usosvc.dll
Description: Update Session Orchestrator Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5848
Architecture: 64-bit
Operating System: Windows NT
SHA256: e87c99012edc7f5ec7ab0ee815d8ed12
File Size: 569.5 KB
Uploaded At: Dec. 1, 2025, 7:41 a.m.
Views: 3
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- GetDefaultConfiguration (Ordinal: 1, Address: 0x319b0)
- GetNextAcceptableTime (Ordinal: 2, Address: 0x30a10)
- GetNextAcceptableTimeEx (Ordinal: 3, Address: 0x30ad0)
- GetSmartActiveHours (Ordinal: 4, Address: 0x31020)
- GetSmartActiveHoursEx (Ordinal: 5, Address: 0x310d0)
- GetSmartBusyCheckVelocityFeature (Ordinal: 6, Address: 0x34ea0)
- GetTimeIntervalConfidence (Ordinal: 7, Address: 0x31630)
- GetUserActivityPredictionEx (Ordinal: 8, Address: 0x35790)
- ServiceMain (Ordinal: 9, Address: 0x198f0)
- SvchostPushServiceGlobals (Ordinal: 10, Address: 0x19180)
- DllCanUnloadNow (Ordinal: 11, Address: 0x8050)
- DllGetClassObject (Ordinal: 12, Address: 0x8070)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180069f08)
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x180069f50)
- CoCreateGuid (Address: 0x180069f30)
- CoCreateInstance (Address: 0x180069f18)
- CoDisconnectContext (Address: 0x180069f40)
- CoDisconnectObject (Address: 0x180069f68)
- CoImpersonateClient (Address: 0x180069f38)
- CoInitializeEx (Address: 0x180069f28)
- CoRegisterClassObject (Address: 0x180069f20)
- CoRevertToSelf (Address: 0x180069f48)
- CoRevokeClassObject (Address: 0x180069f70)
- CoTaskMemAlloc (Address: 0x180069f78)
- CoTaskMemFree (Address: 0x180069f60)
- CoTaskMemRealloc (Address: 0x180069f88)
- CoUninitialize (Address: 0x180069f80)
- CoWaitForMultipleHandles (Address: 0x180069f58)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180069f98)
- IsDebuggerPresent (Address: 0x180069fa0)
- OutputDebugStringW (Address: 0x180069fa8)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180069fb8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180069fc8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180069ff8)
- RaiseException (Address: 0x180069fe8)
- SetLastError (Address: 0x180069ff0)
- SetUnhandledExceptionFilter (Address: 0x180069fd8)
- UnhandledExceptionFilter (Address: 0x180069fe0)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x18006a040)
- CreateDirectoryW (Address: 0x18006a038)
- CreateFileW (Address: 0x18006a008)
- DeleteFileW (Address: 0x18006a030)
- FindClose (Address: 0x18006a018)
- FindFirstFileW (Address: 0x18006a028)
- FindNextFileW (Address: 0x18006a020)
- GetFileAttributesExW (Address: 0x18006a048)
- GetFileAttributesW (Address: 0x18006a010)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18006a058)
- DuplicateHandle (Address: 0x18006a060)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18006a078)
- HeapAlloc (Address: 0x18006a080)
- HeapFree (Address: 0x18006a070)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18006a098)
- LocalFree (Address: 0x18006a090)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x18006a0a8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- UnregisterWait (Address: 0x18006a0b8)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
- PowerClearRequest (Address: 0x18006a0e0)
- PowerCreateRequest (Address: 0x18006a0d0)
- PowerSetRequest (Address: 0x18006a0d8)
- VerifyVersionInfoW (Address: 0x18006a0c8)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18006a130)
- FindResourceExW (Address: 0x18006a0f0)
- FreeLibrary (Address: 0x18006a128)
- GetModuleFileNameA (Address: 0x18006a0f8)
- GetModuleFileNameW (Address: 0x18006a120)
- GetModuleHandleExW (Address: 0x18006a108)
- GetModuleHandleW (Address: 0x18006a138)
- GetProcAddress (Address: 0x18006a100)
- LoadLibraryExW (Address: 0x18006a140)
- LoadResource (Address: 0x18006a118)
- SizeofResource (Address: 0x18006a110)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x18006a150)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18006a160)
api-ms-win-core-path-l1-1-0.dll
- PathAllocCanonicalize (Address: 0x18006a170)
- PathCchAppend (Address: 0x18006a178)
- PathCchCanonicalize (Address: 0x18006a180)
- PathCchRemoveBackslash (Address: 0x18006a188)
- PathCchSkipRoot (Address: 0x18006a190)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18006a1a0)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18006a1d8)
- CreateProcessW (Address: 0x18006a1c0)
- CreateThread (Address: 0x18006a1b8)
- GetCurrentProcess (Address: 0x18006a1e8)
- GetCurrentProcessId (Address: 0x18006a1b0)
- GetCurrentThreadId (Address: 0x18006a1c8)
- GetExitCodeProcess (Address: 0x18006a1e0)
- GetExitCodeThread (Address: 0x18006a1f8)
- OpenProcessToken (Address: 0x18006a1f0)
- TerminateProcess (Address: 0x18006a1d0)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x18006a210)
- OpenProcess (Address: 0x18006a208)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18006a220)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x18006a230)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18006a250)
- RegCreateKeyExW (Address: 0x18006a260)
- RegDeleteTreeW (Address: 0x18006a278)
- RegDeleteValueW (Address: 0x18006a258)
- RegEnumKeyExW (Address: 0x18006a280)
- RegGetValueW (Address: 0x18006a268)
- RegOpenKeyExW (Address: 0x18006a270)
- RegQueryInfoKeyW (Address: 0x18006a288)
- RegQueryValueExW (Address: 0x18006a240)
- RegSetKeySecurity (Address: 0x18006a248)
- RegSetValueExW (Address: 0x18006a290)
api-ms-win-core-registry-l1-1-1.dll
- RegSetKeyValueW (Address: 0x18006a2a0)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18006a2c0)
- RtlLookupFunctionEntry (Address: 0x18006a2b0)
- RtlVirtualUnwind (Address: 0x18006a2b8)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathFileExistsW (Address: 0x18006a2d0)
- PathFindFileNameW (Address: 0x18006a2d8)
api-ms-win-core-shutdown-l1-1-1.dll
- InitiateShutdownW (Address: 0x18006a2e8)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x18006a300)
- WideCharToMultiByte (Address: 0x18006a2f8)
api-ms-win-core-string-l2-1-0.dll
- CharNextW (Address: 0x18006a310)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x18006a320)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18006a3a8)
- AcquireSRWLockShared (Address: 0x18006a398)
- CreateEventExW (Address: 0x18006a360)
- CreateEventW (Address: 0x18006a3e8)
- CreateMutexExW (Address: 0x18006a348)
- CreateMutexW (Address: 0x18006a330)
- CreateSemaphoreExW (Address: 0x18006a3d0)
- DeleteCriticalSection (Address: 0x18006a388)
- EnterCriticalSection (Address: 0x18006a3c8)
- InitializeCriticalSection (Address: 0x18006a350)
- InitializeCriticalSectionAndSpinCount (Address: 0x18006a368)
- InitializeCriticalSectionEx (Address: 0x18006a380)
- LeaveCriticalSection (Address: 0x18006a3c0)
- OpenEventW (Address: 0x18006a3b0)
- OpenSemaphoreW (Address: 0x18006a340)
- ReleaseMutex (Address: 0x18006a3e0)
- ReleaseSemaphore (Address: 0x18006a3b8)
- ReleaseSRWLockExclusive (Address: 0x18006a3a0)
- ReleaseSRWLockShared (Address: 0x18006a390)
- ResetEvent (Address: 0x18006a378)
- SetEvent (Address: 0x18006a370)
- WaitForMultipleObjectsEx (Address: 0x18006a358)
- WaitForSingleObject (Address: 0x18006a3d8)
- WaitForSingleObjectEx (Address: 0x18006a338)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x18006a408)
- InitOnceComplete (Address: 0x18006a400)
- Sleep (Address: 0x18006a3f8)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x18006a418)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x18006a448)
- GetSystemDirectoryW (Address: 0x18006a440)
- GetSystemTime (Address: 0x18006a438)
- GetSystemTimeAsFileTime (Address: 0x18006a428)
- GetTickCount (Address: 0x18006a430)
- GetTickCount64 (Address: 0x18006a450)
api-ms-win-core-sysinfo-l1-2-0.dll
- VerSetConditionMask (Address: 0x18006a460)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpool (Address: 0x18006a478)
- CloseThreadpoolTimer (Address: 0x18006a4a8)
- CreateThreadpool (Address: 0x18006a480)
- CreateThreadpoolTimer (Address: 0x18006a498)
- DisassociateCurrentThreadFromCallback (Address: 0x18006a470)
- SetThreadpoolThreadMaximum (Address: 0x18006a488)
- SetThreadpoolThreadMinimum (Address: 0x18006a4b0)
- SetThreadpoolTimer (Address: 0x18006a490)
- WaitForThreadpoolTimerCallbacks (Address: 0x18006a4a0)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x18006a4c0)
- SystemTimeToFileTime (Address: 0x18006a4c8)
- TzSpecificLocalTimeToSystemTime (Address: 0x18006a4d0)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x18006a4e0)
- SetRestrictedErrorInfo (Address: 0x18006a4e8)
api-ms-win-core-winrt-error-l1-1-1.dll
- RoOriginateLanguageException (Address: 0x18006a4f8)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x18006a508)
- RoGetActivationFactory (Address: 0x18006a510)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x18006a530)
- WindowsCreateStringReference (Address: 0x18006a528)
- WindowsDeleteString (Address: 0x18006a538)
- WindowsGetStringRawBuffer (Address: 0x18006a520)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x18006a670)
- __CxxFrameHandler3 (Address: 0x18006a5e8)
- __CxxFrameHandler4 (Address: 0x18006a680)
- __std_terminate (Address: 0x18006a678)
- _CxxThrowException (Address: 0x18006a5f0)
- _o___std_exception_copy (Address: 0x18006a668)
- _o___std_exception_destroy (Address: 0x18006a660)
- _o___std_type_info_destroy_list (Address: 0x18006a658)
- _o___stdio_common_vsnprintf_s (Address: 0x18006a650)
- _o___stdio_common_vsprintf_s (Address: 0x18006a648)
- _o___stdio_common_vswprintf (Address: 0x18006a640)
- _o___stdio_common_vswscanf (Address: 0x18006a638)
- _o__beginthreadex (Address: 0x18006a630)
- _o__callnewh (Address: 0x18006a620)
- _o__cexit (Address: 0x18006a618)
- _o__configure_narrow_argv (Address: 0x18006a610)
- _o__crt_atexit (Address: 0x18006a608)
- _o__errno (Address: 0x18006a600)
- _o__execute_onexit_table (Address: 0x18006a5f8)
- _o__initialize_narrow_environment (Address: 0x18006a5a0)
- _o__initialize_onexit_table (Address: 0x18006a628)
- _o__invalid_parameter_noinfo (Address: 0x18006a548)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x18006a550)
- _o__purecall (Address: 0x18006a558)
- _o__recalloc (Address: 0x18006a560)
- _o__register_onexit_function (Address: 0x18006a568)
- _o__seh_filter_dll (Address: 0x18006a570)
- _o__set_errno (Address: 0x18006a578)
- _o__wcsicmp (Address: 0x18006a580)
- _o__wcsnicmp (Address: 0x18006a588)
- _o__wtoi (Address: 0x18006a590)
- _o__wtol (Address: 0x18006a598)
- _o_free (Address: 0x18006a5a8)
- _o_iswspace (Address: 0x18006a5b0)
- _o_malloc (Address: 0x18006a5b8)
- _o_strncpy_s (Address: 0x18006a5c0)
- _o_strtol (Address: 0x18006a5c8)
- _o_terminate (Address: 0x18006a5d0)
- _o_towlower (Address: 0x18006a5d8)
- _o_wcsncpy_s (Address: 0x18006a5e0)
- memcmp (Address: 0x18006a6a0)
- memcpy (Address: 0x18006a698)
- memmove (Address: 0x18006a6a8)
- strchr (Address: 0x18006a688)
- strrchr (Address: 0x18006a690)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x18006a6c0)
- _initterm_e (Address: 0x18006a6b8)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x18006a6d0)
- wcscmp (Address: 0x18006a6d8)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x18006a6f8)
- EnableTraceEx2 (Address: 0x18006a6e8)
- StartTraceW (Address: 0x18006a6f0)
api-ms-win-eventing-legacy-l1-1-0.dll
- QueryTraceW (Address: 0x18006a708)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x18006a718)
- EventRegister (Address: 0x18006a738)
- EventSetInformation (Address: 0x18006a730)
- EventUnregister (Address: 0x18006a720)
- EventWriteTransfer (Address: 0x18006a728)
api-ms-win-oobe-notification-l1-1-0.dll
- RegisterWaitUntilOOBECompleted (Address: 0x18006a748)
- UnregisterWaitUntilOOBECompleted (Address: 0x18006a750)
api-ms-win-power-base-l1-1-0.dll
- CallNtPowerInformation (Address: 0x18006a760)
- PowerRegisterSuspendResumeNotification (Address: 0x18006a770)
- PowerUnregisterSuspendResumeNotification (Address: 0x18006a768)
api-ms-win-power-setting-l1-1-0.dll
- PowerSettingRegisterNotification (Address: 0x18006a788)
- PowerSettingUnregisterNotification (Address: 0x18006a780)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x18006a7a8)
- AllocateAndInitializeSid (Address: 0x18006a7a0)
- CheckTokenMembership (Address: 0x18006a7c0)
- DuplicateTokenEx (Address: 0x18006a798)
- FreeSid (Address: 0x18006a7b0)
- GetTokenInformation (Address: 0x18006a7c8)
- PrivilegeCheck (Address: 0x18006a7b8)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18006a7d8)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x18006a7f0)
- SetServiceStatus (Address: 0x18006a7e8)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x18006a800)
- OpenSCManagerW (Address: 0x18006a808)
- OpenServiceW (Address: 0x18006a810)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x18006a820)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x18006a830)
combase.dll
- (Address: 0x18006a840)
- (Address: 0x18006a848)
- (Address: 0x18006a850)
- (Address: 0x18006a858)
CRYPT32.dll
- CertVerifyCertificateChainPolicy (Address: 0x180069e10)
msvcp_win.dll
- _Cnd_broadcast (Address: 0x18006a9c8)
- _Cnd_destroy_in_situ (Address: 0x18006a9c0)
- _Cnd_do_broadcast_at_thread_exit (Address: 0x18006a9a8)
- _Cnd_init_in_situ (Address: 0x18006a9b8)
- _Cnd_wait (Address: 0x18006a9d8)
- _Mtx_destroy_in_situ (Address: 0x18006a880)
- _Mtx_init_in_situ (Address: 0x18006a878)
- _Mtx_lock (Address: 0x18006a870)
- _Mtx_unlock (Address: 0x18006a890)
- _Thrd_detach (Address: 0x18006a9a0)
- _Xtime_get_ticks (Address: 0x18006a8b8)
- ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ (Address: 0x18006a958)
- ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ (Address: 0x18006a940)
- ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ (Address: 0x18006a8f8)
- ?_Throw_C_error@std@@YAXH@Z (Address: 0x18006a868)
- ?_Throw_Cpp_error@std@@YAXH@Z (Address: 0x18006a9b0)
- ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ (Address: 0x18006a960)
- ?_Xbad_alloc@std@@YAXXZ (Address: 0x18006a9e0)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x18006a898)
- ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ (Address: 0x18006a928)
- ??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z (Address: 0x18006a930)
- ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ (Address: 0x18006a8c0)
- ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ (Address: 0x18006a900)
- ??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ (Address: 0x18006a938)
- ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ (Address: 0x18006a8c8)
- ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z (Address: 0x18006a948)
- ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ (Address: 0x18006a920)
- ?flags@ios_base@std@@QEBAHXZ (Address: 0x18006a8a0)
- ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ (Address: 0x18006a950)
- ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z (Address: 0x18006a8f0)
- ?good@ios_base@std@@QEBA_NXZ (Address: 0x18006a888)
- ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x18006a8e0)
- ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z (Address: 0x18006a968)
- ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ (Address: 0x18006a8e8)
- ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ (Address: 0x18006a918)
- ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z (Address: 0x18006a970)
- ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z (Address: 0x18006a908)
- ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ (Address: 0x18006a978)
- ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z (Address: 0x18006a8d0)
- ?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z (Address: 0x18006a8d8)
- ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ (Address: 0x18006a980)
- ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ (Address: 0x18006a910)
- ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ (Address: 0x18006a988)
- ?uncaught_exception@std@@YA_NXZ (Address: 0x18006a9d0)
- ?width@ios_base@std@@QEAA_J_J@Z (Address: 0x18006a8b0)
- ?width@ios_base@std@@QEBA_JXZ (Address: 0x18006a8a8)
- ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z (Address: 0x18006a990)
- ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z (Address: 0x18006a998)
ntdll.dll
- DbgPrintEx (Address: 0x18006a9f0)
- LdrAddRefDll (Address: 0x18006aa58)
- LdrUnloadDll (Address: 0x18006aa50)
- NtIsSystemResumeAutomatic (Address: 0x18006aa40)
- NtPowerInformation (Address: 0x18006aa48)
- NtQueryWnfStateData (Address: 0x18006aa30)
- RtlAllocateHeap (Address: 0x18006aa10)
- RtlFreeHeap (Address: 0x18006aa08)
- RtlNtStatusToDosError (Address: 0x18006aa60)
- RtlPublishWnfStateData (Address: 0x18006aa20)
- RtlRaiseStatus (Address: 0x18006a9f8)
- RtlRandomEx (Address: 0x18006aa18)
- RtlReAllocateHeap (Address: 0x18006aa00)
- RtlSubscribeWnfStateChangeNotification (Address: 0x18006aa38)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x18006aa28)
OLEAUT32.dll
- SysAllocString (Address: 0x180069e28)
- SysFreeString (Address: 0x180069e30)
- SysStringLen (Address: 0x180069e20)
- VarBstrCmp (Address: 0x180069e50)
- VariantChangeType (Address: 0x180069e60)
- VariantClear (Address: 0x180069e48)
- VariantCopy (Address: 0x180069e58)
- VariantInit (Address: 0x180069e38)
- VariantTimeToSystemTime (Address: 0x180069e40)
- VarUI4FromStr (Address: 0x180069e68)
profapi.dll
- (Address: 0x18006aa70)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x180069ea0)
- NdrClientCall3 (Address: 0x180069e98)
- RpcBindingFree (Address: 0x180069e90)
- RpcBindingFromStringBindingW (Address: 0x180069eb0)
- RpcBindingSetAuthInfoExW (Address: 0x180069e80)
- RpcStringBindingComposeW (Address: 0x180069e78)
- RpcStringFreeW (Address: 0x180069e88)
- UuidCreate (Address: 0x180069ea8)
UMPDC.dll
- PdcTaskClientRegister (Address: 0x180069ec8)
- PdcTaskClientRequest (Address: 0x180069ed0)
- PdcTaskClientUnregister (Address: 0x180069ec0)
UpdatePolicy.dll
- ReadPolicy (Address: 0x180069ef8)
- ReadPolicyWithFallback (Address: 0x180069ef0)
- ReleaseEnterprisePolicyValue (Address: 0x180069ee8)
- ReleaseUpdatePolicyValue (Address: 0x180069ee0)