LxssManager.dll
Description: LXSS management service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6456
Architecture: 64-bit
Operating System: Windows NT
SHA256: f3e94cc1b3ed80edc7f25d0a3dc00e35
File Size: 938.0 KB
Uploaded At: Dec. 1, 2025, 7:50 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0xb8c0)
- DllCanUnloadNow (Ordinal: 2, Address: 0x8d60)
- DllGetClassObject (Ordinal: 3, Address: 0x8cf0)
- InprocRegister (Ordinal: 4, Address: 0x8dc0)
- InprocUnregister (Ordinal: 5, Address: 0x9040)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1800afba8)
api-ms-win-core-com-l1-1-0.dll
- CLSIDFromString (Address: 0x1800afbb8)
- CoAddRefServerProcess (Address: 0x1800afbd8)
- CoCreateGuid (Address: 0x1800afc18)
- CoCreateInstance (Address: 0x1800afc28)
- CoDecrementMTAUsage (Address: 0x1800afbd0)
- CoDisconnectContext (Address: 0x1800afc00)
- CoGetCallContext (Address: 0x1800afbc0)
- CoGetObjectContext (Address: 0x1800afbf0)
- CoInitializeSecurity (Address: 0x1800afc20)
- CoRegisterClassObject (Address: 0x1800afbe8)
- CoReleaseServerProcess (Address: 0x1800afbe0)
- CoResumeClassObjects (Address: 0x1800afc08)
- CoRevokeClassObject (Address: 0x1800afbf8)
- CoTaskMemAlloc (Address: 0x1800afbc8)
- CoTaskMemFree (Address: 0x1800afc10)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800afc38)
- IsDebuggerPresent (Address: 0x1800afc48)
- OutputDebugStringW (Address: 0x1800afc40)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1800afc70)
- RaiseException (Address: 0x1800afc58)
- SetLastError (Address: 0x1800afc78)
- SetUnhandledExceptionFilter (Address: 0x1800afc68)
- UnhandledExceptionFilter (Address: 0x1800afc60)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x1800afca8)
- CreateFileW (Address: 0x1800afc98)
- DeleteFileW (Address: 0x1800afcb0)
- FindClose (Address: 0x1800afcd8)
- FindFirstFileW (Address: 0x1800afcd0)
- FindNextFileW (Address: 0x1800afcc0)
- GetFileAttributesW (Address: 0x1800afc88)
- GetFullPathNameW (Address: 0x1800afcc8)
- ReadFile (Address: 0x1800afca0)
- RemoveDirectoryW (Address: 0x1800afcb8)
- WriteFile (Address: 0x1800afc90)
api-ms-win-core-file-l2-1-0.dll
- GetFileInformationByHandleEx (Address: 0x1800afce8)
api-ms-win-core-file-l2-1-2.dll
- CopyFileW (Address: 0x1800afcf8)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800afd10)
- DuplicateHandle (Address: 0x1800afd08)
- SetHandleInformation (Address: 0x1800afd18)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800afd38)
- HeapAlloc (Address: 0x1800afd30)
- HeapFree (Address: 0x1800afd28)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1800afd50)
- LocalFree (Address: 0x1800afd48)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1800afd60)
api-ms-win-core-io-l1-1-0.dll
- CancelIoEx (Address: 0x1800afd78)
- GetOverlappedResult (Address: 0x1800afd70)
api-ms-win-core-job-l2-1-0.dll
- CreateJobObjectW (Address: 0x1800afd88)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800afdc8)
- FreeLibrary (Address: 0x1800afdc0)
- GetModuleFileNameA (Address: 0x1800afd98)
- GetModuleHandleExW (Address: 0x1800afdb8)
- GetModuleHandleW (Address: 0x1800afda8)
- GetProcAddress (Address: 0x1800afda0)
- LoadLibraryExA (Address: 0x1800afdd0)
- LoadLibraryExW (Address: 0x1800afdb0)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800afde0)
- LCMapStringEx (Address: 0x1800afde8)
api-ms-win-core-localization-l1-2-3.dll
- GetUserDefaultGeoName (Address: 0x1800afdf8)
api-ms-win-core-memory-l1-1-0.dll
- VirtualProtect (Address: 0x1800afe08)
- VirtualQuery (Address: 0x1800afe10)
api-ms-win-core-namedpipe-l1-1-0.dll
- CreatePipe (Address: 0x1800afe20)
api-ms-win-core-path-l1-1-0.dll
- PathAllocCombine (Address: 0x1800afe30)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1800afe40)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x1800afe50)
- DeleteProcThreadAttributeList (Address: 0x1800afe70)
- GetCurrentProcess (Address: 0x1800afe88)
- GetCurrentProcessId (Address: 0x1800afe90)
- GetCurrentThread (Address: 0x1800afe98)
- GetCurrentThreadId (Address: 0x1800afe68)
- GetProcessId (Address: 0x1800afe80)
- InitializeProcThreadAttributeList (Address: 0x1800afe78)
- OpenThreadToken (Address: 0x1800afea0)
- SetThreadToken (Address: 0x1800afe60)
- TerminateProcess (Address: 0x1800afea8)
- UpdateProcThreadAttribute (Address: 0x1800afe58)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1800afec0)
- OpenProcess (Address: 0x1800afeb8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800afed0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800afef8)
- RegCreateKeyExW (Address: 0x1800aff20)
- RegDeleteKeyExW (Address: 0x1800aff28)
- RegDeleteValueW (Address: 0x1800aff00)
- RegEnumKeyExW (Address: 0x1800aff10)
- RegGetValueW (Address: 0x1800afee8)
- RegNotifyChangeKeyValue (Address: 0x1800afee0)
- RegOpenCurrentUser (Address: 0x1800aff18)
- RegOpenKeyExW (Address: 0x1800afef0)
- RegQueryValueExW (Address: 0x1800aff08)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x1800aff40)
- RegSetKeyValueW (Address: 0x1800aff38)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800aff60)
- RtlLookupFunctionEntry (Address: 0x1800aff58)
- RtlPcToFileHeader (Address: 0x1800aff68)
- RtlVirtualUnwind (Address: 0x1800aff50)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathFileExistsW (Address: 0x1800aff80)
- PathFindExtensionW (Address: 0x1800aff78)
api-ms-win-core-string-l1-1-0.dll
- CompareStringEx (Address: 0x1800affa0)
- GetStringTypeW (Address: 0x1800aff98)
- MultiByteToWideChar (Address: 0x1800aff90)
- WideCharToMultiByte (Address: 0x1800affa8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800afff8)
- AcquireSRWLockShared (Address: 0x1800b0008)
- CreateEventExW (Address: 0x1800b0018)
- CreateEventW (Address: 0x1800b0028)
- CreateMutexExW (Address: 0x1800affd8)
- CreateSemaphoreExW (Address: 0x1800b0050)
- DeleteCriticalSection (Address: 0x1800b0010)
- EnterCriticalSection (Address: 0x1800b0048)
- InitializeCriticalSectionAndSpinCount (Address: 0x1800affe0)
- InitializeCriticalSectionEx (Address: 0x1800afff0)
- InitializeSRWLock (Address: 0x1800b0038)
- LeaveCriticalSection (Address: 0x1800b0000)
- OpenSemaphoreW (Address: 0x1800b0058)
- ReleaseMutex (Address: 0x1800affc8)
- ReleaseSemaphore (Address: 0x1800b0020)
- ReleaseSRWLockExclusive (Address: 0x1800affc0)
- ReleaseSRWLockShared (Address: 0x1800affd0)
- ResetEvent (Address: 0x1800b0060)
- SetEvent (Address: 0x1800b0030)
- TryAcquireSRWLockExclusive (Address: 0x1800b0040)
- WaitForSingleObject (Address: 0x1800affe8)
- WaitForSingleObjectEx (Address: 0x1800affb8)
api-ms-win-core-synch-l1-2-0.dll
- InitializeConditionVariable (Address: 0x1800b0080)
- InitOnceExecuteOnce (Address: 0x1800b0078)
- Sleep (Address: 0x1800b0070)
- SleepConditionVariableSRW (Address: 0x1800b0090)
- WakeAllConditionVariable (Address: 0x1800b0098)
- WakeConditionVariable (Address: 0x1800b0088)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x1800b00a8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1800b00c0)
- GetSystemDirectoryW (Address: 0x1800b00b8)
- GetSystemInfo (Address: 0x1800b00c8)
- GetSystemTimeAsFileTime (Address: 0x1800b00d0)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800b0128)
- CloseThreadpoolWait (Address: 0x1800b0100)
- CloseThreadpoolWork (Address: 0x1800b0130)
- CreateThreadpoolTimer (Address: 0x1800b0120)
- CreateThreadpoolWait (Address: 0x1800b00e8)
- CreateThreadpoolWork (Address: 0x1800b00f0)
- FreeLibraryWhenCallbackReturns (Address: 0x1800b0118)
- SetThreadpoolTimer (Address: 0x1800b0138)
- SetThreadpoolWait (Address: 0x1800b00e0)
- SubmitThreadpoolWork (Address: 0x1800b00f8)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800b0110)
- WaitForThreadpoolWaitCallbacks (Address: 0x1800b0108)
api-ms-win-core-timezone-l1-1-0.dll
- GetDynamicTimeZoneInformation (Address: 0x1800b0148)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1800b0158)
- EncodePointer (Address: 0x1800b0160)
api-ms-win-core-winrt-error-l1-1-0.dll
- RoOriginateError (Address: 0x1800b0170)
- RoOriginateErrorW (Address: 0x1800b0178)
api-ms-win-core-winrt-l1-1-0.dll
- RoInitialize (Address: 0x1800b0190)
- RoRegisterActivationFactories (Address: 0x1800b0188)
- RoRevokeActivationFactories (Address: 0x1800b0198)
- RoUninitialize (Address: 0x1800b01a0)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x1800b01c0)
- WindowsDeleteString (Address: 0x1800b01b0)
- WindowsGetStringRawBuffer (Address: 0x1800b01c8)
- WindowsIsStringEmpty (Address: 0x1800b01d0)
- WindowsStringHasEmbeddedNull (Address: 0x1800b01b8)
api-ms-win-crt-locale-l1-1-0.dll
- _lock_locales (Address: 0x1800b01e0)
- _unlock_locales (Address: 0x1800b01e8)
api-ms-win-crt-private-l1-1-0.dll
- __AdjustPointer (Address: 0x1800b03b0)
- __C_specific_handler (Address: 0x1800b0398)
- __current_exception (Address: 0x1800b03a8)
- __CxxFrameHandler3 (Address: 0x1800b03a0)
- __CxxFrameHandler4 (Address: 0x1800b04d0)
- __processing_throw (Address: 0x1800b03b8)
- __std_terminate (Address: 0x1800b04c8)
- __std_type_info_compare (Address: 0x1800b0388)
- __uncaught_exception (Address: 0x1800b03c0)
- _CxxThrowException (Address: 0x1800b03c8)
- _o____lc_codepage_func (Address: 0x1800b04c0)
- _o____lc_collate_cp_func (Address: 0x1800b04b8)
- _o____lc_locale_name_func (Address: 0x1800b04b0)
- _o____mb_cur_max_func (Address: 0x1800b04a8)
- _o___acrt_iob_func (Address: 0x1800b04a0)
- _o___pctype_func (Address: 0x1800b0498)
- _o___std_exception_copy (Address: 0x1800b0490)
- _o___std_exception_destroy (Address: 0x1800b0488)
- _o___std_type_info_destroy_list (Address: 0x1800b0480)
- _o___stdio_common_vfprintf (Address: 0x1800b0478)
- _o___stdio_common_vsnprintf_s (Address: 0x1800b0468)
- _o___stdio_common_vsprintf_s (Address: 0x1800b0460)
- _o___stdio_common_vswprintf (Address: 0x1800b0458)
- _o___stdio_common_vswprintf_s (Address: 0x1800b0450)
- _o__beginthreadex (Address: 0x1800b0448)
- _o__callnewh (Address: 0x1800b0440)
- _o__calloc_base (Address: 0x1800b0438)
- _o__cexit (Address: 0x1800b0430)
- _o__configure_narrow_argv (Address: 0x1800b0428)
- _o__crt_atexit (Address: 0x1800b0420)
- _o__errno (Address: 0x1800b0418)
- _o__execute_onexit_table (Address: 0x1800b0410)
- _o__fdopen (Address: 0x1800b0408)
- _o__fileno (Address: 0x1800b0400)
- _o__free_base (Address: 0x1800b03d8)
- _o__fseeki64 (Address: 0x1800b03d0)
- _o__get_stream_buffer_pointers (Address: 0x1800b0470)
- _o__initialize_narrow_environment (Address: 0x1800b03f8)
- _o__initialize_onexit_table (Address: 0x1800b03f0)
- _o__invalid_parameter_noinfo (Address: 0x1800b03e8)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1800b03e0)
- _o__lock_file (Address: 0x1800b01f8)
- _o__malloc_base (Address: 0x1800b0200)
- _o__purecall (Address: 0x1800b0208)
- _o__register_onexit_function (Address: 0x1800b0210)
- _o__seh_filter_dll (Address: 0x1800b0218)
- _o__strdup (Address: 0x1800b0220)
- _o__stricmp (Address: 0x1800b0228)
- _o__ui64tow_s (Address: 0x1800b0230)
- _o__unlock_file (Address: 0x1800b0238)
- _o__wcsdup (Address: 0x1800b0240)
- _o__wcsicmp (Address: 0x1800b0248)
- _o__wfopen (Address: 0x1800b0250)
- _o__wfsopen (Address: 0x1800b0258)
- _o_abort (Address: 0x1800b0268)
- _o_calloc (Address: 0x1800b0270)
- _o_fclose (Address: 0x1800b0278)
- _o_feof (Address: 0x1800b0280)
- _o_ferror (Address: 0x1800b0288)
- _o_fflush (Address: 0x1800b0290)
- _o_fgetc (Address: 0x1800b0298)
- _o_fgetpos (Address: 0x1800b02a0)
- _o_fopen (Address: 0x1800b02a8)
- _o_fputc (Address: 0x1800b02b0)
- _o_fread (Address: 0x1800b02b8)
- _o_free (Address: 0x1800b02c0)
- _o_frexp (Address: 0x1800b02c8)
- _o_fsetpos (Address: 0x1800b02d0)
- _o_ftell (Address: 0x1800b02d8)
- _o_fwrite (Address: 0x1800b02e0)
- _o_isalnum (Address: 0x1800b02e8)
- _o_isalpha (Address: 0x1800b02f0)
- _o_islower (Address: 0x1800b02f8)
- _o_isupper (Address: 0x1800b0300)
- _o_iswxdigit (Address: 0x1800b0308)
- _o_localeconv (Address: 0x1800b0310)
- _o_malloc (Address: 0x1800b0318)
- _o_realloc (Address: 0x1800b0320)
- _o_setlocale (Address: 0x1800b0328)
- _o_setvbuf (Address: 0x1800b0330)
- _o_strcpy_s (Address: 0x1800b0338)
- _o_strtok_s (Address: 0x1800b0340)
- _o_strtol (Address: 0x1800b0348)
- _o_strtoull (Address: 0x1800b0350)
- _o_terminate (Address: 0x1800b0358)
- _o_towupper (Address: 0x1800b0360)
- _o_ungetc (Address: 0x1800b0368)
- _o_wcscpy_s (Address: 0x1800b0370)
- _o_wcstod (Address: 0x1800b0378)
- _o_wcstoull (Address: 0x1800b0380)
- memchr (Address: 0x1800b04d8)
- memcmp (Address: 0x1800b04e0)
- memcpy (Address: 0x1800b04e8)
- memmove (Address: 0x1800b0260)
- strchr (Address: 0x1800b0390)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1800b0500)
- _initterm_e (Address: 0x1800b04f8)
api-ms-win-crt-string-l1-1-0.dll
- __strncnt (Address: 0x1800b0528)
- memset (Address: 0x1800b0520)
- strcspn (Address: 0x1800b0510)
- wcsncmp (Address: 0x1800b0518)
- wcsnlen (Address: 0x1800b0530)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x1800b0548)
- EventSetInformation (Address: 0x1800b0540)
- EventUnregister (Address: 0x1800b0550)
- EventWriteTransfer (Address: 0x1800b0558)
api-ms-win-security-base-l1-1-0.dll
- CreateRestrictedToken (Address: 0x1800b0580)
- DuplicateTokenEx (Address: 0x1800b0588)
- GetLengthSid (Address: 0x1800b0570)
- GetSidSubAuthority (Address: 0x1800b0598)
- GetSidSubAuthorityCount (Address: 0x1800b0590)
- GetTokenInformation (Address: 0x1800b05a8)
- InitializeSecurityDescriptor (Address: 0x1800b0568)
- MakeAbsoluteSD (Address: 0x1800b05a0)
- SetSecurityDescriptorOwner (Address: 0x1800b0578)
- SetTokenInformation (Address: 0x1800b05b0)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800b05c8)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800b05c0)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x1800b05e0)
- SetServiceStatus (Address: 0x1800b05d8)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x1800b0600)
- OpenSCManagerW (Address: 0x1800b05f0)
- OpenServiceW (Address: 0x1800b05f8)
- StartServiceW (Address: 0x1800b0608)
api-ms-win-shell-shellfolders-l1-1-0.dll
- SHGetKnownFolderPath (Address: 0x1800b0618)
bcrypt.dll
- BCryptGenRandom (Address: 0x1800b0628)
combase.dll
- (Address: 0x1800b0638)
- (Address: 0x1800b0640)
- (Address: 0x1800b0648)
- (Address: 0x1800b0650)
DEVOBJ.dll
- DevObjChangeState (Address: 0x1800afa40)
- DevObjCreateDeviceInfo (Address: 0x1800afa68)
- DevObjCreateDeviceInfoList (Address: 0x1800afa88)
- DevObjCreateDevRegKey (Address: 0x1800afa48)
- DevObjDeleteDevRegKey (Address: 0x1800afa70)
- DevObjDestroyDeviceInfoList (Address: 0x1800afa28)
- DevObjEnumDeviceInfo (Address: 0x1800afa30)
- DevObjGetClassDevs (Address: 0x1800afa38)
- DevObjGetDeviceInstanceId (Address: 0x1800afa50)
- DevObjOpenDeviceInfo (Address: 0x1800afa20)
- DevObjOpenDevRegKey (Address: 0x1800afa80)
- DevObjRegisterDeviceInfo (Address: 0x1800afa58)
- DevObjSetDeviceRegistryProperty (Address: 0x1800afa60)
- DevObjUninstallDevice (Address: 0x1800afa78)
IPHLPAPI.DLL
- CreateUnicastIpAddressEntry (Address: 0x1800afa98)
- DeleteUnicastIpAddressEntry (Address: 0x1800afaa0)
- FreeMibTable (Address: 0x1800afac8)
- GetAdaptersAddresses (Address: 0x1800afab8)
- GetBestInterfaceEx (Address: 0x1800afac0)
- GetCurrentThreadCompartmentScope (Address: 0x1800afad0)
- GetUnicastIpAddressTable (Address: 0x1800afaa8)
- SetCurrentThreadCompartmentScope (Address: 0x1800afab0)
KERNELBASE.dll
- GetPackageFamilyName (Address: 0x1800afae0)
mi.dll
- MI_Application_InitializeV1 (Address: 0x1800b0660)
MSWSOCK.dll
- AcceptEx (Address: 0x1800afaf0)
ntdll.dll
- NtAdjustPrivilegesToken (Address: 0x1800b06c0)
- NtCancelIoFileEx (Address: 0x1800b06c8)
- NtClose (Address: 0x1800b0788)
- NtCreateFile (Address: 0x1800b0770)
- NtDeviceIoControlFile (Address: 0x1800b07e0)
- NtLoadDriver (Address: 0x1800b06f8)
- NtOpenFile (Address: 0x1800b0750)
- NtQueryEaFile (Address: 0x1800b0778)
- NtQueryInformationFile (Address: 0x1800b06f0)
- NtQueryInformationProcess (Address: 0x1800b0758)
- NtQueryInformationThread (Address: 0x1800b06d8)
- NtQuerySystemInformation (Address: 0x1800b0738)
- NtQueryVolumeInformationFile (Address: 0x1800b07e8)
- NtQueryWnfStateData (Address: 0x1800b0688)
- NtReadFile (Address: 0x1800b0798)
- NtSetEaFile (Address: 0x1800b06e8)
- NtSetInformationFile (Address: 0x1800b0720)
- NtSetInformationJobObject (Address: 0x1800b0698)
- NtSetInformationThread (Address: 0x1800b06e0)
- NtWaitForSingleObject (Address: 0x1800b0780)
- NtWriteFile (Address: 0x1800b0790)
- RtlAcquirePrivilege (Address: 0x1800b06b0)
- RtlAllocateHeap (Address: 0x1800b07a0)
- RtlCheckTokenMembership (Address: 0x1800b06a8)
- RtlClearBit (Address: 0x1800b0740)
- RtlCompareUnicodeString (Address: 0x1800b0678)
- RtlCopySid (Address: 0x1800b06a0)
- RtlDosLongPathNameToNtPathName_U_WithStatus (Address: 0x1800b0768)
- RtlEqualSid (Address: 0x1800b0708)
- RtlFindClearBitsAndSet (Address: 0x1800b0748)
- RtlFreeHeap (Address: 0x1800b07a8)
- RtlFreeUnicodeString (Address: 0x1800b07f0)
- RtlGUIDFromString (Address: 0x1800b0728)
- RtlInitAnsiStringEx (Address: 0x1800b06d0)
- RtlInitializeBitMap (Address: 0x1800b0730)
- RtlInitializeSidEx (Address: 0x1800b0718)
- RtlInitUnicodeString (Address: 0x1800b0710)
- RtlInitUnicodeStringEx (Address: 0x1800b0670)
- RtlQueryWnfStateData (Address: 0x1800b0700)
- RtlReleasePrivilege (Address: 0x1800b06b8)
- RtlRunOnceExecuteOnce (Address: 0x1800b07d8)
- RtlStringFromGUID (Address: 0x1800b0760)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1800b0690)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1800b0680)
- ZwClose (Address: 0x1800b07b0)
- ZwCreateEvent (Address: 0x1800b07c8)
- ZwQueryDirectoryFile (Address: 0x1800b07c0)
- ZwSetEaFile (Address: 0x1800b07d0)
- ZwWaitForSingleObject (Address: 0x1800b07b8)
OLEAUT32.dll
- SysAllocString (Address: 0x1800afb18)
- SysFreeString (Address: 0x1800afb00)
- VariantClear (Address: 0x1800afb10)
- VariantInit (Address: 0x1800afb08)
USERENV.dll
- GetUserProfileDirectoryW (Address: 0x1800afb28)
WS2_32.dll
- bind (Address: 0x1800afb58)
- closesocket (Address: 0x1800afb68)
- connect (Address: 0x1800afb78)
- inet_ntop (Address: 0x1800afb40)
- listen (Address: 0x1800afb48)
- recv (Address: 0x1800afb98)
- send (Address: 0x1800afb80)
- setsockopt (Address: 0x1800afb60)
- shutdown (Address: 0x1800afb38)
- WSAGetLastError (Address: 0x1800afb50)
- WSAGetOverlappedResult (Address: 0x1800afb88)
- WSASocketW (Address: 0x1800afb90)
- WSAStartup (Address: 0x1800afb70)