schedsvc.dll
Description: Task Scheduler Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5965
Architecture: 64-bit
Operating System: Windows NT
SHA256: c439a4de1dd13f38b036d43cc3b8105c
File Size: 833.5 KB
Uploaded At: Dec. 1, 2025, 7:38 a.m.
Views: 3
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x2ab20)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180073da8)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180073db8)
- IsDebuggerPresent (Address: 0x180073dc8)
- OutputDebugStringW (Address: 0x180073dc0)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180073dd8)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180073de8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180073e10)
- SetLastError (Address: 0x180073e00)
- SetUnhandledExceptionFilter (Address: 0x180073e08)
- UnhandledExceptionFilter (Address: 0x180073df8)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x180073e20)
- CreateDirectoryW (Address: 0x180073ea8)
- CreateFileW (Address: 0x180073e60)
- DeleteFileW (Address: 0x180073e78)
- FileTimeToLocalFileTime (Address: 0x180073e90)
- FindClose (Address: 0x180073eb8)
- FindFirstFileW (Address: 0x180073e30)
- FindNextFileW (Address: 0x180073e38)
- FlushFileBuffers (Address: 0x180073e80)
- GetFileAttributesExW (Address: 0x180073e68)
- GetFileAttributesW (Address: 0x180073e98)
- GetFileInformationByHandle (Address: 0x180073eb0)
- GetFileSizeEx (Address: 0x180073e88)
- GetFinalPathNameByHandleW (Address: 0x180073e58)
- LocalFileTimeToFileTime (Address: 0x180073ea0)
- ReadFile (Address: 0x180073e28)
- RemoveDirectoryW (Address: 0x180073e48)
- SetEndOfFile (Address: 0x180073e50)
- SetFileInformationByHandle (Address: 0x180073e70)
- WriteFile (Address: 0x180073e40)
api-ms-win-core-file-l2-1-2.dll
- CopyFileW (Address: 0x180073ec8)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180073ed8)
- DuplicateHandle (Address: 0x180073ee0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180073ef8)
- HeapAlloc (Address: 0x180073f20)
- HeapCreate (Address: 0x180073f28)
- HeapDestroy (Address: 0x180073f18)
- HeapFree (Address: 0x180073f10)
- HeapReAlloc (Address: 0x180073f08)
- HeapSetInformation (Address: 0x180073ef0)
- HeapSize (Address: 0x180073f00)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x180073f40)
- LocalFree (Address: 0x180073f38)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- GetComputerNameW (Address: 0x180073f50)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x180073f60)
- FreeLibrary (Address: 0x180073f80)
- GetModuleFileNameA (Address: 0x180073f90)
- GetModuleHandleExW (Address: 0x180073f70)
- GetModuleHandleW (Address: 0x180073f78)
- GetProcAddress (Address: 0x180073f68)
- LoadLibraryExW (Address: 0x180073f88)
- LoadStringW (Address: 0x180073f98)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180073fa8)
- GetThreadPreferredUILanguages (Address: 0x180073fb8)
- SetThreadPreferredUILanguages (Address: 0x180073fb0)
api-ms-win-core-pcw-l1-1-0.dll
- PcwAddQueryItem (Address: 0x180073fd0)
- PcwCollectData (Address: 0x180073fd8)
- PcwCreateQuery (Address: 0x180073fc8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x180073fe8)
- SearchPathW (Address: 0x180073ff0)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x180074020)
- GetCurrentProcessId (Address: 0x180074010)
- GetCurrentThread (Address: 0x180074008)
- GetCurrentThreadId (Address: 0x180074018)
- OpenProcessToken (Address: 0x180074030)
- OpenThreadToken (Address: 0x180074000)
- TerminateProcess (Address: 0x180074028)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x180074040)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180074050)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x180074060)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1800740c8)
- RegCreateKeyExW (Address: 0x1800740c0)
- RegDeleteKeyExW (Address: 0x180074078)
- RegDeleteTreeW (Address: 0x1800740d0)
- RegDeleteValueW (Address: 0x180074090)
- RegEnumKeyExW (Address: 0x1800740b0)
- RegFlushKey (Address: 0x1800740a8)
- RegGetValueW (Address: 0x180074088)
- RegNotifyChangeKeyValue (Address: 0x180074070)
- RegOpenKeyExW (Address: 0x1800740a0)
- RegQueryInfoKeyW (Address: 0x180074098)
- RegQueryValueExW (Address: 0x1800740b8)
- RegSetValueExW (Address: 0x180074080)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1800740e8)
- RtlCompareMemory (Address: 0x1800740f8)
- RtlLookupFunctionEntry (Address: 0x1800740e0)
- RtlVirtualUnwind (Address: 0x1800740f0)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathAddBackslashW (Address: 0x180074108)
- PathFileExistsW (Address: 0x180074120)
- PathIsPrefixW (Address: 0x180074110)
- PathSkipRootW (Address: 0x180074118)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x180074138)
- WideCharToMultiByte (Address: 0x180074130)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrlenA (Address: 0x180074148)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800741b0)
- AcquireSRWLockShared (Address: 0x1800741a0)
- CreateEventW (Address: 0x1800741f0)
- CreateMutexExW (Address: 0x180074198)
- CreateSemaphoreExW (Address: 0x180074188)
- CreateWaitableTimerExW (Address: 0x180074208)
- DeleteCriticalSection (Address: 0x180074210)
- EnterCriticalSection (Address: 0x180074180)
- InitializeCriticalSection (Address: 0x1800741d8)
- InitializeCriticalSectionEx (Address: 0x180074168)
- InitializeSRWLock (Address: 0x180074200)
- LeaveCriticalSection (Address: 0x1800741e0)
- OpenEventW (Address: 0x1800741c0)
- OpenSemaphoreW (Address: 0x180074160)
- ReleaseMutex (Address: 0x1800741e8)
- ReleaseSemaphore (Address: 0x180074158)
- ReleaseSRWLockExclusive (Address: 0x180074178)
- ReleaseSRWLockShared (Address: 0x180074170)
- ResetEvent (Address: 0x1800741f8)
- SetEvent (Address: 0x1800741a8)
- SetWaitableTimerEx (Address: 0x180074190)
- WaitForMultipleObjectsEx (Address: 0x1800741c8)
- WaitForSingleObject (Address: 0x1800741b8)
- WaitForSingleObjectEx (Address: 0x1800741d0)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180074230)
- SleepConditionVariableSRW (Address: 0x180074220)
- WakeAllConditionVariable (Address: 0x180074228)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x180074258)
- GetSystemTimeAsFileTime (Address: 0x180074240)
- GetTickCount (Address: 0x180074248)
- GetVersionExW (Address: 0x180074250)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolCleanupGroup (Address: 0x1800742a8)
- CloseThreadpoolCleanupGroupMembers (Address: 0x1800742a0)
- CloseThreadpoolTimer (Address: 0x1800742b0)
- CloseThreadpoolWork (Address: 0x180074280)
- CreateThreadpoolCleanupGroup (Address: 0x180074288)
- CreateThreadpoolTimer (Address: 0x180074270)
- CreateThreadpoolWork (Address: 0x180074290)
- SetThreadpoolTimer (Address: 0x180074268)
- SubmitThreadpoolWork (Address: 0x180074278)
- WaitForThreadpoolTimerCallbacks (Address: 0x180074298)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- ChangeTimerQueueTimer (Address: 0x1800742d8)
- CreateTimerQueueTimer (Address: 0x1800742c0)
- DeleteTimerQueueTimer (Address: 0x1800742d0)
- UnregisterWaitEx (Address: 0x1800742c8)
api-ms-win-core-threadpool-private-l1-1-0.dll
- RegisterWaitForSingleObjectEx (Address: 0x1800742e8)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x180074300)
- GetDynamicTimeZoneInformation (Address: 0x180074320)
- GetTimeZoneInformation (Address: 0x1800742f8)
- SystemTimeToFileTime (Address: 0x180074310)
- SystemTimeToTzSpecificLocalTime (Address: 0x180074318)
- TzSpecificLocalTimeToSystemTime (Address: 0x180074308)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x180074338)
- EventRegister (Address: 0x180074350)
- EventSetInformation (Address: 0x180074348)
- EventUnregister (Address: 0x180074330)
- EventWriteTransfer (Address: 0x180074340)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x180074380)
- AddAce (Address: 0x1800743f8)
- AdjustTokenPrivileges (Address: 0x1800743b8)
- AllocateAndInitializeSid (Address: 0x1800743a8)
- CheckTokenMembership (Address: 0x180074408)
- CopySid (Address: 0x1800743c0)
- CreateWellKnownSid (Address: 0x180074370)
- DuplicateToken (Address: 0x1800743e0)
- EqualSid (Address: 0x1800743b0)
- FreeSid (Address: 0x180074400)
- GetAce (Address: 0x1800743d8)
- GetAclInformation (Address: 0x1800743c8)
- GetLengthSid (Address: 0x180074360)
- GetSecurityDescriptorControl (Address: 0x180074428)
- GetSecurityDescriptorDacl (Address: 0x180074438)
- GetSecurityDescriptorGroup (Address: 0x1800743e8)
- GetSecurityDescriptorLength (Address: 0x180074418)
- GetSecurityDescriptorOwner (Address: 0x180074430)
- GetSecurityDescriptorSacl (Address: 0x180074398)
- GetSidIdentifierAuthority (Address: 0x1800743f0)
- GetSidSubAuthority (Address: 0x180074388)
- GetSidSubAuthorityCount (Address: 0x1800743d0)
- GetTokenInformation (Address: 0x180074390)
- InitializeAcl (Address: 0x180074410)
- IsValidSid (Address: 0x1800743a0)
- IsWellKnownSid (Address: 0x180074420)
- MakeSelfRelativeSD (Address: 0x180074368)
- PrivilegeCheck (Address: 0x180074378)
api-ms-win-service-management-l2-1-0.dll
- ChangeServiceConfig2W (Address: 0x180074448)
msvcrt.dll
- __C_specific_handler (Address: 0x1800745f8)
- __CxxFrameHandler3 (Address: 0x180074458)
- __dllonexit (Address: 0x180074488)
- _amsg_exit (Address: 0x180074550)
- _CxxThrowException (Address: 0x180074570)
- _initterm (Address: 0x180074480)
- _lock (Address: 0x180074470)
- _ltow_s (Address: 0x180074538)
- _onexit (Address: 0x180074490)
- _purecall (Address: 0x1800745d8)
- _unlock (Address: 0x180074478)
- _vsnprintf_s (Address: 0x180074518)
- _vsnwprintf (Address: 0x1800745e8)
- _wcsicmp (Address: 0x1800744a8)
- _wcsnicmp (Address: 0x1800744c0)
- _wcstoui64 (Address: 0x1800745a8)
- _wsplitpath_s (Address: 0x1800744b0)
- _wtoi (Address: 0x180074520)
- _wtol (Address: 0x1800745b8)
- _XcptFilter (Address: 0x180074558)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x180074598)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x180074590)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x180074588)
- ??0exception@@QEAA@XZ (Address: 0x1800745a0)
- ??1exception@@UEAA@XZ (Address: 0x180074580)
- ??1type_info@@UEAA@XZ (Address: 0x180074460)
- ?terminate@@YAXXZ (Address: 0x180074468)
- ?what@exception@@UEBAPEBDXZ (Address: 0x180074578)
- calloc (Address: 0x180074508)
- fclose (Address: 0x1800744e8)
- fflush (Address: 0x1800744e0)
- floor (Address: 0x1800745c0)
- fopen_s (Address: 0x1800744f8)
- fputws (Address: 0x1800744f0)
- free (Address: 0x1800745f0)
- iswdigit (Address: 0x1800745b0)
- log (Address: 0x1800745c8)
- malloc (Address: 0x180074548)
- memcmp (Address: 0x1800745d0)
- memcpy (Address: 0x180074568)
- memcpy_s (Address: 0x1800744a0)
- memmove (Address: 0x180074560)
- memmove_s (Address: 0x1800744d0)
- memset (Address: 0x180074498)
- rand (Address: 0x180074510)
- rand_s (Address: 0x180074500)
- realloc (Address: 0x1800744d8)
- srand (Address: 0x1800745e0)
- toupper (Address: 0x180074540)
- wcschr (Address: 0x1800744b8)
- wcscmp (Address: 0x180074600)
- wcsncmp (Address: 0x180074530)
- wcsrchr (Address: 0x1800744c8)
- wcsstr (Address: 0x180074528)
ntdll.dll
- EtwEventActivityIdControl (Address: 0x1800746c0)
- EtwEventEnabled (Address: 0x1800746b8)
- EtwEventRegister (Address: 0x180074760)
- EtwEventUnregister (Address: 0x180074770)
- EtwEventWrite (Address: 0x180074768)
- EtwGetTraceEnableFlags (Address: 0x180074798)
- EtwGetTraceEnableLevel (Address: 0x1800747a0)
- EtwGetTraceLoggerHandle (Address: 0x1800747a8)
- EtwRegisterTraceGuidsW (Address: 0x180074790)
- EtwTraceMessage (Address: 0x1800747b0)
- EtwUnregisterTraceGuids (Address: 0x180074788)
- NtIsSystemResumeAutomatic (Address: 0x180074688)
- NtPowerInformation (Address: 0x180074668)
- NtQueryInformationProcess (Address: 0x1800746b0)
- NtQueryInformationToken (Address: 0x180074610)
- NtQueryWnfStateNameInformation (Address: 0x180074748)
- NtSetThreadExecutionState (Address: 0x180074778)
- RtlAbsoluteToSelfRelativeSD (Address: 0x180074740)
- RtlAcquireSRWLockExclusive (Address: 0x180074660)
- RtlAcquireSRWLockShared (Address: 0x180074658)
- RtlAddAccessAllowedAce (Address: 0x180074718)
- RtlAddAce (Address: 0x180074720)
- RtlAdjustPrivilege (Address: 0x1800746a0)
- RtlAllocateAndInitializeSid (Address: 0x180074640)
- RtlCreateAcl (Address: 0x180074708)
- RtlCreateSecurityDescriptor (Address: 0x180074710)
- RtlDeriveCapabilitySidsFromName (Address: 0x180074620)
- RtlFindLeastSignificantBit (Address: 0x180074750)
- RtlFreeSid (Address: 0x180074638)
- RtlGetAce (Address: 0x1800746f8)
- RtlGetControlSecurityDescriptor (Address: 0x1800746d0)
- RtlGetCurrentServiceSessionId (Address: 0x180074628)
- RtlGetDaclSecurityDescriptor (Address: 0x1800746e8)
- RtlGetGroupSecurityDescriptor (Address: 0x1800746e0)
- RtlGetOwnerSecurityDescriptor (Address: 0x1800746d8)
- RtlInitializeSRWLock (Address: 0x180074680)
- RtlInitString (Address: 0x180074690)
- RtlInitUnicodeString (Address: 0x180074698)
- RtlIsStateSeparationEnabled (Address: 0x180074780)
- RtlLengthSecurityDescriptor (Address: 0x1800746a8)
- RtlLengthSid (Address: 0x180074700)
- RtlNewSecurityObjectEx (Address: 0x1800746c8)
- RtlNtStatusToDosError (Address: 0x180074758)
- RtlPublishWnfStateData (Address: 0x180074618)
- RtlReleaseSRWLockExclusive (Address: 0x180074670)
- RtlReleaseSRWLockShared (Address: 0x180074650)
- RtlSetDaclSecurityDescriptor (Address: 0x180074728)
- RtlSetGroupSecurityDescriptor (Address: 0x180074738)
- RtlSetOwnerSecurityDescriptor (Address: 0x180074730)
- RtlSetSecurityObjectEx (Address: 0x1800746f0)
- RtlSidDominates (Address: 0x180074630)
- RtlSubscribeWnfStateChangeNotification (Address: 0x180074678)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x180074648)
OLEAUT32.dll
- SysAllocString (Address: 0x180073c38)
- SysAllocStringByteLen (Address: 0x180073c60)
- SysAllocStringLen (Address: 0x180073c40)
- SysFreeString (Address: 0x180073c50)
- SysStringByteLen (Address: 0x180073c48)
- SysStringLen (Address: 0x180073c30)
- VariantClear (Address: 0x180073c58)
RPCRT4.dll
- NdrServerCall2 (Address: 0x180073cc8)
- NdrServerCallAll (Address: 0x180073cd0)
- RpcBindingToStringBindingW (Address: 0x180073c80)
- RpcBindingVectorFree (Address: 0x180073ca8)
- RpcEpRegisterW (Address: 0x180073cf0)
- RpcEpUnregister (Address: 0x180073ce8)
- RpcImpersonateClient (Address: 0x180073ca0)
- RpcRevertToSelf (Address: 0x180073ce0)
- RpcServerInqBindings (Address: 0x180073cf8)
- RpcServerInqCallAttributesW (Address: 0x180073d10)
- RpcServerInqDefaultPrincNameW (Address: 0x180073cb8)
- RpcServerRegisterAuthInfoW (Address: 0x180073cd8)
- RpcServerRegisterIfEx (Address: 0x180073c98)
- RpcServerUnregisterIf (Address: 0x180073cb0)
- RpcServerUnregisterIfEx (Address: 0x180073d00)
- RpcServerUseProtseqW (Address: 0x180073d08)
- RpcStringBindingParseW (Address: 0x180073c90)
- RpcStringFreeW (Address: 0x180073c78)
- UuidCreate (Address: 0x180073c88)
- UuidEqual (Address: 0x180073cc0)
- UuidToStringW (Address: 0x180073c70)
UBPM.dll
- UbpmAcquireJobBackgroundMode (Address: 0x180073d20)
- UbpmApiBufferFree (Address: 0x180073d68)
- UbpmCloseTriggerConsumer (Address: 0x180073d60)
- UbpmInitialize (Address: 0x180073d40)
- UbpmOpenTriggerConsumer (Address: 0x180073d78)
- UbpmReleaseJobBackgroundMode (Address: 0x180073d50)
- UbpmSessionStateChanged (Address: 0x180073d48)
- UbpmTerminate (Address: 0x180073d30)
- UbpmTriggerConsumerConfigure (Address: 0x180073d38)
- UbpmTriggerConsumerControl (Address: 0x180073d70)
- UbpmTriggerConsumerControlNotifications (Address: 0x180073d98)
- UbpmTriggerConsumerQueryStatus (Address: 0x180073d58)
- UbpmTriggerConsumerRegister (Address: 0x180073d88)
- UbpmTriggerConsumerSetDisabledForUser (Address: 0x180073d28)
- UbpmTriggerConsumerSetStatePublishingSecurity (Address: 0x180073d80)
- UbpmTriggerConsumerUnregister (Address: 0x180073d90)