iisw3adm.dll
Description: IIS Web Admin Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3636
Architecture: 64-bit
Operating System: Windows NT
SHA256: b9a8ab591901bccda494888b7241d130
File Size: 583.5 KB
Uploaded At: Dec. 1, 2025, 8:13 a.m.
Views: 12
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x2230)
- ??0?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA@PEBDNKK_N@Z (Ordinal: 2, Address: 0x1a90)
- ??0?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA@PEBDNKK_N@Z (Ordinal: 3, Address: 0x1b40)
- ??0HASH_POOL_HASH@@QEAA@XZ (Ordinal: 4, Address: 0x16a0)
- ??0IPM_MESSAGE_PIPE@@QEAA@AEBV0@@Z (Ordinal: 5, Address: 0x1220)
- ??0POOL_HASH_HASH@@QEAA@XZ (Ordinal: 6, Address: 0x13f0)
- ??1?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA@XZ (Ordinal: 7, Address: 0x1680)
- ??1?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA@XZ (Ordinal: 8, Address: 0x1680)
- ??1HASH_POOL_HASH@@QEAA@XZ (Ordinal: 9, Address: 0x1680)
- ??1POOL_HASH_HASH@@QEAA@XZ (Ordinal: 10, Address: 0x1680)
- ??4CSecurityDispenser@@QEAAAEAV0@AEBV0@@Z (Ordinal: 11, Address: 0x1380)
- ??4IPM_MESSAGE_PIPE@@QEAAAEAV0@AEBV0@@Z (Ordinal: 12, Address: 0x1280)
- ??_7IPM_MESSAGE_PIPE@@6B@ (Ordinal: 13, Address: 0x69010)
- ?AddRefRecord@HASH_POOL_HASH@@SAXPEAVPOOL_HASH_ENTRY@@H@Z (Ordinal: 14, Address: 0x14e0)
- ?AddRefRecord@POOL_HASH_HASH@@SAXPEAVPOOL_HASH_ENTRY@@H@Z (Ordinal: 15, Address: 0x14e0)
- ?Apply@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAAKP6A?AW4LK_ACTION@@PEAVPOOL_HASH_ENTRY@@PEAX@Z1W4LK_LOCKTYPE@@@Z (Ordinal: 16, Address: 0x1970)
- ?Apply@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAAKP6A?AW4LK_ACTION@@PEAVPOOL_HASH_ENTRY@@PEAX@Z1W4LK_LOCKTYPE@@@Z (Ordinal: 17, Address: 0x1970)
- ?ApplyIf@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAAKP6A?AW4LK_PREDICATE@@PEAVPOOL_HASH_ENTRY@@PEAX@ZP6A?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z (Ordinal: 18, Address: 0x1910)
- ?ApplyIf@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAAKP6A?AW4LK_PREDICATE@@PEAVPOOL_HASH_ENTRY@@PEAX@ZP6A?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z (Ordinal: 19, Address: 0x1910)
- ?CalcKeyHash@HASH_POOL_HASH@@SAKPEBUAPP_POOL_HASH@@@Z (Ordinal: 20, Address: 0x1720)
- ?CalcKeyHash@POOL_HASH_HASH@@SAKPEBG@Z (Ordinal: 21, Address: 0x1470)
- ?ClearHash@HASH_POOL_HASH@@SAXPEAV1@@Z (Ordinal: 22, Address: 0x1570)
- ?ClearHash@POOL_HASH_HASH@@SAXPEAV1@@Z (Ordinal: 23, Address: 0x1570)
- ?DeleteIf@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAAKP6A?AW4LK_PREDICATE@@PEAVPOOL_HASH_ENTRY@@PEAX@Z1@Z (Ordinal: 24, Address: 0x18c0)
- ?DeleteIf@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAAKP6A?AW4LK_PREDICATE@@PEAVPOOL_HASH_ENTRY@@PEAX@Z1@Z (Ordinal: 25, Address: 0x18c0)
- ?DeleteKey@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA?AW4LK_RETCODE@@QEBUAPP_POOL_HASH@@@Z (Ordinal: 26, Address: 0x1a50)
- ?DeleteKey@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA?AW4LK_RETCODE@@QEBG@Z (Ordinal: 27, Address: 0x1a50)
- ?DeletePoolHashEntriesAction@HASH_POOL_HASH@@SA?AW4LK_ACTION@@PEAVPOOL_HASH_ENTRY@@PEAX@Z (Ordinal: 28, Address: 0x1540)
- ?DeletePoolHashEntriesAction@POOL_HASH_HASH@@SA?AW4LK_ACTION@@PEAVPOOL_HASH_ENTRY@@PEAX@Z (Ordinal: 29, Address: 0x1540)
- ?DeleteRecord@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA?AW4LK_RETCODE@@PEBVPOOL_HASH_ENTRY@@@Z (Ordinal: 30, Address: 0x1a30)
- ?DeleteRecord@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA?AW4LK_RETCODE@@PEBVPOOL_HASH_ENTRY@@@Z (Ordinal: 31, Address: 0x1a30)
- ?EqualKeys@HASH_POOL_HASH@@SA_NPEBUAPP_POOL_HASH@@0@Z (Ordinal: 32, Address: 0x1740)
- ?EqualKeys@POOL_HASH_HASH@@SA_NPEBG0@Z (Ordinal: 33, Address: 0x14b0)
- ?EqualRange@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA_NQEBUAPP_POOL_HASH@@AEAViterator@1@1@Z (Ordinal: 34, Address: 0x1780)
- ?EqualRange@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA_NQEBGAEAViterator@1@1@Z (Ordinal: 35, Address: 0x1780)
- ?Erase@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA_NAEAViterator@1@0@Z (Ordinal: 36, Address: 0x17c0)
- ?Erase@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA_NAEAViterator@1@@Z (Ordinal: 37, Address: 0x17e0)
- ?Erase@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA_NAEAViterator@1@0@Z (Ordinal: 38, Address: 0x17c0)
- ?Erase@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA_NAEAViterator@1@@Z (Ordinal: 39, Address: 0x17e0)
- ?ExtractKey@HASH_POOL_HASH@@SAPEBUAPP_POOL_HASH@@PEBVPOOL_HASH_ENTRY@@@Z (Ordinal: 40, Address: 0x1710)
- ?ExtractKey@POOL_HASH_HASH@@SAPEBGPEBVPOOL_HASH_ENTRY@@@Z (Ordinal: 41, Address: 0x1460)
- ?Find@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA_NQEBUAPP_POOL_HASH@@AEAViterator@1@@Z (Ordinal: 42, Address: 0x17a0)
- ?Find@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA_NQEBGAEAViterator@1@@Z (Ordinal: 43, Address: 0x17a0)
- ?FindKey@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEBA?AW4LK_RETCODE@@QEBUAPP_POOL_HASH@@PEAPEAVPOOL_HASH_ENTRY@@@Z (Ordinal: 44, Address: 0x19e0)
- ?FindKey@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEBA?AW4LK_RETCODE@@QEBGPEAPEAVPOOL_HASH_ENTRY@@@Z (Ordinal: 45, Address: 0x19e0)
- ?FindRecord@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEBA?AW4LK_RETCODE@@PEBVPOOL_HASH_ENTRY@@@Z (Ordinal: 46, Address: 0x19c0)
- ?FindRecord@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEBA?AW4LK_RETCODE@@PEBVPOOL_HASH_ENTRY@@@Z (Ordinal: 47, Address: 0x19c0)
- HostedW3SVCStart (Ordinal: 48, Address: 0x2390)
- HostedW3SVCStop (Ordinal: 49, Address: 0x28b0)
- ?Insert@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA_NPEBVPOOL_HASH_ENTRY@@AEAViterator@1@_N@Z (Ordinal: 50, Address: 0x1800)
- ?Insert@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA_NPEBVPOOL_HASH_ENTRY@@AEAViterator@1@_N@Z (Ordinal: 51, Address: 0x1800)
- ?InsertRecord@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA?AW4LK_RETCODE@@PEBVPOOL_HASH_ENTRY@@_N@Z (Ordinal: 52, Address: 0x1a70)
- ?InsertRecord@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA?AW4LK_RETCODE@@PEBVPOOL_HASH_ENTRY@@_N@Z (Ordinal: 53, Address: 0x1a70)
- ?QueryState@HTTP_WRAPPER@@QEBA?AW4HTTP_WRAPPER_STATE@@XZ (Ordinal: 54, Address: 0x13e0)
- ?_Action@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@CA?AW4LK_ACTION@@PEBXPEAX@Z (Ordinal: 55, Address: 0x1b00)
- ?_Action@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@CA?AW4LK_ACTION@@PEBXPEAX@Z (Ordinal: 56, Address: 0x1b00)
- ?_AddRefRecord@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@CAXPEBXH@Z (Ordinal: 57, Address: 0x14e0)
- ?_AddRefRecord@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@CAXPEBXH@Z (Ordinal: 58, Address: 0x14e0)
- ?_CalcKeyHash@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@CAK_K@Z (Ordinal: 59, Address: 0x1720)
- ?_CalcKeyHash@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@CAK_K@Z (Ordinal: 60, Address: 0x1470)
- ?_EqualKeys@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@CA_N_K0@Z (Ordinal: 61, Address: 0x1740)
- ?_EqualKeys@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@CA_N_K0@Z (Ordinal: 62, Address: 0x14b0)
- ?_ExtractKey@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@CA?B_KPEBX@Z (Ordinal: 63, Address: 0x1710)
- ?_ExtractKey@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@CA?B_KPEBX@Z (Ordinal: 64, Address: 0x1460)
- ?_Pred@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@CA?AW4LK_PREDICATE@@PEBXPEAX@Z (Ordinal: 65, Address: 0x1b20)
- ?_Pred@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@CA?AW4LK_PREDICATE@@PEBXPEAX@Z (Ordinal: 66, Address: 0x1b20)
- ?begin@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA?AViterator@1@XZ (Ordinal: 67, Address: 0x1870)
- ?begin@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA?AViterator@1@XZ (Ordinal: 68, Address: 0x1870)
- ?end@?$CTypedHashTable@VHASH_POOL_HASH@@VPOOL_HASH_ENTRY@@PEBUAPP_POOL_HASH@@VCLKRHashTable@@@@QEAA?AViterator@1@XZ (Ordinal: 69, Address: 0x1820)
- ?end@?$CTypedHashTable@VPOOL_HASH_HASH@@VPOOL_HASH_ENTRY@@PEBGVCLKRHashTable@@@@QEAA?AViterator@1@XZ (Ordinal: 70, Address: 0x1820)
- DllRegisterServer (Ordinal: 71, Address: 0x2b80)
- DllUnregisterServer (Ordinal: 72, Address: 0x2ba0)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CoCreateInstance (Address: 0x18006a070)
- CoFreeUnusedLibrariesEx (Address: 0x18006a050)
- CoInitializeEx (Address: 0x18006a068)
- CoInitializeSecurity (Address: 0x18006a030)
- CoRegisterClassObject (Address: 0x18006a040)
- CoRevokeClassObject (Address: 0x18006a048)
- CoTaskMemAlloc (Address: 0x18006a038)
- CoTaskMemFree (Address: 0x18006a060)
- CoUninitialize (Address: 0x18006a058)
api-ms-win-core-debug-l1-1-0.dll
- OutputDebugStringA (Address: 0x18006a088)
- OutputDebugStringW (Address: 0x18006a080)
api-ms-win-core-debug-l1-1-1.dll
- CheckRemoteDebuggerPresent (Address: 0x18006a098)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18006a0a8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18006a0b8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18006a0c8)
- SetLastError (Address: 0x18006a0d8)
- SetUnhandledExceptionFilter (Address: 0x18006a0e0)
- UnhandledExceptionFilter (Address: 0x18006a0d0)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x18006a108)
- CreateFileW (Address: 0x18006a128)
- DeleteFileW (Address: 0x18006a120)
- GetFileAttributesW (Address: 0x18006a118)
- GetTempFileNameW (Address: 0x18006a0f0)
- ReadFile (Address: 0x18006a100)
- RemoveDirectoryW (Address: 0x18006a0f8)
- SetEndOfFile (Address: 0x18006a138)
- SetFileAttributesW (Address: 0x18006a130)
- WriteFile (Address: 0x18006a110)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x18006a148)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18006a160)
- DuplicateHandle (Address: 0x18006a158)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18006a188)
- HeapAlloc (Address: 0x18006a170)
- HeapFree (Address: 0x18006a178)
- HeapReAlloc (Address: 0x18006a180)
api-ms-win-core-heap-l2-1-0.dll
- GlobalAlloc (Address: 0x18006a1a0)
- GlobalFree (Address: 0x18006a1b0)
- LocalAlloc (Address: 0x18006a198)
- LocalFree (Address: 0x18006a1a8)
api-ms-win-core-io-l1-1-0.dll
- CreateIoCompletionPort (Address: 0x18006a1d0)
- GetQueuedCompletionStatus (Address: 0x18006a1c0)
- PostQueuedCompletionStatus (Address: 0x18006a1c8)
api-ms-win-core-job-l2-1-0.dll
- AssignProcessToJobObject (Address: 0x18006a1f0)
- CreateJobObjectW (Address: 0x18006a1e0)
- QueryInformationJobObject (Address: 0x18006a1e8)
- SetInformationJobObject (Address: 0x18006a1f8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- CreateFileMappingA (Address: 0x18006a220)
- GetComputerNameW (Address: 0x18006a218)
- RegisterWaitForSingleObject (Address: 0x18006a210)
- UnregisterWait (Address: 0x18006a208)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
- GetNumaAvailableMemoryNodeEx (Address: 0x18006a230)
- SetDllDirectoryW (Address: 0x18006a238)
api-ms-win-core-kernel32-legacy-l1-1-2.dll
- OpenFileMappingA (Address: 0x18006a248)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18006a260)
- FreeLibrary (Address: 0x18006a280)
- GetModuleFileNameW (Address: 0x18006a268)
- GetModuleHandleW (Address: 0x18006a270)
- GetProcAddress (Address: 0x18006a258)
- LoadLibraryExW (Address: 0x18006a278)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x18006a290)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x18006a2a8)
- MapViewOfFile (Address: 0x18006a2a0)
- OpenFileMappingW (Address: 0x18006a2b0)
- UnmapViewOfFile (Address: 0x18006a2b8)
api-ms-win-core-normalization-l1-1-0.dll
- IdnToNameprepUnicode (Address: 0x18006a2c8)
api-ms-win-core-perfcounters-l1-1-0.dll
- PerfCreateInstance (Address: 0x18006a2e0)
- PerfDeleteInstance (Address: 0x18006a2e8)
- PerfSetCounterRefValue (Address: 0x18006a300)
- PerfSetCounterSetInfo (Address: 0x18006a2f8)
- PerfSetULongLongCounterValue (Address: 0x18006a2f0)
- PerfStartProvider (Address: 0x18006a308)
- PerfStopProvider (Address: 0x18006a2d8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18006a318)
- FreeEnvironmentStringsW (Address: 0x18006a320)
- GetEnvironmentStringsW (Address: 0x18006a328)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18006a380)
- CreateProcessW (Address: 0x18006a398)
- CreateThread (Address: 0x18006a388)
- DeleteProcThreadAttributeList (Address: 0x18006a358)
- GetCurrentProcess (Address: 0x18006a390)
- GetCurrentProcessId (Address: 0x18006a3a0)
- GetCurrentThread (Address: 0x18006a368)
- GetCurrentThreadId (Address: 0x18006a338)
- GetExitCodeProcess (Address: 0x18006a378)
- GetExitCodeThread (Address: 0x18006a350)
- InitializeProcThreadAttributeList (Address: 0x18006a3b0)
- OpenProcessToken (Address: 0x18006a370)
- ResumeThread (Address: 0x18006a340)
- SetThreadPriority (Address: 0x18006a360)
- TerminateProcess (Address: 0x18006a3a8)
- UpdateProcThreadAttribute (Address: 0x18006a348)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18006a3c0)
api-ms-win-core-processtopology-private-l1-1-0.dll
- SetProcessGroupAffinity (Address: 0x18006a3d0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18006a3e0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18006a410)
- RegCreateKeyExW (Address: 0x18006a418)
- RegDeleteKeyExW (Address: 0x18006a428)
- RegEnumKeyExW (Address: 0x18006a3f0)
- RegNotifyChangeKeyValue (Address: 0x18006a3f8)
- RegOpenKeyExW (Address: 0x18006a408)
- RegQueryValueExW (Address: 0x18006a400)
- RegSetKeySecurity (Address: 0x18006a420)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18006a490)
- AcquireSRWLockShared (Address: 0x18006a4b0)
- CreateEventA (Address: 0x18006a460)
- CreateEventW (Address: 0x18006a458)
- CreateMutexA (Address: 0x18006a450)
- DeleteCriticalSection (Address: 0x18006a468)
- EnterCriticalSection (Address: 0x18006a480)
- InitializeCriticalSection (Address: 0x18006a440)
- InitializeCriticalSectionAndSpinCount (Address: 0x18006a470)
- InitializeSRWLock (Address: 0x18006a448)
- LeaveCriticalSection (Address: 0x18006a478)
- ReleaseMutex (Address: 0x18006a4a0)
- ReleaseSRWLockExclusive (Address: 0x18006a488)
- ReleaseSRWLockShared (Address: 0x18006a498)
- ResetEvent (Address: 0x18006a4b8)
- SetEvent (Address: 0x18006a4a8)
- WaitForSingleObject (Address: 0x18006a438)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18006a4c8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLogicalProcessorInformationEx (Address: 0x18006a4d8)
- GetSystemDirectoryW (Address: 0x18006a500)
- GetSystemInfo (Address: 0x18006a4e8)
- GetSystemTimeAsFileTime (Address: 0x18006a4f0)
- GetTickCount (Address: 0x18006a4f8)
- GetVersionExW (Address: 0x18006a4e0)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpool (Address: 0x18006a518)
- CloseThreadpoolCleanupGroup (Address: 0x18006a588)
- CloseThreadpoolCleanupGroupMembers (Address: 0x18006a580)
- CloseThreadpoolIo (Address: 0x18006a540)
- CloseThreadpoolTimer (Address: 0x18006a528)
- CreateThreadpool (Address: 0x18006a558)
- CreateThreadpoolCleanupGroup (Address: 0x18006a570)
- CreateThreadpoolIo (Address: 0x18006a550)
- CreateThreadpoolTimer (Address: 0x18006a510)
- SetThreadpoolThreadMaximum (Address: 0x18006a560)
- SetThreadpoolThreadMinimum (Address: 0x18006a568)
- SetThreadpoolTimer (Address: 0x18006a520)
- StartThreadpoolIo (Address: 0x18006a548)
- TrySubmitThreadpoolCallback (Address: 0x18006a578)
- WaitForThreadpoolIoCallbacks (Address: 0x18006a538)
- WaitForThreadpoolTimerCallbacks (Address: 0x18006a530)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- CreateTimerQueueTimer (Address: 0x18006a598)
- DeleteTimerQueueTimer (Address: 0x18006a5a0)
- UnregisterWaitEx (Address: 0x18006a5a8)
api-ms-win-core-wow64-l1-1-1.dll
- GetSystemWow64DirectoryW (Address: 0x18006a5b8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x18006a5c8)
- EventSetInformation (Address: 0x18006a5d0)
- EventUnregister (Address: 0x18006a5d8)
- EventWriteTransfer (Address: 0x18006a5e0)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAce (Address: 0x18006a658)
- AllocateAndInitializeSid (Address: 0x18006a620)
- AllocateLocallyUniqueId (Address: 0x18006a608)
- CopySid (Address: 0x18006a628)
- CreateRestrictedToken (Address: 0x18006a650)
- CreateWellKnownSid (Address: 0x18006a630)
- DuplicateTokenEx (Address: 0x18006a5f8)
- EqualSid (Address: 0x18006a610)
- FreeSid (Address: 0x18006a660)
- GetLengthSid (Address: 0x18006a638)
- GetSecurityDescriptorDacl (Address: 0x18006a640)
- GetTokenInformation (Address: 0x18006a618)
- InitializeAcl (Address: 0x18006a648)
- InitializeSecurityDescriptor (Address: 0x18006a668)
- IsValidSid (Address: 0x18006a600)
- SetSecurityDescriptorDacl (Address: 0x18006a670)
- SetTokenInformation (Address: 0x18006a5f0)
api-ms-win-security-logon-l1-1-0.dll
- LogonUserExW (Address: 0x18006a680)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupAccountNameW (Address: 0x18006a690)
api-ms-win-security-lsalookup-l2-1-1.dll
- LsaManageSidNameMapping (Address: 0x18006a6a0)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaAddAccountRights (Address: 0x18006a6b0)
- LsaClose (Address: 0x18006a6c8)
- LsaFreeMemory (Address: 0x18006a6b8)
- LsaOpenPolicy (Address: 0x18006a6c0)
api-ms-win-security-provider-l1-1-0.dll
- GetSecurityInfo (Address: 0x18006a6d8)
- SetEntriesInAclW (Address: 0x18006a6e8)
- SetNamedSecurityInfoW (Address: 0x18006a6e0)
- SetSecurityInfo (Address: 0x18006a6f0)
api-ms-win-service-core-l1-1-0.dll
- SetServiceStatus (Address: 0x18006a700)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x18006a720)
- OpenSCManagerW (Address: 0x18006a728)
- OpenServiceW (Address: 0x18006a710)
- StartServiceW (Address: 0x18006a718)
api-ms-win-service-winsvc-l1-1-0.dll
- ControlService (Address: 0x18006a740)
- QueryServiceStatus (Address: 0x18006a748)
- RegisterServiceCtrlHandlerW (Address: 0x18006a738)
bcrypt.dll
- BCryptCreateHash (Address: 0x18006a758)
- BCryptDestroyHash (Address: 0x18006a768)
- BCryptFinishHash (Address: 0x18006a770)
- BCryptHashData (Address: 0x18006a760)
DNSAPI.dll
- GetCurrentTimeInSeconds (Address: 0x180069f78)
iisutil.dll
- ??0ALLOC_CACHE_HANDLER@@QEAA@PEBDPEBUALLOC_CACHE_CONFIGURATION@@H@Z (Address: 0x18006ab00)
- ??0BUFFER@@QEAA@XZ (Address: 0x18006a878)
- ??0CLKRHashTable_Iterator@@QEAA@AEBV0@@Z (Address: 0x18006a818)
- ??0CLKRHashTable@@QEAA@PEBDP6A?B_KPEBX@ZP6AK_K@ZP6A_N33@ZP6AX1H@ZNKK_N@Z (Address: 0x18006a810)
- ??0CSecurityDispenser@@QEAA@XZ (Address: 0x18006a898)
- ??0EVENT_LOG@@QEAA@PEBG@Z (Address: 0x18006a860)
- ??0MULTISZ@@QEAA@PEBG@Z (Address: 0x18006aa98)
- ??0MULTISZ@@QEAA@XZ (Address: 0x18006a908)
- ??0STRA@@QEAA@PEADK@Z (Address: 0x18006a780)
- ??0STRA@@QEAA@XZ (Address: 0x18006a9b8)
- ??0STRU@@QEAA@PEAGK@Z (Address: 0x18006ab10)
- ??0STRU@@QEAA@XZ (Address: 0x18006a868)
- ??1ALLOC_CACHE_HANDLER@@QEAA@XZ (Address: 0x18006ab08)
- ??1BUFFER@@QEAA@XZ (Address: 0x18006a870)
- ??1CLKRHashTable_Iterator@@QEAA@XZ (Address: 0x18006a828)
- ??1CLKRHashTable@@QEAA@XZ (Address: 0x18006a808)
- ??1CSecurityDispenser@@QEAA@XZ (Address: 0x18006a8a0)
- ??1CSmallSpinLock@@QEAA@XZ (Address: 0x18006a890)
- ??1IPM_MESSAGE_PIPE@@EEAA@XZ (Address: 0x18006a788)
- ??1MULTISZ@@QEAA@XZ (Address: 0x18006a910)
- ??1STRA@@QEAA@XZ (Address: 0x18006a888)
- ??1STRU@@QEAA@XZ (Address: 0x18006a820)
- ??9CLKRHashTable_Iterator@@QEBA_NAEBV0@@Z (Address: 0x18006a9e0)
- ?AdjustTokenForAdministrators@CSecurityDispenser@@QEAAKPEAX@Z (Address: 0x18006aaa8)
- ?Alloc@ALLOC_CACHE_HANDLER@@QEAAPEAXXZ (Address: 0x18006aae0)
- ?Append@MULTISZ@@QEAAHAEAVSTRU@@@Z (Address: 0x18006aad8)
- ?Append@MULTISZ@@QEAAHPEBG@Z (Address: 0x18006a920)
- ?Append@STRA@@QEAAJPEBD@Z (Address: 0x18006a9c0)
- ?Append@STRU@@QEAAJAEBV1@@Z (Address: 0x18006aa18)
- ?Append@STRU@@QEAAJG@Z (Address: 0x18006a968)
- ?Append@STRU@@QEAAJPEBG@Z (Address: 0x18006a8b8)
- ?Append@STRU@@QEAAJPEBGK@Z (Address: 0x18006aad0)
- ?AppendW@STRA@@QEAAJPEBG@Z (Address: 0x18006a9c8)
- ?Apply@CLKRHashTable@@QEAAKP6A?AW4LK_ACTION@@PEBXPEAX@Z1W4LK_LOCKTYPE@@@Z (Address: 0x18006a7d8)
- ?ApplyIf@CLKRHashTable@@QEAAKP6A?AW4LK_PREDICATE@@PEBXPEAX@ZP6A?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z (Address: 0x18006a7d0)
- ?Begin@CLKRHashTable@@QEAA?AVCLKRHashTable_Iterator@@XZ (Address: 0x18006a7b8)
- ?Clear@CLKRHashTable@@QEAAXXZ (Address: 0x18006a8f0)
- ?Clone@MULTISZ@@QEBAHPEAV1@@Z (Address: 0x18006aab0)
- ?Copy@MULTISZ@@QEAAHAEBV1@@Z (Address: 0x18006a958)
- ?Copy@STRU@@QEAAJAEBV1@@Z (Address: 0x18006a978)
- ?Copy@STRU@@QEAAJPEBG@Z (Address: 0x18006a8a8)
- ?Copy@STRU@@QEAAJPEBGK@Z (Address: 0x18006a950)
- ?Copy@STRU@@QEAAJPEBV1@@Z (Address: 0x18006a9a8)
- ?CreateIpmMessagePipe@IPM_MESSAGE_PIPE@@SAJPEAVIPM_MESSAGE_ACCEPTOR@@PEBGHPEAU_SECURITY_ATTRIBUTES@@PEAPEAV1@@Z (Address: 0x18006aa48)
- ?DeleteIf@CLKRHashTable@@QEAAKP6A?AW4LK_PREDICATE@@PEBXPEAX@Z1@Z (Address: 0x18006a7c8)
- ?DeleteKey@CLKRHashTable@@QEAA?AW4LK_RETCODE@@_K@Z (Address: 0x18006a7f8)
- ?DeleteRecord@CLKRHashTable@@QEAA?AW4LK_RETCODE@@PEBX@Z (Address: 0x18006a7f0)
- ?DestroyIpmMessagePipe@IPM_MESSAGE_PIPE@@QEAAXXZ (Address: 0x18006aa58)
- ?End@CLKRHashTable@@QEAA?AVCLKRHashTable_Iterator@@XZ (Address: 0x18006a830)
- ?EqualRange@CLKRHashTable@@QEAA_N_KAEAVCLKRHashTable_Iterator@@1@Z (Address: 0x18006a790)
- ?Equals@MULTISZ@@QEAAHPEAV1@@Z (Address: 0x18006aac0)
- ?Equals@STRA@@QEBA_NAEBV1@@Z (Address: 0x18006a930)
- ?Equals@STRU@@QEBA_NAEBV1@@Z (Address: 0x18006aab8)
- ?EqualsNoCase@STRU@@QEBA_NAEBV1@@Z (Address: 0x18006a988)
- ?EqualsNoCase@STRU@@QEBA_NPEBG@Z (Address: 0x18006a9d0)
- ?Erase@CLKRHashTable@@QEAA_NAEAVCLKRHashTable_Iterator@@@Z (Address: 0x18006a7a0)
- ?Erase@CLKRHashTable@@QEAA_NAEAVCLKRHashTable_Iterator@@0@Z (Address: 0x18006a7a8)
- ?FastAppend@MULTISZ@@QEAAHPEBG@Z (Address: 0x18006a9b0)
- ?Find@CLKRHashTable@@QEAA_N_KAEAVCLKRHashTable_Iterator@@@Z (Address: 0x18006a798)
- ?FindKey@CLKRHashTable@@QEBA?AW4LK_RETCODE@@_KPEAPEBX@Z (Address: 0x18006a7e8)
- ?FindRecord@CLKRHashTable@@QEBA?AW4LK_RETCODE@@PEBX@Z (Address: 0x18006a7e0)
- ?FindStringNoCase@MULTISZ@@QEAAHPEBG@Z (Address: 0x18006ab18)
- ?First@MULTISZ@@QEBAPEBGXZ (Address: 0x18006a948)
- ?Free@ALLOC_CACHE_HANDLER@@QEAAHPEAX@Z (Address: 0x18006a880)
- ?GetIisIusrsSID@CSecurityDispenser@@QEAAKPEAPEAX@Z (Address: 0x18006a8e8)
- ?GetLocalGroupSID@CSecurityDispenser@@QEAAKPEAPEAX@Z (Address: 0x18006a8e0)
- ?GetSID@CSecurityDispenser@@QEAAKW4WELL_KNOWN_SID_TYPE@@PEAPEAX@Z (Address: 0x18006a8c0)
- ?GetStringizedIpmOpcode@IPM_MESSAGE_PIPE@@SAPEBGW4IPM_OPCODE@@@Z (Address: 0x18006aa30)
- ?Increment@CLKRHashTable_Iterator@@QEAA_NXZ (Address: 0x18006a9e8)
- ?Insert@CLKRHashTable@@QEAA_NPEBXAEAVCLKRHashTable_Iterator@@_N@Z (Address: 0x18006a7b0)
- ?InsertRecord@CLKRHashTable@@QEAA?AW4LK_RETCODE@@PEBX_N@Z (Address: 0x18006a800)
- ?IsValid@CLKRHashTable@@QEBA_NXZ (Address: 0x18006aa20)
- ?LogEvent@EVENT_LOG@@QEAAXKGQEAPEBGK@Z (Address: 0x18006a900)
- ?ReadLock@CReaderWriterLock3@@QEAAXXZ (Address: 0x18006a990)
- ?ReadUnlock@CReaderWriterLock3@@QEAAXXZ (Address: 0x18006a998)
- ?Record@CLKRHashTable_Iterator@@QEBAPEBXXZ (Address: 0x18006a9d8)
- ?Reset@MULTISZ@@QEAAXXZ (Address: 0x18006aac8)
- ?Resize@BUFFER@@QEAA_NK@Z (Address: 0x18006a8d8)
- ?Resize@STRA@@QEAAJK@Z (Address: 0x18006a928)
- ?Resize@STRU@@QEAAJK@Z (Address: 0x18006a9a0)
- ?SetLen@STRU@@QEAA_NK@Z (Address: 0x18006a940)
- ?Size@CLKRHashTable@@QEBAKXZ (Address: 0x18006a7c0)
- ?SyncWithBuffer@STRU@@QEAAXXZ (Address: 0x18006aa28)
- ?WriteLock@CReaderWriterLock3@@QEAAXXZ (Address: 0x18006a970)
- ?WriteLock@CSmallSpinLock@@QEAAXXZ (Address: 0x18006aaf0)
- ?WriteMessage@IPM_MESSAGE_PIPE@@QEAAJW4IPM_OPCODE@@KPEAX@Z (Address: 0x18006aa60)
- ?WriteUnlock@CReaderWriterLock3@@QEAAXXZ (Address: 0x18006a980)
- ?WriteUnlock@CSmallSpinLock@@QEAAXXZ (Address: 0x18006aaf8)
- AllocateAndCreateWellKnownSid (Address: 0x18006a9f0)
- CreateSubkey (Address: 0x18006aa68)
- DisableTokenBackupPrivilege (Address: 0x18006aae8)
- DupTokenAddAccess (Address: 0x18006aa00)
- FreeSecurityAttributes (Address: 0x18006aa50)
- FreeTokenUserSID (Address: 0x18006aa10)
- FreeWellKnownSid (Address: 0x18006aa08)
- GenerateNameWithGUID (Address: 0x18006aa40)
- GetSecurityAttributesForSid (Address: 0x18006aa38)
- GetTokenSID (Address: 0x18006aaa0)
- GetTokenUserSID (Address: 0x18006a9f8)
- HandleKeyGeneration (Address: 0x18006aa80)
- HandleMigration (Address: 0x18006aa78)
- InitializeIISUtil (Address: 0x18006a8b0)
- IsPathUnc (Address: 0x18006a960)
- IsStringEqualOrdinalIgnoreCase (Address: 0x18006a938)
- MakeAllProcessHeapsLFH (Address: 0x18006aa88)
- PuCreateDebugPrintsObject (Address: 0x18006a838)
- PuDbgPrint (Address: 0x18006a848)
- PuDbgPrintError (Address: 0x18006a850)
- PuDeleteDebugPrintsObject (Address: 0x18006a858)
- PuLoadDebugFlagsFromRegStr (Address: 0x18006a840)
- ReadDwordParameterValueFromAnyService (Address: 0x18006a8c8)
- ReadMultiStringParameterValueFromAnyService (Address: 0x18006a918)
- ReadStringParameterValueFromAnyService (Address: 0x18006a8d0)
- SetExplicitAccessSettings (Address: 0x18006aa90)
- SetStringParameterValueInAnyService (Address: 0x18006aa70)
- TerminateIISUtil (Address: 0x18006a8f8)
logoncli.dll
- NetGetDCName (Address: 0x18006ab28)
- NetIsServiceAccount (Address: 0x18006ab30)
msvcrt.dll
- __C_specific_handler (Address: 0x18006ac08)
- __CxxFrameHandler3 (Address: 0x18006ac40)
- __dllonexit (Address: 0x18006ab50)
- _amsg_exit (Address: 0x18006ab58)
- _callnewh (Address: 0x18006ab68)
- _i64tow_s (Address: 0x18006aba0)
- _initterm (Address: 0x18006ac68)
- _lock (Address: 0x18006ab40)
- _ltow_s (Address: 0x18006ab90)
- _onexit (Address: 0x18006ab78)
- _purecall (Address: 0x18006ac48)
- _ultow (Address: 0x18006ac50)
- _ultow_s (Address: 0x18006aba8)
- _unlock (Address: 0x18006ab48)
- _vsnprintf (Address: 0x18006abf0)
- _vsnwprintf (Address: 0x18006ac18)
- _wcsicmp (Address: 0x18006ab98)
- _wcslwr_s (Address: 0x18006abb8)
- _wcsnicmp (Address: 0x18006ac28)
- _wcsupr (Address: 0x18006ab88)
- _XcptFilter (Address: 0x18006ab60)
- ?terminate@@YAXXZ (Address: 0x18006ac10)
- free (Address: 0x18006ac00)
- malloc (Address: 0x18006abf8)
- memcmp (Address: 0x18006ac38)
- memcpy (Address: 0x18006abd0)
- memcpy_s (Address: 0x18006abd8)
- memmove (Address: 0x18006abc8)
- memset (Address: 0x18006ac60)
- swprintf_s (Address: 0x18006abe0)
- wcscat_s (Address: 0x18006abc0)
- wcschr (Address: 0x18006ac30)
- wcscmp (Address: 0x18006ac70)
- wcscpy_s (Address: 0x18006ac20)
- wcsncmp (Address: 0x18006abe8)
- wcsncpy_s (Address: 0x18006ab80)
- wcsrchr (Address: 0x18006ac58)
- wcsstr (Address: 0x18006ab70)
- wcstoul (Address: 0x18006abb0)
nativerd.dll
- CreateNativeConfigurationSystem (Address: 0x18006ac90)
- GetDefaultNativeConfigurationSystem (Address: 0x18006ac98)
- InitializeNativeConfiguration (Address: 0x18006ac88)
- TerminateNativeConfiguration (Address: 0x18006ac80)
ntdll.dll
- NtQuerySystemInformation (Address: 0x18006ad18)
- RtlCaptureContext (Address: 0x18006acc8)
- RtlDeregisterWaitEx (Address: 0x18006ad08)
- RtlExpandEnvironmentStrings_U (Address: 0x18006acf8)
- RtlInitializeSid (Address: 0x18006aca8)
- RtlInitUnicodeString (Address: 0x18006acf0)
- RtlInitUnicodeStringEx (Address: 0x18006ad00)
- RtlIpv4StringToAddressW (Address: 0x18006acd0)
- RtlLengthRequiredSid (Address: 0x18006acb0)
- RtlLookupFunctionEntry (Address: 0x18006acc0)
- RtlNtStatusToDosError (Address: 0x18006ace8)
- RtlRegisterWait (Address: 0x18006ad10)
- RtlSubAuthoritySid (Address: 0x18006ad20)
- RtlVirtualUnwind (Address: 0x18006acb8)
- WinSqmSetDWORD (Address: 0x18006ace0)
- WinSqmSetDWORD64 (Address: 0x18006acd8)
OLEAUT32.dll
- GetErrorInfo (Address: 0x180069f88)
- SysAllocString (Address: 0x180069fa8)
- SysFreeString (Address: 0x180069f98)
- VariantClear (Address: 0x180069fa0)
- VariantInit (Address: 0x180069f90)
SspiCli.dll
- LogonUserExExW (Address: 0x180069fb8)
- LsaFreeReturnBuffer (Address: 0x180069fc0)
W3TP.dll
- ThreadPoolInitialize (Address: 0x180069fe0)
- ThreadPoolSetInfo (Address: 0x180069fd8)
- ThreadPoolTerminate (Address: 0x180069fd0)
WS2_32.dll
- GetNameInfoW (Address: 0x18006a000)
- WSACleanup (Address: 0x18006a008)
- WSAGetLastError (Address: 0x180069ff8)
- WSAStartup (Address: 0x180069ff0)
XmlLite.dll
- CreateXmlReader (Address: 0x18006a020)
- CreateXmlWriter (Address: 0x18006a018)