NgcCtnrSvc.dll
Description: Microsoft Passport Container Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6456
Architecture: 64-bit
Operating System: Windows NT
SHA256: dd7023457e2f1b66f68c616890fc1347
File Size: 773.0 KB
Uploaded At: Dec. 1, 2025, 7:35 a.m.
Views: 7
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x19e80)
- SvchostPushServiceGlobals (Ordinal: 2, Address: 0x1b8e0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18008c110)
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x18008c128)
- CoCreateInstance (Address: 0x18008c170)
- CoDecrementMTAUsage (Address: 0x18008c120)
- CoGetMalloc (Address: 0x18008c130)
- CoIncrementMTAUsage (Address: 0x18008c140)
- CoInitializeEx (Address: 0x18008c148)
- CoTaskMemAlloc (Address: 0x18008c158)
- CoTaskMemFree (Address: 0x18008c160)
- CoUninitialize (Address: 0x18008c150)
- IIDFromString (Address: 0x18008c168)
- StringFromGUID2 (Address: 0x18008c138)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18008c180)
- IsDebuggerPresent (Address: 0x18008c188)
- OutputDebugStringW (Address: 0x18008c190)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18008c1a0)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18008c1b0)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18008c1e0)
- RaiseException (Address: 0x18008c1c0)
- SetLastError (Address: 0x18008c1d0)
- SetUnhandledExceptionFilter (Address: 0x18008c1d8)
- UnhandledExceptionFilter (Address: 0x18008c1c8)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x18008c218)
- CreateDirectoryW (Address: 0x18008c200)
- CreateFileW (Address: 0x18008c1f0)
- FindClose (Address: 0x18008c210)
- FindFirstFileExW (Address: 0x18008c208)
- FindNextFileW (Address: 0x18008c220)
- GetFileAttributesExW (Address: 0x18008c1f8)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18008c230)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18008c248)
- HeapAlloc (Address: 0x18008c250)
- HeapFree (Address: 0x18008c240)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18008c268)
- LocalFree (Address: 0x18008c260)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalSize (Address: 0x18008c278)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x18008c288)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- UnregisterWait (Address: 0x18008c298)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18008c2d0)
- FreeLibrary (Address: 0x18008c2c8)
- GetModuleFileNameA (Address: 0x18008c2a8)
- GetModuleHandleExW (Address: 0x18008c2b8)
- GetModuleHandleW (Address: 0x18008c2e0)
- GetProcAddress (Address: 0x18008c2b0)
- LoadLibraryExW (Address: 0x18008c2d8)
- LoadStringW (Address: 0x18008c2c0)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x18008c2f0)
api-ms-win-core-libraryloader-l2-1-0.dll
- QueryOptionalDelayLoadedAPI (Address: 0x18008c300)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18008c310)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18008c320)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18008c358)
- GetCurrentProcessId (Address: 0x18008c330)
- GetCurrentThread (Address: 0x18008c370)
- GetCurrentThreadId (Address: 0x18008c340)
- GetPriorityClass (Address: 0x18008c348)
- OpenProcessToken (Address: 0x18008c368)
- OpenThreadToken (Address: 0x18008c360)
- SetPriorityClass (Address: 0x18008c350)
- TerminateProcess (Address: 0x18008c338)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x18008c380)
- OpenProcess (Address: 0x18008c388)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18008c398)
api-ms-win-core-psapi-l1-1-0.dll
- K32EnumProcesses (Address: 0x18008c3a8)
- QueryFullProcessImageNameW (Address: 0x18008c3b0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18008c3c0)
- RegCreateKeyExW (Address: 0x18008c3f0)
- RegDeleteValueW (Address: 0x18008c408)
- RegEnumKeyExW (Address: 0x18008c3d8)
- RegFlushKey (Address: 0x18008c3d0)
- RegGetValueW (Address: 0x18008c3e8)
- RegOpenKeyExW (Address: 0x18008c3f8)
- RegQueryInfoKeyW (Address: 0x18008c3c8)
- RegQueryValueExW (Address: 0x18008c400)
- RegSetValueExW (Address: 0x18008c3e0)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18008c418)
- RtlLookupFunctionEntry (Address: 0x18008c428)
- RtlVirtualUnwind (Address: 0x18008c420)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18008c488)
- AcquireSRWLockShared (Address: 0x18008c4e0)
- CreateEventExW (Address: 0x18008c450)
- CreateEventW (Address: 0x18008c4b0)
- CreateMutexExW (Address: 0x18008c4d8)
- CreateSemaphoreExW (Address: 0x18008c478)
- DeleteCriticalSection (Address: 0x18008c438)
- EnterCriticalSection (Address: 0x18008c448)
- InitializeCriticalSectionAndSpinCount (Address: 0x18008c4a8)
- InitializeCriticalSectionEx (Address: 0x18008c458)
- InitializeSRWLock (Address: 0x18008c498)
- LeaveCriticalSection (Address: 0x18008c440)
- OpenSemaphoreW (Address: 0x18008c4c8)
- ReleaseMutex (Address: 0x18008c470)
- ReleaseSemaphore (Address: 0x18008c468)
- ReleaseSRWLockExclusive (Address: 0x18008c480)
- ReleaseSRWLockShared (Address: 0x18008c4d0)
- ResetEvent (Address: 0x18008c4a0)
- SetEvent (Address: 0x18008c4b8)
- SleepEx (Address: 0x18008c4c0)
- WaitForSingleObject (Address: 0x18008c460)
- WaitForSingleObjectEx (Address: 0x18008c490)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x18008c508)
- InitOnceComplete (Address: 0x18008c500)
- InitOnceExecuteOnce (Address: 0x18008c4f8)
- Sleep (Address: 0x18008c4f0)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18008c518)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetSystemFirmwareTable (Address: 0x18008c528)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolCleanupGroup (Address: 0x18008c550)
- CloseThreadpoolCleanupGroupMembers (Address: 0x18008c558)
- CloseThreadpoolTimer (Address: 0x18008c570)
- CreateThreadpoolCleanupGroup (Address: 0x18008c538)
- CreateThreadpoolTimer (Address: 0x18008c540)
- SetThreadpoolTimer (Address: 0x18008c560)
- TrySubmitThreadpoolCallback (Address: 0x18008c548)
- WaitForThreadpoolTimerCallbacks (Address: 0x18008c568)
api-ms-win-core-winrt-error-l1-1-0.dll
- RoOriginateError (Address: 0x18008c580)
api-ms-win-core-winrt-l1-1-0.dll
- RoGetActivationFactory (Address: 0x18008c590)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x18008c5b0)
- WindowsCreateStringReference (Address: 0x18008c5a0)
- WindowsGetStringRawBuffer (Address: 0x18008c5a8)
api-ms-win-crt-math-l1-1-0.dll
- ceilf (Address: 0x18008c5c0)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x18008c640)
- __CxxFrameHandler3 (Address: 0x18008c648)
- __CxxFrameHandler4 (Address: 0x18008c6c0)
- __std_terminate (Address: 0x18008c6b8)
- _CxxThrowException (Address: 0x18008c650)
- _o___std_exception_copy (Address: 0x18008c6b0)
- _o___std_exception_destroy (Address: 0x18008c6a8)
- _o___std_type_info_destroy_list (Address: 0x18008c6a0)
- _o___stdio_common_vsnprintf_s (Address: 0x18008c698)
- _o___stdio_common_vswprintf (Address: 0x18008c690)
- _o__callnewh (Address: 0x18008c688)
- _o__cexit (Address: 0x18008c680)
- _o__configure_narrow_argv (Address: 0x18008c678)
- _o__crt_atexit (Address: 0x18008c670)
- _o__errno (Address: 0x18008c660)
- _o__execute_onexit_table (Address: 0x18008c658)
- _o__free_locale (Address: 0x18008c668)
- _o__initialize_narrow_environment (Address: 0x18008c5d0)
- _o__initialize_onexit_table (Address: 0x18008c5d8)
- _o__invalid_parameter_noinfo (Address: 0x18008c5e0)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x18008c5e8)
- _o__purecall (Address: 0x18008c5f0)
- _o__register_onexit_function (Address: 0x18008c5f8)
- _o__seh_filter_dll (Address: 0x18008c600)
- _o__wcreate_locale (Address: 0x18008c608)
- _o__wcsicmp (Address: 0x18008c610)
- _o__wcsicmp_l (Address: 0x18008c618)
- _o_free (Address: 0x18008c628)
- _o_malloc (Address: 0x18008c630)
- _o_terminate (Address: 0x18008c638)
- memcmp (Address: 0x18008c6c8)
- memcpy (Address: 0x18008c6d0)
- memmove (Address: 0x18008c620)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x18008c6e8)
- _initterm_e (Address: 0x18008c6e0)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x18008c700)
- wcscmp (Address: 0x18008c6f8)
- wcsnlen (Address: 0x18008c708)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x18008c720)
- EventRegister (Address: 0x18008c738)
- EventSetInformation (Address: 0x18008c730)
- EventUnregister (Address: 0x18008c728)
- EventWriteTransfer (Address: 0x18008c718)
api-ms-win-power-setting-l1-1-0.dll
- PowerSettingRegisterNotification (Address: 0x18008c750)
- PowerSettingUnregisterNotification (Address: 0x18008c748)
api-ms-win-security-accesshlpr-l1-1-0.dll
- FreeTransientObjectSecurityDescriptor (Address: 0x18008c768)
- QueryTransientObjectSecurityDescriptor (Address: 0x18008c760)
api-ms-win-security-base-l1-1-0.dll
- CopySid (Address: 0x18008c7a8)
- DuplicateTokenEx (Address: 0x18008c788)
- EqualSid (Address: 0x18008c780)
- GetLengthSid (Address: 0x18008c7a0)
- GetTokenInformation (Address: 0x18008c790)
- IsValidSid (Address: 0x18008c778)
- IsWellKnownSid (Address: 0x18008c798)
api-ms-win-security-lsalookup-l1-1-2.dll
- LsaLookupUserAccountType (Address: 0x18008c7b8)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x18008c7d8)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18008c7c8)
- ConvertStringSidToSidW (Address: 0x18008c7d0)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x18008c7f0)
- SetServiceStatus (Address: 0x18008c7e8)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x18008c800)
- OpenServiceW (Address: 0x18008c808)
api-ms-win-service-winsvc-l1-1-0.dll
- OpenSCManagerA (Address: 0x18008c820)
- QueryServiceStatus (Address: 0x18008c818)
- StartServiceA (Address: 0x18008c828)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x18008c838)
DEVOBJ.dll
- DevObjCreateDeviceInfoList (Address: 0x18008c028)
- DevObjDestroyDeviceInfoList (Address: 0x18008c048)
- DevObjEnumDeviceInfo (Address: 0x18008c030)
- DevObjEnumDeviceInterfaces (Address: 0x18008c038)
- DevObjGetClassDevs (Address: 0x18008c040)
- DevObjOpenDevRegKey (Address: 0x18008c020)
msvcp_win.dll
- _Cnd_broadcast (Address: 0x18008c880)
- _Cnd_destroy_in_situ (Address: 0x18008c8d0)
- _Cnd_init_in_situ (Address: 0x18008c930)
- _Cnd_register_at_thread_exit (Address: 0x18008c890)
- _Cnd_timedwait (Address: 0x18008c910)
- _Cnd_unregister_at_thread_exit (Address: 0x18008c8c8)
- _Cnd_wait (Address: 0x18008c8f0)
- _Mtx_current_owns (Address: 0x18008c920)
- _Mtx_destroy_in_situ (Address: 0x18008c8d8)
- _Mtx_init_in_situ (Address: 0x18008c938)
- _Mtx_lock (Address: 0x18008c8c0)
- _Mtx_unlock (Address: 0x18008c8b8)
- _Query_perf_counter (Address: 0x18008c900)
- _Query_perf_frequency (Address: 0x18008c908)
- _Xtime_get_ticks (Address: 0x18008c928)
- ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z (Address: 0x18008c898)
- ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z (Address: 0x18008c868)
- ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z (Address: 0x18008c870)
- ?__ExceptionPtrCreate@@YAXPEAX@Z (Address: 0x18008c878)
- ?__ExceptionPtrCurrentException@@YAXPEAX@Z (Address: 0x18008c8f8)
- ?__ExceptionPtrDestroy@@YAXPEAX@Z (Address: 0x18008c860)
- ?__ExceptionPtrToBool@@YA_NPEBX@Z (Address: 0x18008c8e8)
- ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z (Address: 0x18008c9b0)
- ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ (Address: 0x18008c940)
- ?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z (Address: 0x18008c8a8)
- ?_Incref@facet@locale@std@@UEAAXXZ (Address: 0x18008c998)
- ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z (Address: 0x18008c948)
- ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z (Address: 0x18008c9a8)
- ?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z (Address: 0x18008c8e0)
- ?_Syserror_map@std@@YAPEBDH@Z (Address: 0x18008c8a0)
- ?_Throw_C_error@std@@YAXH@Z (Address: 0x18008c888)
- ?_Throw_Cpp_error@std@@YAXH@Z (Address: 0x18008c918)
- ?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z (Address: 0x18008c8b0)
- ?_Xbad_function_call@std@@YAXXZ (Address: 0x18008c848)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x18008c850)
- ?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x18008c858)
- ??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z (Address: 0x18008c958)
- ??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ (Address: 0x18008c950)
- ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z (Address: 0x18008c9c8)
- ??Bid@locale@std@@QEAA_KXZ (Address: 0x18008c9b8)
- ?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ (Address: 0x18008c990)
- ?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ (Address: 0x18008c980)
- ?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z (Address: 0x18008c978)
- ?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z (Address: 0x18008c960)
- ?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ (Address: 0x18008c988)
- ?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z (Address: 0x18008c970)
- ?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z (Address: 0x18008c968)
- ?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A (Address: 0x18008c9c0)
- ?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z (Address: 0x18008c9a0)
ntdll.dll
- LdrAddRefDll (Address: 0x18008ca20)
- LdrUnloadDll (Address: 0x18008ca28)
- NtClose (Address: 0x18008ca80)
- NtCreateUserProcess (Address: 0x18008c9e0)
- NtOpenKey (Address: 0x18008ca78)
- NtQueryInformationProcess (Address: 0x18008ca48)
- NtQuerySystemInformation (Address: 0x18008c9e8)
- NtQueryValueKey (Address: 0x18008ca70)
- NtQueryWnfStateData (Address: 0x18008ca10)
- NtTerminateProcess (Address: 0x18008ca40)
- RtlCreateProcessParametersEx (Address: 0x18008ca58)
- RtlDestroyProcessParameters (Address: 0x18008ca68)
- RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x18008ca50)
- RtlFreeUnicodeString (Address: 0x18008ca60)
- RtlInitUnicodeString (Address: 0x18008c9d8)
- RtlIsMultiSessionSku (Address: 0x18008c9f8)
- RtlNtStatusToDosError (Address: 0x18008c9f0)
- RtlPublishWnfStateData (Address: 0x18008ca00)
- RtlSubscribeWnfStateChangeNotification (Address: 0x18008ca18)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x18008ca08)
- RtlUnsubscribeWnfNotificationWithCompletionCallback (Address: 0x18008ca38)
- RtlWnfDllUnloadCallback (Address: 0x18008ca30)
profapi.dll
- (Address: 0x18008ca90)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x18008c0c0)
- NdrClientCall3 (Address: 0x18008c058)
- NdrServerCall2 (Address: 0x18008c0b0)
- NdrServerCallAll (Address: 0x18008c098)
- RpcBindingBind (Address: 0x18008c060)
- RpcBindingCreateW (Address: 0x18008c068)
- RpcBindingFree (Address: 0x18008c0f0)
- RpcBindingFromStringBindingW (Address: 0x18008c0d8)
- RpcBindingSetAuthInfoExW (Address: 0x18008c0e8)
- RpcEpResolveBinding (Address: 0x18008c0e0)
- RpcExceptionFilter (Address: 0x18008c0a0)
- RpcImpersonateClient (Address: 0x18008c0c8)
- RpcRaiseException (Address: 0x18008c0f8)
- RpcRevertToSelf (Address: 0x18008c0d0)
- RpcRevertToSelfEx (Address: 0x18008c070)
- RpcServerInterfaceGroupActivate (Address: 0x18008c088)
- RpcServerInterfaceGroupClose (Address: 0x18008c078)
- RpcServerInterfaceGroupCreateW (Address: 0x18008c090)
- RpcServerInterfaceGroupDeactivate (Address: 0x18008c080)
- RpcStringBindingComposeW (Address: 0x18008c0a8)
- RpcStringFreeW (Address: 0x18008c0b8)
- UuidToStringW (Address: 0x18008c100)