pcasvc.dll
Description: Program Compatibility Assistant Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6157
Architecture: 64-bit
Operating System: Windows NT
SHA256: 156e7dab4f5299070ec05260d1639560
File Size: 918.4 KB
Uploaded At: Dec. 1, 2025, 7:36 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess
Exported Functions
- PcaPatchSdbTask (Ordinal: 1, Address: 0x1e080)
- PcaWallpaperAppDetect (Ordinal: 2, Address: 0x1e0c0)
- QueryEncapsulationSettings (Ordinal: 3, Address: 0x1cb70)
- QueryEncapsulationSettingsTC (Ordinal: 4, Address: 0x1e070)
- ServiceMain (Ordinal: 5, Address: 0x13b80)
- SvchostPushServiceGlobals (Ordinal: 6, Address: 0x16390)
Imported DLLs & Functions
api-ms-win-core-appcompat-l1-1-1.dll
- BaseFreeAppCompatDataForProcess (Address: 0x18009bed0)
- BaseReadAppCompatDataForProcess (Address: 0x18009bed8)
api-ms-win-core-com-l1-1-0.dll
- CoCancelCall (Address: 0x18009bf18)
- CoCreateGuid (Address: 0x18009bf48)
- CoCreateInstance (Address: 0x18009bee8)
- CoDisableCallCancellation (Address: 0x18009bf20)
- CoEnableCallCancellation (Address: 0x18009bf28)
- CoGetClassObject (Address: 0x18009bef8)
- CoGetInterfaceAndReleaseStream (Address: 0x18009bf08)
- CoInitializeEx (Address: 0x18009bf38)
- CoMarshalInterThreadInterfaceInStream (Address: 0x18009bf50)
- CoReleaseMarshalData (Address: 0x18009bf10)
- CoTaskMemFree (Address: 0x18009bf00)
- CoUninitialize (Address: 0x18009bf40)
- CoWaitForMultipleHandles (Address: 0x18009bef0)
- StringFromGUID2 (Address: 0x18009bf30)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x18009bf60)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18009bf80)
- IsDebuggerPresent (Address: 0x18009bf78)
- OutputDebugStringA (Address: 0x18009bf88)
- OutputDebugStringW (Address: 0x18009bf70)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18009bf98)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18009bfa8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18009bfb8)
- RaiseException (Address: 0x18009bfc8)
- SetErrorMode (Address: 0x18009bfd0)
- SetLastError (Address: 0x18009bfc0)
- SetUnhandledExceptionFilter (Address: 0x18009bfd8)
- UnhandledExceptionFilter (Address: 0x18009bfe0)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x18009c008)
- CreateFileA (Address: 0x18009c000)
- CreateFileW (Address: 0x18009c060)
- DeleteFileW (Address: 0x18009c080)
- FindClose (Address: 0x18009c0a8)
- FindFirstFileW (Address: 0x18009c050)
- FindNextFileW (Address: 0x18009c038)
- GetDiskFreeSpaceExW (Address: 0x18009c020)
- GetDriveTypeW (Address: 0x18009bff0)
- GetFileAttributesW (Address: 0x18009c028)
- GetFileInformationByHandle (Address: 0x18009c058)
- GetFileSize (Address: 0x18009bff8)
- GetFileSizeEx (Address: 0x18009c018)
- GetFileTime (Address: 0x18009c048)
- GetLogicalDriveStringsW (Address: 0x18009c040)
- GetLongPathNameW (Address: 0x18009c088)
- GetShortPathNameW (Address: 0x18009c090)
- GetTempFileNameW (Address: 0x18009c070)
- GetVolumeInformationByHandleW (Address: 0x18009c068)
- GetVolumeInformationW (Address: 0x18009c078)
- QueryDosDeviceW (Address: 0x18009c030)
- ReadFile (Address: 0x18009c010)
- SetFilePointer (Address: 0x18009c098)
- WriteFile (Address: 0x18009c0a0)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x18009c0b8)
- GetVolumeNameForVolumeMountPointW (Address: 0x18009c0c0)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x18009c0d0)
api-ms-win-core-file-l2-1-2.dll
- CopyFileW (Address: 0x18009c0e0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18009c0f8)
- DuplicateHandle (Address: 0x18009c0f0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18009c120)
- HeapAlloc (Address: 0x18009c110)
- HeapFree (Address: 0x18009c118)
- HeapReAlloc (Address: 0x18009c108)
api-ms-win-core-heap-l2-1-0.dll
- GlobalFree (Address: 0x18009c138)
- LocalAlloc (Address: 0x18009c140)
- LocalFree (Address: 0x18009c130)
api-ms-win-core-io-l1-1-0.dll
- CreateIoCompletionPort (Address: 0x18009c168)
- DeviceIoControl (Address: 0x18009c158)
- GetQueuedCompletionStatus (Address: 0x18009c160)
- PostQueuedCompletionStatus (Address: 0x18009c150)
api-ms-win-core-job-l1-1-0.dll
- IsProcessInJob (Address: 0x18009c178)
api-ms-win-core-job-l2-1-0.dll
- AssignProcessToJobObject (Address: 0x18009c1a0)
- CreateJobObjectW (Address: 0x18009c190)
- QueryInformationJobObject (Address: 0x18009c188)
- SetInformationJobObject (Address: 0x18009c198)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- UnregisterWait (Address: 0x18009c1b0)
- WTSGetActiveConsoleSessionId (Address: 0x18009c1b8)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
- VerifyVersionInfoW (Address: 0x18009c1c8)
api-ms-win-core-kernel32-private-l1-1-0.dll
- CheckElevationEnabled (Address: 0x18009c1d8)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x18009c1f0)
- GetModuleFileNameA (Address: 0x18009c208)
- GetModuleFileNameW (Address: 0x18009c1e8)
- GetModuleHandleExW (Address: 0x18009c228)
- GetModuleHandleW (Address: 0x18009c230)
- GetProcAddress (Address: 0x18009c220)
- LoadLibraryExW (Address: 0x18009c218)
- LoadResource (Address: 0x18009c1f8)
- LockResource (Address: 0x18009c200)
- SizeofResource (Address: 0x18009c210)
api-ms-win-core-libraryloader-l1-2-1.dll
- FindResourceW (Address: 0x18009c240)
- LoadLibraryW (Address: 0x18009c248)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18009c258)
api-ms-win-core-localization-l1-2-3.dll
- GetGeoInfoEx (Address: 0x18009c268)
- GetUserDefaultGeoName (Address: 0x18009c270)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x18009c298)
- MapViewOfFile (Address: 0x18009c290)
- UnmapViewOfFile (Address: 0x18009c280)
- WriteProcessMemory (Address: 0x18009c288)
api-ms-win-core-namedpipe-l1-1-0.dll
- SetNamedPipeHandleState (Address: 0x18009c2b0)
- WaitNamedPipeW (Address: 0x18009c2a8)
api-ms-win-core-path-l1-1-0.dll
- PathCchRemoveFileSpec (Address: 0x18009c2c0)
- PathIsUNCEx (Address: 0x18009c2c8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsA (Address: 0x18009c2d8)
- ExpandEnvironmentStringsW (Address: 0x18009c2e0)
- FreeEnvironmentStringsW (Address: 0x18009c2f8)
- GetCommandLineW (Address: 0x18009c2e8)
- GetEnvironmentStringsW (Address: 0x18009c2f0)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18009c338)
- CreateProcessW (Address: 0x18009c330)
- CreateThread (Address: 0x18009c378)
- ExitProcess (Address: 0x18009c360)
- GetCurrentProcess (Address: 0x18009c368)
- GetCurrentProcessId (Address: 0x18009c308)
- GetCurrentThread (Address: 0x18009c358)
- GetCurrentThreadId (Address: 0x18009c310)
- GetExitCodeProcess (Address: 0x18009c328)
- GetProcessId (Address: 0x18009c350)
- OpenProcessToken (Address: 0x18009c318)
- ProcessIdToSessionId (Address: 0x18009c348)
- ResumeThread (Address: 0x18009c320)
- SetThreadPriority (Address: 0x18009c340)
- TerminateProcess (Address: 0x18009c370)
api-ms-win-core-processthreads-l1-1-1.dll
- GetThreadTimes (Address: 0x18009c388)
- IsProcessorFeaturePresent (Address: 0x18009c398)
- OpenProcess (Address: 0x18009c390)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18009c3a8)
api-ms-win-core-psapi-l1-1-0.dll
- K32GetModuleFileNameExW (Address: 0x18009c3b8)
- QueryFullProcessImageNameW (Address: 0x18009c3c0)
api-ms-win-core-realtime-l1-1-0.dll
- QueryUnbiasedInterruptTime (Address: 0x18009c3d0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18009c438)
- RegCreateKeyExW (Address: 0x18009c430)
- RegDeleteKeyExW (Address: 0x18009c420)
- RegDeleteTreeW (Address: 0x18009c458)
- RegDeleteValueW (Address: 0x18009c440)
- RegEnumKeyExW (Address: 0x18009c3f0)
- RegEnumValueW (Address: 0x18009c460)
- RegFlushKey (Address: 0x18009c468)
- RegGetValueW (Address: 0x18009c408)
- RegLoadAppKeyW (Address: 0x18009c470)
- RegLoadKeyW (Address: 0x18009c400)
- RegNotifyChangeKeyValue (Address: 0x18009c418)
- RegOpenKeyExW (Address: 0x18009c3f8)
- RegQueryInfoKeyW (Address: 0x18009c428)
- RegQueryValueExW (Address: 0x18009c450)
- RegSaveKeyExW (Address: 0x18009c3e8)
- RegSetKeySecurity (Address: 0x18009c3e0)
- RegSetValueExW (Address: 0x18009c448)
- RegUnLoadKeyW (Address: 0x18009c410)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x18009c480)
- RegSetKeyValueW (Address: 0x18009c488)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x18009c498)
- RegOpenKeyW (Address: 0x18009c4a0)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathAppendW (Address: 0x18009c4d0)
- PathFileExistsW (Address: 0x18009c4e8)
- PathFindExtensionW (Address: 0x18009c4d8)
- PathFindFileNameW (Address: 0x18009c4b8)
- PathGetDriveNumberW (Address: 0x18009c4e0)
- PathRemoveExtensionW (Address: 0x18009c4c0)
- PathSkipRootW (Address: 0x18009c4b0)
- PathStripPathW (Address: 0x18009c4c8)
api-ms-win-core-sidebyside-l1-1-0.dll
- CreateActCtxW (Address: 0x18009c508)
- QueryActCtxW (Address: 0x18009c500)
- ReleaseActCtx (Address: 0x18009c4f8)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x18009c518)
- MultiByteToWideChar (Address: 0x18009c520)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x18009c538)
- lstrcmpW (Address: 0x18009c530)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18009c5c0)
- AcquireSRWLockShared (Address: 0x18009c600)
- CreateEventExW (Address: 0x18009c5a0)
- CreateEventW (Address: 0x18009c5a8)
- CreateMutexExW (Address: 0x18009c5f8)
- CreateMutexW (Address: 0x18009c578)
- CreateSemaphoreExW (Address: 0x18009c560)
- DeleteCriticalSection (Address: 0x18009c608)
- EnterCriticalSection (Address: 0x18009c568)
- InitializeCriticalSection (Address: 0x18009c548)
- InitializeCriticalSectionEx (Address: 0x18009c580)
- LeaveCriticalSection (Address: 0x18009c5e0)
- OpenEventW (Address: 0x18009c558)
- OpenSemaphoreW (Address: 0x18009c5d0)
- OpenWaitableTimerW (Address: 0x18009c5b0)
- ReleaseMutex (Address: 0x18009c590)
- ReleaseSemaphore (Address: 0x18009c570)
- ReleaseSRWLockExclusive (Address: 0x18009c598)
- ReleaseSRWLockShared (Address: 0x18009c5f0)
- ResetEvent (Address: 0x18009c5b8)
- SetEvent (Address: 0x18009c5d8)
- SetWaitableTimer (Address: 0x18009c5e8)
- TryEnterCriticalSection (Address: 0x18009c550)
- WaitForSingleObject (Address: 0x18009c588)
- WaitForSingleObjectEx (Address: 0x18009c5c8)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x18009c618)
- InitOnceComplete (Address: 0x18009c628)
- Sleep (Address: 0x18009c620)
- SleepConditionVariableSRW (Address: 0x18009c630)
- WakeAllConditionVariable (Address: 0x18009c638)
api-ms-win-core-synch-l1-2-1.dll
- CreateSemaphoreW (Address: 0x18009c650)
- CreateWaitableTimerW (Address: 0x18009c658)
- WaitForMultipleObjects (Address: 0x18009c648)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x18009c680)
- GetSystemDirectoryW (Address: 0x18009c6a8)
- GetSystemInfo (Address: 0x18009c698)
- GetSystemTime (Address: 0x18009c6b0)
- GetSystemTimeAsFileTime (Address: 0x18009c690)
- GetSystemWindowsDirectoryW (Address: 0x18009c678)
- GetTickCount (Address: 0x18009c688)
- GetTickCount64 (Address: 0x18009c6a0)
- GetVersionExW (Address: 0x18009c670)
- GlobalMemoryStatusEx (Address: 0x18009c668)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x18009c6c0)
- GetSystemFirmwareTable (Address: 0x18009c6c8)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpool (Address: 0x18009c730)
- CloseThreadpoolTimer (Address: 0x18009c750)
- CloseThreadpoolWait (Address: 0x18009c718)
- CloseThreadpoolWork (Address: 0x18009c6e0)
- CreateThreadpool (Address: 0x18009c728)
- CreateThreadpoolTimer (Address: 0x18009c738)
- CreateThreadpoolWait (Address: 0x18009c700)
- CreateThreadpoolWork (Address: 0x18009c708)
- SetThreadpoolThreadMaximum (Address: 0x18009c720)
- SetThreadpoolThreadMinimum (Address: 0x18009c710)
- SetThreadpoolTimer (Address: 0x18009c748)
- SetThreadpoolWait (Address: 0x18009c6f8)
- SubmitThreadpoolWork (Address: 0x18009c6e8)
- WaitForThreadpoolTimerCallbacks (Address: 0x18009c740)
- WaitForThreadpoolWaitCallbacks (Address: 0x18009c6f0)
- WaitForThreadpoolWorkCallbacks (Address: 0x18009c6d8)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- ChangeTimerQueueTimer (Address: 0x18009c770)
- CreateTimerQueueTimer (Address: 0x18009c778)
- DeleteTimerQueueTimer (Address: 0x18009c760)
- QueueUserWorkItem (Address: 0x18009c768)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x18009c788)
- SystemTimeToFileTime (Address: 0x18009c790)
api-ms-win-core-url-l1-1-0.dll
- UrlGetPartW (Address: 0x18009c7a0)
api-ms-win-core-version-l1-1-0.dll
- VerQueryValueW (Address: 0x18009c7b0)
api-ms-win-core-version-l1-1-1.dll
- GetFileVersionInfoSizeW (Address: 0x18009c7c0)
- GetFileVersionInfoW (Address: 0x18009c7c8)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x18009c7f0)
- RoGetActivationFactory (Address: 0x18009c7e0)
- RoInitialize (Address: 0x18009c7e8)
- RoUninitialize (Address: 0x18009c7d8)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x18009c810)
- WindowsCreateStringReference (Address: 0x18009c818)
- WindowsDeleteString (Address: 0x18009c808)
- WindowsGetStringRawBuffer (Address: 0x18009c800)
api-ms-win-devices-config-l1-1-1.dll
- CM_Get_Device_IDW (Address: 0x18009c840)
- CM_Get_Parent (Address: 0x18009c838)
- CM_Register_Notification (Address: 0x18009c828)
- CM_Unregister_Notification (Address: 0x18009c830)
api-ms-win-eventing-consumer-l1-1-0.dll
- CloseTrace (Address: 0x18009c850)
- OpenTraceW (Address: 0x18009c860)
- ProcessTrace (Address: 0x18009c858)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x18009c870)
- EnableTraceEx2 (Address: 0x18009c880)
- StartTraceW (Address: 0x18009c878)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x18009c898)
- EventSetInformation (Address: 0x18009c8a8)
- EventUnregister (Address: 0x18009c8a0)
- EventWriteTransfer (Address: 0x18009c890)
api-ms-win-oobe-notification-l1-1-0.dll
- OOBEComplete (Address: 0x18009c8b8)
api-ms-win-power-base-l1-1-0.dll
- PowerRegisterSuspendResumeNotification (Address: 0x18009c8c8)
- PowerUnregisterSuspendResumeNotification (Address: 0x18009c8d0)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAce (Address: 0x18009c8e8)
- AllocateAndInitializeSid (Address: 0x18009c900)
- FreeSid (Address: 0x18009c928)
- GetLengthSid (Address: 0x18009c8f0)
- GetTokenInformation (Address: 0x18009c8f8)
- ImpersonateLoggedOnUser (Address: 0x18009c918)
- InitializeAcl (Address: 0x18009c8e0)
- InitializeSecurityDescriptor (Address: 0x18009c938)
- RevertToSelf (Address: 0x18009c920)
- SetSecurityDescriptorDacl (Address: 0x18009c930)
- SetSecurityDescriptorGroup (Address: 0x18009c908)
- SetSecurityDescriptorOwner (Address: 0x18009c910)
api-ms-win-security-credentials-l1-1-0.dll
- CredReadW (Address: 0x18009c948)
api-ms-win-security-cryptoapi-l1-1-0.dll
- CryptAcquireContextW (Address: 0x18009c958)
- CryptCreateHash (Address: 0x18009c968)
- CryptDestroyHash (Address: 0x18009c970)
- CryptGetHashParam (Address: 0x18009c960)
- CryptHashData (Address: 0x18009c980)
- CryptReleaseContext (Address: 0x18009c978)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x18009c990)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x18009c9a8)
- SetServiceStatus (Address: 0x18009c9a0)
api-ms-win-shcore-taskpool-l1-1-0.dll
- SHTaskPoolQueueTask (Address: 0x18009c9b8)
apphelp.dll
- (Address: 0x18009c9c8)
- SetPermLayerState (Address: 0x18009c9d0)
CRYPT32.dll
- CertVerifyCertificateChainPolicy (Address: 0x18009bd20)
msvcrt.dll
- __C_specific_handler (Address: 0x18009caa8)
- __CxxFrameHandler3 (Address: 0x18009cbc8)
- __dllonexit (Address: 0x18009ca90)
- _amsg_exit (Address: 0x18009cb18)
- _callnewh (Address: 0x18009c9e8)
- _CxxThrowException (Address: 0x18009c9f0)
- _initterm (Address: 0x18009cab8)
- _itoa_s (Address: 0x18009cb88)
- _itow_s (Address: 0x18009ca08)
- _lock (Address: 0x18009caa0)
- _onexit (Address: 0x18009ca88)
- _purecall (Address: 0x18009cb90)
- _unlock (Address: 0x18009ca98)
- _vsnprintf (Address: 0x18009cba0)
- _vsnprintf_s (Address: 0x18009cb50)
- _vsnwprintf (Address: 0x18009cbc0)
- _vsnwprintf_s (Address: 0x18009cb00)
- _wcsicmp (Address: 0x18009cb58)
- _wcslwr (Address: 0x18009ca00)
- _wcslwr_s (Address: 0x18009cae0)
- _wcsnicmp (Address: 0x18009cb80)
- _wfopen_s (Address: 0x18009ca78)
- _wsplitpath_s (Address: 0x18009cb08)
- _wtof (Address: 0x18009caf8)
- _wtoi (Address: 0x18009cb68)
- _XcptFilter (Address: 0x18009cb20)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18009cac8)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18009c9e0)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x18009cb60)
- ??0exception@@QEAA@XZ (Address: 0x18009cb70)
- ??1exception@@UEAA@XZ (Address: 0x18009cb78)
- ??1type_info@@UEAA@XZ (Address: 0x18009ca50)
- ??3@YAXPEAX@Z (Address: 0x18009cbb0)
- ?terminate@@YAXXZ (Address: 0x18009ca80)
- ?what@exception@@UEBAPEBDXZ (Address: 0x18009cad0)
- fclose (Address: 0x18009ca68)
- free (Address: 0x18009cb10)
- fwprintf_s (Address: 0x18009ca70)
- malloc (Address: 0x18009cac0)
- memcmp (Address: 0x18009ca18)
- memcpy (Address: 0x18009cba8)
- memcpy_s (Address: 0x18009cbb8)
- memmove (Address: 0x18009ca30)
- memmove_s (Address: 0x18009cb40)
- memset (Address: 0x18009ca38)
- qsort (Address: 0x18009cbf0)
- sprintf_s (Address: 0x18009ca28)
- sscanf_s (Address: 0x18009cb38)
- strchr (Address: 0x18009cbd0)
- strcmp (Address: 0x18009ca40)
- strcpy_s (Address: 0x18009cb98)
- strerror (Address: 0x18009cab0)
- strncmp (Address: 0x18009cbe0)
- strnlen (Address: 0x18009caf0)
- swprintf_s (Address: 0x18009ca10)
- swscanf_s (Address: 0x18009cad8)
- toupper (Address: 0x18009ca58)
- towlower (Address: 0x18009cb30)
- wcscat_s (Address: 0x18009ca48)
- wcschr (Address: 0x18009c9f8)
- wcscmp (Address: 0x18009cbf8)
- wcscpy_s (Address: 0x18009cb48)
- wcsncmp (Address: 0x18009cbd8)
- wcsncpy_s (Address: 0x18009ca20)
- wcsrchr (Address: 0x18009cae8)
- wcsspn (Address: 0x18009cbe8)
- wcsstr (Address: 0x18009ca60)
- wcstoul (Address: 0x18009cb28)
ntdll.dll
- EtwEventRegister (Address: 0x18009ce08)
- EtwEventUnregister (Address: 0x18009ce18)
- EtwEventWrite (Address: 0x18009ce10)
- EtwEventWriteNoRegistration (Address: 0x18009cf30)
- EtwTraceMessage (Address: 0x18009cc88)
- LdrResSearchResource (Address: 0x18009ccd0)
- NtApphelpCacheControl (Address: 0x18009cf08)
- NtClose (Address: 0x18009cd30)
- NtCreateSection (Address: 0x18009cc78)
- NtDeleteValueKey (Address: 0x18009ccb0)
- NtLoadKeyEx (Address: 0x18009cc60)
- NtOpenFile (Address: 0x18009cca0)
- NtOpenProcessToken (Address: 0x18009cc18)
- NtOpenThreadToken (Address: 0x18009cc28)
- NtQueryInformationFile (Address: 0x18009cc98)
- NtQueryInformationToken (Address: 0x18009cc20)
- NtQueryKey (Address: 0x18009cc48)
- NtQueryLicenseValue (Address: 0x18009ce30)
- NtQuerySection (Address: 0x18009cc80)
- NtQuerySystemInformation (Address: 0x18009ce68)
- NtQuerySystemTime (Address: 0x18009cf18)
- NtQueryValueKey (Address: 0x18009cd38)
- NtResumeProcess (Address: 0x18009ce58)
- NtSetValueKey (Address: 0x18009ccb8)
- NtSuspendProcess (Address: 0x18009ce50)
- RtlAcquireSRWLockExclusive (Address: 0x18009ce88)
- RtlAdjustPrivilege (Address: 0x18009cc30)
- RtlAllocateAndInitializeSid (Address: 0x18009cc38)
- RtlAllocateHeap (Address: 0x18009cf10)
- RtlAnsiStringToUnicodeString (Address: 0x18009cd18)
- RtlAppendUnicodeStringToString (Address: 0x18009cda8)
- RtlAppendUnicodeToString (Address: 0x18009cda0)
- RtlCaptureContext (Address: 0x18009ce20)
- RtlCompareMemory (Address: 0x18009cf20)
- RtlComputeCrc32 (Address: 0x18009ced0)
- RtlCopyUnicodeString (Address: 0x18009cc08)
- RtlDeleteCriticalSection (Address: 0x18009ce98)
- RtlDoesFileExists_U (Address: 0x18009cee8)
- RtlDosPathNameToNtPathName_U (Address: 0x18009cc90)
- RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x18009cde0)
- RtlDosPathNameToRelativeNtPathName_U (Address: 0x18009cc58)
- RtlEnterCriticalSection (Address: 0x18009cea8)
- RtlEqualString (Address: 0x18009cdf8)
- RtlFormatCurrentUserKeyPath (Address: 0x18009cd98)
- RtlFreeHeap (Address: 0x18009cf28)
- RtlFreeSid (Address: 0x18009cc40)
- RtlFreeUnicodeString (Address: 0x18009cec0)
- RtlGetDeviceFamilyInfoEnum (Address: 0x18009cee0)
- RtlGetFullPathName_UEx (Address: 0x18009cd88)
- RtlGetNativeSystemInformation (Address: 0x18009ccf8)
- RtlGetNtSystemRoot (Address: 0x18009cef8)
- RtlGetPersistedStateLocation (Address: 0x18009ced8)
- RtlGetVersion (Address: 0x18009cca8)
- RtlImageDirectoryEntryToData (Address: 0x18009ccc0)
- RtlImageNtHeaderEx (Address: 0x18009ce70)
- RtlImageRvaToVa (Address: 0x18009cc70)
- RtlInitAnsiString (Address: 0x18009cdf0)
- RtlInitializeCriticalSection (Address: 0x18009ceb0)
- RtlInitializeSRWLock (Address: 0x18009ce78)
- RtlInitString (Address: 0x18009cd28)
- RtlInitUnicodeString (Address: 0x18009cdd8)
- RtlInitUnicodeStringEx (Address: 0x18009cdb8)
- RtlIsCriticalSectionLockedByThread (Address: 0x18009cf00)
- RtlLeaveCriticalSection (Address: 0x18009cea0)
- RtlLookupFunctionEntry (Address: 0x18009ce28)
- RtlMultiByteToUnicodeN (Address: 0x18009cde8)
- RtlNtPathNameToDosPathName (Address: 0x18009cd40)
- RtlNtStatusToDosError (Address: 0x18009ceb8)
- RtlNtStatusToDosErrorNoTeb (Address: 0x18009cef0)
- RtlpEnsureBufferSize (Address: 0x18009cd48)
- RtlRandomEx (Address: 0x18009cc50)
- RtlReleaseRelativeName (Address: 0x18009cc68)
- RtlReleaseSRWLockExclusive (Address: 0x18009ce80)
- RtlRunOnceExecuteOnce (Address: 0x18009cc10)
- RtlSecondsSince1970ToTime (Address: 0x18009cd58)
- RtlStringFromGUID (Address: 0x18009cec8)
- RtlSubscribeWnfStateChangeNotification (Address: 0x18009ce60)
- RtlTimeToTimeFields (Address: 0x18009ccd8)
- RtlTryEnterCriticalSection (Address: 0x18009ce90)
- RtlUnicodeStringToAnsiString (Address: 0x18009cd08)
- RtlUpcaseUnicodeChar (Address: 0x18009cd00)
- RtlUpcaseUnicodeString (Address: 0x18009cd10)
- RtlValidSid (Address: 0x18009ce48)
- RtlVerifyVersionInfo (Address: 0x18009ccc8)
- RtlVirtualUnwind (Address: 0x18009cf38)
- RtlxAnsiStringToUnicodeSize (Address: 0x18009cd20)
- VerSetConditionMask (Address: 0x18009ce38)
- WinSqmIsOptedInEx (Address: 0x18009ce40)
- ZwClose (Address: 0x18009ce00)
- ZwCreateFile (Address: 0x18009cd80)
- ZwCreateKey (Address: 0x18009cd90)
- ZwCreateSection (Address: 0x18009cd70)
- ZwEnumerateKey (Address: 0x18009cdc0)
- ZwMapViewOfSection (Address: 0x18009cce0)
- ZwOpenFile (Address: 0x18009cdd0)
- ZwOpenKey (Address: 0x18009cdc8)
- ZwQueryDirectoryFile (Address: 0x18009cd50)
- ZwQueryInformationFile (Address: 0x18009cd78)
- ZwQueryInformationProcess (Address: 0x18009cd68)
- ZwQuerySystemInformation (Address: 0x18009ccf0)
- ZwQueryValueKey (Address: 0x18009cdb0)
- ZwSetInformationProcess (Address: 0x18009cd60)
- ZwUnmapViewOfSection (Address: 0x18009cce8)
OLEAUT32.dll
- SysAllocString (Address: 0x18009bd38)
- SysFreeString (Address: 0x18009bd30)
- VariantInit (Address: 0x18009bd40)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x18009bd78)
- NdrServerCall2 (Address: 0x18009bd68)
- NdrServerCallAll (Address: 0x18009bd60)
- RpcBindingVectorFree (Address: 0x18009bd50)
- RpcEpRegisterW (Address: 0x18009bd70)
- RpcEpUnregister (Address: 0x18009bda0)
- RpcImpersonateClient (Address: 0x18009bd80)
- RpcRevertToSelfEx (Address: 0x18009bd88)
- RpcServerInqBindings (Address: 0x18009bda8)
- RpcServerRegisterIfEx (Address: 0x18009bd98)
- RpcServerUnregisterIf (Address: 0x18009bdb0)
- RpcServerUseProtseqW (Address: 0x18009bd58)
- UuidCreate (Address: 0x18009bd90)
SETUPAPI.dll
- SetupIterateCabinetW (Address: 0x18009bdc0)
tdh.dll
- TdhGetProperty (Address: 0x18009cf48)
- TdhGetPropertySize (Address: 0x18009cf50)
USER32.dll
- EnumChildWindows (Address: 0x18009bdf8)
- EnumDisplayMonitors (Address: 0x18009be00)
- FindWindowExW (Address: 0x18009be18)
- GetClassNameW (Address: 0x18009be20)
- GetMonitorInfoA (Address: 0x18009bde8)
- GetShellWindow (Address: 0x18009bdd8)
- GetWindow (Address: 0x18009be10)
- GetWindowInfo (Address: 0x18009bdf0)
- GetWindowThreadProcessId (Address: 0x18009bdd0)
- LoadStringW (Address: 0x18009be08)
- SetProcessDpiAwarenessContext (Address: 0x18009bde0)
USERENV.dll
- ExpandEnvironmentStringsForUserW (Address: 0x18009be30)
WINHTTP.dll
- WinHttpAddRequestHeaders (Address: 0x18009beb8)
- WinHttpCloseHandle (Address: 0x18009be58)
- WinHttpConnect (Address: 0x18009be78)
- WinHttpCrackUrl (Address: 0x18009be70)
- WinHttpGetDefaultProxyConfiguration (Address: 0x18009be48)
- WinHttpGetIEProxyConfigForCurrentUser (Address: 0x18009be98)
- WinHttpGetProxyForUrl (Address: 0x18009be50)
- WinHttpOpen (Address: 0x18009be68)
- WinHttpOpenRequest (Address: 0x18009bea0)
- WinHttpQueryAuthSchemes (Address: 0x18009be90)
- WinHttpQueryDataAvailable (Address: 0x18009be40)
- WinHttpQueryHeaders (Address: 0x18009beb0)
- WinHttpReadData (Address: 0x18009be60)
- WinHttpReceiveResponse (Address: 0x18009bec0)
- WinHttpSendRequest (Address: 0x18009be80)
- WinHttpSetCredentials (Address: 0x18009be88)
- WinHttpSetOption (Address: 0x18009bea8)