apphelp.dll

Description: Application Compatibility Client Library

Version: 10.0.19041.6157

Architecture: 64-bit

Operating System: Windows NT

SHA256: 9ac3ea9a7b061460d621983ae4bebf4d

File Size: 577.0 KB

Uploaded At: Dec. 1, 2025, 7:22 a.m.

Views: 17

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

(Ordinal: 19, Address: 0x21b80)
(Ordinal: 20, Address: 0xd440)
(Ordinal: 21, Address: 0x215e0)
(Ordinal: 22, Address: 0x21b20)
(Ordinal: 23, Address: 0x10bd0)
(Ordinal: 24, Address: 0x23a00)
(Ordinal: 25, Address: 0x23c50)
(Ordinal: 26, Address: 0x29eb0)
(Ordinal: 27, Address: 0x20c90)
(Ordinal: 28, Address: 0x2af00)
(Ordinal: 29, Address: 0x2e6a0)
(Ordinal: 30, Address: 0x2ea10)
(Ordinal: 31, Address: 0x2dec0)
(Ordinal: 32, Address: 0x2a2e0)
(Ordinal: 33, Address: 0x2a310)
(Ordinal: 34, Address: 0x10cc0)
AllowPermLayer (Ordinal: 35, Address: 0x1ff30)
ApphelpCheckExe (Ordinal: 36, Address: 0x36e00)
ApphelpCheckIME (Ordinal: 37, Address: 0x1e620)
ApphelpCheckInstallShieldPackage (Ordinal: 38, Address: 0x1e670)
ApphelpCheckModule (Ordinal: 39, Address: 0x36e30)
ApphelpCheckMsiPackage (Ordinal: 40, Address: 0x1e8a0)
ApphelpCheckRunApp (Ordinal: 41, Address: 0x37000)
ApphelpCheckRunAppEx (Ordinal: 42, Address: 0x37090)
ApphelpCheckShellObject (Ordinal: 43, Address: 0x3f50)
ApphelpChpeModSettingsFromQueryResult (Ordinal: 44, Address: 0x37fd0)
ApphelpCreateAppcompatData (Ordinal: 45, Address: 0x2290)
ApphelpFixMsiPackage (Ordinal: 46, Address: 0x1eb80)
ApphelpFixMsiPackageExe (Ordinal: 47, Address: 0x1ee50)
ApphelpFreeFileAttributes (Ordinal: 48, Address: 0x20150)
ApphelpGetFileAttributes (Ordinal: 49, Address: 0x20160)
ApphelpGetMsiProperties (Ordinal: 50, Address: 0x1f0f0)
ApphelpGetNTVDMInfo (Ordinal: 51, Address: 0x1f1b0)
ApphelpGetShimDebugLevel (Ordinal: 52, Address: 0x20c20)
ApphelpIsPortMonAllowed (Ordinal: 53, Address: 0x1f300)
ApphelpParseModuleData (Ordinal: 54, Address: 0x374d0)
ApphelpQueryModuleData (Ordinal: 55, Address: 0x37600)
ApphelpQueryModuleDataEx (Ordinal: 56, Address: 0x37640)
ApphelpShowDialog (Ordinal: 57, Address: 0x20170)
ApphelpUpdateCacheEntry (Ordinal: 58, Address: 0x20020)
GetPermLayers (Ordinal: 59, Address: 0x20050)
SE_AddHookset (Ordinal: 60, Address: 0x39260)
SE_CALLBACK_AddHook (Ordinal: 61, Address: 0x393e0)
SE_CALLBACK_Lookup (Ordinal: 62, Address: 0x39490)
SE_COM_AddHook (Ordinal: 63, Address: 0x39510)
SE_COM_AddServer (Ordinal: 64, Address: 0x395a0)
SE_COM_HookInterface (Ordinal: 65, Address: 0x39650)
SE_COM_HookObject (Ordinal: 66, Address: 0x396e0)
SE_COM_Lookup (Ordinal: 67, Address: 0x39770)
SE_DllLoaded (Ordinal: 68, Address: 0x6300)
SE_DllUnloaded (Ordinal: 69, Address: 0x397e0)
SE_DynamicShim (Ordinal: 70, Address: 0x39830)
SE_GetHookAPIs (Ordinal: 71, Address: 0x39b40)
SE_GetMaxShimCount (Ordinal: 72, Address: 0x39ce0)
SE_GetProcAddressForCaller (Ordinal: 73, Address: 0x16d0)
SE_GetProcAddressIgnoreIncExc (Ordinal: 74, Address: 0x39cf0)
SE_GetProcAddressLoad (Ordinal: 75, Address: 0x39d70)
SE_GetShimCount (Ordinal: 76, Address: 0x39dc0)
SE_GetShimId (Ordinal: 77, Address: 0x1cd0)
SE_InitializeEngine (Ordinal: 78, Address: 0x2930)
SE_InstallAfterInit (Ordinal: 79, Address: 0xda00)
SE_InstallBeforeInit (Ordinal: 80, Address: 0xf760)
SE_IsShimDll (Ordinal: 81, Address: 0x39ed0)
SE_LdrEntryRemoved (Ordinal: 82, Address: 0xdd90)
SE_LdrResolveDllName (Ordinal: 83, Address: 0xecc0)
SE_LookupAddress (Ordinal: 84, Address: 0x39f30)
SE_LookupCaller (Ordinal: 85, Address: 0x3a040)
SE_ProcessDying (Ordinal: 86, Address: 0x3a1e0)
SE_ShimDPF (Ordinal: 87, Address: 0xe300)
SE_ShimDllLoaded (Ordinal: 88, Address: 0x1c60)
SE_WINRT_AddHook (Ordinal: 89, Address: 0x3a270)
SE_WINRT_HookObject (Ordinal: 90, Address: 0x3a390)
SdbAddLayerTagRefToQuery (Ordinal: 91, Address: 0x14f0)
SdbApphelpNotify (Ordinal: 92, Address: 0x25fd0)
SdbApphelpNotifyEx (Ordinal: 93, Address: 0x26050)
SdbApphelpNotifyEx2 (Ordinal: 94, Address: 0x260d0)
SdbBeginWriteListTag (Ordinal: 95, Address: 0x21630)
SdbBuildCompatEnvVariables (Ordinal: 96, Address: 0x29ab0)
SdbCloseApphelpInformation (Ordinal: 97, Address: 0x262b0)
SdbCloseDatabase (Ordinal: 98, Address: 0x4e90)
SdbCloseDatabaseWrite (Ordinal: 99, Address: 0x21930)
SdbCloseLocalDatabase (Ordinal: 100, Address: 0x2b3b0)
SdbCommitIndexes (Ordinal: 101, Address: 0x21940)
SdbCreateDatabase (Ordinal: 102, Address: 0x21a00)
SdbCreateHelpCenterURL (Ordinal: 103, Address: 0x26380)
SdbCreateMsiTransformFile (Ordinal: 104, Address: 0x2bd60)
SdbDeclareIndex (Ordinal: 105, Address: 0x21b60)
SdbDeletePermLayerKeys (Ordinal: 106, Address: 0x29d50)
SdbDumpSearchPathPartCaches (Ordinal: 107, Address: 0x201b0)
SdbEndWriteListTag (Ordinal: 108, Address: 0x21f30)
SdbEnumMsiTransforms (Ordinal: 109, Address: 0x2bec0)
SdbEscapeApphelpURL (Ordinal: 110, Address: 0x26a80)
SdbFindCustomActionForPackage (Ordinal: 111, Address: 0x2c070)
SdbFindFirstDWORDIndexedTag (Ordinal: 112, Address: 0x2cdf0)
SdbFindFirstGUIDIndexedTag (Ordinal: 113, Address: 0x2cec0)
SdbFindFirstMsiPackage (Ordinal: 114, Address: 0x2c150)
SdbFindFirstMsiPackage_Str (Ordinal: 115, Address: 0x2c1c0)
SdbFindFirstNamedTag (Ordinal: 116, Address: 0x9140)
SdbFindFirstStringIndexedTag (Ordinal: 117, Address: 0xd390)
SdbFindFirstTag (Ordinal: 118, Address: 0x9430)
SdbFindFirstTagRef (Ordinal: 119, Address: 0x7d40)
SdbFindMsiPackageByID (Ordinal: 120, Address: 0x2c250)
SdbFindNextDWORDIndexedTag (Ordinal: 121, Address: 0x2cf90)
SdbFindNextGUIDIndexedTag (Ordinal: 122, Address: 0x2cfd0)
SdbFindNextMsiPackage (Ordinal: 123, Address: 0x2c2e0)
SdbFindNextStringIndexedTag (Ordinal: 124, Address: 0x2d010)
SdbFindNextTag (Ordinal: 125, Address: 0x8ed0)
SdbFindNextTagRef (Ordinal: 126, Address: 0xb610)
SdbFormatAttribute (Ordinal: 127, Address: 0x2da00)
SdbFreeDatabaseInformation (Ordinal: 128, Address: 0x2aa90)
SdbFreeFileAttributes (Ordinal: 129, Address: 0x2eb20)
SdbFreeFileInfo (Ordinal: 130, Address: 0x201b0)
SdbFreeFlagInfo (Ordinal: 131, Address: 0x23b60)
SdbGUIDFromString (Ordinal: 132, Address: 0x20c30)
SdbGUIDToString (Ordinal: 133, Address: 0x20c60)
SdbGetAppCompatDataSize (Ordinal: 134, Address: 0x39030)
SdbGetAppPatchDir (Ordinal: 135, Address: 0x2f610)
SdbGetBinaryTagData (Ordinal: 136, Address: 0x7660)
SdbGetDatabaseGUID (Ordinal: 137, Address: 0x23ba0)
SdbGetDatabaseID (Ordinal: 138, Address: 0x7140)
SdbGetDatabaseInformation (Ordinal: 139, Address: 0x2aad0)
SdbGetDatabaseInformationByName (Ordinal: 140, Address: 0x2aae0)
SdbGetDatabaseMatch (Ordinal: 141, Address: 0x313e0)
SdbGetDatabaseVersion (Ordinal: 142, Address: 0x2ad70)
SdbGetDllPath (Ordinal: 143, Address: 0x2b3d0)
SdbGetEntryFlags (Ordinal: 144, Address: 0x35050)
SdbGetFileAttributes (Ordinal: 145, Address: 0x2ebd0)
SdbGetFileImageType (Ordinal: 146, Address: 0x2eed0)
SdbGetFileImageTypeEx (Ordinal: 147, Address: 0x2eef0)
SdbGetFileInfo (Ordinal: 148, Address: 0x20c20)
SdbGetFirstChild (Ordinal: 149, Address: 0x8d30)
SdbGetImageType (Ordinal: 150, Address: 0x2b3f0)
SdbGetIndex (Ordinal: 151, Address: 0xd5e0)
SdbGetItemFromItemRef (Ordinal: 152, Address: 0x7dd0)
SdbGetLayerName (Ordinal: 153, Address: 0x2f680)
SdbGetLayerTagRef (Ordinal: 154, Address: 0x23cf0)
SdbGetLocalPDB (Ordinal: 155, Address: 0x23de0)
SdbGetMatchingExe (Ordinal: 156, Address: 0x2dda0)
SdbGetMsiPackageInformation (Ordinal: 157, Address: 0x2c3a0)
SdbGetNamedLayer (Ordinal: 158, Address: 0x24360)
SdbGetNextChild (Ordinal: 159, Address: 0x8820)
SdbGetNthUserSdb (Ordinal: 160, Address: 0x2f750)
SdbGetPDBFromGUID (Ordinal: 161, Address: 0x243e0)
SdbGetPathCustomSdb (Ordinal: 162, Address: 0x2f7d0)
SdbGetPathSystemSdb (Ordinal: 163, Address: 0x4890)
SdbGetPermLayerKeys (Ordinal: 164, Address: 0x2a020)
SdbGetShowDebugInfoOption (Ordinal: 165, Address: 0x20c20)
SdbGetShowDebugInfoOptionValue (Ordinal: 166, Address: 0x20c20)
SdbGetStandardDatabaseGUID (Ordinal: 167, Address: 0x2f8f0)
SdbGetStringTagPtr (Ordinal: 168, Address: 0x8890)
SdbGetTagDataSize (Ordinal: 169, Address: 0x95d0)
SdbGetTagFromTagID (Ordinal: 170, Address: 0x9b30)
SdbGrabMatchingInfo (Ordinal: 171, Address: 0x35210)
SdbGrabMatchingInfoEx (Ordinal: 172, Address: 0x35240)
SdbInitDatabase (Ordinal: 173, Address: 0x1fee0)
SdbInitDatabaseEx (Ordinal: 174, Address: 0x4c00)
SdbIsDbRuntimePlatformSupportedOnHost (Ordinal: 175, Address: 0x315e0)
SdbIsNullGUID (Ordinal: 176, Address: 0x47c80)
SdbIsStandardDatabase (Ordinal: 177, Address: 0x2f970)
SdbIsTagrefFromLocalDB (Ordinal: 178, Address: 0x24490)
SdbIsTagrefFromMainDB (Ordinal: 179, Address: 0x244b0)
SdbLoadString (Ordinal: 180, Address: 0x26c90)
SdbMakeIndexKeyFromString (Ordinal: 181, Address: 0x2d050)
SdbOpenApphelpDetailsDatabase (Ordinal: 182, Address: 0x26da0)
SdbOpenApphelpDetailsDatabaseSP (Ordinal: 183, Address: 0x20cc0)
SdbOpenApphelpInformation (Ordinal: 184, Address: 0x26e30)
SdbOpenApphelpInformationByID (Ordinal: 185, Address: 0x27070)
SdbOpenApphelpResourceFile (Ordinal: 186, Address: 0x271d0)
SdbOpenDatabase (Ordinal: 187, Address: 0x2b010)
SdbOpenDbFromGuid (Ordinal: 188, Address: 0x272c0)
SdbOpenLocalDatabase (Ordinal: 189, Address: 0x2b4d0)
SdbPackAppCompatData (Ordinal: 190, Address: 0xcbd0)
SdbQueryApphelpInformation (Ordinal: 191, Address: 0x273c0)
SdbQueryBlockUpgrade (Ordinal: 192, Address: 0x247d0)
SdbQueryContext (Ordinal: 193, Address: 0x24860)
SdbQueryData (Ordinal: 194, Address: 0xb410)
SdbQueryDataEx (Ordinal: 195, Address: 0xb360)
SdbQueryDataExTagID (Ordinal: 196, Address: 0xb220)
SdbQueryFlagInfo (Ordinal: 197, Address: 0x24af0)
SdbQueryFlagMask (Ordinal: 198, Address: 0x24b40)
SdbQueryName (Ordinal: 199, Address: 0x363a0)
SdbQueryReinstallUpgrade (Ordinal: 200, Address: 0x25180)
SdbReadApphelpData (Ordinal: 201, Address: 0x276c0)
SdbReadApphelpDetailsData (Ordinal: 202, Address: 0x27830)
SdbReadBYTETag (Ordinal: 203, Address: 0x30ea0)
SdbReadBYTETagRef (Ordinal: 204, Address: 0x30f40)
SdbReadBinaryTag (Ordinal: 205, Address: 0xa8c0)
SdbReadDWORDTag (Ordinal: 206, Address: 0x8730)
SdbReadDWORDTagRef (Ordinal: 207, Address: 0x1680)
SdbReadEntryInformation (Ordinal: 208, Address: 0x31680)
SdbReadMsiTransformInfo (Ordinal: 209, Address: 0x2c520)
SdbReadPatchBits (Ordinal: 210, Address: 0x2b500)
SdbReadQWORDTag (Ordinal: 211, Address: 0xd0d0)
SdbReadQWORDTagRef (Ordinal: 212, Address: 0xd150)
SdbReadStringTag (Ordinal: 213, Address: 0xcfc0)
SdbReadStringTagRef (Ordinal: 214, Address: 0xd050)
SdbReadWORDTag (Ordinal: 215, Address: 0x87a0)
SdbReadWORDTagRef (Ordinal: 216, Address: 0x310b0)
SdbRegisterDatabase (Ordinal: 217, Address: 0x2e020)
SdbRegisterDatabaseEx (Ordinal: 218, Address: 0x2e030)
SdbReleaseDatabase (Ordinal: 219, Address: 0x4d70)
SdbReleaseMatchingExe (Ordinal: 220, Address: 0x252c0)
SdbResolveDatabase (Ordinal: 221, Address: 0x2fa00)
SdbSetApphelpDebugParameters (Ordinal: 222, Address: 0x27c90)
SdbSetEntryFlags (Ordinal: 223, Address: 0x2fe20)
SdbSetImageType (Ordinal: 224, Address: 0x2b700)
SdbSetPermLayerKeys (Ordinal: 225, Address: 0x2a0e0)
SdbShowApphelpDialog (Ordinal: 226, Address: 0x27dd0)
SdbShowApphelpFromQuery (Ordinal: 227, Address: 0x2610)
SdbStartIndexing (Ordinal: 228, Address: 0x227e0)
SdbStopIndexing (Ordinal: 229, Address: 0x22810)
SdbStringDuplicate (Ordinal: 230, Address: 0x20cd0)
SdbStringReplace (Ordinal: 231, Address: 0x20d10)
SdbStringReplaceArray (Ordinal: 232, Address: 0x20d50)
SdbTagIDToTagRef (Ordinal: 233, Address: 0x8050)
SdbTagRefToTagID (Ordinal: 234, Address: 0x9b70)
SdbTagToString (Ordinal: 235, Address: 0x2efb0)
SdbUnpackAppCompatData (Ordinal: 236, Address: 0x2440)
SdbUnpackQueryResult (Ordinal: 237, Address: 0x2520)
SdbUnregisterDatabase (Ordinal: 238, Address: 0x2e830)
SdbWriteBYTETag (Ordinal: 239, Address: 0x22840)
SdbWriteBinaryTag (Ordinal: 240, Address: 0x22890)
SdbWriteBinaryTagFromFile (Ordinal: 241, Address: 0x228d0)
SdbWriteDWORDTag (Ordinal: 242, Address: 0x22ab0)
SdbWriteNULLTag (Ordinal: 243, Address: 0x22b00)
SdbWriteQWORDTag (Ordinal: 244, Address: 0x22b50)
SdbWriteStringRefTag (Ordinal: 245, Address: 0x22ba0)
SdbWriteStringTag (Ordinal: 246, Address: 0x22bf0)
SdbWriteStringTagDirect (Ordinal: 247, Address: 0x22c60)
SdbWriteWORDTag (Ordinal: 248, Address: 0x22cc0)
SetPermLayerState (Ordinal: 249, Address: 0x20060)
SetPermLayerStateEx (Ordinal: 250, Address: 0x20090)
SetPermLayers (Ordinal: 251, Address: 0x200e0)
ShimDbgPrint (Ordinal: 252, Address: 0x20d90)
ShimDumpCache (Ordinal: 253, Address: 0x201b0)
ShimFlushCache (Ordinal: 254, Address: 0x37fb0)

Imported DLLs & Functions

api-ms-win-core-appcompat-l1-1-0.dll

BaseFlushAppcompatCache (Address: 0x180054118)
BaseIsAppcompatInfrastructureDisabled (Address: 0x180054110)

api-ms-win-core-appcompat-l1-1-1.dll

BaseFreeAppCompatDataForProcess (Address: 0x180054128)
BaseReadAppCompatDataForProcess (Address: 0x180054130)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x180054140)
OutputDebugStringA (Address: 0x180054148)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x180054160)
SetLastError (Address: 0x180054158)
SetUnhandledExceptionFilter (Address: 0x180054170)
UnhandledExceptionFilter (Address: 0x180054168)

api-ms-win-core-file-l1-1-0.dll

CreateFileW (Address: 0x1800541b8)
DeleteFileW (Address: 0x180054198)
FindClose (Address: 0x1800541c0)
FindFirstFileW (Address: 0x180054180)
FindNextFileW (Address: 0x1800541c8)
GetDriveTypeW (Address: 0x1800541d0)
GetFileAttributesW (Address: 0x1800541a8)
GetFinalPathNameByHandleW (Address: 0x180054188)
GetLongPathNameW (Address: 0x1800541b0)
SetFilePointer (Address: 0x180054190)
WriteFile (Address: 0x1800541a0)

api-ms-win-core-file-l1-2-0.dll

GetTempPathW (Address: 0x1800541e0)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x1800541f0)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x180054200)
HeapAlloc (Address: 0x180054210)
HeapFree (Address: 0x180054208)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x180054220)
FreeLibrary (Address: 0x180054240)
GetModuleFileNameW (Address: 0x180054228)
GetModuleHandleExW (Address: 0x180054260)
GetModuleHandleW (Address: 0x180054248)
GetProcAddress (Address: 0x180054250)
LoadLibraryExW (Address: 0x180054238)
LoadResource (Address: 0x180054258)
LockResource (Address: 0x180054268)
SizeofResource (Address: 0x180054230)

api-ms-win-core-libraryloader-l1-2-1.dll

FindResourceW (Address: 0x180054278)

api-ms-win-core-localization-l1-2-0.dll

IsDBCSLeadByte (Address: 0x180054290)
VerLanguageNameW (Address: 0x180054288)

api-ms-win-core-localization-obsolete-l1-2-0.dll

GetUserDefaultUILanguage (Address: 0x1800542a0)

api-ms-win-core-processenvironment-l1-1-0.dll

ExpandEnvironmentStringsW (Address: 0x1800542b8)
FreeEnvironmentStringsW (Address: 0x1800542c0)
GetCurrentDirectoryW (Address: 0x1800542c8)
GetEnvironmentStringsW (Address: 0x1800542b0)

api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessW (Address: 0x180054308)
GetCurrentProcess (Address: 0x1800542f0)
GetCurrentProcessId (Address: 0x1800542e0)
GetCurrentThreadId (Address: 0x180054300)
GetProcessTimes (Address: 0x1800542e8)
ProcessIdToSessionId (Address: 0x1800542d8)
TerminateProcess (Address: 0x1800542f8)

api-ms-win-core-processthreads-l1-1-1.dll

OpenProcess (Address: 0x180054318)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x180054328)

api-ms-win-core-synch-l1-1-0.dll

DeleteCriticalSection (Address: 0x180054350)
EnterCriticalSection (Address: 0x180054338)
InitializeCriticalSection (Address: 0x180054340)
LeaveCriticalSection (Address: 0x180054360)
OpenMutexW (Address: 0x180054348)
WaitForSingleObject (Address: 0x180054358)

api-ms-win-core-synch-l1-2-0.dll

Sleep (Address: 0x180054370)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemDirectoryW (Address: 0x180054388)
GetSystemTimeAsFileTime (Address: 0x180054398)
GetSystemWindowsDirectoryW (Address: 0x1800543a0)
GetTickCount (Address: 0x180054390)
GetTickCount64 (Address: 0x180054380)

api-ms-win-eventing-provider-l1-1-0.dll

EventRegister (Address: 0x1800543c8)
EventSetInformation (Address: 0x1800543b8)
EventUnregister (Address: 0x1800543c0)
EventWriteTransfer (Address: 0x1800543b0)

KERNEL32.dll

CancelIo (Address: 0x1800540e8)
GetOverlappedResult (Address: 0x1800540e0)
GetPackageFullName (Address: 0x180054100)
PackageIdFromFullName (Address: 0x1800540f0)
SetNamedPipeHandleState (Address: 0x1800540f8)
WaitNamedPipeW (Address: 0x1800540d8)

ntdll.dll

__C_specific_handler (Address: 0x180054740)
_stricmp (Address: 0x180054428)
_vscwprintf (Address: 0x180054708)
_vsnprintf (Address: 0x180054430)
_vsnwprintf (Address: 0x180054800)
_wcsicmp (Address: 0x180054828)
_wcslwr (Address: 0x1800544b8)
_wcsnicmp (Address: 0x180054808)
_wtoi (Address: 0x180054678)
EtwEventEnabled (Address: 0x180054818)
EtwEventRegister (Address: 0x180054820)
EtwEventUnregister (Address: 0x180054810)
EtwEventWrite (Address: 0x1800547f8)
EtwEventWriteNoRegistration (Address: 0x180054480)
LdrEnumerateLoadedModules (Address: 0x180054568)
LdrFindEntryForAddress (Address: 0x180054408)
LdrGetDllHandle (Address: 0x180054838)
LdrGetProcedureAddress (Address: 0x180054518)
LdrGetProcedureAddressEx (Address: 0x180054500)
LdrInitShimEngineDynamic (Address: 0x180054468)
LdrLoadDll (Address: 0x1800544e8)
LdrResSearchResource (Address: 0x180054638)
memcmp (Address: 0x180054898)
memcpy (Address: 0x1800548a0)
memmove (Address: 0x1800547d0)
memset (Address: 0x1800548a8)
NtApphelpCacheControl (Address: 0x1800547b8)
NtClose (Address: 0x180054840)
NtCreateFile (Address: 0x180054790)
NtCreateKey (Address: 0x1800546a0)
NtDeleteKey (Address: 0x180054690)
NtDeleteValueKey (Address: 0x1800546d8)
NtOpenFile (Address: 0x180054530)
NtOpenKey (Address: 0x180054858)
NtProtectVirtualMemory (Address: 0x180054558)
NtQueryAttributesFile (Address: 0x180054488)
NtQueryInformationFile (Address: 0x1800546f8)
NtQueryObject (Address: 0x180054490)
NtQuerySecurityObject (Address: 0x180054538)
NtQueryValueKey (Address: 0x180054850)
NtReadFile (Address: 0x180054760)
NtSetInformationKey (Address: 0x180054698)
NtSetValueKey (Address: 0x1800546e0)
NtWriteFile (Address: 0x180054750)
qsort (Address: 0x180054748)
RtlAcquireSRWLockExclusive (Address: 0x180054570)
RtlAcquireSRWLockShared (Address: 0x180054580)
RtlAddVectoredExceptionHandler (Address: 0x180054498)
RtlAllocateAndInitializeSid (Address: 0x1800544d0)
RtlAllocateHeap (Address: 0x180054880)
RtlAnsiStringToUnicodeString (Address: 0x180054460)
RtlAppendUnicodeStringToString (Address: 0x1800546a8)
RtlAppendUnicodeToString (Address: 0x1800544a8)
RtlCaptureContext (Address: 0x1800547e8)
RtlCaptureStackBackTrace (Address: 0x180054450)
RtlCheckTokenMembership (Address: 0x1800544d8)
RtlCompareMemory (Address: 0x180054550)
RtlCopyUnicodeString (Address: 0x180054878)
RtlCreateEnvironmentEx (Address: 0x180054788)
RtlCreateServiceSid (Address: 0x180054528)
RtlCreateUnicodeString (Address: 0x1800546f0)
RtlDeleteCriticalSection (Address: 0x180054418)
RtlDestroyEnvironment (Address: 0x180054768)
RtlDoesFileExists_U (Address: 0x1800546e8)
RtlDosPathNameToNtPathName_U (Address: 0x1800546c0)
RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x180054798)
RtlDuplicateUnicodeString (Address: 0x180054870)
RtlEnterCriticalSection (Address: 0x180054448)
RtlEqualSid (Address: 0x180054548)
RtlEqualString (Address: 0x180054640)
RtlExpandEnvironmentStrings_U (Address: 0x180054848)
RtlFormatCurrentUserKeyPath (Address: 0x180054888)
RtlFreeAnsiString (Address: 0x1800543f8)
RtlFreeHeap (Address: 0x180054860)
RtlFreeSid (Address: 0x1800544e0)
RtlFreeUnicodeString (Address: 0x180054868)
RtlGetFileMUIPath (Address: 0x180054700)
RtlGetFullPathName_UEx (Address: 0x1800547a0)
RtlGetNativeSystemInformation (Address: 0x1800545d8)
RtlGetNtSystemRoot (Address: 0x180054478)
RtlGetOwnerSecurityDescriptor (Address: 0x180054540)
RtlGetVersion (Address: 0x1800546d0)
RtlGUIDFromString (Address: 0x180054598)
RtlImageDirectoryEntryToData (Address: 0x180054510)
RtlInitAnsiString (Address: 0x1800544c8)
RtlInitAnsiStringEx (Address: 0x180054458)
RtlInitializeCriticalSection (Address: 0x180054410)
RtlInitializeSRWLock (Address: 0x180054560)
RtlInitString (Address: 0x180054508)
RtlInitUnicodeString (Address: 0x1800547a8)
RtlInitUnicodeStringEx (Address: 0x180054890)
RtlLeaveCriticalSection (Address: 0x180054440)
RtlLengthRequiredSid (Address: 0x180054520)
RtlLookupFunctionEntry (Address: 0x1800547e0)
RtlMultiByteToUnicodeN (Address: 0x180054648)
RtlNtPathNameToDosPathName (Address: 0x1800543d8)
RtlNtStatusToDosError (Address: 0x1800544c0)
RtlpEnsureBufferSize (Address: 0x1800547c8)
RtlQueryEnvironmentVariable_U (Address: 0x1800543e0)
RtlReAllocateHeap (Address: 0x180054770)
RtlReleaseSRWLockExclusive (Address: 0x180054578)
RtlReleaseSRWLockShared (Address: 0x180054588)
RtlRunOnceExecuteOnce (Address: 0x1800546b8)
RtlSecondsSince1970ToTime (Address: 0x180054688)
RtlSetEnvironmentVar (Address: 0x180054780)
RtlSetEnvironmentVariable (Address: 0x1800543e8)
RtlSizeHeap (Address: 0x180054778)
RtlStringFromGUID (Address: 0x1800547c0)
RtlTimeToTimeFields (Address: 0x180054680)
RtlTryEnterCriticalSection (Address: 0x180054438)
RtlUnicodeStringToAnsiString (Address: 0x1800543f0)
RtlUnicodeStringToInteger (Address: 0x180054660)
RtlUpcaseUnicodeChar (Address: 0x1800545b0)
RtlUpcaseUnicodeString (Address: 0x1800546b0)
RtlVerifyVersionInfo (Address: 0x1800545e0)
RtlVirtualUnwind (Address: 0x1800547d8)
RtlWow64GetProcessMachines (Address: 0x180054400)
RtlxAnsiStringToUnicodeSize (Address: 0x1800545c0)
sprintf_s (Address: 0x1800544f0)
sscanf_s (Address: 0x1800544f8)
strchr (Address: 0x180054650)
strcpy_s (Address: 0x1800544a0)
strncmp (Address: 0x180054608)
strrchr (Address: 0x180054420)
swprintf_s (Address: 0x1800547b0)
toupper (Address: 0x1800545a0)
VerSetConditionMask (Address: 0x180054620)
wcscat_s (Address: 0x180054710)
wcschr (Address: 0x180054730)
wcscpy_s (Address: 0x180054718)
wcsncmp (Address: 0x180054470)
wcsrchr (Address: 0x1800547f0)
wcsspn (Address: 0x180054738)
wcsstr (Address: 0x180054830)
ZwClose (Address: 0x180054720)
ZwCreateFile (Address: 0x1800545a8)
ZwCreateKey (Address: 0x1800545d0)
ZwCreateSection (Address: 0x1800545b8)
ZwEnumerateKey (Address: 0x180054610)
ZwEnumerateValueKey (Address: 0x180054668)
ZwMapViewOfSection (Address: 0x180054600)
ZwOpenFile (Address: 0x180054628)
ZwOpenKey (Address: 0x1800544b0)
ZwOpenProcessToken (Address: 0x180054618)
ZwQueryDirectoryFile (Address: 0x1800545e8)
ZwQueryInformationFile (Address: 0x180054630)
ZwQueryInformationProcess (Address: 0x1800545c8)
ZwQueryInformationToken (Address: 0x1800545f8)
ZwQueryKey (Address: 0x180054670)
ZwQuerySystemInformation (Address: 0x1800546c8)
ZwQuerySystemTime (Address: 0x180054758)
ZwQueryValueKey (Address: 0x180054728)
ZwSetInformationProcess (Address: 0x1800545f0)
ZwSetValueKey (Address: 0x180054658)
ZwUnmapViewOfSection (Address: 0x180054590)