AppVEntSubsystems64.dll
Description: Client Virtualization Subsystems
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 64-bit
Operating System: Windows NT
SHA256: 8ee567231413ddc6bd0c2fe7123e4275
File Size: 1.9 MB
Uploaded At: Dec. 1, 2025, 7:22 a.m.
Views: 11
Exported Functions
- APIExportForDetours (Ordinal: 1, Address: 0x7fb0)
- RequestUnhookedFunctionList (Ordinal: 2, Address: 0x6bd0)
- VirtualizeCurrentThread (Ordinal: 3, Address: 0x9720)
- CurrentThreadIsVirtualized (Ordinal: 4, Address: 0x9660)
- VirtualizeCurrentProcess (Ordinal: 5, Address: 0x9790)
- IsProcessHooked (Ordinal: 6, Address: 0x9650)
Imported DLLs & Functions
ADVAPI32.dll
- EventRegister (Address: 0x180159b68)
- EventSetInformation (Address: 0x180159b70)
- EventUnregister (Address: 0x180159b80)
- EventWriteTransfer (Address: 0x180159b60)
- RegCloseKey (Address: 0x180159b90)
- RegOpenKeyExW (Address: 0x180159b78)
- RegQueryValueExW (Address: 0x180159b88)
api-ms-win-core-com-l1-1-0.dll
- CLSIDFromString (Address: 0x18015a020)
- CoCreateGuid (Address: 0x180159ff0)
- CoCreateInstance (Address: 0x18015a018)
- CoGetTreatAsClass (Address: 0x18015a010)
- CoInitializeEx (Address: 0x18015a008)
- CoMarshalInterface (Address: 0x18015a040)
- CoTaskMemAlloc (Address: 0x18015a048)
- CoTaskMemFree (Address: 0x18015a000)
- CoUninitialize (Address: 0x180159ff8)
- CoUnmarshalInterface (Address: 0x18015a038)
- CreateStreamOnHGlobal (Address: 0x18015a030)
- PropVariantClear (Address: 0x18015a050)
- StringFromCLSID (Address: 0x18015a028)
- StringFromGUID2 (Address: 0x180159fe8)
api-ms-win-core-console-l3-2-0.dll
- GetConsoleWindow (Address: 0x18015a060)
api-ms-win-core-errorhandling-l1-1-2.dll
- RaiseFailFastException (Address: 0x18015a070)
api-ms-win-core-file-l1-1-0.dll
- FindClose (Address: 0x18015a0a8)
- FindFirstFileW (Address: 0x18015a0c8)
- FindFirstVolumeW (Address: 0x18015a080)
- FindNextFileW (Address: 0x18015a0d0)
- FindNextVolumeW (Address: 0x18015a090)
- FindVolumeClose (Address: 0x18015a088)
- GetFileAttributesW (Address: 0x18015a0b8)
- GetFinalPathNameByHandleW (Address: 0x18015a0c0)
- GetLogicalDriveStringsW (Address: 0x18015a0b0)
- GetShortPathNameW (Address: 0x18015a098)
- GetVolumePathNameW (Address: 0x18015a0a0)
- QueryDosDeviceW (Address: 0x18015a0d8)
api-ms-win-core-file-l1-2-0.dll
- GetVolumePathNamesForVolumeNameW (Address: 0x18015a0e8)
api-ms-win-core-file-l1-2-2.dll
- FindFirstFileNameW (Address: 0x18015a0f8)
- FindNextFileNameW (Address: 0x18015a100)
api-ms-win-core-handle-l1-1-0.dll
- DuplicateHandle (Address: 0x18015a110)
api-ms-win-core-heap-l2-1-0.dll
- LocalFree (Address: 0x18015a120)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x18015a130)
- GetOverlappedResult (Address: 0x18015a138)
api-ms-win-core-libraryloader-l1-2-0.dll
- LoadLibraryExA (Address: 0x18015a148)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryA (Address: 0x18015a158)
api-ms-win-core-localization-l1-2-0.dll
- GetUserDefaultLangID (Address: 0x18015a168)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x18015a198)
- MapViewOfFile (Address: 0x18015a190)
- UnmapViewOfFile (Address: 0x18015a1a0)
- VirtualFree (Address: 0x18015a178)
- VirtualProtect (Address: 0x18015a180)
- VirtualQuery (Address: 0x18015a188)
api-ms-win-core-memory-l1-1-4.dll
- QueryVirtualMemoryInformation (Address: 0x18015a1b0)
api-ms-win-core-namedpipe-l1-1-0.dll
- ConnectNamedPipe (Address: 0x18015a1d8)
- CreateNamedPipeW (Address: 0x18015a1c8)
- DisconnectNamedPipe (Address: 0x18015a1c0)
- PeekNamedPipe (Address: 0x18015a1d0)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18015a200)
- GetCurrentDirectoryW (Address: 0x18015a1f0)
- GetEnvironmentVariableW (Address: 0x18015a208)
- SearchPathW (Address: 0x18015a1f8)
- SetCurrentDirectoryW (Address: 0x18015a1e8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18015a230)
- CreateProcessW (Address: 0x18015a250)
- GetProcessId (Address: 0x18015a220)
- OpenProcessToken (Address: 0x18015a248)
- OpenThreadToken (Address: 0x18015a240)
- ResumeThread (Address: 0x18015a228)
- SetThreadToken (Address: 0x18015a238)
- SuspendThread (Address: 0x18015a218)
api-ms-win-core-processthreads-l1-1-1.dll
- FlushInstructionCache (Address: 0x18015a268)
- GetProcessMitigationPolicy (Address: 0x18015a278)
- GetThreadContext (Address: 0x18015a260)
- SetThreadContext (Address: 0x18015a270)
api-ms-win-core-psapi-l1-1-0.dll
- K32GetMappedFileNameW (Address: 0x18015a288)
api-ms-win-core-registry-l1-1-0.dll
- RegCreateKeyExW (Address: 0x18015a2a8)
- RegEnumKeyExW (Address: 0x18015a2b0)
- RegEnumValueW (Address: 0x18015a2a0)
- RegSetValueExW (Address: 0x18015a298)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x18015a2c0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18015a2d0)
- AcquireSRWLockShared (Address: 0x18015a308)
- CreateMutexExW (Address: 0x18015a2f8)
- CreateSemaphoreExW (Address: 0x18015a310)
- InitializeSRWLock (Address: 0x18015a2f0)
- OpenEventW (Address: 0x18015a2d8)
- OpenSemaphoreW (Address: 0x18015a2e8)
- ReleaseSemaphore (Address: 0x18015a318)
- ReleaseSRWLockExclusive (Address: 0x18015a2e0)
- ReleaseSRWLockShared (Address: 0x18015a300)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18015a328)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x18015a338)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemDirectoryW (Address: 0x18015a358)
- GetVersion (Address: 0x18015a348)
- GetVersionExW (Address: 0x18015a360)
- GetWindowsDirectoryW (Address: 0x18015a350)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x18015a370)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x18015a390)
- CreateThreadpoolTimer (Address: 0x18015a398)
- SetThreadpoolTimer (Address: 0x18015a380)
- WaitForThreadpoolTimerCallbacks (Address: 0x18015a388)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x18015a3a8)
api-ms-win-core-url-l1-1-0.dll
- PathCreateFromUrlW (Address: 0x18015a3c0)
- UrlCreateFromPathW (Address: 0x18015a3b8)
api-ms-win-core-version-l1-1-0.dll
- VerQueryValueW (Address: 0x18015a3d0)
api-ms-win-core-version-l1-1-1.dll
- GetFileVersionInfoSizeW (Address: 0x18015a3e0)
- GetFileVersionInfoW (Address: 0x18015a3e8)
api-ms-win-core-wow64-l1-1-0.dll
- IsWow64Process (Address: 0x18015a3f8)
api-ms-win-security-base-l1-1-0.dll
- AddAce (Address: 0x18015a4a8)
- CopySid (Address: 0x18015a458)
- DuplicateToken (Address: 0x18015a478)
- DuplicateTokenEx (Address: 0x18015a420)
- EqualSid (Address: 0x18015a480)
- GetAclInformation (Address: 0x18015a490)
- GetLengthSid (Address: 0x18015a410)
- GetSecurityDescriptorControl (Address: 0x18015a460)
- GetSecurityDescriptorDacl (Address: 0x18015a430)
- GetSecurityDescriptorGroup (Address: 0x18015a4c8)
- GetSecurityDescriptorLength (Address: 0x18015a4c0)
- GetSecurityDescriptorOwner (Address: 0x18015a418)
- GetSecurityDescriptorSacl (Address: 0x18015a428)
- GetSidLengthRequired (Address: 0x18015a468)
- GetSidSubAuthority (Address: 0x18015a470)
- GetTokenInformation (Address: 0x18015a450)
- InitializeAcl (Address: 0x18015a438)
- InitializeSecurityDescriptor (Address: 0x18015a4b8)
- InitializeSid (Address: 0x18015a448)
- IsValidSid (Address: 0x18015a440)
- MakeAbsoluteSD (Address: 0x18015a4a0)
- MakeSelfRelativeSD (Address: 0x18015a4b0)
- SetSecurityDescriptorDacl (Address: 0x18015a488)
- SetSecurityDescriptorGroup (Address: 0x18015a408)
- SetSecurityDescriptorOwner (Address: 0x18015a498)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupAccountSidW (Address: 0x18015a4d8)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x18015a4e8)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18015a4f0)
api-ms-win-shcore-sysinfo-l1-1-0.dll
- GetCurrentProcessExplicitAppUserModelID (Address: 0x18015a500)
GDI32.dll
- AddFontResourceExW (Address: 0x180159ba8)
- CreateScalableFontResourceW (Address: 0x180159ba0)
KERNEL32.dll
- CheckRemoteDebuggerPresent (Address: 0x180159c68)
- CloseHandle (Address: 0x180159c58)
- CompareStringEx (Address: 0x180159cc8)
- CreateEventW (Address: 0x180159e38)
- CreateFileW (Address: 0x180159e10)
- CreateMutexW (Address: 0x180159c38)
- CreateThread (Address: 0x180159c78)
- DebugBreak (Address: 0x180159c28)
- DecodePointer (Address: 0x180159cb0)
- DeleteCriticalSection (Address: 0x180159c08)
- DisableThreadLibraryCalls (Address: 0x180159c50)
- EncodePointer (Address: 0x180159ca8)
- EnterCriticalSection (Address: 0x180159ea0)
- EnumSystemLocalesW (Address: 0x180159d78)
- ExitProcess (Address: 0x180159d80)
- ExitThread (Address: 0x180159e40)
- FindFirstFileExW (Address: 0x180159e90)
- FlsAlloc (Address: 0x180159e60)
- FlsFree (Address: 0x180159e78)
- FlsGetValue (Address: 0x180159e68)
- FlsSetValue (Address: 0x180159e70)
- FlushFileBuffers (Address: 0x180159dd0)
- FormatMessageW (Address: 0x180159be0)
- FreeEnvironmentStringsW (Address: 0x180159e00)
- FreeLibrary (Address: 0x180159c20)
- FreeLibraryAndExitThread (Address: 0x180159e88)
- GetACP (Address: 0x180159d90)
- GetCommandLineA (Address: 0x180159e98)
- GetCommandLineW (Address: 0x180159ed8)
- GetConsoleMode (Address: 0x180159dc8)
- GetConsoleOutputCP (Address: 0x180159dc0)
- GetCPInfo (Address: 0x180159cc0)
- GetCurrentProcess (Address: 0x180159bb8)
- GetCurrentProcessId (Address: 0x180159e48)
- GetCurrentThread (Address: 0x180159cf8)
- GetCurrentThreadId (Address: 0x180159bd8)
- GetEnvironmentStringsW (Address: 0x180159df8)
- GetFileSizeEx (Address: 0x180159da0)
- GetFileType (Address: 0x180159d08)
- GetLastError (Address: 0x180159be8)
- GetLocaleInfoW (Address: 0x180159d60)
- GetModuleFileNameA (Address: 0x180159d20)
- GetModuleFileNameW (Address: 0x180159c30)
- GetModuleHandleExW (Address: 0x180159bc0)
- GetModuleHandleW (Address: 0x180159c18)
- GetOEMCP (Address: 0x180159d98)
- GetProcAddress (Address: 0x180159c00)
- GetProcessHeap (Address: 0x180159c10)
- GetStartupInfoW (Address: 0x180159d10)
- GetStdHandle (Address: 0x180159d00)
- GetStringTypeW (Address: 0x180159c98)
- GetSystemInfo (Address: 0x180159ec8)
- GetSystemTimeAsFileTime (Address: 0x180159d48)
- GetUserDefaultLCID (Address: 0x180159d70)
- HeapAlloc (Address: 0x180159bf8)
- HeapDestroy (Address: 0x180159ed0)
- HeapFree (Address: 0x180159eb0)
- HeapReAlloc (Address: 0x180159cf0)
- HeapSize (Address: 0x180159df0)
- InitializeCriticalSection (Address: 0x180159bd0)
- InitializeCriticalSectionAndSpinCount (Address: 0x180159eb8)
- InitializeCriticalSectionEx (Address: 0x180159ca0)
- InitializeSListHead (Address: 0x180159e50)
- InitOnceExecuteOnce (Address: 0x180159c88)
- InterlockedFlushSList (Address: 0x180159e58)
- IsDebuggerPresent (Address: 0x180159c60)
- IsProcessorFeaturePresent (Address: 0x180159ce8)
- IsValidCodePage (Address: 0x180159d88)
- IsValidLocale (Address: 0x180159d68)
- K32GetModuleInformation (Address: 0x180159bf0)
- LCMapStringEx (Address: 0x180159cb8)
- LCMapStringW (Address: 0x180159d58)
- LeaveCriticalSection (Address: 0x180159bc8)
- LoadLibraryExW (Address: 0x180159d50)
- LoadLibraryW (Address: 0x180159c70)
- MultiByteToWideChar (Address: 0x180159c80)
- OutputDebugStringW (Address: 0x180159de8)
- QueryPerformanceCounter (Address: 0x180159ec0)
- RaiseException (Address: 0x180159d18)
- ReadConsoleW (Address: 0x180159de0)
- ReadFile (Address: 0x180159dd8)
- ReleaseMutex (Address: 0x180159c48)
- ResetEvent (Address: 0x180159e28)
- SetEnvironmentVariableW (Address: 0x180159e08)
- SetEvent (Address: 0x180159e20)
- SetFilePointerEx (Address: 0x180159da8)
- SetLastError (Address: 0x180159d38)
- SetStdHandle (Address: 0x180159db0)
- SetUnhandledExceptionFilter (Address: 0x180159cd8)
- TerminateProcess (Address: 0x180159ce0)
- TlsAlloc (Address: 0x180159d28)
- TlsFree (Address: 0x180159d40)
- TlsGetValue (Address: 0x180159d30)
- TlsSetValue (Address: 0x180159ea8)
- UnhandledExceptionFilter (Address: 0x180159cd0)
- VirtualAlloc (Address: 0x180159e80)
- WaitForSingleObject (Address: 0x180159c40)
- WaitForSingleObjectEx (Address: 0x180159e30)
- WideCharToMultiByte (Address: 0x180159c90)
- WriteConsoleW (Address: 0x180159e18)
- WriteFile (Address: 0x180159db8)
ntdll.dll
- NtClose (Address: 0x18015a520)
- NtCreateKey (Address: 0x18015a518)
- NtDeleteKey (Address: 0x18015a648)
- NtDeleteValueKey (Address: 0x18015a580)
- NtDuplicateObject (Address: 0x18015a5a8)
- NtEnumerateKey (Address: 0x18015a650)
- NtEnumerateValueKey (Address: 0x18015a658)
- NtFlushKey (Address: 0x18015a670)
- NtNotifyChangeMultipleKeys (Address: 0x18015a668)
- NtOpenKey (Address: 0x18015a660)
- NtQueryInformationProcess (Address: 0x18015a610)
- NtQueryKey (Address: 0x18015a528)
- NtQueryObject (Address: 0x18015a568)
- NtQuerySecurityObject (Address: 0x18015a570)
- NtQueryValueKey (Address: 0x18015a678)
- NtReadFile (Address: 0x18015a540)
- NtRenameKey (Address: 0x18015a530)
- NtSetEvent (Address: 0x18015a558)
- NtSetInformationThread (Address: 0x18015a590)
- NtSetSecurityObject (Address: 0x18015a550)
- NtSetValueKey (Address: 0x18015a560)
- NtWriteFile (Address: 0x18015a538)
- RtlAllocateHeap (Address: 0x18015a600)
- RtlCaptureContext (Address: 0x18015a510)
- RtlCompareUnicodeString (Address: 0x18015a578)
- RtlCopyUnicodeString (Address: 0x18015a5c8)
- RtlDeleteElementGenericTableAvl (Address: 0x18015a5b8)
- RtlEnumerateGenericTableAvl (Address: 0x18015a5d8)
- RtlEnumerateGenericTableWithoutSplayingAvl (Address: 0x18015a5e8)
- RtlEqualUnicodeString (Address: 0x18015a588)
- RtlFreeHeap (Address: 0x18015a608)
- RtlInitAnsiString (Address: 0x18015a548)
- RtlInitializeGenericTableAvl (Address: 0x18015a5b0)
- RtlInitUnicodeString (Address: 0x18015a598)
- RtlInsertElementGenericTableAvl (Address: 0x18015a5d0)
- RtlIntegerToUnicodeString (Address: 0x18015a618)
- RtlIsGenericTableEmptyAvl (Address: 0x18015a5e0)
- RtlIsNameInExpression (Address: 0x18015a5f0)
- RtlLookupElementGenericTableAvl (Address: 0x18015a5c0)
- RtlLookupFunctionEntry (Address: 0x18015a638)
- RtlNtStatusToDosError (Address: 0x18015a640)
- RtlPcToFileHeader (Address: 0x18015a5a0)
- RtlPrefixUnicodeString (Address: 0x18015a5f8)
- RtlUnwind (Address: 0x18015a620)
- RtlUnwindEx (Address: 0x18015a628)
- RtlVirtualUnwind (Address: 0x18015a630)
ole32.dll
- CreateFileMoniker (Address: 0x18015a690)
- GetClassFile (Address: 0x18015a688)
- GetRunningObjectTable (Address: 0x18015a698)
RPCRT4.dll
- NdrClientCall2 (Address: 0x180159ef8)
- NdrServerCall2 (Address: 0x180159f20)
- RpcBindingFree (Address: 0x180159f60)
- RpcBindingFromStringBindingW (Address: 0x180159f00)
- RpcBindingInqAuthClientW (Address: 0x180159f58)
- RpcBindingSetAuthInfoExW (Address: 0x180159f10)
- RpcImpersonateClient (Address: 0x180159f48)
- RpcRevertToSelf (Address: 0x180159f30)
- RpcServerListen (Address: 0x180159f08)
- RpcServerRegisterAuthInfoW (Address: 0x180159ee8)
- RpcServerRegisterIf2 (Address: 0x180159f38)
- RpcServerUnregisterIf (Address: 0x180159f40)
- RpcServerUseProtseqEpW (Address: 0x180159f50)
- RpcStringBindingComposeW (Address: 0x180159ef0)
- RpcStringFreeW (Address: 0x180159f18)
- UuidCreate (Address: 0x180159f28)
SHELL32.dll
- SHCreateItemFromParsingName (Address: 0x180159f78)
- SHGetPathFromIDListW (Address: 0x180159f70)
- SHParseDisplayName (Address: 0x180159f80)
USER32.dll
- CallWindowProcW (Address: 0x180159fc8)
- DispatchMessageW (Address: 0x180159f98)
- FindWindowW (Address: 0x180159fa8)
- GetParent (Address: 0x180159fc0)
- GetWindowLongW (Address: 0x180159fb0)
- IsWindowVisible (Address: 0x180159fb8)
- PeekMessageW (Address: 0x180159fa0)
- WaitForInputIdle (Address: 0x180159f90)
USERENV.dll
- UnloadUserProfile (Address: 0x180159fd8)