msv1_0.dll
Description: Microsoft Authentication Package v1.0
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: 745ff3a4e93f8b49781cf00ba3945f14
File Size: 538.9 KB
Uploaded At: Dec. 1, 2025, 7:34 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- SpInitialize (Ordinal: 1, Address: 0x24d80)
- MsvIsLocalhostAliases (Ordinal: 2, Address: 0x12aa0)
- SpLsaModeInitialize (Ordinal: 3, Address: 0x27260)
- SpUserModeInitialize (Ordinal: 4, Address: 0x122b0)
- DllMain (Ordinal: 5, Address: 0x2cde0)
- LsaApCallPackage (Ordinal: 6, Address: 0x11e80)
- LsaApCallPackagePassthrough (Ordinal: 7, Address: 0x42f30)
- LsaApCallPackageUntrusted (Ordinal: 8, Address: 0x125e0)
- LsaApInitializePackage (Ordinal: 9, Address: 0x24ae0)
- LsaApLogonTerminated (Ordinal: 10, Address: 0x13170)
- LsaApLogonUserEx2 (Ordinal: 11, Address: 0x18030)
- Msv1_0ExportSubAuthenticationRoutine (Ordinal: 12, Address: 0x47cb0)
- Msv1_0SubAuthenticationPresent (Ordinal: 13, Address: 0x47dc0)
- MsvGetLogonAttemptCount (Ordinal: 14, Address: 0x46980)
- MsvIsIpAddressLocal (Ordinal: 15, Address: 0x5be60)
- MsvSamLogoff (Ordinal: 16, Address: 0x15a70)
- MsvSamValidate (Ordinal: 17, Address: 0x1e6d0)
- MsvValidateTarget (Ordinal: 18, Address: 0x46990)
- SpInstanceInit (Ordinal: 32, Address: 0x11490)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18006c898)
- IsDebuggerPresent (Address: 0x18006c8a0)
- OutputDebugStringW (Address: 0x18006c8a8)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18006c8b8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18006c8c8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18006c8f0)
- SetLastError (Address: 0x18006c8d8)
- SetUnhandledExceptionFilter (Address: 0x18006c8e8)
- UnhandledExceptionFilter (Address: 0x18006c8e0)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x18006c918)
- CreateFileW (Address: 0x18006c920)
- FlushFileBuffers (Address: 0x18006c910)
- SetFilePointer (Address: 0x18006c900)
- WriteFile (Address: 0x18006c908)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18006c930)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18006c940)
- HeapAlloc (Address: 0x18006c950)
- HeapFree (Address: 0x18006c948)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18006c960)
- LocalFree (Address: 0x18006c968)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x18006c978)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18006c9b0)
- FreeLibrary (Address: 0x18006c9a0)
- GetModuleFileNameA (Address: 0x18006c998)
- GetModuleFileNameW (Address: 0x18006c988)
- GetModuleHandleExW (Address: 0x18006c9c8)
- GetModuleHandleW (Address: 0x18006c9b8)
- GetProcAddress (Address: 0x18006c990)
- LoadLibraryExA (Address: 0x18006c9a8)
- LoadLibraryExW (Address: 0x18006c9c0)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageA (Address: 0x18006c9e0)
- FormatMessageW (Address: 0x18006c9d8)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x18006c9f8)
- VirtualProtect (Address: 0x18006ca00)
- VirtualQuery (Address: 0x18006c9f0)
api-ms-win-core-privateprofile-l1-1-0.dll
- GetProfileIntW (Address: 0x18006ca10)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18006ca20)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18006ca38)
- GetCurrentProcessId (Address: 0x18006ca30)
- GetCurrentThread (Address: 0x18006ca40)
- GetCurrentThreadId (Address: 0x18006ca48)
- SetThreadStackGuarantee (Address: 0x18006ca60)
- SetThreadToken (Address: 0x18006ca50)
- TerminateProcess (Address: 0x18006ca58)
api-ms-win-core-processthreads-l1-1-1.dll
- GetProcessMitigationPolicy (Address: 0x18006ca80)
- IsProcessorFeaturePresent (Address: 0x18006ca78)
- OpenProcess (Address: 0x18006ca70)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18006ca90)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x18006caa0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18006cac0)
- RegDeleteValueW (Address: 0x18006cad0)
- RegNotifyChangeKeyValue (Address: 0x18006cab8)
- RegOpenKeyExA (Address: 0x18006cae8)
- RegOpenKeyExW (Address: 0x18006cac8)
- RegQueryValueExA (Address: 0x18006cae0)
- RegQueryValueExW (Address: 0x18006cab0)
- RegSetValueExW (Address: 0x18006cad8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18006cb00)
- RtlCompareMemory (Address: 0x18006caf8)
- RtlLookupFunctionEntry (Address: 0x18006cb08)
- RtlVirtualUnwind (Address: 0x18006cb10)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18006cb78)
- AcquireSRWLockShared (Address: 0x18006cb98)
- CreateEventW (Address: 0x18006cbb0)
- CreateMutexExW (Address: 0x18006cbc0)
- CreateSemaphoreExW (Address: 0x18006cba0)
- DeleteCriticalSection (Address: 0x18006cb20)
- EnterCriticalSection (Address: 0x18006cb88)
- InitializeCriticalSection (Address: 0x18006cbb8)
- InitializeCriticalSectionEx (Address: 0x18006cb58)
- InitializeSRWLock (Address: 0x18006cb68)
- LeaveCriticalSection (Address: 0x18006cb60)
- OpenEventW (Address: 0x18006cb30)
- OpenSemaphoreW (Address: 0x18006cba8)
- ReleaseMutex (Address: 0x18006cb38)
- ReleaseSemaphore (Address: 0x18006cb80)
- ReleaseSRWLockExclusive (Address: 0x18006cb28)
- ReleaseSRWLockShared (Address: 0x18006cb50)
- SetEvent (Address: 0x18006cb40)
- TryAcquireSRWLockExclusive (Address: 0x18006cb70)
- WaitForSingleObject (Address: 0x18006cb48)
- WaitForSingleObjectEx (Address: 0x18006cb90)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18006cbd0)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x18006cbe0)
- GetLocalTime (Address: 0x18006cc08)
- GetSystemInfo (Address: 0x18006cbf0)
- GetSystemTimeAsFileTime (Address: 0x18006cc18)
- GetTickCount (Address: 0x18006cbe8)
- GetTickCount64 (Address: 0x18006cc10)
- GetVersionExW (Address: 0x18006cbf8)
- GetWindowsDirectoryW (Address: 0x18006cc00)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x18006cc30)
- CreateThreadpoolTimer (Address: 0x18006cc40)
- SetThreadpoolTimer (Address: 0x18006cc38)
- WaitForThreadpoolTimerCallbacks (Address: 0x18006cc28)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- UnregisterWaitEx (Address: 0x18006cc50)
api-ms-win-core-threadpool-private-l1-1-0.dll
- RegisterWaitForSingleObjectEx (Address: 0x18006cc60)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x18006cdb0)
- __CxxFrameHandler3 (Address: 0x18006cd10)
- __CxxFrameHandler4 (Address: 0x18006cda8)
- __std_terminate (Address: 0x18006cda0)
- _CxxThrowException (Address: 0x18006cd18)
- _o___std_exception_copy (Address: 0x18006cd88)
- _o___std_exception_destroy (Address: 0x18006cd80)
- _o___std_type_info_destroy_list (Address: 0x18006cd78)
- _o___stdio_common_vsnprintf_s (Address: 0x18006cd70)
- _o___stdio_common_vsnwprintf_s (Address: 0x18006cd68)
- _o___stdio_common_vsprintf_s (Address: 0x18006cd60)
- _o___stdio_common_vswprintf (Address: 0x18006cd58)
- _o___stdio_common_vswprintf_s (Address: 0x18006cd50)
- _o__callnewh (Address: 0x18006cd48)
- _o__cexit (Address: 0x18006cd40)
- _o__configure_narrow_argv (Address: 0x18006cd38)
- _o__crt_atexit (Address: 0x18006cd30)
- _o__errno (Address: 0x18006cd28)
- _o__execute_onexit_table (Address: 0x18006cd20)
- _o__initialize_narrow_environment (Address: 0x18006cc70)
- _o__initialize_onexit_table (Address: 0x18006cc78)
- _o__invalid_parameter_noinfo (Address: 0x18006cc80)
- _o__purecall (Address: 0x18006cc88)
- _o__register_onexit_function (Address: 0x18006cc90)
- _o__seh_filter_dll (Address: 0x18006cc98)
- _o__ultow (Address: 0x18006cca0)
- _o__wcsicmp (Address: 0x18006cca8)
- _o__wcsnicmp (Address: 0x18006ccb0)
- _o__wsplitpath_s (Address: 0x18006ccc0)
- _o_free (Address: 0x18006ccc8)
- _o_malloc (Address: 0x18006ccd0)
- _o_strcpy_s (Address: 0x18006ccd8)
- _o_toupper (Address: 0x18006cce0)
- _o_towupper (Address: 0x18006cce8)
- _o_wcscat_s (Address: 0x18006ccf0)
- _o_wcscpy_s (Address: 0x18006ccf8)
- _o_wcsncat_s (Address: 0x18006cd00)
- _o_wcsncpy_s (Address: 0x18006cd08)
- memcmp (Address: 0x18006cdb8)
- memcpy (Address: 0x18006cdc0)
- memmove (Address: 0x18006ccb8)
- wcschr (Address: 0x18006cd98)
- wcsrchr (Address: 0x18006cd90)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x18006cdd8)
- _initterm_e (Address: 0x18006cdd0)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x18006cde8)
- strncmp (Address: 0x18006cdf8)
- wcscmp (Address: 0x18006cdf0)
- wcsncmp (Address: 0x18006ce00)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x18006ce10)
- EventRegister (Address: 0x18006ce20)
- EventSetInformation (Address: 0x18006ce28)
- EventUnregister (Address: 0x18006ce30)
- EventWriteTransfer (Address: 0x18006ce18)
api-ms-win-security-activedirectoryclient-l1-1-0.dll
- DsBindWithSpnExW (Address: 0x18006ce50)
- DsCrackNamesW (Address: 0x18006ce40)
- DsFreeNameResultW (Address: 0x18006ce58)
- DsUnBindW (Address: 0x18006ce48)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x18006ce98)
- CheckTokenMembership (Address: 0x18006ce90)
- GetLengthSid (Address: 0x18006ce68)
- GetTokenInformation (Address: 0x18006ce78)
- ImpersonateAnonymousToken (Address: 0x18006ce70)
- IsValidSid (Address: 0x18006ce80)
- RevertToSelf (Address: 0x18006ce88)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x18006cea8)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x18006ced8)
- BCryptCreateHash (Address: 0x18006cee0)
- BCryptDecrypt (Address: 0x18006cec8)
- BCryptDestroyHash (Address: 0x18006ceb8)
- BCryptDestroyKey (Address: 0x18006cf00)
- BCryptDuplicateKey (Address: 0x18006cef8)
- BCryptEncrypt (Address: 0x18006cef0)
- BCryptExportKey (Address: 0x18006cf28)
- BCryptFinishHash (Address: 0x18006cf18)
- BCryptGenerateSymmetricKey (Address: 0x18006cee8)
- BCryptGenRandom (Address: 0x18006cec0)
- BCryptHashData (Address: 0x18006ced0)
- BCryptImportKey (Address: 0x18006cf10)
- BCryptKeyDerivation (Address: 0x18006cf08)
- BCryptOpenAlgorithmProvider (Address: 0x18006cf20)
ntdll.dll
- DbgPrint (Address: 0x18006d078)
- EtwEventActivityIdControl (Address: 0x18006d090)
- EtwEventEnabled (Address: 0x18006d1b0)
- EtwEventRegister (Address: 0x18006d0e0)
- EtwEventUnregister (Address: 0x18006d0d8)
- EtwEventWrite (Address: 0x18006d1b8)
- EtwEventWriteTransfer (Address: 0x18006d020)
- EtwGetTraceEnableFlags (Address: 0x18006cfc8)
- EtwGetTraceEnableLevel (Address: 0x18006cfb8)
- EtwGetTraceLoggerHandle (Address: 0x18006cfc0)
- EtwLogTraceEvent (Address: 0x18006cf80)
- EtwRegisterTraceGuidsW (Address: 0x18006cfb0)
- EtwTraceMessage (Address: 0x18006d248)
- EtwUnregisterTraceGuids (Address: 0x18006cfd0)
- NtAllocateLocallyUniqueId (Address: 0x18006cfd8)
- NtClose (Address: 0x18006d1f0)
- NtCreateEvent (Address: 0x18006d030)
- NtCreateKey (Address: 0x18006d068)
- NtDeleteValueKey (Address: 0x18006d060)
- NtDuplicateObject (Address: 0x18006d120)
- NtDuplicateToken (Address: 0x18006d148)
- NtFilterToken (Address: 0x18006d1e0)
- NtOpenEvent (Address: 0x18006cff0)
- NtOpenKey (Address: 0x18006d0a0)
- NtOpenProcess (Address: 0x18006d158)
- NtOpenProcessToken (Address: 0x18006d0f8)
- NtOpenThreadToken (Address: 0x18006d1d8)
- NtQueryInformationProcess (Address: 0x18006d150)
- NtQueryInformationToken (Address: 0x18006d108)
- NtQuerySystemInformation (Address: 0x18006d098)
- NtQuerySystemTime (Address: 0x18006cf40)
- NtQueryValueKey (Address: 0x18006d088)
- NtSetInformationThread (Address: 0x18006d218)
- NtSetSecurityObject (Address: 0x18006d110)
- NtSetValueKey (Address: 0x18006d080)
- NtWaitForSingleObject (Address: 0x18006d040)
- RtlAcquireResourceExclusive (Address: 0x18006cfa8)
- RtlAcquireResourceShared (Address: 0x18006d208)
- RtlAddAccessAllowedAce (Address: 0x18006d118)
- RtlAllocateAndInitializeSid (Address: 0x18006d210)
- RtlAllocateHeap (Address: 0x18006d1c0)
- RtlAppendUnicodeStringToString (Address: 0x18006cfe0)
- RtlAppendUnicodeToString (Address: 0x18006cfe8)
- RtlAvlInsertNodeEx (Address: 0x18006d048)
- RtlAvlRemoveNode (Address: 0x18006d050)
- RtlCheckTokenMembershipEx (Address: 0x18006d018)
- RtlConvertSharedToExclusive (Address: 0x18006d038)
- RtlCopySid (Address: 0x18006d028)
- RtlCopyUnicodeString (Address: 0x18006d008)
- RtlCreateAcl (Address: 0x18006d128)
- RtlCreateSecurityDescriptor (Address: 0x18006d130)
- RtlCreateServiceSid (Address: 0x18006d0a8)
- RtlDeleteElementGenericTable (Address: 0x18006d160)
- RtlDeleteResource (Address: 0x18006d250)
- RtlDowncaseUnicodeString (Address: 0x18006cf78)
- RtlDuplicateUnicodeString (Address: 0x18006d010)
- RtlEnterCriticalSection (Address: 0x18006d170)
- RtlEqualDomainName (Address: 0x18006d058)
- RtlEqualSid (Address: 0x18006cf88)
- RtlEqualString (Address: 0x18006d1a0)
- RtlEqualUnicodeString (Address: 0x18006d228)
- RtlEraseUnicodeString (Address: 0x18006cf38)
- RtlFreeHeap (Address: 0x18006d1c8)
- RtlFreeOemString (Address: 0x18006d0c0)
- RtlFreeSid (Address: 0x18006d1e8)
- RtlFreeUnicodeString (Address: 0x18006d220)
- RtlGetElementGenericTable (Address: 0x18006d188)
- RtlGetNtProductType (Address: 0x18006d000)
- RtlIdentifierAuthoritySid (Address: 0x18006cf58)
- RtlImageNtHeader (Address: 0x18006d1d0)
- RtlImpersonateSelf (Address: 0x18006d240)
- RtlInitializeCriticalSection (Address: 0x18006d0c8)
- RtlInitializeGenericTable (Address: 0x18006d140)
- RtlInitializeResource (Address: 0x18006cfa0)
- RtlInitializeSid (Address: 0x18006cf48)
- RtlInitString (Address: 0x18006d230)
- RtlInitUnicodeString (Address: 0x18006d238)
- RtlInsertElementGenericTable (Address: 0x18006d178)
- RtlIntegerToChar (Address: 0x18006cf98)
- RtlIntegerToUnicodeString (Address: 0x18006d070)
- RtlIpv6StringToAddressExW (Address: 0x18006d138)
- RtlLeaveCriticalSection (Address: 0x18006d180)
- RtlLengthRequiredSid (Address: 0x18006cf70)
- RtlLengthSid (Address: 0x18006cf68)
- RtlLookupElementGenericTable (Address: 0x18006d190)
- RtlNtStatusToDosError (Address: 0x18006d0f0)
- RtlNumberGenericTableElements (Address: 0x18006d168)
- RtlOemStringToUnicodeString (Address: 0x18006d0e8)
- RtlPrefixUnicodeString (Address: 0x18006d258)
- RtlReleaseResource (Address: 0x18006d1f8)
- RtlRunDecodeUnicodeString (Address: 0x18006d200)
- RtlSetDaclSecurityDescriptor (Address: 0x18006d100)
- RtlSubAuthorityCountSid (Address: 0x18006cf60)
- RtlSubAuthoritySid (Address: 0x18006cf50)
- RtlSystemTimeToLocalTime (Address: 0x18006d198)
- RtlTimeToTimeFields (Address: 0x18006d1a8)
- RtlUpcaseUnicodeString (Address: 0x18006cff8)
- RtlUpcaseUnicodeStringToOemString (Address: 0x18006d0d0)
- RtlUpperChar (Address: 0x18006d0b0)
- WinSqmIncrementDWORD (Address: 0x18006cf90)
- WinSqmSetDWORD (Address: 0x18006d0b8)
NtlmShared.dll
- MsvpCachePasswordsToCredential (Address: 0x18006c790)
- MsvpCalculateNtlm2ChallengeNew (Address: 0x18006c7d8)
- MsvpCalculateNtlm2SessionKeysNew (Address: 0x18006c798)
- MsvpCompareCredentials (Address: 0x18006c7e0)
- MsvpComputeSaltedHashedPassword (Address: 0x18006c788)
- MsvpCredentialToCachePasswords (Address: 0x18006c7c8)
- MsvpDecryptDpapiMasterKey (Address: 0x18006c7e8)
- MsvpDeriveSecureCredKey (Address: 0x18006c7d0)
- MsvpGMSACred (Address: 0x18006c780)
- MsvpLm20GetNtlm3ChallengeResponse (Address: 0x18006c7f0)
- MsvpLm3Response (Address: 0x18006c7b8)
- MsvpLm3ResponseNew (Address: 0x18006c7a8)
- MsvpMakeSecretPasswordNT5 (Address: 0x18006c778)
- MsvpPasswordValidate (Address: 0x18006c7b0)
- MsvpPutClearOwfsInPrimaryCredential (Address: 0x18006c810)
- MsvpUpdateSharedConfiguration (Address: 0x18006c7c0)
- MsvpValidateSupplementalCreds (Address: 0x18006c7a0)
- NtLmAlterRtlEqualUnicodeString (Address: 0x18006c7f8)
- NtlmSharedFree (Address: 0x18006c808)
- NtlmSharedInit (Address: 0x18006c800)
RPCRT4.dll
- I_RpcMapWin32Status (Address: 0x18006c838)
- MesBufferHandleReset (Address: 0x18006c850)
- MesDecodeBufferHandleCreate (Address: 0x18006c858)
- MesEncodeDynBufferHandleCreate (Address: 0x18006c848)
- MesHandleFree (Address: 0x18006c840)
- NdrClientCall3 (Address: 0x18006c830)
- NdrMesTypeAlignSize3 (Address: 0x18006c870)
- NdrMesTypeDecode3 (Address: 0x18006c860)
- NdrMesTypeEncode3 (Address: 0x18006c868)
- RpcBindingFree (Address: 0x18006c878)
- RpcBindingFromStringBindingW (Address: 0x18006c888)
- RpcExceptionFilter (Address: 0x18006c880)
- RpcStringBindingComposeW (Address: 0x18006c820)
- RpcStringFreeW (Address: 0x18006c828)