SystemSettings.UserAccountsHandlers.dll

Description: SystemSettings.UserAccountsHandlers DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: ba873a550bb049781e155a7e8ca7e100

File Size: 507.0 KB

Uploaded At: Dec. 1, 2025, 7:40 a.m.

Views: 27

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x9340)
  • GetSetting (Ordinal: 2, Address: 0x9350)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x180064a58)
  • CoCreateInstance (Address: 0x180064a50)
  • CoIncrementMTAUsage (Address: 0x180064a28)
  • CoInitializeEx (Address: 0x180064a30)
  • CoMarshalInterface (Address: 0x180064a70)
  • CoReleaseMarshalData (Address: 0x180064a18)
  • CoTaskMemAlloc (Address: 0x180064a60)
  • CoTaskMemFree (Address: 0x180064a40)
  • CoTaskMemRealloc (Address: 0x180064a78)
  • CoUninitialize (Address: 0x180064a38)
  • CoWaitForMultipleHandles (Address: 0x180064a68)
  • CreateStreamOnHGlobal (Address: 0x180064a20)
  • PropVariantClear (Address: 0x180064a48)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x180064a88)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180064aa0)
  • IsDebuggerPresent (Address: 0x180064aa8)
  • OutputDebugStringA (Address: 0x180064a98)
  • OutputDebugStringW (Address: 0x180064ab0)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180064ac0)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180064ad0)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180064b00)
  • RaiseException (Address: 0x180064af0)
  • SetLastError (Address: 0x180064af8)
  • SetUnhandledExceptionFilter (Address: 0x180064ae8)
  • UnhandledExceptionFilter (Address: 0x180064ae0)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x180064b10)
  • GetDiskFreeSpaceExW (Address: 0x180064b18)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180064b28)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180064b48)
  • HeapAlloc (Address: 0x180064b38)
  • HeapFree (Address: 0x180064b40)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x180064b58)
  • LocalFree (Address: 0x180064b60)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x180064b70)
  • InterlockedPushEntrySList (Address: 0x180064b78)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • GetComputerNameW (Address: 0x180064b88)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180064bb8)
  • GetModuleFileNameA (Address: 0x180064b98)
  • GetModuleHandleExW (Address: 0x180064ba0)
  • GetModuleHandleW (Address: 0x180064bb0)
  • GetProcAddress (Address: 0x180064ba8)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryW (Address: 0x180064bc8)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180064bd8)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x180064be8)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateThread (Address: 0x180064c10)
  • GetCurrentProcess (Address: 0x180064c00)
  • GetCurrentProcessId (Address: 0x180064c18)
  • GetCurrentThread (Address: 0x180064c28)
  • GetCurrentThreadId (Address: 0x180064c20)
  • GetExitCodeProcess (Address: 0x180064c40)
  • GetProcessId (Address: 0x180064c30)
  • OpenProcessToken (Address: 0x180064c38)
  • OpenThreadToken (Address: 0x180064c08)
  • TerminateProcess (Address: 0x180064bf8)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x180064c50)
  • OpenProcess (Address: 0x180064c58)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180064c68)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180064c80)
  • RegEnumValueW (Address: 0x180064c88)
  • RegGetValueW (Address: 0x180064c90)
  • RegOpenKeyExW (Address: 0x180064c78)
  • RegQueryInfoKeyW (Address: 0x180064c98)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180064ca8)
  • RtlLookupFunctionEntry (Address: 0x180064cb0)
  • RtlVirtualUnwind (Address: 0x180064cb8)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x180064cd0)
  • CompareStringW (Address: 0x180064cc8)
  • MultiByteToWideChar (Address: 0x180064cd8)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x180064ce8)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180064d50)
  • AcquireSRWLockShared (Address: 0x180064d00)
  • CreateEventExW (Address: 0x180064d78)
  • CreateEventW (Address: 0x180064d20)
  • CreateMutexExW (Address: 0x180064d88)
  • CreateSemaphoreExW (Address: 0x180064cf8)
  • DeleteCriticalSection (Address: 0x180064d28)
  • EnterCriticalSection (Address: 0x180064d18)
  • InitializeCriticalSectionEx (Address: 0x180064d68)
  • InitializeSRWLock (Address: 0x180064d70)
  • LeaveCriticalSection (Address: 0x180064d08)
  • OpenSemaphoreW (Address: 0x180064d60)
  • ReleaseMutex (Address: 0x180064d48)
  • ReleaseSemaphore (Address: 0x180064d10)
  • ReleaseSRWLockExclusive (Address: 0x180064d38)
  • ReleaseSRWLockShared (Address: 0x180064d90)
  • SetEvent (Address: 0x180064d30)
  • WaitForMultipleObjectsEx (Address: 0x180064d80)
  • WaitForSingleObject (Address: 0x180064d40)
  • WaitForSingleObjectEx (Address: 0x180064d58)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceBeginInitialize (Address: 0x180064db0)
  • InitOnceComplete (Address: 0x180064da8)
  • InitOnceExecuteOnce (Address: 0x180064da0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetComputerNameExW (Address: 0x180064dc0)
  • GetSystemDirectoryW (Address: 0x180064dd0)
  • GetSystemTimeAsFileTime (Address: 0x180064dc8)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetProductInfo (Address: 0x180064de0)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x180064df8)
  • CreateThreadpoolTimer (Address: 0x180064e08)
  • SetThreadpoolTimer (Address: 0x180064df0)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180064e00)
api-ms-win-core-winrt-error-l1-1-0.dll
  • GetRestrictedErrorInfo (Address: 0x180064e20)
  • RoOriginateError (Address: 0x180064e38)
  • RoOriginateErrorW (Address: 0x180064e18)
  • RoTransformError (Address: 0x180064e28)
  • SetRestrictedErrorInfo (Address: 0x180064e30)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x180064e48)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x180064e58)
  • RoOriginateLanguageException (Address: 0x180064e60)
  • RoReportFailedDelegate (Address: 0x180064e50)
api-ms-win-core-winrt-l1-1-0.dll
  • RoActivateInstance (Address: 0x180064e70)
  • RoGetActivationFactory (Address: 0x180064e78)
  • RoInitialize (Address: 0x180064e80)
  • RoUninitialize (Address: 0x180064e88)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCompareStringOrdinal (Address: 0x180064ea0)
  • WindowsCreateString (Address: 0x180064ec8)
  • WindowsCreateStringReference (Address: 0x180064eb8)
  • WindowsDeleteString (Address: 0x180064ec0)
  • WindowsDeleteStringBuffer (Address: 0x180064ed8)
  • WindowsDuplicateString (Address: 0x180064eb0)
  • WindowsGetStringRawBuffer (Address: 0x180064ed0)
  • WindowsIsStringEmpty (Address: 0x180064e98)
  • WindowsPreallocateStringBuffer (Address: 0x180064ea8)
  • WindowsPromoteStringBuffer (Address: 0x180064ee0)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x180064f50)
  • __CxxFrameHandler3 (Address: 0x180064fd0)
  • __CxxFrameHandler4 (Address: 0x180064fb8)
  • __std_terminate (Address: 0x180064fb0)
  • _CxxThrowException (Address: 0x180064fc8)
  • _o___std_exception_copy (Address: 0x180064fa8)
  • _o___std_exception_destroy (Address: 0x180064fa0)
  • _o___std_type_info_destroy_list (Address: 0x180064f98)
  • _o___stdio_common_vsnprintf_s (Address: 0x180064f90)
  • _o___stdio_common_vswprintf (Address: 0x180064f88)
  • _o__callnewh (Address: 0x180064f70)
  • _o__cexit (Address: 0x180064f68)
  • _o__configure_narrow_argv (Address: 0x180064f60)
  • _o__crt_atexit (Address: 0x180064f58)
  • _o__errno (Address: 0x180064f80)
  • _o__execute_onexit_table (Address: 0x180064f78)
  • _o__initialize_narrow_environment (Address: 0x180064ef0)
  • _o__initialize_onexit_table (Address: 0x180064ef8)
  • _o__invalid_parameter_noinfo (Address: 0x180064f00)
  • _o__purecall (Address: 0x180064f08)
  • _o__register_onexit_function (Address: 0x180064f10)
  • _o__seh_filter_dll (Address: 0x180064f18)
  • _o__wcsicmp (Address: 0x180064f28)
  • _o_free (Address: 0x180064f30)
  • _o_malloc (Address: 0x180064f38)
  • _o_realloc (Address: 0x180064f40)
  • _o_terminate (Address: 0x180064f48)
  • memcmp (Address: 0x180064fc0)
  • memcpy (Address: 0x180064fd8)
  • memmove (Address: 0x180064f20)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x180064ff0)
  • _initterm_e (Address: 0x180064fe8)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x180065000)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x180065030)
  • EventRegister (Address: 0x180065010)
  • EventSetInformation (Address: 0x180065028)
  • EventUnregister (Address: 0x180065020)
  • EventWriteTransfer (Address: 0x180065018)
api-ms-win-rtcore-ntuser-window-l1-1-0.dll
  • EnumWindows (Address: 0x180065050)
  • GetWindowRect (Address: 0x180065058)
  • GetWindowThreadProcessId (Address: 0x180065048)
  • SendMessageW (Address: 0x180065040)
api-ms-win-security-base-l1-1-0.dll
  • CheckTokenMembership (Address: 0x180065098)
  • CopySid (Address: 0x180065090)
  • CreateWellKnownSid (Address: 0x180065068)
  • DuplicateToken (Address: 0x180065078)
  • EqualSid (Address: 0x180065088)
  • GetLengthSid (Address: 0x180065080)
  • GetTokenInformation (Address: 0x180065070)
api-ms-win-security-lsalookup-l2-1-0.dll
  • LookupAccountNameW (Address: 0x1800650a8)
  • LookupAccountSidW (Address: 0x1800650b0)
api-ms-win-security-lsapolicy-l1-1-0.dll
  • LsaClose (Address: 0x1800650d0)
  • LsaFreeMemory (Address: 0x1800650c8)
  • LsaLookupSids (Address: 0x1800650c0)
  • LsaOpenPolicy (Address: 0x1800650d8)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x1800650f0)
  • ConvertStringSidToSidW (Address: 0x1800650e8)
api-ms-win-shcore-comhelpers-l1-1-0.dll
  • IUnknown_QueryService (Address: 0x180065100)
api-ms-win-shcore-scaling-l1-1-1.dll
  • (Address: 0x180065110)
api-ms-win-shcore-taskpool-l1-1-0.dll
  • SHTaskPoolAllowThreadReuse (Address: 0x180065128)
  • SHTaskPoolQueueTask (Address: 0x180065120)
api-ms-win-shell-namespace-l1-1-0.dll
  • SHCreateItemFromParsingName (Address: 0x180065138)
netutils.dll
  • NetApiBufferFree (Address: 0x180065148)
ntdll.dll
  • NtQueryInformationToken (Address: 0x180065158)
OLEAUT32.dll
  • SysFreeString (Address: 0x1800649a0)
PROPSYS.dll
  • PropVariantToStringAlloc (Address: 0x1800649b0)
samcli.dll
  • NetLocalGroupGetMembers (Address: 0x180065170)
  • NetUserEnum (Address: 0x180065168)
  • NetUserGetLocalGroups (Address: 0x180065178)
SHCORE.dll
  • (Address: 0x1800649e8)
  • (Address: 0x1800649c8)
  • (Address: 0x1800649c0)
  • IUnknown_SetSite (Address: 0x1800649d8)
  • SHStrDupA (Address: 0x1800649d0)
  • SHStrDupW (Address: 0x1800649e0)
SHLWAPI.dll
  • StrChrW (Address: 0x1800649f8)
USERENV.dll
  • GetProfilesDirectoryW (Address: 0x180064a08)