AarSvc.dll
Description: Agent Activation Runtime Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 32-bit
Operating System: Windows NT
SHA256: ed9b0dee479c010dea7ba5743eee51ae
File Size: 344.0 KB
Uploaded At: Dec. 1, 2025, 7:52 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x17350)
- DllGetActivationFactory (Ordinal: 2, Address: 0x17310)
- DllGetClassObject (Ordinal: 3, Address: 0x17330)
- ServiceMain (Ordinal: 4, Address: 0x174c0)
Imported DLLs & Functions
agentactivationruntime.dll
- ?CreateAgentActivationRuntime@@YG?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ (Address: 0x1004e018)
- ?GetAgentActivationRuntime@@YG?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ (Address: 0x1004e014)
- ?GetLoggerInstance@@YGAAVLogger@VoiceAgentServices@Microsoft@@XZ (Address: 0x1004e010)
- ?ReleaseAgentActivationRuntime@@YGXXZ (Address: 0x1004e00c)
api-ms-win-core-com-l1-1-0.dll
- CoAddRefServerProcess (Address: 0x1004e050)
- CoCreateFreeThreadedMarshaler (Address: 0x1004e054)
- CoCreateInstance (Address: 0x1004e040)
- CoDecrementMTAUsage (Address: 0x1004e034)
- CoDisconnectContext (Address: 0x1004e05c)
- CoGetMalloc (Address: 0x1004e044)
- CoInitializeEx (Address: 0x1004e038)
- CoInitializeSecurity (Address: 0x1004e024)
- CoRegisterClassObject (Address: 0x1004e048)
- CoReleaseServerProcess (Address: 0x1004e02c)
- CoResumeClassObjects (Address: 0x1004e058)
- CoRevokeClassObject (Address: 0x1004e020)
- CoTaskMemAlloc (Address: 0x1004e030)
- CoTaskMemFree (Address: 0x1004e03c)
- CoUninitialize (Address: 0x1004e04c)
- CoWaitForMultipleHandles (Address: 0x1004e028)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1004e064)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1004e070)
- IsDebuggerPresent (Address: 0x1004e074)
- OutputDebugStringW (Address: 0x1004e06c)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1004e07c)
- RaiseException (Address: 0x1004e088)
- SetLastError (Address: 0x1004e08c)
- SetUnhandledExceptionFilter (Address: 0x1004e080)
- UnhandledExceptionFilter (Address: 0x1004e084)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1004e094)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1004e0a0)
- HeapAlloc (Address: 0x1004e09c)
- HeapFree (Address: 0x1004e0a4)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1004e0ac)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1004e0c0)
- GetModuleFileNameA (Address: 0x1004e0b4)
- GetModuleHandleExW (Address: 0x1004e0bc)
- GetModuleHandleW (Address: 0x1004e0b8)
- GetProcAddress (Address: 0x1004e0c4)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1004e0cc)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x1004e0e0)
- GetCurrentProcess (Address: 0x1004e0dc)
- GetCurrentProcessId (Address: 0x1004e0e4)
- GetCurrentThreadId (Address: 0x1004e0e8)
- OpenProcessToken (Address: 0x1004e0ec)
- TerminateProcess (Address: 0x1004e0d8)
- TerminateThread (Address: 0x1004e0d4)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1004e0f4)
- OpenProcess (Address: 0x1004e0f8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1004e100)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1004e108)
- RegCreateKeyExW (Address: 0x1004e114)
- RegFlushKey (Address: 0x1004e118)
- RegGetValueW (Address: 0x1004e110)
- RegQueryValueExW (Address: 0x1004e11c)
- RegSetValueExW (Address: 0x1004e10c)
api-ms-win-core-registry-l2-1-0.dll
- RegCreateKeyW (Address: 0x1004e128)
- RegOpenKeyW (Address: 0x1004e124)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1004e158)
- AcquireSRWLockShared (Address: 0x1004e174)
- CreateEventExW (Address: 0x1004e160)
- CreateEventW (Address: 0x1004e140)
- CreateMutexExW (Address: 0x1004e170)
- CreateMutexW (Address: 0x1004e178)
- CreateSemaphoreExW (Address: 0x1004e17c)
- DeleteCriticalSection (Address: 0x1004e130)
- EnterCriticalSection (Address: 0x1004e138)
- InitializeCriticalSectionEx (Address: 0x1004e134)
- InitializeSRWLock (Address: 0x1004e150)
- LeaveCriticalSection (Address: 0x1004e14c)
- OpenSemaphoreW (Address: 0x1004e168)
- ReleaseMutex (Address: 0x1004e13c)
- ReleaseSemaphore (Address: 0x1004e164)
- ReleaseSRWLockExclusive (Address: 0x1004e144)
- ReleaseSRWLockShared (Address: 0x1004e16c)
- ResetEvent (Address: 0x1004e148)
- SetEvent (Address: 0x1004e180)
- WaitForSingleObject (Address: 0x1004e154)
- WaitForSingleObjectEx (Address: 0x1004e15c)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1004e190)
- InitOnceComplete (Address: 0x1004e18c)
- InitOnceExecuteOnce (Address: 0x1004e188)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x1004e198)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1004e1a0)
- CreateThreadpoolTimer (Address: 0x1004e1a4)
- SetThreadpoolTimer (Address: 0x1004e1ac)
- WaitForThreadpoolTimerCallbacks (Address: 0x1004e1a8)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1004e1b4)
- EncodePointer (Address: 0x1004e1b8)
api-ms-win-core-winrt-error-l1-1-0.dll
- RoOriginateError (Address: 0x1004e1c0)
- RoOriginateErrorW (Address: 0x1004e1c4)
- RoTransformError (Address: 0x1004e1c8)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1004e1d4)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1004e1d0)
- RoReportFailedDelegate (Address: 0x1004e1d8)
api-ms-win-core-winrt-l1-1-0.dll
- RoGetActivationFactory (Address: 0x1004e1e4)
- RoInitialize (Address: 0x1004e1e8)
- RoRegisterActivationFactories (Address: 0x1004e1f0)
- RoRevokeActivationFactories (Address: 0x1004e1ec)
- RoUninitialize (Address: 0x1004e1e0)
api-ms-win-core-winrt-string-l1-1-0.dll
- WindowsCreateString (Address: 0x1004e20c)
- WindowsCreateStringReference (Address: 0x1004e210)
- WindowsDeleteString (Address: 0x1004e1f8)
- WindowsDuplicateString (Address: 0x1004e1fc)
- WindowsGetStringRawBuffer (Address: 0x1004e200)
- WindowsIsStringEmpty (Address: 0x1004e204)
- WindowsStringHasEmbeddedNull (Address: 0x1004e208)
api-ms-win-crt-private-l1-1-0.dll
- __CxxFrameHandler3 (Address: 0x1004e288)
- __RTDynamicCast (Address: 0x1004e28c)
- __std_terminate (Address: 0x1004e284)
- _CxxThrowException (Address: 0x1004e25c)
- _except_handler4_common (Address: 0x1004e258)
- _o___std_exception_copy (Address: 0x1004e274)
- _o___std_exception_destroy (Address: 0x1004e270)
- _o___std_type_info_destroy_list (Address: 0x1004e26c)
- _o___stdio_common_vsnprintf_s (Address: 0x1004e264)
- _o___stdio_common_vswprintf (Address: 0x1004e260)
- _o__callnewh (Address: 0x1004e27c)
- _o__cexit (Address: 0x1004e278)
- _o__configure_narrow_argv (Address: 0x1004e268)
- _o__crt_atexit (Address: 0x1004e218)
- _o__errno (Address: 0x1004e21c)
- _o__execute_onexit_table (Address: 0x1004e220)
- _o__initialize_narrow_environment (Address: 0x1004e224)
- _o__initialize_onexit_table (Address: 0x1004e228)
- _o__invalid_parameter_noinfo (Address: 0x1004e22c)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1004e230)
- _o__purecall (Address: 0x1004e234)
- _o__register_onexit_function (Address: 0x1004e238)
- _o__seh_filter_dll (Address: 0x1004e23c)
- _o_free (Address: 0x1004e244)
- _o_malloc (Address: 0x1004e248)
- _o_realloc (Address: 0x1004e24c)
- _o_terminate (Address: 0x1004e250)
- _o_toupper (Address: 0x1004e254)
- memcmp (Address: 0x1004e290)
- memcpy (Address: 0x1004e294)
- memmove (Address: 0x1004e240)
- wcschr (Address: 0x1004e280)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x1004e29c)
- _initterm_e (Address: 0x1004e2a0)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x1004e2a8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x1004e2bc)
- EventSetInformation (Address: 0x1004e2b4)
- EventUnregister (Address: 0x1004e2b8)
- EventWriteTransfer (Address: 0x1004e2b0)
api-ms-win-security-base-l1-1-0.dll
- MakeAbsoluteSD (Address: 0x1004e2c4)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1004e2cc)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x1004e2d8)
- SetServiceStatus (Address: 0x1004e2d4)
combase.dll
- (Address: 0x1004e2ec)
- (Address: 0x1004e2e8)
- (Address: 0x1004e2e4)
- (Address: 0x1004e2e0)
msvcp_win.dll
- ?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z (Address: 0x1004e31c)
- ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ (Address: 0x1004e320)
- ?_Incref@facet@locale@std@@UAEXXZ (Address: 0x1004e324)
- ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z (Address: 0x1004e300)
- ?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z (Address: 0x1004e2f8)
- ?_Xlength_error@std@@YAXPBD@Z (Address: 0x1004e2fc)
- ?_Xout_of_range@std@@YAXPBD@Z (Address: 0x1004e314)
- ??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z (Address: 0x1004e30c)
- ??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ (Address: 0x1004e308)
- ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z (Address: 0x1004e2f4)
- ??Bid@locale@std@@QAEIXZ (Address: 0x1004e304)
- ?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A (Address: 0x1004e310)
- ?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z (Address: 0x1004e318)
ntdll.dll
- NtQueryInformationToken (Address: 0x1004e330)
- RtlAllocateHeap (Address: 0x1004e338)
- RtlCompareUnicodeString (Address: 0x1004e340)
- RtlFreeHeap (Address: 0x1004e32c)
- RtlInitUnicodeString (Address: 0x1004e334)
- RtlNtStatusToDosErrorNoTeb (Address: 0x1004e33c)
SystemEventsBrokerClient.dll
- SebEnumerateEventsByType (Address: 0x1004e000)
- SebQueryEventPackage (Address: 0x1004e004)