sechost.dll
Description: Host for SCM/SDDL/LSA Lookup APIs
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 32-bit
Operating System: Windows NT
SHA256: 306918c2a2bc69bb78174c521aa9cd45
File Size: 473.7 KB
Uploaded At: Dec. 1, 2025, 8:04 a.m.
Views: 13
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: VirtualAllocEx
Exported Functions
- I_ScSetServiceBitsA (Ordinal: 1, Address: 0x4cb60)
- I_ScSetServiceBitsW (Ordinal: 2, Address: 0x26310)
- AuditComputeEffectivePolicyBySid (Ordinal: 3, Address: 0x26470)
- AuditEnumerateCategories (Ordinal: 4, Address: 0x54140)
- AuditEnumeratePerUserPolicy (Ordinal: 5, Address: 0x54240)
- AuditEnumerateSubCategories (Ordinal: 6, Address: 0x542c0)
- AuditFree (Ordinal: 7, Address: 0x26090)
- AuditLookupCategoryNameW (Ordinal: 8, Address: 0x543c0)
- AuditLookupSubCategoryNameW (Ordinal: 9, Address: 0x544d0)
- AuditQueryGlobalSaclW (Ordinal: 10, Address: 0x545e0)
- AuditQueryPerUserPolicy (Ordinal: 11, Address: 0x26540)
- AuditQuerySecurity (Ordinal: 12, Address: 0x54630)
- AuditQuerySystemPolicy (Ordinal: 13, Address: 0x265c0)
- AuditSetGlobalSaclW (Ordinal: 14, Address: 0x546e0)
- AuditSetPerUserPolicy (Ordinal: 15, Address: 0x54730)
- AuditSetSecurity (Ordinal: 16, Address: 0x547c0)
- AuditSetSystemPolicy (Ordinal: 17, Address: 0x548b0)
- BuildSecurityDescriptorForSharingAccess (Ordinal: 18, Address: 0x22670)
- BuildSecurityDescriptorForSharingAccessEx (Ordinal: 19, Address: 0x226a0)
- CapabilityCheck (Ordinal: 20, Address: 0x221a0)
- CapabilityCheckForSingleSessionSku (Ordinal: 21, Address: 0x4c590)
- ChangeServiceConfig2A (Ordinal: 22, Address: 0x4ccb0)
- ChangeServiceConfig2W (Ordinal: 23, Address: 0x26380)
- ChangeServiceConfigA (Ordinal: 24, Address: 0x4cde0)
- ChangeServiceConfigW (Ordinal: 25, Address: 0x158f0)
- CloseServiceHandle (Ordinal: 26, Address: 0x18450)
- CloseTrace (Ordinal: 27, Address: 0x16990)
- ControlService (Ordinal: 28, Address: 0x15ae0)
- ControlServiceExA (Ordinal: 29, Address: 0x4cf90)
- ControlServiceExW (Ordinal: 30, Address: 0x15990)
- ControlTraceA (Ordinal: 31, Address: 0x50710)
- ControlTraceW (Ordinal: 32, Address: 0x18ab0)
- ConvertSDToStringSDRootDomainW (Ordinal: 33, Address: 0x34e90)
- ConvertSecurityDescriptorToStringSecurityDescriptorW (Ordinal: 34, Address: 0x11610)
- ConvertSidToStringSidW (Ordinal: 35, Address: 0x15670)
- ConvertStringSDToSDDomainA (Ordinal: 36, Address: 0x34ef0)
- ConvertStringSDToSDDomainW (Ordinal: 37, Address: 0x34fb0)
- ConvertStringSDToSDRootDomainW (Ordinal: 38, Address: 0x35030)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Ordinal: 39, Address: 0x115b0)
- ConvertStringSidToSidW (Ordinal: 40, Address: 0x11680)
- CreateIsolatedProcess (Ordinal: 41, Address: 0x61bc0)
- CreateIsolationContainer (Ordinal: 42, Address: 0x61c30)
- CreateServiceA (Ordinal: 43, Address: 0x4d090)
- CreateServiceEx (Ordinal: 44, Address: 0x4d430)
- CreateServiceW (Ordinal: 45, Address: 0x4d6c0)
- CredBackupCredentials (Ordinal: 46, Address: 0x54aa0)
- CredDeleteA (Ordinal: 47, Address: 0x54bd0)
- CredDeleteW (Ordinal: 48, Address: 0x237f0)
- CredEncryptAndMarshalBinaryBlob (Ordinal: 49, Address: 0x55aa0)
- CredEnumerateA (Ordinal: 50, Address: 0x54c80)
- CredEnumerateW (Ordinal: 51, Address: 0x23b20)
- CredFindBestCredentialA (Ordinal: 52, Address: 0x54d70)
- CredFindBestCredentialW (Ordinal: 53, Address: 0x54e50)
- CredFree (Ordinal: 54, Address: 0x26090)
- CredGetSessionTypes (Ordinal: 55, Address: 0x54f30)
- CredGetTargetInfoA (Ordinal: 56, Address: 0x54fb0)
- CredGetTargetInfoW (Ordinal: 57, Address: 0x55090)
- CredIsMarshaledCredentialW (Ordinal: 58, Address: 0x25f60)
- CredIsProtectedA (Ordinal: 59, Address: 0x55ad0)
- CredIsProtectedW (Ordinal: 60, Address: 0x230c0)
- CredMarshalCredentialA (Ordinal: 61, Address: 0x55b40)
- CredMarshalCredentialW (Ordinal: 62, Address: 0x24e90)
- CredParseUserNameWithType (Ordinal: 63, Address: 0x22fe0)
- CredProfileLoaded (Ordinal: 64, Address: 0x55170)
- CredProfileLoadedEx (Ordinal: 65, Address: 0x20c20)
- CredProfileUnloaded (Ordinal: 66, Address: 0x551f0)
- CredProtectA (Ordinal: 67, Address: 0x55ba0)
- CredProtectEx (Ordinal: 68, Address: 0x24ca0)
- CredProtectW (Ordinal: 69, Address: 0x24c70)
- CredReadA (Ordinal: 70, Address: 0x55270)
- CredReadByTokenHandle (Ordinal: 71, Address: 0x55350)
- CredReadDomainCredentialsA (Ordinal: 72, Address: 0x55440)
- CredReadDomainCredentialsW (Ordinal: 73, Address: 0x55530)
- CredReadW (Ordinal: 74, Address: 0x55620)
- CredRestoreCredentials (Ordinal: 75, Address: 0x55700)
- CredUnmarshalCredentialA (Ordinal: 76, Address: 0x55cb0)
- CredUnmarshalCredentialW (Ordinal: 77, Address: 0x23160)
- CredUnprotectA (Ordinal: 78, Address: 0x55d20)
- CredUnprotectEx (Ordinal: 79, Address: 0x25550)
- CredUnprotectW (Ordinal: 80, Address: 0x55e60)
- CredWriteA (Ordinal: 81, Address: 0x55830)
- CredWriteDomainCredentialsA (Ordinal: 82, Address: 0x558e0)
- CredWriteDomainCredentialsW (Ordinal: 83, Address: 0x559c0)
- CredWriteW (Ordinal: 84, Address: 0x23880)
- CredpConvertCredential (Ordinal: 85, Address: 0x23910)
- CredpConvertOneCredentialSize (Ordinal: 86, Address: 0x24630)
- CredpConvertTargetInfo (Ordinal: 87, Address: 0x55e90)
- CredpDecodeCredential (Ordinal: 88, Address: 0x25ff0)
- CredpEncodeCredential (Ordinal: 89, Address: 0x24c00)
- CredpEncodeSecret (Ordinal: 90, Address: 0x560a0)
- DeleteIsolationContainer (Ordinal: 91, Address: 0x61ca0)
- DeleteService (Ordinal: 92, Address: 0x4d900)
- EnableTraceEx2 (Ordinal: 93, Address: 0x190f0)
- EnumDependentServicesW (Ordinal: 94, Address: 0x23540)
- EnumServicesStatusExW (Ordinal: 95, Address: 0x177d0)
- EnumerateIdentityProviders (Ordinal: 96, Address: 0x21600)
- EnumerateTraceGuidsEx (Ordinal: 97, Address: 0x22e50)
- EtwQueryRealtimeConsumer (Ordinal: 98, Address: 0x4fdd0)
- EventAccessControl (Ordinal: 99, Address: 0x50d60)
- EventAccessQuery (Ordinal: 100, Address: 0x50db0)
- EventAccessRemove (Ordinal: 101, Address: 0x50f60)
- FreeContainer (Ordinal: 102, Address: 0x56830)
- FreeTransientObjectSecurityDescriptor (Ordinal: 103, Address: 0x22210)
- GetDefaultIdentityProvider (Ordinal: 104, Address: 0x25eb0)
- GetEmbeddedContainerIsolationPolicy (Ordinal: 105, Address: 0x56870)
- GetEmbeddedImageMitigationPolicy (Ordinal: 106, Address: 0x22020)
- GetIdentityProviderInfoByGUID (Ordinal: 107, Address: 0x25e10)
- GetIdentityProviderInfoByName (Ordinal: 108, Address: 0x32fa0)
- GetServiceDirectory (Ordinal: 109, Address: 0x26400)
- GetServiceDisplayNameW (Ordinal: 110, Address: 0x235e0)
- GetServiceKeyNameW (Ordinal: 111, Address: 0x236c0)
- GetServiceProcessToken (Ordinal: 112, Address: 0x4d980)
- GetServiceRegistryStateKey (Ordinal: 113, Address: 0x15b40)
- I_QueryTagInformation (Ordinal: 114, Address: 0x179a0)
- I_RegisterSvchostNotificationCallback (Ordinal: 115, Address: 0x22f90)
- I_ScBroadcastServiceControlMessage (Ordinal: 116, Address: 0x23770)
- I_ScIsSecurityProcess (Ordinal: 117, Address: 0x26b90)
- I_ScPnPGetServiceName (Ordinal: 118, Address: 0x234f0)
- I_ScQueryServiceConfig (Ordinal: 119, Address: 0x178c0)
- I_ScRegisterDeviceNotification (Ordinal: 120, Address: 0x22310)
- I_ScRegisterPreshutdownRestart (Ordinal: 121, Address: 0x4da10)
- I_ScReparseServiceDatabase (Ordinal: 122, Address: 0x4dab0)
- I_ScRpcBindA (Ordinal: 123, Address: 0x4ea80)
- I_ScRpcBindW (Ordinal: 124, Address: 0x260a0)
- I_ScSendPnPMessage (Ordinal: 125, Address: 0x180a0)
- I_ScSendTSMessage (Ordinal: 126, Address: 0x23770)
- I_ScUnregisterDeviceNotification (Ordinal: 127, Address: 0x22d50)
- I_ScValidatePnPService (Ordinal: 128, Address: 0x23450)
- LocalGetConditionForString (Ordinal: 129, Address: 0x23f50)
- LocalGetReferencedTokenTypesForCondition (Ordinal: 130, Address: 0x36380)
- LocalGetStringForCondition (Ordinal: 131, Address: 0x37280)
- LocalRpcBindingCreateWithSecurity (Ordinal: 132, Address: 0x4c700)
- LocalRpcBindingSetAuthInfoEx (Ordinal: 133, Address: 0x4c8b0)
- LookupAccountNameLocalA (Ordinal: 134, Address: 0x33060)
- LookupAccountNameLocalW (Ordinal: 135, Address: 0x14b90)
- LookupAccountSidLocalA (Ordinal: 136, Address: 0x33170)
- LookupAccountSidLocalW (Ordinal: 137, Address: 0x14ee0)
- LsaAddAccountRights (Ordinal: 138, Address: 0x52c80)
- LsaClose (Ordinal: 139, Address: 0x211c0)
- LsaCreateSecret (Ordinal: 140, Address: 0x53500)
- LsaDelete (Ordinal: 141, Address: 0x52e80)
- LsaEnumerateAccountRights (Ordinal: 142, Address: 0x23aa0)
- LsaEnumerateAccountsWithUserRight (Ordinal: 143, Address: 0x52d20)
- LsaFreeMemory (Ordinal: 144, Address: 0x222c0)
- LsaICLookupNames (Ordinal: 145, Address: 0x20cd0)
- LsaICLookupNamesWithCreds (Ordinal: 146, Address: 0x52f10)
- LsaICLookupSids (Ordinal: 147, Address: 0x21080)
- LsaICLookupSidsWithCreds (Ordinal: 148, Address: 0x53070)
- LsaLookupClose (Ordinal: 149, Address: 0x153d0)
- LsaLookupFreeMemory (Ordinal: 150, Address: 0x222c0)
- LsaLookupGetDomainInfo (Ordinal: 151, Address: 0x14b20)
- LsaLookupManageSidNameMapping (Ordinal: 152, Address: 0x155a0)
- LsaLookupNames2 (Ordinal: 153, Address: 0x20c80)
- LsaLookupOpenLocalPolicy (Ordinal: 154, Address: 0x15430)
- LsaLookupSids2 (Ordinal: 155, Address: 0x53200)
- LsaLookupSids (Ordinal: 156, Address: 0x20f40)
- LsaLookupTranslateNames (Ordinal: 157, Address: 0x26630)
- LsaLookupTranslateSids (Ordinal: 158, Address: 0x15200)
- LsaLookupUserAccountType (Ordinal: 159, Address: 0x15530)
- LsaOpenPolicy (Ordinal: 160, Address: 0x20950)
- LsaOpenSecret (Ordinal: 161, Address: 0x53620)
- LsaQueryInformationPolicy (Ordinal: 162, Address: 0x20ea0)
- LsaQuerySecret (Ordinal: 163, Address: 0x53740)
- LsaRemoveAccountRights (Ordinal: 164, Address: 0x52de0)
- LsaRetrievePrivateData (Ordinal: 165, Address: 0x25980)
- LsaSetInformationPolicy (Ordinal: 166, Address: 0x53230)
- LsaSetSecret (Ordinal: 167, Address: 0x53b40)
- LsaStorePrivateData (Ordinal: 168, Address: 0x53d00)
- NotifyServiceStatusChange (Ordinal: 169, Address: 0x17420)
- NotifyServiceStatusChangeA (Ordinal: 170, Address: 0x10940)
- NotifyServiceStatusChangeW (Ordinal: 171, Address: 0x17420)
- OpenSCManagerA (Ordinal: 172, Address: 0x182a0)
- OpenSCManagerW (Ordinal: 173, Address: 0x18390)
- OpenServiceA (Ordinal: 174, Address: 0x10710)
- OpenServiceW (Ordinal: 175, Address: 0x18320)
- OpenTraceW (Ordinal: 176, Address: 0x16160)
- ProcessTrace (Ordinal: 177, Address: 0x166f0)
- QueryAllTracesA (Ordinal: 178, Address: 0x510e0)
- QueryAllTracesW (Ordinal: 179, Address: 0x51100)
- QueryLocalUserServiceName (Ordinal: 180, Address: 0x4db50)
- QueryServiceConfig2A (Ordinal: 181, Address: 0x4dd80)
- QueryServiceConfig2W (Ordinal: 182, Address: 0x17d40)
- QueryServiceConfigA (Ordinal: 183, Address: 0x4dfd0)
- QueryServiceConfigW (Ordinal: 184, Address: 0x18160)
- QueryServiceDynamicInformation (Ordinal: 185, Address: 0x4e2a0)
- QueryServiceObjectSecurity (Ordinal: 186, Address: 0x4e090)
- QueryServiceStatus (Ordinal: 187, Address: 0x17940)
- QueryServiceStatusEx (Ordinal: 188, Address: 0x18220)
- QueryTraceProcessingHandle (Ordinal: 189, Address: 0x4fe40)
- QueryTransientObjectSecurityDescriptor (Ordinal: 190, Address: 0x10bf0)
- QueryUserServiceName (Ordinal: 191, Address: 0x17b70)
- QueryUserServiceNameForContext (Ordinal: 192, Address: 0x4e140)
- RegisterServiceCtrlHandlerA (Ordinal: 193, Address: 0x4e310)
- RegisterServiceCtrlHandlerExA (Ordinal: 194, Address: 0x158a0)
- RegisterServiceCtrlHandlerExW (Ordinal: 195, Address: 0x16e40)
- RegisterServiceCtrlHandlerW (Ordinal: 196, Address: 0x15a60)
- RegisterTraceGuidsA (Ordinal: 197, Address: 0x68929)
- ReleaseIdentityProviderEnumContext (Ordinal: 198, Address: 0x21870)
- RemoveTraceCallback (Ordinal: 199, Address: 0x50030)
- RpcClientCapabilityCheck (Ordinal: 200, Address: 0x22100)
- SetLocalRpcServerInterfaceSecurity (Ordinal: 201, Address: 0x4c970)
- SetLocalRpcServerProtseqSecurity (Ordinal: 202, Address: 0x4ca10)
- SetServiceObjectSecurity (Ordinal: 203, Address: 0x26250)
- SetServiceStatus (Ordinal: 204, Address: 0x17c80)
- SetTraceCallback (Ordinal: 205, Address: 0x50110)
- StartServiceA (Ordinal: 206, Address: 0x10770)
- StartServiceCtrlDispatcherA (Ordinal: 207, Address: 0x260c0)
- StartServiceCtrlDispatcherW (Ordinal: 208, Address: 0x160c0)
- StartServiceW (Ordinal: 209, Address: 0x16de0)
- StartTraceA (Ordinal: 210, Address: 0x51120)
- StartTraceW (Ordinal: 211, Address: 0x19c90)
- StopTraceW (Ordinal: 212, Address: 0x26060)
- SubscribeServiceChangeNotifications (Ordinal: 213, Address: 0x15bf0)
- TraceQueryInformation (Ordinal: 214, Address: 0x515c0)
- TraceSetInformation (Ordinal: 215, Address: 0x518b0)
- UnsubscribeServiceChangeNotifications (Ordinal: 216, Address: 0x22fb0)
- WaitServiceState (Ordinal: 217, Address: 0x16580)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1006c088)
api-ms-win-core-crt-l1-1-0.dll
- _errno (Address: 0x1006c0a8)
- _except_handler4_common (Address: 0x1006c118)
- _ftol2 (Address: 0x1006c0f4)
- _i64tow_s (Address: 0x1006c0b0)
- _stricmp (Address: 0x1006c0c4)
- _ui64tow_s (Address: 0x1006c0ac)
- _ultow (Address: 0x1006c0a0)
- _ultow_s (Address: 0x1006c10c)
- _vsnwprintf_s (Address: 0x1006c120)
- _wcsicmp (Address: 0x1006c114)
- _wcsnicmp (Address: 0x1006c0bc)
- _wcstoi64 (Address: 0x1006c090)
- _wcstoui64 (Address: 0x1006c0ec)
- iswctype (Address: 0x1006c09c)
- memcmp (Address: 0x1006c0f8)
- memcpy (Address: 0x1006c0fc)
- memcpy_s (Address: 0x1006c0e0)
- memmove (Address: 0x1006c100)
- memmove_s (Address: 0x1006c0e8)
- memset (Address: 0x1006c104)
- qsort_s (Address: 0x1006c0f0)
- strchr (Address: 0x1006c0c8)
- strnlen (Address: 0x1006c0d8)
- strrchr (Address: 0x1006c0cc)
- strstr (Address: 0x1006c0d0)
- swprintf_s (Address: 0x1006c094)
- towlower (Address: 0x1006c0e4)
- wcscat_s (Address: 0x1006c0b4)
- wcschr (Address: 0x1006c11c)
- wcscpy_s (Address: 0x1006c110)
- wcsncmp (Address: 0x1006c0dc)
- wcsncpy_s (Address: 0x1006c108)
- wcsnlen (Address: 0x1006c0c0)
- wcsrchr (Address: 0x1006c0d4)
- wcsstr (Address: 0x1006c0b8)
- wcstok_s (Address: 0x1006c0a4)
- wcstoul (Address: 0x1006c098)
api-ms-win-core-crt-l2-1-0.dll
- __dllonexit3 (Address: 0x1006c12c)
- _initterm (Address: 0x1006c138)
- _initterm_e (Address: 0x1006c128)
- _onexit (Address: 0x1006c130)
- _purecall (Address: 0x1006c134)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1006c144)
- IsDebuggerPresent (Address: 0x1006c148)
- OutputDebugStringW (Address: 0x1006c140)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1006c150)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1006c158)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1006c160)
- RaiseException (Address: 0x1006c168)
- SetLastError (Address: 0x1006c164)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1006c170)
- GetDiskFreeSpaceExW (Address: 0x1006c178)
- GetFileAttributesExW (Address: 0x1006c174)
- GetFullPathNameA (Address: 0x1006c17c)
- GetFullPathNameW (Address: 0x1006c180)
- ReadFile (Address: 0x1006c184)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1006c18c)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1006c19c)
- HeapAlloc (Address: 0x1006c1a0)
- HeapFree (Address: 0x1006c198)
- HeapReAlloc (Address: 0x1006c194)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1006c1a8)
- LocalFree (Address: 0x1006c1b0)
- LocalReAlloc (Address: 0x1006c1ac)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1006c1bc)
- GetOverlappedResult (Address: 0x1006c1b8)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1006c1e0)
- FreeLibrary (Address: 0x1006c1cc)
- GetModuleFileNameA (Address: 0x1006c1d8)
- GetModuleFileNameW (Address: 0x1006c1c8)
- GetModuleHandleExW (Address: 0x1006c1dc)
- GetModuleHandleW (Address: 0x1006c1c4)
- GetProcAddress (Address: 0x1006c1d0)
- LoadLibraryExW (Address: 0x1006c1d4)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1006c1e8)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAllocEx (Address: 0x1006c1f8)
- VirtualFree (Address: 0x1006c1f0)
- VirtualFreeEx (Address: 0x1006c1f4)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x1006c20c)
- CreateProcessW (Address: 0x1006c204)
- CreateThread (Address: 0x1006c21c)
- GetCurrentProcess (Address: 0x1006c248)
- GetCurrentProcessId (Address: 0x1006c238)
- GetCurrentThread (Address: 0x1006c234)
- GetCurrentThreadId (Address: 0x1006c220)
- GetProcessTimes (Address: 0x1006c240)
- GetThreadPriority (Address: 0x1006c23c)
- InitializeProcThreadAttributeList (Address: 0x1006c208)
- OpenProcessToken (Address: 0x1006c244)
- OpenThread (Address: 0x1006c214)
- OpenThreadToken (Address: 0x1006c228)
- ResumeThread (Address: 0x1006c224)
- SetThreadPriority (Address: 0x1006c22c)
- TerminateThread (Address: 0x1006c218)
- TlsAlloc (Address: 0x1006c210)
- TlsGetValue (Address: 0x1006c200)
- TlsSetValue (Address: 0x1006c24c)
- UpdateProcThreadAttribute (Address: 0x1006c230)
api-ms-win-core-processthreads-l1-1-1.dll
- GetProcessMitigationPolicy (Address: 0x1006c254)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1006c268)
- RegDeleteValueW (Address: 0x1006c260)
- RegEnumKeyExW (Address: 0x1006c278)
- RegNotifyChangeKeyValue (Address: 0x1006c264)
- RegOpenKeyExA (Address: 0x1006c274)
- RegOpenKeyExW (Address: 0x1006c26c)
- RegQueryValueExA (Address: 0x1006c27c)
- RegQueryValueExW (Address: 0x1006c25c)
- RegSetValueExW (Address: 0x1006c270)
api-ms-win-core-rtlsupport-l1-2-0.dll
- RtlCompareMemory (Address: 0x1006c284)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1006c28c)
- CompareStringW (Address: 0x1006c290)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1006c2e8)
- AcquireSRWLockShared (Address: 0x1006c2a8)
- CreateEventA (Address: 0x1006c2ec)
- CreateEventExW (Address: 0x1006c2b8)
- CreateEventW (Address: 0x1006c2b0)
- CreateMutexExW (Address: 0x1006c2a4)
- CreateSemaphoreExW (Address: 0x1006c298)
- EnterCriticalSection (Address: 0x1006c2bc)
- InitializeSRWLock (Address: 0x1006c2e4)
- LeaveCriticalSection (Address: 0x1006c2c0)
- OpenEventW (Address: 0x1006c2c8)
- OpenSemaphoreW (Address: 0x1006c2a0)
- ReleaseMutex (Address: 0x1006c2e0)
- ReleaseSemaphore (Address: 0x1006c29c)
- ReleaseSRWLockExclusive (Address: 0x1006c2d8)
- ReleaseSRWLockShared (Address: 0x1006c2dc)
- ResetEvent (Address: 0x1006c2c4)
- SetEvent (Address: 0x1006c2d0)
- SleepEx (Address: 0x1006c2cc)
- WaitForMultipleObjectsEx (Address: 0x1006c2d4)
- WaitForSingleObject (Address: 0x1006c2ac)
- WaitForSingleObjectEx (Address: 0x1006c2b4)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x1006c2f4)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x1006c2fc)
- GetSystemDirectoryW (Address: 0x1006c300)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolWork (Address: 0x1006c30c)
- CreateThreadpoolWork (Address: 0x1006c308)
- SubmitThreadpoolWork (Address: 0x1006c310)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1006c318)
- EncodePointer (Address: 0x1006c31c)
api-ms-win-core-wow64-l1-1-1.dll
- IsWow64Process2 (Address: 0x1006c324)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x1006c330)
- EventSetInformation (Address: 0x1006c32c)
- EventUnregister (Address: 0x1006c334)
- EventWriteTransfer (Address: 0x1006c338)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAce (Address: 0x1006c340)
- AddAccessDeniedAce (Address: 0x1006c344)
- AdjustTokenGroups (Address: 0x1006c390)
- AdjustTokenPrivileges (Address: 0x1006c394)
- AllocateAndInitializeSid (Address: 0x1006c36c)
- CreateRestrictedToken (Address: 0x1006c378)
- EqualDomainSid (Address: 0x1006c380)
- EqualSid (Address: 0x1006c38c)
- FreeSid (Address: 0x1006c374)
- GetAclInformation (Address: 0x1006c370)
- GetLengthSid (Address: 0x1006c348)
- GetSecurityDescriptorDacl (Address: 0x1006c34c)
- GetSecurityDescriptorSacl (Address: 0x1006c350)
- GetSidSubAuthority (Address: 0x1006c368)
- GetSidSubAuthorityCount (Address: 0x1006c37c)
- GetTokenInformation (Address: 0x1006c384)
- InitializeSecurityDescriptor (Address: 0x1006c364)
- IsValidSecurityDescriptor (Address: 0x1006c388)
- IsValidSid (Address: 0x1006c354)
- SetKernelObjectSecurity (Address: 0x1006c358)
- SetSecurityDescriptorDacl (Address: 0x1006c35c)
- SetSecurityDescriptorSacl (Address: 0x1006c360)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x1006c3b0)
- BCryptCreateHash (Address: 0x1006c3a0)
- BCryptDecrypt (Address: 0x1006c3bc)
- BCryptDestroyHash (Address: 0x1006c3ac)
- BCryptDestroyKey (Address: 0x1006c3c4)
- BCryptEncrypt (Address: 0x1006c3c8)
- BCryptFinishHash (Address: 0x1006c3b4)
- BCryptGenerateSymmetricKey (Address: 0x1006c39c)
- BCryptGenRandom (Address: 0x1006c3cc)
- BCryptGetProperty (Address: 0x1006c3c0)
- BCryptHashData (Address: 0x1006c3a8)
- BCryptOpenAlgorithmProvider (Address: 0x1006c3b8)
- BCryptSetProperty (Address: 0x1006c3a4)
ntdll.dll
- _vsnwprintf (Address: 0x1006c544)
- DbgPrintEx (Address: 0x1006c5b8)
- EtwDeliverDataBlock (Address: 0x1006c4dc)
- EtwEnumerateProcessRegGuids (Address: 0x1006c4e4)
- EtwpGetCpuSpeed (Address: 0x1006c4fc)
- EtwProcessPrivateLoggerRequest (Address: 0x1006c524)
- EtwSendNotification (Address: 0x1006c4e0)
- LdrQueryModuleServiceTags (Address: 0x1006c488)
- LdrResSearchResource (Address: 0x1006c538)
- NtCancelIoFile (Address: 0x1006c4c4)
- NtClose (Address: 0x1006c580)
- NtOpenKey (Address: 0x1006c454)
- NtOpenProcessToken (Address: 0x1006c588)
- NtOpenProcessTokenEx (Address: 0x1006c434)
- NtOpenThreadToken (Address: 0x1006c57c)
- NtQueryInformationFile (Address: 0x1006c4c0)
- NtQueryInformationThread (Address: 0x1006c48c)
- NtQueryInformationToken (Address: 0x1006c584)
- NtQueryIntervalProfile (Address: 0x1006c4f4)
- NtQueryPerformanceCounter (Address: 0x1006c510)
- NtQuerySystemInformation (Address: 0x1006c4f0)
- NtQueryValueKey (Address: 0x1006c45c)
- NtQueueApcThread (Address: 0x1006c4b0)
- NtSetEvent (Address: 0x1006c528)
- NtSetInformationThread (Address: 0x1006c480)
- NtSetIntervalProfile (Address: 0x1006c4ec)
- NtSetSystemInformation (Address: 0x1006c4e8)
- NtTerminateProcess (Address: 0x1006c554)
- NtTraceControl (Address: 0x1006c4c8)
- NtWaitForMultipleObjects (Address: 0x1006c504)
- RtlAbsoluteToSelfRelativeSD (Address: 0x1006c408)
- RtlAcquireSRWLockExclusive (Address: 0x1006c59c)
- RtlAcquireSRWLockShared (Address: 0x1006c49c)
- RtlAddAccessAllowedAce (Address: 0x1006c440)
- RtlAddAccessAllowedAceEx (Address: 0x1006c3f4)
- RtlAddAccessAllowedObjectAce (Address: 0x1006c414)
- RtlAddAccessDeniedAceEx (Address: 0x1006c410)
- RtlAddAccessDeniedObjectAce (Address: 0x1006c418)
- RtlAddAce (Address: 0x1006c400)
- RtlAddAuditAccessAceEx (Address: 0x1006c3ec)
- RtlAddAuditAccessObjectAce (Address: 0x1006c3d4)
- RtlAddMandatoryAce (Address: 0x1006c444)
- RtlAllocateAndInitializeSid (Address: 0x1006c53c)
- RtlAllocateHeap (Address: 0x1006c44c)
- RtlAnsiStringToUnicodeString (Address: 0x1006c5a8)
- RtlCapabilityCheck (Address: 0x1006c46c)
- RtlCapabilityCheckForSingleSessionSku (Address: 0x1006c460)
- RtlCaptureContext (Address: 0x1006c550)
- RtlCheckTokenCapability (Address: 0x1006c470)
- RtlCheckTokenMembership (Address: 0x1006c464)
- RtlCheckTokenMembershipEx (Address: 0x1006c468)
- RtlCompareUnicodeString (Address: 0x1006c574)
- RtlConvertSidToUnicodeString (Address: 0x1006c3e4)
- RtlCopySecurityDescriptor (Address: 0x1006c5bc)
- RtlCopySid (Address: 0x1006c594)
- RtlCopyUnicodeString (Address: 0x1006c564)
- RtlCreateAcl (Address: 0x1006c448)
- RtlCreateSecurityDescriptor (Address: 0x1006c424)
- RtlCreateServiceSid (Address: 0x1006c484)
- RtlDecompressBufferEx (Address: 0x1006c51c)
- RtlDeleteCriticalSection (Address: 0x1006c42c)
- RtlDeriveCapabilitySidsFromName (Address: 0x1006c540)
- RtlDllShutdownInProgress (Address: 0x1006c5a0)
- RtlEqualPrefixSid (Address: 0x1006c570)
- RtlEqualSid (Address: 0x1006c568)
- RtlEqualUnicodeString (Address: 0x1006c56c)
- RtlFirstFreeAce (Address: 0x1006c41c)
- RtlFreeAnsiString (Address: 0x1006c4cc)
- RtlFreeHeap (Address: 0x1006c458)
- RtlFreeUnicodeString (Address: 0x1006c598)
- RtlGetAce (Address: 0x1006c3e8)
- RtlGetCompressionWorkSpaceSize (Address: 0x1006c518)
- RtlGetControlSecurityDescriptor (Address: 0x1006c450)
- RtlGetCurrentServiceSessionId (Address: 0x1006c520)
- RtlGetDaclSecurityDescriptor (Address: 0x1006c428)
- RtlGetGroupSecurityDescriptor (Address: 0x1006c404)
- RtlGetNativeSystemInformation (Address: 0x1006c508)
- RtlGetNtProductType (Address: 0x1006c52c)
- RtlGetOwnerSecurityDescriptor (Address: 0x1006c3f8)
- RtlGetPersistedStateLocation (Address: 0x1006c4d0)
- RtlGetSaclSecurityDescriptor (Address: 0x1006c3e0)
- RtlGUIDFromString (Address: 0x1006c5b0)
- RtlInitAnsiString (Address: 0x1006c5b4)
- RtlInitializeBitMap (Address: 0x1006c50c)
- RtlInitializeCriticalSectionEx (Address: 0x1006c430)
- RtlInitializeSid (Address: 0x1006c490)
- RtlInitializeSRWLock (Address: 0x1006c558)
- RtlInitUnicodeString (Address: 0x1006c5ac)
- RtlInitUnicodeStringEx (Address: 0x1006c534)
- RtlInterlockedClearBitRun (Address: 0x1006c514)
- RtlLengthRequiredSid (Address: 0x1006c43c)
- RtlLengthSecurityDescriptor (Address: 0x1006c438)
- RtlLengthSid (Address: 0x1006c560)
- RtlMakeSelfRelativeSD (Address: 0x1006c474)
- RtlMultiByteToUnicodeN (Address: 0x1006c40c)
- RtlNtStatusToDosError (Address: 0x1006c58c)
- RtlNtStatusToDosErrorNoTeb (Address: 0x1006c5a4)
- RtlQueryPerformanceFrequency (Address: 0x1006c500)
- RtlQueryRegistryValueWithFallback (Address: 0x1006c4d4)
- RtlQueryTimeZoneInformation (Address: 0x1006c4f8)
- RtlQueryWnfStateData (Address: 0x1006c4b4)
- RtlReleaseSRWLockExclusive (Address: 0x1006c494)
- RtlReleaseSRWLockShared (Address: 0x1006c4a0)
- RtlRunOnceExecuteOnce (Address: 0x1006c4a4)
- RtlSetDaclSecurityDescriptor (Address: 0x1006c3dc)
- RtlSetGroupSecurityDescriptor (Address: 0x1006c420)
- RtlSetLastWin32Error (Address: 0x1006c4bc)
- RtlSetOwnerSecurityDescriptor (Address: 0x1006c548)
- RtlSetSaclSecurityDescriptor (Address: 0x1006c55c)
- RtlSetThreadSubProcessTag (Address: 0x1006c478)
- RtlSubAuthorityCountSid (Address: 0x1006c3fc)
- RtlSubAuthoritySid (Address: 0x1006c3d8)
- RtlSubscribeWnfStateChangeNotification (Address: 0x1006c4ac)
- RtlUnhandledExceptionFilter (Address: 0x1006c54c)
- RtlUnicodeStringToAnsiString (Address: 0x1006c47c)
- RtlUnicodeToMultiByteSize (Address: 0x1006c590)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x1006c4b8)
- RtlUnsubscribeWnfStateChangeNotification (Address: 0x1006c4a8)
- RtlValidAcl (Address: 0x1006c498)
- RtlValidRelativeSecurityDescriptor (Address: 0x1006c4d8)
- RtlValidSid (Address: 0x1006c578)
- RtlxAnsiStringToUnicodeSize (Address: 0x1006c3f0)
- RtlxUnicodeStringToAnsiSize (Address: 0x1006c530)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x1006c078)
- I_RpcMapWin32Status (Address: 0x1006c07c)
- NdrAsyncClientCall2 (Address: 0x1006c004)
- NdrClientCall4 (Address: 0x1006c074)
- RpcAsyncCancelCall (Address: 0x1006c018)
- RpcAsyncCompleteCall (Address: 0x1006c01c)
- RpcAsyncInitializeHandle (Address: 0x1006c020)
- RpcBindingBind (Address: 0x1006c054)
- RpcBindingCreateW (Address: 0x1006c058)
- RpcBindingFree (Address: 0x1006c064)
- RpcBindingFromStringBindingW (Address: 0x1006c070)
- RpcBindingServerFromClient (Address: 0x1006c02c)
- RpcBindingSetAuthInfoExW (Address: 0x1006c048)
- RpcBindingSetAuthInfoW (Address: 0x1006c000)
- RpcBindingSetOption (Address: 0x1006c03c)
- RpcBindingToStringBindingW (Address: 0x1006c034)
- RpcImpersonateClient (Address: 0x1006c040)
- RpcRevertToSelf (Address: 0x1006c038)
- RpcRevertToSelfEx (Address: 0x1006c044)
- RpcServerInqCallAttributesA (Address: 0x1006c028)
- RpcServerRegisterIf3 (Address: 0x1006c04c)
- RpcServerUseProtseqW (Address: 0x1006c050)
- RpcSmDestroyClientContext (Address: 0x1006c00c)
- RpcSsDestroyClientContext (Address: 0x1006c080)
- RpcSsGetContextBinding (Address: 0x1006c024)
- RpcStringBindingComposeW (Address: 0x1006c06c)
- RpcStringBindingParseW (Address: 0x1006c030)
- RpcStringFreeW (Address: 0x1006c068)
- UuidCreate (Address: 0x1006c008)
- UuidEqual (Address: 0x1006c014)
- UuidFromStringW (Address: 0x1006c060)
- UuidIsNil (Address: 0x1006c010)
- UuidToStringW (Address: 0x1006c05c)