMajorVersion : Uint4B
	+0x270 NtMinorVersion : Uint4B
	+0x274 ProcessorFeatures : [64] UChar
	+0x2b4 Reserved1 : Uint4B
	+0x2b8 Reserved3 : Uint4B
	+0x2bc TimeSlip : Uint4B
	+0x2c0 AlternativeArchitecture : _ALTERNATIVE_ARCHITECTURE_TYPE
	+0x2c4 BootId : Uint4B
	+0x2c8 SystemExpirationDate : _LARGE_INTEGER
	+0x2d0 SuiteMask : Uint4B
	+0x2d4 KdDebuggerEnabled : UChar
	+0x2d5 MitigationPolicies : UChar
	+0x2d5 NXSupportPolicy : Pos 0, 2 Bits
	+0x2d5 SEHValidationPolicy : Pos 2, 2 Bits
	+0x2d5 CurDirDevicesSkippedForDlls : Pos 4, 2 Bits
	+0x2d5 Reserved : Pos 6, 2 Bits
	+0x2d6 CyclesPerYield : Uint2B
	+0x2d8 ActiveConsoleId : Uint4B
	+0x2dc DismountCount : Uint4B
	+0x2e0 ComPlusPackage : Uint4B
	+0x2e4 LastSystemRITEventTickCount : Uint4B
	+0x2e8 NumberOfPhysicalPages : Uint4B
	+0x2ec SafeBootMode : UChar
	+0x2ed VirtualizationFlags : UChar
	+0x2ee Reserved12 : [2] UChar
	+0x2f0 SharedDataFlags : Uint4B
	+0x2f0 DbgErrorPortPresent : Pos 0, 1 Bit
	+0x2f0 DbgElevationEnabled : Pos 1, 1 Bit
	+0x2f0 DbgVirtEnabled : Pos 2, 1 Bit
	+0x2f0 DbgInstallerDetectEnabled : Pos 3, 1 Bit
	+0x2f0 DbgLkgEnabled : Pos 4, 1 Bit
	+0x2f0 DbgDynProcessorEnabled : Pos 5, 1 Bit
	+0x2f0 DbgConsoleBrokerEnabled : Pos 6, 1 Bit
	+0x2f0 DbgSecureBootEnabled : Pos 7, 1 Bit
	+0x2f0 DbgMultiSessionSku : Pos 8, 1 Bit
	+0x2f0 DbgMultiUsersInSessionSku : Pos 9, 1 Bit
	+0x2f0 DbgStateSeparationEnabled : Pos 10, 1 Bit
	+0x2f0 SpareBits : Pos 11, 21 Bits
	+0x2f4 DataFlagsPad : [1] Uint4B
	+0x2f8 TestRetInstruction : Uint8B
	+0x300 QpcFrequency : Int8B
	+0x308 SystemCall : Uint4B
	+0x30c Reserved2 : Uint4B
	+0x310 SystemCallPad : [2] Uint8B
	+0x320 TickCount : _KSYSTEM_TIME
	+0x320 TickCountQuad : Uint8B
	+0x320 ReservedTickCountOverlay : [3] Uint4B
	+0x32c TickCountPad : [1] Uint4B
	+0x330 Cookie : Uint4B
	+0x334 CookiePad : [1] Uint4B
	+0x338 ConsoleSessionForegroundProcessId : Int8B
	+0x340 TimeUpdateLock : Uint8B
	+0x348 BaselineSystemTimeQpc : Uint8B
	+0x350 BaselineInterruptTimeQpc : Uint8B
	+0x358 QpcSystemTimeIncrement : Uint8B
	+0x360 QpcInterruptTimeIncrement : Uint8B
	+0x368 QpcSystemTimeIncrementShift : UChar
	+0x369 QpcInterruptTimeIncrementShift : UChar
	+0x36a UnparkedProcessorCount : Uint2B
	+0x36c EnclaveFeatureMask : [4] Uint4B
	+0x37c TelemetryCoverageRound : Uint4B
	+0x380 UserModeGlobalLogger : [16] Uint2B
	+0x3a0 ImageFileExecutionOptions : Uint4B
	+0x3a4 LangGenerationCount : Uint4B
	+0x3a8 Reserved4 : Uint8B
	+0x3b0 InterruptTimeBias : Uint8B
	+0x3b8 QpcBias : Uint8B
	+0x3c0 ActiveProcessorCount : Uint4B
	+0x3c4 ActiveGroupCount : UChar
	+0x3c5 Reserved9 : UChar
	+0x3c6 QpcData : Uint2B
	+0x3c6 QpcBypassEnabled : UChar
	+0x3c7 QpcShift : UChar
	+0x3c8 TimeZoneBiasEffectiveStart : _LARGE_INTEGER
	+0x3d0 TimeZoneBiasEffectiveEnd : _LARGE_INTEGER
	+0x3d8 XState : _XSTATE_CONFIGURATION
	+0x710 FeatureConfigurationChangeStamp : _KSYSTEM_TIME
	+0x71c Spare : Uint4B
	0:000> dt _KUSER_SHARED_DATA 07FFE0000
	ntdll!_KUSER_SHARED_DATA
	+0x000 TickCountLowDeprecated : 0
	+0x004 TickCountMultiplier : 0xfa00000
	+0x008 InterruptTime : _KSYSTEM_TIME
	+0x014 SystemTime : _KSYSTEM_TIME
	+0x020 TimeZoneBias : _KSYSTEM_TIME
	+0x02c ImageNumberLow : 0x8664
	+0x02e ImageNumberHigh : 0x8664
	+0x030 NtSystemRoot : [260] "C:\Windows"
	+0x238 MaxStackTraceDepth : 0
	+0x23c CryptoExponent : 0
	+0x240 TimeZoneId : 2
	+0x244 LargePageMinimum : 0x200000
	+0x248 AitSamplingValue : 0
	+0x24c AppCompatFlag : 0
	+0x250 RNGSeedVersion : 8
	+0x258 GlobalValidationRunlevel : 0
	+0x25c TimeZoneBiasStamp : 0n6
	+0x260 NtBuildNumber : 0x4a63
	+0x264 NtProductType : 1 ( NtProductWinNt )
	+0x268 ProductTypeIsValid : 0x1 ''
	+0x269 Reserved0 : [1] ""
	+0x26a NativeProcessorArchitecture : 9
	+0x26c NtMajorVersion : 0xa
	+0x270 NtMinorVersion : 0
	+0x274 ProcessorFeatures : [64] ""
	+0x2b4 Reserved1 : 0x7ffeffff
	+0x2b8 Reserved3 : 0x80000000
	+0x2bc TimeSlip : 0
	+0x2c0 AlternativeArchitecture : 0 ( StandardDesign )
	+0x2c4 BootId : 0x13
	+0x2c8 SystemExpirationDate : _LARGE_INTEGER 0x0
	+0x2d0 SuiteMask : 0x110
	+0x2d4 KdDebuggerEnabled : 0x1 ''
	+0x2d5 MitigationPolicies : 0xa ''
	+0x2d5 NXSupportPolicy : 0y10
	+0x2d5 SEHValidationPolicy : 0y10
	+0x2d5 CurDirDevicesSkippedForDlls : 0y00
	+0x2d5 Reserved : 0y00
	+0x2d6 CyclesPerYield : 0x60
	+0x2d8 ActiveConsoleId : 1
	+0x2dc DismountCount : 0
	+0x2e0 ComPlusPackage : 1
	+0x2e4 LastSystemRITEventTickCount : 0x1c08c
	+0x2e8 NumberOfPhysicalPages : 0x27bb8d
	+0x2ec SafeBootMode : 0 ''
	+0x2ed VirtualizationFlags : 0 ''
	+0x2ee Reserved12 : [2] ""
	+0x2f0 SharedDataFlags : 0x10e
	+0x2f0 DbgErrorPortPresent : 0y0
	+0x2f0 DbgElevationEnabled : 0y1
	+0x2f0 DbgVirtEnabled : 0y1
	+0x2f0 DbgInstallerDetectEnabled : 0y1
	+0x2f0 DbgLkgEnabled : 0y0
	+0x2f0 DbgDynProcessorEnabled : 0y0
	+0x2f0 DbgConsoleBrokerEnabled : 0y0
	+0x2f0 DbgSecureBootEnabled : 0y0
	+0x2f0 DbgMultiSessionSku : 0y1
	+0x2f0 DbgMultiUsersInSessionSku : 0y0
	+0x2f0 DbgStateSeparationEnabled : 0y0
	+0x2f0 SpareBits : 0y000000000000000000000 (0)
	+0x2f4 DataFlagsPad : [1] 0
	+0x2f8 TestRetInstruction : 0xc3
	+0x300 QpcFrequency : 0n10000000
	+0x308 SystemCall : 0
	+0x30c Reserved2 : 0
	+0x310 SystemCallPad : [2] 0
	+0x320 TickCount : _KSYSTEM_TIME
	+0x320 TickCountQuad : 0x1cb6
	+0x320 ReservedTickCountOverlay : [3] 0x1cb6
	+0x32c TickCountPad : [1] 0
	+0x330 Cookie : 0x5ca4e04a
	+0x334 CookiePad : [1] 0
	+0x338 ConsoleSessionForegroundProcessId : 0n6408
	+0x340 TimeUpdateLock : 0x3fe8
	+0x348 BaselineSystemTimeQpc : 0x44759c94
	+0x350 BaselineInterruptTimeQpc : 0x44759c94
	+0x358 QpcSystemTimeIncrement : 0x80000000`00000000
	+0x360 QpcInterruptTimeIncrement : 0x80000000`00000000
	+0x368 QpcSystemTimeIncrementShift : 0x1 ''
	+0x369 QpcInterruptTimeIncrementShift : 0x1 ''
	+0x36a UnparkedProcessorCount : 4
	+0x36c EnclaveFeatureMask : [4] 0
	+0x37c TelemetryCoverageRound : 1
	+0x380 UserModeGlobalLogger : [16] 0
	+0x3a0 ImageFileExecutionOptions : 0
	+0x3a4 LangGenerationCount : 1
	+0x3a8 Reserved4 : 0
	+0x3b0 InterruptTimeBias : 0
	+0x3b8 QpcBias : 0xffffffff`fe19729b
	+0x3c0 ActiveProcessorCount : 4
	+0x3c4 ActiveGroupCount : 0x1 ''
	+0x3c5 Reserved9 : 0 ''
	+0x3c6 QpcData : 0x83
	+0x3c6 QpcBypassEnabled : 0x83 ''
	+0x3c7 QpcShift : 0 ''
	+0x3c8 TimeZoneBiasEffectiveStart : _LARGE_INTEGER 0x01d961c1`4730c060
	+0x3d0 TimeZoneBiasEffectiveEnd : _LARGE_INTEGER 0x01da0fc6`74e5a800
	+0x3d8 XState : _XSTATE_CONFIGURATION
	+0x710 FeatureConfigurationChangeStamp : _KSYSTEM_TIME
	+0x71c Spare : 0

	0:000> dx -r1 (((ntdll!_KSYSTEM_TIME )0x7ffe0014))
	(((ntdll!_KSYSTEM_TIME )0x7ffe0014)) [Type: _KSYSTEM_TIME]
	[+0x000] LowPart : 0xf2740776 [Type: unsigned long]
	[+0x004] High1Time : 31023553 [Type: long]
	[+0x008] High2Time : 31023553 [Type: long]