AboveLockAppHost.dll
Description: AboveLockAppHost
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5848
Architecture: 32-bit
Operating System: Windows NT
SHA256: 121217e16e0156122be76f02370c69b3
File Size: 323.5 KB
Uploaded At: Dec. 1, 2025, 7:52 a.m.
Views: 6
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x125f0)
- DllGetActivationFactory (Ordinal: 2, Address: 0x21290)
- DllGetClassObject (Ordinal: 3, Address: 0x18200)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x1004c0e4)
- CoCreateInstance (Address: 0x1004c0d0)
- CoGetApartmentType (Address: 0x1004c0e0)
- CoGetCallContext (Address: 0x1004c0d8)
- CoGetInterfaceAndReleaseStream (Address: 0x1004c0b4)
- CoGetMalloc (Address: 0x1004c0dc)
- CoGetStdMarshalEx (Address: 0x1004c0d4)
- CoMarshalInterThreadInterfaceInStream (Address: 0x1004c0e8)
- CoReleaseMarshalData (Address: 0x1004c0b8)
- CoTaskMemAlloc (Address: 0x1004c0c4)
- CoTaskMemFree (Address: 0x1004c0bc)
- CoTaskMemRealloc (Address: 0x1004c0c0)
- CoWaitForMultipleHandles (Address: 0x1004c0c8)
- CoWaitForMultipleObjects (Address: 0x1004c0cc)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1004c0f0)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
- CStdStubBuffer2_Connect (Address: 0x1004c144)
- CStdStubBuffer2_CountRefs (Address: 0x1004c104)
- CStdStubBuffer2_Disconnect (Address: 0x1004c110)
- CStdStubBuffer2_QueryInterface (Address: 0x1004c118)
- NdrProxyForwardingFunction3 (Address: 0x1004c140)
- NdrProxyForwardingFunction4 (Address: 0x1004c120)
- NdrProxyForwardingFunction5 (Address: 0x1004c128)
- ObjectStublessClient10 (Address: 0x1004c148)
- ObjectStublessClient11 (Address: 0x1004c150)
- ObjectStublessClient12 (Address: 0x1004c15c)
- ObjectStublessClient13 (Address: 0x1004c130)
- ObjectStublessClient14 (Address: 0x1004c154)
- ObjectStublessClient15 (Address: 0x1004c138)
- ObjectStublessClient16 (Address: 0x1004c124)
- ObjectStublessClient17 (Address: 0x1004c158)
- ObjectStublessClient18 (Address: 0x1004c108)
- ObjectStublessClient19 (Address: 0x1004c14c)
- ObjectStublessClient20 (Address: 0x1004c10c)
- ObjectStublessClient21 (Address: 0x1004c12c)
- ObjectStublessClient3 (Address: 0x1004c13c)
- ObjectStublessClient4 (Address: 0x1004c11c)
- ObjectStublessClient5 (Address: 0x1004c114)
- ObjectStublessClient6 (Address: 0x1004c100)
- ObjectStublessClient7 (Address: 0x1004c134)
- ObjectStublessClient8 (Address: 0x1004c0fc)
- ObjectStublessClient9 (Address: 0x1004c0f8)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1004c16c)
- IsDebuggerPresent (Address: 0x1004c168)
- OutputDebugStringW (Address: 0x1004c164)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1004c174)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1004c17c)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1004c194)
- RaiseException (Address: 0x1004c190)
- SetLastError (Address: 0x1004c18c)
- SetUnhandledExceptionFilter (Address: 0x1004c188)
- UnhandledExceptionFilter (Address: 0x1004c184)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1004c19c)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1004c1a4)
- HeapAlloc (Address: 0x1004c1a8)
- HeapFree (Address: 0x1004c1ac)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1004c1b4)
- LocalFree (Address: 0x1004c1b8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- RegisterWaitForSingleObject (Address: 0x1004c1c0)
- UnregisterWait (Address: 0x1004c1c4)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1004c1d8)
- GetModuleFileNameA (Address: 0x1004c1cc)
- GetModuleHandleExW (Address: 0x1004c1d0)
- GetModuleHandleW (Address: 0x1004c1dc)
- GetProcAddress (Address: 0x1004c1d4)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1004c1e4)
api-ms-win-core-marshal-l1-1-0.dll
- HWND_UserFree (Address: 0x1004c1ec)
- HWND_UserMarshal (Address: 0x1004c1f0)
- HWND_UserSize (Address: 0x1004c1f4)
- HWND_UserUnmarshal (Address: 0x1004c1f8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1004c200)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1004c210)
- GetCurrentProcessId (Address: 0x1004c218)
- GetCurrentThreadId (Address: 0x1004c214)
- GetProcessId (Address: 0x1004c208)
- TerminateProcess (Address: 0x1004c20c)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1004c220)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1004c228)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x1004c230)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1004c238)
- RegCreateKeyExW (Address: 0x1004c244)
- RegGetValueW (Address: 0x1004c24c)
- RegOpenKeyExW (Address: 0x1004c240)
- RegQueryInfoKeyW (Address: 0x1004c248)
- RegQueryValueExW (Address: 0x1004c23c)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1004c254)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1004c288)
- AcquireSRWLockShared (Address: 0x1004c284)
- CreateEventW (Address: 0x1004c274)
- CreateMutexExW (Address: 0x1004c290)
- CreateSemaphoreExW (Address: 0x1004c29c)
- DeleteCriticalSection (Address: 0x1004c27c)
- EnterCriticalSection (Address: 0x1004c260)
- InitializeCriticalSectionEx (Address: 0x1004c25c)
- InitializeSRWLock (Address: 0x1004c2a0)
- LeaveCriticalSection (Address: 0x1004c298)
- OpenSemaphoreW (Address: 0x1004c264)
- ReleaseMutex (Address: 0x1004c26c)
- ReleaseSemaphore (Address: 0x1004c268)
- ReleaseSRWLockExclusive (Address: 0x1004c280)
- ReleaseSRWLockShared (Address: 0x1004c28c)
- SetEvent (Address: 0x1004c294)
- WaitForSingleObject (Address: 0x1004c278)
- WaitForSingleObjectEx (Address: 0x1004c270)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1004c2bc)
- InitOnceComplete (Address: 0x1004c2b4)
- InitOnceExecuteOnce (Address: 0x1004c2a8)
- Sleep (Address: 0x1004c2ac)
- SleepConditionVariableSRW (Address: 0x1004c2b0)
- WakeAllConditionVariable (Address: 0x1004c2b8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x1004c2c4)
- GetTickCount (Address: 0x1004c2cc)
- GetTickCount64 (Address: 0x1004c2c8)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetProductInfo (Address: 0x1004c2d4)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1004c2e4)
- CreateThreadpoolTimer (Address: 0x1004c2dc)
- SetThreadpoolTimer (Address: 0x1004c2e8)
- WaitForThreadpoolTimerCallbacks (Address: 0x1004c2e0)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1004c2f0)
- EncodePointer (Address: 0x1004c2f4)
api-ms-win-core-winrt-error-l1-1-0.dll
- RoOriginateError (Address: 0x1004c300)
- RoOriginateErrorW (Address: 0x1004c304)
- SetRestrictedErrorInfo (Address: 0x1004c2fc)
api-ms-win-core-winrt-error-l1-1-1.dll
- RoGetMatchingRestrictedErrorInfo (Address: 0x1004c30c)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1004c318)
- RoGetActivationFactory (Address: 0x1004c314)
api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll
- RoCreatePropertySetSerializer (Address: 0x1004c320)
api-ms-win-core-winrt-string-l1-1-0.dll
- HSTRING_UserFree (Address: 0x1004c348)
- HSTRING_UserMarshal (Address: 0x1004c350)
- HSTRING_UserSize (Address: 0x1004c334)
- HSTRING_UserUnmarshal (Address: 0x1004c33c)
- WindowsCreateString (Address: 0x1004c338)
- WindowsCreateStringReference (Address: 0x1004c32c)
- WindowsDeleteString (Address: 0x1004c354)
- WindowsDuplicateString (Address: 0x1004c358)
- WindowsGetStringLen (Address: 0x1004c330)
- WindowsGetStringRawBuffer (Address: 0x1004c328)
- WindowsIsStringEmpty (Address: 0x1004c344)
- WindowsStringHasEmbeddedNull (Address: 0x1004c340)
- WindowsSubstringWithSpecifiedLength (Address: 0x1004c34c)
api-ms-win-core-wow64-l1-1-0.dll
- IsWow64Process (Address: 0x1004c360)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1004c37c)
- EventProviderEnabled (Address: 0x1004c374)
- EventRegister (Address: 0x1004c368)
- EventSetInformation (Address: 0x1004c36c)
- EventUnregister (Address: 0x1004c378)
- EventWriteTransfer (Address: 0x1004c370)
api-ms-win-security-base-l1-1-0.dll
- GetTokenInformation (Address: 0x1004c384)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1004c38c)
api-ms-win-shcore-thread-l1-1-0.dll
- GetProcessReference (Address: 0x1004c394)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x1004c39c)
combase.dll
- (Address: 0x1004c3a4)
- (Address: 0x1004c3a8)
KERNEL32.dll
- CloseState (Address: 0x1004c008)
- GetSystemAppDataKey (Address: 0x1004c000)
- OpenStateExplicit (Address: 0x1004c004)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x1004c438)
- __dllonexit (Address: 0x1004c3b8)
- _amsg_exit (Address: 0x1004c420)
- _callnewh (Address: 0x1004c418)
- _CxxThrowException (Address: 0x1004c40c)
- _except_handler4_common (Address: 0x1004c3f0)
- _ftol2_sse (Address: 0x1004c434)
- _initterm (Address: 0x1004c3c4)
- _lock (Address: 0x1004c3c0)
- _onexit (Address: 0x1004c3b4)
- _purecall (Address: 0x1004c3dc)
- _unlock (Address: 0x1004c3bc)
- _vsnprintf_s (Address: 0x1004c3ec)
- _vsnwprintf (Address: 0x1004c3d8)
- _wcsicmp (Address: 0x1004c3f4)
- _XcptFilter (Address: 0x1004c424)
- ??0exception@@QAE@ABQBD@Z (Address: 0x1004c400)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x1004c404)
- ??0exception@@QAE@ABV0@@Z (Address: 0x1004c3e8)
- ??0exception@@QAE@XZ (Address: 0x1004c3e4)
- ??1exception@@UAE@XZ (Address: 0x1004c3e0)
- ??1type_info@@UAE@XZ (Address: 0x1004c41c)
- ??3@YAXPAX@Z (Address: 0x1004c428)
- ?terminate@@YAXXZ (Address: 0x1004c3b0)
- ?what@exception@@UBEPBDXZ (Address: 0x1004c408)
- free (Address: 0x1004c3cc)
- malloc (Address: 0x1004c3c8)
- memcmp (Address: 0x1004c42c)
- memcpy (Address: 0x1004c410)
- memcpy_s (Address: 0x1004c3d0)
- memmove (Address: 0x1004c414)
- memmove_s (Address: 0x1004c3d4)
- memset (Address: 0x1004c43c)
- toupper (Address: 0x1004c3fc)
- wcscspn (Address: 0x1004c3f8)
- wcsrchr (Address: 0x1004c430)
ntdll.dll
- NtQueryWnfStateData (Address: 0x1004c444)
- RtlPublishWnfStateData (Address: 0x1004c448)
RPCRT4.dll
- CStdStubBuffer_AddRef (Address: 0x1004c02c)
- CStdStubBuffer_Connect (Address: 0x1004c040)
- CStdStubBuffer_CountRefs (Address: 0x1004c03c)
- CStdStubBuffer_DebugServerQueryInterface (Address: 0x1004c018)
- CStdStubBuffer_DebugServerRelease (Address: 0x1004c058)
- CStdStubBuffer_Disconnect (Address: 0x1004c050)
- CStdStubBuffer_Invoke (Address: 0x1004c048)
- CStdStubBuffer_IsIIDSupported (Address: 0x1004c044)
- CStdStubBuffer_QueryInterface (Address: 0x1004c054)
- IUnknown_AddRef_Proxy (Address: 0x1004c010)
- IUnknown_QueryInterface_Proxy (Address: 0x1004c04c)
- IUnknown_Release_Proxy (Address: 0x1004c030)
- NdrCStdStubBuffer_Release (Address: 0x1004c024)
- NdrCStdStubBuffer2_Release (Address: 0x1004c014)
- NdrDllCanUnloadNow (Address: 0x1004c020)
- NdrDllGetClassObject (Address: 0x1004c01c)
- NdrOleAllocate (Address: 0x1004c05c)
- NdrOleFree (Address: 0x1004c028)
- NdrStubCall2 (Address: 0x1004c034)
- NdrStubForwardingFunction (Address: 0x1004c038)
SHCORE.dll
- IUnknown_QueryService (Address: 0x1004c064)
- SHGetThreadRef (Address: 0x1004c06c)
- SHTaskPoolQueueTask (Address: 0x1004c068)
USER32.dll
- GetShellWindow (Address: 0x1004c0a8)
- GetSystemMetrics (Address: 0x1004c0a0)
- GetWindowBand (Address: 0x1004c090)
- GetWindowLongW (Address: 0x1004c07c)
- GetWindowRect (Address: 0x1004c098)
- GetWindowThreadProcessId (Address: 0x1004c084)
- IsIconic (Address: 0x1004c08c)
- IsZoomed (Address: 0x1004c094)
- PostMessageW (Address: 0x1004c0a4)
- SetForegroundWindow (Address: 0x1004c09c)
- SetLayeredWindowAttributes (Address: 0x1004c080)
- SetPropW (Address: 0x1004c0ac)
- SetRectEmpty (Address: 0x1004c074)
- SetWindowLongW (Address: 0x1004c078)
- SetWindowPos (Address: 0x1004c088)