SHCore.dll
Description: SHCORE
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 32-bit
Operating System: Windows NT
SHA256: a504f83ce4457071bbeed45cf92475c6
File Size: 533.8 KB
Uploaded At: Dec. 1, 2025, 8:04 a.m.
Views: 9
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- (Ordinal: 1, Address: 0x198c0)
- CommandLineToArgvW (Ordinal: 2, Address: 0x33670)
- CreateRandomAccessStreamOnFile (Ordinal: 3, Address: 0x3de40)
- CreateRandomAccessStreamOverStream (Ordinal: 4, Address: 0x2edd0)
- CreateStreamOverRandomAccessStream (Ordinal: 5, Address: 0x33000)
- DllCanUnloadNow (Ordinal: 6, Address: 0x373e0)
- DllGetActivationFactory (Ordinal: 7, Address: 0x56c70)
- DllGetClassObject (Ordinal: 8, Address: 0x3b770)
- GetCurrentProcessExplicitAppUserModelID (Ordinal: 9, Address: 0x6ef00)
- GetDpiForMonitor (Ordinal: 10, Address: 0x375b0)
- GetDpiForShellUIComponent (Ordinal: 11, Address: 0x3bdb0)
- GetFeatureEnabledState (Ordinal: 12, Address: 0x40580)
- GetFeatureVariant (Ordinal: 13, Address: 0x40670)
- GetProcessDpiAwareness (Ordinal: 14, Address: 0x40150)
- GetProcessReference (Ordinal: 15, Address: 0x1eb30)
- GetScaleFactorForDevice (Ordinal: 16, Address: 0x3bc30)
- GetScaleFactorForMonitor (Ordinal: 17, Address: 0x3b8b0)
- IStream_Copy (Ordinal: 18, Address: 0x41640)
- IStream_Read (Ordinal: 19, Address: 0x1dbf0)
- IStream_ReadStr (Ordinal: 20, Address: 0x21b20)
- IStream_Reset (Ordinal: 21, Address: 0x221f0)
- IStream_Size (Ordinal: 22, Address: 0x2f640)
- IStream_Write (Ordinal: 23, Address: 0x297a0)
- IStream_WriteStr (Ordinal: 24, Address: 0x251a0)
- IUnknown_AtomicRelease (Ordinal: 25, Address: 0x56d20)
- IUnknown_GetSite (Ordinal: 26, Address: 0x36600)
- IUnknown_QueryService (Ordinal: 27, Address: 0x36380)
- IUnknown_Set (Ordinal: 28, Address: 0x33de0)
- IUnknown_SetSite (Ordinal: 29, Address: 0x36680)
- IsOS (Ordinal: 30, Address: 0x14f90)
- IsProcessInIsolatedContainer (Ordinal: 31, Address: 0x3d0e0)
- IsProcessInWDAGContainer (Ordinal: 32, Address: 0x3d1b0)
- RecordFeatureError (Ordinal: 33, Address: 0x57380)
- RecordFeatureUsage (Ordinal: 34, Address: 0x15200)
- RegisterScaleChangeEvent (Ordinal: 35, Address: 0x3f180)
- RegisterScaleChangeNotifications (Ordinal: 36, Address: 0x41e30)
- RevokeScaleChangeNotifications (Ordinal: 37, Address: 0x41f00)
- SHAnsiToAnsi (Ordinal: 38, Address: 0x73660)
- SHAnsiToUnicode (Ordinal: 39, Address: 0x33e40)
- SHCopyKeyA (Ordinal: 40, Address: 0x57d60)
- SHCopyKeyW (Ordinal: 41, Address: 0x3adb0)
- SHCreateMemStream (Ordinal: 42, Address: 0x23770)
- SHCreateStreamOnFileA (Ordinal: 43, Address: 0x66f30)
- SHCreateStreamOnFileEx (Ordinal: 44, Address: 0x3c710)
- SHCreateStreamOnFileW (Ordinal: 45, Address: 0x380a0)
- SHCreateThread (Ordinal: 46, Address: 0x39ff0)
- SHCreateThreadRef (Ordinal: 47, Address: 0x39040)
- SHCreateThreadWithHandle (Ordinal: 48, Address: 0x39fc0)
- SHDeleteEmptyKeyA (Ordinal: 49, Address: 0x57960)
- SHDeleteEmptyKeyW (Ordinal: 50, Address: 0x57ae0)
- SHDeleteKeyA (Ordinal: 51, Address: 0x57dd0)
- SHDeleteKeyW (Ordinal: 52, Address: 0x41d40)
- SHDeleteValueA (Ordinal: 53, Address: 0x579f0)
- SHDeleteValueW (Ordinal: 54, Address: 0x3f480)
- SHEnumKeyExA (Ordinal: 55, Address: 0x57e30)
- SHEnumKeyExW (Ordinal: 56, Address: 0x3e8e0)
- SHEnumValueA (Ordinal: 57, Address: 0x57e60)
- SHEnumValueW (Ordinal: 58, Address: 0x3ef50)
- SHGetThreadRef (Ordinal: 59, Address: 0x1b250)
- SHGetValueA (Ordinal: 60, Address: 0x57e90)
- SHGetValueW (Ordinal: 61, Address: 0x17f80)
- SHOpenRegStream2A (Ordinal: 62, Address: 0x66ba0)
- SHOpenRegStream2W (Ordinal: 63, Address: 0x37600)
- SHOpenRegStreamA (Ordinal: 64, Address: 0x66c40)
- SHOpenRegStreamW (Ordinal: 65, Address: 0x66c70)
- SHQueryInfoKeyA (Ordinal: 66, Address: 0x57f20)
- SHQueryInfoKeyW (Ordinal: 67, Address: 0x3eff0)
- SHQueryValueExA (Ordinal: 68, Address: 0x57f50)
- SHQueryValueExW (Ordinal: 69, Address: 0x18010)
- SHRegDuplicateHKey (Ordinal: 70, Address: 0x57f80)
- SHRegGetIntW (Ordinal: 71, Address: 0x57fb0)
- SHRegGetPathA (Ordinal: 72, Address: 0x58030)
- SHRegGetPathW (Ordinal: 73, Address: 0x58070)
- SHRegGetValueA (Ordinal: 74, Address: 0x580b0)
- SHRegGetValueW (Ordinal: 75, Address: 0x17e00)
- SHRegSetPathA (Ordinal: 76, Address: 0x58160)
- SHRegSetPathW (Ordinal: 77, Address: 0x581f0)
- SHReleaseThreadRef (Ordinal: 78, Address: 0x415f0)
- SHSetThreadRef (Ordinal: 79, Address: 0x39010)
- SHSetValueA (Ordinal: 80, Address: 0x57a50)
- SHSetValueW (Ordinal: 81, Address: 0x3bb90)
- SHStrDupA (Ordinal: 82, Address: 0x3f6e0)
- SHStrDupW (Ordinal: 83, Address: 0x1e690)
- SHTaskPoolAllowThreadReuse (Ordinal: 84, Address: 0x3aff0)
- SHTaskPoolDoNotWaitForMoreTasks (Ordinal: 85, Address: 0x406c0)
- SHTaskPoolGetCurrentThreadLifetime (Ordinal: 86, Address: 0x1ca70)
- SHTaskPoolGetUniqueContext (Ordinal: 87, Address: 0x3d040)
- SHTaskPoolQueueTask (Ordinal: 88, Address: 0x28460)
- SHTaskPoolSetThreadReuseAllowed (Ordinal: 89, Address: 0x57470)
- SHUnicodeToAnsi (Ordinal: 90, Address: 0x36720)
- SHUnicodeToUnicode (Ordinal: 91, Address: 0x73940)
- SetCurrentProcessExplicitAppUserModelID (Ordinal: 92, Address: 0x369e0)
- SetProcessDpiAwareness (Ordinal: 93, Address: 0x3ff50)
- SetProcessReference (Ordinal: 94, Address: 0x406a0)
- SubscribeFeatureStateChangeNotification (Ordinal: 95, Address: 0x14830)
- UnregisterScaleChangeEvent (Ordinal: 96, Address: 0x41340)
- UnsubscribeFeatureStateChangeNotification (Ordinal: 97, Address: 0x40cb0)
- (Ordinal: 100, Address: 0x20190)
- (Ordinal: 101, Address: 0x22d30)
- (Ordinal: 102, Address: 0x30620)
- (Ordinal: 103, Address: 0x41700)
- (Ordinal: 104, Address: 0x202a0)
- (Ordinal: 105, Address: 0x18ef0)
- (Ordinal: 106, Address: 0x41280)
- (Ordinal: 107, Address: 0x66ab0)
- (Ordinal: 108, Address: 0x66b10)
- (Ordinal: 109, Address: 0x3a9d0)
- (Ordinal: 110, Address: 0x3a800)
- (Ordinal: 111, Address: 0x668e0)
- (Ordinal: 115, Address: 0x20910)
- (Ordinal: 116, Address: 0x69c80)
- (Ordinal: 117, Address: 0x62080)
- (Ordinal: 120, Address: 0x2a240)
- (Ordinal: 121, Address: 0x3ff90)
- SHRegGetValueFromHKCUHKLM (Ordinal: 122, Address: 0x16f80)
- (Ordinal: 123, Address: 0x16c80)
- (Ordinal: 124, Address: 0x57ec0)
- (Ordinal: 125, Address: 0x57ef0)
- (Ordinal: 126, Address: 0x14e60)
- (Ordinal: 127, Address: 0x334f0)
- (Ordinal: 130, Address: 0x183b0)
- (Ordinal: 131, Address: 0x14c10)
- (Ordinal: 132, Address: 0x57490)
- (Ordinal: 133, Address: 0x574d0)
- (Ordinal: 140, Address: 0x362f0)
- (Ordinal: 141, Address: 0x36550)
- (Ordinal: 142, Address: 0x14840)
- (Ordinal: 143, Address: 0x365c0)
- (Ordinal: 144, Address: 0x38940)
- (Ordinal: 145, Address: 0x36410)
- (Ordinal: 150, Address: 0x736b0)
- (Ordinal: 151, Address: 0x367b0)
- (Ordinal: 152, Address: 0x73870)
- (Ordinal: 153, Address: 0x737a0)
- (Ordinal: 160, Address: 0x73640)
- (Ordinal: 161, Address: 0x3a240)
- (Ordinal: 162, Address: 0x3a580)
- (Ordinal: 170, Address: 0x1fa40)
- (Ordinal: 171, Address: 0x575b0)
- (Ordinal: 172, Address: 0x1b430)
- (Ordinal: 173, Address: 0x36740)
- (Ordinal: 174, Address: 0x36900)
- (Ordinal: 175, Address: 0x57500)
- (Ordinal: 181, Address: 0x25840)
- (Ordinal: 182, Address: 0x2b860)
- (Ordinal: 183, Address: 0x21e90)
- (Ordinal: 184, Address: 0x40620)
- (Ordinal: 185, Address: 0x73b20)
- (Ordinal: 186, Address: 0x39be0)
- (Ordinal: 187, Address: 0x1c680)
- (Ordinal: 188, Address: 0x3b940)
- (Ordinal: 189, Address: 0x2a3d0)
- (Ordinal: 190, Address: 0x22a60)
- (Ordinal: 191, Address: 0x3fed0)
- (Ordinal: 192, Address: 0x15210)
- (Ordinal: 193, Address: 0x17bb0)
- (Ordinal: 200, Address: 0x33a20)
- (Ordinal: 220, Address: 0x58a20)
- (Ordinal: 222, Address: 0x41f60)
- (Ordinal: 223, Address: 0x58c50)
- (Ordinal: 224, Address: 0x58ea0)
- (Ordinal: 225, Address: 0x589d0)
- (Ordinal: 226, Address: 0x58af0)
- (Ordinal: 227, Address: 0x58c80)
- (Ordinal: 228, Address: 0x58ed0)
- (Ordinal: 229, Address: 0x58a70)
- (Ordinal: 230, Address: 0x390d0)
- (Ordinal: 231, Address: 0x6eda0)
- (Ordinal: 232, Address: 0x6ee40)
- (Ordinal: 233, Address: 0x394b0)
- (Ordinal: 234, Address: 0x3ba10)
- (Ordinal: 240, Address: 0x39c10)
- (Ordinal: 241, Address: 0x58e60)
- (Ordinal: 242, Address: 0x58ce0)
- (Ordinal: 244, Address: 0x227a0)
- (Ordinal: 245, Address: 0x3c240)
- (Ordinal: 246, Address: 0x3f2d0)
- (Ordinal: 247, Address: 0x3dfb0)
- (Ordinal: 248, Address: 0x3f400)
- (Ordinal: 249, Address: 0x59950)
- (Ordinal: 250, Address: 0x195c0)
- (Ordinal: 251, Address: 0x343f0)
- (Ordinal: 252, Address: 0x73f30)
- (Ordinal: 253, Address: 0x74380)
- (Ordinal: 254, Address: 0x34760)
- (Ordinal: 255, Address: 0x1aba0)
- (Ordinal: 260, Address: 0x58b50)
- (Ordinal: 261, Address: 0x58d60)
- (Ordinal: 270, Address: 0x37870)
- (Ordinal: 280, Address: 0x38470)
- (Ordinal: 281, Address: 0x744f0)
- (Ordinal: 282, Address: 0x744c0)
- (Ordinal: 283, Address: 0x74430)
- (Ordinal: 284, Address: 0x38660)
- (Ordinal: 290, Address: 0x38450)
- (Ordinal: 291, Address: 0x74460)
- (Ordinal: 292, Address: 0x38430)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x10079000)
api-ms-win-core-atoms-l1-1-0.dll
- GlobalAddAtomExW (Address: 0x10079008)
- GlobalDeleteAtom (Address: 0x10079010)
- GlobalGetAtomNameW (Address: 0x1007900c)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1007901c)
- IsDebuggerPresent (Address: 0x10079020)
- OutputDebugStringW (Address: 0x10079018)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x10079028)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x10079030)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x10079040)
- RaiseException (Address: 0x1007903c)
- SetLastError (Address: 0x10079048)
- SetUnhandledExceptionFilter (Address: 0x10079044)
- UnhandledExceptionFilter (Address: 0x10079038)
api-ms-win-core-errorhandling-l1-1-2.dll
- RaiseFailFastException (Address: 0x10079050)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x10079068)
- CreateFileW (Address: 0x10079070)
- DeleteFileW (Address: 0x1007909c)
- FlushFileBuffers (Address: 0x1007906c)
- GetDriveTypeW (Address: 0x10079078)
- GetFileAttributesExW (Address: 0x1007905c)
- GetFileAttributesW (Address: 0x10079098)
- GetFileInformationByHandle (Address: 0x10079058)
- GetFileSizeEx (Address: 0x10079060)
- GetVolumeInformationByHandleW (Address: 0x10079080)
- LockFileEx (Address: 0x10079084)
- ReadFile (Address: 0x10079074)
- SetEndOfFile (Address: 0x10079088)
- SetFileInformationByHandle (Address: 0x10079094)
- SetFilePointer (Address: 0x1007907c)
- SetFilePointerEx (Address: 0x1007908c)
- UnlockFileEx (Address: 0x10079090)
- WriteFile (Address: 0x10079064)
api-ms-win-core-file-l1-2-0.dll
- CreateFile2 (Address: 0x100790a4)
api-ms-win-core-file-l2-1-0.dll
- GetFileInformationByHandleEx (Address: 0x100790b0)
- ReplaceFileW (Address: 0x100790ac)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x100790b8)
- DuplicateHandle (Address: 0x100790bc)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x100790c4)
- HeapAlloc (Address: 0x100790cc)
- HeapFree (Address: 0x100790c8)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x100790dc)
- LocalFree (Address: 0x100790d4)
- LocalReAlloc (Address: 0x100790d8)
api-ms-win-core-io-l1-1-0.dll
- CancelIoEx (Address: 0x100790ec)
- DeviceIoControl (Address: 0x100790e4)
- GetOverlappedResult (Address: 0x100790e8)
api-ms-win-core-largeinteger-l1-1-0.dll
- MulDiv (Address: 0x100790f4)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x10079104)
- FindResourceExW (Address: 0x1007910c)
- FreeLibrary (Address: 0x1007911c)
- FreeLibraryAndExitThread (Address: 0x10079108)
- GetModuleFileNameA (Address: 0x10079114)
- GetModuleFileNameW (Address: 0x10079120)
- GetModuleHandleExW (Address: 0x10079110)
- GetModuleHandleW (Address: 0x100790fc)
- GetProcAddress (Address: 0x10079124)
- LoadLibraryExW (Address: 0x10079100)
- LoadResource (Address: 0x10079118)
- LockResource (Address: 0x1007912c)
- SizeofResource (Address: 0x10079128)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x10079134)
- GetLocaleInfoW (Address: 0x10079138)
api-ms-win-core-localization-obsolete-l1-2-0.dll
- GetUserDefaultUILanguage (Address: 0x10079140)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x1007914c)
- MapViewOfFile (Address: 0x10079154)
- OpenFileMappingW (Address: 0x10079150)
- UnmapViewOfFile (Address: 0x10079148)
api-ms-win-core-path-l1-1-0.dll
- PathCchAddBackslashEx (Address: 0x1007915c)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsA (Address: 0x10079164)
- ExpandEnvironmentStringsW (Address: 0x10079168)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x10079184)
- GetCurrentProcess (Address: 0x10079170)
- GetCurrentProcessId (Address: 0x100791a8)
- GetCurrentThread (Address: 0x100791a4)
- GetCurrentThreadId (Address: 0x1007918c)
- GetProcessId (Address: 0x10079190)
- GetStartupInfoW (Address: 0x100791a0)
- GetThreadPriority (Address: 0x1007917c)
- OpenProcessToken (Address: 0x10079178)
- OpenThreadToken (Address: 0x10079188)
- ResumeThread (Address: 0x10079198)
- SetThreadPriority (Address: 0x10079174)
- TerminateProcess (Address: 0x1007919c)
- TlsAlloc (Address: 0x10079180)
- TlsFree (Address: 0x10079194)
- TlsGetValue (Address: 0x100791b0)
- TlsSetValue (Address: 0x100791ac)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x100791b8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x100791c0)
api-ms-win-core-quirks-l1-1-0.dll
- QuirkIsEnabled (Address: 0x100791c8)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x10079218)
- RegCreateKeyExA (Address: 0x10079210)
- RegCreateKeyExW (Address: 0x1007921c)
- RegDeleteKeyExA (Address: 0x100791ec)
- RegDeleteKeyExW (Address: 0x100791d8)
- RegDeleteValueA (Address: 0x10079208)
- RegDeleteValueW (Address: 0x1007920c)
- RegEnumKeyExA (Address: 0x10079214)
- RegEnumKeyExW (Address: 0x100791d4)
- RegEnumValueA (Address: 0x100791e4)
- RegEnumValueW (Address: 0x10079204)
- RegGetValueW (Address: 0x100791d0)
- RegOpenKeyExA (Address: 0x100791fc)
- RegOpenKeyExW (Address: 0x100791f0)
- RegQueryInfoKeyA (Address: 0x100791e8)
- RegQueryInfoKeyW (Address: 0x100791e0)
- RegQueryValueExA (Address: 0x100791f8)
- RegQueryValueExW (Address: 0x100791f4)
- RegSetValueExA (Address: 0x100791dc)
- RegSetValueExW (Address: 0x10079200)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathCombineW (Address: 0x1007923c)
- PathFileExistsW (Address: 0x10079248)
- PathFindExtensionW (Address: 0x10079244)
- PathFindFileNameW (Address: 0x10079240)
- PathGetDriveNumberW (Address: 0x1007922c)
- PathIsRelativeW (Address: 0x10079234)
- PathIsUNCW (Address: 0x10079224)
- PathRemoveFileSpecW (Address: 0x10079238)
- PathUnExpandEnvStringsA (Address: 0x10079228)
- PathUnExpandEnvStringsW (Address: 0x10079230)
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
- QISearch (Address: 0x1007925c)
- StrChrW (Address: 0x10079254)
- StrCmpICW (Address: 0x10079258)
- StrCmpNICW (Address: 0x1007926c)
- StrCmpNIW (Address: 0x10079250)
- StrDupA (Address: 0x10079268)
- StrDupW (Address: 0x10079260)
- StrToIntW (Address: 0x10079264)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x10079278)
- WideCharToMultiByte (Address: 0x10079274)
api-ms-win-core-string-l2-1-1.dll
- SHLoadIndirectString (Address: 0x10079280)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x10079288)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x10079290)
- AcquireSRWLockShared (Address: 0x100792c4)
- CreateEventExW (Address: 0x100792ec)
- CreateEventW (Address: 0x100792dc)
- CreateMutexExW (Address: 0x100792a8)
- CreateMutexW (Address: 0x100792b4)
- CreateSemaphoreExW (Address: 0x100792cc)
- DeleteCriticalSection (Address: 0x100792e4)
- EnterCriticalSection (Address: 0x100792e0)
- InitializeCriticalSection (Address: 0x100792d4)
- InitializeCriticalSectionEx (Address: 0x100792a0)
- InitializeSRWLock (Address: 0x100792b0)
- LeaveCriticalSection (Address: 0x100792c8)
- OpenEventW (Address: 0x100792c0)
- OpenSemaphoreW (Address: 0x10079294)
- ReleaseMutex (Address: 0x1007929c)
- ReleaseSemaphore (Address: 0x100792bc)
- ReleaseSRWLockExclusive (Address: 0x100792e8)
- ReleaseSRWLockShared (Address: 0x10079298)
- SetEvent (Address: 0x100792a4)
- TryAcquireSRWLockExclusive (Address: 0x100792d0)
- WaitForMultipleObjectsEx (Address: 0x100792d8)
- WaitForSingleObject (Address: 0x100792ac)
- WaitForSingleObjectEx (Address: 0x100792b8)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x10079300)
- InitOnceComplete (Address: 0x100792f4)
- InitOnceExecuteOnce (Address: 0x100792f8)
- Sleep (Address: 0x100792fc)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x10079310)
- GetTickCount (Address: 0x10079314)
- GetTickCount64 (Address: 0x1007930c)
- GetVersionExW (Address: 0x10079308)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetOsSafeBootMode (Address: 0x1007931c)
api-ms-win-core-threadpool-l1-2-0.dll
- CallbackMayRunLong (Address: 0x10079324)
- CloseThreadpoolTimer (Address: 0x10079350)
- CloseThreadpoolWait (Address: 0x10079340)
- CreateThreadpoolTimer (Address: 0x10079328)
- CreateThreadpoolWait (Address: 0x10079348)
- DisassociateCurrentThreadFromCallback (Address: 0x10079334)
- FreeLibraryWhenCallbackReturns (Address: 0x1007933c)
- SetThreadpoolTimer (Address: 0x10079338)
- SetThreadpoolWait (Address: 0x1007934c)
- TrySubmitThreadpoolCallback (Address: 0x10079330)
- WaitForThreadpoolTimerCallbacks (Address: 0x1007932c)
- WaitForThreadpoolWaitCallbacks (Address: 0x10079344)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- CreateTimerQueueTimer (Address: 0x10079360)
- DeleteTimerQueueTimer (Address: 0x1007935c)
- QueueUserWorkItem (Address: 0x10079358)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x10079368)
- EncodePointer (Address: 0x1007936c)
api-ms-win-core-version-l1-1-0.dll
- GetFileVersionInfoExW (Address: 0x1007937c)
- GetFileVersionInfoSizeExW (Address: 0x10079374)
- VerQueryValueW (Address: 0x10079378)
api-ms-win-core-wow64-l1-1-0.dll
- IsWow64Process (Address: 0x10079384)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x10079394)
- EventRegister (Address: 0x1007939c)
- EventSetInformation (Address: 0x1007938c)
- EventUnregister (Address: 0x10079390)
- EventWriteTransfer (Address: 0x10079398)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x100793b0)
- CheckTokenMembership (Address: 0x100793b4)
- GetTokenInformation (Address: 0x100793a8)
- ImpersonateLoggedOnUser (Address: 0x100793a4)
- RevertToSelf (Address: 0x100793ac)
combase.dll
- (Address: 0x100793bc)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x100793c8)
- __dllonexit (Address: 0x100793ec)
- _amsg_exit (Address: 0x10079400)
- _callnewh (Address: 0x100793c4)
- _except_handler4_common (Address: 0x100793e4)
- _ftol2 (Address: 0x100793cc)
- _ftol2_sse (Address: 0x100793d4)
- _initterm (Address: 0x100793f8)
- _lock (Address: 0x100793f4)
- _onexit (Address: 0x100793e8)
- _purecall (Address: 0x1007940c)
- _unlock (Address: 0x100793f0)
- _vsnwprintf (Address: 0x100793d0)
- _XcptFilter (Address: 0x10079404)
- floor (Address: 0x10079414)
- free (Address: 0x10079408)
- malloc (Address: 0x100793fc)
- memcmp (Address: 0x100793d8)
- memcpy (Address: 0x100793dc)
- memcpy_s (Address: 0x10079410)
- memmove (Address: 0x100793e0)
- memset (Address: 0x10079418)
ntdll.dll
- _vsnprintf_s (Address: 0x10079420)
- memmove_s (Address: 0x10079444)
- NtCreateFile (Address: 0x10079454)
- NtQueryInformationProcess (Address: 0x10079450)
- NtQuerySystemInformation (Address: 0x10079440)
- RtlAcquireSRWLockExclusive (Address: 0x1007944c)
- RtlAreLongPathsEnabled (Address: 0x10079430)
- RtlInitUnicodeString (Address: 0x10079458)
- RtlNtStatusToDosError (Address: 0x1007945c)
- RtlQueryWnfStateData (Address: 0x10079464)
- RtlReleaseSRWLockExclusive (Address: 0x10079448)
- RtlSleepConditionVariableSRW (Address: 0x1007943c)
- RtlSubscribeWnfStateChangeNotification (Address: 0x10079468)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x10079460)
- RtlWakeAllConditionVariable (Address: 0x10079438)
- toupper (Address: 0x10079434)
- wcschr (Address: 0x10079428)
- wcsncmp (Address: 0x10079424)
- wcsrchr (Address: 0x1007942c)