AboveLockAppHost.dll

Description: AboveLockAppHost

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5848

Architecture: 64-bit

Operating System: Windows NT

SHA256: 5a5a1ff49129eda71c1cbee627bea784

File Size: 409.5 KB

Uploaded At: Dec. 1, 2025, 7:21 a.m.

Views: 13

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x7d00)
  • DllGetActivationFactory (Ordinal: 2, Address: 0x15db0)
  • DllGetClassObject (Ordinal: 3, Address: 0x7a90)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x180049558)
  • CoCreateInstance (Address: 0x180049538)
  • CoGetApartmentType (Address: 0x180049548)
  • CoGetCallContext (Address: 0x180049560)
  • CoGetInterfaceAndReleaseStream (Address: 0x180049510)
  • CoGetMalloc (Address: 0x180049528)
  • CoGetStdMarshalEx (Address: 0x180049530)
  • CoMarshalInterThreadInterfaceInStream (Address: 0x1800494f8)
  • CoReleaseMarshalData (Address: 0x180049550)
  • CoTaskMemAlloc (Address: 0x180049520)
  • CoTaskMemFree (Address: 0x180049540)
  • CoTaskMemRealloc (Address: 0x180049518)
  • CoWaitForMultipleHandles (Address: 0x180049500)
  • CoWaitForMultipleObjects (Address: 0x180049508)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x180049570)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
  • CStdStubBuffer2_Connect (Address: 0x180049608)
  • CStdStubBuffer2_CountRefs (Address: 0x180049590)
  • CStdStubBuffer2_Disconnect (Address: 0x1800495b8)
  • CStdStubBuffer2_QueryInterface (Address: 0x1800495d0)
  • NdrProxyForwardingFunction3 (Address: 0x1800495f8)
  • NdrProxyForwardingFunction4 (Address: 0x1800495e0)
  • NdrProxyForwardingFunction5 (Address: 0x180049648)
  • ObjectStublessClient10 (Address: 0x1800495a8)
  • ObjectStublessClient11 (Address: 0x180049620)
  • ObjectStublessClient12 (Address: 0x1800495a0)
  • ObjectStublessClient13 (Address: 0x180049640)
  • ObjectStublessClient14 (Address: 0x180049610)
  • ObjectStublessClient15 (Address: 0x180049618)
  • ObjectStublessClient16 (Address: 0x180049588)
  • ObjectStublessClient17 (Address: 0x1800495e8)
  • ObjectStublessClient18 (Address: 0x180049598)
  • ObjectStublessClient19 (Address: 0x1800495d8)
  • ObjectStublessClient20 (Address: 0x1800495b0)
  • ObjectStublessClient21 (Address: 0x1800495f0)
  • ObjectStublessClient3 (Address: 0x180049628)
  • ObjectStublessClient4 (Address: 0x180049580)
  • ObjectStublessClient5 (Address: 0x180049638)
  • ObjectStublessClient6 (Address: 0x180049600)
  • ObjectStublessClient7 (Address: 0x180049630)
  • ObjectStublessClient8 (Address: 0x1800495c8)
  • ObjectStublessClient9 (Address: 0x1800495c0)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180049658)
  • IsDebuggerPresent (Address: 0x180049668)
  • OutputDebugStringW (Address: 0x180049660)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180049678)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180049688)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1800496a0)
  • RaiseException (Address: 0x1800496b0)
  • SetLastError (Address: 0x1800496a8)
  • SetUnhandledExceptionFilter (Address: 0x1800496b8)
  • UnhandledExceptionFilter (Address: 0x180049698)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800496c8)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800496e8)
  • HeapAlloc (Address: 0x1800496d8)
  • HeapFree (Address: 0x1800496e0)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800496f8)
  • LocalFree (Address: 0x180049700)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • RegisterWaitForSingleObject (Address: 0x180049718)
  • UnregisterWait (Address: 0x180049710)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180049748)
  • GetModuleFileNameA (Address: 0x180049728)
  • GetModuleHandleExW (Address: 0x180049730)
  • GetModuleHandleW (Address: 0x180049740)
  • GetProcAddress (Address: 0x180049738)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180049758)
api-ms-win-core-marshal-l1-1-0.dll
  • HWND_UserFree (Address: 0x180049768)
  • HWND_UserFree64 (Address: 0x180049770)
  • HWND_UserMarshal (Address: 0x180049780)
  • HWND_UserMarshal64 (Address: 0x180049790)
  • HWND_UserSize (Address: 0x1800497a0)
  • HWND_UserSize64 (Address: 0x180049778)
  • HWND_UserUnmarshal (Address: 0x180049798)
  • HWND_UserUnmarshal64 (Address: 0x180049788)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x1800497b0)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x1800497c8)
  • GetCurrentProcessId (Address: 0x1800497d0)
  • GetCurrentThreadId (Address: 0x1800497d8)
  • GetProcessId (Address: 0x1800497c0)
  • TerminateProcess (Address: 0x1800497e0)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x1800497f0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180049800)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x180049810)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180049848)
  • RegCreateKeyExW (Address: 0x180049820)
  • RegGetValueW (Address: 0x180049828)
  • RegOpenKeyExW (Address: 0x180049830)
  • RegQueryInfoKeyW (Address: 0x180049840)
  • RegQueryValueExW (Address: 0x180049838)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180049860)
  • RtlLookupFunctionEntry (Address: 0x180049858)
  • RtlVirtualUnwind (Address: 0x180049868)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x180049878)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800498e0)
  • AcquireSRWLockShared (Address: 0x1800498b8)
  • CreateEventW (Address: 0x180049898)
  • CreateMutexExW (Address: 0x1800498f8)
  • CreateSemaphoreExW (Address: 0x1800498f0)
  • DeleteCriticalSection (Address: 0x180049900)
  • EnterCriticalSection (Address: 0x1800498e8)
  • InitializeCriticalSectionEx (Address: 0x180049910)
  • InitializeSRWLock (Address: 0x180049890)
  • LeaveCriticalSection (Address: 0x1800498d0)
  • OpenSemaphoreW (Address: 0x1800498c8)
  • ReleaseMutex (Address: 0x1800498d8)
  • ReleaseSemaphore (Address: 0x1800498c0)
  • ReleaseSRWLockExclusive (Address: 0x1800498b0)
  • ReleaseSRWLockShared (Address: 0x180049908)
  • SetEvent (Address: 0x1800498a0)
  • WaitForSingleObject (Address: 0x1800498a8)
  • WaitForSingleObjectEx (Address: 0x180049888)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceBeginInitialize (Address: 0x180049920)
  • InitOnceComplete (Address: 0x180049930)
  • InitOnceExecuteOnce (Address: 0x180049948)
  • Sleep (Address: 0x180049940)
  • SleepConditionVariableSRW (Address: 0x180049928)
  • WakeAllConditionVariable (Address: 0x180049938)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x180049960)
  • GetTickCount (Address: 0x180049968)
  • GetTickCount64 (Address: 0x180049958)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetProductInfo (Address: 0x180049978)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x1800499a0)
  • CreateThreadpoolTimer (Address: 0x180049988)
  • SetThreadpoolTimer (Address: 0x180049990)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180049998)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x1800499b8)
  • EncodePointer (Address: 0x1800499b0)
api-ms-win-core-winrt-error-l1-1-0.dll
  • RoOriginateError (Address: 0x1800499d8)
  • RoOriginateErrorW (Address: 0x1800499d0)
  • SetRestrictedErrorInfo (Address: 0x1800499c8)
api-ms-win-core-winrt-error-l1-1-1.dll
  • RoGetMatchingRestrictedErrorInfo (Address: 0x1800499e8)
api-ms-win-core-winrt-l1-1-0.dll
  • RoActivateInstance (Address: 0x180049a00)
  • RoGetActivationFactory (Address: 0x1800499f8)
api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll
  • RoCreatePropertySetSerializer (Address: 0x180049a10)
api-ms-win-core-winrt-string-l1-1-0.dll
  • HSTRING_UserFree (Address: 0x180049a90)
  • HSTRING_UserFree64 (Address: 0x180049a88)
  • HSTRING_UserMarshal (Address: 0x180049a48)
  • HSTRING_UserMarshal64 (Address: 0x180049a78)
  • HSTRING_UserSize (Address: 0x180049aa0)
  • HSTRING_UserSize64 (Address: 0x180049a58)
  • HSTRING_UserUnmarshal (Address: 0x180049a70)
  • HSTRING_UserUnmarshal64 (Address: 0x180049a60)
  • WindowsCreateString (Address: 0x180049a30)
  • WindowsCreateStringReference (Address: 0x180049a20)
  • WindowsDeleteString (Address: 0x180049a80)
  • WindowsDuplicateString (Address: 0x180049a28)
  • WindowsGetStringLen (Address: 0x180049a68)
  • WindowsGetStringRawBuffer (Address: 0x180049a50)
  • WindowsIsStringEmpty (Address: 0x180049a98)
  • WindowsStringHasEmbeddedNull (Address: 0x180049a38)
  • WindowsSubstringWithSpecifiedLength (Address: 0x180049a40)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x180049ab0)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x180049ac0)
  • EventProviderEnabled (Address: 0x180049ad8)
  • EventRegister (Address: 0x180049ae8)
  • EventSetInformation (Address: 0x180049ae0)
  • EventUnregister (Address: 0x180049ac8)
  • EventWriteTransfer (Address: 0x180049ad0)
api-ms-win-security-base-l1-1-0.dll
  • GetTokenInformation (Address: 0x180049af8)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x180049b08)
api-ms-win-shcore-thread-l1-1-0.dll
  • GetProcessReference (Address: 0x180049b18)
api-ms-win-stateseparation-helpers-l1-1-0.dll
  • GetPersistedRegistryLocationW (Address: 0x180049b28)
combase.dll
  • (Address: 0x180049b38)
  • (Address: 0x180049b40)
KERNEL32.dll
  • CloseState (Address: 0x180049390)
  • GetSystemAppDataKey (Address: 0x180049398)
  • OpenStateExplicit (Address: 0x1800493a0)
msvcrt.dll
  • __C_specific_handler (Address: 0x180049b70)
  • __CxxFrameHandler3 (Address: 0x180049c50)
  • __dllonexit (Address: 0x180049b58)
  • _amsg_exit (Address: 0x180049c30)
  • _callnewh (Address: 0x180049c20)
  • _CxxThrowException (Address: 0x180049c08)
  • _initterm (Address: 0x180049b78)
  • _lock (Address: 0x180049b68)
  • _onexit (Address: 0x180049b50)
  • _purecall (Address: 0x180049ba8)
  • _unlock (Address: 0x180049b60)
  • _vsnprintf_s (Address: 0x180049bc8)
  • _vsnwprintf (Address: 0x180049ba0)
  • _wcsicmp (Address: 0x180049bd8)
  • _XcptFilter (Address: 0x180049c38)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x180049bf0)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x180049bf8)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x180049bc0)
  • ??0exception@@QEAA@XZ (Address: 0x180049bb8)
  • ??1exception@@UEAA@XZ (Address: 0x180049bb0)
  • ??1type_info@@UEAA@XZ (Address: 0x180049c28)
  • ??3@YAXPEAX@Z (Address: 0x180049c40)
  • ?terminate@@YAXXZ (Address: 0x180049b80)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x180049c00)
  • free (Address: 0x180049b88)
  • malloc (Address: 0x180049c58)
  • memcmp (Address: 0x180049c48)
  • memcpy (Address: 0x180049c10)
  • memcpy_s (Address: 0x180049b90)
  • memmove (Address: 0x180049c18)
  • memmove_s (Address: 0x180049b98)
  • memset (Address: 0x180049c60)
  • toupper (Address: 0x180049be8)
  • wcscspn (Address: 0x180049be0)
  • wcsrchr (Address: 0x180049bd0)
ntdll.dll
  • NtQueryWnfStateData (Address: 0x180049c70)
  • RtlPublishWnfStateData (Address: 0x180049c78)
RPCRT4.dll
  • CStdStubBuffer_AddRef (Address: 0x1800493e8)
  • CStdStubBuffer_Connect (Address: 0x180049438)
  • CStdStubBuffer_CountRefs (Address: 0x180049400)
  • CStdStubBuffer_DebugServerQueryInterface (Address: 0x1800493c0)
  • CStdStubBuffer_DebugServerRelease (Address: 0x180049420)
  • CStdStubBuffer_Disconnect (Address: 0x180049430)
  • CStdStubBuffer_Invoke (Address: 0x180049418)
  • CStdStubBuffer_IsIIDSupported (Address: 0x180049440)
  • CStdStubBuffer_QueryInterface (Address: 0x180049408)
  • IUnknown_AddRef_Proxy (Address: 0x1800493e0)
  • IUnknown_QueryInterface_Proxy (Address: 0x180049448)
  • IUnknown_Release_Proxy (Address: 0x1800493f0)
  • NdrCStdStubBuffer_Release (Address: 0x1800493d8)
  • NdrCStdStubBuffer2_Release (Address: 0x1800493b8)
  • NdrDllCanUnloadNow (Address: 0x1800493d0)
  • NdrDllGetClassObject (Address: 0x1800493c8)
  • NdrOleAllocate (Address: 0x180049410)
  • NdrOleFree (Address: 0x1800493b0)
  • NdrStubCall3 (Address: 0x1800493f8)
  • NdrStubForwardingFunction (Address: 0x180049428)
SHCORE.dll
  • IUnknown_QueryService (Address: 0x180049458)
  • SHGetThreadRef (Address: 0x180049460)
  • SHTaskPoolQueueTask (Address: 0x180049468)
USER32.dll
  • GetShellWindow (Address: 0x180049498)
  • GetSystemMetrics (Address: 0x1800494b0)
  • GetWindowBand (Address: 0x1800494c0)
  • GetWindowLongW (Address: 0x180049488)
  • GetWindowRect (Address: 0x1800494a0)
  • GetWindowThreadProcessId (Address: 0x1800494d8)
  • IsIconic (Address: 0x1800494b8)
  • IsZoomed (Address: 0x180049490)
  • PostMessageW (Address: 0x1800494e8)
  • SetForegroundWindow (Address: 0x1800494a8)
  • SetLayeredWindowAttributes (Address: 0x1800494c8)
  • SetPropW (Address: 0x1800494e0)
  • SetRectEmpty (Address: 0x180049478)
  • SetWindowLongW (Address: 0x180049480)
  • SetWindowPos (Address: 0x1800494d0)