profsvc.dll
Description: ProfSvc
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: 3f192afb144ac21e629042c1a314fd19
File Size: 480.0 KB
Uploaded At: Dec. 1, 2025, 7:36 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- UserProfileServiceMain (Ordinal: 176, Address: 0x14910)
- GetExclusionListFromRegistry (Ordinal: 177, Address: 0x3020)
- GetUserChoiceForSlowLink (Ordinal: 178, Address: 0x141c0)
- GetUserPreferenceValue (Ordinal: 179, Address: 0x44570)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180055c90)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180055ca0)
- IsDebuggerPresent (Address: 0x180055ca8)
- OutputDebugStringW (Address: 0x180055cb0)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180055cc0)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180055cd0)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180055cf8)
- SetLastError (Address: 0x180055ce0)
- SetUnhandledExceptionFilter (Address: 0x180055ce8)
- UnhandledExceptionFilter (Address: 0x180055cf0)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x180055d30)
- CreateDirectoryW (Address: 0x180055d68)
- CreateFileW (Address: 0x180055d18)
- DeleteFileW (Address: 0x180055d40)
- FindClose (Address: 0x180055d38)
- FindFirstFileW (Address: 0x180055d20)
- FindNextFileW (Address: 0x180055d28)
- GetFileAttributesExW (Address: 0x180055d50)
- GetFileAttributesW (Address: 0x180055d48)
- GetFileTime (Address: 0x180055d10)
- GetShortPathNameW (Address: 0x180055d08)
- RemoveDirectoryW (Address: 0x180055d60)
- SetFileAttributesW (Address: 0x180055d70)
- WriteFile (Address: 0x180055d58)
api-ms-win-core-file-l1-2-2.dll
- FindFirstFileNameW (Address: 0x180055d88)
- FindNextFileNameW (Address: 0x180055d80)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180055d98)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180055db8)
- HeapAlloc (Address: 0x180055db0)
- HeapFree (Address: 0x180055da8)
- HeapReAlloc (Address: 0x180055dc0)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x180055dd0)
- LocalFree (Address: 0x180055dd8)
- LocalReAlloc (Address: 0x180055de0)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x180055df0)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x180055e18)
- FindResourceExW (Address: 0x180055e48)
- FindStringOrdinal (Address: 0x180055e50)
- FreeLibrary (Address: 0x180055e08)
- GetModuleFileNameA (Address: 0x180055e40)
- GetModuleHandleExW (Address: 0x180055e28)
- GetModuleHandleW (Address: 0x180055e38)
- GetProcAddress (Address: 0x180055e10)
- LoadLibraryExW (Address: 0x180055e00)
- LoadResource (Address: 0x180055e20)
- LockResource (Address: 0x180055e30)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x180055e60)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180055e70)
api-ms-win-core-path-l1-1-0.dll
- PathAllocCanonicalize (Address: 0x180055e80)
- PathCchAddBackslashEx (Address: 0x180055e88)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x180055e98)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x180055ec8)
- GetCurrentProcessId (Address: 0x180055eb8)
- GetCurrentThread (Address: 0x180055eb0)
- GetCurrentThreadId (Address: 0x180055ed8)
- OpenThreadToken (Address: 0x180055ea8)
- SetThreadToken (Address: 0x180055ec0)
- TerminateProcess (Address: 0x180055ed0)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x180055ef8)
- OpenProcess (Address: 0x180055ee8)
- SetProcessMitigationPolicy (Address: 0x180055ef0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180055f08)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x180055f18)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x180055f50)
- RegCopyTreeW (Address: 0x180055f80)
- RegCreateKeyExW (Address: 0x180055f28)
- RegDeleteKeyExW (Address: 0x180055f90)
- RegDeleteTreeW (Address: 0x180055fa8)
- RegDeleteValueW (Address: 0x180055f60)
- RegEnumKeyExW (Address: 0x180055f40)
- RegEnumValueW (Address: 0x180055f30)
- RegFlushKey (Address: 0x180055fb0)
- RegGetKeySecurity (Address: 0x180055f98)
- RegGetValueW (Address: 0x180055f58)
- RegOpenCurrentUser (Address: 0x180055fa0)
- RegOpenKeyExW (Address: 0x180055f38)
- RegQueryInfoKeyW (Address: 0x180055f70)
- RegQueryValueExW (Address: 0x180055f68)
- RegSaveKeyExW (Address: 0x180055f88)
- RegSetKeySecurity (Address: 0x180055f78)
- RegSetValueExW (Address: 0x180055f48)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x180055fc0)
api-ms-win-core-registry-l2-1-0.dll
- RegOpenKeyW (Address: 0x180055fd0)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180055fe8)
- RtlLookupFunctionEntry (Address: 0x180055ff0)
- RtlVirtualUnwind (Address: 0x180055fe0)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathIsUNCServerW (Address: 0x180056000)
- PathRemoveFileSpecW (Address: 0x180056008)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x180056018)
- CompareStringW (Address: 0x180056020)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180056068)
- AcquireSRWLockShared (Address: 0x180056040)
- CreateEventExW (Address: 0x1800560a8)
- CreateMutexExW (Address: 0x180056030)
- CreateSemaphoreExW (Address: 0x180056050)
- DeleteCriticalSection (Address: 0x1800560c0)
- EnterCriticalSection (Address: 0x1800560b8)
- InitializeCriticalSectionEx (Address: 0x180056090)
- InitializeSRWLock (Address: 0x1800560c8)
- LeaveCriticalSection (Address: 0x180056098)
- OpenSemaphoreW (Address: 0x180056048)
- ReleaseMutex (Address: 0x180056080)
- ReleaseSemaphore (Address: 0x1800560b0)
- ReleaseSRWLockExclusive (Address: 0x180056078)
- ReleaseSRWLockShared (Address: 0x180056038)
- ResetEvent (Address: 0x180056060)
- SetEvent (Address: 0x180056070)
- WaitForMultipleObjectsEx (Address: 0x1800560a0)
- WaitForSingleObject (Address: 0x180056088)
- WaitForSingleObjectEx (Address: 0x180056058)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1800560e0)
- InitOnceComplete (Address: 0x1800560d8)
- Sleep (Address: 0x1800560e8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x180056108)
- GetSystemTimeAsFileTime (Address: 0x180056100)
- GetTickCount64 (Address: 0x1800560f8)
- GetVersionExW (Address: 0x180056110)
api-ms-win-core-threadpool-l1-2-0.dll
- CallbackMayRunLong (Address: 0x180056138)
- CloseThreadpoolCleanupGroup (Address: 0x180056140)
- CloseThreadpoolCleanupGroupMembers (Address: 0x180056160)
- CloseThreadpoolTimer (Address: 0x180056130)
- CreateThreadpoolCleanupGroup (Address: 0x180056120)
- CreateThreadpoolTimer (Address: 0x180056150)
- SetThreadpoolTimer (Address: 0x180056148)
- TrySubmitThreadpoolCallback (Address: 0x180056128)
- WaitForThreadpoolTimerCallbacks (Address: 0x180056158)
api-ms-win-crt-math-l1-1-0.dll
- ceilf (Address: 0x180056170)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x180056248)
- __CxxFrameHandler3 (Address: 0x1800561f0)
- __CxxFrameHandler4 (Address: 0x180056260)
- __std_terminate (Address: 0x180056258)
- _CxxThrowException (Address: 0x1800561f8)
- _o___std_exception_copy (Address: 0x180056240)
- _o___std_exception_destroy (Address: 0x180056238)
- _o___std_type_info_destroy_list (Address: 0x180056230)
- _o___stdio_common_vsnprintf_s (Address: 0x180056228)
- _o___stdio_common_vswprintf (Address: 0x180056220)
- _o__callnewh (Address: 0x180056218)
- _o__cexit (Address: 0x180056210)
- _o__configure_narrow_argv (Address: 0x180056208)
- _o__crt_atexit (Address: 0x180056200)
- _o__errno (Address: 0x180056270)
- _o__execute_onexit_table (Address: 0x180056268)
- _o__get_errno (Address: 0x180056180)
- _o__initialize_narrow_environment (Address: 0x180056188)
- _o__initialize_onexit_table (Address: 0x180056190)
- _o__invalid_parameter_noinfo (Address: 0x180056198)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1800561a0)
- _o__purecall (Address: 0x1800561a8)
- _o__register_onexit_function (Address: 0x1800561b0)
- _o__seh_filter_dll (Address: 0x1800561b8)
- _o__set_errno (Address: 0x1800561c0)
- _o__wcsicmp (Address: 0x1800561c8)
- _o__wcsnicmp (Address: 0x180056288)
- _o_free (Address: 0x1800561d8)
- _o_malloc (Address: 0x1800561e0)
- _o_terminate (Address: 0x1800561e8)
- memcmp (Address: 0x180056278)
- memcpy (Address: 0x180056280)
- memmove (Address: 0x1800561d0)
- wcschr (Address: 0x180056250)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1800562a0)
- _initterm_e (Address: 0x180056298)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x1800562b0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1800562c0)
- EventWriteTransfer (Address: 0x1800562c8)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAce (Address: 0x1800562e0)
- AddAce (Address: 0x180056338)
- AllocateAndInitializeSid (Address: 0x1800562f0)
- CheckTokenMembership (Address: 0x180056318)
- CopySid (Address: 0x180056310)
- CreateWellKnownSid (Address: 0x1800563b0)
- DeleteAce (Address: 0x180056330)
- DuplicateTokenEx (Address: 0x180056308)
- EqualSid (Address: 0x1800563a0)
- GetAce (Address: 0x180056340)
- GetFileSecurityW (Address: 0x1800562d8)
- GetLengthSid (Address: 0x180056388)
- GetSecurityDescriptorControl (Address: 0x180056300)
- GetSecurityDescriptorDacl (Address: 0x180056350)
- GetSecurityDescriptorSacl (Address: 0x180056390)
- GetSidIdentifierAuthority (Address: 0x180056398)
- GetSidSubAuthority (Address: 0x180056380)
- GetSidSubAuthorityCount (Address: 0x1800563a8)
- GetTokenInformation (Address: 0x180056320)
- ImpersonateLoggedOnUser (Address: 0x180056360)
- ImpersonateSelf (Address: 0x1800562e8)
- InitializeAcl (Address: 0x180056368)
- InitializeSecurityDescriptor (Address: 0x180056370)
- IsValidSid (Address: 0x180056328)
- MakeAbsoluteSD (Address: 0x180056348)
- RevertToSelf (Address: 0x180056358)
- SetSecurityDescriptorControl (Address: 0x1800562f8)
- SetSecurityDescriptorDacl (Address: 0x180056378)
api-ms-win-service-core-l1-1-0.dll
- SetServiceStatus (Address: 0x1800563c0)
api-ms-win-service-winsvc-l1-1-0.dll
- RegisterServiceCtrlHandlerW (Address: 0x1800563d0)
msvcp_win.dll
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x1800563e0)
ntdll.dll
- EtwEventActivityIdControl (Address: 0x1800564c0)
- EtwEventRegister (Address: 0x1800564f8)
- EtwEventSetInformation (Address: 0x180056500)
- EtwEventUnregister (Address: 0x180056508)
- EtwEventWriteTransfer (Address: 0x180056510)
- EtwTraceMessage (Address: 0x1800563f8)
- NtClose (Address: 0x180056408)
- NtCreateFile (Address: 0x180056518)
- NtCreateKey (Address: 0x180056420)
- NtDeleteKey (Address: 0x180056528)
- NtLoadKey3 (Address: 0x180056460)
- NtLoadKeyEx (Address: 0x180056458)
- NtOpenKey (Address: 0x180056448)
- NtQueryInformationFile (Address: 0x180056400)
- NtQueryObject (Address: 0x1800564b0)
- NtQueryOpenSubKeysEx (Address: 0x180056480)
- NtQueryValueKey (Address: 0x180056410)
- NtSetInformationFile (Address: 0x180056520)
- NtSetValueKey (Address: 0x180056418)
- NtUnloadKey (Address: 0x180056450)
- NtUnloadKey2 (Address: 0x180056438)
- NtUnloadKeyEx (Address: 0x180056440)
- RtlAdjustPrivilege (Address: 0x1800564b8)
- RtlAllocateAndInitializeSid (Address: 0x180056430)
- RtlCreateEnvironment (Address: 0x1800564a8)
- RtlDestroyEnvironment (Address: 0x180056488)
- RtlDosPathNameToNtPathName_U (Address: 0x180056468)
- RtlEqualSid (Address: 0x1800564d8)
- RtlExpandEnvironmentStrings (Address: 0x1800564d0)
- RtlFreeSid (Address: 0x180056428)
- RtlFreeUnicodeString (Address: 0x180056478)
- RtlGetActiveConsoleId (Address: 0x1800563f0)
- RtlIdentifierAuthoritySid (Address: 0x1800564e8)
- RtlInitUnicodeString (Address: 0x180056470)
- RtlLengthSid (Address: 0x180056490)
- RtlNtStatusToDosError (Address: 0x1800564c8)
- RtlQueryEnvironmentVariable (Address: 0x180056498)
- RtlSetEnvironmentVar (Address: 0x1800564a0)
- RtlSubAuthorityCountSid (Address: 0x1800564e0)
- RtlSubAuthoritySid (Address: 0x1800564f0)
OLEAUT32.dll
- SafeArrayCopy (Address: 0x180055b88)
- SafeArrayCreate (Address: 0x180055b68)
- SafeArrayCreateVector (Address: 0x180055bb8)
- SafeArrayDestroy (Address: 0x180055bc8)
- SafeArrayGetLBound (Address: 0x180055ba0)
- SafeArrayGetUBound (Address: 0x180055bd0)
- SafeArrayGetVartype (Address: 0x180055b80)
- SafeArrayLock (Address: 0x180055b70)
- SafeArrayPutElement (Address: 0x180055bb0)
- SafeArrayRedim (Address: 0x180055bc0)
- SafeArrayUnlock (Address: 0x180055ba8)
- SysAllocString (Address: 0x180055b50)
- SysAllocStringLen (Address: 0x180055b60)
- SysFreeString (Address: 0x180055b90)
- SysStringLen (Address: 0x180055b48)
- VariantChangeType (Address: 0x180055b58)
- VariantClear (Address: 0x180055bd8)
- VariantCopy (Address: 0x180055b78)
- VariantCopyInd (Address: 0x180055b98)
profapi.dll
- (Address: 0x180056538)
- (Address: 0x180056540)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x180055c80)
- I_RpcMapWin32Status (Address: 0x180055c38)
- NdrClientCall3 (Address: 0x180055c48)
- NdrServerCall2 (Address: 0x180055c50)
- NdrServerCallAll (Address: 0x180055c58)
- RpcBindingBind (Address: 0x180055c00)
- RpcBindingCreateW (Address: 0x180055c40)
- RpcBindingFree (Address: 0x180055be8)
- RpcBindingFromStringBindingW (Address: 0x180055bf0)
- RpcBindingInqAuthClientW (Address: 0x180055c28)
- RpcBindingToStringBindingW (Address: 0x180055bf8)
- RpcImpersonateClient (Address: 0x180055c60)
- RpcRaiseException (Address: 0x180055c20)
- RpcRevertToSelf (Address: 0x180055c10)
- RpcServerRegisterIfEx (Address: 0x180055c70)
- RpcServerUnregisterIfEx (Address: 0x180055c78)
- RpcServerUseProtseqEpW (Address: 0x180055c68)
- RpcStringBindingComposeW (Address: 0x180055c08)
- RpcStringBindingParseW (Address: 0x180055c30)
- RpcStringFreeW (Address: 0x180055c18)