rpcss.dll
Description: Distributed COM Services
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6157
Architecture: 64-bit
Operating System: Windows NT
SHA256: 5bff5cffac2b7e2694728b8dcf2c6221
File Size: 1.3 MB
Uploaded At: Dec. 1, 2025, 7:38 a.m.
Views: 7
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- (Ordinal: 1, Address: 0x96b10)
- (Ordinal: 2, Address: 0x96a00)
- (Ordinal: 3, Address: 0x96a50)
- (Ordinal: 4, Address: 0x969e0)
- (Ordinal: 5, Address: 0x96a20)
- (Ordinal: 6, Address: 0x969c0)
- (Ordinal: 7, Address: 0x1377e8)
- (Ordinal: 8, Address: 0x96620)
- (Ordinal: 9, Address: 0xcf6d0)
- (Ordinal: 10, Address: 0xcf6c0)
- (Ordinal: 11, Address: 0xd0c60)
- (Ordinal: 12, Address: 0xce6c0)
- (Ordinal: 13, Address: 0x965a0)
- ServiceMain (Ordinal: 14, Address: 0x5da30)
- CoGetComCatalog (Ordinal: 15, Address: 0x96440)
- GetRPCSSInfo (Ordinal: 16, Address: 0x96450)
- WhichService (Ordinal: 17, Address: 0x63a30)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800fd318)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800fd330)
- IsDebuggerPresent (Address: 0x1800fd338)
- OutputDebugStringW (Address: 0x1800fd328)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800fd348)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1800fd358)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800fd368)
- RaiseException (Address: 0x1800fd380)
- SetLastError (Address: 0x1800fd388)
- SetUnhandledExceptionFilter (Address: 0x1800fd378)
- UnhandledExceptionFilter (Address: 0x1800fd370)
api-ms-win-core-errorhandling-l1-1-2.dll
- RaiseFailFastException (Address: 0x1800fd398)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x1800fd3b0)
- CreateFileW (Address: 0x1800fd3a8)
- FindClose (Address: 0x1800fd3c8)
- FindFirstFileW (Address: 0x1800fd3c0)
- GetDriveTypeW (Address: 0x1800fd3b8)
- GetFullPathNameW (Address: 0x1800fd3d0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800fd3e0)
- DuplicateHandle (Address: 0x1800fd3e8)
- SetHandleInformation (Address: 0x1800fd3f0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800fd400)
- HeapAlloc (Address: 0x1800fd410)
- HeapFree (Address: 0x1800fd408)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalFree (Address: 0x1800fd420)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1800fd430)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x1800fd470)
- GetModuleFileNameA (Address: 0x1800fd460)
- GetModuleFileNameW (Address: 0x1800fd450)
- GetModuleHandleExW (Address: 0x1800fd458)
- GetModuleHandleW (Address: 0x1800fd448)
- GetProcAddress (Address: 0x1800fd440)
- LoadLibraryExW (Address: 0x1800fd468)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800fd480)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1800fd4a0)
- MapViewOfFile (Address: 0x1800fd4b8)
- MapViewOfFileEx (Address: 0x1800fd4a8)
- OpenFileMappingW (Address: 0x1800fd4c0)
- ReadProcessMemory (Address: 0x1800fd4b0)
- UnmapViewOfFile (Address: 0x1800fd490)
- VirtualAlloc (Address: 0x1800fd4d8)
- VirtualFree (Address: 0x1800fd498)
- VirtualProtect (Address: 0x1800fd4c8)
- VirtualQuery (Address: 0x1800fd4d0)
api-ms-win-core-path-l1-1-0.dll
- PathAllocCombine (Address: 0x1800fd4e8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800fd508)
- GetCommandLineW (Address: 0x1800fd500)
- SearchPathW (Address: 0x1800fd4f8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x1800fd560)
- CreateThread (Address: 0x1800fd598)
- DeleteProcThreadAttributeList (Address: 0x1800fd568)
- GetCurrentProcess (Address: 0x1800fd570)
- GetCurrentProcessId (Address: 0x1800fd580)
- GetCurrentThread (Address: 0x1800fd518)
- GetCurrentThreadId (Address: 0x1800fd590)
- GetExitCodeProcess (Address: 0x1800fd548)
- GetProcessIdOfThread (Address: 0x1800fd540)
- InitializeProcThreadAttributeList (Address: 0x1800fd550)
- OpenProcessToken (Address: 0x1800fd588)
- OpenThread (Address: 0x1800fd538)
- OpenThreadToken (Address: 0x1800fd520)
- SetThreadStackGuarantee (Address: 0x1800fd578)
- SetThreadToken (Address: 0x1800fd528)
- TerminateProcess (Address: 0x1800fd530)
- UpdateProcThreadAttribute (Address: 0x1800fd558)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1800fd5a8)
- OpenProcess (Address: 0x1800fd5b0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800fd5c0)
api-ms-win-core-psm-key-l1-1-0.dll
- PsmGetKeyFromToken (Address: 0x1800fd5d0)
api-ms-win-core-realtime-l1-1-0.dll
- QueryUnbiasedInterruptTime (Address: 0x1800fd5e0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800fd648)
- RegCreateKeyExW (Address: 0x1800fd5f0)
- RegDeleteValueW (Address: 0x1800fd600)
- RegEnumValueW (Address: 0x1800fd628)
- RegGetValueW (Address: 0x1800fd5f8)
- RegLoadMUIStringW (Address: 0x1800fd618)
- RegNotifyChangeKeyValue (Address: 0x1800fd638)
- RegOpenCurrentUser (Address: 0x1800fd610)
- RegOpenKeyExW (Address: 0x1800fd650)
- RegOpenUserClassesRoot (Address: 0x1800fd620)
- RegQueryInfoKeyW (Address: 0x1800fd630)
- RegQueryValueExW (Address: 0x1800fd640)
- RegSetValueExW (Address: 0x1800fd608)
api-ms-win-core-sidebyside-l1-1-0.dll
- AddRefActCtx (Address: 0x1800fd678)
- FindActCtxSectionGuid (Address: 0x1800fd660)
- FindActCtxSectionStringW (Address: 0x1800fd668)
- ReleaseActCtx (Address: 0x1800fd670)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1800fd688)
- CompareStringW (Address: 0x1800fd690)
api-ms-win-core-string-l2-1-0.dll
- CharUpperW (Address: 0x1800fd6a0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800fd6e8)
- AcquireSRWLockShared (Address: 0x1800fd750)
- CreateEventA (Address: 0x1800fd748)
- CreateEventExW (Address: 0x1800fd6f8)
- CreateEventW (Address: 0x1800fd6d8)
- CreateMutexExW (Address: 0x1800fd758)
- CreateMutexW (Address: 0x1800fd730)
- CreateSemaphoreExW (Address: 0x1800fd700)
- DeleteCriticalSection (Address: 0x1800fd740)
- EnterCriticalSection (Address: 0x1800fd6f0)
- InitializeCriticalSection (Address: 0x1800fd720)
- InitializeCriticalSectionAndSpinCount (Address: 0x1800fd710)
- InitializeCriticalSectionEx (Address: 0x1800fd6c8)
- InitializeSRWLock (Address: 0x1800fd738)
- LeaveCriticalSection (Address: 0x1800fd6e0)
- OpenEventW (Address: 0x1800fd718)
- OpenSemaphoreW (Address: 0x1800fd778)
- ReleaseMutex (Address: 0x1800fd6b8)
- ReleaseSemaphore (Address: 0x1800fd770)
- ReleaseSRWLockExclusive (Address: 0x1800fd6c0)
- ReleaseSRWLockShared (Address: 0x1800fd768)
- SetEvent (Address: 0x1800fd760)
- SleepEx (Address: 0x1800fd6d0)
- WaitForMultipleObjectsEx (Address: 0x1800fd728)
- WaitForSingleObject (Address: 0x1800fd6b0)
- WaitForSingleObjectEx (Address: 0x1800fd708)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1800fd7b8)
- InitOnceComplete (Address: 0x1800fd7b0)
- InitOnceExecuteOnce (Address: 0x1800fd7c8)
- Sleep (Address: 0x1800fd7c0)
- SleepConditionVariableSRW (Address: 0x1800fd798)
- WaitOnAddress (Address: 0x1800fd788)
- WakeAllConditionVariable (Address: 0x1800fd7a0)
- WakeByAddressAll (Address: 0x1800fd7a8)
- WakeByAddressSingle (Address: 0x1800fd790)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x1800fd7d8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1800fd7f0)
- GetSystemDirectoryW (Address: 0x1800fd808)
- GetSystemInfo (Address: 0x1800fd7f8)
- GetSystemTimeAsFileTime (Address: 0x1800fd810)
- GetTickCount (Address: 0x1800fd800)
- GetTickCount64 (Address: 0x1800fd7e8)
- GetVersionExW (Address: 0x1800fd818)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x1800fd828)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800fd840)
- CreateThreadpoolTimer (Address: 0x1800fd858)
- CreateThreadpoolWait (Address: 0x1800fd848)
- SetThreadpoolTimer (Address: 0x1800fd838)
- SetThreadpoolWait (Address: 0x1800fd850)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800fd860)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- CreateTimerQueueTimer (Address: 0x1800fd888)
- DeleteTimerQueueTimer (Address: 0x1800fd878)
- QueueUserWorkItem (Address: 0x1800fd870)
- UnregisterWaitEx (Address: 0x1800fd880)
api-ms-win-core-threadpool-private-l1-1-0.dll
- RegisterWaitForSingleObjectEx (Address: 0x1800fd898)
api-ms-win-core-winrt-error-l1-1-0.dll
- RoOriginateError (Address: 0x1800fd8c0)
- RoOriginateErrorW (Address: 0x1800fd8a8)
- RoTransformError (Address: 0x1800fd8b8)
- RoTransformErrorW (Address: 0x1800fd8b0)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1800fd8d0)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCompareStringOrdinal (Address: 0x1800fd8e8)
- WindowsConcatString (Address: 0x1800fd8e0)
- WindowsCreateString (Address: 0x1800fd910)
- WindowsCreateStringReference (Address: 0x1800fd8f8)
- WindowsDeleteString (Address: 0x1800fd900)
- WindowsDeleteStringBuffer (Address: 0x1800fd920)
- WindowsDuplicateString (Address: 0x1800fd908)
- WindowsGetStringLen (Address: 0x1800fd940)
- WindowsGetStringRawBuffer (Address: 0x1800fd8f0)
- WindowsIsStringEmpty (Address: 0x1800fd918)
- WindowsPreallocateStringBuffer (Address: 0x1800fd930)
- WindowsPromoteStringBuffer (Address: 0x1800fd928)
- WindowsStringHasEmbeddedNull (Address: 0x1800fd938)
api-ms-win-core-wow64-l1-1-1.dll
- GetSystemWow64Directory2W (Address: 0x1800fd950)
- IsWow64Process2 (Address: 0x1800fd958)
- Wow64SetThreadDefaultGuestMachine (Address: 0x1800fd960)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x1800fd9f8)
- _o___std_type_info_destroy_list (Address: 0x1800fda50)
- _o___stdio_common_vsprintf (Address: 0x1800fda48)
- _o___stdio_common_vswprintf (Address: 0x1800fda40)
- _o__cexit (Address: 0x1800fda38)
- _o__configure_narrow_argv (Address: 0x1800fda30)
- _o__crt_atexit (Address: 0x1800fda28)
- _o__errno (Address: 0x1800fda20)
- _o__execute_onexit_table (Address: 0x1800fda18)
- _o__initialize_narrow_environment (Address: 0x1800fda10)
- _o__initialize_onexit_table (Address: 0x1800fda08)
- _o__invalid_parameter_noinfo (Address: 0x1800fda00)
- _o__purecall (Address: 0x1800fd970)
- _o__register_onexit_function (Address: 0x1800fd978)
- _o__resetstkoflw (Address: 0x1800fd980)
- _o__seh_filter_dll (Address: 0x1800fd988)
- _o__ui64tow_s (Address: 0x1800fd990)
- _o__wcsicmp (Address: 0x1800fd998)
- _o__wcslwr_s (Address: 0x1800fd9a0)
- _o__wcsnicmp (Address: 0x1800fd9a8)
- _o__wtoi (Address: 0x1800fd9b0)
- _o_ceil (Address: 0x1800fd9c0)
- _o_free (Address: 0x1800fd9c8)
- _o_malloc (Address: 0x1800fd9d0)
- _o_toupper (Address: 0x1800fd9d8)
- _o_towupper (Address: 0x1800fd9e0)
- _o_wcstoul (Address: 0x1800fd9e8)
- _o_wmemcpy_s (Address: 0x1800fd9f0)
- memcmp (Address: 0x1800fda58)
- memcpy (Address: 0x1800fda60)
- memmove (Address: 0x1800fd9b8)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1800fda78)
- _initterm_e (Address: 0x1800fda70)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x1800fda88)
- wcscmp (Address: 0x1800fda90)
api-ms-win-eventing-controller-l1-1-0.dll
- EnableTraceEx2 (Address: 0x1800fdaa8)
- StartTraceW (Address: 0x1800fdaa0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1800fdad0)
- EventProviderEnabled (Address: 0x1800fdad8)
- EventRegister (Address: 0x1800fdab8)
- EventSetInformation (Address: 0x1800fdac8)
- EventUnregister (Address: 0x1800fdac0)
- EventWriteTransfer (Address: 0x1800fdae0)
api-ms-win-security-base-l1-1-0.dll
- AccessCheckByType (Address: 0x1800fdb08)
- AddAccessAllowedAce (Address: 0x1800fdbb8)
- AddAce (Address: 0x1800fdb70)
- AllocateAndInitializeSid (Address: 0x1800fdba0)
- CheckTokenMembership (Address: 0x1800fdc08)
- CopySid (Address: 0x1800fdbd8)
- CreateWellKnownSid (Address: 0x1800fdbb0)
- DeleteAce (Address: 0x1800fdb78)
- DestroyPrivateObjectSecurity (Address: 0x1800fdb38)
- DuplicateToken (Address: 0x1800fdb40)
- DuplicateTokenEx (Address: 0x1800fdb28)
- EqualSid (Address: 0x1800fdbc8)
- FreeSid (Address: 0x1800fdb98)
- GetAce (Address: 0x1800fdaf8)
- GetAclInformation (Address: 0x1800fdb68)
- GetLengthSid (Address: 0x1800fdb80)
- GetSecurityDescriptorDacl (Address: 0x1800fdb00)
- GetSecurityDescriptorGroup (Address: 0x1800fdb58)
- GetSecurityDescriptorLength (Address: 0x1800fdb18)
- GetSecurityDescriptorOwner (Address: 0x1800fdb50)
- GetSecurityDescriptorSacl (Address: 0x1800fdb48)
- GetSidLengthRequired (Address: 0x1800fdbf0)
- GetSidSubAuthority (Address: 0x1800fdc00)
- GetTokenInformation (Address: 0x1800fdbd0)
- ImpersonateAnonymousToken (Address: 0x1800fdbe8)
- ImpersonateLoggedOnUser (Address: 0x1800fdb20)
- InitializeAcl (Address: 0x1800fdb88)
- InitializeSecurityDescriptor (Address: 0x1800fdb90)
- InitializeSid (Address: 0x1800fdbf8)
- IsValidSecurityDescriptor (Address: 0x1800fdbc0)
- IsValidSid (Address: 0x1800fdaf0)
- MakeAbsoluteSD (Address: 0x1800fdb60)
- MakeSelfRelativeSD (Address: 0x1800fdb30)
- RevertToSelf (Address: 0x1800fdbe0)
- SetSecurityDescriptorDacl (Address: 0x1800fdba8)
- SetTokenInformation (Address: 0x1800fdb10)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSecurityDescriptorToStringSecurityDescriptorW (Address: 0x1800fdc28)
- ConvertSidToStringSidW (Address: 0x1800fdc30)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800fdc20)
- ConvertStringSidToSidW (Address: 0x1800fdc18)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x1800fdc40)
- SetServiceStatus (Address: 0x1800fdc48)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1800fdc58)
- OpenSCManagerW (Address: 0x1800fdc60)
- OpenServiceW (Address: 0x1800fdc68)
- StartServiceW (Address: 0x1800fdc70)
api-ms-win-service-management-l2-1-0.dll
- QueryServiceConfigW (Address: 0x1800fdc88)
- QueryServiceStatusEx (Address: 0x1800fdc80)
api-ms-win-service-private-l1-1-2.dll
- QueryUserServiceName (Address: 0x1800fdc98)
api-ms-win-service-winsvc-l1-1-0.dll
- ControlService (Address: 0x1800fdca8)
bcryptPrimitives.dll
- ProcessPrng (Address: 0x1800fdcb8)
combase.dll
- (Address: 0x1800fdd00)
- (Address: 0x1800fdcf8)
- (Address: 0x1800fdcf0)
- (Address: 0x1800fdce8)
- (Address: 0x1800fdcd8)
- (Address: 0x1800fdcd0)
- (Address: 0x1800fdcc8)
- SetErrorInfo (Address: 0x1800fdce0)
KERNELBASE.dll
- AppXFreeMemory (Address: 0x1800fd060)
- AppXGetPackageCapabilities (Address: 0x1800fd058)
- AppXGetPackageSid (Address: 0x1800fd048)
- ClosePackageInfo (Address: 0x1800fd078)
- FindPackagesByPackageFamily (Address: 0x1800fd0a0)
- FormatApplicationUserModelId (Address: 0x1800fd0f0)
- GetApplicationUserModelIdFromToken (Address: 0x1800fd068)
- GetCurrentPackageId (Address: 0x1800fd0d8)
- GetCurrentPackageInfo (Address: 0x1800fd070)
- GetCurrentPackageInfo3 (Address: 0x1800fd0b8)
- GetPackageFullNameFromToken (Address: 0x1800fd0f8)
- GetPackageInfo (Address: 0x1800fd0a8)
- GetStagedPackageOrigin (Address: 0x1800fd098)
- GetStagedPackagePathByFullName2 (Address: 0x1800fd088)
- GetSystemMetadataPathForPackage (Address: 0x1800fd0c8)
- IsDeveloperModeEnabled (Address: 0x1800fd0b0)
- LocalAlloc (Address: 0x1800fd050)
- lstrcmpW (Address: 0x1800fd0e8)
- OpenPackageInfoByFullName (Address: 0x1800fd0c0)
- OpenPackageInfoByFullNameForMachine (Address: 0x1800fd090)
- OpenPackageInfoByFullNameForUser (Address: 0x1800fd080)
- PackageFamilyNameFromFullName (Address: 0x1800fd100)
- PackageFamilyNameFromId (Address: 0x1800fd0d0)
- ParseApplicationUserModelId (Address: 0x1800fd0e0)
ntdll.dll
- EtwEventRegister (Address: 0x1800fde10)
- EtwEventSetInformation (Address: 0x1800fde28)
- EtwEventUnregister (Address: 0x1800fde18)
- EtwEventWriteTransfer (Address: 0x1800fde20)
- EtwGetTraceEnableFlags (Address: 0x1800fdde8)
- EtwGetTraceEnableLevel (Address: 0x1800fdfb0)
- EtwGetTraceLoggerHandle (Address: 0x1800fddf0)
- EtwRegisterTraceGuidsW (Address: 0x1800fde00)
- EtwTraceMessage (Address: 0x1800fde30)
- EvtIntReportEventAndSourceAsync (Address: 0x1800fdd68)
- NtAllocateLocallyUniqueId (Address: 0x1800fdd50)
- NtClose (Address: 0x1800fde50)
- NtCompareTokens (Address: 0x1800fde70)
- NtDuplicateToken (Address: 0x1800fdde0)
- NtGetNextThread (Address: 0x1800fdf18)
- NtOpenFile (Address: 0x1800fdea8)
- NtOpenKey (Address: 0x1800fdef0)
- NtQueryInformationFile (Address: 0x1800fdeb8)
- NtQueryInformationProcess (Address: 0x1800fdf08)
- NtQueryInformationThread (Address: 0x1800fdf10)
- NtQueryInformationToken (Address: 0x1800fdeb0)
- NtQueryKey (Address: 0x1800fdd90)
- NtQueryMutant (Address: 0x1800fde90)
- NtQuerySecurityAttributesToken (Address: 0x1800fde58)
- NtQuerySystemInformationEx (Address: 0x1800fded0)
- NtQueryWnfStateData (Address: 0x1800fdfa0)
- NtResumeThread (Address: 0x1800fddf8)
- NtSetInformationToken (Address: 0x1800fddc8)
- NtSetSystemInformation (Address: 0x1800fdf00)
- NtTerminateProcess (Address: 0x1800fdf88)
- RtlAcquirePrivilege (Address: 0x1800fddb8)
- RtlAddAce (Address: 0x1800fdd18)
- RtlAllocateAndInitializeSid (Address: 0x1800fde80)
- RtlAllocateAndInitializeSidEx (Address: 0x1800fdf80)
- RtlAllocateHeap (Address: 0x1800fdec0)
- RtlCaptureContext (Address: 0x1800fdf48)
- RtlCopySid (Address: 0x1800fdfb8)
- RtlCreateAcl (Address: 0x1800fdfa8)
- RtlCreateSecurityDescriptor (Address: 0x1800fdd20)
- RtlCreateUnicodeString (Address: 0x1800fde98)
- RtlCreateVirtualAccountSid (Address: 0x1800fdd48)
- RtlDeleteCriticalSection (Address: 0x1800fdf28)
- RtlDeriveCapabilitySidsFromName (Address: 0x1800fdd78)
- RtlEqualSid (Address: 0x1800fdef8)
- RtlEqualUnicodeString (Address: 0x1800fdf70)
- RtlExpandEnvironmentStrings (Address: 0x1800fdd70)
- RtlFreeHeap (Address: 0x1800fdec8)
- RtlFreeSid (Address: 0x1800fde48)
- RtlFreeUnicodeString (Address: 0x1800fdea0)
- RtlGetAppContainerParent (Address: 0x1800fde68)
- RtlGetAppContainerSidType (Address: 0x1800fde60)
- RtlGetSaclSecurityDescriptor (Address: 0x1800fdd88)
- RtlImageNtHeader (Address: 0x1800fdda8)
- RtlInitializeCriticalSection (Address: 0x1800fdf30)
- RtlInitializeSid (Address: 0x1800fddc0)
- RtlInitUnicodeString (Address: 0x1800fdf68)
- RtlIsMultiSessionSku (Address: 0x1800fdf60)
- RtlIsStateSeparationEnabled (Address: 0x1800fdd60)
- RtlLengthRequiredSid (Address: 0x1800fdd10)
- RtlLengthSid (Address: 0x1800fdd80)
- RtlLoadString (Address: 0x1800fdee0)
- RtlLookupFunctionEntry (Address: 0x1800fdf40)
- RtlNtStatusToDosError (Address: 0x1800fdf50)
- RtlQueryElevationFlags (Address: 0x1800fde40)
- RtlQueryPackageClaims (Address: 0x1800fdee8)
- RtlQueryPackageIdentity (Address: 0x1800fddd8)
- RtlQueryPackageIdentityEx (Address: 0x1800fdf90)
- RtlQueryTokenHostIdAsUlong64 (Address: 0x1800fded8)
- RtlQueryWnfStateData (Address: 0x1800fdf58)
- RtlReleasePrivilege (Address: 0x1800fddd0)
- RtlSetDaclSecurityDescriptor (Address: 0x1800fdd38)
- RtlSetGroupSecurityDescriptor (Address: 0x1800fdd30)
- RtlSetOwnerSecurityDescriptor (Address: 0x1800fdd28)
- RtlSetSaclSecurityDescriptor (Address: 0x1800fdd40)
- RtlSubAuthoritySid (Address: 0x1800fde78)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800fdf78)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800fde38)
- RtlUpcaseUnicodeChar (Address: 0x1800fdd58)
- RtlVirtualUnwind (Address: 0x1800fdf38)
- RtlWow64GetEquivalentMachineCHPE (Address: 0x1800fdd98)
- RtlWow64IsWowGuestMachineSupported (Address: 0x1800fddb0)
- wcschr (Address: 0x1800fdf20)
- wcsncmp (Address: 0x1800fde08)
- wcsrchr (Address: 0x1800fdf98)
- wcsstr (Address: 0x1800fdda0)
- WinSqmSetDWORD (Address: 0x1800fde88)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x1800fd1f8)
- I_RpcBindingInqMarshalledTargetInfo (Address: 0x1800fd248)
- I_RpcBindingInqTransportType (Address: 0x1800fd1f0)
- I_RpcBindingInqWireIdForSnego (Address: 0x1800fd240)
- I_RpcExceptionFilter (Address: 0x1800fd2f8)
- I_RpcFilterDCOMActivation (Address: 0x1800fd2d0)
- I_RpcOpenClientProcess (Address: 0x1800fd1e0)
- MesDecodeBufferHandleCreate (Address: 0x1800fd128)
- MesEncodeFixedBufferHandleCreate (Address: 0x1800fd120)
- MesHandleFree (Address: 0x1800fd308)
- NdrAsyncClientCall (Address: 0x1800fd118)
- NdrAsyncServerCall (Address: 0x1800fd110)
- NdrClientCall2 (Address: 0x1800fd300)
- NdrGetUserMarshalInfo (Address: 0x1800fd158)
- NdrMesTypeAlignSize2 (Address: 0x1800fd170)
- NdrMesTypeDecode2 (Address: 0x1800fd168)
- NdrMesTypeEncode2 (Address: 0x1800fd160)
- NdrServerCall2 (Address: 0x1800fd2f0)
- RpcAsyncCancelCall (Address: 0x1800fd280)
- RpcAsyncCompleteCall (Address: 0x1800fd178)
- RpcAsyncGetCallStatus (Address: 0x1800fd2b0)
- RpcAsyncInitializeHandle (Address: 0x1800fd1e8)
- RpcBindingBind (Address: 0x1800fd2a8)
- RpcBindingCopy (Address: 0x1800fd1b8)
- RpcBindingCreateW (Address: 0x1800fd298)
- RpcBindingFree (Address: 0x1800fd1b0)
- RpcBindingFromStringBindingW (Address: 0x1800fd278)
- RpcBindingReset (Address: 0x1800fd1c0)
- RpcBindingServerFromClient (Address: 0x1800fd230)
- RpcBindingSetAuthInfoExW (Address: 0x1800fd1c8)
- RpcBindingSetAuthInfoW (Address: 0x1800fd1d0)
- RpcBindingSetObject (Address: 0x1800fd2a0)
- RpcBindingSetOption (Address: 0x1800fd238)
- RpcBindingToStringBindingW (Address: 0x1800fd228)
- RpcBindingUnbind (Address: 0x1800fd2b8)
- RpcBindingVectorFree (Address: 0x1800fd270)
- RpcErrorEndEnumeration (Address: 0x1800fd148)
- RpcErrorGetNextRecord (Address: 0x1800fd150)
- RpcErrorResetEnumeration (Address: 0x1800fd138)
- RpcErrorSaveErrorInfo (Address: 0x1800fd130)
- RpcErrorStartEnumeration (Address: 0x1800fd140)
- RpcExceptionFilter (Address: 0x1800fd2d8)
- RpcImpersonateClient (Address: 0x1800fd208)
- RpcMgmtEnableIdleCleanup (Address: 0x1800fd2c8)
- RpcMgmtIsServerListening (Address: 0x1800fd188)
- RpcMgmtSetServerStackSize (Address: 0x1800fd198)
- RpcRaiseException (Address: 0x1800fd2c0)
- RpcRevertToSelf (Address: 0x1800fd2e8)
- RpcRevertToSelfEx (Address: 0x1800fd200)
- RpcServerInqBindingHandle (Address: 0x1800fd250)
- RpcServerInqBindings (Address: 0x1800fd258)
- RpcServerInqCallAttributesW (Address: 0x1800fd210)
- RpcServerListen (Address: 0x1800fd190)
- RpcServerRegisterAuthInfoW (Address: 0x1800fd268)
- RpcServerRegisterIf3 (Address: 0x1800fd1a0)
- RpcServerRegisterIfEx (Address: 0x1800fd1a8)
- RpcServerUseProtseqEpExW (Address: 0x1800fd180)
- RpcSsDestroyClientContext (Address: 0x1800fd290)
- RpcSsGetContextBinding (Address: 0x1800fd288)
- RpcStringBindingComposeW (Address: 0x1800fd2e0)
- RpcStringBindingParseW (Address: 0x1800fd220)
- RpcStringFreeW (Address: 0x1800fd218)
- UuidCreate (Address: 0x1800fd1d8)
- UuidFromStringW (Address: 0x1800fd260)