sechost.dll
Description: Host for SCM/SDDL/LSA Lookup APIs
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.26100.8246
Architecture: 64-bit
Operating System: Windows NT
SHA256: 6edfc9e0b4c668c01692782867c2810e
File Size: 679.4 KB
Uploaded At: April 21, 2026, 6:43 a.m.
Views: 42
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: VirtualAllocEx
Exported Functions
- (Ordinal: 1000, Address: 0x4f940)
- (Ordinal: 1001, Address: 0x50b00)
- (Ordinal: 1002, Address: 0x50b10)
- I_ScSetServiceBitsA (Ordinal: 1003, Address: 0x48890)
- I_ScSetServiceBitsW (Ordinal: 1004, Address: 0x488c0)
- AuditComputeEffectivePolicyBySid (Ordinal: 1005, Address: 0x59950)
- AuditEnumerateCategories (Ordinal: 1006, Address: 0x59af0)
- AuditEnumeratePerUserPolicy (Ordinal: 1007, Address: 0x59c20)
- AuditEnumerateSubCategories (Ordinal: 1008, Address: 0x59c90)
- AuditFree (Ordinal: 1009, Address: 0x273a0)
- AuditLookupCategoryNameW (Ordinal: 1010, Address: 0x59de0)
- AuditLookupSubCategoryNameW (Ordinal: 1011, Address: 0x59f40)
- AuditQueryGlobalSaclW (Ordinal: 1012, Address: 0x5a0a0)
- AuditQueryPerUserPolicy (Ordinal: 1013, Address: 0x5a110)
- AuditQuerySecurity (Ordinal: 1014, Address: 0x5a180)
- AuditQuerySystemPolicy (Ordinal: 1015, Address: 0x5a240)
- AuditSetGlobalSaclW (Ordinal: 1016, Address: 0x5a2b0)
- AuditSetPerUserPolicy (Ordinal: 1017, Address: 0x5a320)
- AuditSetSecurity (Ordinal: 1018, Address: 0x5a380)
- AuditSetSystemPolicy (Ordinal: 1019, Address: 0x5a4c0)
- BuildSecurityDescriptorForSharingAccess (Ordinal: 1020, Address: 0x26810)
- BuildSecurityDescriptorForSharingAccessEx (Ordinal: 1021, Address: 0x26830)
- CapabilityCheck (Ordinal: 1022, Address: 0x1fda0)
- CapabilityCheckForSingleSessionSku (Ordinal: 1023, Address: 0x48130)
- ChangeServiceConfig2A (Ordinal: 1024, Address: 0x48c50)
- ChangeServiceConfig2W (Ordinal: 1025, Address: 0x48e10)
- ChangeServiceConfigA (Ordinal: 1026, Address: 0x48ee0)
- ChangeServiceConfigW (Ordinal: 1027, Address: 0x491b0)
- CloseServiceHandle (Ordinal: 1028, Address: 0xd900)
- CloseTrace (Ordinal: 1029, Address: 0x24dc0)
- ControlService (Ordinal: 1030, Address: 0x1ec80)
- ControlServiceExA (Ordinal: 1031, Address: 0x49350)
- ControlServiceExW (Ordinal: 1032, Address: 0x24160)
- ControlTraceA (Ordinal: 1033, Address: 0x9ea0)
- ControlTraceW (Ordinal: 1034, Address: 0xb700)
- ConvertSDToStringSDRootDomainW (Ordinal: 1035, Address: 0x2f4e0)
- ConvertSecurityDescriptorToStringSecurityDescriptorW (Ordinal: 1036, Address: 0xfa60)
- ConvertSidToStringSidW (Ordinal: 1037, Address: 0xf7a0)
- ConvertStringSDToSDDomainA (Ordinal: 1038, Address: 0x2f560)
- ConvertStringSDToSDDomainW (Ordinal: 1039, Address: 0x2f6b0)
- ConvertStringSDToSDRootDomainW (Ordinal: 1040, Address: 0x2f780)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Ordinal: 1041, Address: 0x1a1a0)
- ConvertStringSidToSidW (Ordinal: 1042, Address: 0x13fb0)
- CreateIsolatedProcess (Ordinal: 1043, Address: 0x67550)
- CreateIsolationContainer (Ordinal: 1044, Address: 0x67600)
- CreateServiceA (Ordinal: 1045, Address: 0x494a0)
- CreateServiceEx (Ordinal: 1046, Address: 0x49b80)
- CreateServiceW (Ordinal: 1047, Address: 0x49f60)
- CredBackupCredentials (Ordinal: 1048, Address: 0x5a750)
- CredDeleteA (Ordinal: 1049, Address: 0x5a8d0)
- CredDeleteW (Ordinal: 1050, Address: 0x5a970)
- CredEncryptAndMarshalBinaryBlob (Ordinal: 1051, Address: 0x5b860)
- CredEnumerateA (Ordinal: 1052, Address: 0x5aa10)
- CredEnumerateW (Ordinal: 1053, Address: 0x1aca0)
- CredFindBestCredentialA (Ordinal: 1054, Address: 0x5ab20)
- CredFindBestCredentialW (Ordinal: 1055, Address: 0x5ac20)
- CredFree (Ordinal: 1056, Address: 0x273a0)
- CredGetSessionTypes (Ordinal: 1057, Address: 0x5ad20)
- CredGetTargetInfoA (Ordinal: 1058, Address: 0x5ad90)
- CredGetTargetInfoW (Ordinal: 1059, Address: 0x5ae70)
- CredIsMarshaledCredentialW (Ordinal: 1060, Address: 0x5b890)
- CredIsProtectedA (Ordinal: 1061, Address: 0x5b8e0)
- CredIsProtectedW (Ordinal: 1062, Address: 0x22790)
- CredMarshalCredentialA (Ordinal: 1063, Address: 0x5b980)
- CredMarshalCredentialW (Ordinal: 1064, Address: 0x5b9f0)
- CredParseUserNameWithType (Ordinal: 1065, Address: 0x5d2f0)
- CredProfileLoaded (Ordinal: 1066, Address: 0x5af50)
- CredProfileLoadedEx (Ordinal: 1067, Address: 0x1ab60)
- CredProfileUnloaded (Ordinal: 1068, Address: 0x5afc0)
- CredProtectA (Ordinal: 1069, Address: 0x5bbe0)
- CredProtectEx (Ordinal: 1070, Address: 0x5bd60)
- CredProtectW (Ordinal: 1071, Address: 0x5bef0)
- CredReadA (Ordinal: 1072, Address: 0x5b030)
- CredReadByTokenHandle (Ordinal: 1073, Address: 0x5b130)
- CredReadDomainCredentialsA (Ordinal: 1074, Address: 0x5b270)
- CredReadDomainCredentialsW (Ordinal: 1075, Address: 0x5b380)
- CredReadW (Ordinal: 1076, Address: 0x1aa60)
- CredRestoreCredentials (Ordinal: 1077, Address: 0x5b4a0)
- CredUnmarshalCredentialA (Ordinal: 1078, Address: 0x5bf10)
- CredUnmarshalCredentialW (Ordinal: 1079, Address: 0x22870)
- CredUnprotectA (Ordinal: 1080, Address: 0x5bfc0)
- CredUnprotectEx (Ordinal: 1081, Address: 0x5c160)
- CredUnprotectW (Ordinal: 1082, Address: 0x5c2a0)
- CredWriteA (Ordinal: 1083, Address: 0x5b600)
- CredWriteDomainCredentialsA (Ordinal: 1084, Address: 0x5b6a0)
- CredWriteDomainCredentialsW (Ordinal: 1085, Address: 0x5b780)
- CredWriteW (Ordinal: 1086, Address: 0x1abd0)
- CredpConvertCredential (Ordinal: 1087, Address: 0x1ba30)
- CredpConvertOneCredentialSize (Ordinal: 1088, Address: 0x1b050)
- CredpConvertTargetInfo (Ordinal: 1089, Address: 0x5c2c0)
- CredpDecodeCredential (Ordinal: 1090, Address: 0x27670)
- CredpEncodeCredential (Ordinal: 1091, Address: 0x5c830)
- CredpEncodeSecret (Ordinal: 1092, Address: 0x5c8c0)
- DecodeAttributeName (Ordinal: 1093, Address: 0x2fd90)
- DeleteIsolationContainer (Ordinal: 1094, Address: 0x67680)
- DeleteService (Ordinal: 1095, Address: 0x4a320)
- EnableTraceEx2 (Ordinal: 1096, Address: 0x93c0)
- EncodeAttributeName (Ordinal: 1097, Address: 0x2ffa0)
- EnumDependentServicesW (Ordinal: 1098, Address: 0x4a390)
- EnumServicesStatusExW (Ordinal: 1099, Address: 0x18b60)
- EnumerateIdentityProviders (Ordinal: 1100, Address: 0x1e810)
- EnumerateTraceGuidsEx (Ordinal: 1101, Address: 0x16e60)
- EventAccessControl (Ordinal: 1102, Address: 0x50f40)
- EventAccessQuery (Ordinal: 1103, Address: 0x51140)
- EventAccessRemove (Ordinal: 1104, Address: 0x26bd0)
- FreeContainer (Ordinal: 1105, Address: 0x5dda0)
- FreeOperandValue (Ordinal: 1106, Address: 0x15d90)
- FreeTransientObjectSecurityDescriptor (Ordinal: 1107, Address: 0x1f3f0)
- GetCharFromDigit (Ordinal: 1108, Address: 0x30140)
- GetDefaultIdentityProvider (Ordinal: 1109, Address: 0x2cb80)
- GetDigitFromChar (Ordinal: 1110, Address: 0x30160)
- GetEmbeddedContainerIsolationPolicy (Ordinal: 1111, Address: 0x5ddf0)
- GetEmbeddedImageMitigationPolicy (Ordinal: 1112, Address: 0x220c0)
- GetIdentityProviderInfoByGUID (Ordinal: 1113, Address: 0x1e6e0)
- GetIdentityProviderInfoByName (Ordinal: 1114, Address: 0x25dc0)
- GetOperandValue (Ordinal: 1115, Address: 0x15220)
- GetOperatorCodeAtIndex (Ordinal: 1116, Address: 0x30270)
- GetOperatorIndexByToken (Ordinal: 1117, Address: 0x1cd30)
- GetOperatorUnaryAtIndex (Ordinal: 1118, Address: 0x30290)
- GetPrintableOperandValue (Ordinal: 1119, Address: 0x1ce30)
- GetServiceDirectory (Ordinal: 1120, Address: 0x4a540)
- GetServiceDisplayNameW (Ordinal: 1121, Address: 0x4a5c0)
- GetServiceKeyNameW (Ordinal: 1122, Address: 0x25050)
- GetServiceProcessToken (Ordinal: 1123, Address: 0x4a690)
- GetServiceRegistryStateKey (Ordinal: 1124, Address: 0x264d0)
- GetSharedServiceDirectory (Ordinal: 1125, Address: 0x4a700)
- GetSharedServiceRegistryStateKey (Ordinal: 1126, Address: 0x4a780)
- I_QueryTagInformation (Ordinal: 1127, Address: 0x1d5d0)
- I_RegisterSvchostNotificationCallback (Ordinal: 1128, Address: 0x273e0)
- I_ScBroadcastServiceControlMessage (Ordinal: 1129, Address: 0x4a800)
- I_ScIsSecurityProcess (Ordinal: 1130, Address: 0x4bb60)
- I_ScPnPGetServiceName (Ordinal: 1131, Address: 0x26ef0)
- I_ScQueryServiceConfig (Ordinal: 1132, Address: 0x1dc40)
- I_ScRegisterDeviceNotification (Ordinal: 1133, Address: 0x232f0)
- I_ScRegisterPreshutdownRestart (Ordinal: 1134, Address: 0x4a8d0)
- I_ScReparseServiceDatabase (Ordinal: 1135, Address: 0x4a980)
- I_ScRpcBindA (Ordinal: 1136, Address: 0x4c900)
- I_ScRpcBindW (Ordinal: 1137, Address: 0x4c910)
- I_ScSendPnPMessage (Ordinal: 1138, Address: 0xd310)
- I_ScSendTSMessage (Ordinal: 1139, Address: 0x4a800)
- I_ScUnregisterDeviceNotification (Ordinal: 1140, Address: 0x24950)
- I_ScValidatePnPService (Ordinal: 1141, Address: 0x23830)
- IsArrayType (Ordinal: 1142, Address: 0x303f0)
- IsValueSizeFixed (Ordinal: 1143, Address: 0x15d40)
- LocalGetConditionForString (Ordinal: 1144, Address: 0x148d0)
- LocalGetReferencedTokenTypesForCondition (Ordinal: 1145, Address: 0x304c0)
- LocalGetSidForString (Ordinal: 1146, Address: 0x14770)
- LocalGetStringForCondition (Ordinal: 1147, Address: 0x29290)
- LocalGetStringForRelativeAttribute (Ordinal: 1148, Address: 0x1c410)
- LocalRpcBindingCreateWithSecurity (Ordinal: 1149, Address: 0x48380)
- LocalRpcBindingSetAuthInfoEx (Ordinal: 1150, Address: 0x48530)
- LookupAccountNameLocalA (Ordinal: 1151, Address: 0x27bc0)
- LookupAccountNameLocalW (Ordinal: 1152, Address: 0x17530)
- LookupAccountSidLocalA (Ordinal: 1153, Address: 0x17c80)
- LookupAccountSidLocalW (Ordinal: 1154, Address: 0x17ec0)
- LsaAddAccountRights (Ordinal: 1155, Address: 0x56c70)
- LsaClose (Ordinal: 1156, Address: 0x22b80)
- LsaCreateSecret (Ordinal: 1157, Address: 0x57970)
- LsaDelete (Ordinal: 1158, Address: 0x56f40)
- LsaEnumerateAccountRights (Ordinal: 1159, Address: 0x56d00)
- LsaEnumerateAccountsWithUserRight (Ordinal: 1160, Address: 0x56dd0)
- LsaFreeMemory (Ordinal: 1161, Address: 0x20dd0)
- LsaICLookupNames (Ordinal: 1162, Address: 0x1ff60)
- LsaICLookupNamesWithCreds (Ordinal: 1163, Address: 0x56fc0)
- LsaICLookupSids (Ordinal: 1164, Address: 0x26f40)
- LsaICLookupSidsWithCreds (Ordinal: 1165, Address: 0x571a0)
- LsaIOpenPolicyWithCreds (Ordinal: 1166, Address: 0x57500)
- LsaLookupClose (Ordinal: 1167, Address: 0x184a0)
- LsaLookupFreeMemory (Ordinal: 1168, Address: 0x20dd0)
- LsaLookupGetDomainInfo (Ordinal: 1169, Address: 0x17430)
- LsaLookupManageSidNameMapping (Ordinal: 1170, Address: 0x276c0)
- LsaLookupNames2 (Ordinal: 1171, Address: 0x575f0)
- LsaLookupOpenLocalPolicy (Ordinal: 1172, Address: 0x18400)
- LsaLookupSids (Ordinal: 1173, Address: 0x26620)
- LsaLookupSids2 (Ordinal: 1174, Address: 0x57660)
- LsaLookupTranslateNames (Ordinal: 1175, Address: 0x174d0)
- LsaLookupTranslateSids (Ordinal: 1176, Address: 0x17ad0)
- LsaLookupUserAccountType (Ordinal: 1177, Address: 0x23d30)
- LsaOpenPolicy (Ordinal: 1178, Address: 0x21b70)
- LsaOpenSecret (Ordinal: 1179, Address: 0x57b00)
- LsaQueryInformationPolicy (Ordinal: 1180, Address: 0x242b0)
- LsaQuerySecret (Ordinal: 1181, Address: 0x57c90)
- LsaRemoveAccountRights (Ordinal: 1182, Address: 0x56ea0)
- LsaRetrievePrivateData (Ordinal: 1183, Address: 0x580d0)
- LsaSetInformationPolicy (Ordinal: 1184, Address: 0x57670)
- LsaSetSecret (Ordinal: 1185, Address: 0x58460)
- LsaStorePrivateData (Ordinal: 1186, Address: 0x58690)
- NotifyServiceStatusChange (Ordinal: 1187, Address: 0x26320)
- NotifyServiceStatusChangeA (Ordinal: 1188, Address: 0x26600)
- NotifyServiceStatusChangeW (Ordinal: 1189, Address: 0x26320)
- OpenSCManagerA (Ordinal: 1190, Address: 0xd470)
- OpenSCManagerW (Ordinal: 1191, Address: 0xdf40)
- OpenServiceA (Ordinal: 1192, Address: 0x25d40)
- OpenServiceW (Ordinal: 1193, Address: 0x1dd00)
- OpenTraceFromBufferStream (Ordinal: 1194, Address: 0x4f9c0)
- OpenTraceFromFile (Ordinal: 1195, Address: 0x4fb80)
- OpenTraceFromRealTimeLogger (Ordinal: 1196, Address: 0x4fd80)
- OpenTraceFromRealTimeLoggerWithAllocationOptions (Ordinal: 1197, Address: 0x4fda0)
- OpenTraceW (Ordinal: 1198, Address: 0x25560)
- ProcessTrace (Ordinal: 1199, Address: 0x22dd0)
- ProcessTraceAddBufferToBufferStream (Ordinal: 1200, Address: 0x50090)
- ProcessTraceBufferDecrementReference (Ordinal: 1201, Address: 0x501c0)
- ProcessTraceBufferIncrementReference (Ordinal: 1202, Address: 0x502d0)
- QueryAllTracesA (Ordinal: 1203, Address: 0x51470)
- QueryAllTracesW (Ordinal: 1204, Address: 0xb570)
- QueryLocalUserServiceName (Ordinal: 1205, Address: 0x4aa20)
- QueryServiceConfig2A (Ordinal: 1206, Address: 0x4ad60)
- QueryServiceConfig2W (Ordinal: 1207, Address: 0x18df0)
- QueryServiceConfigA (Ordinal: 1208, Address: 0x4b1f0)
- QueryServiceConfigW (Ordinal: 1209, Address: 0x1d440)
- QueryServiceDynamicInformation (Ordinal: 1210, Address: 0x4bb70)
- QueryServiceObjectSecurity (Ordinal: 1211, Address: 0x4b310)
- QueryServiceStatus (Ordinal: 1212, Address: 0x20bf0)
- QueryServiceStatusEx (Ordinal: 1213, Address: 0x1e040)
- QueryTraceProcessingHandle (Ordinal: 1214, Address: 0x50380)
- QueryTransientObjectSecurityDescriptor (Ordinal: 1215, Address: 0x1ecf0)
- QueryUserServiceName (Ordinal: 1216, Address: 0xe500)
- QueryUserServiceNameForContext (Ordinal: 1217, Address: 0x4b3d0)
- RegisterServiceCtrlHandlerA (Ordinal: 1218, Address: 0x4bc10)
- RegisterServiceCtrlHandlerExA (Ordinal: 1219, Address: 0x4bc80)
- RegisterServiceCtrlHandlerExW (Ordinal: 1220, Address: 0x28120)
- RegisterServiceCtrlHandlerW (Ordinal: 1221, Address: 0x4bd00)
- RegisterTraceGuidsA (Ordinal: 1222, Address: 0x965aa)
- ReleaseIdentityProviderEnumContext (Ordinal: 1223, Address: 0x23e00)
- RemoveTraceCallback (Ordinal: 1224, Address: 0x50710)
- ReparseServiceConfig (Ordinal: 1225, Address: 0x4b470)
- RpcClientCapabilityCheck (Ordinal: 1226, Address: 0x27400)
- ScSendSynchronousPowerMessage (Ordinal: 1227, Address: 0x4b4e0)
- SetLocalRpcServerInterfaceSecurity (Ordinal: 1228, Address: 0x48640)
- SetLocalRpcServerProtseqSecurity (Ordinal: 1229, Address: 0x48720)
- SetServiceObjectSecurity (Ordinal: 1230, Address: 0x4b5c0)
- SetServiceStatus (Ordinal: 1231, Address: 0xf480)
- SetTraceCallback (Ordinal: 1232, Address: 0x508d0)
- StartServiceA (Ordinal: 1233, Address: 0x4b710)
- StartServiceCtrlDispatcherA (Ordinal: 1234, Address: 0x4bd20)
- StartServiceCtrlDispatcherW (Ordinal: 1235, Address: 0xcb40)
- StartServiceW (Ordinal: 1236, Address: 0x22b10)
- StartTraceA (Ordinal: 1237, Address: 0x51510)
- StartTraceW (Ordinal: 1238, Address: 0xa650)
- StopTraceW (Ordinal: 1239, Address: 0x51bf0)
- SubscribeServiceChangeNotifications (Ordinal: 1240, Address: 0x1db00)
- TraceConfigureLastBranchRecord (Ordinal: 1241, Address: 0x51c10)
- TraceQueryInformation (Ordinal: 1242, Address: 0x1f5d0)
- TraceSetInformation (Ordinal: 1243, Address: 0x51db0)
- UnsubscribeServiceChangeNotifications (Ordinal: 1244, Address: 0x20d90)
- WaitServiceState (Ordinal: 1245, Address: 0x1d8a0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18007ca78)
api-ms-win-core-crt-l1-1-0.dll
- _errno (Address: 0x18007cb40)
- _i64tow_s (Address: 0x18007cb30)
- _stricmp (Address: 0x18007caf8)
- _ui64tow_s (Address: 0x18007cb38)
- _ultow (Address: 0x18007cb50)
- _ultow_s (Address: 0x18007cb98)
- _vsnwprintf_s (Address: 0x18007ca90)
- _wcsicmp (Address: 0x18007cba8)
- _wcsnicmp (Address: 0x18007cb70)
- _wcstoi64 (Address: 0x18007cb58)
- _wcstoui64 (Address: 0x18007cb68)
- iswctype (Address: 0x18007cb90)
- memcmp (Address: 0x18007caa0)
- memcpy (Address: 0x18007ca98)
- memcpy_s (Address: 0x18007cab8)
- memmove (Address: 0x18007caa8)
- memmove_s (Address: 0x18007cad0)
- memset (Address: 0x18007ca88)
- qsort_s (Address: 0x18007cb18)
- strchr (Address: 0x18007caf0)
- strncmp (Address: 0x18007cb00)
- strnlen (Address: 0x18007cac8)
- strrchr (Address: 0x18007cae8)
- strstr (Address: 0x18007cae0)
- swprintf_s (Address: 0x18007cb80)
- towlower (Address: 0x18007cac0)
- wcscat_s (Address: 0x18007cb28)
- wcschr (Address: 0x18007cb78)
- wcscmp (Address: 0x18007cab0)
- wcscpy_s (Address: 0x18007cba0)
- wcsncmp (Address: 0x18007cb08)
- wcsncpy_s (Address: 0x18007cb60)
- wcsnlen (Address: 0x18007cb10)
- wcsrchr (Address: 0x18007cad8)
- wcsstr (Address: 0x18007cb20)
- wcstok_s (Address: 0x18007cb48)
- wcstoul (Address: 0x18007cb88)
api-ms-win-core-crt-l2-1-0.dll
- __dllonexit3 (Address: 0x18007cbd8)
- _initterm (Address: 0x18007cbd0)
- _initterm_e (Address: 0x18007cbb8)
- _onexit (Address: 0x18007cbc8)
- _purecall (Address: 0x18007cbc0)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18007cbe8)
- IsDebuggerPresent (Address: 0x18007cbf0)
- OutputDebugStringW (Address: 0x18007cbf8)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18007cc08)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18007cc18)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18007cc28)
- RaiseException (Address: 0x18007cc38)
- SetLastError (Address: 0x18007cc30)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x18007cc48)
- GetDiskFreeSpaceExW (Address: 0x18007cc70)
- GetFileAttributesExW (Address: 0x18007cc50)
- GetFullPathNameA (Address: 0x18007cc60)
- GetFullPathNameW (Address: 0x18007cc68)
- ReadFile (Address: 0x18007cc58)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18007cc80)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18007cc90)
- HeapAlloc (Address: 0x18007cc98)
- HeapFree (Address: 0x18007cca0)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18007ccb8)
- LocalFree (Address: 0x18007ccc0)
- LocalReAlloc (Address: 0x18007ccb0)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x18007ccd0)
- GetOverlappedResult (Address: 0x18007ccd8)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18007cd08)
- FreeLibrary (Address: 0x18007cd18)
- GetModuleFileNameA (Address: 0x18007cd20)
- GetModuleFileNameW (Address: 0x18007cd00)
- GetModuleHandleExW (Address: 0x18007cd10)
- GetModuleHandleW (Address: 0x18007ccf8)
- GetProcAddress (Address: 0x18007ccf0)
- LoadLibraryExW (Address: 0x18007cce8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18007cd30)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAllocEx (Address: 0x18007cd48)
- VirtualFree (Address: 0x18007cd40)
- VirtualFreeEx (Address: 0x18007cd50)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18007cd80)
- CreateProcessW (Address: 0x18007cdb0)
- CreateThread (Address: 0x18007cd98)
- GetCurrentProcess (Address: 0x18007cd88)
- GetCurrentProcessId (Address: 0x18007cde8)
- GetCurrentThread (Address: 0x18007cdc0)
- GetCurrentThreadId (Address: 0x18007cdf0)
- GetProcessTimes (Address: 0x18007cdc8)
- GetThreadPriority (Address: 0x18007cd90)
- InitializeProcThreadAttributeList (Address: 0x18007cd60)
- OpenProcessToken (Address: 0x18007cdd0)
- OpenThread (Address: 0x18007cd70)
- OpenThreadToken (Address: 0x18007cda0)
- ResumeThread (Address: 0x18007cd78)
- SetThreadPriority (Address: 0x18007cd68)
- TerminateThread (Address: 0x18007cde0)
- TlsAlloc (Address: 0x18007cdf8)
- TlsGetValue (Address: 0x18007cdd8)
- TlsSetValue (Address: 0x18007cdb8)
- UpdateProcThreadAttribute (Address: 0x18007cda8)
api-ms-win-core-processthreads-l1-1-1.dll
- GetProcessMitigationPolicy (Address: 0x18007ce08)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18007ce58)
- RegDeleteValueW (Address: 0x18007ce40)
- RegEnumKeyExW (Address: 0x18007ce18)
- RegNotifyChangeKeyValue (Address: 0x18007ce30)
- RegOpenKeyExA (Address: 0x18007ce28)
- RegOpenKeyExW (Address: 0x18007ce48)
- RegQueryValueExA (Address: 0x18007ce50)
- RegQueryValueExW (Address: 0x18007ce20)
- RegSetValueExW (Address: 0x18007ce38)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCompareMemory (Address: 0x18007ce68)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x18007ce78)
- CompareStringW (Address: 0x18007ce80)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18007cee8)
- AcquireSRWLockShared (Address: 0x18007cf48)
- CreateEventA (Address: 0x18007cef8)
- CreateEventExW (Address: 0x18007cf28)
- CreateEventW (Address: 0x18007ceb0)
- CreateMutexExW (Address: 0x18007cf40)
- CreateSemaphoreExW (Address: 0x18007cef0)
- DeleteCriticalSection (Address: 0x18007cea8)
- EnterCriticalSection (Address: 0x18007cf00)
- InitializeCriticalSectionEx (Address: 0x18007cea0)
- InitializeSRWLock (Address: 0x18007cee0)
- LeaveCriticalSection (Address: 0x18007cf10)
- OpenEventW (Address: 0x18007cf20)
- OpenSemaphoreW (Address: 0x18007cf38)
- ReleaseMutex (Address: 0x18007cf18)
- ReleaseSemaphore (Address: 0x18007ced0)
- ReleaseSRWLockExclusive (Address: 0x18007ced8)
- ReleaseSRWLockShared (Address: 0x18007cec8)
- ResetEvent (Address: 0x18007ce90)
- SetEvent (Address: 0x18007ceb8)
- SleepEx (Address: 0x18007ce98)
- WaitForMultipleObjectsEx (Address: 0x18007cec0)
- WaitForSingleObject (Address: 0x18007cf08)
- WaitForSingleObjectEx (Address: 0x18007cf30)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18007cf58)
- SleepConditionVariableSRW (Address: 0x18007cf60)
- WakeConditionVariable (Address: 0x18007cf68)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x18007cf78)
- GetSystemDirectoryW (Address: 0x18007cf80)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x18007cfa0)
- CloseThreadpoolWork (Address: 0x18007cfa8)
- CreateThreadpoolTimer (Address: 0x18007cfb0)
- CreateThreadpoolWork (Address: 0x18007cfc0)
- SetThreadpoolTimer (Address: 0x18007cf90)
- SubmitThreadpoolWork (Address: 0x18007cfb8)
- WaitForThreadpoolTimerCallbacks (Address: 0x18007cf98)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x18007cfd8)
- EncodePointer (Address: 0x18007cfd0)
api-ms-win-core-wow64-l1-1-1.dll
- IsWow64Process2 (Address: 0x18007cfe8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x18007d018)
- EventRegister (Address: 0x18007d008)
- EventSetInformation (Address: 0x18007d010)
- EventUnregister (Address: 0x18007cff8)
- EventWriteTransfer (Address: 0x18007d000)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAce (Address: 0x18007d0b8)
- AddAccessDeniedAce (Address: 0x18007d0b0)
- AdjustTokenGroups (Address: 0x18007d068)
- AdjustTokenPrivileges (Address: 0x18007d0c0)
- AllocateAndInitializeSid (Address: 0x18007d060)
- CreateRestrictedToken (Address: 0x18007d0a0)
- EqualDomainSid (Address: 0x18007d080)
- EqualSid (Address: 0x18007d038)
- FreeSid (Address: 0x18007d0c8)
- GetAclInformation (Address: 0x18007d0d0)
- GetLengthSid (Address: 0x18007d0a8)
- GetSecurityDescriptorDacl (Address: 0x18007d098)
- GetSecurityDescriptorSacl (Address: 0x18007d090)
- GetSidSubAuthority (Address: 0x18007d048)
- GetSidSubAuthorityCount (Address: 0x18007d040)
- GetTokenInformation (Address: 0x18007d030)
- InitializeSecurityDescriptor (Address: 0x18007d078)
- IsValidSecurityDescriptor (Address: 0x18007d050)
- IsValidSid (Address: 0x18007d088)
- SetKernelObjectSecurity (Address: 0x18007d028)
- SetSecurityDescriptorDacl (Address: 0x18007d058)
- SetSecurityDescriptorSacl (Address: 0x18007d070)
ntdll.dll
- __C_specific_handler (Address: 0x18007d4e8)
- _vsnwprintf (Address: 0x18007d488)
- DbgPrintEx (Address: 0x18007d2d0)
- EtwDeliverDataBlock (Address: 0x18007d3a0)
- EtwEnumerateProcessRegGuids (Address: 0x18007d3b0)
- EtwEventWriteTransfer (Address: 0x18007d370)
- EtwpGetCpuSpeed (Address: 0x18007d3e0)
- EtwProcessPrivateLoggerRequest (Address: 0x18007d448)
- EtwSendNotification (Address: 0x18007d3a8)
- LdrQueryModuleServiceTags (Address: 0x18007d2e8)
- LdrResSearchResource (Address: 0x18007d470)
- NtAllocateVirtualMemoryEx (Address: 0x18007d3f8)
- NtCancelIoFile (Address: 0x18007d368)
- NtClose (Address: 0x18007d120)
- NtFreeVirtualMemory (Address: 0x18007d400)
- NtOpenKey (Address: 0x18007d280)
- NtOpenProcessToken (Address: 0x18007d110)
- NtOpenProcessTokenEx (Address: 0x18007d240)
- NtOpenThreadToken (Address: 0x18007d128)
- NtQueryInformationFile (Address: 0x18007d358)
- NtQueryInformationThread (Address: 0x18007d2f0)
- NtQueryInformationToken (Address: 0x18007d118)
- NtQueryIntervalProfile (Address: 0x18007d3d0)
- NtQueryLicenseValue (Address: 0x18007d360)
- NtQueryPerformanceCounter (Address: 0x18007d420)
- NtQuerySystemInformation (Address: 0x18007d3c8)
- NtQueryValueKey (Address: 0x18007d290)
- NtQueueApcThread (Address: 0x18007d338)
- NtSetEvent (Address: 0x18007d450)
- NtSetInformationThread (Address: 0x18007d2d8)
- NtSetIntervalProfile (Address: 0x18007d3c0)
- NtSetSystemInformation (Address: 0x18007d3b8)
- NtTerminateProcess (Address: 0x18007d4a8)
- NtTraceControl (Address: 0x18007d378)
- NtWaitForMultipleObjects (Address: 0x18007d3f0)
- RtlAbsoluteToSelfRelativeSD (Address: 0x18007d1e8)
- RtlAcquireSRWLockExclusive (Address: 0x18007d308)
- RtlAcquireSRWLockShared (Address: 0x18007d310)
- RtlAddAccessAllowedAce (Address: 0x18007d258)
- RtlAddAccessAllowedAceEx (Address: 0x18007d1c0)
- RtlAddAccessAllowedObjectAce (Address: 0x18007d200)
- RtlAddAccessDeniedAceEx (Address: 0x18007d1f8)
- RtlAddAccessDeniedObjectAce (Address: 0x18007d4f0)
- RtlAddAce (Address: 0x18007d1d8)
- RtlAddAuditAccessAceEx (Address: 0x18007d1b0)
- RtlAddAuditAccessObjectAce (Address: 0x18007d180)
- RtlAddMandatoryAce (Address: 0x18007d260)
- RtlAllocateAndInitializeSid (Address: 0x18007d478)
- RtlAllocateHeap (Address: 0x18007d270)
- RtlAnsiStringToUnicodeString (Address: 0x18007d498)
- RtlCapabilityCheck (Address: 0x18007d4a0)
- RtlCapabilityCheckForSingleSessionSku (Address: 0x18007d298)
- RtlCaptureContext (Address: 0x18007d4b0)
- RtlCheckTokenCapability (Address: 0x18007d2b8)
- RtlCheckTokenMembership (Address: 0x18007d2a0)
- RtlCheckTokenMembershipEx (Address: 0x18007d2a8)
- RtlCompareUnicodeString (Address: 0x18007d138)
- RtlConvertSidToUnicodeString (Address: 0x18007d1a0)
- RtlCopySecurityDescriptor (Address: 0x18007d278)
- RtlCopySid (Address: 0x18007d0f8)
- RtlCopyUnicodeString (Address: 0x18007d490)
- RtlCreateAcl (Address: 0x18007d268)
- RtlCreateSecurityDescriptor (Address: 0x18007d220)
- RtlCreateServiceSid (Address: 0x18007d2e0)
- RtlDecompressBufferEx (Address: 0x18007d438)
- RtlDeleteCriticalSection (Address: 0x18007d230)
- RtlDeriveCapabilitySidsFromName (Address: 0x18007d480)
- RtlDllShutdownInProgress (Address: 0x18007d4b8)
- RtlEqualPrefixSid (Address: 0x18007d140)
- RtlEqualSid (Address: 0x18007d150)
- RtlEqualUnicodeString (Address: 0x18007d148)
- RtlFirstFreeAce (Address: 0x18007d210)
- RtlFreeAnsiString (Address: 0x18007d380)
- RtlFreeHeap (Address: 0x18007d288)
- RtlFreeUnicodeString (Address: 0x18007d2b0)
- RtlGetAce (Address: 0x18007d1a8)
- RtlGetCompressionWorkSpaceSize (Address: 0x18007d430)
- RtlGetControlSecurityDescriptor (Address: 0x18007d178)
- RtlGetCurrentServiceSessionId (Address: 0x18007d440)
- RtlGetDaclSecurityDescriptor (Address: 0x18007d228)
- RtlGetGroupSecurityDescriptor (Address: 0x18007d1e0)
- RtlGetNativeSystemInformation (Address: 0x18007d408)
- RtlGetNtProductType (Address: 0x18007d458)
- RtlGetOwnerSecurityDescriptor (Address: 0x18007d1c8)
- RtlGetPersistedStateLocation (Address: 0x18007d388)
- RtlGetSaclSecurityDescriptor (Address: 0x18007d198)
- RtlGUIDFromString (Address: 0x18007d208)
- RtlInitAnsiString (Address: 0x18007d0f0)
- RtlInitializeBitMap (Address: 0x18007d410)
- RtlInitializeCriticalSectionEx (Address: 0x18007d238)
- RtlInitializeSid (Address: 0x18007d170)
- RtlInitializeSRWLock (Address: 0x18007d2f8)
- RtlInitUnicodeString (Address: 0x18007d4e0)
- RtlInitUnicodeStringEx (Address: 0x18007d468)
- RtlInterlockedClearBitRun (Address: 0x18007d428)
- RtlInterlockedSetBitRun (Address: 0x18007d418)
- RtlLengthRequiredSid (Address: 0x18007d250)
- RtlLengthSecurityDescriptor (Address: 0x18007d248)
- RtlLengthSid (Address: 0x18007d0e0)
- RtlLookupFunctionEntry (Address: 0x18007d4c8)
- RtlMakeSelfRelativeSD (Address: 0x18007d2c0)
- RtlMultiByteToUnicodeN (Address: 0x18007d1f0)
- RtlNtStatusToDosError (Address: 0x18007d108)
- RtlNtStatusToDosErrorNoTeb (Address: 0x18007d4c0)
- RtlQueryPerformanceFrequency (Address: 0x18007d3e8)
- RtlQueryRegistryValueWithFallback (Address: 0x18007d390)
- RtlQueryTimeZoneInformation (Address: 0x18007d3d8)
- RtlQueryWnfStateData (Address: 0x18007d340)
- RtlReleaseSRWLockExclusive (Address: 0x18007d300)
- RtlReleaseSRWLockShared (Address: 0x18007d318)
- RtlRunOnceExecuteOnce (Address: 0x18007d320)
- RtlSetDaclSecurityDescriptor (Address: 0x18007d190)
- RtlSetGroupSecurityDescriptor (Address: 0x18007d218)
- RtlSetLastWin32Error (Address: 0x18007d350)
- RtlSetOwnerSecurityDescriptor (Address: 0x18007d168)
- RtlSetSaclSecurityDescriptor (Address: 0x18007d160)
- RtlSetThreadSubProcessTag (Address: 0x18007d2c8)
- RtlSubAuthorityCountSid (Address: 0x18007d1d0)
- RtlSubAuthoritySid (Address: 0x18007d188)
- RtlSubscribeWnfStateChangeNotification (Address: 0x18007d330)
- RtlUnhandledExceptionFilter (Address: 0x18007d4d8)
- RtlUnicodeStringToAnsiString (Address: 0x18007d0e8)
- RtlUnicodeToMultiByteSize (Address: 0x18007d100)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x18007d348)
- RtlUnsubscribeWnfStateChangeNotification (Address: 0x18007d328)
- RtlValidAcl (Address: 0x18007d158)
- RtlValidRelativeSecurityDescriptor (Address: 0x18007d398)
- RtlValidSid (Address: 0x18007d130)
- RtlVirtualUnwind (Address: 0x18007d4d0)
- RtlxAnsiStringToUnicodeSize (Address: 0x18007d1b8)
- RtlxUnicodeStringToAnsiSize (Address: 0x18007d460)