LogonController.dll
Description: Logon UX Controller
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5915
Architecture: 64-bit
Operating System: Windows NT
SHA256: 56880cbf1bc08d0dc6635774bb8a470c
File Size: 851.0 KB
Uploaded At: Dec. 1, 2025, 7:32 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x2c1c0)
- DllGetActivationFactory (Ordinal: 2, Address: 0x2ed00)
- DllGetClassObject (Ordinal: 3, Address: 0x2f700)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800a2c00)
api-ms-win-core-com-l1-1-0.dll
- CLSIDFromString (Address: 0x1800a2c10)
- CoCancelCall (Address: 0x1800a2c60)
- CoCreateFreeThreadedMarshaler (Address: 0x1800a2c88)
- CoCreateGuid (Address: 0x1800a2c78)
- CoCreateInstance (Address: 0x1800a2c38)
- CoDecrementMTAUsage (Address: 0x1800a2c18)
- CoDisableCallCancellation (Address: 0x1800a2c70)
- CoEnableCallCancellation (Address: 0x1800a2c68)
- CoGetMalloc (Address: 0x1800a2cb8)
- CoIncrementMTAUsage (Address: 0x1800a2c48)
- CoInitializeEx (Address: 0x1800a2c20)
- CoMarshalInterface (Address: 0x1800a2c58)
- CoReleaseMarshalData (Address: 0x1800a2c30)
- CoTaskMemAlloc (Address: 0x1800a2c40)
- CoTaskMemFree (Address: 0x1800a2ca0)
- CoTaskMemRealloc (Address: 0x1800a2c90)
- CoUninitialize (Address: 0x1800a2c28)
- CoWaitForMultipleHandles (Address: 0x1800a2ca8)
- CreateStreamOnHGlobal (Address: 0x1800a2c50)
- PropVariantClear (Address: 0x1800a2c98)
- StringFromCLSID (Address: 0x1800a2c80)
- StringFromGUID2 (Address: 0x1800a2cb0)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1800a2cc8)
api-ms-win-core-job-l1-1-0.dll
- IsProcessInJob (Address: 0x1800a2cd8)
api-ms-win-core-job-l2-1-0.dll
- AssignProcessToJobObject (Address: 0x1800a2cf0)
- CreateJobObjectW (Address: 0x1800a2ce8)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1800a2d00)
- MapViewOfFile (Address: 0x1800a2d10)
- UnmapViewOfFile (Address: 0x1800a2d08)
api-ms-win-core-path-l1-1-0.dll
- PathCchAppend (Address: 0x1800a2d20)
- PathCchCombine (Address: 0x1800a2d28)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentThread (Address: 0x1800a2d50)
- GetProcessId (Address: 0x1800a2d48)
- OpenProcessToken (Address: 0x1800a2d40)
- OpenThreadToken (Address: 0x1800a2d38)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800a2da8)
- RegCreateKeyExW (Address: 0x1800a2d70)
- RegDeleteValueW (Address: 0x1800a2d68)
- RegEnumKeyExW (Address: 0x1800a2d80)
- RegEnumValueW (Address: 0x1800a2db0)
- RegGetValueW (Address: 0x1800a2d78)
- RegNotifyChangeKeyValue (Address: 0x1800a2db8)
- RegOpenCurrentUser (Address: 0x1800a2d90)
- RegOpenKeyExW (Address: 0x1800a2d98)
- RegQueryInfoKeyW (Address: 0x1800a2d88)
- RegQueryValueExW (Address: 0x1800a2da0)
- RegSetValueExW (Address: 0x1800a2d60)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x1800a2dc8)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x1800a2dd8)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- UnregisterWaitEx (Address: 0x1800a2de8)
api-ms-win-core-version-l1-1-0.dll
- VerQueryValueW (Address: 0x1800a2df8)
api-ms-win-core-version-l1-1-1.dll
- GetFileVersionInfoSizeW (Address: 0x1800a2e10)
- GetFileVersionInfoW (Address: 0x1800a2e08)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x1800a2e28)
- RoOriginateError (Address: 0x1800a2e30)
- RoOriginateErrorW (Address: 0x1800a2e20)
- RoTransformError (Address: 0x1800a2e38)
- SetRestrictedErrorInfo (Address: 0x1800a2e40)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1800a2e60)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1800a2e58)
- RoReportFailedDelegate (Address: 0x1800a2e50)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1800a2e70)
- RoGetActivationFactory (Address: 0x1800a2e78)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCompareStringOrdinal (Address: 0x1800a2e98)
- WindowsCreateString (Address: 0x1800a2eb0)
- WindowsCreateStringReference (Address: 0x1800a2e90)
- WindowsDeleteString (Address: 0x1800a2ec8)
- WindowsDuplicateString (Address: 0x1800a2eb8)
- WindowsGetStringLen (Address: 0x1800a2e88)
- WindowsGetStringRawBuffer (Address: 0x1800a2ec0)
- WindowsIsStringEmpty (Address: 0x1800a2ea8)
- WindowsStringHasEmbeddedNull (Address: 0x1800a2ea0)
api-ms-win-devices-query-l1-1-0.dll
- DevFreeObjects (Address: 0x1800a2ed8)
- DevGetObjects (Address: 0x1800a2ee0)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800a2ef8)
- GetTraceEnableLevel (Address: 0x1800a2f00)
- GetTraceLoggerHandle (Address: 0x1800a2ef0)
- RegisterTraceGuidsW (Address: 0x1800a2f08)
- UnregisterTraceGuids (Address: 0x1800a2f10)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1800a2f30)
- EventProviderEnabled (Address: 0x1800a2f20)
- EventRegister (Address: 0x1800a2f28)
- EventSetInformation (Address: 0x1800a2f48)
- EventUnregister (Address: 0x1800a2f38)
- EventWriteTransfer (Address: 0x1800a2f40)
api-ms-win-ntuser-rectangle-l1-1-0.dll
- CopyRect (Address: 0x1800a2f58)
api-ms-win-ntuser-sysparams-l1-1-0.dll
- GetSystemMetrics (Address: 0x1800a2f68)
- SystemParametersInfoW (Address: 0x1800a2f70)
api-ms-win-power-base-l1-1-0.dll
- PowerDeterminePlatformRoleEx (Address: 0x1800a2f80)
- PowerRegisterSuspendResumeNotification (Address: 0x1800a2f90)
- PowerUnregisterSuspendResumeNotification (Address: 0x1800a2f88)
api-ms-win-power-setting-l1-1-0.dll
- PowerSettingRegisterNotification (Address: 0x1800a2fa0)
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0.dll
- RegisterPowerSettingNotification (Address: 0x1800a2fb8)
- UnregisterPowerSettingNotification (Address: 0x1800a2fb0)
api-ms-win-rtcore-ntuser-synch-l1-1-0.dll
- MsgWaitForMultipleObjectsEx (Address: 0x1800a2fc8)
api-ms-win-rtcore-ntuser-window-l1-1-0.dll
- CreateWindowExW (Address: 0x1800a3008)
- DefWindowProcW (Address: 0x1800a3030)
- DestroyWindow (Address: 0x1800a3010)
- DispatchMessageW (Address: 0x1800a2ff0)
- FindWindowW (Address: 0x1800a3038)
- GetClassInfoW (Address: 0x1800a3050)
- GetDesktopWindow (Address: 0x1800a2fd8)
- GetWindowLongPtrW (Address: 0x1800a3028)
- GetWindowThreadProcessId (Address: 0x1800a3058)
- PeekMessageW (Address: 0x1800a2fe0)
- PostMessageW (Address: 0x1800a3040)
- PostThreadMessageW (Address: 0x1800a3020)
- RegisterClassW (Address: 0x1800a3048)
- SendNotifyMessageW (Address: 0x1800a2ff8)
- SetWindowLongPtrW (Address: 0x1800a3000)
- TranslateMessage (Address: 0x1800a2fe8)
- UnregisterClassW (Address: 0x1800a3018)
api-ms-win-security-base-l1-1-0.dll
- CheckTokenMembership (Address: 0x1800a3078)
- CopySid (Address: 0x1800a3088)
- CreateWellKnownSid (Address: 0x1800a3080)
- GetLengthSid (Address: 0x1800a3070)
- GetTokenInformation (Address: 0x1800a3090)
- IsWellKnownSid (Address: 0x1800a3068)
api-ms-win-security-credentials-l1-1-0.dll
- CredIsProtectedW (Address: 0x1800a30a8)
- CredProtectW (Address: 0x1800a30a0)
api-ms-win-security-lsalookup-l1-1-0.dll
- LookupAccountNameLocalW (Address: 0x1800a30c0)
- LookupAccountSidLocalW (Address: 0x1800a30b8)
api-ms-win-security-lsalookup-l1-1-2.dll
- LsaLookupUserAccountType (Address: 0x1800a30d0)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaClose (Address: 0x1800a30e8)
- LsaFreeMemory (Address: 0x1800a30f8)
- LsaOpenPolicy (Address: 0x1800a30f0)
- LsaQueryInformationPolicy (Address: 0x1800a3100)
- LsaRetrievePrivateData (Address: 0x1800a30e0)
- LsaStorePrivateData (Address: 0x1800a3108)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800a3128)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800a3118)
- ConvertStringSidToSidW (Address: 0x1800a3120)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1800a3148)
- OpenSCManagerW (Address: 0x1800a3138)
- OpenServiceW (Address: 0x1800a3140)
api-ms-win-service-management-l2-1-0.dll
- QueryServiceConfigW (Address: 0x1800a3158)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x1800a3168)
dxgi.dll
- DXGIDeclareAdapterRemovalSupport (Address: 0x1800a3178)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x1800a2790)
- AcquireSRWLockShared (Address: 0x1800a2798)
- CheckRemoteDebuggerPresent (Address: 0x1800a2a20)
- CloseHandle (Address: 0x1800a2770)
- CloseThreadpoolTimer (Address: 0x1800a28c8)
- CloseThreadpoolWait (Address: 0x1800a2958)
- CompareStringOrdinal (Address: 0x1800a28b0)
- CompareStringW (Address: 0x1800a2a28)
- CopyFileW (Address: 0x1800a29d0)
- CreateEventExW (Address: 0x1800a2888)
- CreateEventW (Address: 0x1800a28d8)
- CreateFileW (Address: 0x1800a2980)
- CreateMutexExW (Address: 0x1800a27e8)
- CreateProcessW (Address: 0x1800a2a40)
- CreateSemaphoreExW (Address: 0x1800a27f8)
- CreateThread (Address: 0x1800a2950)
- CreateThreadpoolTimer (Address: 0x1800a28c0)
- CreateThreadpoolWait (Address: 0x1800a2998)
- CreateTimerQueueTimer (Address: 0x1800a2a08)
- DebugBreak (Address: 0x1800a2738)
- DecodePointer (Address: 0x1800a27b8)
- DelayLoadFailureHook (Address: 0x1800a26c8)
- DeleteCriticalSection (Address: 0x1800a2928)
- DeleteFileW (Address: 0x1800a29b8)
- DeleteTimerQueueTimer (Address: 0x1800a2a10)
- DisableThreadLibraryCalls (Address: 0x1800a27b0)
- DuplicateHandle (Address: 0x1800a29d8)
- EncodePointer (Address: 0x1800a2800)
- EnterCriticalSection (Address: 0x1800a2910)
- ExpandEnvironmentStringsW (Address: 0x1800a2948)
- FindClose (Address: 0x1800a29a8)
- FindFirstFileExW (Address: 0x1800a29b0)
- FindNextFileW (Address: 0x1800a29c0)
- FindResourceExW (Address: 0x1800a2908)
- FormatMessageW (Address: 0x1800a2700)
- FreeLibrary (Address: 0x1800a28a0)
- GetComputerNameW (Address: 0x1800a2a30)
- GetCurrentProcess (Address: 0x1800a2840)
- GetCurrentProcessId (Address: 0x1800a27e0)
- GetCurrentThreadId (Address: 0x1800a2708)
- GetExitCodeProcess (Address: 0x1800a2a48)
- GetLastError (Address: 0x1800a2750)
- GetModuleFileNameA (Address: 0x1800a2730)
- GetModuleHandleExW (Address: 0x1800a2728)
- GetModuleHandleW (Address: 0x1800a2740)
- GetProcAddress (Address: 0x1800a2748)
- GetProcessHeap (Address: 0x1800a2718)
- GetProductInfo (Address: 0x1800a28f0)
- GetSystemDirectoryW (Address: 0x1800a29c8)
- GetSystemPreferredUILanguages (Address: 0x1800a2970)
- GetSystemTimeAsFileTime (Address: 0x1800a2858)
- GetSystemWindowsDirectoryW (Address: 0x1800a2a18)
- GetTickCount (Address: 0x1800a2860)
- GetTickCount64 (Address: 0x1800a28e0)
- GetVersionExW (Address: 0x1800a29f0)
- GetWindowsDirectoryW (Address: 0x1800a2978)
- HeapAlloc (Address: 0x1800a2710)
- HeapFree (Address: 0x1800a2720)
- HeapSetInformation (Address: 0x1800a28e8)
- HeapSize (Address: 0x1800a2808)
- InitializeCriticalSection (Address: 0x1800a2a50)
- InitializeCriticalSectionEx (Address: 0x1800a2920)
- InitializeSRWLock (Address: 0x1800a2890)
- InitOnceBeginInitialize (Address: 0x1800a27c8)
- InitOnceComplete (Address: 0x1800a27d8)
- InitOnceExecuteOnce (Address: 0x1800a27d0)
- IsDebuggerPresent (Address: 0x1800a2758)
- K32GetProcessImageFileNameW (Address: 0x1800a2990)
- LeaveCriticalSection (Address: 0x1800a2918)
- LoadLibraryExW (Address: 0x1800a2988)
- LoadLibraryW (Address: 0x1800a28a8)
- LoadResource (Address: 0x1800a2900)
- LocalAlloc (Address: 0x1800a29a0)
- LocalFree (Address: 0x1800a26b0)
- LocalReAlloc (Address: 0x1800a26e8)
- LocalSize (Address: 0x1800a2a38)
- LockResource (Address: 0x1800a28f8)
- lstrlenW (Address: 0x1800a26f0)
- OpenEventW (Address: 0x1800a2870)
- OpenProcess (Address: 0x1800a2898)
- OpenSemaphoreW (Address: 0x1800a27a8)
- OutputDebugStringW (Address: 0x1800a2760)
- QueryFullProcessImageNameW (Address: 0x1800a2940)
- QueryPerformanceCounter (Address: 0x1800a2850)
- QueueUserWorkItem (Address: 0x1800a29e0)
- RaiseException (Address: 0x1800a2868)
- RegisterWaitForSingleObject (Address: 0x1800a2a00)
- ReleaseMutex (Address: 0x1800a2780)
- ReleaseSemaphore (Address: 0x1800a2778)
- ReleaseSRWLockExclusive (Address: 0x1800a27c0)
- ReleaseSRWLockShared (Address: 0x1800a27f0)
- ResolveDelayLoadedAPI (Address: 0x1800a26d0)
- RtlCaptureContext (Address: 0x1800a2818)
- RtlLookupFunctionEntry (Address: 0x1800a2820)
- RtlVirtualUnwind (Address: 0x1800a2828)
- SetEvent (Address: 0x1800a2880)
- SetLastError (Address: 0x1800a2768)
- SetThreadpoolTimer (Address: 0x1800a28b8)
- SetThreadpoolWait (Address: 0x1800a2968)
- SetUnhandledExceptionFilter (Address: 0x1800a2838)
- Sleep (Address: 0x1800a2810)
- SleepConditionVariableSRW (Address: 0x1800a26b8)
- TerminateProcess (Address: 0x1800a2848)
- TryAcquireSRWLockExclusive (Address: 0x1800a26f8)
- UnhandledExceptionFilter (Address: 0x1800a2830)
- UnregisterWait (Address: 0x1800a29f8)
- VerifyVersionInfoW (Address: 0x1800a26d8)
- VerSetConditionMask (Address: 0x1800a26e0)
- WaitForMultipleObjects (Address: 0x1800a29e8)
- WaitForMultipleObjectsEx (Address: 0x1800a2878)
- WaitForSingleObject (Address: 0x1800a27a0)
- WaitForSingleObjectEx (Address: 0x1800a2788)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800a28d0)
- WaitForThreadpoolWaitCallbacks (Address: 0x1800a2960)
- WakeAllConditionVariable (Address: 0x1800a26c0)
- WerRegisterCustomMetadata (Address: 0x1800a2930)
- WerUnregisterCustomMetadata (Address: 0x1800a2938)
msvcrt.dll
- __C_specific_handler (Address: 0x1800a3210)
- __CxxFrameHandler3 (Address: 0x1800a3258)
- __dllonexit (Address: 0x1800a31f8)
- _amsg_exit (Address: 0x1800a3228)
- _callnewh (Address: 0x1800a3188)
- _CxxThrowException (Address: 0x1800a3198)
- _get_errno (Address: 0x1800a3270)
- _initterm (Address: 0x1800a3218)
- _lock (Address: 0x1800a3208)
- _onexit (Address: 0x1800a31f0)
- _purecall (Address: 0x1800a3240)
- _set_errno (Address: 0x1800a3278)
- _unlock (Address: 0x1800a3200)
- _vsnprintf_s (Address: 0x1800a31d0)
- _vsnwprintf (Address: 0x1800a3290)
- _wcsicmp (Address: 0x1800a3260)
- _wtoi (Address: 0x1800a31b0)
- _XcptFilter (Address: 0x1800a3230)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800a31d8)
- ??0exception@@QEAA@XZ (Address: 0x1800a31e0)
- ??1exception@@UEAA@XZ (Address: 0x1800a3250)
- ??1type_info@@UEAA@XZ (Address: 0x1800a3298)
- ?terminate@@YAXXZ (Address: 0x1800a31a8)
- free (Address: 0x1800a3238)
- malloc (Address: 0x1800a3220)
- memcmp (Address: 0x1800a31c0)
- memcpy (Address: 0x1800a31c8)
- memcpy_s (Address: 0x1800a3248)
- memmove (Address: 0x1800a31e8)
- memmove_s (Address: 0x1800a3288)
- memset (Address: 0x1800a32a0)
- realloc (Address: 0x1800a3280)
- swscanf (Address: 0x1800a31a0)
- toupper (Address: 0x1800a3190)
- wcschr (Address: 0x1800a3268)
- wcstoul (Address: 0x1800a31b8)
ntdll.dll
- NtClose (Address: 0x1800a32e0)
- NtOpenKey (Address: 0x1800a32c0)
- NtOpenProcess (Address: 0x1800a32d0)
- NtOpenProcessToken (Address: 0x1800a32e8)
- NtPowerInformation (Address: 0x1800a3350)
- NtQueryInformationToken (Address: 0x1800a32d8)
- NtQuerySystemInformation (Address: 0x1800a3370)
- NtQueryValueKey (Address: 0x1800a3380)
- NtQueryWnfStateData (Address: 0x1800a3378)
- NtSetInformationJobObject (Address: 0x1800a3328)
- NtSetInformationProcess (Address: 0x1800a3330)
- RtlAcquireResourceExclusive (Address: 0x1800a3300)
- RtlDeleteResource (Address: 0x1800a32f0)
- RtlGetDeviceFamilyInfoEnum (Address: 0x1800a3310)
- RtlGetNtProductType (Address: 0x1800a32b8)
- RtlInitializeResource (Address: 0x1800a3308)
- RtlInitString (Address: 0x1800a3318)
- RtlInitUnicodeString (Address: 0x1800a3338)
- RtlIsMultiSessionSku (Address: 0x1800a3340)
- RtlIsMultiUsersInSessionSku (Address: 0x1800a3320)
- RtlNtStatusToDosError (Address: 0x1800a3348)
- RtlPublishWnfStateData (Address: 0x1800a3368)
- RtlReleaseResource (Address: 0x1800a32f8)
- RtlRunOnceExecuteOnce (Address: 0x1800a32b0)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800a3358)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800a3360)
- RtlUnsubscribeWnfStateChangeNotification (Address: 0x1800a32c8)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x1800a2ac0)
- I_RpcBindingIsClientLocal (Address: 0x1800a2ab8)
- NdrServerCall2 (Address: 0x1800a2aa0)
- NdrServerCallAll (Address: 0x1800a2aa8)
- RpcBindingInqAuthClientW (Address: 0x1800a2ac8)
- RpcBindingVectorFree (Address: 0x1800a2a90)
- RpcEpRegisterW (Address: 0x1800a2a78)
- RpcEpUnregister (Address: 0x1800a2a60)
- RpcServerInqBindings (Address: 0x1800a2a88)
- RpcServerListen (Address: 0x1800a2a70)
- RpcServerRegisterIfEx (Address: 0x1800a2a98)
- RpcServerUnregisterIf (Address: 0x1800a2a68)
- RpcServerUseProtseqW (Address: 0x1800a2ab0)
- UuidFromStringW (Address: 0x1800a2a80)
SHCORE.dll
- (Address: 0x1800a2af0)
- CreateRandomAccessStreamOverStream (Address: 0x1800a2ad8)
- IsOS (Address: 0x1800a2b20)
- SHCreateMemStream (Address: 0x1800a2af8)
- SHCreateThread (Address: 0x1800a2b18)
- SHCreateThreadWithHandle (Address: 0x1800a2ae8)
- SHDeleteValueW (Address: 0x1800a2b00)
- SHTaskPoolAllowThreadReuse (Address: 0x1800a2ae0)
- SHTaskPoolGetUniqueContext (Address: 0x1800a2b08)
- SHTaskPoolQueueTask (Address: 0x1800a2b10)
SHLWAPI.dll
- (Address: 0x1800a2b38)
- PathFileExistsW (Address: 0x1800a2b30)
SLC.dll
- SLGetWindowsInformationDWORD (Address: 0x1800a2b48)
UMPDC.dll
- Pdcv2ActivationClientDeactivate (Address: 0x1800a2b58)
- Pdcv2ActivationClientUnregister (Address: 0x1800a2b60)
USER32.dll
- ActivateKeyboardLayout (Address: 0x1800a2b98)
- CloseDesktop (Address: 0x1800a2bc8)
- GetDC (Address: 0x1800a2bb0)
- GetRawInputDeviceList (Address: 0x1800a2b90)
- GetUserObjectInformationW (Address: 0x1800a2b88)
- LoadCursorW (Address: 0x1800a2b78)
- LoadKeyboardLayoutW (Address: 0x1800a2ba0)
- OpenDesktopW (Address: 0x1800a2bd8)
- OpenInputDesktop (Address: 0x1800a2be0)
- RegisterBSDRWindow (Address: 0x1800a2b70)
- ReleaseDC (Address: 0x1800a2b80)
- SetSysColors (Address: 0x1800a2bc0)
- SetThreadDesktop (Address: 0x1800a2bd0)
- ShowCursor (Address: 0x1800a2bb8)
- UnloadKeyboardLayout (Address: 0x1800a2ba8)
USERENV.dll
- GetProfilesDirectoryW (Address: 0x1800a2bf0)