usermgr.dll
Description: UserMgr
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: 1e9e175f62724f8f6696ec0da0f2ed88
File Size: 1.4 MB
Uploaded At: Dec. 1, 2025, 7:41 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x28f20)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800e7b80)
api-ms-win-core-com-l1-1-0.dll
- CoAddRefServerProcess (Address: 0x1800e7c50)
- CoCopyProxy (Address: 0x1800e7c68)
- CoCreateFreeThreadedMarshaler (Address: 0x1800e7c88)
- CoCreateGuid (Address: 0x1800e7ba0)
- CoCreateInstance (Address: 0x1800e7bc0)
- CoDecrementMTAUsage (Address: 0x1800e7c40)
- CoDisableCallCancellation (Address: 0x1800e7be0)
- CoDisconnectContext (Address: 0x1800e7bb0)
- CoEnableCallCancellation (Address: 0x1800e7c00)
- CoGetApartmentType (Address: 0x1800e7c30)
- CoGetCallContext (Address: 0x1800e7b98)
- CoGetCancelObject (Address: 0x1800e7c70)
- CoGetInterfaceAndReleaseStream (Address: 0x1800e7ba8)
- CoGetMalloc (Address: 0x1800e7c10)
- CoImpersonateClient (Address: 0x1800e7c60)
- CoIncrementMTAUsage (Address: 0x1800e7bb8)
- CoInitializeSecurity (Address: 0x1800e7bd0)
- CoMarshalInterface (Address: 0x1800e7c08)
- CoRegisterClassObject (Address: 0x1800e7bf0)
- CoReleaseMarshalData (Address: 0x1800e7c18)
- CoReleaseServerProcess (Address: 0x1800e7c78)
- CoResumeClassObjects (Address: 0x1800e7c48)
- CoRevertToSelf (Address: 0x1800e7c38)
- CoRevokeClassObject (Address: 0x1800e7c80)
- CoSetProxyBlanket (Address: 0x1800e7bf8)
- CoTaskMemAlloc (Address: 0x1800e7c58)
- CoTaskMemFree (Address: 0x1800e7b90)
- CoTaskMemRealloc (Address: 0x1800e7bc8)
- CoWaitForMultipleHandles (Address: 0x1800e7be8)
- CreateStreamOnHGlobal (Address: 0x1800e7bd8)
- PropVariantClear (Address: 0x1800e7c20)
- StringFromCLSID (Address: 0x1800e7c28)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1800e7c98)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800e7cb8)
- IsDebuggerPresent (Address: 0x1800e7cb0)
- OutputDebugStringW (Address: 0x1800e7ca8)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800e7cc8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1800e7cd8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800e7cf0)
- RaiseException (Address: 0x1800e7cf8)
- SetLastError (Address: 0x1800e7d08)
- SetUnhandledExceptionFilter (Address: 0x1800e7d00)
- UnhandledExceptionFilter (Address: 0x1800e7ce8)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1800e7d20)
- GetFileSizeEx (Address: 0x1800e7d30)
- ReadFile (Address: 0x1800e7d18)
- WriteFile (Address: 0x1800e7d28)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x1800e7d40)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800e7d58)
- DuplicateHandle (Address: 0x1800e7d50)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800e7d68)
- HeapAlloc (Address: 0x1800e7d70)
- HeapFree (Address: 0x1800e7d78)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1800e7d90)
- LocalFree (Address: 0x1800e7d88)
- LocalReAlloc (Address: 0x1800e7d98)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalSize (Address: 0x1800e7da8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- MulDiv (Address: 0x1800e7db8)
- RegisterWaitForSingleObject (Address: 0x1800e7dc0)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x1800e7df0)
- GetModuleFileNameA (Address: 0x1800e7e00)
- GetModuleFileNameW (Address: 0x1800e7dd8)
- GetModuleHandleExW (Address: 0x1800e7de8)
- GetModuleHandleW (Address: 0x1800e7de0)
- GetProcAddress (Address: 0x1800e7dd0)
- LoadLibraryExW (Address: 0x1800e7df8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800e7e10)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800e7e20)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x1800e7e48)
- CreateThread (Address: 0x1800e7e38)
- GetCurrentProcess (Address: 0x1800e7e30)
- GetCurrentProcessId (Address: 0x1800e7e80)
- GetCurrentThread (Address: 0x1800e7e68)
- GetCurrentThreadId (Address: 0x1800e7e70)
- GetProcessId (Address: 0x1800e7e58)
- OpenProcessToken (Address: 0x1800e7e88)
- OpenThreadToken (Address: 0x1800e7e40)
- ProcessIdToSessionId (Address: 0x1800e7e60)
- ResumeThread (Address: 0x1800e7e78)
- TerminateProcess (Address: 0x1800e7e50)
api-ms-win-core-processthreads-l1-1-1.dll
- GetProcessMitigationPolicy (Address: 0x1800e7ea0)
- OpenProcess (Address: 0x1800e7e98)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800e7eb0)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x1800e7ec0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800e7f10)
- RegCreateKeyExW (Address: 0x1800e7f18)
- RegDeleteTreeW (Address: 0x1800e7ef0)
- RegDeleteValueW (Address: 0x1800e7f20)
- RegEnumKeyExW (Address: 0x1800e7f00)
- RegEnumValueW (Address: 0x1800e7ed8)
- RegFlushKey (Address: 0x1800e7f38)
- RegGetValueW (Address: 0x1800e7ed0)
- RegOpenKeyExA (Address: 0x1800e7f30)
- RegOpenKeyExW (Address: 0x1800e7f08)
- RegQueryInfoKeyW (Address: 0x1800e7ef8)
- RegQueryValueExA (Address: 0x1800e7f28)
- RegQueryValueExW (Address: 0x1800e7ee0)
- RegSetValueExW (Address: 0x1800e7ee8)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x1800e7f50)
- RegSetKeyValueW (Address: 0x1800e7f48)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x1800e7f60)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800e7f80)
- RtlLookupFunctionEntry (Address: 0x1800e7f70)
- RtlVirtualUnwind (Address: 0x1800e7f78)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1800e7f90)
- GetStringTypeW (Address: 0x1800e7fa0)
- MultiByteToWideChar (Address: 0x1800e7f98)
- WideCharToMultiByte (Address: 0x1800e7fa8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800e8030)
- AcquireSRWLockShared (Address: 0x1800e8020)
- CreateEventExW (Address: 0x1800e7fc0)
- CreateEventW (Address: 0x1800e8018)
- CreateMutexExW (Address: 0x1800e7fd0)
- CreateSemaphoreExW (Address: 0x1800e7fc8)
- DeleteCriticalSection (Address: 0x1800e7ff8)
- EnterCriticalSection (Address: 0x1800e7fb8)
- InitializeCriticalSectionEx (Address: 0x1800e7fe8)
- InitializeSRWLock (Address: 0x1800e8038)
- LeaveCriticalSection (Address: 0x1800e7fd8)
- OpenSemaphoreW (Address: 0x1800e8010)
- ReleaseMutex (Address: 0x1800e8008)
- ReleaseSemaphore (Address: 0x1800e8040)
- ReleaseSRWLockExclusive (Address: 0x1800e8048)
- ReleaseSRWLockShared (Address: 0x1800e7ff0)
- SetEvent (Address: 0x1800e8050)
- TryAcquireSRWLockExclusive (Address: 0x1800e7fe0)
- WaitForSingleObject (Address: 0x1800e8000)
- WaitForSingleObjectEx (Address: 0x1800e8028)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1800e8088)
- InitOnceComplete (Address: 0x1800e8068)
- InitOnceExecuteOnce (Address: 0x1800e8060)
- Sleep (Address: 0x1800e8070)
- SleepConditionVariableSRW (Address: 0x1800e8078)
- WakeAllConditionVariable (Address: 0x1800e8080)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1800e80a0)
- GetSystemTimeAsFileTime (Address: 0x1800e8098)
- GetTickCount (Address: 0x1800e80a8)
- GetTickCount64 (Address: 0x1800e80b0)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800e80d8)
- CloseThreadpoolWork (Address: 0x1800e80d0)
- CreateThreadpoolTimer (Address: 0x1800e80f8)
- CreateThreadpoolWork (Address: 0x1800e80e0)
- SetThreadpoolTimer (Address: 0x1800e80c8)
- SubmitThreadpoolWork (Address: 0x1800e80c0)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800e80e8)
- WaitForThreadpoolWorkCallbacks (Address: 0x1800e80f0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x1800e8108)
- UnregisterWaitEx (Address: 0x1800e8110)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1800e8120)
- EncodePointer (Address: 0x1800e8128)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x1800e8158)
- RoOriginateError (Address: 0x1800e8138)
- RoOriginateErrorW (Address: 0x1800e8150)
- RoTransformError (Address: 0x1800e8140)
- SetRestrictedErrorInfo (Address: 0x1800e8148)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1800e8170)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1800e8178)
- RoReportFailedDelegate (Address: 0x1800e8168)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1800e8188)
- RoGetActivationFactory (Address: 0x1800e81b0)
- RoInitialize (Address: 0x1800e8190)
- RoRegisterActivationFactories (Address: 0x1800e8198)
- RoRevokeActivationFactories (Address: 0x1800e81a0)
- RoUninitialize (Address: 0x1800e81a8)
api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll
- RoCreatePropertySetSerializer (Address: 0x1800e81c0)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCompareStringOrdinal (Address: 0x1800e8218)
- WindowsConcatString (Address: 0x1800e8208)
- WindowsCreateString (Address: 0x1800e81e0)
- WindowsCreateStringReference (Address: 0x1800e81d0)
- WindowsDeleteString (Address: 0x1800e81f8)
- WindowsDuplicateString (Address: 0x1800e81e8)
- WindowsGetStringLen (Address: 0x1800e81d8)
- WindowsGetStringRawBuffer (Address: 0x1800e8200)
- WindowsIsStringEmpty (Address: 0x1800e8210)
- WindowsStringHasEmbeddedNull (Address: 0x1800e81f0)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x1800e8228)
- EnableTraceEx2 (Address: 0x1800e8238)
- StartTraceW (Address: 0x1800e8230)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1800e8268)
- EventProviderEnabled (Address: 0x1800e8250)
- EventRegister (Address: 0x1800e8260)
- EventSetInformation (Address: 0x1800e8258)
- EventUnregister (Address: 0x1800e8248)
- EventWriteTransfer (Address: 0x1800e8270)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x1800e8298)
- AccessCheckByType (Address: 0x1800e82a0)
- AdjustTokenPrivileges (Address: 0x1800e8290)
- AllocateAndInitializeSid (Address: 0x1800e82e8)
- AllocateLocallyUniqueId (Address: 0x1800e82c0)
- CheckTokenMembership (Address: 0x1800e82b8)
- CopySid (Address: 0x1800e8318)
- CreateRestrictedToken (Address: 0x1800e8280)
- CreateWellKnownSid (Address: 0x1800e82e0)
- DuplicateToken (Address: 0x1800e8308)
- DuplicateTokenEx (Address: 0x1800e8288)
- FreeSid (Address: 0x1800e82d0)
- GetLengthSid (Address: 0x1800e8310)
- GetTokenInformation (Address: 0x1800e82f8)
- ImpersonateLoggedOnUser (Address: 0x1800e82f0)
- IsValidSid (Address: 0x1800e82b0)
- MakeAbsoluteSD (Address: 0x1800e82d8)
- PrivilegeCheck (Address: 0x1800e82a8)
- RevertToSelf (Address: 0x1800e8300)
- SetTokenInformation (Address: 0x1800e82c8)
api-ms-win-security-base-l1-2-0.dll
- CheckTokenCapability (Address: 0x1800e8328)
- CheckTokenMembershipEx (Address: 0x1800e8330)
api-ms-win-security-base-private-l1-1-1.dll
- CreateAppContainerToken (Address: 0x1800e8340)
api-ms-win-security-credentials-l1-1-0.dll
- CredProtectW (Address: 0x1800e8350)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupAccountNameW (Address: 0x1800e8360)
api-ms-win-security-provider-l1-1-0.dll
- GetSecurityInfo (Address: 0x1800e8378)
- SetSecurityInfo (Address: 0x1800e8370)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800e8388)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800e8390)
- ConvertStringSidToSidW (Address: 0x1800e8398)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x1800e83a8)
- SetServiceStatus (Address: 0x1800e83b0)
api-ms-win-service-private-l1-1-0.dll
- I_ScBroadcastServiceControlMessage (Address: 0x1800e83c0)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x1800e83d0)
bcrypt.dll
- BCryptCreateHash (Address: 0x1800e8400)
- BCryptDestroyHash (Address: 0x1800e83e8)
- BCryptFinishHash (Address: 0x1800e83f0)
- BCryptGetProperty (Address: 0x1800e83f8)
- BCryptHashData (Address: 0x1800e83e0)
combase.dll
- (Address: 0x1800e8430)
- (Address: 0x1800e8428)
- (Address: 0x1800e8420)
- (Address: 0x1800e8418)
- (Address: 0x1800e8410)
CRYPT32.dll
- CryptBinaryToStringW (Address: 0x1800e7970)
logoncli.dll
- DsGetDcNameW (Address: 0x1800e8440)
msvcrt.dll
- ___lc_codepage_func (Address: 0x1800e8660)
- ___lc_handle_func (Address: 0x1800e8658)
- ___mb_cur_max_func (Address: 0x1800e8650)
- __C_specific_handler (Address: 0x1800e84a0)
- __crtLCMapStringW (Address: 0x1800e84b0)
- __CxxFrameHandler3 (Address: 0x1800e8538)
- __dllonexit (Address: 0x1800e8478)
- __pctype_func (Address: 0x1800e84d8)
- __uncaught_exception (Address: 0x1800e8640)
- _amsg_exit (Address: 0x1800e8548)
- _callnewh (Address: 0x1800e8618)
- _CxxThrowException (Address: 0x1800e8628)
- _errno (Address: 0x1800e8578)
- _get_errno (Address: 0x1800e85e8)
- _initterm (Address: 0x1800e8540)
- _ismbblead (Address: 0x1800e84e0)
- _lock (Address: 0x1800e8460)
- _onexit (Address: 0x1800e8528)
- _purecall (Address: 0x1800e8500)
- _set_errno (Address: 0x1800e85e0)
- _ui64tow_s (Address: 0x1800e8558)
- _unlock (Address: 0x1800e8468)
- _vscwprintf (Address: 0x1800e85f0)
- _vsnprintf_s (Address: 0x1800e8490)
- _vsnwprintf (Address: 0x1800e8518)
- _wcsdup (Address: 0x1800e84b8)
- _wcsicmp (Address: 0x1800e8550)
- _wcsnicmp (Address: 0x1800e85d0)
- _wsetlocale (Address: 0x1800e84a8)
- _wtoi (Address: 0x1800e8568)
- _wtol (Address: 0x1800e85c8)
- _XcptFilter (Address: 0x1800e8480)
- ??_V@YAXPEAX@Z (Address: 0x1800e8520)
- ??0bad_cast@@QEAA@AEBV0@@Z (Address: 0x1800e85a0)
- ??0bad_cast@@QEAA@PEBD@Z (Address: 0x1800e85b0)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800e8590)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800e8620)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800e84e8)
- ??0exception@@QEAA@XZ (Address: 0x1800e84f0)
- ??1bad_cast@@UEAA@XZ (Address: 0x1800e85a8)
- ??1exception@@UEAA@XZ (Address: 0x1800e84f8)
- ??1type_info@@UEAA@XZ (Address: 0x1800e8530)
- ??3@YAXPEAX@Z (Address: 0x1800e8508)
- ?terminate@@YAXXZ (Address: 0x1800e8458)
- ?what@exception@@UEBAPEBDXZ (Address: 0x1800e8588)
- abort (Address: 0x1800e84c8)
- calloc (Address: 0x1800e84d0)
- free (Address: 0x1800e8470)
- localeconv (Address: 0x1800e85b8)
- malloc (Address: 0x1800e8450)
- memcmp (Address: 0x1800e8498)
- memcpy (Address: 0x1800e8630)
- memcpy_s (Address: 0x1800e8510)
- memmove (Address: 0x1800e8638)
- memmove_s (Address: 0x1800e8488)
- memset (Address: 0x1800e84c0)
- rand (Address: 0x1800e85f8)
- realloc (Address: 0x1800e8560)
- setlocale (Address: 0x1800e8648)
- sprintf_s (Address: 0x1800e8598)
- strcspn (Address: 0x1800e85c0)
- swprintf_s (Address: 0x1800e8600)
- toupper (Address: 0x1800e8610)
- wcschr (Address: 0x1800e85d8)
- wcscmp (Address: 0x1800e8668)
- wcsnlen (Address: 0x1800e8608)
- wcsstr (Address: 0x1800e8570)
- wcstol (Address: 0x1800e8580)
ntdll.dll
- EtwTraceMessage (Address: 0x1800e86a0)
- NtAllocateLocallyUniqueId (Address: 0x1800e87e0)
- NtClose (Address: 0x1800e87a8)
- NtCompareTokens (Address: 0x1800e87c8)
- NtCreateDirectoryObjectEx (Address: 0x1800e8710)
- NtCreateFile (Address: 0x1800e86c0)
- NtCreateSymbolicLinkObject (Address: 0x1800e86d0)
- NtDeviceIoControlFile (Address: 0x1800e8828)
- NtOpenDirectoryObject (Address: 0x1800e86e0)
- NtOpenFile (Address: 0x1800e8820)
- NtQueryInformationToken (Address: 0x1800e8778)
- NtQuerySecurityObject (Address: 0x1800e86b8)
- NtQuerySystemInformation (Address: 0x1800e8818)
- NtSetInformationProcess (Address: 0x1800e8780)
- NtSetInformationToken (Address: 0x1800e86f8)
- RtlAddAccessAllowedAce (Address: 0x1800e8740)
- RtlAddAccessAllowedAceEx (Address: 0x1800e86f0)
- RtlAddAce (Address: 0x1800e8748)
- RtlAdjustPrivilege (Address: 0x1800e8698)
- RtlAllocateAndInitializeSid (Address: 0x1800e86e8)
- RtlAllocateHeap (Address: 0x1800e8730)
- RtlCapabilityCheck (Address: 0x1800e8770)
- RtlCheckSandboxedToken (Address: 0x1800e8790)
- RtlCompareUnicodeString (Address: 0x1800e8690)
- RtlConvertSidToUnicodeString (Address: 0x1800e8700)
- RtlCopySid (Address: 0x1800e86a8)
- RtlCreateAcl (Address: 0x1800e8758)
- RtlCreateSecurityDescriptor (Address: 0x1800e86c8)
- RtlDeriveCapabilitySidsFromName (Address: 0x1800e8718)
- RtlEqualSid (Address: 0x1800e87a0)
- RtlFreeHeap (Address: 0x1800e8830)
- RtlFreeSid (Address: 0x1800e86d8)
- RtlGetAce (Address: 0x1800e8750)
- RtlGetCurrentServiceSessionId (Address: 0x1800e8810)
- RtlGetDaclSecurityDescriptor (Address: 0x1800e86b0)
- RtlGetDeviceFamilyInfoEnum (Address: 0x1800e87f8)
- RtlGetNtProductType (Address: 0x1800e8678)
- RtlInitString (Address: 0x1800e87e8)
- RtlInitUnicodeString (Address: 0x1800e8798)
- RtlIsCapabilitySid (Address: 0x1800e87b8)
- RtlIsMultiSessionSku (Address: 0x1800e87f0)
- RtlLengthSid (Address: 0x1800e8768)
- RtlNtStatusToDosError (Address: 0x1800e87b0)
- RtlNtStatusToDosErrorNoTeb (Address: 0x1800e8688)
- RtlPublishWnfStateData (Address: 0x1800e8808)
- RtlQueryInformationAcl (Address: 0x1800e8760)
- RtlQueryRegistryValuesEx (Address: 0x1800e8728)
- RtlQueryWnfStateData (Address: 0x1800e87d8)
- RtlRunOnceExecuteOnce (Address: 0x1800e8720)
- RtlSetDaclSecurityDescriptor (Address: 0x1800e8708)
- RtlSetProcessIsCritical (Address: 0x1800e8788)
- RtlSubAuthorityCountSid (Address: 0x1800e8738)
- RtlSubAuthoritySid (Address: 0x1800e8680)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800e87d0)
- RtlUnsubscribeWnfStateChangeNotification (Address: 0x1800e8800)
- RtlValidSid (Address: 0x1800e87c0)
OLEAUT32.dll
- SysAllocString (Address: 0x1800e7998)
- SysFreeString (Address: 0x1800e7990)
- VariantClear (Address: 0x1800e7988)
- VariantInit (Address: 0x1800e7980)
profapi.dll
- (Address: 0x1800e8840)
- (Address: 0x1800e8848)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x1800e79a8)
- I_RpcMapWin32Status (Address: 0x1800e7a48)
- NdrClientCall3 (Address: 0x1800e79b0)
- NdrServerCall2 (Address: 0x1800e79f0)
- NdrServerCallAll (Address: 0x1800e79c8)
- RpcBindingBind (Address: 0x1800e79d0)
- RpcBindingCreateW (Address: 0x1800e7a30)
- RpcBindingFree (Address: 0x1800e7a38)
- RpcBindingFromStringBindingW (Address: 0x1800e79f8)
- RpcBindingVectorFree (Address: 0x1800e7a10)
- RpcEpRegisterW (Address: 0x1800e7a28)
- RpcEpUnregister (Address: 0x1800e7a08)
- RpcImpersonateClient (Address: 0x1800e7a00)
- RpcRevertToSelf (Address: 0x1800e79e8)
- RpcServerInqBindings (Address: 0x1800e79b8)
- RpcServerInqCallAttributesW (Address: 0x1800e7a40)
- RpcServerRegisterIf3 (Address: 0x1800e7a50)
- RpcServerUnregisterIf (Address: 0x1800e79e0)
- RpcServerUseProtseqW (Address: 0x1800e79c0)
- RpcSsDestroyClientContext (Address: 0x1800e79d8)
- RpcStringBindingComposeW (Address: 0x1800e7a18)
- RpcStringFreeW (Address: 0x1800e7a20)
SHCORE.dll
- CreateRandomAccessStreamOverStream (Address: 0x1800e7a68)
- CreateStreamOverRandomAccessStream (Address: 0x1800e7a60)
- SHTaskPoolAllowThreadReuse (Address: 0x1800e7a70)
- SHTaskPoolQueueTask (Address: 0x1800e7a78)
SspiCli.dll
- GetUserNameExW (Address: 0x1800e7ac0)
- LogonUserExExW (Address: 0x1800e7ab8)
- LsaCallAuthenticationPackage (Address: 0x1800e7aa8)
- LsaConnectUntrusted (Address: 0x1800e7a88)
- LsaDeregisterLogonProcess (Address: 0x1800e7ac8)
- LsaFreeReturnBuffer (Address: 0x1800e7ad8)
- LsaLogonUser (Address: 0x1800e7ad0)
- LsaLookupAuthenticationPackage (Address: 0x1800e7ab0)
- LsaRegisterLogonProcess (Address: 0x1800e7a98)
- SeciAllocateAndSetCallFlags (Address: 0x1800e7aa0)
- SeciAllocateAndSetIPAddress (Address: 0x1800e7ae0)
- SeciFreeCallContext (Address: 0x1800e7a90)
USERENV.dll
- CreateProfile (Address: 0x1800e7b18)
- DeleteProfileW (Address: 0x1800e7af8)
- GetDefaultUserProfileDirectoryW (Address: 0x1800e7b10)
- GetUserProfileDirectoryW (Address: 0x1800e7b00)
- LoadUserProfileW (Address: 0x1800e7af0)
- UnloadUserProfile (Address: 0x1800e7b08)
WLDAP32.dll
- (Address: 0x1800e7b28)
- (Address: 0x1800e7b30)
- (Address: 0x1800e7b38)
- (Address: 0x1800e7b40)
- (Address: 0x1800e7b48)
- (Address: 0x1800e7b50)
- (Address: 0x1800e7b58)
- (Address: 0x1800e7b60)
- (Address: 0x1800e7b68)
- (Address: 0x1800e7b70)