vaultsvc.dll
Description: Credential Manager Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5915
Architecture: 64-bit
Operating System: Windows NT
SHA256: 3b2a0a154b7680838736578d227e4b08
File Size: 362.0 KB
Uploaded At: Dec. 1, 2025, 7:41 a.m.
Views: 3
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0xbd50)
- VaultSvcStopCallback (Ordinal: 2, Address: 0x20300)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180048490)
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x1800484c0)
- CoInitializeEx (Address: 0x1800484b0)
- CoSetProxyBlanket (Address: 0x1800484a0)
- CoUninitialize (Address: 0x1800484b8)
- CoWaitForMultipleHandles (Address: 0x1800484a8)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800484d8)
- IsDebuggerPresent (Address: 0x1800484e0)
- OutputDebugStringW (Address: 0x1800484d0)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1800484f0)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180048500)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180048530)
- RaiseException (Address: 0x180048520)
- SetLastError (Address: 0x180048510)
- SetUnhandledExceptionFilter (Address: 0x180048528)
- UnhandledExceptionFilter (Address: 0x180048518)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x180048540)
- CreateDirectoryW (Address: 0x180048560)
- CreateFileW (Address: 0x180048568)
- DeleteFileW (Address: 0x1800485a0)
- FindClose (Address: 0x1800485b8)
- FindFirstFileExW (Address: 0x1800485c0)
- FindNextFileW (Address: 0x1800485b0)
- GetDriveTypeW (Address: 0x180048548)
- GetFileAttributesW (Address: 0x180048570)
- GetFileSizeEx (Address: 0x180048590)
- GetFileTime (Address: 0x1800485a8)
- GetVolumeInformationW (Address: 0x180048550)
- GetVolumePathNameW (Address: 0x180048558)
- ReadFile (Address: 0x180048588)
- RemoveDirectoryW (Address: 0x180048598)
- SetFilePointer (Address: 0x180048580)
- WriteFile (Address: 0x180048578)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x1800485d0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800485e0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180048600)
- HeapAlloc (Address: 0x1800485f8)
- HeapFree (Address: 0x180048608)
- HeapSize (Address: 0x1800485f0)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x180048620)
- LocalFree (Address: 0x180048618)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalSize (Address: 0x180048630)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x180048640)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- CreateFileTransactedW (Address: 0x180048650)
api-ms-win-core-kernel32-legacy-l1-1-3.dll
- CreateDirectoryTransactedW (Address: 0x180048678)
- DeleteFileTransactedW (Address: 0x180048668)
- FindFirstFileTransactedW (Address: 0x180048660)
- MoveFileTransactedW (Address: 0x180048670)
- RemoveDirectoryTransactedW (Address: 0x180048680)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800486a8)
- GetModuleFileNameA (Address: 0x1800486a0)
- GetModuleHandleExW (Address: 0x1800486b8)
- GetModuleHandleW (Address: 0x1800486b0)
- GetProcAddress (Address: 0x180048698)
- LoadStringW (Address: 0x180048690)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800486c8)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1800486d8)
- GetCurrentProcessId (Address: 0x180048708)
- GetCurrentThread (Address: 0x1800486f0)
- GetCurrentThreadId (Address: 0x180048700)
- OpenProcessToken (Address: 0x1800486e8)
- OpenThreadToken (Address: 0x1800486e0)
- TerminateProcess (Address: 0x1800486f8)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x180048720)
- OpenProcess (Address: 0x180048718)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180048730)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x180048740)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x180048768)
- RegCreateKeyExW (Address: 0x180048750)
- RegOpenCurrentUser (Address: 0x180048760)
- RegOpenKeyExW (Address: 0x180048770)
- RegQueryValueExW (Address: 0x180048778)
- RegSetValueExW (Address: 0x180048758)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180048798)
- RtlCompareMemory (Address: 0x180048790)
- RtlLookupFunctionEntry (Address: 0x1800487a0)
- RtlVirtualUnwind (Address: 0x180048788)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1800487b0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180048840)
- AcquireSRWLockShared (Address: 0x1800487d8)
- CreateEventExW (Address: 0x1800487e0)
- CreateEventW (Address: 0x180048848)
- CreateMutexExW (Address: 0x180048830)
- CreateSemaphoreExW (Address: 0x1800487d0)
- DeleteCriticalSection (Address: 0x1800487f8)
- EnterCriticalSection (Address: 0x1800487f0)
- InitializeCriticalSectionEx (Address: 0x180048800)
- LeaveCriticalSection (Address: 0x180048828)
- OpenSemaphoreW (Address: 0x1800487c0)
- ReleaseMutex (Address: 0x180048820)
- ReleaseSemaphore (Address: 0x180048818)
- ReleaseSRWLockExclusive (Address: 0x180048808)
- ReleaseSRWLockShared (Address: 0x180048810)
- SetEvent (Address: 0x180048838)
- WaitForSingleObject (Address: 0x1800487c8)
- WaitForSingleObjectEx (Address: 0x1800487e8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x180048858)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x180048878)
- CreateThreadpoolTimer (Address: 0x180048868)
- SetThreadpoolTimer (Address: 0x180048870)
- WaitForThreadpoolTimerCallbacks (Address: 0x180048880)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x180048890)
api-ms-win-core-winrt-l1-1-0.dll
- RoGetActivationFactory (Address: 0x1800488a0)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateStringReference (Address: 0x1800488c0)
- WindowsDeleteString (Address: 0x1800488b0)
- WindowsGetStringRawBuffer (Address: 0x1800488b8)
api-ms-win-crt-math-l1-1-0.dll
- ceilf (Address: 0x1800488d0)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x180048950)
- __CxxFrameHandler3 (Address: 0x180048988)
- __CxxFrameHandler4 (Address: 0x1800489d0)
- __std_terminate (Address: 0x1800489c8)
- _CxxThrowException (Address: 0x1800489d8)
- _o___std_exception_copy (Address: 0x1800489b0)
- _o___std_exception_destroy (Address: 0x1800489a8)
- _o___std_type_info_destroy_list (Address: 0x1800489a0)
- _o___stdio_common_vsnprintf_s (Address: 0x180048998)
- _o___stdio_common_vsnwprintf_s (Address: 0x180048990)
- _o___stdio_common_vswprintf (Address: 0x180048970)
- _o___stdio_common_vswprintf_s (Address: 0x180048968)
- _o__cexit (Address: 0x1800489c0)
- _o__configure_narrow_argv (Address: 0x1800489b8)
- _o__crt_atexit (Address: 0x180048960)
- _o__errno (Address: 0x180048958)
- _o__execute_onexit_table (Address: 0x180048918)
- _o__initialize_narrow_environment (Address: 0x1800488e0)
- _o__initialize_onexit_table (Address: 0x1800488e8)
- _o__invalid_parameter_noinfo (Address: 0x1800488f0)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1800488f8)
- _o__purecall (Address: 0x180048900)
- _o__register_onexit_function (Address: 0x180048908)
- _o__seh_filter_dll (Address: 0x180048910)
- _o__wcsicmp (Address: 0x180048920)
- _o__wcslwr_s (Address: 0x180048928)
- _o__wsplitpath_s (Address: 0x180048938)
- _o_wcscpy_s (Address: 0x180048940)
- _o_wcsncpy_s (Address: 0x180048948)
- memcmp (Address: 0x1800489e0)
- memcpy (Address: 0x1800489e8)
- memmove (Address: 0x180048930)
- wcschr (Address: 0x180048978)
- wcsstr (Address: 0x180048980)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x180048a00)
- _initterm_e (Address: 0x1800489f8)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x180048a18)
- wcscmp (Address: 0x180048a10)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x180048a38)
- GetTraceEnableLevel (Address: 0x180048a40)
- GetTraceLoggerHandle (Address: 0x180048a28)
- RegisterTraceGuidsW (Address: 0x180048a48)
- TraceMessage (Address: 0x180048a30)
- UnregisterTraceGuids (Address: 0x180048a50)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x180048a60)
- EventSetInformation (Address: 0x180048a78)
- EventUnregister (Address: 0x180048a70)
- EventWriteTransfer (Address: 0x180048a68)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x180048ad0)
- AdjustTokenPrivileges (Address: 0x180048af0)
- AllocateAndInitializeSid (Address: 0x180048ac0)
- CopySid (Address: 0x180048aa0)
- DuplicateTokenEx (Address: 0x180048ab0)
- EqualSid (Address: 0x180048a98)
- FreeSid (Address: 0x180048b00)
- GetLengthSid (Address: 0x180048ae0)
- GetSidIdentifierAuthority (Address: 0x180048a88)
- GetSidSubAuthority (Address: 0x180048ae8)
- GetSidSubAuthorityCount (Address: 0x180048af8)
- GetTokenInformation (Address: 0x180048ad8)
- ImpersonateLoggedOnUser (Address: 0x180048a90)
- ImpersonateSelf (Address: 0x180048aa8)
- IsValidSid (Address: 0x180048ac8)
- RevertToSelf (Address: 0x180048ab8)
api-ms-win-security-base-l1-2-0.dll
- CheckTokenCapability (Address: 0x180048b10)
api-ms-win-security-credentials-l1-1-0.dll
- CredDeleteW (Address: 0x180048b30)
- CredEnumerateW (Address: 0x180048b48)
- CredFree (Address: 0x180048b38)
- CredIsProtectedW (Address: 0x180048b58)
- CredProtectW (Address: 0x180048b40)
- CredReadW (Address: 0x180048b20)
- CredUnprotectW (Address: 0x180048b50)
- CredWriteW (Address: 0x180048b28)
api-ms-win-security-lsapolicy-l1-1-0.dll
- LsaClose (Address: 0x180048b80)
- LsaFreeMemory (Address: 0x180048b78)
- LsaOpenPolicy (Address: 0x180048b68)
- LsaQueryInformationPolicy (Address: 0x180048b70)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x180048b98)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180048ba0)
- ConvertStringSidToSidW (Address: 0x180048b90)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x180048bb8)
- SetServiceStatus (Address: 0x180048bb0)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x180048bc8)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x180048c38)
- BCryptCreateHash (Address: 0x180048be0)
- BCryptDecrypt (Address: 0x180048bf8)
- BCryptDestroyHash (Address: 0x180048c10)
- BCryptDestroyKey (Address: 0x180048c20)
- BCryptEncrypt (Address: 0x180048c00)
- BCryptExportKey (Address: 0x180048c48)
- BCryptFinishHash (Address: 0x180048c18)
- BCryptGenerateSymmetricKey (Address: 0x180048c28)
- BCryptGenRandom (Address: 0x180048c40)
- BCryptGetProperty (Address: 0x180048bd8)
- BCryptHashData (Address: 0x180048c08)
- BCryptImportKey (Address: 0x180048c30)
- BCryptOpenAlgorithmProvider (Address: 0x180048bf0)
- BCryptSetProperty (Address: 0x180048be8)
LSASRV.dll
- LsaICryptProtectData (Address: 0x1800483f8)
- LsaICryptUnprotectData (Address: 0x180048400)
- LsaILookupUserAccountType (Address: 0x1800483e8)
- LsaIRegisterLogonSessionCallback (Address: 0x1800483d0)
- LsaIUnregisterLogonSessionCallback (Address: 0x1800483e0)
- LsapAdtAuditingEnabledByLogonId (Address: 0x180048418)
- LsapAdtGetCallerProcessInfo (Address: 0x180048410)
- LsapAdtInitParametersArray (Address: 0x180048408)
- LsapAdtWriteLog (Address: 0x1800483f0)
- LsapAuditFailed (Address: 0x1800483d8)
- LsapQueryClientInfo (Address: 0x180048420)
msvcp_win.dll
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x180048c58)
ntdll.dll
- NtClose (Address: 0x180048c78)
- NtDuplicateToken (Address: 0x180048cf0)
- NtOpenThreadToken (Address: 0x180048d50)
- NtQueryInformationToken (Address: 0x180048d48)
- NtSetInformationThread (Address: 0x180048cd0)
- NtSetInformationToken (Address: 0x180048cf8)
- RtlAcquireResourceExclusive (Address: 0x180048d18)
- RtlAcquireResourceShared (Address: 0x180048d10)
- RtlAllocateHeap (Address: 0x180048cc0)
- RtlConvertSharedToExclusive (Address: 0x180048cb8)
- RtlCopySid (Address: 0x180048d28)
- RtlDeleteCriticalSection (Address: 0x180048cc8)
- RtlDeleteResource (Address: 0x180048d20)
- RtlEnterCriticalSection (Address: 0x180048d80)
- RtlEqualSid (Address: 0x180048c80)
- RtlFreeHeap (Address: 0x180048d30)
- RtlGetActiveConsoleId (Address: 0x180048d88)
- RtlGetNtProductType (Address: 0x180048d40)
- RtlInitializeCriticalSection (Address: 0x180048d78)
- RtlInitializeResource (Address: 0x180048d90)
- RtlInitializeSid (Address: 0x180048cd8)
- RtlInitUnicodeString (Address: 0x180048c68)
- RtlIsPackageSid (Address: 0x180048d00)
- RtlLeaveCriticalSection (Address: 0x180048d68)
- RtlLengthSid (Address: 0x180048d38)
- RtlNtStatusToDosError (Address: 0x180048d58)
- RtlPublishWnfStateData (Address: 0x180048c70)
- RtlReleaseResource (Address: 0x180048d08)
- RtlSidDominates (Address: 0x180048ce8)
- RtlSubAuthoritySid (Address: 0x180048ce0)
- RtlSubscribeWnfStateChangeNotification (Address: 0x180048d60)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x180048d70)
- RtlValidSid (Address: 0x180048c88)
- TpAllocTimer (Address: 0x180048c90)
- TpIsTimerSet (Address: 0x180048c98)
- TpReleaseTimer (Address: 0x180048cb0)
- TpSetTimer (Address: 0x180048ca8)
- TpWaitForTimer (Address: 0x180048ca0)
profapi.dll
- (Address: 0x180048da0)
RPCRT4.dll
- NdrServerCall2 (Address: 0x180048438)
- NdrServerCallAll (Address: 0x180048440)
- RpcImpersonateClient (Address: 0x180048468)
- RpcRevertToSelf (Address: 0x180048470)
- RpcServerInqCallAttributesW (Address: 0x180048460)
- RpcServerRegisterIf3 (Address: 0x180048450)
- RpcServerUnregisterIfEx (Address: 0x180048448)
- RpcServerUseProtseqEpW (Address: 0x180048458)
- UuidFromStringW (Address: 0x180048430)
SspiCli.dll
- GetUserNameExW (Address: 0x180048480)