efscore.dll

Description: EFS Core Library

Version: 10.0.19041.6328

Architecture: 64-bit

Operating System: Windows NT

SHA256: 7b0862900f4f06ffefb39f77f3add143

File Size: 1.1 MB

Uploaded At: Dec. 1, 2025, 7:27 a.m.

Views: 10

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

EfsDllDplAppKeyCachingFeatureEnabled (Ordinal: 1, Address: 0xd800)
EdpDllAllowFileAccessForProcess (Ordinal: 2, Address: 0x41080)
EdpDllCredSvcControl (Ordinal: 3, Address: 0xcba0)
EdpDllCredentialCreate (Ordinal: 4, Address: 0xc030)
EdpDllCredentialDelete (Ordinal: 5, Address: 0xc310)
EdpDllCredentialExists (Ordinal: 6, Address: 0xc210)
EdpDllCredentialQuery (Ordinal: 7, Address: 0xc120)
EdpDllDplUpgradePinInfo (Ordinal: 8, Address: 0xcb30)
EdpDllDplUpgradeVerifyUser (Ordinal: 9, Address: 0xcb50)
EdpDllDplUserCredentialsSet (Ordinal: 10, Address: 0xcb70)
EdpDllDplUserUnlockComplete (Ordinal: 11, Address: 0xcb90)
EdpDllDplUserUnlockStart (Ordinal: 12, Address: 0xcb90)
EdpDllGetCredServiceState (Ordinal: 13, Address: 0xc970)
EdpDllGetLockSessionUnwrappedKey (Ordinal: 14, Address: 0xc730)
EdpDllGetLockSessionWrappedKey (Ordinal: 15, Address: 0xc6c0)
EdpDllGetTfaCache (Ordinal: 16, Address: 0x41d20)
EdpDllPurgeAppLearningEvents (Ordinal: 17, Address: 0x449b0)
EdpDllQueryDplEnforcedPolicyOwnerIds (Ordinal: 18, Address: 0xc5e0)
EdpDllQueryRevokedPolicyOwnerIds (Ordinal: 19, Address: 0xc4f0)
EdpDllQueueFileForEncryption (Ordinal: 20, Address: 0x3dee0)
EdpDllRmsClearKeys (Ordinal: 21, Address: 0xccf0)
EdpDllRmsContainerizeFile (Ordinal: 22, Address: 0xcd10)
EdpDllRmsDecontainerizeFile (Ordinal: 23, Address: 0xd3c0)
EdpDllRmsGetContainerIdentity (Ordinal: 24, Address: 0xd0b0)
EdpDllServiceFileEncryptionQueue (Ordinal: 25, Address: 0x3e050)
EdpWriteAppLearningLog (Ordinal: 26, Address: 0x449d0)
EdpWriteSiteLearningLog (Ordinal: 27, Address: 0x44ba0)
EfsDllAddUsersToFileSrv (Ordinal: 28, Address: 0xace0)
EfsDllAllocateHeap (Ordinal: 29, Address: 0xbef0)
EfsDllCheckFileAccess (Ordinal: 30, Address: 0xd680)
EfsDllCloseFileRaw (Ordinal: 31, Address: 0xa3e0)
EfsDllConstructEFS (Ordinal: 32, Address: 0xb130)
EfsDllDecryptFek (Ordinal: 33, Address: 0xbd10)
EfsDllDecryptFileSrv (Ordinal: 34, Address: 0xaa10)
EfsDllDisabled (Ordinal: 35, Address: 0xa4e0)
EfsDllDuplicateEncryptionInfoFileSrv (Ordinal: 36, Address: 0xae10)
EfsDllEncryptFileSrv (Ordinal: 37, Address: 0xaa00)
EfsDllErrorToNtStatus (Ordinal: 38, Address: 0xbee0)
EfsDllFileKeyInfoSrv (Ordinal: 39, Address: 0xae20)
EfsDllFreeHeap (Ordinal: 40, Address: 0xbf30)
EfsDllFreeUserInfo (Ordinal: 41, Address: 0xa980)
EfsDllGetLocalFileName (Ordinal: 42, Address: 0xbf70)
EfsDllGetLogFile (Ordinal: 43, Address: 0xa500)
EfsDllGetUserInfo (Ordinal: 44, Address: 0xa970)
EfsDllGetVolumeRoot (Ordinal: 45, Address: 0xa4f0)
EfsDllIsConsumerProtectionEnforced (Ordinal: 46, Address: 0xc410)
EfsDllIsNonEfsSKU (Ordinal: 47, Address: 0xa4d0)
EfsDllLoadUserProfile (Ordinal: 48, Address: 0xa990)
EfsDllMarkFileForDelete (Ordinal: 49, Address: 0xa9b0)
EfsDllOefsAcquireExclusiveOperation (Ordinal: 50, Address: 0xd660)
EfsDllOefsCheckSupportByFilePath (Ordinal: 51, Address: 0x489a0)
EfsDllOefsReleaseExclusiveOperation (Ordinal: 52, Address: 0xd670)
EfsDllOnSessionChange (Ordinal: 53, Address: 0xa510)
EfsDllOnSessionUserChange (Ordinal: 54, Address: 0xa730)
EfsDllOpenFileRaw (Ordinal: 55, Address: 0xa3c0)
EfsDllQueryProtectorsSrv (Ordinal: 56, Address: 0xac20)
EfsDllQueryRecoveryAgentsSrv (Ordinal: 57, Address: 0xab20)
EfsDllQueryUsersOnFileSrv (Ordinal: 58, Address: 0xaa20)
EfsDllReadFileRaw (Ordinal: 59, Address: 0xa3f0)
EfsDllRemoveUsersFromFileSrv (Ordinal: 60, Address: 0xad50)
EfsDllReprotectFile (Ordinal: 61, Address: 0x14a50)
EfsDllSetFileEncryptionKeySrv (Ordinal: 62, Address: 0xadb0)
EfsDllShareDecline (Ordinal: 63, Address: 0xbf80)
EfsDllSsoFlushUserCache (Ordinal: 64, Address: 0xa9d0)
EfsDllUnloadUserProfile (Ordinal: 65, Address: 0xa9a0)
EfsDllUsePinForEncryptedFilesSrv (Ordinal: 66, Address: 0xae30)
EfsDllValidateEfsStream (Ordinal: 67, Address: 0xa9c0)
EfsDllWriteEncryptedFileWithHeader (Ordinal: 68, Address: 0xa410)
EfsDllWriteFileRaw (Ordinal: 69, Address: 0xa400)
EfsInitialize (Ordinal: 70, Address: 0xa2c0)
EfsProcessRecoveryPolicy (Ordinal: 71, Address: 0x1cce0)
EfsUnInitialize (Ordinal: 72, Address: 0xa380)
EfsValidateEfsStream (Ordinal: 73, Address: 0x22c80)

Imported DLLs & Functions

api-ms-win-appmodel-runtime-l1-1-0.dll

PackageFamilyNameFromFullName (Address: 0x1800ec780)

api-ms-win-core-apiquery-l1-1-0.dll

ApiSetQueryApiSetPresence (Address: 0x1800ec790)

api-ms-win-core-com-l1-1-0.dll

CoCreateFreeThreadedMarshaler (Address: 0x1800ec7c0)
CoCreateGuid (Address: 0x1800ec7b8)
CoDecrementMTAUsage (Address: 0x1800ec7e0)
CoIncrementMTAUsage (Address: 0x1800ec7a0)
CoTaskMemAlloc (Address: 0x1800ec7d8)
CoTaskMemFree (Address: 0x1800ec7e8)
CoTaskMemRealloc (Address: 0x1800ec7a8)
CoWaitForMultipleHandles (Address: 0x1800ec7c8)
StringFromCLSID (Address: 0x1800ec7d0)
StringFromGUID2 (Address: 0x1800ec7b0)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x1800ec7f8)
IsDebuggerPresent (Address: 0x1800ec808)
OutputDebugStringW (Address: 0x1800ec800)

api-ms-win-core-delayload-l1-1-0.dll

DelayLoadFailureHook (Address: 0x1800ec818)

api-ms-win-core-delayload-l1-1-1.dll

ResolveDelayLoadedAPI (Address: 0x1800ec828)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x1800ec858)
RaiseException (Address: 0x1800ec838)
SetLastError (Address: 0x1800ec840)
SetUnhandledExceptionFilter (Address: 0x1800ec850)
UnhandledExceptionFilter (Address: 0x1800ec848)

api-ms-win-core-file-l1-1-0.dll

CompareFileTime (Address: 0x1800ec8b8)
CreateDirectoryW (Address: 0x1800ec938)
CreateFileW (Address: 0x1800ec948)
DeleteFileW (Address: 0x1800ec890)
FindClose (Address: 0x1800ec8f0)
FindFirstFileExW (Address: 0x1800ec940)
FindFirstFileW (Address: 0x1800ec928)
FindFirstVolumeW (Address: 0x1800ec8f8)
FindNextFileW (Address: 0x1800ec918)
FindNextVolumeW (Address: 0x1800ec900)
FindVolumeClose (Address: 0x1800ec910)
FlushFileBuffers (Address: 0x1800ec908)
GetDriveTypeW (Address: 0x1800ec880)
GetFileAttributesExW (Address: 0x1800ec868)
GetFileAttributesW (Address: 0x1800ec8d0)
GetFileInformationByHandle (Address: 0x1800ec8b0)
GetFileSizeEx (Address: 0x1800ec8d8)
GetFileTime (Address: 0x1800ec8c8)
GetFinalPathNameByHandleW (Address: 0x1800ec8e0)
GetFullPathNameW (Address: 0x1800ec898)
GetTempFileNameW (Address: 0x1800ec950)
GetVolumeInformationByHandleW (Address: 0x1800ec920)
GetVolumeInformationW (Address: 0x1800ec870)
GetVolumePathNameW (Address: 0x1800ec8a8)
ReadFile (Address: 0x1800ec8e8)
RemoveDirectoryW (Address: 0x1800ec888)
SetFileInformationByHandle (Address: 0x1800ec878)
SetFilePointer (Address: 0x1800ec930)
SetFileTime (Address: 0x1800ec8c0)
WriteFile (Address: 0x1800ec8a0)

api-ms-win-core-file-l1-2-0.dll

GetVolumeNameForVolumeMountPointW (Address: 0x1800ec968)
GetVolumePathNamesForVolumeNameW (Address: 0x1800ec960)

api-ms-win-core-file-l2-1-0.dll

CopyFile2 (Address: 0x1800ec990)
GetFileInformationByHandleEx (Address: 0x1800ec988)
MoveFileExW (Address: 0x1800ec978)
ReplaceFileW (Address: 0x1800ec980)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x1800ec9a0)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x1800ec9d8)
HeapAlloc (Address: 0x1800ec9d0)
HeapCreate (Address: 0x1800ec9b0)
HeapDestroy (Address: 0x1800ec9b8)
HeapFree (Address: 0x1800ec9c8)
HeapSetInformation (Address: 0x1800ec9c0)

api-ms-win-core-heap-l2-1-0.dll

LocalAlloc (Address: 0x1800ec9e8)
LocalFree (Address: 0x1800ec9f0)

api-ms-win-core-io-l1-1-0.dll

DeviceIoControl (Address: 0x1800eca00)

api-ms-win-core-kernel32-legacy-l1-1-0.dll

GetComputerNameW (Address: 0x1800eca18)
RegisterWaitForSingleObject (Address: 0x1800eca10)
UnregisterWait (Address: 0x1800eca20)

api-ms-win-core-libraryloader-l1-2-0.dll

FindResourceExW (Address: 0x1800eca48)
FreeLibrary (Address: 0x1800eca38)
GetModuleFileNameA (Address: 0x1800eca78)
GetModuleFileNameW (Address: 0x1800eca40)
GetModuleHandleExW (Address: 0x1800eca70)
GetModuleHandleW (Address: 0x1800eca30)
GetProcAddress (Address: 0x1800eca68)
LoadLibraryExW (Address: 0x1800eca50)
LoadResource (Address: 0x1800eca58)
LockResource (Address: 0x1800eca60)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x1800eca88)
IdnToAscii (Address: 0x1800eca90)

api-ms-win-core-memory-l1-1-0.dll

CreateFileMappingW (Address: 0x1800ecab0)
MapViewOfFile (Address: 0x1800ecad0)
UnmapViewOfFile (Address: 0x1800ecac0)
VirtualAlloc (Address: 0x1800ecab8)
VirtualFree (Address: 0x1800ecaa0)
VirtualProtect (Address: 0x1800ecaa8)
VirtualQuery (Address: 0x1800ecac8)

api-ms-win-core-memory-l1-1-1.dll

GetProcessWorkingSetSizeEx (Address: 0x1800ecaf8)
SetProcessWorkingSetSizeEx (Address: 0x1800ecae0)
VirtualLock (Address: 0x1800ecaf0)
VirtualUnlock (Address: 0x1800ecae8)

api-ms-win-core-path-l1-1-0.dll

PathCchRemoveFileSpec (Address: 0x1800ecb08)

api-ms-win-core-processenvironment-l1-1-0.dll

GetEnvironmentVariableW (Address: 0x1800ecb18)

api-ms-win-core-processthreads-l1-1-0.dll

CreateThread (Address: 0x1800ecb80)
GetCurrentProcess (Address: 0x1800ecb30)
GetCurrentProcessId (Address: 0x1800ecb78)
GetCurrentThread (Address: 0x1800ecb58)
GetCurrentThreadId (Address: 0x1800ecb88)
GetThreadId (Address: 0x1800ecb50)
OpenProcessToken (Address: 0x1800ecb28)
OpenThreadToken (Address: 0x1800ecb68)
ResumeThread (Address: 0x1800ecb38)
SetThreadStackGuarantee (Address: 0x1800ecb40)
SetThreadToken (Address: 0x1800ecb48)
TerminateProcess (Address: 0x1800ecb60)
TerminateThread (Address: 0x1800ecb70)

api-ms-win-core-processthreads-l1-1-1.dll

GetProcessMitigationPolicy (Address: 0x1800ecba0)
OpenProcess (Address: 0x1800ecb98)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x1800ecbb0)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x1800ecc00)
RegCreateKeyExW (Address: 0x1800ecbf0)
RegDeleteTreeW (Address: 0x1800ecbd0)
RegDeleteValueW (Address: 0x1800ecc08)
RegEnumKeyExW (Address: 0x1800ecc20)
RegEnumValueW (Address: 0x1800ecbe0)
RegFlushKey (Address: 0x1800ecc28)
RegGetValueW (Address: 0x1800ecc18)
RegNotifyChangeKeyValue (Address: 0x1800ecbf8)
RegOpenCurrentUser (Address: 0x1800ecc10)
RegOpenKeyExW (Address: 0x1800ecbd8)
RegQueryInfoKeyW (Address: 0x1800ecbc8)
RegQueryValueExW (Address: 0x1800ecbc0)
RegSetValueExW (Address: 0x1800ecbe8)

api-ms-win-core-registry-l1-1-1.dll

RegSetKeyValueW (Address: 0x1800ecc38)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x1800ecc50)
RtlCompareMemory (Address: 0x1800ecc58)
RtlLookupFunctionEntry (Address: 0x1800ecc60)
RtlVirtualUnwind (Address: 0x1800ecc48)

api-ms-win-core-shlwapi-legacy-l1-1-0.dll

PathFindExtensionW (Address: 0x1800ecc70)

api-ms-win-core-string-l1-1-0.dll

CompareStringOrdinal (Address: 0x1800ecc80)
GetStringTypeW (Address: 0x1800ecc90)
MultiByteToWideChar (Address: 0x1800ecc88)
WideCharToMultiByte (Address: 0x1800ecc98)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x1800eccb8)
AcquireSRWLockShared (Address: 0x1800ecd28)
CancelWaitableTimer (Address: 0x1800eccd0)
CreateEventExW (Address: 0x1800ecd68)
CreateEventW (Address: 0x1800eccf0)
CreateMutexExW (Address: 0x1800ecd18)
CreateMutexW (Address: 0x1800eccb0)
CreateSemaphoreExW (Address: 0x1800eccc8)
CreateWaitableTimerExW (Address: 0x1800ecce0)
DeleteCriticalSection (Address: 0x1800ecd30)
EnterCriticalSection (Address: 0x1800ecca8)
InitializeCriticalSection (Address: 0x1800ecd70)
InitializeCriticalSectionEx (Address: 0x1800ecd78)
InitializeSRWLock (Address: 0x1800ecd40)
LeaveCriticalSection (Address: 0x1800ecd20)
OpenSemaphoreW (Address: 0x1800ecd08)
ReleaseMutex (Address: 0x1800ecce8)
ReleaseSemaphore (Address: 0x1800eccc0)
ReleaseSRWLockExclusive (Address: 0x1800ecd48)
ReleaseSRWLockShared (Address: 0x1800ecd10)
ResetEvent (Address: 0x1800ecd60)
SetEvent (Address: 0x1800ecd00)
SetWaitableTimerEx (Address: 0x1800eccd8)
TryAcquireSRWLockShared (Address: 0x1800ecd58)
TryEnterCriticalSection (Address: 0x1800ecd38)
WaitForSingleObject (Address: 0x1800ecd50)
WaitForSingleObjectEx (Address: 0x1800eccf8)

api-ms-win-core-synch-l1-2-0.dll

InitOnceBeginInitialize (Address: 0x1800ecd88)
InitOnceComplete (Address: 0x1800ecd90)
Sleep (Address: 0x1800ecd98)
SleepConditionVariableSRW (Address: 0x1800ecda8)
WakeAllConditionVariable (Address: 0x1800ecda0)

api-ms-win-core-synch-l1-2-1.dll

WaitForMultipleObjects (Address: 0x1800ecdb8)

api-ms-win-core-sysinfo-l1-1-0.dll

GetComputerNameExW (Address: 0x1800ecde0)
GetLocalTime (Address: 0x1800ecde8)
GetSystemInfo (Address: 0x1800ecdc8)
GetSystemTime (Address: 0x1800ece00)
GetSystemTimeAsFileTime (Address: 0x1800ecdd0)
GetTickCount (Address: 0x1800ecdf0)
GetTickCount64 (Address: 0x1800ecdf8)
GetVersionExW (Address: 0x1800ecdd8)

api-ms-win-core-threadpool-l1-2-0.dll

CallbackMayRunLong (Address: 0x1800ece28)
CloseThreadpool (Address: 0x1800ece78)
CloseThreadpoolCleanupGroup (Address: 0x1800ece38)
CloseThreadpoolCleanupGroupMembers (Address: 0x1800ece40)
CloseThreadpoolTimer (Address: 0x1800ece70)
CloseThreadpoolWait (Address: 0x1800ece50)
CloseThreadpoolWork (Address: 0x1800ece30)
CreateThreadpool (Address: 0x1800ecea0)
CreateThreadpoolCleanupGroup (Address: 0x1800ece48)
CreateThreadpoolTimer (Address: 0x1800ece20)
CreateThreadpoolWait (Address: 0x1800ece90)
CreateThreadpoolWork (Address: 0x1800ece88)
IsThreadpoolTimerSet (Address: 0x1800ecea8)
SetThreadpoolThreadMaximum (Address: 0x1800ece80)
SetThreadpoolThreadMinimum (Address: 0x1800ece98)
SetThreadpoolTimer (Address: 0x1800ece60)
SetThreadpoolWait (Address: 0x1800ece68)
SubmitThreadpoolWork (Address: 0x1800ece10)
WaitForThreadpoolTimerCallbacks (Address: 0x1800eceb0)
WaitForThreadpoolWaitCallbacks (Address: 0x1800ece58)
WaitForThreadpoolWorkCallbacks (Address: 0x1800ece18)

api-ms-win-core-threadpool-legacy-l1-1-0.dll

CreateTimerQueueTimer (Address: 0x1800ecec8)
DeleteTimerQueueTimer (Address: 0x1800eced8)
QueueUserWorkItem (Address: 0x1800ecec0)
UnregisterWaitEx (Address: 0x1800eced0)

api-ms-win-core-timezone-l1-1-0.dll

FileTimeToSystemTime (Address: 0x1800ecef0)
SystemTimeToFileTime (Address: 0x1800ecef8)
SystemTimeToTzSpecificLocalTime (Address: 0x1800ecee8)

api-ms-win-core-util-l1-1-0.dll

DecodePointer (Address: 0x1800ecf10)
EncodePointer (Address: 0x1800ecf08)

api-ms-win-core-winrt-l1-1-0.dll

RoGetActivationFactory (Address: 0x1800ecf28)
RoInitialize (Address: 0x1800ecf30)
RoUninitialize (Address: 0x1800ecf20)

api-ms-win-core-winrt-string-l1-1-0.dll

WindowsCreateStringReference (Address: 0x1800ecf48)
WindowsDeleteString (Address: 0x1800ecf40)
WindowsGetStringRawBuffer (Address: 0x1800ecf50)

api-ms-win-eventing-provider-l1-1-0.dll

EventActivityIdControl (Address: 0x1800ecf60)
EventProviderEnabled (Address: 0x1800ecf88)
EventRegister (Address: 0x1800ecf68)
EventSetInformation (Address: 0x1800ecf70)
EventUnregister (Address: 0x1800ecf80)
EventWriteTransfer (Address: 0x1800ecf78)

api-ms-win-security-base-l1-1-0.dll

AdjustTokenPrivileges (Address: 0x1800ecfa8)
CheckTokenMembership (Address: 0x1800ecfb8)
CopySid (Address: 0x1800ecfd8)
CreateWellKnownSid (Address: 0x1800ed008)
DuplicateToken (Address: 0x1800ecfb0)
DuplicateTokenEx (Address: 0x1800ecfe0)
EqualSid (Address: 0x1800ecfc8)
GetLengthSid (Address: 0x1800ed010)
GetSidSubAuthority (Address: 0x1800ecff0)
GetSidSubAuthorityCount (Address: 0x1800ecfa0)
GetTokenInformation (Address: 0x1800ecf98)
ImpersonateLoggedOnUser (Address: 0x1800ed000)
IsValidSid (Address: 0x1800ecfe8)
PrivilegeCheck (Address: 0x1800ecfd0)
RevertToSelf (Address: 0x1800ecff8)
SetTokenInformation (Address: 0x1800ecfc0)

api-ms-win-security-sddl-l1-1-0.dll

ConvertSidToStringSidW (Address: 0x1800ed028)
ConvertStringSidToSidW (Address: 0x1800ed020)

api-ms-win-service-private-l1-1-0.dll

I_QueryTagInformation (Address: 0x1800ed038)

api-ms-win-stateseparation-helpers-l1-1-0.dll

GetPersistedRegistryLocationW (Address: 0x1800ed048)

AUTHZ.dll

AuthzFreeAuditEvent (Address: 0x1800ec5e8)
AuthziAllocateAuditParams (Address: 0x1800ec5b0)
AuthziFreeAuditEventType (Address: 0x1800ec5d8)
AuthziFreeAuditParams (Address: 0x1800ec5d0)
AuthziInitializeAuditEvent (Address: 0x1800ec5c8)
AuthziInitializeAuditEventType (Address: 0x1800ec5b8)
AuthziInitializeAuditParams (Address: 0x1800ec5c0)
AuthziLogAuditEvent (Address: 0x1800ec5e0)

bcrypt.dll

BCryptCloseAlgorithmProvider (Address: 0x1800ed080)
BCryptCreateHash (Address: 0x1800ed0c8)
BCryptDecrypt (Address: 0x1800ed0a0)
BCryptDeriveKey (Address: 0x1800ed078)
BCryptDestroyHash (Address: 0x1800ed100)
BCryptDestroyKey (Address: 0x1800ed0e8)
BCryptDestroySecret (Address: 0x1800ed090)
BCryptDuplicateKey (Address: 0x1800ed0b8)
BCryptEncrypt (Address: 0x1800ed0d8)
BCryptExportKey (Address: 0x1800ed0d0)
BCryptFinalizeKeyPair (Address: 0x1800ed0e0)
BCryptFinishHash (Address: 0x1800ed110)
BCryptGenerateKeyPair (Address: 0x1800ed0f8)
BCryptGenerateSymmetricKey (Address: 0x1800ed108)
BCryptGenRandom (Address: 0x1800ed0c0)
BCryptGetFipsAlgorithmMode (Address: 0x1800ed098)
BCryptGetProperty (Address: 0x1800ed058)
BCryptHash (Address: 0x1800ed0b0)
BCryptHashData (Address: 0x1800ed118)
BCryptImportKey (Address: 0x1800ed088)
BCryptImportKeyPair (Address: 0x1800ed0a8)
BCryptKeyDerivation (Address: 0x1800ed0f0)
BCryptOpenAlgorithmProvider (Address: 0x1800ed070)
BCryptSecretAgreement (Address: 0x1800ed060)
BCryptSetProperty (Address: 0x1800ed068)

CRYPT32.dll

CertAddEncodedCertificateToStore (Address: 0x1800ec668)
CertCloseStore (Address: 0x1800ec608)
CertCreateCertificateContext (Address: 0x1800ec640)
CertDeleteCertificateFromStore (Address: 0x1800ec660)
CertDuplicateCertificateContext (Address: 0x1800ec638)
CertFindCertificateInStore (Address: 0x1800ec670)
CertFreeCertificateChainEngine (Address: 0x1800ec600)
CertFreeCertificateContext (Address: 0x1800ec648)
CertGetCertificateContextProperty (Address: 0x1800ec628)
CertOpenStore (Address: 0x1800ec618)
CertSetCertificateContextProperty (Address: 0x1800ec620)
CertVerifyTimeValidity (Address: 0x1800ec658)
CryptBinaryToStringW (Address: 0x1800ec5f8)
CryptImportPublicKeyInfoEx2 (Address: 0x1800ec678)
CryptProtectMemory (Address: 0x1800ec650)
CryptStringToBinaryW (Address: 0x1800ec610)
CryptUnprotectMemory (Address: 0x1800ec630)

DSROLE.dll

DsRoleFreeMemory (Address: 0x1800ec690)
DsRoleGetPrimaryDomainInformation (Address: 0x1800ec688)

iertutil.dll

CreateUri (Address: 0x1800ed128)

msvcrt.dll

___lc_codepage_func (Address: 0x1800ed178)
___lc_handle_func (Address: 0x1800ed180)
___mb_cur_max_func (Address: 0x1800ed190)
__C_specific_handler (Address: 0x1800ed270)
__crtLCMapStringW (Address: 0x1800ed1e0)
__CxxFrameHandler3 (Address: 0x1800ed2f8)
__dllonexit (Address: 0x1800ed240)
__pctype_func (Address: 0x1800ed168)
__uncaught_exception (Address: 0x1800ed158)
_amsg_exit (Address: 0x1800ed230)
_callnewh (Address: 0x1800ed1d0)
_CxxThrowException (Address: 0x1800ed1c0)
_errno (Address: 0x1800ed188)
_initterm (Address: 0x1800ed238)
_ismbblead (Address: 0x1800ed170)
_lock (Address: 0x1800ed1a0)
_onexit (Address: 0x1800ed248)
_purecall (Address: 0x1800ed310)
_unlock (Address: 0x1800ed198)
_vsnprintf (Address: 0x1800ed2d8)
_vsnprintf_s (Address: 0x1800ed2a8)
_vsnwprintf (Address: 0x1800ed328)
_wcsdup (Address: 0x1800ed140)
_wcsicmp (Address: 0x1800ed268)
_wcslwr (Address: 0x1800ed290)
_wcsnicmp (Address: 0x1800ed1f8)
_wcsrev (Address: 0x1800ed2c8)
_wsetlocale (Address: 0x1800ed138)
_wtoi64 (Address: 0x1800ed1f0)
_XcptFilter (Address: 0x1800ed228)
??0bad_cast@@QEAA@AEBV0@@Z (Address: 0x1800ed218)
??0bad_cast@@QEAA@PEBD@Z (Address: 0x1800ed208)
??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800ed220)
??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800ed1c8)
??0exception@@QEAA@AEBV0@@Z (Address: 0x1800ed2b0)
??0exception@@QEAA@XZ (Address: 0x1800ed2b8)
??1bad_cast@@UEAA@XZ (Address: 0x1800ed210)
??1exception@@UEAA@XZ (Address: 0x1800ed308)
??1type_info@@UEAA@XZ (Address: 0x1800ed2f0)
??3@YAXPEAX@Z (Address: 0x1800ed318)
?terminate@@YAXXZ (Address: 0x1800ed258)
?what@exception@@UEBAPEBDXZ (Address: 0x1800ed250)
abort (Address: 0x1800ed150)
calloc (Address: 0x1800ed160)
free (Address: 0x1800ed200)
iswspace (Address: 0x1800ed300)
malloc (Address: 0x1800ed1d8)
memcmp (Address: 0x1800ed1e8)
memcpy (Address: 0x1800ed1b8)
memcpy_s (Address: 0x1800ed320)
memmove (Address: 0x1800ed1b0)
memmove_s (Address: 0x1800ed2a0)
memset (Address: 0x1800ed148)
setlocale (Address: 0x1800ed1a8)
swprintf_s (Address: 0x1800ed260)
toupper (Address: 0x1800ed2c0)
wcschr (Address: 0x1800ed280)
wcscmp (Address: 0x1800ed330)
wcsncmp (Address: 0x1800ed2e8)
wcsnlen (Address: 0x1800ed2e0)
wcsrchr (Address: 0x1800ed288)
wcsstr (Address: 0x1800ed298)
wcstok_s (Address: 0x1800ed278)
wcstoul (Address: 0x1800ed2d0)

ncrypt.dll

NCryptCloseProtectionDescriptor (Address: 0x1800ed378)
NCryptCreateProtectionDescriptor (Address: 0x1800ed368)
NCryptDeriveKey (Address: 0x1800ed358)
NCryptExportKey (Address: 0x1800ed388)
NCryptFreeObject (Address: 0x1800ed348)
NCryptGetProperty (Address: 0x1800ed3a8)
NCryptGetProtectionDescriptorInfo (Address: 0x1800ed390)
NCryptImportKey (Address: 0x1800ed350)
NCryptOpenKey (Address: 0x1800ed398)
NCryptOpenStorageProvider (Address: 0x1800ed340)
NCryptProtectSecret (Address: 0x1800ed370)
NCryptSecretAgreement (Address: 0x1800ed360)
NCryptSetProperty (Address: 0x1800ed3a0)
NCryptUnprotectSecret (Address: 0x1800ed380)

netutils.dll

NetApiBufferFree (Address: 0x1800ed3b8)

ntdll.dll

EtwEventEnabled (Address: 0x1800ed3d0)
EtwEventRegister (Address: 0x1800ed578)
EtwEventUnregister (Address: 0x1800ed3c8)
EtwEventWrite (Address: 0x1800ed3d8)
NtClose (Address: 0x1800ed490)
NtCreateFile (Address: 0x1800ed550)
NtFlushBuffersFile (Address: 0x1800ed508)
NtFsControlFile (Address: 0x1800ed538)
NtOpenThreadToken (Address: 0x1800ed4a0)
NtQueryInformationFile (Address: 0x1800ed540)
NtQueryInformationToken (Address: 0x1800ed5b0)
NtQueryObject (Address: 0x1800ed478)
NtQuerySecurityAttributesToken (Address: 0x1800ed588)
NtQuerySystemTime (Address: 0x1800ed5f0)
NtQueryVolumeInformationFile (Address: 0x1800ed510)
NtQueryWnfStateData (Address: 0x1800ed5e0)
NtReadFile (Address: 0x1800ed470)
NtSetInformationFile (Address: 0x1800ed530)
NtSetInformationThread (Address: 0x1800ed498)
NtSetInformationToken (Address: 0x1800ed438)
NtUpdateWnfStateData (Address: 0x1800ed408)
NtWriteFile (Address: 0x1800ed520)
RtlAcquireResourceExclusive (Address: 0x1800ed600)
RtlAcquireResourceShared (Address: 0x1800ed638)
RtlAcquireSRWLockExclusive (Address: 0x1800ed500)
RtlAcquireSRWLockShared (Address: 0x1800ed3e8)
RtlAddAccessAllowedAceEx (Address: 0x1800ed4b8)
RtlAllocateHeap (Address: 0x1800ed3e0)
RtlAnsiStringToUnicodeString (Address: 0x1800ed4e0)
RtlAppendUnicodeStringToString (Address: 0x1800ed428)
RtlAppendUnicodeToString (Address: 0x1800ed430)
RtlCompareUnicodeString (Address: 0x1800ed458)
RtlConvertSidToUnicodeString (Address: 0x1800ed5a0)
RtlCopySid (Address: 0x1800ed5c0)
RtlCopyUnicodeString (Address: 0x1800ed440)
RtlCreateSecurityDescriptor (Address: 0x1800ed4b0)
RtlCreateSystemVolumeInformationFolder (Address: 0x1800ed418)
RtlDeleteCriticalSection (Address: 0x1800ed5d8)
RtlDeleteResource (Address: 0x1800ed5c8)
RtlDoesFileExists_U (Address: 0x1800ed420)
RtlDosPathNameToNtPathName_U (Address: 0x1800ed558)
RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x1800ed410)
RtlEnterCriticalSection (Address: 0x1800ed468)
RtlEqualSid (Address: 0x1800ed568)
RtlFreeHeap (Address: 0x1800ed548)
RtlFreeUnicodeString (Address: 0x1800ed4f0)
RtlGetDaclSecurityDescriptor (Address: 0x1800ed528)
RtlImageNtHeader (Address: 0x1800ed450)
RtlInitAnsiString (Address: 0x1800ed4e8)
RtlInitializeCriticalSection (Address: 0x1800ed5e8)
RtlInitializeResource (Address: 0x1800ed5f8)
RtlInitializeSid (Address: 0x1800ed4d0)
RtlInitializeSRWLock (Address: 0x1800ed5b8)
RtlInitUnicodeString (Address: 0x1800ed560)
RtlIsCloudFilesPlaceholder (Address: 0x1800ed580)
RtlIsMultiSessionSku (Address: 0x1800ed5d0)
RtlLeaveCriticalSection (Address: 0x1800ed460)
RtlLengthRequiredSid (Address: 0x1800ed4d8)
RtlLengthSid (Address: 0x1800ed4c0)
RtlNtStatusToDosError (Address: 0x1800ed570)
RtlPublishWnfStateData (Address: 0x1800ed3f8)
RtlQueryPackageClaims (Address: 0x1800ed448)
RtlQueryWnfStateData (Address: 0x1800ed630)
RtlReleaseResource (Address: 0x1800ed480)
RtlReleaseSRWLockExclusive (Address: 0x1800ed4f8)
RtlReleaseSRWLockShared (Address: 0x1800ed3f0)
RtlSetDaclSecurityDescriptor (Address: 0x1800ed4a8)
RtlSubAuthoritySid (Address: 0x1800ed4c8)
RtlSubscribeWnfStateChangeNotification (Address: 0x1800ed598)
RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800ed590)
RtlUnsubscribeWnfStateChangeNotification (Address: 0x1800ed488)
RtlUpcaseUnicodeChar (Address: 0x1800ed400)
RtlValidSid (Address: 0x1800ed5a8)
ZwClose (Address: 0x1800ed618)
ZwOpenProcessTokenEx (Address: 0x1800ed620)
ZwOpenThreadTokenEx (Address: 0x1800ed610)
ZwQueryInformationProcess (Address: 0x1800ed628)
ZwQueryInformationToken (Address: 0x1800ed608)
ZwQueryWnfStateData (Address: 0x1800ed518)

OLEAUT32.dll

SysFreeString (Address: 0x1800ec6a0)

profapi.dll

(Address: 0x1800ed648)

SspiCli.dll

LsaFreeReturnBuffer (Address: 0x1800ec6b8)
LsaGetLogonSessionData (Address: 0x1800ec6c0)
LsaRegisterPolicyChangeNotification (Address: 0x1800ec6b0)
LsaUnregisterPolicyChangeNotification (Address: 0x1800ec6c8)

USERENV.dll

EnterCriticalPolicySection (Address: 0x1800ec6f0)
ExpandEnvironmentStringsForUserW (Address: 0x1800ec6d8)
LeaveCriticalPolicySection (Address: 0x1800ec6e8)
LoadUserProfileW (Address: 0x1800ec708)
RegisterGPNotification (Address: 0x1800ec6f8)
UnloadUserProfile (Address: 0x1800ec6e0)
UnregisterGPNotification (Address: 0x1800ec700)

WINHTTP.dll

WinHttpAddRequestHeaders (Address: 0x1800ec750)
WinHttpCloseHandle (Address: 0x1800ec738)
WinHttpConnect (Address: 0x1800ec758)
WinHttpCrackUrl (Address: 0x1800ec730)
WinHttpOpen (Address: 0x1800ec760)
WinHttpOpenRequest (Address: 0x1800ec720)
WinHttpQueryDataAvailable (Address: 0x1800ec770)
WinHttpQueryHeaders (Address: 0x1800ec728)
WinHttpReadData (Address: 0x1800ec748)
WinHttpReceiveResponse (Address: 0x1800ec768)
WinHttpSendRequest (Address: 0x1800ec718)
WinHttpSetOption (Address: 0x1800ec740)