sysmain.dll
Description: SysMain Service Host
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 64-bit
Operating System: Windows NT
SHA256: 7955ad71aedb72c87d8d60f9f5f451e1
File Size: 981.5 KB
Uploaded At: Dec. 1, 2025, 7:40 a.m.
Views: 29
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- PfSvWsSwapAssessmentTask (Ordinal: 1, Address: 0x68a60)
- AgGlLoad (Ordinal: 2, Address: 0x69e50)
- AgPdLoad (Ordinal: 3, Address: 0x6ab80)
- AgTwLoad (Ordinal: 4, Address: 0x71c70)
- CloseReadyBoostPerfData (Ordinal: 5, Address: 0x4d560)
- CollectReadyBoostPerfData (Ordinal: 6, Address: 0x67f60)
- DllCanUnloadNow (Ordinal: 7, Address: 0x68e30)
- DllGetClassObject (Ordinal: 8, Address: 0x68e70)
- DllRegisterServer (Ordinal: 9, Address: 0x69000)
- DllUnregisterServer (Ordinal: 10, Address: 0x69040)
- GetProviderClassID (Ordinal: 11, Address: 0x69080)
- MI_Main (Ordinal: 12, Address: 0x68840)
- OpenReadyBoostPerfData (Ordinal: 13, Address: 0x68090)
- PfSvSysprepCleanup (Ordinal: 14, Address: 0x7ac30)
- PfSvUnattendCallback (Ordinal: 15, Address: 0x7b200)
- SysMtServiceMain (Ordinal: 16, Address: 0x68530)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800c9698)
api-ms-win-core-datetime-l1-1-0.dll
- GetDateFormatW (Address: 0x1800c96a8)
- GetTimeFormatW (Address: 0x1800c96b0)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800c96d8)
- IsDebuggerPresent (Address: 0x1800c96c0)
- OutputDebugStringA (Address: 0x1800c96d0)
- OutputDebugStringW (Address: 0x1800c96c8)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800c96e8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1800c96f8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800c9710)
- SetLastError (Address: 0x1800c9708)
- SetUnhandledExceptionFilter (Address: 0x1800c9720)
- UnhandledExceptionFilter (Address: 0x1800c9718)
api-ms-win-core-featurestaging-l1-1-0.dll
- SubscribeFeatureStateChangeNotification (Address: 0x1800c9738)
- UnsubscribeFeatureStateChangeNotification (Address: 0x1800c9730)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x1800c97f8)
- CreateFileW (Address: 0x1800c97d0)
- DeleteFileW (Address: 0x1800c9800)
- FileTimeToLocalFileTime (Address: 0x1800c9790)
- FindClose (Address: 0x1800c97d8)
- FindFirstFileExW (Address: 0x1800c9810)
- FindFirstFileW (Address: 0x1800c9808)
- FindFirstVolumeW (Address: 0x1800c9760)
- FindNextFileW (Address: 0x1800c97f0)
- FindNextVolumeW (Address: 0x1800c9780)
- FindVolumeClose (Address: 0x1800c9770)
- FlushFileBuffers (Address: 0x1800c97a8)
- GetFileAttributesW (Address: 0x1800c97c8)
- GetFileSize (Address: 0x1800c9798)
- GetFileSizeEx (Address: 0x1800c9768)
- GetFileTime (Address: 0x1800c9748)
- GetFinalPathNameByHandleW (Address: 0x1800c97e0)
- GetFullPathNameW (Address: 0x1800c9750)
- LocalFileTimeToFileTime (Address: 0x1800c97a0)
- QueryDosDeviceW (Address: 0x1800c9788)
- ReadFile (Address: 0x1800c9778)
- SetEndOfFile (Address: 0x1800c97b0)
- SetFileAttributesW (Address: 0x1800c97b8)
- SetFileInformationByHandle (Address: 0x1800c9818)
- SetFilePointer (Address: 0x1800c9758)
- SetFilePointerEx (Address: 0x1800c97c0)
- WriteFile (Address: 0x1800c97e8)
api-ms-win-core-file-l1-2-0.dll
- GetVolumePathNamesForVolumeNameW (Address: 0x1800c9828)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x1800c9838)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800c9848)
- DuplicateHandle (Address: 0x1800c9850)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800c9868)
- HeapAlloc (Address: 0x1800c9870)
- HeapCreate (Address: 0x1800c9880)
- HeapDestroy (Address: 0x1800c9878)
- HeapFree (Address: 0x1800c9860)
api-ms-win-core-heap-l2-1-0.dll
- LocalFree (Address: 0x1800c9890)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1800c98a0)
- GetOverlappedResult (Address: 0x1800c98a8)
api-ms-win-core-io-l1-1-1.dll
- CancelIo (Address: 0x1800c98b8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- GetSystemPowerStatus (Address: 0x1800c98c8)
- WTSGetActiveConsoleSessionId (Address: 0x1800c98d0)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800c9938)
- FreeLibrary (Address: 0x1800c9908)
- FreeLibraryAndExitThread (Address: 0x1800c98f0)
- GetModuleFileNameA (Address: 0x1800c9930)
- GetModuleFileNameW (Address: 0x1800c98e0)
- GetModuleHandleExW (Address: 0x1800c9920)
- GetModuleHandleW (Address: 0x1800c9900)
- GetProcAddress (Address: 0x1800c9928)
- LoadLibraryExW (Address: 0x1800c9918)
- LoadResource (Address: 0x1800c98f8)
- LoadStringW (Address: 0x1800c9940)
- LockResource (Address: 0x1800c9910)
- SizeofResource (Address: 0x1800c98e8)
api-ms-win-core-libraryloader-l1-2-1.dll
- FindResourceW (Address: 0x1800c9960)
- LoadLibraryA (Address: 0x1800c9958)
- LoadLibraryW (Address: 0x1800c9950)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800c9970)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1800c9980)
- FlushViewOfFile (Address: 0x1800c99a0)
- MapViewOfFile (Address: 0x1800c99a8)
- UnmapViewOfFile (Address: 0x1800c9990)
- VirtualAlloc (Address: 0x1800c99b0)
- VirtualFree (Address: 0x1800c9998)
- VirtualProtect (Address: 0x1800c9988)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800c99c0)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessW (Address: 0x1800c9a20)
- CreateThread (Address: 0x1800c9a00)
- GetCurrentProcess (Address: 0x1800c99e0)
- GetCurrentProcessId (Address: 0x1800c99f0)
- GetCurrentThread (Address: 0x1800c9a08)
- GetCurrentThreadId (Address: 0x1800c9a28)
- GetExitCodeProcess (Address: 0x1800c9a18)
- GetThreadPriority (Address: 0x1800c9a38)
- OpenProcessToken (Address: 0x1800c99e8)
- OpenThread (Address: 0x1800c99d0)
- OpenThreadToken (Address: 0x1800c99f8)
- ResumeThread (Address: 0x1800c9a30)
- SetThreadPriority (Address: 0x1800c9a10)
- TerminateProcess (Address: 0x1800c99d8)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1800c9a48)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800c9a60)
- QueryPerformanceFrequency (Address: 0x1800c9a58)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x1800c9a70)
api-ms-win-core-psm-key-l1-1-0.dll
- PsmGetApplicationNameFromKey (Address: 0x1800c9a88)
- PsmGetPackageFullNameFromKey (Address: 0x1800c9a80)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800c9ac8)
- RegCopyTreeW (Address: 0x1800c9ab0)
- RegCreateKeyExW (Address: 0x1800c9ab8)
- RegDeleteTreeW (Address: 0x1800c9aa0)
- RegDeleteValueW (Address: 0x1800c9ac0)
- RegEnumKeyExW (Address: 0x1800c9aa8)
- RegEnumValueA (Address: 0x1800c9af0)
- RegEnumValueW (Address: 0x1800c9ae0)
- RegGetValueW (Address: 0x1800c9a98)
- RegOpenKeyExW (Address: 0x1800c9ad0)
- RegQueryInfoKeyW (Address: 0x1800c9ad8)
- RegQueryValueExW (Address: 0x1800c9af8)
- RegSetValueExW (Address: 0x1800c9ae8)
api-ms-win-core-sidebyside-l1-1-0.dll
- ActivateActCtx (Address: 0x1800c9b18)
- CreateActCtxW (Address: 0x1800c9b20)
- DeactivateActCtx (Address: 0x1800c9b08)
- FindActCtxSectionStringW (Address: 0x1800c9b10)
- QueryActCtxW (Address: 0x1800c9b28)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x1800c9b40)
- WideCharToMultiByte (Address: 0x1800c9b38)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800c9b88)
- AcquireSRWLockShared (Address: 0x1800c9b60)
- CreateEventW (Address: 0x1800c9b70)
- CreateMutexExW (Address: 0x1800c9b58)
- CreateSemaphoreExW (Address: 0x1800c9b78)
- CreateWaitableTimerExW (Address: 0x1800c9b98)
- DeleteCriticalSection (Address: 0x1800c9bb8)
- EnterCriticalSection (Address: 0x1800c9ba0)
- InitializeCriticalSection (Address: 0x1800c9bf0)
- InitializeCriticalSectionEx (Address: 0x1800c9b68)
- LeaveCriticalSection (Address: 0x1800c9be0)
- OpenSemaphoreW (Address: 0x1800c9bd0)
- ReleaseMutex (Address: 0x1800c9bc8)
- ReleaseSemaphore (Address: 0x1800c9b50)
- ReleaseSRWLockExclusive (Address: 0x1800c9b80)
- ReleaseSRWLockShared (Address: 0x1800c9bb0)
- ResetEvent (Address: 0x1800c9be8)
- SetEvent (Address: 0x1800c9bc0)
- WaitForMultipleObjectsEx (Address: 0x1800c9bd8)
- WaitForSingleObject (Address: 0x1800c9ba8)
- WaitForSingleObjectEx (Address: 0x1800c9b90)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x1800c9c08)
- Sleep (Address: 0x1800c9c00)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x1800c9c18)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x1800c9c28)
- GetSystemDirectoryW (Address: 0x1800c9c48)
- GetSystemTime (Address: 0x1800c9c40)
- GetSystemTimeAsFileTime (Address: 0x1800c9c50)
- GetSystemWindowsDirectoryW (Address: 0x1800c9c38)
- GetTickCount (Address: 0x1800c9c30)
- GetTickCount64 (Address: 0x1800c9c60)
- GetWindowsDirectoryW (Address: 0x1800c9c58)
api-ms-win-core-threadpool-l1-2-0.dll
- CallbackMayRunLong (Address: 0x1800c9c98)
- CloseThreadpoolTimer (Address: 0x1800c9c70)
- CloseThreadpoolWait (Address: 0x1800c9ca8)
- CreateThreadpoolTimer (Address: 0x1800c9c90)
- CreateThreadpoolWait (Address: 0x1800c9c78)
- SetThreadpoolTimer (Address: 0x1800c9c80)
- SetThreadpoolWait (Address: 0x1800c9c88)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800c9ca0)
- WaitForThreadpoolWaitCallbacks (Address: 0x1800c9cb0)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x1800c9cc8)
- SystemTimeToFileTime (Address: 0x1800c9cc0)
api-ms-win-devices-config-l1-1-1.dll
- CM_Get_Device_Interface_List_SizeW (Address: 0x1800c9ce0)
- CM_Get_Device_Interface_ListW (Address: 0x1800c9cd8)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800c9d08)
- GetTraceEnableLevel (Address: 0x1800c9d10)
- GetTraceLoggerHandle (Address: 0x1800c9d00)
- RegisterTraceGuidsW (Address: 0x1800c9cf0)
- TraceEvent (Address: 0x1800c9d18)
- UnregisterTraceGuids (Address: 0x1800c9cf8)
api-ms-win-eventing-consumer-l1-1-0.dll
- CloseTrace (Address: 0x1800c9d38)
- OpenTraceW (Address: 0x1800c9d28)
- ProcessTrace (Address: 0x1800c9d30)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x1800c9d48)
api-ms-win-eventing-provider-l1-1-0.dll
- EventEnabled (Address: 0x1800c9d70)
- EventRegister (Address: 0x1800c9d80)
- EventSetInformation (Address: 0x1800c9d78)
- EventUnregister (Address: 0x1800c9d58)
- EventWrite (Address: 0x1800c9d60)
- EventWriteTransfer (Address: 0x1800c9d68)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAceEx (Address: 0x1800c9df0)
- AdjustTokenPrivileges (Address: 0x1800c9da0)
- AllocateAndInitializeSid (Address: 0x1800c9e00)
- CheckTokenMembership (Address: 0x1800c9d90)
- CopySid (Address: 0x1800c9df8)
- DuplicateTokenEx (Address: 0x1800c9da8)
- EqualSid (Address: 0x1800c9dc0)
- FreeSid (Address: 0x1800c9dd8)
- GetLengthSid (Address: 0x1800c9de0)
- GetTokenInformation (Address: 0x1800c9db8)
- ImpersonateLoggedOnUser (Address: 0x1800c9dd0)
- ImpersonateSelf (Address: 0x1800c9db0)
- InitializeAcl (Address: 0x1800c9de8)
- IsValidSid (Address: 0x1800c9dc8)
- RevertToSelf (Address: 0x1800c9d98)
msvcrt.dll
- __C_specific_handler (Address: 0x1800ca020)
- __CxxFrameHandler3 (Address: 0x1800ca028)
- __dllonexit (Address: 0x1800c9f58)
- __iob_func (Address: 0x1800c9f70)
- _amsg_exit (Address: 0x1800c9e58)
- _callnewh (Address: 0x1800c9f60)
- _CxxThrowException (Address: 0x1800ca030)
- _errno (Address: 0x1800c9f78)
- _initterm (Address: 0x1800c9e48)
- _lock (Address: 0x1800c9e50)
- _onexit (Address: 0x1800c9e30)
- _purecall (Address: 0x1800c9f00)
- _strupr (Address: 0x1800c9ed8)
- _unlock (Address: 0x1800c9e78)
- _vsnprintf (Address: 0x1800c9ff0)
- _vsnwprintf (Address: 0x1800c9ff8)
- _wcsicmp (Address: 0x1800c9f98)
- _wcslwr (Address: 0x1800c9eb0)
- _wcsnicmp (Address: 0x1800c9f08)
- _wcsupr (Address: 0x1800c9f50)
- _wcsupr_s (Address: 0x1800c9ee8)
- _wfopen (Address: 0x1800c9f48)
- _wtof (Address: 0x1800c9e60)
- _wtoi (Address: 0x1800c9e68)
- _XcptFilter (Address: 0x1800c9f68)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800c9f88)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800c9ee0)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800c9e90)
- ??1exception@@UEAA@XZ (Address: 0x1800c9e20)
- ??1type_info@@UEAA@XZ (Address: 0x1800ca000)
- ??3@YAXPEAX@Z (Address: 0x1800c9fa0)
- ?what@exception@@UEBAPEBDXZ (Address: 0x1800c9e80)
- bsearch (Address: 0x1800c9fc0)
- exp (Address: 0x1800c9f80)
- fclose (Address: 0x1800c9fd8)
- feof (Address: 0x1800c9f10)
- fgetws (Address: 0x1800c9f18)
- fopen (Address: 0x1800c9fe0)
- fprintf (Address: 0x1800c9fe8)
- free (Address: 0x1800c9f38)
- isprint (Address: 0x1800c9e88)
- iswascii (Address: 0x1800c9e98)
- iswspace (Address: 0x1800c9ec8)
- log (Address: 0x1800c9f90)
- malloc (Address: 0x1800c9e38)
- memcmp (Address: 0x1800ca018)
- memcpy (Address: 0x1800c9fb0)
- memcpy_s (Address: 0x1800ca010)
- memmove (Address: 0x1800c9fc8)
- memmove_s (Address: 0x1800c9e70)
- memset (Address: 0x1800ca008)
- powf (Address: 0x1800c9e28)
- qsort (Address: 0x1800c9fd0)
- rand (Address: 0x1800c9e18)
- sqrt (Address: 0x1800c9e40)
- srand (Address: 0x1800c9fa8)
- strchr (Address: 0x1800c9f30)
- strcmp (Address: 0x1800c9ea0)
- strnlen (Address: 0x1800c9f28)
- strstr (Address: 0x1800c9f40)
- swscanf_s (Address: 0x1800c9ef0)
- tolower (Address: 0x1800c9ec0)
- towupper (Address: 0x1800c9ea8)
- wcschr (Address: 0x1800c9f20)
- wcscmp (Address: 0x1800ca038)
- wcsncmp (Address: 0x1800c9ed0)
- wcsnlen (Address: 0x1800c9fb8)
- wcsstr (Address: 0x1800c9ef8)
- wcstok (Address: 0x1800c9e10)
- wcstoul (Address: 0x1800c9eb8)
ntdll.dll
- NtAllocateVirtualMemory (Address: 0x1800ca0f8)
- NtClose (Address: 0x1800ca2d8)
- NtCreateFile (Address: 0x1800ca1a0)
- NtCreateKey (Address: 0x1800ca130)
- NtDeleteKey (Address: 0x1800ca190)
- NtDeviceIoControlFile (Address: 0x1800ca258)
- NtEnumerateValueKey (Address: 0x1800ca180)
- NtFreeVirtualMemory (Address: 0x1800ca108)
- NtOpenEvent (Address: 0x1800ca280)
- NtOpenFile (Address: 0x1800ca198)
- NtOpenKey (Address: 0x1800ca288)
- NtPowerInformation (Address: 0x1800ca260)
- NtQueryDirectoryFile (Address: 0x1800ca118)
- NtQueryInformationFile (Address: 0x1800ca240)
- NtQueryInformationProcess (Address: 0x1800ca170)
- NtQueryInformationThread (Address: 0x1800ca138)
- NtQueryLicenseValue (Address: 0x1800ca238)
- NtQueryObject (Address: 0x1800ca1a8)
- NtQuerySystemInformation (Address: 0x1800ca290)
- NtQueryValueKey (Address: 0x1800ca0b8)
- NtQueryVirtualMemory (Address: 0x1800ca188)
- NtQueryVolumeInformationFile (Address: 0x1800ca1b0)
- NtReadFile (Address: 0x1800ca0a0)
- NtSetInformationFile (Address: 0x1800ca0a8)
- NtSetInformationProcess (Address: 0x1800ca110)
- NtSetInformationThread (Address: 0x1800ca168)
- NtSetSystemInformation (Address: 0x1800ca2a0)
- RtlAcquireSRWLockExclusive (Address: 0x1800ca2c0)
- RtlAcquireSRWLockShared (Address: 0x1800ca2b0)
- RtlAreBitsClear (Address: 0x1800ca1b8)
- RtlAreBitsSet (Address: 0x1800ca1f0)
- RtlCaptureContext (Address: 0x1800ca058)
- RtlClearAllBits (Address: 0x1800ca220)
- RtlClearBits (Address: 0x1800ca0f0)
- RtlCompareMemory (Address: 0x1800ca060)
- RtlCompressBuffer (Address: 0x1800ca158)
- RtlComputeCrc32 (Address: 0x1800ca298)
- RtlDecompressBufferEx (Address: 0x1800ca148)
- RtlDosPathNameToNtPathName_U (Address: 0x1800ca128)
- RtlFindClearBits (Address: 0x1800ca1c8)
- RtlFindClearBitsAndSet (Address: 0x1800ca0e0)
- RtlFindLastBackwardRunClear (Address: 0x1800ca100)
- RtlFindSetBits (Address: 0x1800ca1d8)
- RtlFreeHeap (Address: 0x1800ca120)
- RtlFreeUnicodeString (Address: 0x1800ca098)
- RtlGetCompressionWorkSpaceSize (Address: 0x1800ca160)
- RtlGetPersistedStateLocation (Address: 0x1800ca0c0)
- RtlGetSuiteMask (Address: 0x1800ca230)
- RtlGetVersion (Address: 0x1800ca248)
- RtlImageDirectoryEntryToData (Address: 0x1800ca0d8)
- RtlImageNtHeader (Address: 0x1800ca250)
- RtlImageRvaToVa (Address: 0x1800ca0d0)
- RtlInitializeBitMap (Address: 0x1800ca0e8)
- RtlInitializeSRWLock (Address: 0x1800ca2b8)
- RtlInitUnicodeString (Address: 0x1800ca268)
- RtlInitUnicodeStringEx (Address: 0x1800ca090)
- RtlInterlockedSetBitRun (Address: 0x1800ca1e0)
- RtlLookupFunctionEntry (Address: 0x1800ca050)
- RtlNtStatusToDosError (Address: 0x1800ca2d0)
- RtlNumberOfClearBitsInRange (Address: 0x1800ca1e8)
- RtlNumberOfSetBits (Address: 0x1800ca208)
- RtlNumberOfSetBitsInRange (Address: 0x1800ca228)
- RtlQueryPackageIdentity (Address: 0x1800ca178)
- RtlQueryResourcePolicy (Address: 0x1800ca2e0)
- RtlQueryWnfStateData (Address: 0x1800ca140)
- RtlRaiseException (Address: 0x1800ca1c0)
- RtlRandom (Address: 0x1800ca088)
- RtlRandomEx (Address: 0x1800ca0c8)
- RtlRbInsertNodeEx (Address: 0x1800ca0b0)
- RtlRbRemoveNode (Address: 0x1800ca150)
- RtlReleaseSRWLockExclusive (Address: 0x1800ca2c8)
- RtlReleaseSRWLockShared (Address: 0x1800ca2a8)
- RtlSetAllBits (Address: 0x1800ca1d0)
- RtlSetBits (Address: 0x1800ca210)
- RtlTestBit (Address: 0x1800ca218)
- RtlUpcaseUnicodeChar (Address: 0x1800ca278)
- RtlUpcaseUnicodeString (Address: 0x1800ca270)
- RtlVirtualUnwind (Address: 0x1800ca048)
- ZwAllocateVirtualMemory (Address: 0x1800ca1f8)
- ZwClose (Address: 0x1800ca070)
- ZwCreateKey (Address: 0x1800ca080)
- ZwFreeVirtualMemory (Address: 0x1800ca200)
- ZwQueryValueKey (Address: 0x1800ca078)
- ZwSetValueKey (Address: 0x1800ca068)
POWRPROF.dll
- PowerClearUserAwayPrediction (Address: 0x1800c95b8)
- PowerSettingRegisterNotificationEx (Address: 0x1800c95b0)
- PowerSetUserAwayPrediction (Address: 0x1800c95c0)
RPCRT4.dll
- NdrClientCall3 (Address: 0x1800c95f0)
- NdrServerCall2 (Address: 0x1800c9618)
- NdrServerCallAll (Address: 0x1800c9638)
- RpcBindingFree (Address: 0x1800c95e8)
- RpcBindingFromStringBindingW (Address: 0x1800c95e0)
- RpcBindingSetAuthInfoExW (Address: 0x1800c95d0)
- RpcBindingToStringBindingW (Address: 0x1800c9640)
- RpcBindingVectorFree (Address: 0x1800c9620)
- RpcEpRegisterW (Address: 0x1800c9668)
- RpcEpUnregister (Address: 0x1800c9658)
- RpcImpersonateClient (Address: 0x1800c9608)
- RpcRevertToSelf (Address: 0x1800c9610)
- RpcServerInqBindings (Address: 0x1800c9660)
- RpcServerRegisterAuthInfoW (Address: 0x1800c9650)
- RpcServerRegisterIf3 (Address: 0x1800c9648)
- RpcServerUnregisterIfEx (Address: 0x1800c9630)
- RpcServerUseProtseqEpW (Address: 0x1800c9600)
- RpcStringBindingComposeW (Address: 0x1800c95f8)
- RpcStringBindingParseW (Address: 0x1800c95d8)
- RpcStringFreeW (Address: 0x1800c9628)
UMPDC.dll
- PdcActivationClientActivityRequest (Address: 0x1800c9688)
- PdcActivationClientRegister (Address: 0x1800c9678)
- PdcActivationClientUnregister (Address: 0x1800c9680)