ncbservice.dll

Description: Network Connection Broker

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 737862db9e2d4158661c94d705e16c88

File Size: 373.5 KB

Uploaded At: Dec. 1, 2025, 7:34 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0xa130)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0xdbe0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CLSIDFromString (Address: 0x18003dc90)
  • CoCreateGuid (Address: 0x18003dca8)
  • CoCreateInstance (Address: 0x18003dc88)
  • CoInitializeEx (Address: 0x18003dc98)
  • CoTaskMemAlloc (Address: 0x18003dc80)
  • CoTaskMemFree (Address: 0x18003dca0)
  • CoTaskMemRealloc (Address: 0x18003dc78)
  • CoUninitialize (Address: 0x18003dcb0)
  • StringFromGUID2 (Address: 0x18003dc70)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x18003dcd8)
  • IsDebuggerPresent (Address: 0x18003dcc0)
  • OutputDebugStringA (Address: 0x18003dcc8)
  • OutputDebugStringW (Address: 0x18003dcd0)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x18003dce8)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x18003dcf8)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x18003dd10)
  • RaiseException (Address: 0x18003dd28)
  • SetLastError (Address: 0x18003dd08)
  • SetUnhandledExceptionFilter (Address: 0x18003dd18)
  • UnhandledExceptionFilter (Address: 0x18003dd20)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x18003dd38)
  • DuplicateHandle (Address: 0x18003dd40)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x18003dd60)
  • HeapAlloc (Address: 0x18003dd50)
  • HeapFree (Address: 0x18003dd58)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x18003dd70)
  • LocalFree (Address: 0x18003dd78)
api-ms-win-core-io-l1-1-0.dll
  • CancelIoEx (Address: 0x18003dd88)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • WTSGetActiveConsoleSessionId (Address: 0x18003dd98)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x18003ddf0)
  • FindResourceExW (Address: 0x18003ddc0)
  • FreeLibrary (Address: 0x18003dda8)
  • GetModuleFileNameA (Address: 0x18003ddd0)
  • GetModuleFileNameW (Address: 0x18003dde8)
  • GetModuleHandleExW (Address: 0x18003ddd8)
  • GetModuleHandleW (Address: 0x18003ddf8)
  • GetProcAddress (Address: 0x18003dde0)
  • LoadLibraryExW (Address: 0x18003ddb0)
  • LoadResource (Address: 0x18003ddc8)
  • SizeofResource (Address: 0x18003ddb8)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x18003de08)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x18003de18)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x18003de50)
  • GetCurrentProcessId (Address: 0x18003de38)
  • GetCurrentThread (Address: 0x18003de28)
  • GetCurrentThreadId (Address: 0x18003de68)
  • GetProcessId (Address: 0x18003de48)
  • OpenProcessToken (Address: 0x18003de70)
  • OpenThreadToken (Address: 0x18003de30)
  • ProcessIdToSessionId (Address: 0x18003de60)
  • SetThreadToken (Address: 0x18003de40)
  • TerminateProcess (Address: 0x18003de58)
api-ms-win-core-processthreads-l1-1-1.dll
  • GetProcessMitigationPolicy (Address: 0x18003de80)
  • OpenProcess (Address: 0x18003de88)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x18003de98)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x18003dea8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18003def0)
  • RegCreateKeyExW (Address: 0x18003def8)
  • RegDeleteKeyExW (Address: 0x18003dee8)
  • RegDeleteTreeW (Address: 0x18003ded0)
  • RegDeleteValueW (Address: 0x18003dec0)
  • RegEnumKeyExW (Address: 0x18003deb8)
  • RegGetValueW (Address: 0x18003df08)
  • RegOpenKeyExW (Address: 0x18003ded8)
  • RegQueryInfoKeyW (Address: 0x18003dec8)
  • RegQueryValueExW (Address: 0x18003df00)
  • RegSetValueExW (Address: 0x18003dee0)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x18003df18)
api-ms-win-core-string-l2-1-0.dll
  • CharNextW (Address: 0x18003df28)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x18003df38)
api-ms-win-core-synch-l1-1-0.dll
  • CreateEventW (Address: 0x18003df80)
  • DeleteCriticalSection (Address: 0x18003df78)
  • EnterCriticalSection (Address: 0x18003df50)
  • InitializeCriticalSection (Address: 0x18003df60)
  • LeaveCriticalSection (Address: 0x18003df58)
  • ResetEvent (Address: 0x18003df70)
  • SetEvent (Address: 0x18003df48)
  • WaitForSingleObject (Address: 0x18003df68)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x18003df90)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x18003dfb0)
  • GetTickCount (Address: 0x18003dfa8)
  • GetTickCount64 (Address: 0x18003dfa0)
api-ms-win-core-threadpool-l1-2-0.dll
  • CancelThreadpoolIo (Address: 0x18003dfe8)
  • CloseThreadpoolIo (Address: 0x18003e038)
  • CloseThreadpoolTimer (Address: 0x18003e048)
  • CloseThreadpoolWait (Address: 0x18003dfd8)
  • CloseThreadpoolWork (Address: 0x18003dfe0)
  • CreateThreadpoolIo (Address: 0x18003e000)
  • CreateThreadpoolTimer (Address: 0x18003e020)
  • CreateThreadpoolWait (Address: 0x18003dfc8)
  • CreateThreadpoolWork (Address: 0x18003e030)
  • DisassociateCurrentThreadFromCallback (Address: 0x18003e008)
  • SetThreadpoolTimer (Address: 0x18003e018)
  • SetThreadpoolWait (Address: 0x18003dfc0)
  • StartThreadpoolIo (Address: 0x18003e010)
  • SubmitThreadpoolWork (Address: 0x18003e028)
  • TrySubmitThreadpoolCallback (Address: 0x18003e040)
  • WaitForThreadpoolIoCallbacks (Address: 0x18003dff8)
  • WaitForThreadpoolTimerCallbacks (Address: 0x18003dff0)
  • WaitForThreadpoolWaitCallbacks (Address: 0x18003dfd0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • UnregisterWaitEx (Address: 0x18003e058)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x18003e078)
  • GetTraceEnableLevel (Address: 0x18003e070)
  • GetTraceLoggerHandle (Address: 0x18003e080)
  • RegisterTraceGuidsW (Address: 0x18003e068)
  • TraceMessage (Address: 0x18003e088)
  • UnregisterTraceGuids (Address: 0x18003e090)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x18003e0b8)
  • EventSetInformation (Address: 0x18003e0b0)
  • EventUnregister (Address: 0x18003e0a8)
  • EventWriteTransfer (Address: 0x18003e0a0)
api-ms-win-power-setting-l1-1-0.dll
  • PowerSettingRegisterNotification (Address: 0x18003e0c8)
  • PowerSettingUnregisterNotification (Address: 0x18003e0d0)
api-ms-win-security-base-l1-1-0.dll
  • AccessCheck (Address: 0x18003e0e0)
  • CheckTokenMembership (Address: 0x18003e108)
  • CopySid (Address: 0x18003e120)
  • DuplicateTokenEx (Address: 0x18003e100)
  • GetLengthSid (Address: 0x18003e118)
  • GetTokenInformation (Address: 0x18003e0f8)
  • ImpersonateLoggedOnUser (Address: 0x18003e0f0)
  • IsValidSid (Address: 0x18003e110)
  • RevertToSelf (Address: 0x18003e0e8)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x18003e130)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18003e140)
  • ConvertStringSidToSidW (Address: 0x18003e138)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x18003e158)
  • SetServiceStatus (Address: 0x18003e150)
api-ms-win-stateseparation-helpers-l1-1-0.dll
  • GetPersistedRegistryLocationW (Address: 0x18003e168)
BrokerLib.dll
  • BrBufferFree (Address: 0x18003da88)
  • BrCheckCallerCapabilities (Address: 0x18003da50)
  • BrCheckCallerIsAppContainer (Address: 0x18003da90)
  • BrCreateBrokeredEvent (Address: 0x18003da98)
  • BrCreateBrokerInstance (Address: 0x18003dac8)
  • BrCreateBrokerInstance2 (Address: 0x18003daa8)
  • BrDeleteBrokeredEvent (Address: 0x18003da78)
  • BrDeleteBrokerInstance (Address: 0x18003da40)
  • BrFindBrokeredEvent (Address: 0x18003da60)
  • BrGetBrokeredAppState (Address: 0x18003dab8)
  • BrInitializeBrokerInstance (Address: 0x18003da80)
  • BrInitializeBrokerInstance2 (Address: 0x18003dad0)
  • BrLockBroker (Address: 0x18003da68)
  • BrQueryBrokeredEvents (Address: 0x18003da58)
  • BrRegisterBrokeredEvent (Address: 0x18003da70)
  • BrSignalBrokerEvent (Address: 0x18003dab0)
  • BrSignalBrokerEvent2 (Address: 0x18003daa0)
  • BrUnlockBroker (Address: 0x18003da48)
  • BrUnregisterBrokeredEvent (Address: 0x18003dac0)
IPHLPAPI.DLL
  • GetIfEntry2 (Address: 0x18003dae8)
  • InternalGetRtcSlotInformation (Address: 0x18003dae0)
msvcrt.dll
  • __C_specific_handler (Address: 0x18003e278)
  • __CxxFrameHandler3 (Address: 0x18003e280)
  • __dllonexit (Address: 0x18003e198)
  • _amsg_exit (Address: 0x18003e1c0)
  • _callnewh (Address: 0x18003e200)
  • _CxxThrowException (Address: 0x18003e1e0)
  • _errno (Address: 0x18003e1b0)
  • _initterm (Address: 0x18003e1b8)
  • _lock (Address: 0x18003e218)
  • _onexit (Address: 0x18003e190)
  • _purecall (Address: 0x18003e248)
  • _unlock (Address: 0x18003e290)
  • _vsnprintf_s (Address: 0x18003e220)
  • _vsnwprintf (Address: 0x18003e240)
  • _XcptFilter (Address: 0x18003e1c8)
  • ??_V@YAXPEAX@Z (Address: 0x18003e270)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18003e1f8)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18003e1f0)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18003e228)
  • ??0exception@@QEAA@XZ (Address: 0x18003e230)
  • ??1exception@@UEAA@XZ (Address: 0x18003e238)
  • ??1type_info@@UEAA@XZ (Address: 0x18003e188)
  • ??3@YAXPEAX@Z (Address: 0x18003e288)
  • ?terminate@@YAXXZ (Address: 0x18003e1a0)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x18003e1e8)
  • free (Address: 0x18003e260)
  • malloc (Address: 0x18003e258)
  • memcmp (Address: 0x18003e178)
  • memcpy (Address: 0x18003e1d8)
  • memcpy_s (Address: 0x18003e268)
  • memmove (Address: 0x18003e1d0)
  • memset (Address: 0x18003e180)
  • realloc (Address: 0x18003e1a8)
  • swscanf_s (Address: 0x18003e208)
  • wcscmp (Address: 0x18003e298)
  • wcscpy_s (Address: 0x18003e210)
  • wcsncpy_s (Address: 0x18003e250)
NSI.dll
  • NsiGetAllParameters (Address: 0x18003db00)
  • NsiSetAllParameters (Address: 0x18003daf8)
ntdll.dll
  • EtwTraceMessage (Address: 0x18003e3a0)
  • NtPowerInformation (Address: 0x18003e360)
  • NtQueryWnfStateData (Address: 0x18003e320)
  • NtSetInformationFile (Address: 0x18003e2c8)
  • RtlAllocateWnfSerializationGroup (Address: 0x18003e318)
  • RtlCaptureContext (Address: 0x18003e2c0)
  • RtlCompareMemory (Address: 0x18003e2f0)
  • RtlCopySid (Address: 0x18003e300)
  • RtlCreateHashTable (Address: 0x18003e370)
  • RtlDeleteHashTable (Address: 0x18003e330)
  • RtlEndEnumerationHashTable (Address: 0x18003e390)
  • RtlEnumerateEntryHashTable (Address: 0x18003e398)
  • RtlEqualSid (Address: 0x18003e380)
  • RtlFreeSid (Address: 0x18003e308)
  • RtlGetNextEntryHashTable (Address: 0x18003e340)
  • RtlGetVersion (Address: 0x18003e2a8)
  • RtlHashUnicodeString (Address: 0x18003e2d0)
  • RtlInitEnumerationHashTable (Address: 0x18003e388)
  • RtlInitUnicodeString (Address: 0x18003e368)
  • RtlInsertEntryHashTable (Address: 0x18003e348)
  • RtlLengthSid (Address: 0x18003e310)
  • RtlLookupEntryHashTable (Address: 0x18003e338)
  • RtlLookupFunctionEntry (Address: 0x18003e2b8)
  • RtlNtStatusToDosError (Address: 0x18003e2d8)
  • RtlPublishWnfStateData (Address: 0x18003e378)
  • RtlQueryPackageClaims (Address: 0x18003e358)
  • RtlQueryPackageIdentity (Address: 0x18003e2e0)
  • RtlRemoveEntryHashTable (Address: 0x18003e350)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x18003e328)
  • RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x18003e2f8)
  • RtlVirtualUnwind (Address: 0x18003e2b0)
  • WinSqmAddToStreamEx (Address: 0x18003e2e8)
OLEAUT32.dll
  • VariantInit (Address: 0x18003db10)
  • VarUI4FromStr (Address: 0x18003db18)
RPCRT4.dll
  • I_RpcOpenClientProcess (Address: 0x18003db88)
  • Ndr64AsyncServerCallAll (Address: 0x18003db58)
  • NdrAsyncServerCall (Address: 0x18003db50)
  • NdrServerCall2 (Address: 0x18003db90)
  • NdrServerCallAll (Address: 0x18003db98)
  • RpcAsyncCompleteCall (Address: 0x18003db68)
  • RpcBindingVectorFree (Address: 0x18003db40)
  • RpcEpRegisterW (Address: 0x18003db30)
  • RpcEpUnregister (Address: 0x18003db48)
  • RpcImpersonateClient (Address: 0x18003db80)
  • RpcRevertToSelf (Address: 0x18003db78)
  • RpcRevertToSelfEx (Address: 0x18003dbc8)
  • RpcServerInqBindings (Address: 0x18003db28)
  • RpcServerInterfaceGroupActivate (Address: 0x18003dba8)
  • RpcServerInterfaceGroupClose (Address: 0x18003dbb8)
  • RpcServerInterfaceGroupCreateW (Address: 0x18003dba0)
  • RpcServerInterfaceGroupDeactivate (Address: 0x18003db70)
  • RpcServerRegisterIfEx (Address: 0x18003dbc0)
  • RpcServerUnregisterIfEx (Address: 0x18003db38)
  • RpcServerUseProtseqW (Address: 0x18003db60)
  • RpcSsContextLockExclusive (Address: 0x18003dbb0)
SystemEventsBrokerClient.dll
  • SebCreateNetOperatorHotSpotAuthEvent (Address: 0x18003dbe0)
  • SebDeleteEvent (Address: 0x18003dc00)
  • SebEnumerateEvents (Address: 0x18003dbf0)
  • SebQueryEventData (Address: 0x18003dbe8)
  • SebQueryEventPackage (Address: 0x18003dbd8)
  • SebSignalEvent (Address: 0x18003dbf8)
WS2_32.dll
  • closesocket (Address: 0x18003dc20)
  • ioctlsocket (Address: 0x18003dc50)
  • setsockopt (Address: 0x18003dc38)
  • WSACleanup (Address: 0x18003dc28)
  • WSACloseEvent (Address: 0x18003dc30)
  • WSAEnumNetworkEvents (Address: 0x18003dc48)
  • WSAEventSelect (Address: 0x18003dc40)
  • WSAGetLastError (Address: 0x18003dc60)
  • WSAIoctl (Address: 0x18003dc10)
  • WSASocketW (Address: 0x18003dc18)
  • WSAStartup (Address: 0x18003dc58)