windows.immersiveshell.serviceprovider.dll

Description: Windows.ImmersiveShell.ServiceProvider

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6280

Architecture: 64-bit

Operating System: Windows NT

SHA256: 1eb266a9cc1136b4f4cd92a9b45f441a

File Size: 766.5 KB

Uploaded At: Dec. 1, 2025, 7:43 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x11990)
  • DllGetClassObject (Ordinal: 2, Address: 0x139a0)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x180097120)
api-ms-win-core-atoms-l1-1-0.dll
  • GlobalGetAtomNameW (Address: 0x180097130)
api-ms-win-core-com-l1-1-0.dll
  • CLSIDFromString (Address: 0x180097188)
  • CoCancelCall (Address: 0x1800971b0)
  • CoCreateFreeThreadedMarshaler (Address: 0x180097208)
  • CoCreateInstance (Address: 0x1800971e8)
  • CoDecrementMTAUsage (Address: 0x180097158)
  • CoDisableCallCancellation (Address: 0x1800971a8)
  • CoEnableCallCancellation (Address: 0x180097170)
  • CoGetApartmentType (Address: 0x1800971d8)
  • CoGetCallContext (Address: 0x1800971e0)
  • CoGetCallerTID (Address: 0x1800971f0)
  • CoGetClassObject (Address: 0x180097168)
  • CoGetInterfaceAndReleaseStream (Address: 0x180097190)
  • CoGetMalloc (Address: 0x180097200)
  • CoIncrementMTAUsage (Address: 0x1800971c8)
  • CoInitializeEx (Address: 0x1800971c0)
  • CoMarshalInterface (Address: 0x180097140)
  • CoMarshalInterThreadInterfaceInStream (Address: 0x1800971a0)
  • CoRegisterClassObject (Address: 0x180097180)
  • CoReleaseMarshalData (Address: 0x180097198)
  • CoRevokeClassObject (Address: 0x180097178)
  • CoTaskMemAlloc (Address: 0x180097210)
  • CoTaskMemFree (Address: 0x1800971d0)
  • CoTaskMemRealloc (Address: 0x180097150)
  • CoUninitialize (Address: 0x1800971b8)
  • CoWaitForMultipleHandles (Address: 0x180097160)
  • CreateStreamOnHGlobal (Address: 0x180097148)
  • PropVariantClear (Address: 0x1800971f8)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x180097220)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180097230)
  • IsDebuggerPresent (Address: 0x180097238)
  • OutputDebugStringW (Address: 0x180097240)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180097250)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180097260)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180097280)
  • RaiseException (Address: 0x180097270)
  • SetLastError (Address: 0x180097288)
  • SetUnhandledExceptionFilter (Address: 0x180097290)
  • UnhandledExceptionFilter (Address: 0x180097278)
api-ms-win-core-errorhandling-l1-1-2.dll
  • RaiseFailFastException (Address: 0x1800972a0)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800972b8)
  • DuplicateHandle (Address: 0x1800972b0)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800972d0)
  • HeapAlloc (Address: 0x1800972c8)
  • HeapFree (Address: 0x1800972d8)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800972e8)
  • LocalFree (Address: 0x1800972f0)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x180097300)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • MulDiv (Address: 0x180097310)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • VerifyVersionInfoW (Address: 0x180097320)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180097350)
  • FindResourceExW (Address: 0x180097380)
  • FindStringOrdinal (Address: 0x180097368)
  • FreeLibrary (Address: 0x180097360)
  • FreeLibraryAndExitThread (Address: 0x180097388)
  • GetModuleFileNameA (Address: 0x180097358)
  • GetModuleFileNameW (Address: 0x180097348)
  • GetModuleHandleExW (Address: 0x180097338)
  • GetModuleHandleW (Address: 0x180097340)
  • GetProcAddress (Address: 0x180097330)
  • LoadResource (Address: 0x180097378)
  • LockResource (Address: 0x180097370)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180097398)
api-ms-win-core-path-l1-1-0.dll
  • PathAllocCombine (Address: 0x1800973a8)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x1800973b8)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateThread (Address: 0x180097400)
  • GetCurrentProcess (Address: 0x1800973c8)
  • GetCurrentProcessId (Address: 0x1800973e8)
  • GetCurrentThread (Address: 0x1800973f0)
  • GetCurrentThreadId (Address: 0x1800973e0)
  • GetProcessId (Address: 0x1800973d0)
  • OpenProcessToken (Address: 0x1800973d8)
  • TerminateProcess (Address: 0x1800973f8)
api-ms-win-core-processthreads-l1-1-1.dll
  • GetProcessMitigationPolicy (Address: 0x180097418)
  • IsProcessorFeaturePresent (Address: 0x180097410)
  • OpenProcess (Address: 0x180097420)
api-ms-win-core-processthreads-l1-1-3.dll
  • SetThreadDescription (Address: 0x180097430)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180097440)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x180097450)
api-ms-win-core-psm-key-l1-1-0.dll
  • PsmGetKeyFromToken (Address: 0x180097460)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180097478)
  • RegCreateKeyExW (Address: 0x1800974a0)
  • RegDeleteValueW (Address: 0x180097490)
  • RegGetKeySecurity (Address: 0x180097480)
  • RegGetValueW (Address: 0x1800974c0)
  • RegNotifyChangeKeyValue (Address: 0x180097498)
  • RegOpenCurrentUser (Address: 0x1800974b8)
  • RegOpenKeyExW (Address: 0x1800974b0)
  • RegQueryValueExW (Address: 0x1800974a8)
  • RegSetKeySecurity (Address: 0x180097470)
  • RegSetValueExW (Address: 0x180097488)
api-ms-win-core-registry-l1-1-1.dll
  • RegSetKeyValueW (Address: 0x1800974d0)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x1800974f0)
  • RtlLookupFunctionEntry (Address: 0x1800974e8)
  • RtlVirtualUnwind (Address: 0x1800974e0)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
  • SHExpandEnvironmentStringsW (Address: 0x180097500)
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
  • StrCmpIW (Address: 0x180097510)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x180097520)
api-ms-win-core-string-l2-1-1.dll
  • SHLoadIndirectString (Address: 0x180097530)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrlenW (Address: 0x180097540)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800975a8)
  • AcquireSRWLockShared (Address: 0x180097598)
  • CreateEventExW (Address: 0x180097550)
  • CreateEventW (Address: 0x180097570)
  • CreateMutexExW (Address: 0x1800975e8)
  • CreateSemaphoreExW (Address: 0x180097560)
  • DeleteCriticalSection (Address: 0x1800975c8)
  • EnterCriticalSection (Address: 0x1800975c0)
  • InitializeCriticalSection (Address: 0x180097558)
  • InitializeCriticalSectionEx (Address: 0x1800975e0)
  • InitializeSRWLock (Address: 0x1800975b0)
  • LeaveCriticalSection (Address: 0x180097578)
  • OpenSemaphoreW (Address: 0x1800975d8)
  • ReleaseMutex (Address: 0x180097590)
  • ReleaseSemaphore (Address: 0x180097568)
  • ReleaseSRWLockExclusive (Address: 0x1800975f0)
  • ReleaseSRWLockShared (Address: 0x1800975a0)
  • SetEvent (Address: 0x1800975d0)
  • WaitForMultipleObjectsEx (Address: 0x180097580)
  • WaitForSingleObject (Address: 0x180097588)
  • WaitForSingleObjectEx (Address: 0x1800975b8)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceBeginInitialize (Address: 0x180097608)
  • InitOnceComplete (Address: 0x180097600)
  • InitOnceExecuteOnce (Address: 0x180097610)
  • Sleep (Address: 0x180097618)
api-ms-win-core-synch-l1-2-1.dll
  • WaitForMultipleObjects (Address: 0x180097628)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTime (Address: 0x180097640)
  • GetSystemTimeAsFileTime (Address: 0x180097648)
  • GetTickCount (Address: 0x180097638)
  • GetTickCount64 (Address: 0x180097650)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x180097680)
  • CloseThreadpoolWait (Address: 0x180097688)
  • CreateThreadpoolTimer (Address: 0x180097678)
  • CreateThreadpoolWait (Address: 0x180097670)
  • SetThreadpoolTimer (Address: 0x180097690)
  • SetThreadpoolWait (Address: 0x180097698)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180097660)
  • WaitForThreadpoolWaitCallbacks (Address: 0x180097668)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueueTimer (Address: 0x1800976b0)
  • DeleteTimerQueueTimer (Address: 0x1800976a8)
api-ms-win-core-url-l1-1-0.dll
  • HashData (Address: 0x1800976c0)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x1800976d8)
  • EncodePointer (Address: 0x1800976d0)
api-ms-win-core-winrt-error-l1-1-0.dll
  • GetRestrictedErrorInfo (Address: 0x1800976f0)
  • RoOriginateError (Address: 0x180097708)
  • RoOriginateErrorW (Address: 0x1800976e8)
  • RoTransformError (Address: 0x1800976f8)
  • SetRestrictedErrorInfo (Address: 0x180097700)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x180097720)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x180097728)
  • RoReportFailedDelegate (Address: 0x180097718)
api-ms-win-core-winrt-l1-1-0.dll
  • RoActivateInstance (Address: 0x180097748)
  • RoGetActivationFactory (Address: 0x180097738)
  • RoInitialize (Address: 0x180097740)
  • RoUninitialize (Address: 0x180097750)
api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll
  • RoCreatePropertySetSerializer (Address: 0x180097760)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCompareStringOrdinal (Address: 0x180097778)
  • WindowsCreateString (Address: 0x1800977a0)
  • WindowsCreateStringReference (Address: 0x180097790)
  • WindowsDeleteString (Address: 0x1800977a8)
  • WindowsDuplicateString (Address: 0x180097780)
  • WindowsGetStringRawBuffer (Address: 0x180097798)
  • WindowsIsStringEmpty (Address: 0x180097770)
  • WindowsSubstringWithSpecifiedLength (Address: 0x180097788)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x180097840)
  • __CxxFrameHandler3 (Address: 0x180097848)
  • __CxxFrameHandler4 (Address: 0x1800978b0)
  • __std_terminate (Address: 0x1800978a0)
  • _CxxThrowException (Address: 0x180097850)
  • _o___std_exception_copy (Address: 0x180097880)
  • _o___std_exception_destroy (Address: 0x180097878)
  • _o___std_type_info_destroy_list (Address: 0x180097870)
  • _o___stdio_common_vsnprintf_s (Address: 0x180097860)
  • _o___stdio_common_vswprintf (Address: 0x180097858)
  • _o__callnewh (Address: 0x1800978d0)
  • _o__cexit (Address: 0x1800978c0)
  • _o__configure_narrow_argv (Address: 0x1800978b8)
  • _o__crt_atexit (Address: 0x1800978a8)
  • _o__errno (Address: 0x180097890)
  • _o__execute_onexit_table (Address: 0x180097888)
  • _o__get_errno (Address: 0x180097808)
  • _o__initialize_narrow_environment (Address: 0x1800977b8)
  • _o__initialize_onexit_table (Address: 0x1800977c0)
  • _o__invalid_parameter_noinfo (Address: 0x1800977c8)
  • _o__invalid_parameter_noinfo_noreturn (Address: 0x1800977d0)
  • _o__purecall (Address: 0x1800977d8)
  • _o__register_onexit_function (Address: 0x1800977e0)
  • _o__seh_filter_dll (Address: 0x1800977e8)
  • _o__set_errno (Address: 0x1800977f0)
  • _o__wcsicmp (Address: 0x1800977f8)
  • _o__wcstoui64 (Address: 0x180097810)
  • _o_free (Address: 0x180097818)
  • _o_malloc (Address: 0x180097820)
  • _o_realloc (Address: 0x180097828)
  • _o_terminate (Address: 0x180097830)
  • _o_toupper (Address: 0x180097838)
  • memcmp (Address: 0x1800978c8)
  • memcpy (Address: 0x1800978d8)
  • memmove (Address: 0x180097800)
  • wcschr (Address: 0x180097898)
  • wcsrchr (Address: 0x180097868)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x1800978f0)
  • _initterm_e (Address: 0x1800978e8)
api-ms-win-crt-string-l1-1-0.dll
  • _wcsrev (Address: 0x180097900)
  • memmove_s (Address: 0x180097930)
  • memset (Address: 0x180097920)
  • wcscmp (Address: 0x180097918)
  • wcscspn (Address: 0x180097928)
  • wcsncpy (Address: 0x180097910)
  • wcsspn (Address: 0x180097908)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x180097940)
  • EventProviderEnabled (Address: 0x180097958)
  • EventRegister (Address: 0x180097968)
  • EventSetInformation (Address: 0x180097950)
  • EventUnregister (Address: 0x180097948)
  • EventWriteTransfer (Address: 0x180097960)
api-ms-win-security-base-l1-1-0.dll
  • CopySid (Address: 0x180097998)
  • CreateWellKnownSid (Address: 0x180097980)
  • DuplicateTokenEx (Address: 0x180097988)
  • EqualSid (Address: 0x1800979a0)
  • FreeSid (Address: 0x1800979c0)
  • GetLengthSid (Address: 0x180097978)
  • GetSecurityDescriptorDacl (Address: 0x1800979a8)
  • GetTokenInformation (Address: 0x1800979b0)
  • MakeAbsoluteSD (Address: 0x1800979b8)
  • SetSecurityDescriptorDacl (Address: 0x180097990)
api-ms-win-security-lsalookup-l1-1-1.dll
  • EnumerateIdentityProviders (Address: 0x1800979e8)
  • GetDefaultIdentityProvider (Address: 0x1800979e0)
  • GetIdentityProviderInfoByGUID (Address: 0x1800979d8)
  • ReleaseIdentityProviderEnumContext (Address: 0x1800979d0)
api-ms-win-security-provider-l1-1-0.dll
  • GetExplicitEntriesFromAclW (Address: 0x180097a10)
  • GetSecurityInfo (Address: 0x1800979f8)
  • SetEntriesInAclW (Address: 0x180097a08)
  • SetSecurityInfo (Address: 0x180097a00)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSidToSidW (Address: 0x180097a20)
msvcp_win.dll
  • ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x180097a30)
  • ?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x180097a38)
ntdll.dll
  • NtQueryInformationToken (Address: 0x180097a60)
  • NtQueryWnfStateData (Address: 0x180097a90)
  • RtlAllocateHeap (Address: 0x180097a70)
  • RtlCompareUnicodeString (Address: 0x180097ab0)
  • RtlEqualSid (Address: 0x180097a50)
  • RtlFreeHeap (Address: 0x180097a58)
  • RtlGetAppContainerSidType (Address: 0x180097aa8)
  • RtlInitUnicodeString (Address: 0x180097a68)
  • RtlNtStatusToDosError (Address: 0x180097ab8)
  • RtlNtStatusToDosErrorNoTeb (Address: 0x180097a78)
  • RtlPublishWnfStateData (Address: 0x180097a88)
  • RtlQueryWnfStateData (Address: 0x180097aa0)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x180097a80)
  • RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x180097a98)
  • VerSetConditionMask (Address: 0x180097a48)
OLEAUT32.dll
  • SafeArrayGetDim (Address: 0x180097078)
  • SysAllocString (Address: 0x180097088)
  • SysFreeString (Address: 0x180097070)
  • SysStringLen (Address: 0x180097090)
  • VariantClear (Address: 0x180097080)
SHCORE.dll
  • (Address: 0x1800970d8)
  • (Address: 0x1800970e8)
  • CreateRandomAccessStreamOnFile (Address: 0x1800970e0)
  • CreateStreamOverRandomAccessStream (Address: 0x1800970d0)
  • GetDpiForMonitor (Address: 0x1800970f0)
  • IStream_Read (Address: 0x1800970a0)
  • IStream_Size (Address: 0x1800970c0)
  • IUnknown_QueryService (Address: 0x1800970b0)
  • SHCreateThread (Address: 0x1800970b8)
  • SHGetThreadRef (Address: 0x180097108)
  • SHSetValueW (Address: 0x180097110)
  • SHStrDupW (Address: 0x1800970f8)
  • SHTaskPoolAllowThreadReuse (Address: 0x1800970c8)
  • SHTaskPoolGetUniqueContext (Address: 0x1800970a8)
  • SHTaskPoolQueueTask (Address: 0x180097100)