sdengin2.dll
Description: Microsoft® Windows Backup Engine
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3636
Architecture: 64-bit
Operating System: Windows NT
SHA256: 9ec4fa6370412a3e07050b0803259e43
File Size: 1.2 MB
Uploaded At: Dec. 1, 2025, 7:38 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ExecuteScheduledBackup (Ordinal: 1, Address: 0x50b50)
- DllCanUnloadNow (Ordinal: 2, Address: 0x506a0)
- DllGetActivationFactory (Ordinal: 3, Address: 0x50b60)
- DllGetClassObject (Ordinal: 4, Address: 0x506c0)
- DllRegisterServer (Ordinal: 5, Address: 0x506e0)
- DllUnregisterServer (Ordinal: 6, Address: 0x507a0)
- SdCheck (Ordinal: 7, Address: 0x14e0)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CLSIDFromString (Address: 0x1800e7a38)
- CoGetMalloc (Address: 0x1800e7a30)
api-ms-win-core-datetime-l1-1-0.dll
- GetDateFormatW (Address: 0x1800e7a48)
- GetTimeFormatW (Address: 0x1800e7a50)
api-ms-win-core-errorhandling-l1-1-0.dll
- SetLastError (Address: 0x1800e7a60)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryA (Address: 0x1800e7af8)
- CreateDirectoryW (Address: 0x1800e7aa0)
- CreateFileA (Address: 0x1800e7ad0)
- DeleteFileA (Address: 0x1800e7af0)
- FindFirstFileA (Address: 0x1800e7ac0)
- FindFirstVolumeW (Address: 0x1800e7a78)
- FindNextFileA (Address: 0x1800e7ac8)
- FindNextVolumeW (Address: 0x1800e7a80)
- FindVolumeClose (Address: 0x1800e7a88)
- GetDiskFreeSpaceA (Address: 0x1800e7a90)
- GetDiskFreeSpaceExA (Address: 0x1800e7b00)
- GetDriveTypeA (Address: 0x1800e7ae8)
- GetFileAttributesA (Address: 0x1800e7ae0)
- GetFileAttributesExA (Address: 0x1800e7a98)
- GetFullPathNameW (Address: 0x1800e7a70)
- LocalFileTimeToFileTime (Address: 0x1800e7ab0)
- RemoveDirectoryA (Address: 0x1800e7ab8)
- RemoveDirectoryW (Address: 0x1800e7aa8)
- SetFileAttributesA (Address: 0x1800e7ad8)
api-ms-win-core-file-l1-2-2.dll
- GetTempFileNameA (Address: 0x1800e7b18)
- GetVolumeInformationA (Address: 0x1800e7b10)
api-ms-win-core-file-l2-1-0.dll
- GetFileInformationByHandleEx (Address: 0x1800e7b28)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800e7b48)
- HeapAlloc (Address: 0x1800e7b38)
- HeapFree (Address: 0x1800e7b40)
api-ms-win-core-heap-l2-1-0.dll
- GlobalAlloc (Address: 0x1800e7b68)
- GlobalFree (Address: 0x1800e7b60)
- LocalAlloc (Address: 0x1800e7b58)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- DosDateTimeToFileTime (Address: 0x1800e7b78)
- FileTimeToDosDateTime (Address: 0x1800e7b80)
api-ms-win-core-libraryloader-l1-2-0.dll
- LoadStringW (Address: 0x1800e7b90)
api-ms-win-core-localization-l1-2-0.dll
- GetLocaleInfoEx (Address: 0x1800e7ba8)
- GetLocaleInfoW (Address: 0x1800e7bb8)
- GetUserDefaultLCID (Address: 0x1800e7ba0)
- IsDBCSLeadByte (Address: 0x1800e7bb0)
api-ms-win-core-processenvironment-l1-1-0.dll
- GetCurrentDirectoryA (Address: 0x1800e7bd0)
- SetCurrentDirectoryA (Address: 0x1800e7bc8)
api-ms-win-core-processthreads-l1-1-0.dll
- OpenProcessToken (Address: 0x1800e7c00)
- OpenThreadToken (Address: 0x1800e7c08)
- SetThreadToken (Address: 0x1800e7c10)
- TlsAlloc (Address: 0x1800e7be0)
- TlsFree (Address: 0x1800e7be8)
- TlsGetValue (Address: 0x1800e7bf8)
- TlsSetValue (Address: 0x1800e7bf0)
api-ms-win-core-processthreads-l1-1-1.dll
- GetProcessMitigationPolicy (Address: 0x1800e7c20)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800e7c88)
- RegCreateKeyExW (Address: 0x1800e7c58)
- RegDeleteValueW (Address: 0x1800e7c40)
- RegEnumKeyExW (Address: 0x1800e7c70)
- RegEnumValueW (Address: 0x1800e7c60)
- RegGetValueW (Address: 0x1800e7c30)
- RegLoadKeyW (Address: 0x1800e7c78)
- RegOpenKeyExW (Address: 0x1800e7c80)
- RegQueryInfoKeyW (Address: 0x1800e7c68)
- RegQueryValueExW (Address: 0x1800e7c48)
- RegSetValueExW (Address: 0x1800e7c38)
- RegUnLoadKeyW (Address: 0x1800e7c50)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x1800e7c98)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCompareMemory (Address: 0x1800e7ca8)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathMatchSpecExA (Address: 0x1800e7cb8)
api-ms-win-core-string-l1-1-0.dll
- CompareStringW (Address: 0x1800e7cc8)
api-ms-win-core-synch-l1-1-0.dll
- InitializeCriticalSectionAndSpinCount (Address: 0x1800e7cd8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTime (Address: 0x1800e7ce8)
api-ms-win-core-timezone-l1-1-0.dll
- SystemTimeToFileTime (Address: 0x1800e7cf8)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x1800e7d20)
- RoOriginateError (Address: 0x1800e7d08)
- RoOriginateErrorW (Address: 0x1800e7d18)
- RoTransformError (Address: 0x1800e7d10)
- SetRestrictedErrorInfo (Address: 0x1800e7d28)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1800e7d38)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1800e7d48)
- RoReportFailedDelegate (Address: 0x1800e7d40)
api-ms-win-core-winrt-l1-1-0.dll
- RoGetActivationFactory (Address: 0x1800e7d58)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x1800e7d98)
- WindowsCreateStringReference (Address: 0x1800e7d88)
- WindowsDeleteString (Address: 0x1800e7d68)
- WindowsDuplicateString (Address: 0x1800e7d90)
- WindowsGetStringRawBuffer (Address: 0x1800e7d70)
- WindowsIsStringEmpty (Address: 0x1800e7d78)
- WindowsStringHasEmbeddedNull (Address: 0x1800e7d80)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800e7dc8)
- GetTraceEnableLevel (Address: 0x1800e7dc0)
- GetTraceLoggerHandle (Address: 0x1800e7da8)
- RegisterTraceGuidsW (Address: 0x1800e7db8)
- TraceMessage (Address: 0x1800e7dd0)
- UnregisterTraceGuids (Address: 0x1800e7db0)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x1800e7df0)
- EnableTraceEx2 (Address: 0x1800e7de0)
- StartTraceW (Address: 0x1800e7de8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x1800e7e18)
- EventSetInformation (Address: 0x1800e7e08)
- EventUnregister (Address: 0x1800e7e10)
- EventWriteTransfer (Address: 0x1800e7e00)
api-ms-win-eventlog-legacy-l1-1-0.dll
- DeregisterEventSource (Address: 0x1800e7e38)
- RegisterEventSourceW (Address: 0x1800e7e28)
- ReportEventW (Address: 0x1800e7e30)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x1800e7f58)
- AddAccessAllowedAce (Address: 0x1800e7f30)
- AdjustTokenPrivileges (Address: 0x1800e7f00)
- CheckTokenMembership (Address: 0x1800e7eb8)
- CopySid (Address: 0x1800e7eb0)
- CreateWellKnownSid (Address: 0x1800e7ec0)
- DuplicateToken (Address: 0x1800e7ed8)
- DuplicateTokenEx (Address: 0x1800e7f10)
- EqualSid (Address: 0x1800e7e90)
- GetAce (Address: 0x1800e7e48)
- GetAclInformation (Address: 0x1800e7f40)
- GetKernelObjectSecurity (Address: 0x1800e7ed0)
- GetLengthSid (Address: 0x1800e7e50)
- GetSecurityDescriptorControl (Address: 0x1800e7f50)
- GetSecurityDescriptorDacl (Address: 0x1800e7e58)
- GetSecurityDescriptorGroup (Address: 0x1800e7e68)
- GetSecurityDescriptorLength (Address: 0x1800e7ec8)
- GetSecurityDescriptorOwner (Address: 0x1800e7e70)
- GetSecurityDescriptorSacl (Address: 0x1800e7e60)
- GetSidSubAuthority (Address: 0x1800e7ea8)
- GetSidSubAuthorityCount (Address: 0x1800e7e80)
- GetTokenInformation (Address: 0x1800e7f20)
- GetWindowsAccountDomainSid (Address: 0x1800e7e88)
- ImpersonateLoggedOnUser (Address: 0x1800e7f18)
- InitializeAcl (Address: 0x1800e7f48)
- InitializeSecurityDescriptor (Address: 0x1800e7ee0)
- IsValidAcl (Address: 0x1800e7f60)
- IsValidSid (Address: 0x1800e7ea0)
- MakeSelfRelativeSD (Address: 0x1800e7f38)
- RevertToSelf (Address: 0x1800e7e78)
- SetFileSecurityW (Address: 0x1800e7e98)
- SetKernelObjectSecurity (Address: 0x1800e7f08)
- SetSecurityDescriptorDacl (Address: 0x1800e7ef8)
- SetSecurityDescriptorGroup (Address: 0x1800e7ef0)
- SetSecurityDescriptorOwner (Address: 0x1800e7ee8)
- SetSecurityDescriptorSacl (Address: 0x1800e7f28)
api-ms-win-security-logon-l1-1-0.dll
- LogonUserExW (Address: 0x1800e7f70)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupAccountNameW (Address: 0x1800e7f80)
- LookupAccountSidW (Address: 0x1800e7f90)
- LookupPrivilegeValueW (Address: 0x1800e7f88)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaClose (Address: 0x1800e7fa0)
- LsaFreeMemory (Address: 0x1800e7fa8)
- LsaOpenPolicy (Address: 0x1800e7fb8)
- LsaQueryInformationPolicy (Address: 0x1800e7fb0)
api-ms-win-security-provider-l1-1-0.dll
- GetSecurityInfo (Address: 0x1800e7fc8)
- SetNamedSecurityInfoW (Address: 0x1800e7fd8)
- SetSecurityInfo (Address: 0x1800e7fd0)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800e7ff0)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800e7ff8)
- ConvertStringSidToSidW (Address: 0x1800e7fe8)
api-ms-win-shcore-taskpool-l1-1-0.dll
- SHTaskPoolAllowThreadReuse (Address: 0x1800e8010)
- SHTaskPoolQueueTask (Address: 0x1800e8008)
bcd.dll
- BcdCloseObject (Address: 0x1800e8048)
- BcdCloseStore (Address: 0x1800e8028)
- BcdEnumerateObjects (Address: 0x1800e8038)
- BcdGetElementData (Address: 0x1800e8020)
- BcdOpenObject (Address: 0x1800e8040)
- BcdOpenSystemStore (Address: 0x1800e8030)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x1800e7710)
- AcquireSRWLockShared (Address: 0x1800e76f0)
- CloseHandle (Address: 0x1800e7848)
- CompareFileTime (Address: 0x1800e77b8)
- CopyFileExW (Address: 0x1800e7960)
- CreateFileW (Address: 0x1800e77f0)
- CreateThread (Address: 0x1800e76e8)
- DebugBreak (Address: 0x1800e77e0)
- DecodePointer (Address: 0x1800e7720)
- DelayLoadFailureHook (Address: 0x1800e7678)
- DeleteCriticalSection (Address: 0x1800e7790)
- DeleteFileW (Address: 0x1800e7990)
- DeviceIoControl (Address: 0x1800e7860)
- EncodePointer (Address: 0x1800e7700)
- EnterCriticalSection (Address: 0x1800e77b0)
- ExpandEnvironmentStringsW (Address: 0x1800e7858)
- FileTimeToLocalFileTime (Address: 0x1800e7898)
- FileTimeToSystemTime (Address: 0x1800e78a0)
- FindClose (Address: 0x1800e78e8)
- FindFirstFileW (Address: 0x1800e7878)
- FindNextFileW (Address: 0x1800e7890)
- FindResourceExW (Address: 0x1800e7748)
- FindResourceW (Address: 0x1800e78b0)
- FlushFileBuffers (Address: 0x1800e7968)
- FormatMessageW (Address: 0x1800e7920)
- FreeLibrary (Address: 0x1800e7788)
- GetACP (Address: 0x1800e77f8)
- GetComputerNameW (Address: 0x1800e78e0)
- GetCurrentProcess (Address: 0x1800e76a8)
- GetCurrentProcessId (Address: 0x1800e76c0)
- GetCurrentThread (Address: 0x1800e77a0)
- GetCurrentThreadId (Address: 0x1800e7918)
- GetDiskFreeSpaceExW (Address: 0x1800e7800)
- GetDriveTypeW (Address: 0x1800e7820)
- GetFileAttributesW (Address: 0x1800e78a8)
- GetFileInformationByHandle (Address: 0x1800e78f8)
- GetFileSize (Address: 0x1800e7838)
- GetFileSizeEx (Address: 0x1800e7980)
- GetFileType (Address: 0x1800e78f0)
- GetLastError (Address: 0x1800e7808)
- GetLocalTime (Address: 0x1800e7978)
- GetLogicalDriveStringsW (Address: 0x1800e7870)
- GetModuleFileNameA (Address: 0x1800e77c0)
- GetModuleFileNameW (Address: 0x1800e7740)
- GetModuleHandleExW (Address: 0x1800e77c8)
- GetModuleHandleW (Address: 0x1800e77d8)
- GetProcAddress (Address: 0x1800e77d0)
- GetSystemDirectoryW (Address: 0x1800e7798)
- GetSystemInfo (Address: 0x1800e7758)
- GetSystemTimeAsFileTime (Address: 0x1800e7830)
- GetTickCount (Address: 0x1800e7690)
- GetVolumeInformationW (Address: 0x1800e7828)
- GetVolumeNameForVolumeMountPointW (Address: 0x1800e7818)
- GetVolumePathNamesForVolumeNameW (Address: 0x1800e7868)
- GetVolumePathNameW (Address: 0x1800e7810)
- GlobalHandle (Address: 0x1800e7620)
- GlobalLock (Address: 0x1800e7650)
- GlobalReAlloc (Address: 0x1800e7658)
- GlobalSize (Address: 0x1800e7668)
- GlobalUnlock (Address: 0x1800e7628)
- HeapDestroy (Address: 0x1800e7730)
- HeapSetInformation (Address: 0x1800e7728)
- InitializeCriticalSection (Address: 0x1800e7738)
- InitializeSListHead (Address: 0x1800e7850)
- InitializeSRWLock (Address: 0x1800e76d0)
- InitOnceExecuteOnce (Address: 0x1800e7708)
- InterlockedPopEntrySList (Address: 0x1800e77e8)
- InterlockedPushEntrySList (Address: 0x1800e7840)
- IsDebuggerPresent (Address: 0x1800e7928)
- LeaveCriticalSection (Address: 0x1800e77a8)
- LoadLibraryExW (Address: 0x1800e7780)
- LoadResource (Address: 0x1800e78b8)
- LocalFree (Address: 0x1800e7940)
- LockResource (Address: 0x1800e78c0)
- lstrcmpA (Address: 0x1800e7648)
- lstrcmpiA (Address: 0x1800e7638)
- lstrcmpiW (Address: 0x1800e7778)
- lstrcpynW (Address: 0x1800e7770)
- lstrlenA (Address: 0x1800e7630)
- MoveFileExW (Address: 0x1800e7948)
- MultiByteToWideChar (Address: 0x1800e7750)
- OpenProcess (Address: 0x1800e76c8)
- OutputDebugStringW (Address: 0x1800e7910)
- QueryPerformanceCounter (Address: 0x1800e7698)
- RaiseException (Address: 0x1800e76d8)
- ReadFile (Address: 0x1800e7970)
- ReleaseSRWLockExclusive (Address: 0x1800e7718)
- ReleaseSRWLockShared (Address: 0x1800e76f8)
- ReplaceFileA (Address: 0x1800e7660)
- ResolveDelayLoadedAPI (Address: 0x1800e7670)
- ResumeThread (Address: 0x1800e76e0)
- SetFileAttributesW (Address: 0x1800e7950)
- SetFileInformationByHandle (Address: 0x1800e7888)
- SetFilePointer (Address: 0x1800e7958)
- SetFilePointerEx (Address: 0x1800e7988)
- SetFileShortNameW (Address: 0x1800e7908)
- SetFileTime (Address: 0x1800e7900)
- SetUnhandledExceptionFilter (Address: 0x1800e76b0)
- SetVolumeLabelA (Address: 0x1800e7640)
- SizeofResource (Address: 0x1800e78c8)
- Sleep (Address: 0x1800e7880)
- SleepConditionVariableSRW (Address: 0x1800e7688)
- TerminateProcess (Address: 0x1800e76a0)
- UnhandledExceptionFilter (Address: 0x1800e76b8)
- VirtualAlloc (Address: 0x1800e7938)
- VirtualFree (Address: 0x1800e7930)
- VirtualProtect (Address: 0x1800e7768)
- VirtualQuery (Address: 0x1800e7760)
- WakeAllConditionVariable (Address: 0x1800e7680)
- WideCharToMultiByte (Address: 0x1800e78d8)
- WriteFile (Address: 0x1800e78d0)
msi.dll
- (Address: 0x1800e8058)
- (Address: 0x1800e8060)
- (Address: 0x1800e8068)
- (Address: 0x1800e8070)
msvcrt.dll
- __C_specific_handler (Address: 0x1800e81f8)
- __CxxFrameHandler3 (Address: 0x1800e80b8)
- __dllonexit (Address: 0x1800e80c8)
- _access (Address: 0x1800e8108)
- _amsg_exit (Address: 0x1800e80a8)
- _callnewh (Address: 0x1800e80f0)
- _CxxThrowException (Address: 0x1800e8120)
- _errno (Address: 0x1800e8118)
- _getdcwd (Address: 0x1800e81a8)
- _getdrive (Address: 0x1800e8170)
- _initterm (Address: 0x1800e8098)
- _ismbstrail (Address: 0x1800e8110)
- _itow (Address: 0x1800e8090)
- _lock (Address: 0x1800e80a0)
- _onexit (Address: 0x1800e80d0)
- _purecall (Address: 0x1800e81f0)
- _unlock (Address: 0x1800e80f8)
- _vscwprintf (Address: 0x1800e8160)
- _vsnprintf (Address: 0x1800e8178)
- _vsnwprintf (Address: 0x1800e8220)
- _wcsicmp (Address: 0x1800e8230)
- _wcslwr (Address: 0x1800e8138)
- _wcsnicmp (Address: 0x1800e8208)
- _wcsupr (Address: 0x1800e8218)
- _wtoi (Address: 0x1800e8080)
- _wtol (Address: 0x1800e8148)
- _XcptFilter (Address: 0x1800e80d8)
- ??1type_info@@UEAA@XZ (Address: 0x1800e81c8)
- ?terminate@@YAXXZ (Address: 0x1800e8088)
- atoi (Address: 0x1800e8180)
- calloc (Address: 0x1800e81a0)
- free (Address: 0x1800e81d0)
- gmtime (Address: 0x1800e8190)
- iswalpha (Address: 0x1800e81c0)
- iswspace (Address: 0x1800e8168)
- localtime (Address: 0x1800e8198)
- malloc (Address: 0x1800e80e0)
- memcmp (Address: 0x1800e8240)
- memcpy (Address: 0x1800e8128)
- memmove (Address: 0x1800e8130)
- memmove_s (Address: 0x1800e8100)
- memset (Address: 0x1800e80e8)
- mktime (Address: 0x1800e81b0)
- qsort (Address: 0x1800e8188)
- rand (Address: 0x1800e81d8)
- realloc (Address: 0x1800e80b0)
- srand (Address: 0x1800e81e8)
- strchr (Address: 0x1800e8158)
- strncmp (Address: 0x1800e81b8)
- time (Address: 0x1800e81e0)
- towupper (Address: 0x1800e8200)
- wcscat_s (Address: 0x1800e80c0)
- wcschr (Address: 0x1800e8210)
- wcscmp (Address: 0x1800e8248)
- wcsncmp (Address: 0x1800e8228)
- wcsnlen (Address: 0x1800e8140)
- wcspbrk (Address: 0x1800e8150)
- wcsrchr (Address: 0x1800e8238)
ntdll.dll
- EtwTraceMessage (Address: 0x1800e82c0)
- NtClose (Address: 0x1800e8298)
- NtCreateFile (Address: 0x1800e8300)
- NtQueryDirectoryFile (Address: 0x1800e82e8)
- NtQueryInformationFile (Address: 0x1800e82f8)
- NtQueryKey (Address: 0x1800e8290)
- NtQuerySystemInformation (Address: 0x1800e8258)
- NtQueryVolumeInformationFile (Address: 0x1800e8350)
- NtSetInformationFile (Address: 0x1800e82f0)
- NtSetInformationKey (Address: 0x1800e8288)
- RtlAllocateHeap (Address: 0x1800e8368)
- RtlAnsiCharToUnicodeChar (Address: 0x1800e82a8)
- RtlCaptureContext (Address: 0x1800e82e0)
- RtlCaptureStackBackTrace (Address: 0x1800e8370)
- RtlCreateSystemVolumeInformationFolder (Address: 0x1800e8268)
- RtlDeleteElementGenericTableAvl (Address: 0x1800e8360)
- RtlDosPathNameToNtPathName_U (Address: 0x1800e8270)
- RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x1800e8308)
- RtlEnumerateGenericTableAvl (Address: 0x1800e8358)
- RtlEnumerateGenericTableWithoutSplayingAvl (Address: 0x1800e8320)
- RtlEqualUnicodeString (Address: 0x1800e8260)
- RtlFreeHeap (Address: 0x1800e8378)
- RtlGetLastNtStatus (Address: 0x1800e82c8)
- RtlGetThreadErrorMode (Address: 0x1800e8348)
- RtlInitializeGenericTableAvl (Address: 0x1800e8338)
- RtlInitUnicodeString (Address: 0x1800e8278)
- RtlInitUnicodeStringEx (Address: 0x1800e82b8)
- RtlInsertElementGenericTableAvl (Address: 0x1800e8330)
- RtlIntegerToChar (Address: 0x1800e82b0)
- RtlIsDosDeviceName_U (Address: 0x1800e82a0)
- RtlLookupElementGenericTableAvl (Address: 0x1800e8318)
- RtlLookupFunctionEntry (Address: 0x1800e82d8)
- RtlNtStatusToDosError (Address: 0x1800e8280)
- RtlNumberGenericTableElementsAvl (Address: 0x1800e8310)
- RtlSetThreadErrorMode (Address: 0x1800e8340)
- RtlValidRelativeSecurityDescriptor (Address: 0x1800e8328)
- RtlVirtualUnwind (Address: 0x1800e82d0)
SPP.dll
- SppFreeGroupPropArray (Address: 0x1800e79b8)
- SxTracerDebuggerBreak (Address: 0x1800e79b0)
- SxTracerGetThreadContextRetail (Address: 0x1800e79a0)
- SxTracerShouldTrackFailure (Address: 0x1800e79a8)
USER32.dll
- CharLowerA (Address: 0x1800e7a10)
- CharNextA (Address: 0x1800e79d0)
- CharNextW (Address: 0x1800e7a18)
- CharPrevA (Address: 0x1800e79e8)
- CharPrevW (Address: 0x1800e7a20)
- CharToOemBuffA (Address: 0x1800e79e0)
- CharUpperA (Address: 0x1800e79f0)
- CharUpperBuffA (Address: 0x1800e79c8)
- DispatchMessageA (Address: 0x1800e79f8)
- OemToCharBuffA (Address: 0x1800e79d8)
- PeekMessageA (Address: 0x1800e7a08)
- TranslateMessage (Address: 0x1800e7a00)