msoobeplugins.dll
Description: msoobeplugins
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.1265
Architecture: 64-bit
Operating System: Windows NT
SHA256: a872b567a199a1a407e73a56139aba18
File Size: 1.0 MB
Uploaded At: Dec. 1, 2025, 8:13 a.m.
Views: 17
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x60a0)
- DllGetActivationFactory (Ordinal: 2, Address: 0x5ce0)
- DllGetClassObject (Ordinal: 3, Address: 0x5ec0)
Imported DLLs & Functions
ADVAPI32.dll
- CheckTokenMembership (Address: 0x1800bdc60)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800bdc40)
- CreateWellKnownSid (Address: 0x1800bdc68)
- DuplicateToken (Address: 0x1800bdc58)
- LogonUserW (Address: 0x1800bdc30)
- RegDeleteKeyExW (Address: 0x1800bdc50)
- RegQueryInfoKeyW (Address: 0x1800bdc38)
- RegSetKeySecurity (Address: 0x1800bdc48)
- TraceMessage (Address: 0x1800bdc70)
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800be048)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
- CStdStubBuffer2_Connect (Address: 0x1800be070)
- CStdStubBuffer2_CountRefs (Address: 0x1800be0a8)
- CStdStubBuffer2_Disconnect (Address: 0x1800be0f0)
- CStdStubBuffer2_QueryInterface (Address: 0x1800be078)
- NdrProxyForwardingFunction3 (Address: 0x1800be068)
- NdrProxyForwardingFunction4 (Address: 0x1800be0d8)
- NdrProxyForwardingFunction5 (Address: 0x1800be0c8)
- ObjectStublessClient10 (Address: 0x1800be0a0)
- ObjectStublessClient11 (Address: 0x1800be060)
- ObjectStublessClient12 (Address: 0x1800be090)
- ObjectStublessClient13 (Address: 0x1800be0d0)
- ObjectStublessClient14 (Address: 0x1800be088)
- ObjectStublessClient15 (Address: 0x1800be0b8)
- ObjectStublessClient16 (Address: 0x1800be058)
- ObjectStublessClient17 (Address: 0x1800be0e0)
- ObjectStublessClient3 (Address: 0x1800be098)
- ObjectStublessClient6 (Address: 0x1800be0b0)
- ObjectStublessClient7 (Address: 0x1800be080)
- ObjectStublessClient8 (Address: 0x1800be0c0)
- ObjectStublessClient9 (Address: 0x1800be0e8)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800be108)
- IsDebuggerPresent (Address: 0x1800be110)
- OutputDebugStringW (Address: 0x1800be100)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800be120)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1800be130)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800be158)
- RaiseException (Address: 0x1800be150)
- SetLastError (Address: 0x1800be160)
- SetUnhandledExceptionFilter (Address: 0x1800be148)
- UnhandledExceptionFilter (Address: 0x1800be140)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1800be1b0)
- DeleteFileW (Address: 0x1800be1a0)
- FindFirstVolumeW (Address: 0x1800be180)
- FindNextVolumeW (Address: 0x1800be178)
- GetDriveTypeW (Address: 0x1800be170)
- GetFileSize (Address: 0x1800be198)
- GetTempFileNameW (Address: 0x1800be1a8)
- ReadFile (Address: 0x1800be190)
- WriteFile (Address: 0x1800be188)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x1800be1c8)
- GetVolumePathNamesForVolumeNameW (Address: 0x1800be1c0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800be1d8)
- DuplicateHandle (Address: 0x1800be1e0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800be218)
- HeapAlloc (Address: 0x1800be210)
- HeapDestroy (Address: 0x1800be208)
- HeapFree (Address: 0x1800be1f0)
- HeapReAlloc (Address: 0x1800be1f8)
- HeapSize (Address: 0x1800be200)
api-ms-win-core-heap-l2-1-0.dll
- GlobalAlloc (Address: 0x1800be248)
- GlobalFree (Address: 0x1800be240)
- LocalAlloc (Address: 0x1800be230)
- LocalFree (Address: 0x1800be238)
- LocalReAlloc (Address: 0x1800be228)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- GlobalLock (Address: 0x1800be268)
- GlobalSize (Address: 0x1800be260)
- GlobalUnlock (Address: 0x1800be258)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1800be278)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- DnsHostnameToComputerNameW (Address: 0x1800be288)
- GetComputerNameW (Address: 0x1800be290)
- GetSystemPowerStatus (Address: 0x1800be298)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
- PowerClearRequest (Address: 0x1800be2b0)
- PowerCreateRequest (Address: 0x1800be2a8)
- PowerSetRequest (Address: 0x1800be2b8)
api-ms-win-core-kernel32-legacy-l1-1-5.dll
- SetThreadExecutionState (Address: 0x1800be2c8)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800be308)
- FindResourceExW (Address: 0x1800be318)
- FreeLibrary (Address: 0x1800be310)
- GetModuleFileNameA (Address: 0x1800be2e0)
- GetModuleHandleExW (Address: 0x1800be2f0)
- GetModuleHandleW (Address: 0x1800be300)
- GetProcAddress (Address: 0x1800be2f8)
- LoadLibraryExW (Address: 0x1800be2d8)
- LoadResource (Address: 0x1800be320)
- LoadStringW (Address: 0x1800be2e8)
- LockResource (Address: 0x1800be328)
- SizeofResource (Address: 0x1800be330)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x1800be340)
api-ms-win-core-localization-l1-2-0.dll
- EnumSystemGeoID (Address: 0x1800be380)
- EnumSystemLocalesW (Address: 0x1800be368)
- FormatMessageW (Address: 0x1800be3c8)
- GetACP (Address: 0x1800be3d8)
- GetCPInfo (Address: 0x1800be360)
- GetFileMUIPath (Address: 0x1800be3e0)
- GetGeoInfoW (Address: 0x1800be3e8)
- GetLocaleInfoEx (Address: 0x1800be3a0)
- GetLocaleInfoW (Address: 0x1800be388)
- GetSystemPreferredUILanguages (Address: 0x1800be370)
- GetThreadPreferredUILanguages (Address: 0x1800be350)
- GetThreadUILanguage (Address: 0x1800be3b0)
- GetUserDefaultLCID (Address: 0x1800be390)
- GetUserDefaultLocaleName (Address: 0x1800be398)
- GetUserGeoID (Address: 0x1800be3a8)
- LCMapStringEx (Address: 0x1800be378)
- LocaleNameToLCID (Address: 0x1800be3c0)
- SetThreadPreferredUILanguages (Address: 0x1800be3d0)
- SetThreadUILanguage (Address: 0x1800be358)
- SetUserGeoID (Address: 0x1800be3b8)
api-ms-win-core-localization-l1-2-2.dll
- GetSystemDefaultLocaleName (Address: 0x1800be3f8)
- LCIDToLocaleName (Address: 0x1800be400)
api-ms-win-core-localization-l1-2-3.dll
- GetUserDefaultGeoName (Address: 0x1800be410)
api-ms-win-core-localization-private-l1-1-0.dll
- NlsUpdateLocale (Address: 0x1800be420)
api-ms-win-core-path-l1-1-0.dll
- PathCchAppend (Address: 0x1800be438)
- PathCchRenameExtension (Address: 0x1800be430)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800be448)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessW (Address: 0x1800be468)
- GetCurrentProcess (Address: 0x1800be488)
- GetCurrentProcessId (Address: 0x1800be460)
- GetCurrentThread (Address: 0x1800be470)
- GetCurrentThreadId (Address: 0x1800be490)
- OpenProcessToken (Address: 0x1800be478)
- OpenThreadToken (Address: 0x1800be458)
- TerminateProcess (Address: 0x1800be480)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1800be4a0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800be4b0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800be500)
- RegCreateKeyExW (Address: 0x1800be4c0)
- RegDeleteTreeW (Address: 0x1800be4d8)
- RegDeleteValueW (Address: 0x1800be4f8)
- RegEnumKeyExW (Address: 0x1800be4f0)
- RegEnumValueW (Address: 0x1800be508)
- RegGetValueW (Address: 0x1800be4c8)
- RegOpenKeyExW (Address: 0x1800be4e0)
- RegQueryValueExW (Address: 0x1800be4d0)
- RegSetValueExW (Address: 0x1800be4e8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800be528)
- RtlLookupFunctionEntry (Address: 0x1800be518)
- RtlVirtualUnwind (Address: 0x1800be520)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1800be538)
- CompareStringW (Address: 0x1800be550)
- MultiByteToWideChar (Address: 0x1800be540)
- WideCharToMultiByte (Address: 0x1800be548)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800be560)
- AcquireSRWLockShared (Address: 0x1800be568)
- CreateEventExW (Address: 0x1800be5a8)
- CreateEventW (Address: 0x1800be5d8)
- CreateMutexExW (Address: 0x1800be570)
- CreateSemaphoreExW (Address: 0x1800be5b8)
- DeleteCriticalSection (Address: 0x1800be5c8)
- EnterCriticalSection (Address: 0x1800be5e8)
- InitializeCriticalSection (Address: 0x1800be5c0)
- InitializeCriticalSectionEx (Address: 0x1800be5d0)
- InitializeSRWLock (Address: 0x1800be5b0)
- LeaveCriticalSection (Address: 0x1800be600)
- OpenSemaphoreW (Address: 0x1800be5a0)
- ReleaseMutex (Address: 0x1800be608)
- ReleaseSemaphore (Address: 0x1800be598)
- ReleaseSRWLockExclusive (Address: 0x1800be5e0)
- ReleaseSRWLockShared (Address: 0x1800be580)
- ResetEvent (Address: 0x1800be5f0)
- SetEvent (Address: 0x1800be5f8)
- WaitForMultipleObjectsEx (Address: 0x1800be588)
- WaitForSingleObject (Address: 0x1800be578)
- WaitForSingleObjectEx (Address: 0x1800be590)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1800be638)
- InitOnceComplete (Address: 0x1800be640)
- InitOnceExecuteOnce (Address: 0x1800be620)
- Sleep (Address: 0x1800be618)
- SleepConditionVariableSRW (Address: 0x1800be630)
- WakeAllConditionVariable (Address: 0x1800be628)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x1800be650)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1800be680)
- GetSystemDirectoryW (Address: 0x1800be668)
- GetSystemTimeAsFileTime (Address: 0x1800be678)
- GetTickCount (Address: 0x1800be670)
- GetTickCount64 (Address: 0x1800be660)
api-ms-win-core-sysinfo-l1-2-0.dll
- SetComputerNameExW (Address: 0x1800be690)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800be6a0)
- CloseThreadpoolWait (Address: 0x1800be6c0)
- CreateThreadpoolTimer (Address: 0x1800be6c8)
- CreateThreadpoolWait (Address: 0x1800be6b8)
- SetThreadpoolTimer (Address: 0x1800be6d8)
- SetThreadpoolWait (Address: 0x1800be6b0)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800be6a8)
- WaitForThreadpoolWaitCallbacks (Address: 0x1800be6d0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x1800be6e8)
api-ms-win-core-timezone-l1-1-0.dll
- GetDynamicTimeZoneInformation (Address: 0x1800be6f8)
- SetDynamicTimeZoneInformation (Address: 0x1800be700)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1800be710)
- EncodePointer (Address: 0x1800be718)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x1800be748)
- RoOriginateError (Address: 0x1800be728)
- RoOriginateErrorW (Address: 0x1800be740)
- RoTransformError (Address: 0x1800be730)
- SetRestrictedErrorInfo (Address: 0x1800be738)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1800be758)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1800be760)
- RoReportFailedDelegate (Address: 0x1800be768)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1800be780)
- RoGetActivationFactory (Address: 0x1800be778)
- RoInitialize (Address: 0x1800be788)
- RoUninitialize (Address: 0x1800be790)
api-ms-win-core-winrt-string-l1-1-0.dll
- HSTRING_UserFree (Address: 0x1800be7a8)
- HSTRING_UserFree64 (Address: 0x1800be810)
- HSTRING_UserMarshal (Address: 0x1800be818)
- HSTRING_UserMarshal64 (Address: 0x1800be808)
- HSTRING_UserSize (Address: 0x1800be800)
- HSTRING_UserSize64 (Address: 0x1800be7f0)
- HSTRING_UserUnmarshal (Address: 0x1800be7d0)
- HSTRING_UserUnmarshal64 (Address: 0x1800be7b0)
- WindowsConcatString (Address: 0x1800be7a0)
- WindowsCreateString (Address: 0x1800be7d8)
- WindowsCreateStringReference (Address: 0x1800be7c0)
- WindowsDeleteString (Address: 0x1800be7c8)
- WindowsDuplicateString (Address: 0x1800be7e0)
- WindowsGetStringRawBuffer (Address: 0x1800be7f8)
- WindowsIsStringEmpty (Address: 0x1800be7e8)
- WindowsStringHasEmbeddedNull (Address: 0x1800be7b8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1800be828)
- EventRegister (Address: 0x1800be830)
- EventSetInformation (Address: 0x1800be838)
- EventUnregister (Address: 0x1800be848)
- EventWriteTransfer (Address: 0x1800be840)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x1800be868)
- CopySid (Address: 0x1800be870)
- DuplicateTokenEx (Address: 0x1800be890)
- GetSidLengthRequired (Address: 0x1800be878)
- GetSidSubAuthority (Address: 0x1800be880)
- GetSidSubAuthorityCount (Address: 0x1800be888)
- GetTokenInformation (Address: 0x1800be860)
- IsWellKnownSid (Address: 0x1800be858)
api-ms-win-security-capability-l1-1-0.dll
- CapabilityCheck (Address: 0x1800be8a0)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupAccountNameW (Address: 0x1800be8b8)
- LookupPrivilegeValueW (Address: 0x1800be8b0)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaClose (Address: 0x1800be8d8)
- LsaFreeMemory (Address: 0x1800be8e0)
- LsaOpenPolicy (Address: 0x1800be8f8)
- LsaQueryInformationPolicy (Address: 0x1800be8f0)
- LsaRetrievePrivateData (Address: 0x1800be8c8)
- LsaSetInformationPolicy (Address: 0x1800be8e8)
- LsaStorePrivateData (Address: 0x1800be8d0)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800be910)
- ConvertStringSidToSidW (Address: 0x1800be908)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1800be920)
- OpenSCManagerW (Address: 0x1800be938)
- OpenServiceW (Address: 0x1800be930)
- StartServiceW (Address: 0x1800be928)
api-ms-win-service-management-l2-1-0.dll
- ChangeServiceConfigW (Address: 0x1800be948)
- QueryServiceConfigW (Address: 0x1800be958)
- QueryServiceStatusEx (Address: 0x1800be950)
api-ms-win-service-winsvc-l1-1-0.dll
- ControlService (Address: 0x1800be970)
- QueryServiceStatus (Address: 0x1800be968)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x1800be980)
Bcp47Langs.dll
- AppendUserLanguageInternal (Address: 0x1800bdc88)
- Bcp47FromLcid (Address: 0x1800bdc80)
- GetUserLanguageInputMethods (Address: 0x1800bdc90)
COMCTL32.dll
- (Address: 0x1800bdcb0)
- (Address: 0x1800bdca0)
- (Address: 0x1800bdcd0)
- (Address: 0x1800bdcc0)
- (Address: 0x1800bdca8)
- (Address: 0x1800bdcb8)
- (Address: 0x1800bdcc8)
credui.dll
- CredPackAuthenticationBufferW (Address: 0x1800be998)
- CredUnPackAuthenticationBufferW (Address: 0x1800be990)
CRYPTSP.dll
- CryptAcquireContextW (Address: 0x1800bdce8)
- CryptDestroyKey (Address: 0x1800bdcf8)
- CryptEncrypt (Address: 0x1800bdd10)
- CryptExportKey (Address: 0x1800bdcf0)
- CryptGenKey (Address: 0x1800bdce0)
- CryptImportKey (Address: 0x1800bdd08)
- CryptReleaseContext (Address: 0x1800bdd00)
Input.dll
- (Address: 0x1800bdd40)
- (Address: 0x1800bdd38)
- (Address: 0x1800bdd30)
- (Address: 0x1800bdd28)
- (Address: 0x1800bdd20)
KERNEL32.dll
- CreateDirectoryW (Address: 0x1800bdda0)
- EnumUILanguagesW (Address: 0x1800bdd78)
- FindClose (Address: 0x1800bdd50)
- FindFirstFileW (Address: 0x1800bdd68)
- FindNextFileW (Address: 0x1800bdd60)
- GetFileAttributesW (Address: 0x1800bdd58)
- GetFullPathNameW (Address: 0x1800bdd70)
- GetModuleFileNameW (Address: 0x1800bdd80)
- GetPrivateProfileSectionW (Address: 0x1800bdd88)
- GetSystemDefaultUILanguage (Address: 0x1800bdd98)
- ResolveLocaleName (Address: 0x1800bdd90)
msvcrt.dll
- __C_specific_handler (Address: 0x1800beb08)
- __CxxFrameHandler3 (Address: 0x1800bea70)
- __dllonexit (Address: 0x1800beab0)
- _amsg_exit (Address: 0x1800bead8)
- _callnewh (Address: 0x1800be9a8)
- _CxxThrowException (Address: 0x1800beb50)
- _get_errno (Address: 0x1800bea18)
- _initterm (Address: 0x1800bead0)
- _lock (Address: 0x1800beac0)
- _onexit (Address: 0x1800beaa8)
- _purecall (Address: 0x1800beb00)
- _set_errno (Address: 0x1800bea20)
- _unlock (Address: 0x1800beab8)
- _vsnprintf (Address: 0x1800be9b8)
- _vsnprintf_s (Address: 0x1800beb10)
- _vsnwprintf (Address: 0x1800beb40)
- _wcsicmp (Address: 0x1800bea00)
- _wcsnicmp (Address: 0x1800be9c0)
- _wtoi (Address: 0x1800be9d8)
- _wtol (Address: 0x1800be9f8)
- _XcptFilter (Address: 0x1800beae0)
- ??_V@YAXPEAX@Z (Address: 0x1800beb48)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800bea10)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800bea68)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800beb18)
- ??0exception@@QEAA@XZ (Address: 0x1800beb20)
- ??1exception@@UEAA@XZ (Address: 0x1800beb28)
- ??1type_info@@UEAA@XZ (Address: 0x1800beaa0)
- ??3@YAXPEAX@Z (Address: 0x1800beb30)
- ?terminate@@YAXXZ (Address: 0x1800beac8)
- ?what@exception@@UEBAPEBDXZ (Address: 0x1800bea80)
- bsearch (Address: 0x1800be9b0)
- free (Address: 0x1800beaf0)
- iswascii (Address: 0x1800bea48)
- iswspace (Address: 0x1800bea30)
- iswupper (Address: 0x1800bea40)
- malloc (Address: 0x1800beae8)
- memcmp (Address: 0x1800bea78)
- memcpy (Address: 0x1800bea58)
- memcpy_s (Address: 0x1800beb38)
- memmove (Address: 0x1800bea60)
- memmove_s (Address: 0x1800bea88)
- memset (Address: 0x1800bea90)
- rand (Address: 0x1800be9e0)
- realloc (Address: 0x1800bea98)
- swprintf_s (Address: 0x1800be9c8)
- toupper (Address: 0x1800be9d0)
- towlower (Address: 0x1800bea38)
- wcschr (Address: 0x1800be9f0)
- wcscmp (Address: 0x1800beb58)
- wcscpy_s (Address: 0x1800beaf8)
- wcscspn (Address: 0x1800bea28)
- wcsrchr (Address: 0x1800bea50)
- wcstok_s (Address: 0x1800be9e8)
- wcstol (Address: 0x1800bea08)
ntdll.dll
- NtClose (Address: 0x1800beba8)
- NtDeviceIoControlFile (Address: 0x1800bebb0)
- NtOpenFile (Address: 0x1800beba0)
- NtQueryInformationToken (Address: 0x1800bebc8)
- NtQueryLicenseValue (Address: 0x1800bebb8)
- NtQueryWnfStateData (Address: 0x1800beb90)
- NtUpdateWnfStateData (Address: 0x1800bebe0)
- RtlAllocateHeap (Address: 0x1800bebd0)
- RtlCanonicalizeDomainName (Address: 0x1800bec18)
- RtlConvertSidToUnicodeString (Address: 0x1800beb80)
- RtlEqualUnicodeString (Address: 0x1800bec10)
- RtlFreeHeap (Address: 0x1800bebc0)
- RtlFreeUnicodeString (Address: 0x1800bec08)
- RtlGetDeviceFamilyInfoEnum (Address: 0x1800bec28)
- RtlGetUILanguageInfo (Address: 0x1800bebd8)
- RtlInitUnicodeString (Address: 0x1800bec20)
- RtlIsMultiSessionSku (Address: 0x1800beb78)
- RtlNtStatusToDosError (Address: 0x1800bebf0)
- RtlpSetPreferredUILanguages (Address: 0x1800bebf8)
- RtlPublishWnfStateData (Address: 0x1800bec00)
- RtlpVerifyAndCommitUILanguageSettings (Address: 0x1800bebe8)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800beb88)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800beb98)
- WinSqmAddToStream (Address: 0x1800bec30)
- WinSqmEndSession (Address: 0x1800beb70)
- WinSqmIncrementDWORD (Address: 0x1800bec38)
- WinSqmSetDWORD (Address: 0x1800bec40)
- WinSqmStartSession (Address: 0x1800beb68)
RPCRT4.dll
- CStdStubBuffer_AddRef (Address: 0x1800bde30)
- CStdStubBuffer_Connect (Address: 0x1800bdde8)
- CStdStubBuffer_CountRefs (Address: 0x1800bde20)
- CStdStubBuffer_DebugServerQueryInterface (Address: 0x1800bde40)
- CStdStubBuffer_DebugServerRelease (Address: 0x1800bde08)
- CStdStubBuffer_Disconnect (Address: 0x1800bde00)
- CStdStubBuffer_Invoke (Address: 0x1800bde60)
- CStdStubBuffer_IsIIDSupported (Address: 0x1800bddf0)
- CStdStubBuffer_QueryInterface (Address: 0x1800bde18)
- IUnknown_AddRef_Proxy (Address: 0x1800bde58)
- IUnknown_QueryInterface_Proxy (Address: 0x1800bddf8)
- IUnknown_Release_Proxy (Address: 0x1800bde28)
- NdrClientCall3 (Address: 0x1800bddb8)
- NdrCStdStubBuffer_Release (Address: 0x1800bde68)
- NdrCStdStubBuffer2_Release (Address: 0x1800bde80)
- NdrDllCanUnloadNow (Address: 0x1800bde70)
- NdrDllGetClassObject (Address: 0x1800bde78)
- NdrOleAllocate (Address: 0x1800bde10)
- NdrOleFree (Address: 0x1800bde38)
- NdrStubCall3 (Address: 0x1800bddc8)
- NdrStubForwardingFunction (Address: 0x1800bdde0)
- RpcBindingFree (Address: 0x1800bde50)
- RpcBindingFromStringBindingW (Address: 0x1800bde48)
- RpcExceptionFilter (Address: 0x1800bddb0)
- RpcStringBindingComposeW (Address: 0x1800bddd8)
- RpcStringFreeW (Address: 0x1800bddd0)
- UuidCreate (Address: 0x1800bddc0)
SHELL32.dll
- (Address: 0x1800bde90)
- ShellExecuteExW (Address: 0x1800bdea8)
- SHGetFolderPathEx (Address: 0x1800bde98)
- SHGetKnownFolderPath (Address: 0x1800bdea0)
SHLWAPI.dll
- (Address: 0x1800bdeb8)
- (Address: 0x1800bdec0)
- (Address: 0x1800bdec8)
- (Address: 0x1800bded8)
- (Address: 0x1800bdee0)
- (Address: 0x1800bdf00)
- (Address: 0x1800bdf08)
- PathAppendW (Address: 0x1800bdf20)
- SHCreateStreamOnFileW (Address: 0x1800bdf18)
- SHDeleteValueW (Address: 0x1800bdee8)
- SHStrDupW (Address: 0x1800bded0)
- StrChrW (Address: 0x1800bdef8)
- StrStrW (Address: 0x1800bdf10)
- StrTrimW (Address: 0x1800bdef0)
USER32.dll
- DefWindowProcW (Address: 0x1800bdf48)
- DestroyWindow (Address: 0x1800bdfc0)
- DispatchMessageW (Address: 0x1800bdfd0)
- ExitWindowsEx (Address: 0x1800bdf50)
- GetForegroundWindow (Address: 0x1800bdfc8)
- GetMessageW (Address: 0x1800bdfa8)
- GetPointerDevices (Address: 0x1800bdfd8)
- GetWindowLongPtrW (Address: 0x1800bdf40)
- KillTimer (Address: 0x1800bdf98)
- LoadCursorW (Address: 0x1800bdf58)
- MsgWaitForMultipleObjectsEx (Address: 0x1800bdf80)
- PeekMessageW (Address: 0x1800bdf78)
- PostMessageW (Address: 0x1800bdf30)
- PostQuitMessage (Address: 0x1800bdf70)
- RegisterDeviceNotificationW (Address: 0x1800bdfa0)
- RegisterWindowMessageW (Address: 0x1800bdf38)
- SetCursor (Address: 0x1800bdf60)
- SetTimer (Address: 0x1800bdfb0)
- SetWindowLongPtrW (Address: 0x1800bdf88)
- TranslateMessage (Address: 0x1800bdf68)
- UnregisterClassA (Address: 0x1800bdfb8)
- UnregisterDeviceNotification (Address: 0x1800bdf90)
USERENV.dll
- (Address: 0x1800bdff0)
- DeleteProfileW (Address: 0x1800be000)
- LoadUserProfileW (Address: 0x1800bdff8)
- UnloadUserProfile (Address: 0x1800bdfe8)
WINBRAND.dll
- EulaFreeBuffer (Address: 0x1800be018)
- GetEULAFile (Address: 0x1800be020)
- GetInstalledEULAPath (Address: 0x1800be010)
- InstallEULA (Address: 0x1800be028)
WinLangdb.dll
- SetUserLanguages (Address: 0x1800be038)