+----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | Operation | Module | Additional Information | Success | Count | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | KERNEL32.DLL | base_address = 0x76300000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | ADVAPI32.dll | base_address = 0x772d0000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | imagehlp.dll | base_address = 0x77920000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | ntdll.dll | base_address = 0x77e30000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | ole32.dll | base_address = 0x75d60000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | SHELL32.dll | base_address = 0x76610000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | SHLWAPI.dll | base_address = 0x76210000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | USER32.dll | base_address = 0x75a80000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | WININET.dll | base_address = 0x75ec0000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | mswsock | base_address = 0x75740000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | wsock32 | base_address = 0x75730000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | dnsapi | base_address = 0x756e0000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | atl.dll | base_address = 0x75850000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | oleaut32.dll | base_address = 0x77950000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | winmm.dll | base_address = 0x75810000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | load | urlmon.dll | base_address = 0x777e0000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address = 0x763149d7 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address = 0x76311222 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = VirtualProtect, address = 0x7631435f | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address = 0x76311856 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address = 0x7631186e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = SetSecurityInfo, address = 0x772d9edf | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\imagehlp.dll | function = MapFileAndCheckSumA, address = 0x779283f7 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = atol, address = 0x77e7d300 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ole32.dll | function = CoUninitialize, address = 0x75da86d3 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shell32.dll | function = SHGetSpecialFolderPathA, address = 0x7685fb26 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrStrA, address = 0x7623c45b | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetTimer, address = 0x75a979fb | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address = 0x75eef18e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address = 0x7632ce2e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetEvent, address = 0x763116c5 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address = 0x763111f8 | True | 6 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SuspendThread, address = 0x76337d7e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenThread, address = 0x76321248 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SystemTimeToFileTime, address = 0x76315a7e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetVersionExA, address = 0x76313519 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoA, address = 0x7632d5e5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address = 0x76311809 | True | 6 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryA, address = 0x76332b0a | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WinExec, address = 0x76392c21 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address = 0x763151a1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetUnhandledExceptionFilter, address = 0x763187c9 | True | 6 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LocalFree, address = 0x76312d3c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetWaitableTimer, address = 0x7633bb2f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateWaitableTimerA, address = 0x76394c24 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address = 0x763134d5 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address = 0x763358e5 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FileTimeToSystemTime, address = 0x7631542c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = UnmapViewOfFile, address = 0x76311826 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MapViewOfFile, address = 0x763118f1 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateFileMappingA, address = 0x76315506 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address = 0x76311245 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RemoveDirectoryA, address = 0x763944bf | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DeleteFileA, address = 0x76315444 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryA, address = 0x7633d526 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetTempPathA, address = 0x7633276c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimeAsFileTime, address = 0x76313509 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetThreadPriority, address = 0x763132bb | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address = 0x7631170d | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address = 0x7631192e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address = 0x7631110c | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address = 0x76311450 | True | 6 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address = 0x763149ca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = QueueUserWorkItem, address = 0x7632ca80 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = Sleep, address = 0x763110ff | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address = 0x7632d802 | True | 6 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address = 0x763143ef | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetThreadContext, address = 0x76395393 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetThreadContext, address = 0x763379d4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WriteProcessMemory, address = 0x7632d9e0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = VirtualAllocEx, address = 0x7632d9b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address = 0x76311072 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = VirtualFreeEx, address = 0x7632d9c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address = 0x76317a10 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FindClose, address = 0x76314442 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FindNextFileA, address = 0x7633d53e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileA, address = 0x7631e2ce | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address = 0x763117d1 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address = 0x763114b1 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address = 0x77e52270 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address = 0x77e522b0 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSection, address = 0x77e62c42 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FlushFileBuffers, address = 0x7631469b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address = 0x76311282 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address = 0x76313ed3 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address = 0x76311410 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address = 0x7631196e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address = 0x763153c6 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetPrivateProfileSectionA, address = 0x7638a0b5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetPrivateProfileIntA, address = 0x7633cdd7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetPrivateProfileStringA, address = 0x7632184c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WritePrivateProfileStringA, address = 0x76337048 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = HeapCreate, address = 0x76314a2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = HeapDestroy, address = 0x763135b7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address = 0x77e5e026 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address = 0x77e71f6e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address = 0x763114c9 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateMutexA, address = 0x76314c6b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address = 0x763111c0 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address = 0x76311136 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address = 0x7631111e | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescript | True | 2 | | | | orW, address = 0x772e1f59 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetSecurityDescriptorSacl, address = 0x772e4608 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CreateProcessAsUserA, address = 0x77312538 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = AdjustTokenPrivileges, address = 0x772e418e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = LookupPrivilegeValueA, address = 0x772e404a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address = 0x772e4304 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwQuerySystemInformation, address = 0x77e4fda0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwSetInformationToken, address = 0x77e51a78 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwDuplicateToken, address = 0x77e4fec8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwClose, address = 0x77e4f9d0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwAdjustPrivilegesToken, address = 0x77e4feb0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwOpenProcessToken, address = 0x77e510b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = qsort, address = 0x77f05191 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = swprintf, address = 0x77f0550d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _wcsnicmp, address = 0x77e5f63b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _wcsicmp, address = 0x77e69337 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strstr, address = 0x77eac780 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = sprintf, address = 0x77f053c3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strncat, address = 0x77eac570 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strchr, address = 0x77e69c70 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strrchr, address = 0x77eac700 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ispunct, address = 0x77f043f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = isalnum, address = 0x77f04418 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strncpy, address = 0x77ea5c30 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlComputeCrc32, address = 0x77eeffc1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _snprintf, address = 0x77f04760 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEqualUnicodeString, address = 0x77e5e7f3 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _stricmp, address = 0x77e6c7b9 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _snwprintf, address = 0x77e62417 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = sscanf, address = 0x77f054a7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwFreeVirtualMemory, address = 0x77e4fb48 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwAllocateVirtualMemory, address = 0x77e4fab0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlImageNtHeader, address = 0x77e63164 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlImageDirectoryEntryToData, address = 0x77e5f54 | True | 2 | | | | 6 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ZwContinue, address = 0x77e4fee0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInsertElementGenericTable, address = 0x77e7939 | True | 1 | | | | a | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeleteElementGenericTable, address = 0x77e7a16 | True | 1 | | | | 8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLookupElementGenericTable, address = 0x77e7a10 | True | 1 | | | | 4 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRandom, address = 0x77ef98c3 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strpbrk, address = 0x77eac6c0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strncmp, address = 0x77e92f65 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _strnicmp, address = 0x77e8c27c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _strlwr, address = 0x77f04a48 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlTimeToSecondsSince1970, address = 0x77e7c4ca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeGenericTable, address = 0x77e6ff97 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEnumerateGenericTable, address = 0x77ef2a56 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = memset, address = 0x77e5df20 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = memcpy, address = 0x77e52340 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = atoi, address = 0x77e7d2f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _allmul, address = 0x77e72760 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ole32.dll | function = CoInitializeEx, address = 0x75da09ad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address = 0x75da9d0b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathMatchSpecA, address = 0x7624af13 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathRemoveBackslashA, address = 0x76248d1a | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathFindExtensionA, address = 0x7623eced | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHGetValueA, address = 0x7621cf09 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHEnumKeyExA, address = 0x7624fdb6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHSetValueA, address = 0x7624b0ef | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathFindFileNameA, address = 0x762200aa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrStrIW, address = 0x762246e9 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathFileExistsA, address = 0x7624ad1a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathAppendA, address = 0x7621d65e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathRemoveFileSpecA, address = 0x7623e20b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathAddBackslashA, address = 0x7621cf33 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrStrIA, address = 0x7621d250 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = DestroyWindow, address = 0x75a99a55 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetClientRect, address = 0x75aa0c62 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = ChildWindowFromPoint, address = 0x75ad8cf0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = ClientToScreen, address = 0x75aa2606 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = ScreenToClient, address = 0x75aa227d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = PostMessageW, address = 0x75aa12a5 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CreateWindowExW, address = 0x75a98a29 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetMessageW, address = 0x75a978e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = TranslateMessage, address = 0x75a97809 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = DispatchMessageW, address = 0x75a9787b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = KillTimer, address = 0x75a979db | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetWindowLongW, address = 0x75a98332 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindowLongW, address = 0x75a96ffe | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = PostQuitMessage, address = 0x75a99abb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address = 0x77e625dd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = FindWindowW, address = 0x75a998fd | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = ExitWindowsEx, address = 0x75ae1497 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = RegisterClassExW, address = 0x75a9b17d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetSystemMetrics, address = 0x75a97d2f | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address = 0x75edab49 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address = 0x75ee49e9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address = 0x75ee4c7d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address = 0x75f518f8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionW, address = 0x75ed7ed7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionW, address = 0x75ed7741 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = HttpQueryInfoW, address = 0x75ee5c75 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address = 0x75edb406 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\wininet.dll | function = InternetCrackUrlA, address = 0x75ecd075 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address = 0x7631195e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address = 0x763210b5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrLockLoaderLock, address = 0x77e66b95 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrUnlockLoaderLock, address = 0x77e66c3c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnwind, address = 0x77e76d39 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCaptureContext, address = 0x77e76b2b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCaptureStackBackTrace, address = 0x77e94f8f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateEvent, address = 0x77e4ff64 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDuplicateObject, address = 0x77e4fe34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlConvertSidToUnicodeString, address = 0x77e6aec | True | 2 | | | | 2 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtNotifyChangeKey, address = 0x77e50f60 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRunOnceInitialize, address = 0x77e68456 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtResetEvent, address = 0x77e51798 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlValidSecurityDescriptor, address = 0x77e95e16 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlOpenCurrentUser, address = 0x77e8b06f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInstallUILanguage, address = 0x77e51404 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlpConvertCultureNamesToLCIDs, address = 0x77ee9 | True | 1 | | | | fa8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlpConvertLCIDsToCultureNames, address = 0x77ee9 | True | 1 | | | | d5e | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwEventEnabled, address = 0x77e688e2 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetProcessPreferredUILanguages, address = 0x77 | True | 1 | | | | eeb52a | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlExpandEnvironmentStrings_U, address = 0x77e8c9 | True | 1 | | | | e7 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnicodeStringToInteger, address = 0x77e8cb1e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLCIDToCultureName, address = 0x77e7feff | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIdnToUnicode, address = 0x77ef6e59 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIdnToNameprepUnicode, address = 0x77ef6e35 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIdnToAscii, address = 0x77ea0bd5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIsNormalizedString, address = 0x77ef8a72 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlNormalizeString, address = 0x77e95743 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIntegerToUnicodeString, address = 0x77e68aad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _ui64tow, address = 0x77e9dda7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _wtol, address = 0x77ea8706 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _wcslwr, address = 0x77f04b6b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnhandledExceptionFilter, address = 0x77ef8dd3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtTerminateProcess, address = 0x77e4fca0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcsncpy, address = 0x77f05755 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcsncmp, address = 0x77e67f75 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReadThreadProfilingData, address = 0x77ecf099 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryThreadProfiling, address = 0x77ecf07a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDisableThreadProfiling, address = 0x77ecf030 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEnableThreadProfiling, address = 0x77ecef5f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetExtendedFeaturesMask, address = 0x77ef1482 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetExtendedFeaturesMask, address = 0x77ef189d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLocateExtendedFeature, address = 0x77ef1916 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCopyContext, address = 0x77ef15e6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetEnabledExtendedFeatures, address = 0x77ef4c | True | 1 | | | | 27 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetExtendedContextLength, address = 0x77ef1816 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeExtendedContext, address = 0x77ef172 | True | 1 | | | | 8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLocateLegacyContext, address = 0x77ef1412 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtRaiseException, address = 0x77e515dc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwEventWriteNoRegistration, address = 0x77ea2220 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRegisterWait, address = 0x77ea0852 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetIoCompletionCallback, address = 0x77ea8a7e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueueWorkItem, address = 0x77e980a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeregisterWait, address = 0x77f10663 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenEvent, address = 0x77e4fe98 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtResetWriteWatch, address = 0x77e517b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtGetWriteWatch, address = 0x77e50d00 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtMapUserPhysicalPagesScatter, address = 0x77e4f8 | True | 1 | | | | 90 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtMapUserPhysicalPages, address = 0x77e50efc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFreeUserPhysicalPages, address = 0x77e50bd8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtAllocateUserPhysicalPages, address = 0x77e50344 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtUnlockVirtualMemory, address = 0x77e51ec0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtLockVirtualMemory, address = 0x77e50e94 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlOemStringToUnicodeString, address = 0x77e9b955 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetEnvironmentStrings, address = 0x77ef1e9a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlComputeImportTableHash, address = 0x77edc90d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = bsearch, address = 0x77e5ebdc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEncodeSystemPointer, address = 0x77e6e058 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFindCharInUnicodeString, address = 0x77e5fb37 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlNtPathNameToDosPathName, address = 0x77e7eb6b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtApphelpCacheControl, address = 0x77e4ffc4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFindActivationContextSectionGuid, address = 0x | True | 1 | | | | 77e93ecb | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFindActivationContextSectionString, address = | True | 1 | | | | 0x77e5ec78 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDoesFileExists_U, address = 0x77e87ecd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateActivationContext, address = 0x77e88aff | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgPrintEx, address = 0x77ea5af3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlImageNtHeaderEx, address = 0x77e5f495 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetThreadPreferredUILanguages, address = 0x77e | True | 1 | | | | 7d6b7 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryActivationContextApplicationSettings, add | True | 1 | | | | ress = 0x77e83a09 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetThreadPreferredUILanguages, address = 0x77e | True | 1 | | | | 7f97c | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryInformationActivationContext, address = 0 | True | 1 | | | | x77e6b988 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlMultiAppendUnicodeStringBuffer, address = 0x77 | True | 1 | | | | e8a858 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlpEnsureBufferSize, address = 0x77e92aed | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetLengthWithoutLastFullDosOrNtPathElement, ad | True | 1 | | | | dress = 0x77e88910 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlpApplyLengthFunction, address = 0x77e8889d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetActiveActivationContext, address = 0x77e6bd | True | 1 | | | | 84 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeactivateActivationContext, address = 0x77e94 | True | 1 | | | | ae8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlActivateActivationContext, address = 0x77e94c8 | True | 1 | | | | 6 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlZombifyActivationContext, address = 0x77edc027 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReleaseActivationContext, address = 0x77e6bb43 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAddRefActivationContext, address = 0x77e5f622 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationJobObject, address = 0x77e51a30 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateJobSet, address = 0x77e5072c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInformationJobObject, address = 0x77e51374 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtTerminateJobObject, address = 0x77e51d94 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtAssignProcessToJobObject, address = 0x77e5058c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenJobObject, address = 0x77e50ff0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateJobObject, address = 0x77e50714 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = tolower, address = 0x77f0559f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = isdigit, address = 0x77e7c3d5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = toupper, address = 0x77e78bf5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetCurrentDirectory_U, address = 0x77e9103d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCopyLuid, address = 0x77ee2297 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeOemString, address = 0x77ececca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateEnvironment, address = 0x77ef1dfe | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateEnvironmentEx, address = 0x77e7d3a3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDestroyEnvironment, address = 0x77e7ed9a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryEvent, address = 0x77e500bc | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = CsrClientCallServer, address = 0x77edcaff | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = CsrAllocateCaptureBuffer, address = 0x77edcb0f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = CsrAllocateMessagePointer, address = 0x77edcb2f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = CsrFreeCaptureBuffer, address = 0x77edcb1f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDeviceIoControlFile, address = 0x77e4f8fc | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateQueryDebugBuffer, address = 0x77ea2745 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryProcessDebugInformation, address = 0x77ea | True | 1 | | | | 348c | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDestroyQueryDebugBuffer, address = 0x77ea3380 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtMapViewOfSection, address = 0x77e4fc40 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtUnmapViewOfSection, address = 0x77e4fc70 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeUserStack, address = 0x77e9e710 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlProcessFlsData, address = 0x77e699a7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateActivationContextStack, address = 0x77 | True | 1 | | | | e69f73 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeActivationContextStack, address = 0x77e8d4 | True | 1 | | | | 84 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateUserStack, address = 0x77ea0f4f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpCaptureCaller, address = 0x77e7248d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSuspendThread, address = 0x77e51d60 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetContextThread, address = 0x77e51910 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtGetContextThread, address = 0x77e50c20 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateAndInitializeSid, address = 0x77e693e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeSid, address = 0x77e693b2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSignalAndWaitForSingleObject, address = 0x77e51 | True | 1 | | | | cd8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRunOnceComplete, address = 0x77e6bfe5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRunOnceBeginInitialize, address = 0x77e67e1b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRunOnceExecuteOnce, address = 0x77e67de3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSleepConditionVariableSRW, address = 0x77ed802 | True | 1 | | | | 8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSleepConditionVariableCS, address = 0x77ed7f2b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenPrivateNamespace, address = 0x77e51098 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreatePrivateNamespace, address = 0x77e507ec | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDeletePrivateNamespace, address = 0x77e50a1c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeSRWLock, address = 0x77e68456 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAddIntegrityLabelToBoundaryDescriptor, address | True | 1 | | | | = 0x77ee53cf | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAddSIDToBoundaryDescriptor, address = 0x77e9ae | True | 1 | | | | 93 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateBoundaryDescriptor, address = 0x77e986f1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAcquireSRWLockShared, address = 0x77e62560 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReleaseSRWLockShared, address = 0x77e625a9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtProtectVirtualMemory, address = 0x77e50028 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strcpy_s, address = 0x77e959cd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtReplacePartitionUnit, address = 0x77e51750 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCompareUnicodeString, address = 0x77e684b7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRaiseStatus, address = 0x77e76ea5 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInformationToken, address = 0x77e4fb98 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeSid, address = 0x77e70f5a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSubAuthoritySid, address = 0x77e70f42 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrLoadDll, address = 0x77e6c43a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrGetProcedureAddress, address = 0x77e601aa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrUnloadDll, address = 0x77e711d7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryRegistryValues, address = 0x77ea4b60 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformationEx, address = 0x77e51590 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDecodeSystemPointer, address = 0x77e6ad98 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlWow64LogMessageInEventLogger, address = 0x77ed | True | 1 | | | | e4a3 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlxAnsiStringToUnicodeSize, address = 0x77ee6262 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtIsSystemResumeAutomatic, address = 0x77e50d98 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtGetDevicePowerState, address = 0x77e50c54 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetThreadExecutionState, address = 0x77e51c20 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtInitiatePowerAction, address = 0x77e50d7c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtPowerInformation, address = 0x77e5019c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetVolumeInformationFile, address = 0x77e51c8c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryEnvironmentVariable_U, address = 0x77e699 | True | 1 | | | | 53 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetFullPathName_U, address = 0x77e8b3e9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIsNameLegalDOS8Dot3, address = 0x77ef45da | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetCurrentProcessorNumberEx, address = 0x77e62 | True | 1 | | | | a31 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _allshl, address = 0x77e63140 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenThreadToken, address = 0x77e4fbe0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationThread, address = 0x77e4f99c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrLoadAlternateResourceModuleEx, address = 0x77e | True | 1 | | | | 7399a | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrLoadAlternateResourceModule, address = 0x77ea6 | True | 1 | | | | 595 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrpResGetMappingSize, address = 0x77e6c9fc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrRscIsTypeExist, address = 0x77e736dd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrFindResource_U, address = 0x77e71f2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _strcmpi, address = 0x77e6c7b9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strncat_s, address = 0x77f08715 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitAnsiStringEx, address = 0x77e5f79b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateUnicodeString, address = 0x77e8bdee | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUpcaseUnicodeChar, address = 0x77e5e819 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcstoul, address = 0x77f05816 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrGetFileNameFromLoadAsDataTable, address = 0x77 | True | 1 | | | | edd596 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcsrchr, address = 0x77e67ee9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryVirtualMemory, address = 0x77e4fbc8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCultureNameToLCID, address = 0x77e8a503 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrResFindResourceDirectory, address = 0x77e6da15 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrResFindResource, address = 0x77e7e29c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrFindResourceEx_U, address = 0x77e8b5d5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrpResGetResourceDirectory, address = 0x77e6cbb8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrResGetRCConfig, address = 0x77e77c5f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlVerifyVersionInfo, address = 0x77ea92fa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetProductInfo, address = 0x77e7b014 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLcidToLocaleName, address = 0x77e7f816 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetUILanguageInfo, address = 0x77eeb696 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateMailslotFile, address = 0x77e50774 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlExtendedLargeIntegerDivide, address = 0x77e725 | True | 1 | | | | 54 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCleanUpTEBLangLists, address = 0x77e8d5fa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetThreadPoolStartFunc, address = 0x77e81bf7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrSetDllManifestProber, address = 0x77e815f6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetUserCallbackExceptionFilter, address = 0x77 | True | 1 | | | | e822f4 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetUnhandledExceptionFilter, address = 0x77e80 | True | 1 | | | | b8a | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEncodePointer, address = 0x77e70fcb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetNativeSystemInformation, address = 0x77e520 | True | 1 | | | | ac | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAcquireSRWLockExclusive, address = 0x77e629f1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReleaseSRWLockExclusive, address = 0x77e629ab | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrQueryImageFileExecutionOptions, address = 0x77 | True | 1 | | | | e7c132 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _aulldiv, address = 0x77e8b140 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetUserValueHeap, address = 0x77e8cff2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReAllocateHeap, address = 0x77e71f6e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateHandle, address = 0x77e68200 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeHandle, address = 0x77e68242 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeregisterSecureMemoryCacheCallback, address = | True | 1 | | | | 0x77ef2ddb | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRegisterSecureMemoryCacheCallback, address = 0 | True | 2 | | | | x77ef2d5d | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCompactHeap, address = 0x77e7cb4d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSizeHeap, address = 0x77e63002 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetUserInfoHeap, address = 0x77e97c71 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLockHeap, address = 0x77e6814c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIsValidHandle, address = 0x77e681cb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnlockHeap, address = 0x77e680ee | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address = 0x77e4fda0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitString, address = 0x77e5e198 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetSystemEnvironmentValueEx, address = 0x77e51b | True | 1 | | | | bc | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGUIDFromString, address = 0x77e7b755 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemEnvironmentValueEx, address = 0x77e5 | True | 1 | | | | 1578 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = swprintf_s, address = 0x77e9290f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _alldiv, address = 0x77ea8d00 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFlushBuffersFile, address = 0x77e4ffac | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetLastNtStatus, address = 0x77ef4c46 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDosPathNameToNtPathName_U_WithStatus, address | True | 1 | | | | = 0x77e71660 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEqualSid, address = 0x77e694b1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryInformationAcl, address = 0x77e96965 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetAce, address = 0x77e8cde6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtRaiseHardError, address = 0x77e515f4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryVolumeInformationFile, address = 0x77e4ff7 | True | 1 | | | | c | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrAddRefDll, address = 0x77e6ffdd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateKeyTransacted, address = 0x77e50744 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDetermineDosPathNameType_U, address = 0x77e6a6 | True | 1 | | | | 39 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _vsnwprintf, address = 0x77e7ef93 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnicodeStringToOemString, address = 0x77e9ba27 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlWow64EnableFsRedirection, address = 0x77ed7bf3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCancelIoFile, address = 0x77e5016c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCancelSynchronousIoFile, address = 0x77e505c0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtNotifyChangeDirectoryFile, address = 0x77e50f48 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlActivateActivationContextUnsafeFast, address = | True | 1 | | | | 0x77e521f1 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeactivateActivationContextUnsafeFast, address | True | 1 | | | | = 0x77e52159 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryDirectoryFile, address = 0x77e4fd88 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWaitForSingleObject, address = 0x77e4f8ac | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetThreadErrorMode, address = 0x77ea2108 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetThreadErrorMode, address = 0x77e7a7be | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetLastWin32ErrorAndNtStatusFromNtStatus, addr | True | 1 | | | | ess = 0x77e8c74e | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenProcessToken, address = 0x77e510b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlNtStatusToDosErrorNoTeb, address = 0x77e6622c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwEventRegister, address = 0x77e6f6ba | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwEventWrite, address = 0x77e90c59 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwEventUnregister, address = 0x77e89241 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateSection, address = 0x77e4ff94 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySection, address = 0x77e50040 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetVersion, address = 0x77e6873a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryElevationFlags, address = 0x77e7bc78 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationProcess, address = 0x77e4fb18 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCharToInteger, address = 0x77eaa1d8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strncpy_s, address = 0x77ea9eaa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetLongestNtPathLength, address = 0x77e8cdce | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEqualString, address = 0x77e91dcc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeAnsiString, address = 0x77e5e126 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCopyUnicodeString, address = 0x77e685cb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDosPathNameToNtPathName_U, address = 0x77e8ce4 | True | 1 | | | | 1 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtLockFile, address = 0x77e50e44 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtReadFile, address = 0x77e4f8e0 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIsTextUnicode, address = 0x77e7a26d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDeleteValueKey, address = 0x77e50a34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtEnumerateKey, address = 0x77e4fd3c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFormatCurrentUserKeyPath, address = 0x77e6b141 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAppendUnicodeToString, address = 0x77e68626 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAppendUnicodeStringToString, address = 0x77e68 | True | 1 | | | | 55f | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlPrefixUnicodeString, address = 0x77e72799 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = CsrVerifyRegion, address = 0x77edcc64 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtAllocateVirtualMemory, address = 0x77e4fab0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWriteFile, address = 0x77e4f918 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFreeVirtualMemory, address = 0x77e4fb48 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtUnlockFile, address = 0x77e51ea8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtEnumerateValueKey, address = 0x77e4fa30 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlMultiByteToUnicodeSize, address = 0x77eaa0da | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnicodeToMultiByteN, address = 0x77e6692e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlMultiByteToUnicodeN, address = 0x77e5e545 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryAtomInAtomTable, address = 0x77e9781c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInformationAtom, address = 0x77e51344 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeleteAtomFromAtomTable, address = 0x77e95255 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDeleteAtom, address = 0x77e50988 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLookupAtomInAtomTable, address = 0x77e73059 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFindAtom, address = 0x77e4fa48 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAddAtomToAtomTable, address = 0x77e950a2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtAddAtom, address = 0x77e4ff48 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateAtomTable, address = 0x77e887fe | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDestroyAtomTable, address = 0x77ee51ca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDosPathNameToRelativeNtPathName_U, address = 0 | True | 1 | | | | x77e7163a | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReleaseRelativeName, address = 0x77e6a901 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIsDosDeviceName_U, address = 0x77e6a942 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiStopDebugging, address = 0x77ecf7c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiContinue, address = 0x77ecf7a3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiWaitStateChange, address = 0x77ecf77c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiConvertStateChangeStructure, address = 0x77e | True | 1 | | | | cf8cc | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFlushInstructionCache, address = 0x77e50b54 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInformationThread, address = 0x77e4fbf8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiGetThreadDebugObject, address = 0x77ecf74d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationDebugObject, address = 0x77e51a00 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiIssueRemoteBreakin, address = 0x77ecf843 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiConnectToDbg, address = 0x77ecf6fb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgUiDebugActiveProcess, address = 0x77ecf88a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = CsrGetProcessId, address = 0x77edcb92 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenProcess, address = 0x77e4fc10 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetSystemTime, address = 0x77e51c04 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReleasePrivilege, address = 0x77e79c1c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAcquirePrivilege, address = 0x77e79a6d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCutoverTimeToSystemTime, address = 0x77ea48b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetSystemInformation, address = 0x77e51bd4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlTimeFieldsToTime, address = 0x77e908ca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlTimeToTimeFields, address = 0x77e90535 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInformationProcess, address = 0x77e4fac8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetCurrentTransaction, address = 0x77e67ff5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetCurrentTransaction, address = 0x77e68026 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcsncpy_s, address = 0x77e9e4de | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcscat_s, address = 0x77e789aa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlPrefixString, address = 0x77e9e0b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcsstr, address = 0x77e60c87 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcschr, address = 0x77e67f1c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateUnicodeStringFromAsciiz, address = 0x77e | True | 1 | | | | 683fc | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitAnsiString, address = 0x77e5e1d0 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAnsiStringToUnicodeString, address = 0x77e5e6b | True | 2 | | | | 5 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitUnicodeStringEx, address = 0x77e67d73 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NlsMbCodePageTag, address = 0x77f30003 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlxUnicodeStringToAnsiSize, address = 0x77ee623d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnicodeStringToAnsiString, address = 0x77e66ac | True | 2 | | | | 8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlEnterCriticalSection, address = 0x77e522b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLeaveCriticalSection, address = 0x77e52270 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlNtStatusToDosError, address = 0x77e661ed | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDnsHostNameToComputerName, address = 0x77ee66f | True | 1 | | | | b | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeUnicodeString, address = 0x77e5e126 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlUnicodeToMultiByteSize, address = 0x77e8c9bc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcscspn, address = 0x77ea9eea | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcscpy_s, address = 0x77e686a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = memmove, address = 0x77e68f50 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _memicmp, address = 0x77f04750 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateKey, address = 0x77e4fb30 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetValueKey, address = 0x77e501b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFlushKey, address = 0x77e50b70 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitUnicodeString, address = 0x77e5e208 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenKey, address = 0x77e4fa18 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryValueKey, address = 0x77e4fa98 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtClose, address = 0x77e4f9d0 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDeleteCriticalSection, address = 0x77e645f5 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeCriticalSection, address = 0x77e62c4 | True | 2 | | | | 2 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationFile, address = 0x77e4fc28 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetSecurityObject, address = 0x77e51b8c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetEaFile, address = 0x77e519b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySecurityObject, address = 0x77e51518 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLengthSecurityDescriptor, address = 0x77e95d84 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryEaFile, address = 0x77e51314 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryInformationFile, address = 0x77e4fa00 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenFile, address = 0x77e4fd54 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateFile, address = 0x77e500a4 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtFsControlFile, address = 0x77e4fde8 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetLastWin32Error, address = 0x77e522ef | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateHeap, address = 0x77e5e026 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateAcl, address = 0x77e72d21 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAddAccessAllowedAce, address = 0x77e72e50 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateSecurityDescriptor, address = 0x77e72c94 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetOwnerSecurityDescriptor, address = 0x77e72e | True | 1 | | | | 73 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetGroupSecurityDescriptor, address = 0x77e72e | True | 1 | | | | c1 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlSetDaclSecurityDescriptor, address = 0x77e72cc | True | 1 | | | | 2 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlFreeHeap, address = 0x77e5df85 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeExceptionChain, address = 0x77e69e6f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpAllocPool, address = 0x77e8304e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpSetPoolMinThreads, address = 0x77e9cf79 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpSetPoolStackInformation, address = 0x77e85f6c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpQueryPoolStackInformation, address = 0x77f0f216 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpAllocCleanupGroup, address = 0x77e9853e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpSimpleTryPost, address = 0x77e9656e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpAllocWork, address = 0x77e9c5b6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpAllocTimer, address = 0x77e89f47 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpAllocWait, address = 0x77e9c7f8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpAllocIoCompletion, address = 0x77e780cc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = TpCallbackMayRunLong, address = 0x77e9e162 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlQueryEnvironmentVariable, address = 0x77e696ef | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWriteVirtualMemory, address = 0x77e4fe04 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenDirectoryObject, address = 0x77e500ec | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySymbolicLinkObject, address = 0x77e51548 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenSymbolicLinkObject, address = 0x77e51110 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = wcspbrk, address = 0x77e8b617 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWow64WriteVirtualMemory64, address = 0x77e5210c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDestroyProcessParameters, address = 0x77e7bc52 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateProcessParametersEx, address = 0x77e7bd9 | True | 1 | | | | b | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtResumeThread, address = 0x77e50058 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = DbgPrint, address = 0x77eaa7a0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtRemoveProcessDebug, address = 0x77e516ec | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrQueryImageFileKeyOption, address = 0x77e92fd2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateUserProcess, address = 0x77e5090c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetFullPathName_UstrEx, address = 0x77e6aaf4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDecodePointer, address = 0x77e69d35 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlKnownExceptionFilter, address = 0x77ea2120 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlRaiseException, address = 0x77e76e68 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtRequestWaitReplyPort, address = 0x77e4fbb0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenKeyTransacted, address = 0x77e51020 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueryKey, address = 0x77e4fa80 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenKeyEx, address = 0x77e51008 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtOpenKeyTransactedEx, address = 0x77e51038 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlValidRelativeSecurityDescriptor, address = 0x7 | True | 1 | | | | 7ea5793 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDeleteKey, address = 0x77e509ec | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtLoadKey, address = 0x77e50dfc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtUnloadKey, address = 0x77e51e60 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtNotifyChangeMultipleKeys, address = 0x77e50f78 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtRestoreKey, address = 0x77e517d0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSaveKeyEx, address = 0x77e5187c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlLengthSid, address = 0x77e6931b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlMakeSelfRelativeSD, address = 0x77e954f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDuplicateToken, address = 0x77e4fec8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlTryAcquirePebLock, address = 0x77e94654 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _vsnprintf, address = 0x77ea9d88 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWaitForMultipleObjects, address = 0x77e50138 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlReleasePebLock, address = 0x77e67f5e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtClearEvent, address = 0x77e4fe64 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlWerpReportException, address = 0x77ea3ac6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = LdrResSearchResource, address = 0x77e6cd5c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWow64ReadVirtualMemory64, address = 0x77e520f4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtWow64QueryInformationProcess64, address = 0x77e | True | 1 | | | | 520dc | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCompareMemory, address = 0x77e93b00 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = WerReportSQMEvent, address = 0x77ed94a1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtAccessCheck, address = 0x77e50218 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = VerSetConditionMask, address = 0x77ea92b9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = WinSqmIsOptedIn, address = 0x77e89b58 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = strcat_s, address = 0x77e9596f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlExitUserThread, address = 0x77e8d598 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlExitUserProcess, address = 0x77e88de8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = _aullrem, address = 0x77e70a90 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseReleaseProcessDllPath, address = 0x7748b5b5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseGetProcessExePath, address = 0x7748b54c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseGetProcessDllPath, address = 0x7748b515 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadStringByReference, address = 0x774b25de | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InternalLcidToName, address = 0x7749e702 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsIsUserDefaultLocale, address = 0x774a3009 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserInfo, address = 0x774a3c80 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetPtrCalDataArray, address = 0x774a29a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetPtrCalData, address = 0x774a296d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetStringTableEntry, address = 0x774a2e9a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CheckGroupPolicyEnabled, address = 0x774a0025 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenRegKey, address = 0x774b2df3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCPHashNode, address = 0x7749fd6c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumSystemCodePages, address = 0x774a906 | True | 1 | | | | c | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumUILanguages, address = 0x774a8336 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumLanguageGroupLocales, address = 0x77 | True | 1 | | | | 4a8066 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumSystemLanguageGroups, address = 0x77 | True | 1 | | | | 4a7d8d | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumDateFormats, address = 0x774aa1de | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumTimeFormats, address = 0x774aa163 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = KernelBaseGetGlobalData, address = 0x77486c21 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InvalidateTzSpecificCache, address = 0x77488ed1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsDBCSLeadByte, address = 0x774ada61 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateFileMappingNumaW, address = 0x7748da5f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CompareStringA, address = 0x774a061d | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadStringBaseExW, address = 0x77493ad9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseInvalidateDllSearchPathCache, address = 0x774 | True | 1 | | | | 8a940 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseInvalidateProcessSearchPathCache, address = 0 | True | 1 | | | | x7748a955 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseDllFreeResourceId, address = 0x77491282 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseDllMapResourceIdW, address = 0x77492069 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserDefaultUILanguage, address = 0x774b187f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumUILanguagesW, address = 0x774aa036 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = AreFileApisANSI, address = 0x7748b6b6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumCalendarInfoExW, address = 0x774aa0f2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumCalendarInfoW, address = 0x774aa0c2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumDateFormatsExW, address = 0x774aa2fd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumDateFormatsW, address = 0x774aa2d0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumLanguageGroupLocalesW, address = 0x774aa015 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumSystemCodePagesW, address = 0x774aa0a7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumSystemLanguageGroupsW, address = 0x774a9ff7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumSystemLocalesEx, address = 0x774aa074 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumSystemLocalesW, address = 0x774aa054 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumTimeFormatsW, address = 0x774aa27a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLocaleInfoA, address = 0x774a07e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetStringTypeA, address = 0x774a055a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemDefaultUILanguage, address = 0x774b184a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsDBCSLeadByteEx, address = 0x774aefb1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = MapViewOfFileExNuma, address = 0x7748dd34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileApisToANSI, address = 0x7748b642 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileApisToOEM, address = 0x7748b67c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualAllocExNuma, address = 0x7748e109 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumCalendarInfoExEx, address = 0x774aa122 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumDateFormatsExEx, address = 0x774aa32a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumTimeFormatsEx, address = 0x774aa2a5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrencyFormatEx, address = 0x774b1180 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetEraNameCountedString, address = 0x774a29e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetNumberFormatEx, address = 0x774b0d34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemDefaultLocaleName, address = 0x774a3463 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserDefaultLocaleName, address = 0x774a34d0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LCIDToLocaleName, address = 0x774a38c5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetNamedLocaleHashNode, address = 0x7749fad0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLocaleInfoHelper, address = 0x774a3d73 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserInfoWord, address = 0x774a2f73 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCalendar, address = 0x7749f354 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SpecialMBToWC, address = 0x774ae7a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Internal_EnumCalendarInfo, address = 0x774a928b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsValidateLocale, address = 0x774a2e6c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = BaseReleaseProcessExePath, address = 0x7748b5e4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TlsGetValue, address = 0x77492c95 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetThreadPriority, address = 0x7749339f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetProcessShutdownParameters, address = 0x7748eae | True | 1 | | | | 7 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetPriorityClass, address = 0x7748e886 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ResumeThread, address = 0x77492bbe | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = QueueUserAPC, address = 0x77492d6f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ProcessIdToSessionId, address = 0x774936d6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenThread, address = 0x7749287e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetThreadPriorityBoost, address = 0x774929d4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetThreadPriority, address = 0x77492950 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetStartupInfoW, address = 0x7748edf4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessTimes, address = 0x7748ea7a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetPriorityClass, address = 0x7748ea14 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetExitCodeThread, address = 0x77492ad2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrentThreadId, address = 0x77492b18 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrentThread, address = 0x77492b0f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessId, address = 0x7748e67d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessIdOfThread, address = 0x77492b5c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetThreadId, address = 0x77492b27 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrentProcessId, address = 0x7748ee93 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateRemoteThreadEx, address = 0x77492ef3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetExitCodeProcess, address = 0x7748e5c7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TlsFree, address = 0x77492ce5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TlsAlloc, address = 0x77493529 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TerminateThread, address = 0x77492a0e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TerminateProcess, address = 0x7748e581 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SwitchToThread, address = 0x77492edb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SuspendThread, address = 0x77492b91 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetThreadStackGuarantee, address = 0x7748ad25 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetThreadPriorityBoost, address = 0x77492999 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenProcessToken, address = 0x7749b9f7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TlsSetValue, address = 0x774935f5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetProcessAffinityUpdateMode, address = 0x7748e42 | True | 1 | | | | e | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = QueryProcessAffinityUpdateMode, address = 0x7748e | True | 1 | | | | 47c | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessVersion, address = 0x7748eea2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateRemoteThread, address = 0x774936ac | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InitializeProcThreadAttributeList, address = 0x77 | True | 1 | | | | 48eb9f | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = UpdateProcThreadAttribute, address = 0x7748ec13 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DeleteProcThreadAttributeList, address = 0x7748ec | True | 1 | | | | 0b | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrentProcess, address = 0x7748e674 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapCreate, address = 0x77494516 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapSetInformation, address = 0x77494819 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapQueryInformation, address = 0x7749484a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapLock, address = 0x774946ce | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapDestroy, address = 0x77494580 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessHeap, address = 0x7749469a | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessHeaps, address = 0x774946ac | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapWalk, address = 0x77494702 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapValidate, address = 0x7749467a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapUnlock, address = 0x774946e8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapCompact, address = 0x774946bd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapSummary, address = 0x774945f9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = MapViewOfFileEx, address = 0x7748df2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ReadProcessMemory, address = 0x7748dfc8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = UnmapViewOfFile, address = 0x7748de3e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualAlloc, address = 0x7748e365 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualAllocEx, address = 0x7748e2c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualFree, address = 0x7748e2aa | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualFreeEx, address = 0x7748e174 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualProtect, address = 0x7748e326 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WriteProcessMemory, address = 0x7748e009 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualQueryEx, address = 0x7748e273 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualQuery, address = 0x7748e347 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VirtualProtectEx, address = 0x7748e1ff | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FlushViewOfFile, address = 0x7748ddf5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateFileMappingW, address = 0x7748db8e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenFileMappingW, address = 0x7748dc9c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = MapViewOfFile, address = 0x7748de94 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DuplicateHandle, address = 0x7748b778 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetHandleInformation, address = 0x7748b7fb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetHandleInformation, address = 0x7748b884 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CloseHandle, address = 0x7748b730 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenProcess, address = 0x7748e505 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenSemaphoreW, address = 0x774905dc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenWaitableTimerW, address = 0x774909d5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ReleaseMutex, address = 0x7749030b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ReleaseSemaphore, address = 0x77490247 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenMutexW, address = 0x774906ea | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetEvent, address = 0x7749013d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetWaitableTimer, address = 0x77490a69 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SleepEx, address = 0x77492beb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WaitForMultipleObjectsEx, address = 0x77490862 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WaitForSingleObjectEx, address = 0x7749077e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenEventW, address = 0x77490548 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OpenEventA, address = 0x77490ae4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InitializeCriticalSectionEx, address = 0x7749006c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InitializeCriticalSectionAndSpinCount, address = | True | 1 | | | | 0x7749004f | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateWaitableTimerExW, address = 0x77490335 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateSemaphoreExW, address = 0x774901b9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateEventA, address = 0x77490ab4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateEventW, address = 0x77490518 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CancelWaitableTimer, address = 0x7749049b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateEventExA, address = 0x774904c5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateEventExW, address = 0x7749009e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateMutexA, address = 0x77490b34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateMutexExA, address = 0x77490670 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateMutexExW, address = 0x77490275 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ResetEvent, address = 0x77490167 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateMutexW, address = 0x774906c3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFullPathNameW, address = 0x77499e8e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFullPathNameA, address = 0x77499fbf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileTime, address = 0x7748bf09 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = QueryDosDeviceW, address = 0x7748f269 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateFileW, address = 0x7749b2d6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LockFile, address = 0x7748bf97 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileSize, address = 0x7748d35b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetEndOfFile, address = 0x7748bab2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WriteFile, address = 0x7748d11f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFilePointer, address = 0x7748bb4f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ReadFile, address = 0x7748cfad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WriteFileEx, address = 0x7748c30a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WriteFileGather, address = 0x7748c5cf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFinalPathNameByHandleA, address = 0x7748d93f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFinalPathNameByHandleW, address = 0x7748d44e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = RemoveDirectoryW, address = 0x7749841a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDiskFreeSpaceW, address = 0x7749526c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateDirectoryW, address = 0x774982b7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DefineDosDeviceW, address = 0x7748ef22 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindFirstFileExA, address = 0x77499d44 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindFirstFileExW, address = 0x77499554 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindClose, address = 0x7749947a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileType, address = 0x7748cece | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FlushFileBuffers, address = 0x7748d280 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileAttributesW, address = 0x7749897c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileAttributesExW, address = 0x77498bc5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DeleteFileW, address = 0x77498cd5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileTime, address = 0x7748be88 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DeleteFileA, address = 0x77499022 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileAttributesA, address = 0x77498fa7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindNextFileW, address = 0x77499280 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindFirstFileW, address = 0x77499c32 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLogicalDriveStringsW, address = 0x774955fa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetTempFileNameW, address = 0x77494fad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetVolumeInformationW, address = 0x77495fbb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CompareFileTime, address = 0x7748870b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateDirectoryA, address = 0x77498909 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FileTimeToLocalFileTime, address = 0x77488d21 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FileTimeToSystemTime, address = 0x77488607 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindCloseChangeNotification, address = 0x774991f0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindFirstFileA, address = 0x77499af0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindFirstChangeNotificationA, address = 0x77499aa | True | 1 | | | | d | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindFirstChangeNotificationW, address = 0x774990b | True | 1 | | | | 4 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindNextChangeNotification, address = 0x774991b1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindNextFileA, address = 0x77499c51 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDiskFreeSpaceA, address = 0x77495c85 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDiskFreeSpaceExA, address = 0x77495cd6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDiskFreeSpaceExW, address = 0x77495428 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = UnlockFileEx, address = 0x7748c0d9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDriveTypeA, address = 0x77495f6f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDriveTypeW, address = 0x77495870 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileAttributesExA, address = 0x77498fe4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileAttributesW, address = 0x77498b0e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileInformationByHandle, address = 0x7748bd62 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileSizeEx, address = 0x7748c14e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetVolumeInformationByHandleW, address = 0x77495d | True | 1 | | | | 24 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocalFileTimeToFileTime, address = 0x77488d6e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LockFileEx, address = 0x7748c026 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ReadFileScatter, address = 0x7748c52a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ReadFileEx, address = 0x7748c26a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = RemoveDirectoryA, address = 0x77498944 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileAttributesA, address = 0x77498f6c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileInformationByHandle, address = 0x7749b229 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFilePointerEx, address = 0x7748bc71 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetFileValidData, address = 0x7748c671 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = UnlockFile, address = 0x7748d2ef | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = PostQueuedCompletionStatus, address = 0x774875ad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetQueuedCompletionStatusEx, address = 0x77487723 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetQueuedCompletionStatus, address = 0x77487693 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateIoCompletionPort, address = 0x7748751a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CancelIoEx, address = 0x7748c4f1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetOverlappedResult, address = 0x774875e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DeviceIoControl, address = 0x7748c3aa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ChangeTimerQueueTimer, address = 0x7748a6c1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateTimerQueue, address = 0x7748a63e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = UnregisterWaitEx, address = 0x7748a563 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DeleteTimerQueueTimer, address = 0x7748a70a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DeleteTimerQueueEx, address = 0x7748a75d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateTimerQueueTimer, address = 0x7748a666 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetModuleHandleA, address = 0x77491ef5 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetModuleHandleW, address = 0x77491094 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetModuleHandleExA, address = 0x774910cd | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetModuleHandleExW, address = 0x77491142 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadResource, address = 0x774912b6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LockResource, address = 0x7748c71d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SizeofResource, address = 0x7749133b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcAddress, address = 0x77491180 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetModuleFileNameA, address = 0x77491e24 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FreeLibraryAndExitThread, address = 0x77490b76 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindStringOrdinal, address = 0x774a12a1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DisableThreadLibraryCalls, address = 0x77490bdb | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadLibraryExA, address = 0x77491d54 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetModuleFileNameW, address = 0x77490c05 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindResourceExW, address = 0x774921c1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FreeLibrary, address = 0x77491d92 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadLibraryExW, address = 0x77491bb2 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FreeResource, address = 0x774913c0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = PeekNamedPipe, address = 0x774883c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DisconnectNamedPipe, address = 0x77487a50 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreatePipe, address = 0x77487838 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ConnectNamedPipe, address = 0x774879b8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetNamedPipeAttribute, address = 0x77487d16 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetNamedPipeClientComputerNameW, address = 0x7748 | True | 1 | | | | 7de9 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WaitNamedPipeW, address = 0x774880b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetNamedPipeHandleState, address = 0x77487af3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CreateNamedPipeW, address = 0x77487e34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TransactNamedPipe, address = 0x77487bcc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsWow64Process, address = 0x7748e4c0 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LCMapStringA, address = 0x774a09be | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocalLock, address = 0x7749433d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocalReAlloc, address = 0x77494a9b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocalUnlock, address = 0x77494439 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GlobalAlloc, address = 0x77493fa7 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FormatMessageW, address = 0x77493e37 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FormatMessageA, address = 0x77493c49 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NeedCurrentDirectoryForExePathA, address = 0x7748 | True | 1 | | | | eb4f | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EnumSystemLocalesA, address = 0x774a099f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = PulseEvent, address = 0x7749018f | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Sleep, address = 0x77493511 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Wow64DisableWow64FsRedirection, address = 0x7748c | True | 1 | | | | 6c7 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Wow64RevertWow64FsRedirection, address = 0x7748c6 | True | 1 | | | | f1 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrcmpW, address = 0x7748a389 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrcmpiW, address = 0x7748a415 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrcpynA, address = 0x7748a2b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrcpynW, address = 0x7748a47c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrlenA, address = 0x7748a330 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FatalAppExitA, address = 0x7748ed99 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NeedCurrentDirectoryForExePathW, address = 0x7748 | True | 1 | | | | eb77 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FatalAppExitW, address = 0x7748e604 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocalAlloc, address = 0x774948f9 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GlobalFree, address = 0x77493e61 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrlenW, address = 0x7748a505 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocalFree, address = 0x77493e61 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsProcessInJob, address = 0x7749b7c0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLocalTime, address = 0x77488b39 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemTimeAdjustment, address = 0x77488957 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemTimeAsFileTime, address = 0x77488c67 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetTickCount64, address = 0x77488ccf | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetTimeZoneInformation, address = 0x77489730 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetTimeZoneInformationForYear, address = 0x77489c | True | 1 | | | | 18 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetVersion, address = 0x774911fc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetVersionExA, address = 0x77491f41 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetVersionExW, address = 0x77491232 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetWindowsDirectoryW, address = 0x77495c59 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetLocalTime, address = 0x774891f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SystemTimeToTzSpecificLocalTime, address = 0x7748 | True | 1 | | | | 9c36 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = TzSpecificLocalTimeToSystemTime, address = 0x7748 | True | 1 | | | | 9f2c | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetDynamicTimeZoneInformation, address = 0x774897 | True | 1 | | | | de | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLogicalProcessorInformation, address = 0x7748e | True | 1 | | | | 386 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemInfo, address = 0x7748e6b2 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLogicalProcessorInformationEx, address = 0x774 | True | 1 | | | | 8e3e0 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetWindowsDirectoryA, address = 0x77495c2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GlobalMemoryStatusEx, address = 0x77494160 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetTickCount, address = 0x77488c96 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemTime, address = 0x77488be7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SystemTimeToFileTime, address = 0x7748868f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetComputerNameExW, address = 0x77497d17 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetComputerNameExA, address = 0x77498197 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VerLanguageNameA, address = 0x774a361a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindNLSStringEx, address = 0x774b59a5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetThreadLocale, address = 0x774a341f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsWriteEtwEvent, address = 0x774b2bea | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsEventDataDescCreate, address = 0x774b2a9d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ConvertDefaultLocale, address = 0x774a33fb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = VerLanguageNameW, address = 0x774a353b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetLocaleInfoW, address = 0x774a68f1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetCalendarInfoW, address = 0x774a36ff | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LCMapStringW, address = 0x774a1e6a | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsValidLocale, address = 0x774a3168 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsValidLanguageGroup, address = 0x774a25e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsValidCodePage, address = 0x774aecc1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsNLSDefinedString, address = 0x774b5a04 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserDefaultLCID, address = 0x774a270c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserDefaultLangID, address = 0x774a3459 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetThreadLocale, address = 0x774a26bf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemDefaultLCID, address = 0x774a26ef | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemDefaultLangID, address = 0x774a26d1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetProcessPreferredUILanguages, address = 0x774b1 | True | 1 | | | | 811 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetOEMCP, address = 0x774ada56 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLocaleInfoW, address = 0x774a7304 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCPInfoExW, address = 0x774aee5f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCPInfo, address = 0x774aedba | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetACP, address = 0x774ada4b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileMUIPath, address = 0x774b172c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FindNLSString, address = 0x774a1f19 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsUpdateSystemLocale, address = 0x774a7669 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsUpdateLocale, address = 0x774a771c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsGetCacheUpdateCount, address = 0x7749ffc6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = NlsCheckPolicy, address = 0x774a24a2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCalendarInfoW, address = 0x774a7264 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCalendarInfoEx, address = 0x774a72b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLocaleInfoEx, address = 0x774a734d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemPreferredUILanguages, address = 0x774b18 | True | 1 | | | | b4 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetThreadPreferredUILanguages, address = 0x774b17 | True | 1 | | | | d8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetThreadUILanguage, address = 0x774b1946 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUILanguageInfo, address = 0x774b1770 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetUserPreferredUILanguages, address = 0x774b18fd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsValidLocaleName, address = 0x774a2d72 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LCMapStringEx, address = 0x774ad8a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LocaleNameToLCID, address = 0x774a393a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ResolveLocaleName, address = 0x774a3b6c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetFileMUIInfo, address = 0x774b126b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetEnvironmentStrings, address = 0x7748fb3b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetEnvironmentVariableW, address = 0x7748f9d7 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SearchPathW, address = 0x77494e2b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetStdHandleEx, address = 0x7748ba2c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ExpandEnvironmentStringsA, address = 0x7748fe42 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ExpandEnvironmentStringsW, address = 0x7748faac | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FreeEnvironmentStringsA, address = 0x7748fb13 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FreeEnvironmentStringsW, address = 0x7748fb13 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCommandLineA, address = 0x7748e65e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCommandLineW, address = 0x7748e669 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrentDirectoryA, address = 0x7749a16b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetCurrentDirectoryW, address = 0x77499ec4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetEnvironmentStringsW, address = 0x7748fc19 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetEnvironmentStringsW, address = 0x7748f86a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetEnvironmentVariableA, address = 0x7748fcad | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetStdHandle, address = 0x7748b92a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetCurrentDirectoryA, address = 0x77499ee3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetCurrentDirectoryW, address = 0x77499f76 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetEnvironmentVariableA, address = 0x7748f904 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetEnvironmentVariableW, address = 0x7748fa47 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetStdHandle, address = 0x7748b9c1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetStringTypeW, address = 0x774a0c7a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetStringTypeExW, address = 0x774a175d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FoldStringW, address = 0x774ad382 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CompareStringW, address = 0x774a1ed8 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = WideCharToMultiByte, address = 0x774afa07 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CompareStringOrdinal, address = 0x774a1e03 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CompareStringEx, address = 0x774b594a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = MultiByteToWideChar, address = 0x774af308 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DebugBreak, address = 0x7749229f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OutputDebugStringA, address = 0x77492510 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = OutputDebugStringW, address = 0x77492817 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsDebuggerPresent, address = 0x77492804 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLastError, address = 0x77487829 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetErrorMode, address = 0x7748749b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = RaiseException, address = 0x7748b6cf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetErrorMode, address = 0x774874d7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetLastError, address = 0x77e522ef | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FlsAlloc, address = 0x77492dee | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FlsFree, address = 0x77492eb3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FlsGetValue, address = 0x77492e1a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FlsSetValue, address = 0x77492e59 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = Beep, address = 0x7748854b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = QueryPerformanceFrequency, address = 0x77e6882c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = QueryPerformanceCounter, address = 0x77e68884 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = AllocateAndInitializeSid, address = 0x7749c06c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = FreeSid, address = 0x7749c05b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = DuplicateToken, address = 0x7749d749 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = AccessCheck, address = 0x7749b8c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = free, address = 0x75fc9894 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _strnicmp, address = 0x75fd0578 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcscat_s, address = 0x75fcfd66 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcsncpy_s, address = 0x75fcc24b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = malloc, address = 0x75fc9cee | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = memset, address = 0x75fc9790 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = memcpy, address = 0x75fc9910 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = memmove, address = 0x75fc9e5a | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _stricmp, address = 0x75fcdb38 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _wcsicmp, address = 0x75fca9e9 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = atoi, address = 0x75fcdbe0 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = isdigit, address = 0x75fcb407 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcschr, address = 0x75fcaa61 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = rewind, address = 0x75fe6e17 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = fclose, address = 0x75fd3d79 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = fgets, address = 0x75fe4589 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = fopen, address = 0x75fdb2c4 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strlen, address = 0x75fd43d3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcslen, address = 0x75fdd335 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _vsnwprintf, address = 0x75fcbbce | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _wcsnicmp, address = 0x75fcaae3 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = fprintf, address = 0x75fd3e00 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _iob, address = 0x76062900 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcstol, address = 0x75fcff45 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _XcptFilter, address = 0x75fedc75 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _initterm, address = 0x75fcc151 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strtoul, address = 0x75fd012e | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _amsg_exit, address = 0x7602b2ef | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _except_handler4_common, address = 0x75fe3e27 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtRemoveIoCompletion, address = 0x77e4f934 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetIoCompletion, address = 0x77e51af4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlInitializeCriticalSectionAndSpinCount, address | True | 1 | | | | = 0x77e625e8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlStringFromGUID, address = 0x77e78610 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlGetNtProductType, address = 0x77e68802 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetEvent, address = 0x77e4f9b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtDelayExecution, address = 0x77e4fd6c | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtLoadDriver, address = 0x77e50de4 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlAdjustPrivilege, address = 0x77ee1f40 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlImpersonateSelf, address = 0x77ea242f | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemTime, address = 0x77e5011c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationObject, address = 0x77e50154 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateIoCompletion, address = 0x77e506fc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtAlertThread, address = 0x77e502f4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtQueueApcThread, address = 0x77e4ff14 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = ShipAssert, address = 0x77ed8b96 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlDestroyHeap, address = 0x77e79d8e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlCreateHeap, address = 0x77e70249 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6StringToAddressA, address = 0x77e7c855 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6StringToAddressW, address = 0x77e7ba09 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv4StringToAddressA, address = 0x77e7c411 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv4StringToAddressW, address = 0x77e7b900 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6StringToAddressExA, address = 0x77ef3d45 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6StringToAddressExW, address = 0x77e7b9ae | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = IsWindow, address = 0x75a97136 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = UuidFromStringW, address = 0x7658fd6e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = UuidToStringW, address = 0x76551ee5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = UuidCreate, address = 0x7652f48b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcStringFreeW, address = 0x76531635 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSCDeinstallProvider, address = 0x774ed775 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSCInstallProvider, address = 0x774ed751 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 11, address = 0x774d311b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 57, address = 0x774da05b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSARecv, address = 0x774d7089 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WahDestroyHandleContextTable, address = 0x774df26 | True | 1 | | | | 8 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 114, address = 0x774e53be | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSAIoctl, address = 0x774d2fe7 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 14, address = 0x774d2d57 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 9, address = 0x774d2d8b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 12, address = 0x774db131 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 15, address = 0x774d2d8b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSCUpdateProvider, address = 0x774ece2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = getnameinfo, address = 0x774d67b7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WahReferenceContextByHandle, address = 0x774d2f20 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WahInsertHandleContext, address = 0x774d412b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSCEnumProtocols, address = 0x774db8cf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSCGetProviderPath, address = 0x774dc64e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 112, address = 0x774d37d9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WahCreateHandleContextTable, address = 0x774d7e65 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WahEnumerateHandleContexts, address = 0x774daa97 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 115, address = 0x774d3ab2 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSASocketW, address = 0x774d3cd3 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 3, address = 0x774d3918 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSAProviderConfigChange, address = 0x774dc22e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 111, address = 0x774d37ad | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 116, address = 0x774d3c5f | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSCWriteProviderOrder, address = 0x774ed099 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 56, address = 0x774e6d62 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 55, address = 0x774e6ef3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WahRemoveHandleContext, address = 0x774d39b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSAEnumProtocolsW, address = 0x774dc8e1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address = 0x7633772f | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetLastError, address = 0x763111a9 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DuplicateHandle, address = 0x76311886 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InterlockedExchangeAdd, address = 0x77486aa0 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InterlockedIncrement, address = 0x77486a50 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InterlockedCompareExchange, address = 0x77486a8c | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InterlockedDecrement, address = 0x77486a64 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InterlockedExchange, address = 0x77486a78 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateIoCompletionPort, address = 0x7632eef2 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = PostQueuedCompletionStatus, address = 0x7632ef29 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetOverlappedResult, address = 0x7632cc79 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegOpenKeyExA, address = 0x7631472f | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegSetValueExA, address = 0x76321441 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegCreateKeyExW, address = 0x7631865b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegCloseKey, address = 0x7631209f | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegQueryValueExW, address = 0x76311f4e | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegOpenKeyExW, address = 0x76312311 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegQueryValueExA, address = 0x76314a87 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegEnumKeyExW, address = 0x76312e9a | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegDeleteKeyExW, address = 0x76330725 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegSetValueExW, address = 0x76315be5 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = TlsGetValue, address = 0x763111e0 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = TlsSetValue, address = 0x763114fb | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThread, address = 0x763117ec | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = TerminateThread, address = 0x76317a2f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = TlsFree, address = 0x76313587 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = TlsAlloc, address = 0x763149ad | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjectsEx, address = 0x7631199e | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address = 0x77e645f5 | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObjectEx, address = 0x76311151 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateEventA, address = 0x7631328c | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenEventW, address = 0x763115d6 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SleepEx, address = 0x76311215 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address = | True | 3 | | | | 0x76311916 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address = 0x76311986 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateEventW, address = 0x7631183e | True | 4 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DelayLoadFailureHook, address = 0x763aec9d | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = __isascii, address = 0x75fdd57b | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = towupper, address = 0x75fcf670 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _onexit, address = 0x75fd112d | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _lock, address = 0x75fca449 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = __dllonexit, address = 0x75fcf509 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _unlock, address = 0x75fca42d | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcsncmp, address = 0x75fcb05e | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = isspace, address = 0x75fcc395 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strcpy_s, address = 0x75fcf574 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = sprintf_s, address = 0x75fe51da | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strchr, address = 0x75fcdbeb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _vsnprintf, address = 0x75fcd1a8 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcsstr, address = 0x75fcbf71 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv4AddressToStringExA, address = 0x77ef3c1e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6AddressToStringExA, address = 0x77ef3b06 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv4AddressToStringExW, address = 0x77e7bb8f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6AddressToStringExW, address = 0x77e7d200 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwTraceMessage, address = 0x77e979b7 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = NtCreateNamedPipeFile, address = 0x77e507a4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetHandleInformation, address = 0x7633cb69 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapFree, address = 0x77e5df85 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapAlloc, address = 0x77e5e026 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = HeapReAlloc, address = 0x77e71f6e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DeviceIoControl, address = 0x7631322f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadStringA, address = 0x77493bbb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = LoadStringW, address = 0x77493c28 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegCreateKeyExA, address = 0x763212c2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegDeleteKeyExA, address = 0x763b2e7b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegDeleteTreeA, address = 0x763b31e8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegNotifyChangeKeyValue, address = 0x7632119e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegGetKeySecurity, address = 0x76332e5c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RegEnumKeyExA, address = 0x7632f9a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = lstrcmpA, address = 0x7748a1b8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SwitchToThread, address = 0x7632efec | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenThreadToken, address = 0x7749ba25 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = QueueUserAPC, address = 0x76339f5d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenProcessToken, address = 0x7749b9f7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ResetEvent, address = 0x763116dd | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemDirectoryA, address = 0x774956c4 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSystemWindowsDirectoryA, address = 0x7749577c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = SetSecurityDescriptorDacl, address = 0x7749c69c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = IsValidSid, address = 0x7749bf9d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = AddAccessAllowedAce, address = 0x7749c2d9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = AddAccessDeniedAce, address = 0x7749c388 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InitializeAcl, address = 0x7749c1bc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = ImpersonateLoggedOnUser, address = 0x7749ce25 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = EqualSid, address = 0x7749bfca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetAce, address = 0x7749c2ab | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetAclInformation, address = 0x7749c1ea | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetLengthSid, address = 0x7749c0fd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetSecurityDescriptorDacl, address = 0x7749c6cd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = RevertToSelf, address = 0x7749cdf3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CheckTokenMembership, address = 0x7749d76b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = GetTokenInformation, address = 0x7749ba56 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = CopySid, address = 0x7749c116 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernelbase.dll | function = InitializeSecurityDescriptor, address = 0x7749c5a | True | 1 | | | | 6 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcAsyncCompleteCall, address = 0x765c0d7c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerInqBindings, address = 0x765508c2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerUseProtseqW, address = 0x76550fb5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcEpUnregister, address = 0x7654f3af | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcBindingVectorFree, address = 0x7654f33d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcEpRegisterW, address = 0x76550ae1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerListen, address = 0x765509e8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerInqCallAttributesW, address = 0x76546ccd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = NdrServerCall2, address = 0x765c1035 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = NdrAsyncServerCall, address = 0x765c186e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = I_RpcBindingInqTransportType, address = 0x76546d8 | True | 1 | | | | 0 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcRevertToSelf, address = 0x7654f7c3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcRevertToSelfEx, address = 0x76547c9e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcImpersonateClient, address = 0x76547c3f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcBindingInqObject, address = 0x7654601e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerUnregisterIfEx, address = 0x76579218 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerRegisterIfEx, address = 0x76549bc5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\rpcrt4.dll | function = RpcServerUnregisterIf, address = 0x765453f4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\nsi.dll | function = NsiGetParameter, address = 0x772616c8 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\nsi.dll | function = NsiGetAllParameters, address = 0x77261640 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\nsi.dll | function = NsiSetAllParameters, address = 0x77261b28 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 7, address = 0x774d737d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSARecvFrom, address = 0x774dcba6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 21, address = 0x774d41b6 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InterlockedExchange, address = 0x76311462 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InterlockedCompareExchange, address = 0x76311484 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address = 0x76311725 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = towlower, address = 0x75fcad52 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcstoul, address = 0x75fcb319 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = sscanf, address = 0x75fded4c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _strlwr, address = 0x75fdca0b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strncmp, address = 0x75fcb443 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _strupr, address = 0x75fdd49e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = rand, address = 0x75fcc070 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = srand, address = 0x75fcf757 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = fputs, address = 0x75fe6c38 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = time, address = 0x75fcf708 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = localtime, address = 0x75fd7511 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strpbrk, address = 0x75fcf7b6 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockShared, address = 0x77e62560 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockShared, address = 0x77e625a9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InitializeSRWLock, address = 0x77e68456 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockExclusive, address = 0x77e629f1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockExclusive, address = 0x77e629ab | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ReleaseSemaphore, address = 0x7632d3ab | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address = 0x76394195 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 16, address = 0x774d6b0e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 20, address = 0x774d34b5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 19, address = 0x774d6f01 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 4, address = 0x774d6bdd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 13, address = 0x774db001 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 22, address = 0x774d449d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 2, address = 0x774d4582 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 6, address = 0x774d30af | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSAJoinLeaf, address = 0x774eca7d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 54, address = 0x774e67c4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 53, address = 0x774e68b3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = GetAddrInfoW, address = 0x774d4889 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = FreeAddrInfoW, address = 0x774d4b1b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 151, address = 0x774d6a8a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 8, address = 0x774d2d57 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = 18, address = 0x774d6989 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = WinSqmSetDWORD, address = 0x77e984ce | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwLogTraceEvent, address = 0x77f0b4c7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EvtIntReportEventAndSourceAsync, address = 0x77f0 | True | 1 | | | | eb43 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwUnregisterTraceGuids, address = 0x77e89286 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwRegisterTraceGuidsW, address = 0x77e6f843 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwGetTraceLoggerHandle, address = 0x77e9168a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwGetTraceEnableLevel, address = 0x77e916f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = EtwGetTraceEnableFlags, address = 0x77e91729 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlIpv6AddressToStringA, address = 0x77ef38ed | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\nsi.dll | function = NsiAllocateAndGetTable, address = 0x77261949 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\nsi.dll | function = NsiFreeTable, address = 0x772618f4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = isupper, address = 0x75fdc1ca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _purecall, address = 0x76026ea9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _mbstok, address = 0x76025615 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = iscntrl, address = 0x75fdd592 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = ispunct, address = 0x75fe860e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _strtoui64, address = 0x75fe225d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = iswdigit, address = 0x75fcc02c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = isalpha, address = 0x75fd0fa8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = atol, address = 0x75fcddf4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _wtoi, address = 0x75fcc823 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = isxdigit, address = 0x75fd1070 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = memchr, address = 0x75fde134 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcstok, address = 0x75fd076e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = iswlower, address = 0x75fef796 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = qsort, address = 0x75fcd3e6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = _vsnprintf_s, address = 0x7602a6e1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = realloc, address = 0x75fcb10d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strrchr, address = 0x75fcdbae | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strtok_s, address = 0x76040db3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcsrchr, address = 0x75fca73f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = iswspace, address = 0x75fcaacb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = wcstok_s, address = 0x75ff00b3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = strtol, address = 0x75fee8f0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = islower, address = 0x75fef0f7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = swprintf_s, address = 0x75fcecf8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = iswxdigit, address = 0x75fd1029 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = iswascii, address = 0x75fd1010 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = ??_U@YAPAXI@Z, address = 0x75fcb100 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = ??_V@YAXPAX@Z, address = 0x75fcb0f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = qsort_s, address = 0x76029380 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = bsearch, address = 0x75fcb34a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\msvcrt.dll | function = isalnum, address = 0x75fd0fdc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ntdll.dll | function = RtlMoveMemory, address = 0x77e93c40 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHRegGetValueW, address = 0x7622b8ba | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 158, address = 0x7622bb2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHRegGetValueA, address = 0x7621ce33 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathAddBackslashW, address = 0x7622c177 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathFindFileNameW, address = 0x7622bb71 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrRChrW, address = 0x76223ef0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 155, address = 0x7621d2ac | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathRemoveBlanksA, address = 0x7621d8bc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 215, address = 0x7622ad74 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathUnExpandEnvStringsA, address = 0x7623ab7b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 157, address = 0x7622947e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathRenameExtensionA, address = 0x76249cdd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHDeleteKeyA, address = 0x7623d9f6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHDeleteValueW, address = 0x7621fcca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrCmpNIW, address = 0x76224745 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrCmpNIA, address = 0x7621d11c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 151, address = 0x7623cb3d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrChrW, address = 0x76224640 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrChrA, address = 0x7621c5e6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 154, address = 0x76225605 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 217, address = 0x76227173 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = UrlCombineW, address = 0x762275fb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = UrlCanonicalizeW, address = 0x76227472 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 153, address = 0x7621cdae | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathCreateFromUrlW, address = 0x76226ce1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = UrlUnescapeA, address = 0x7623c6fb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = UrlCombineA, address = 0x762561c7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = UrlCanonicalizeA, address = 0x76256577 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrToIntW, address = 0x762250be | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrCmpW, address = 0x76228277 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrCmpNA, address = 0x7623c57c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrRChrA, address = 0x7621ccf5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrToIntA, address = 0x7623cd65 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHGetValueW, address = 0x7622a955 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = SHSetValueW, address = 0x7622170c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 437, address = 0x7622bee6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrChrNW, address = 0x7623d5fd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = StrTrimW, address = 0x762231bc | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = 12, address = 0x7622158a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\shlwapi.dll | function = PathCombineW, address = 0x7622c39c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegEnumKeyExW, address = 0x772e46c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegQueryInfoKeyW, address = 0x772e46e7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExW, address = 0x772e40fe | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CredReadDomainCredentialsW, address = 0x77317841 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address = 0x772dcf31 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address = 0x772e14d6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address = 0x772e46ad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = EventUnregister, address = 0x77e89241 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = EventRegister, address = 0x77e6f6ba | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CredReadW, address = 0x773172a1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CredFree, address = 0x772db2ec | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CredWriteW, address = 0x77317109 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CredDeleteW, address = 0x773179f1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextA, address = 0x772d91dd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address = 0x772ddfc8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address = 0x772de124 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = SystemFunction041, address = 0x772da06a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = SystemFunction040, address = 0x772da0af | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyA, address = 0x772dcc15 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegEnumKeyA, address = 0x772fa299 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = TraceEvent, address = 0x77f0b4c7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = DuplicateTokenEx, address = 0x772dca24 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CreateWellKnownSid, address = 0x772e481e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = SetTokenInformation, address = 0x772d9a92 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescript | True | 1 | | | | orA, address = 0x772dca94 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetSidSubAuthorityCount, address = 0x772e0e0c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetSidSubAuthority, address = 0x772e0e24 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = AllocateAndInitializeSid, address = 0x772e40e6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CheckTokenMembership, address = 0x772ddf04 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = FreeSid, address = 0x772e412e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueA, address = 0x772fa4ea | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = ConvertSidToStringSidW, address = 0x772e4344 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegGetValueW, address = 0x772e0e47 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address = 0x772ddf14 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CryptGetProvParam, address = 0x77313218 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = OpenThreadToken, address = 0x772e432c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address = 0x772e431c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = EventWrite, address = 0x77e90c59 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address = 0x772e468d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = UnregisterTraceGuids, address = 0x77e89286 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegisterTraceGuidsA, address = 0x77e9848f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetTraceLoggerHandle, address = 0x77e9168a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetTraceEnableLevel, address = 0x77e916f3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetTraceEnableFlags, address = 0x77e91729 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegDeleteKeyA, address = 0x772fa8b7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExA, address = 0x772e1469 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExA, address = 0x772e14b3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address = 0x772e4907 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address = 0x772e48ef | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegQueryInfoKeyA, address = 0x772de143 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegEnumKeyExA, address = 0x772e1481 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address = 0x772e469d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address = 0x772fa4b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = OpenSCManagerA, address = 0x772e2bd8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = OpenServiceA, address = 0x772e2bf0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = CloseServiceHandle, address = 0x772e369c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\advapi32.dll | function = QueryServiceStatus, address = 0x772e2a86 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetShortPathNameA, address = 0x7633594d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetShortPathNameW, address = 0x7631d2f9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExA, address = 0x7639434f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetFileTime, address = 0x7632ecbb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address = 0x76315414 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LCMapStringA, address = 0x7633bc39 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesExA, address = 0x7633cc14 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FileTimeToDosDateTime, address = 0x7632c86d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address = 0x763159e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = lstrcmpW, address = 0x76315929 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address = 0x763158a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableA, address = 0x763133a0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address = 0x76329b2d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address = 0x76329af0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MoveFileA, address = 0x7638d911 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address = 0x7632c807 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LocalFileTimeToFileTime, address = 0x7633d50e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreA, address = 0x7633d172 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address = 0x7632ecd3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetFileTime, address = 0x76314407 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = lstrcmpA, address = 0x7632eceb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleExA, address = 0x7632caa8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryAndExitThread, address = 0x7632d582 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsA, address = 0x7632eb39 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address = 0x763189b3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetACP, address = 0x7631179c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InterlockedExchangeAdd, address = 0x7632d39b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FindResourceW, address = 0x76315971 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenMutexA, address = 0x7632ec6f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetSystemDirectoryA, address = 0x7632b66c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FormatMessageA, address = 0x76335fbd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetErrorMode, address = 0x76311b00 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiW, address = 0x7632d5cd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DosDateTimeToFileTime, address = 0x7632effe | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FlushViewOfFile, address = 0x7633b909 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MapViewOfFileEx, address = 0x76314c83 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenFileMappingA, address = 0x76314c1b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryW, address = 0x7631492b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address = 0x763114e9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetTimeFormatW, address = 0x7632f481 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatW, address = 0x763334d7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address = 0x7632b6e0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GlobalUnlock, address = 0x7632cfdf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GlobalLock, address = 0x7632d0a7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FindResourceExW, address = 0x76313299 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LoadResource, address = 0x7631594c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExW, address = 0x7631495d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateFileMappingW, address = 0x76311909 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address = 0x76311ae5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultUILanguage, address = 0x76332b22 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultUILanguage, address = 0x763144ab | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SearchPathW, address = 0x7632cd70 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateActCtxW, address = 0x76319247 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ReleaseActCtx, address = 0x763154c1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = ActivateActCtx, address = 0x76315490 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = DeactivateActCtx, address = 0x7631545c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address = 0x7632d4f7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CompareFileTime, address = 0x76311b25 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = WritePrivateProfileStringW, address = 0x7633640c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address = 0x76311b18 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetSystemDirectoryW, address = 0x76315063 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetQueuedCompletionStatus, address = 0x7632d3c3 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleExW, address = 0x76314a6f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address = 0x7631424c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = OpenMutexW, address = 0x76315151 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LockResource, address = 0x76315959 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = SizeofResource, address = 0x76315ac9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = MoveFileExA, address = 0x7633ccc1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address = 0x763134c8 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address = 0x76313bca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address = 0x76313c5a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address = 0x7631168c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InterlockedIncrement, address = 0x76311400 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address = 0x76313e8e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address = 0x76315a4b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = InterlockedDecrement, address = 0x763113f0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address = 0x76314950 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = LocalReAlloc, address = 0x763159bf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address = 0x76313f5c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetSystemTime, address = 0x76315a96 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address = 0x763134b0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = FormatMessageW, address = 0x76314620 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetLongPathNameA, address = 0x7639437f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address = 0x76311700 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetLongPathNameW, address = 0x7631a315 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GlobalFree, address = 0x76315558 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = IsValidCodePage, address = 0x76314493 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = IsDBCSLeadByte, address = 0x76311748 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address = 0x7631588e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoW, address = 0x76313c42 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLCID, address = 0x76313da5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetCPInfoExW, address = 0x7633af0b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetTimeFormatA, address = 0x7633a842 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatA, address = 0x7633a959 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\kernel32.dll | function = IsDBCSLeadByteEx, address = 0x7633cf4e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = RegisterWindowMessageW, address = 0x75a99ebd | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = LoadStringW, address = 0x75a98eb9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = DialogBoxParamW, address = 0x75abcfca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetDesktopWindow, address = 0x75aa0a19 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SendDlgItemMessageA, address = 0x75abc112 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = LoadIconA, address = 0x75a9dafb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = LoadImageA, address = 0x75aa8455 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = LoadStringA, address = 0x75a9db21 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CharLowerA, address = 0x75aa3e75 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = EnableWindow, address = 0x75aa2da4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetWindowTextW, address = 0x75aa20ec | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetDlgItem, address = 0x75abf1ba | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetFocus, address = 0x75aa2175 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = EndDialog, address = 0x75abb99c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CheckDlgButton, address = 0x75abbe9a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SendMessageW, address = 0x75a99679 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SendMessageA, address = 0x75aa612e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = IsDlgButtonChecked, address = 0x75abc0a6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = DefWindowProcA, address = 0x77e724e0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetWindowLongA, address = 0x75aa6110 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindowLongA, address = 0x75a9d156 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = RegisterClassW, address = 0x75a98a65 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindowTextW, address = 0x75aa205e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = MessageBoxW, address = 0x75aefd3f | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CharNextA, address = 0x75a97a1b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindowInfo, address = 0x75aa1bbf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CharToOemA, address = 0x75aa4fee | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CharUpperA, address = 0x75a9fdca | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CharLowerW, address = 0x75a97647 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = IsCharAlphaNumericA, address = 0x75aa6867 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindowThreadProcessId, address = 0x75a991b4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = EnumChildWindows, address = 0x75aa0e94 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = IsWindowVisible, address = 0x75aa112d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetAncestor, address = 0x75a99785 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = EnumWindows, address = 0x75a9d1cf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = CharNextExA, address = 0x75af4da0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = PostMessageA, address = 0x75aa3baa | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetWindowPos, address = 0x75a98e4e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetDlgItemTextW, address = 0x75abcfa0 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = DestroyIcon, address = 0x75aa49b2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SetForegroundWindow, address = 0x75abf170 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindow, address = 0x75a9926e | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetWindowRect, address = 0x75a97f34 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = EqualRect, address = 0x75aa0988 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = IntersectRect, address = 0x75aa0903 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = ReleaseDC, address = 0x75a97446 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = GetDC, address = 0x75a972c4 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = SendDlgItemMessageW, address = 0x75abd0f5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\user32.dll | function = LoadImageW, address = 0x75a9fbd1 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 423, address = 0x778136ad | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 416, address = 0x77802d27 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 422, address = 0x77802d5d | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 407, address = 0x77888507 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 414, address = 0x777ebff9 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 410, address = 0x777f6169 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 408, address = 0x77813669 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = 421, address = 0x77802d77 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 32, address = 0x77512add | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 33, address = 0x7767cb97 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 37, address = 0x7767e410 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 50, address = 0x77653baf | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 58, address = 0x77681b29 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 9, address = 0x776d6136 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 16, address = 0x776db761 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 670, address = 0x7767d975 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 654, address = 0x77675abb | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 651, address = 0x776530d5 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 650, address = 0x7761f1e6 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 17, address = 0x7765f6e7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\iertutil.dll | function = 685, address = 0x776e00e2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\atl.dll | function = AtlAdvise, address = 0x75854ea7 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\atl.dll | function = AtlUnadvise, address = 0x75854f25 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\atl.dll | function = AtlAxCreateControlEx, address = 0x7585c58c | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\oleaut32.dll | function = SysFreeString, address = 0x77953e59 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSAStartup, address = 0x774d3ab2 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\ws2_32.dll | function = WSASocketA, address = 0x774dc82a | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\mswsock.dll | function = WSPStartup, address = 0x75748a9b | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_proc_address | c:\windows\syswow64\urlmon.dll | function = ObtainUserAgentString, address = 0x77811d76 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | C:\Windows\SysWOW64\ping.exe | | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | c:\windows\syswow64\ntdll.dll | file_name = C:\Windows\SysWOW64\ntdll.dll | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | c:\windows\syswow64\kernel32.dll | file_name = C:\Windows\syswow64\kernel32.dll | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | mswsock | file_name = C:\Windows\SysWOW64\mswsock.DLL | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | c:\windows\syswow64\ws2_32.dll | file_name = C:\Windows\syswow64\WS2_32.dll | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | wsock32 | file_name = C:\Windows\SysWOW64\wsock32.DLL | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | dnsapi | file_name = C:\Windows\SysWOW64\dnsapi.DLL | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_filename | c:\windows\syswow64\wininet.dll | file_name = C:\Windows\syswow64\WININET.dll | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76300000 | True | 32 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\ping.exe | base_address = 0x940000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77e30000 | True | 10 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\kernelbase.dll | base_address = 0x77480000 | True | 51 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | mswsock | base_address = 0x0 | False | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\msvcrt.dll | base_address = 0x75fc0000 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\user32.dll | base_address = 0x75a80000 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\rpcrt4.dll | base_address = 0x76510000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\ws2_32.dll | base_address = 0x774d0000 | True | 5 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\nsi.dll | base_address = 0x77260000 | True | 2 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | wsock32 | base_address = 0x0 | False | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | dnsapi | base_address = 0x0 | False | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\wininet.dll | base_address = 0x75ec0000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\shlwapi.dll | base_address = 0x76210000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\advapi32.dll | base_address = 0x772d0000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\urlmon.dll | base_address = 0x777e0000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\iertutil.dll | base_address = 0x77510000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\mswsock.dll | base_address = 0x75740000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | winmm.dll | base_address = 0x0 | False | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | get_handle | c:\windows\syswow64\ole32.dll | base_address = 0x75d60000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\ntdll.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\kernel32.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\mswsock.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\ws2_32.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\wsock32.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\dnsapi.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | create_mapping | c:\windows\syswow64\wininet.dll | module_name = Nameless FileMapping, maximum_size = 0, protec | True | 1 | | | | tion = PAGE_READONLY | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\ntdll.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x1020000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\kernel32.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x1020000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\mswsock.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x800000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\ws2_32.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x800000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\wsock32.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x210000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\dnsapi.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x800000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | map | c:\windows\syswow64\wininet.dll | process_name = c:\windows\syswow64\ping.exe, os_pid = 0x50c, | True | 1 | | | | module_name = Nameless FileMapping, desired_access = FILE_M | | | | | | AP_READ, file_offset = 0, address = 0x1020000 | | | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | unmap | c:\windows\syswow64\ping.exe | os_pid = 0x50c, base_address = 0x1020000 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | unmap | c:\windows\syswow64\ping.exe | os_pid = 0x50c, base_address = 0x800000 | True | 3 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+ | unmap | c:\windows\syswow64\ping.exe | os_pid = 0x50c, base_address = 0x210000 | True | 1 | +----------------------+--------------------------------------------------------------+--------------------------------------------------------------+----------------------+----------------------+