wevtsvc.dll
Description: Event Logging Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6280
Architecture: 64-bit
Operating System: Windows NT
SHA256: 73742a2272138af946d36949e4515656
File Size: 1.8 MB
Uploaded At: Dec. 1, 2025, 7:42 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x50be0)
- SvchostPushServiceGlobalsEx (Ordinal: 2, Address: 0x5c1b0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800f1f28)
api-ms-win-core-datetime-l1-1-0.dll
- GetDateFormatW (Address: 0x1800f1f40)
- GetTimeFormatW (Address: 0x1800f1f38)
api-ms-win-core-datetime-l1-1-1.dll
- GetDateFormatEx (Address: 0x1800f1f50)
- GetTimeFormatEx (Address: 0x1800f1f58)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800f1f70)
- IsDebuggerPresent (Address: 0x1800f1f78)
- OutputDebugStringW (Address: 0x1800f1f68)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800f1f88)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1800f1f98)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800f1fc0)
- SetLastError (Address: 0x1800f1fb8)
- SetUnhandledExceptionFilter (Address: 0x1800f1fb0)
- UnhandledExceptionFilter (Address: 0x1800f1fa8)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x1800f2050)
- CreateDirectoryW (Address: 0x1800f2000)
- CreateFileW (Address: 0x1800f2048)
- DeleteFileW (Address: 0x1800f2028)
- FileTimeToLocalFileTime (Address: 0x1800f2030)
- FlushFileBuffers (Address: 0x1800f1fe8)
- GetDiskFreeSpaceExW (Address: 0x1800f1fd8)
- GetFileAttributesExW (Address: 0x1800f2060)
- GetFileAttributesW (Address: 0x1800f2068)
- GetFileInformationByHandle (Address: 0x1800f2038)
- GetFileSize (Address: 0x1800f1ff0)
- GetFileSizeEx (Address: 0x1800f2040)
- GetFileType (Address: 0x1800f2010)
- GetTempFileNameW (Address: 0x1800f2020)
- LocalFileTimeToFileTime (Address: 0x1800f2018)
- ReadFile (Address: 0x1800f1fd0)
- SetEndOfFile (Address: 0x1800f1fe0)
- SetFilePointer (Address: 0x1800f2058)
- SetFilePointerEx (Address: 0x1800f2008)
- WriteFile (Address: 0x1800f1ff8)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x1800f2078)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x1800f2088)
- ReOpenFile (Address: 0x1800f2090)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800f20a0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800f20c8)
- HeapAlloc (Address: 0x1800f20c0)
- HeapDestroy (Address: 0x1800f20b0)
- HeapFree (Address: 0x1800f20d8)
- HeapReAlloc (Address: 0x1800f20b8)
- HeapSize (Address: 0x1800f20d0)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1800f20e8)
- LocalFree (Address: 0x1800f20f0)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1800f2100)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- PulseEvent (Address: 0x1800f2110)
api-ms-win-core-libraryloader-l1-2-0.dll
- FindResourceExW (Address: 0x1800f2150)
- FreeLibrary (Address: 0x1800f2120)
- FreeResource (Address: 0x1800f2170)
- GetModuleFileNameA (Address: 0x1800f2138)
- GetModuleFileNameW (Address: 0x1800f2168)
- GetModuleHandleExW (Address: 0x1800f2160)
- GetModuleHandleW (Address: 0x1800f2140)
- GetProcAddress (Address: 0x1800f2148)
- LoadLibraryExW (Address: 0x1800f2128)
- LoadResource (Address: 0x1800f2178)
- LockResource (Address: 0x1800f2130)
- SizeofResource (Address: 0x1800f2158)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800f2188)
- GetSystemDefaultLangID (Address: 0x1800f21b0)
- GetThreadLocale (Address: 0x1800f2190)
- GetThreadPreferredUILanguages (Address: 0x1800f21a0)
- GetThreadUILanguage (Address: 0x1800f2198)
- SetThreadPreferredUILanguages (Address: 0x1800f21b8)
- SetThreadUILanguage (Address: 0x1800f21a8)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1800f21d0)
- MapViewOfFile (Address: 0x1800f21c8)
- UnmapViewOfFile (Address: 0x1800f21d8)
api-ms-win-core-perfcounters-l1-1-0.dll
- PerfCreateInstance (Address: 0x1800f21f8)
- PerfDeleteInstance (Address: 0x1800f2200)
- PerfSetCounterRefValue (Address: 0x1800f21f0)
- PerfSetCounterSetInfo (Address: 0x1800f2208)
- PerfStartProviderEx (Address: 0x1800f2210)
- PerfStopProvider (Address: 0x1800f21e8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800f2228)
- GetCurrentDirectoryW (Address: 0x1800f2230)
- GetEnvironmentVariableW (Address: 0x1800f2238)
- SearchPathW (Address: 0x1800f2220)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x1800f2248)
- GetCurrentProcess (Address: 0x1800f2270)
- GetCurrentProcessId (Address: 0x1800f22a8)
- GetCurrentThread (Address: 0x1800f2250)
- GetCurrentThreadId (Address: 0x1800f2280)
- OpenProcessToken (Address: 0x1800f2268)
- OpenThreadToken (Address: 0x1800f2288)
- SetThreadToken (Address: 0x1800f2278)
- TerminateProcess (Address: 0x1800f2258)
- TlsAlloc (Address: 0x1800f22a0)
- TlsFree (Address: 0x1800f2260)
- TlsGetValue (Address: 0x1800f2298)
- TlsSetValue (Address: 0x1800f2290)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1800f22c0)
- OpenProcess (Address: 0x1800f22b8)
api-ms-win-core-processthreads-l1-1-3.dll
- SetThreadDescription (Address: 0x1800f22d0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800f22e0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800f2338)
- RegCreateKeyExW (Address: 0x1800f2310)
- RegDeleteKeyExW (Address: 0x1800f2320)
- RegDeleteValueW (Address: 0x1800f2308)
- RegEnumKeyExW (Address: 0x1800f2340)
- RegGetKeySecurity (Address: 0x1800f2330)
- RegGetValueW (Address: 0x1800f2348)
- RegNotifyChangeKeyValue (Address: 0x1800f2300)
- RegOpenKeyExW (Address: 0x1800f22f0)
- RegQueryInfoKeyW (Address: 0x1800f2318)
- RegQueryValueExW (Address: 0x1800f2328)
- RegSetValueExW (Address: 0x1800f22f8)
api-ms-win-core-state-helpers-l1-1-0.dll
- GetRegistryValueWithFallbackW (Address: 0x1800f2358)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1800f2370)
- MultiByteToWideChar (Address: 0x1800f2378)
- WideCharToMultiByte (Address: 0x1800f2368)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800f2390)
- AcquireSRWLockShared (Address: 0x1800f23b0)
- CancelWaitableTimer (Address: 0x1800f23f8)
- CreateEventW (Address: 0x1800f23f0)
- CreateMutexExW (Address: 0x1800f2418)
- CreateSemaphoreExW (Address: 0x1800f2410)
- CreateWaitableTimerExW (Address: 0x1800f2420)
- DeleteCriticalSection (Address: 0x1800f2430)
- EnterCriticalSection (Address: 0x1800f2408)
- InitializeCriticalSection (Address: 0x1800f2438)
- InitializeCriticalSectionAndSpinCount (Address: 0x1800f2448)
- InitializeCriticalSectionEx (Address: 0x1800f23d8)
- InitializeSRWLock (Address: 0x1800f23d0)
- LeaveCriticalSection (Address: 0x1800f23e0)
- OpenEventW (Address: 0x1800f2450)
- OpenSemaphoreW (Address: 0x1800f23a0)
- ReleaseMutex (Address: 0x1800f23b8)
- ReleaseSemaphore (Address: 0x1800f2400)
- ReleaseSRWLockExclusive (Address: 0x1800f23a8)
- ReleaseSRWLockShared (Address: 0x1800f23c0)
- ResetEvent (Address: 0x1800f2398)
- SetEvent (Address: 0x1800f2458)
- SetWaitableTimer (Address: 0x1800f2440)
- TryAcquireSRWLockExclusive (Address: 0x1800f23e8)
- WaitForMultipleObjectsEx (Address: 0x1800f2428)
- WaitForSingleObject (Address: 0x1800f23c8)
- WaitForSingleObjectEx (Address: 0x1800f2388)
api-ms-win-core-synch-l1-2-0.dll
- InitializeConditionVariable (Address: 0x1800f2490)
- InitOnceBeginInitialize (Address: 0x1800f2480)
- InitOnceComplete (Address: 0x1800f2498)
- Sleep (Address: 0x1800f2488)
- SleepConditionVariableCS (Address: 0x1800f2468)
- SleepConditionVariableSRW (Address: 0x1800f2470)
- WakeAllConditionVariable (Address: 0x1800f2478)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1800f24c0)
- GetLocalTime (Address: 0x1800f24d0)
- GetSystemInfo (Address: 0x1800f24b0)
- GetSystemTime (Address: 0x1800f24e0)
- GetSystemTimeAsFileTime (Address: 0x1800f24c8)
- GetTickCount (Address: 0x1800f24a8)
- GetTickCount64 (Address: 0x1800f24d8)
- GetVersionExW (Address: 0x1800f24e8)
- GlobalMemoryStatusEx (Address: 0x1800f24b8)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetOsSafeBootMode (Address: 0x1800f24f8)
api-ms-win-core-threadpool-l1-2-0.dll
- CancelThreadpoolIo (Address: 0x1800f2590)
- CloseThreadpoolCleanupGroup (Address: 0x1800f2508)
- CloseThreadpoolCleanupGroupMembers (Address: 0x1800f2510)
- CloseThreadpoolIo (Address: 0x1800f2588)
- CloseThreadpoolTimer (Address: 0x1800f25a0)
- CloseThreadpoolWait (Address: 0x1800f2580)
- CloseThreadpoolWork (Address: 0x1800f2528)
- CreateThreadpoolCleanupGroup (Address: 0x1800f2540)
- CreateThreadpoolIo (Address: 0x1800f2550)
- CreateThreadpoolTimer (Address: 0x1800f2560)
- CreateThreadpoolWait (Address: 0x1800f2570)
- CreateThreadpoolWork (Address: 0x1800f2518)
- FreeLibraryWhenCallbackReturns (Address: 0x1800f2530)
- SetThreadpoolTimer (Address: 0x1800f2558)
- SetThreadpoolWait (Address: 0x1800f2568)
- StartThreadpoolIo (Address: 0x1800f2538)
- SubmitThreadpoolWork (Address: 0x1800f2598)
- WaitForThreadpoolIoCallbacks (Address: 0x1800f2578)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800f2520)
- WaitForThreadpoolWaitCallbacks (Address: 0x1800f2548)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x1800f25b0)
- GetTimeZoneInformation (Address: 0x1800f25c0)
- SystemTimeToFileTime (Address: 0x1800f25b8)
- SystemTimeToTzSpecificLocalTime (Address: 0x1800f25c8)
api-ms-win-core-version-l1-1-0.dll
- GetFileVersionInfoExW (Address: 0x1800f25e0)
- GetFileVersionInfoSizeExW (Address: 0x1800f25e8)
- VerQueryValueW (Address: 0x1800f25d8)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x1800f27f8)
- __CxxFrameHandler3 (Address: 0x1800f2750)
- __CxxFrameHandler4 (Address: 0x1800f2808)
- __std_terminate (Address: 0x1800f2800)
- _CxxThrowException (Address: 0x1800f2820)
- _o___std_exception_copy (Address: 0x1800f27c8)
- _o___std_exception_destroy (Address: 0x1800f27c0)
- _o___std_type_info_destroy_list (Address: 0x1800f27b8)
- _o___stdio_common_vsnprintf_s (Address: 0x1800f27b0)
- _o___stdio_common_vsnwprintf_s (Address: 0x1800f27a8)
- _o___stdio_common_vsprintf (Address: 0x1800f27a0)
- _o___stdio_common_vsprintf_s (Address: 0x1800f2798)
- _o___stdio_common_vswprintf (Address: 0x1800f2790)
- _o___stdio_common_vswprintf_s (Address: 0x1800f2788)
- _o___stdio_common_vswscanf (Address: 0x1800f2780)
- _o__cexit (Address: 0x1800f2838)
- _o__configure_narrow_argv (Address: 0x1800f2818)
- _o__crt_atexit (Address: 0x1800f2810)
- _o__errno (Address: 0x1800f27d8)
- _o__execute_onexit_table (Address: 0x1800f27d0)
- _o__i64tow_s (Address: 0x1800f2778)
- _o__initialize_narrow_environment (Address: 0x1800f2770)
- _o__initialize_onexit_table (Address: 0x1800f2768)
- _o__invalid_parameter_noinfo (Address: 0x1800f2760)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1800f2758)
- _o__itow_s (Address: 0x1800f25f8)
- _o__purecall (Address: 0x1800f2600)
- _o__register_onexit_function (Address: 0x1800f2608)
- _o__seh_filter_dll (Address: 0x1800f2610)
- _o__set_errno (Address: 0x1800f2618)
- _o__strnicmp (Address: 0x1800f2620)
- _o__ui64tow_s (Address: 0x1800f2628)
- _o__ultow_s (Address: 0x1800f2630)
- _o__wcsicmp (Address: 0x1800f2638)
- _o__wcsnicmp (Address: 0x1800f2640)
- _o__wcstoi64 (Address: 0x1800f2648)
- _o__wcstoui64 (Address: 0x1800f2650)
- _o__wfopen (Address: 0x1800f2658)
- _o__wtof (Address: 0x1800f2668)
- _o__wtoi (Address: 0x1800f2670)
- _o__wtoi64 (Address: 0x1800f2678)
- _o__wtol (Address: 0x1800f2680)
- _o_bsearch (Address: 0x1800f2688)
- _o_calloc (Address: 0x1800f2690)
- _o_fclose (Address: 0x1800f2698)
- _o_fgetws (Address: 0x1800f26a0)
- _o_free (Address: 0x1800f26a8)
- _o_iswalnum (Address: 0x1800f26b0)
- _o_iswalpha (Address: 0x1800f26b8)
- _o_iswdigit (Address: 0x1800f26c0)
- _o_iswspace (Address: 0x1800f26c8)
- _o_malloc (Address: 0x1800f26d0)
- _o_memcpy_s (Address: 0x1800f26d8)
- _o_qsort (Address: 0x1800f26e0)
- _o_strncpy_s (Address: 0x1800f26e8)
- _o_strtol (Address: 0x1800f26f0)
- _o_terminate (Address: 0x1800f26f8)
- _o_toupper (Address: 0x1800f2700)
- _o_towupper (Address: 0x1800f2708)
- _o_wcscpy_s (Address: 0x1800f2710)
- _o_wcsncpy_s (Address: 0x1800f2718)
- _o_wcstod (Address: 0x1800f2720)
- _o_wcstok_s (Address: 0x1800f2728)
- _o_wcstol (Address: 0x1800f2730)
- _o_wcstoul (Address: 0x1800f2738)
- memcmp (Address: 0x1800f2828)
- memcpy (Address: 0x1800f2830)
- memmove (Address: 0x1800f2660)
- strchr (Address: 0x1800f27e8)
- strrchr (Address: 0x1800f27e0)
- wcschr (Address: 0x1800f27f0)
- wcsrchr (Address: 0x1800f2740)
- wcsstr (Address: 0x1800f2748)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1800f2850)
- _initterm_e (Address: 0x1800f2848)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x1800f2888)
- strncmp (Address: 0x1800f2860)
- strnlen (Address: 0x1800f2890)
- wcscmp (Address: 0x1800f2898)
- wcscspn (Address: 0x1800f2878)
- wcsncmp (Address: 0x1800f2870)
- wcsnlen (Address: 0x1800f28a0)
- wcspbrk (Address: 0x1800f2868)
- wcsspn (Address: 0x1800f2880)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800f28c0)
- GetTraceEnableLevel (Address: 0x1800f28b0)
- GetTraceLoggerHandle (Address: 0x1800f28d8)
- RegisterTraceGuidsW (Address: 0x1800f28d0)
- TraceMessage (Address: 0x1800f28b8)
- UnregisterTraceGuids (Address: 0x1800f28c8)
api-ms-win-eventing-consumer-l1-1-0.dll
- CloseTrace (Address: 0x1800f28f8)
- OpenTraceW (Address: 0x1800f28f0)
- ProcessTrace (Address: 0x1800f28e8)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x1800f2908)
- EnableTraceEx2 (Address: 0x1800f2910)
- StartTraceW (Address: 0x1800f2918)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1800f2950)
- EventProviderEnabled (Address: 0x1800f2938)
- EventRegister (Address: 0x1800f2930)
- EventSetInformation (Address: 0x1800f2928)
- EventUnregister (Address: 0x1800f2948)
- EventWriteTransfer (Address: 0x1800f2940)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x1800f29e8)
- AccessCheckAndAuditAlarmW (Address: 0x1800f2970)
- AddAce (Address: 0x1800f29d8)
- AdjustTokenPrivileges (Address: 0x1800f2a30)
- AllocateAndInitializeSid (Address: 0x1800f29c8)
- CreateWellKnownSid (Address: 0x1800f2a28)
- FreeSid (Address: 0x1800f2a20)
- GetAce (Address: 0x1800f29a8)
- GetAclInformation (Address: 0x1800f2988)
- GetLengthSid (Address: 0x1800f2998)
- GetSecurityDescriptorControl (Address: 0x1800f29b0)
- GetSecurityDescriptorDacl (Address: 0x1800f29a0)
- GetSecurityDescriptorGroup (Address: 0x1800f29f8)
- GetSecurityDescriptorLength (Address: 0x1800f2980)
- GetSecurityDescriptorOwner (Address: 0x1800f29e0)
- GetSecurityDescriptorSacl (Address: 0x1800f2978)
- GetTokenInformation (Address: 0x1800f2a38)
- InitializeAcl (Address: 0x1800f2990)
- InitializeSecurityDescriptor (Address: 0x1800f2a00)
- IsValidSecurityDescriptor (Address: 0x1800f29c0)
- IsValidSid (Address: 0x1800f29f0)
- IsWellKnownSid (Address: 0x1800f2960)
- MakeSelfRelativeSD (Address: 0x1800f29b8)
- MapGenericMask (Address: 0x1800f29d0)
- PrivilegeCheck (Address: 0x1800f2968)
- SetSecurityDescriptorDacl (Address: 0x1800f2a08)
- SetSecurityDescriptorGroup (Address: 0x1800f2a18)
- SetSecurityDescriptorOwner (Address: 0x1800f2a10)
api-ms-win-security-base-l1-2-0.dll
- CheckTokenMembershipEx (Address: 0x1800f2a48)
api-ms-win-security-isolatedcontainer-l1-1-1.dll
- IsProcessInWDAGContainer (Address: 0x1800f2a58)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSecurityDescriptorToStringSecurityDescriptorW (Address: 0x1800f2a68)
- ConvertSidToStringSidW (Address: 0x1800f2a78)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800f2a70)
- ConvertStringSidToSidW (Address: 0x1800f2a80)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x1800f2a98)
- SetServiceStatus (Address: 0x1800f2a90)
api-ms-win-service-core-l1-1-3.dll
- GetServiceRegistryStateKey (Address: 0x1800f2aa8)
api-ms-win-service-core-l1-1-4.dll
- GetServiceDirectory (Address: 0x1800f2ab8)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x1800f2ad0)
- BCryptCreateHash (Address: 0x1800f2af8)
- BCryptDestroyHash (Address: 0x1800f2ad8)
- BCryptFinishHash (Address: 0x1800f2ae0)
- BCryptGetProperty (Address: 0x1800f2af0)
- BCryptHashData (Address: 0x1800f2ae8)
- BCryptOpenAlgorithmProvider (Address: 0x1800f2ac8)
msvcp_win.dll
- _Mtx_destroy_in_situ (Address: 0x1800f2b20)
- _Mtx_init_in_situ (Address: 0x1800f2b10)
- _Mtx_lock (Address: 0x1800f2b18)
- _Mtx_unlock (Address: 0x1800f2b08)
- ?_Throw_C_error@std@@YAXH@Z (Address: 0x1800f2b38)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x1800f2b28)
- ?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x1800f2b30)
ntdll.dll
- NtClose (Address: 0x1800f2b88)
- NtCreateFile (Address: 0x1800f2c78)
- NtDeleteFile (Address: 0x1800f2b68)
- NtDuplicateObject (Address: 0x1800f2be0)
- NtOpenProcess (Address: 0x1800f2bd0)
- NtQueryAttributesFile (Address: 0x1800f2c90)
- NtQueryInformationProcess (Address: 0x1800f2c50)
- NtQuerySystemInformation (Address: 0x1800f2b48)
- NtQuerySystemTime (Address: 0x1800f2ca0)
- NtQueryVolumeInformationFile (Address: 0x1800f2c18)
- NtReadFile (Address: 0x1800f2c08)
- NtSetInformationFile (Address: 0x1800f2c30)
- NtWriteFile (Address: 0x1800f2c10)
- RtlAcquireSRWLockExclusive (Address: 0x1800f2b70)
- RtlAcquireSRWLockShared (Address: 0x1800f2b78)
- RtlAnsiStringToUnicodeString (Address: 0x1800f2bc8)
- RtlCaptureContext (Address: 0x1800f2c48)
- RtlComputeCrc32 (Address: 0x1800f2c20)
- RtlDeleteCriticalSection (Address: 0x1800f2c80)
- RtlDeleteElementGenericTableAvl (Address: 0x1800f2ba0)
- RtlDosPathNameToNtPathName_U (Address: 0x1800f2b58)
- RtlEnterCriticalSection (Address: 0x1800f2ca8)
- RtlEnumerateGenericTableAvl (Address: 0x1800f2be8)
- RtlEthernetAddressToStringW (Address: 0x1800f2bb8)
- RtlFreeUnicodeString (Address: 0x1800f2b50)
- RtlGetLastNtStatus (Address: 0x1800f2cb0)
- RtlGetPersistedStateLocation (Address: 0x1800f2bf8)
- RtlGetVersion (Address: 0x1800f2cc8)
- RtlInitializeCriticalSection (Address: 0x1800f2cb8)
- RtlInitializeGenericTableAvl (Address: 0x1800f2bf0)
- RtlInitUnicodeString (Address: 0x1800f2bd8)
- RtlInsertElementGenericTableAvl (Address: 0x1800f2b98)
- RtlIpv4AddressToStringExW (Address: 0x1800f2ba8)
- RtlIpv6AddressToStringExW (Address: 0x1800f2bb0)
- RtlIpv6AddressToStringW (Address: 0x1800f2bc0)
- RtlLeaveCriticalSection (Address: 0x1800f2cc0)
- RtlLengthSid (Address: 0x1800f2cd0)
- RtlLookupElementGenericTableAvl (Address: 0x1800f2b90)
- RtlLookupFunctionEntry (Address: 0x1800f2c40)
- RtlNtStatusToDosError (Address: 0x1800f2c70)
- RtlNtStatusToDosErrorNoTeb (Address: 0x1800f2c98)
- RtlReleaseSRWLockExclusive (Address: 0x1800f2b60)
- RtlReleaseSRWLockShared (Address: 0x1800f2b80)
- RtlSecondsSince1970ToTime (Address: 0x1800f2c68)
- RtlSetLastWin32Error (Address: 0x1800f2c00)
- RtlSetLastWin32ErrorAndNtStatusFromNtStatus (Address: 0x1800f2c28)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800f2c60)
- RtlTimeToSecondsSince1970 (Address: 0x1800f2c88)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800f2c58)
- RtlVirtualUnwind (Address: 0x1800f2c38)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x1800f1e50)
- I_RpcBindingIsClientLocal (Address: 0x1800f1e58)
- I_RpcMapWin32Status (Address: 0x1800f1d98)
- Ndr64AsyncServerCallAll (Address: 0x1800f1dd0)
- NdrAsyncServerCall (Address: 0x1800f1d90)
- NdrServerCall2 (Address: 0x1800f1dd8)
- NdrServerCallAll (Address: 0x1800f1e40)
- RpcAsyncCompleteCall (Address: 0x1800f1da0)
- RpcBindingToStringBindingW (Address: 0x1800f1dc8)
- RpcBindingVectorFree (Address: 0x1800f1da8)
- RpcEpRegisterW (Address: 0x1800f1e28)
- RpcEpUnregister (Address: 0x1800f1e20)
- RpcImpersonateClient (Address: 0x1800f1e00)
- RpcRevertToSelf (Address: 0x1800f1e08)
- RpcRevertToSelfEx (Address: 0x1800f1e48)
- RpcServerInqBindings (Address: 0x1800f1e38)
- RpcServerInqCallAttributesW (Address: 0x1800f1e30)
- RpcServerRegisterAuthInfoW (Address: 0x1800f1e18)
- RpcServerRegisterIf3 (Address: 0x1800f1de0)
- RpcServerRegisterIfEx (Address: 0x1800f1df8)
- RpcServerSubscribeForNotification (Address: 0x1800f1e60)
- RpcServerUnregisterIfEx (Address: 0x1800f1dc0)
- RpcServerUnsubscribeForNotification (Address: 0x1800f1e68)
- RpcServerUseProtseqEpW (Address: 0x1800f1db8)
- RpcServerUseProtseqExW (Address: 0x1800f1db0)
- RpcStringBindingParseW (Address: 0x1800f1df0)
- RpcStringFreeW (Address: 0x1800f1de8)
- UuidCreate (Address: 0x1800f1e10)
USERENV.dll
- EnterCriticalPolicySection (Address: 0x1800f1e88)
- LeaveCriticalPolicySection (Address: 0x1800f1e78)
- RegisterGPNotification (Address: 0x1800f1e90)
- UnregisterGPNotification (Address: 0x1800f1e80)
WS2_32.dll
- bind (Address: 0x1800f1f10)
- closesocket (Address: 0x1800f1f18)
- getpeername (Address: 0x1800f1ee8)
- listen (Address: 0x1800f1ef0)
- ntohl (Address: 0x1800f1ea8)
- ntohs (Address: 0x1800f1ed0)
- setsockopt (Address: 0x1800f1ec0)
- WSAAddressToStringW (Address: 0x1800f1ec8)
- WSACleanup (Address: 0x1800f1eb8)
- WSAGetLastError (Address: 0x1800f1eb0)
- WSAIoctl (Address: 0x1800f1ee0)
- WSARecv (Address: 0x1800f1f08)
- WSASend (Address: 0x1800f1ed8)
- WSASocketW (Address: 0x1800f1f00)
- WSAStartup (Address: 0x1800f1ea0)
- WSAStringToAddressW (Address: 0x1800f1ef8)