AcLayers.dll
Description: Windows Compatibility DLL
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5438
Architecture: 32-bit
Operating System: Windows NT
SHA256: e4dbe62bf7690e036a74047fbbad389d
File Size: 375.0 KB
Uploaded At: Dec. 1, 2025, 7:52 a.m.
Views: 6
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory
Exported Functions
- GetHookAPIs (Ordinal: 1, Address: 0x4ae50)
- NotifyShims (Ordinal: 2, Address: 0x4aee0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x795793ac)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x795793b8)
- RegCreateKeyExW (Address: 0x795793bc)
- RegDeleteKeyExW (Address: 0x795793cc)
- RegEnumKeyExW (Address: 0x795793d0)
- RegGetKeySecurity (Address: 0x795793c8)
- RegOpenKeyExA (Address: 0x795793c4)
- RegOpenKeyExW (Address: 0x795793d4)
- RegQueryValueExW (Address: 0x795793b4)
- RegSetValueExW (Address: 0x795793c0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventWriteTransfer (Address: 0x795793dc)
api-ms-win-security-base-l1-1-0.dll
- AllocateAndInitializeSid (Address: 0x795793fc)
- CheckTokenMembership (Address: 0x795793f0)
- CopySid (Address: 0x795793f8)
- FreeSid (Address: 0x79579404)
- GetAce (Address: 0x795793ec)
- GetAclInformation (Address: 0x79579400)
- GetFileSecurityW (Address: 0x795793f4)
- GetSecurityDescriptorDacl (Address: 0x795793e4)
- GetTokenInformation (Address: 0x795793e8)
apphelp.dll
- SE_COM_AddHook (Address: 0x7957941c)
- SE_COM_AddServer (Address: 0x7957940c)
- SE_COM_HookObject (Address: 0x79579410)
- SE_COM_Lookup (Address: 0x79579414)
- SE_GetShimId (Address: 0x79579420)
- SE_ShimDPF (Address: 0x79579418)
GDI32.dll
- CreateCompatibleBitmap (Address: 0x79579020)
- CreateCompatibleDC (Address: 0x79579004)
- CreateDIBSection (Address: 0x79579008)
- CreateSolidBrush (Address: 0x79579018)
- DeleteDC (Address: 0x79579014)
- DeleteObject (Address: 0x79579010)
- GdiFlush (Address: 0x79579000)
- GetDIBits (Address: 0x7957900c)
- GetObjectType (Address: 0x79579030)
- OffsetClipRgn (Address: 0x79579028)
- OffsetRgn (Address: 0x7957902c)
- OffsetWindowOrgEx (Address: 0x7957901c)
- SelectObject (Address: 0x79579024)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x79579174)
- AcquireSRWLockShared (Address: 0x79579180)
- AddAtomW (Address: 0x79579184)
- CancelIo (Address: 0x79579044)
- CloseHandle (Address: 0x795791f4)
- CompareStringA (Address: 0x79579140)
- CompareStringEx (Address: 0x795791ac)
- CompareStringW (Address: 0x7957913c)
- CopyFileA (Address: 0x79579164)
- CopyFileW (Address: 0x7957915c)
- CreateActCtxW (Address: 0x795790b4)
- CreateDirectoryW (Address: 0x79579150)
- CreateEventW (Address: 0x79579050)
- CreateFileA (Address: 0x795791f8)
- CreateFileMappingW (Address: 0x79579060)
- CreateFileW (Address: 0x795790cc)
- CreateMutexW (Address: 0x795790ac)
- CreateProcessW (Address: 0x79579074)
- CreateThread (Address: 0x795790f4)
- DelayLoadFailureHook (Address: 0x79579098)
- DeleteCriticalSection (Address: 0x79579054)
- DeleteFileA (Address: 0x79579160)
- DeleteFileW (Address: 0x79579158)
- DeleteProcThreadAttributeList (Address: 0x795791bc)
- EnterCriticalSection (Address: 0x7957910c)
- ExitProcess (Address: 0x795791e4)
- ExpandEnvironmentStringsA (Address: 0x7957911c)
- ExpandEnvironmentStringsW (Address: 0x795791b8)
- FindClose (Address: 0x79579144)
- FindFirstFileW (Address: 0x7957914c)
- FindNextFileW (Address: 0x79579148)
- FindNLSStringEx (Address: 0x79579188)
- GetApplicationRestartSettings (Address: 0x79579118)
- GetCommandLineA (Address: 0x79579220)
- GetCommandLineW (Address: 0x7957903c)
- GetCurrentActCtx (Address: 0x795791d4)
- GetCurrentDirectoryW (Address: 0x795790a8)
- GetCurrentProcess (Address: 0x795791e8)
- GetCurrentProcessId (Address: 0x79579200)
- GetCurrentThread (Address: 0x7957906c)
- GetCurrentThreadId (Address: 0x7957917c)
- GetDriveTypeW (Address: 0x795790e0)
- GetEnvironmentVariableA (Address: 0x79579208)
- GetFileAttributesW (Address: 0x79579100)
- GetFileSize (Address: 0x795790c4)
- GetFullPathNameW (Address: 0x795790a4)
- GetLastError (Address: 0x795791e0)
- GetLocaleInfoEx (Address: 0x795791a8)
- GetLogicalDriveStringsW (Address: 0x795790e4)
- GetModuleFileNameW (Address: 0x795790d8)
- GetModuleHandleA (Address: 0x79579224)
- GetModuleHandleW (Address: 0x795791ec)
- GetProcAddress (Address: 0x7957921c)
- GetProcessHeap (Address: 0x795791a0)
- GetShortPathNameA (Address: 0x7957912c)
- GetShortPathNameW (Address: 0x79579124)
- GetStartupInfoA (Address: 0x79579214)
- GetSystemDirectoryW (Address: 0x795790d4)
- GetSystemFirmwareTable (Address: 0x795791f0)
- GetSystemTimeAsFileTime (Address: 0x79579088)
- GetTempFileNameA (Address: 0x795790bc)
- GetTempFileNameW (Address: 0x795790b8)
- GetTempPathA (Address: 0x795790c0)
- GetTempPathW (Address: 0x79579154)
- GetTickCount (Address: 0x79579084)
- GetVersion (Address: 0x79579228)
- GetVersionExW (Address: 0x79579138)
- GetVolumeNameForVolumeMountPointW (Address: 0x795790d0)
- GetWindowsDirectoryW (Address: 0x795790dc)
- HeapAlloc (Address: 0x795791a4)
- HeapFree (Address: 0x79579198)
- HeapReAlloc (Address: 0x79579190)
- InitializeCriticalSection (Address: 0x7957904c)
- InitializeCriticalSectionAndSpinCount (Address: 0x79579104)
- InitializeProcThreadAttributeList (Address: 0x795791c0)
- InitializeSRWLock (Address: 0x79579068)
- IsBadReadPtr (Address: 0x79579204)
- IsDebuggerPresent (Address: 0x79579078)
- IsNLSDefinedString (Address: 0x7957918c)
- IsWow64Process (Address: 0x7957907c)
- LCIDToLocaleName (Address: 0x795791b0)
- LCMapStringEx (Address: 0x79579194)
- LeaveCriticalSection (Address: 0x79579108)
- LoadLibraryA (Address: 0x79579218)
- LoadLibraryW (Address: 0x7957916c)
- LocalAlloc (Address: 0x795791dc)
- LocalFree (Address: 0x795791d8)
- lstrcmpA (Address: 0x79579110)
- lstrcmpiA (Address: 0x79579130)
- MapViewOfFile (Address: 0x79579064)
- MultiByteToWideChar (Address: 0x7957919c)
- OpenMutexW (Address: 0x795790b0)
- OutputDebugStringA (Address: 0x79579048)
- ProcessIdToSessionId (Address: 0x79579080)
- QueryActCtxW (Address: 0x795791d0)
- QueryFullProcessImageNameW (Address: 0x79579168)
- QueryPerformanceCounter (Address: 0x795790ec)
- QueryPerformanceFrequency (Address: 0x795790e8)
- ReadFile (Address: 0x79579040)
- ReadProcessMemory (Address: 0x79579230)
- RegisterApplicationRestart (Address: 0x79579114)
- ReleaseActCtx (Address: 0x795791cc)
- ReleaseSRWLockExclusive (Address: 0x79579170)
- ReleaseSRWLockShared (Address: 0x79579178)
- ResetEvent (Address: 0x795790f8)
- ResolveDelayLoadedAPI (Address: 0x7957909c)
- ResumeThread (Address: 0x795791c4)
- SearchPathW (Address: 0x795790a0)
- SetEnvironmentVariableA (Address: 0x7957920c)
- SetEvent (Address: 0x795790fc)
- SetFilePointer (Address: 0x795790c8)
- SetLastError (Address: 0x795791c8)
- SetNamedPipeHandleState (Address: 0x79579058)
- SetUnhandledExceptionFilter (Address: 0x79579090)
- Sleep (Address: 0x795791fc)
- TerminateProcess (Address: 0x7957908c)
- TlsAlloc (Address: 0x79579120)
- TlsGetValue (Address: 0x79579134)
- TlsSetValue (Address: 0x79579128)
- UnhandledExceptionFilter (Address: 0x79579094)
- UnmapViewOfFile (Address: 0x7957905c)
- WaitForDebugEvent (Address: 0x7957922c)
- WaitForSingleObject (Address: 0x79579038)
- WaitForSingleObjectEx (Address: 0x795790f0)
- WerRegisterMemoryBlock (Address: 0x79579070)
- WideCharToMultiByte (Address: 0x795791b4)
- WriteFile (Address: 0x79579210)
- WriteProcessMemory (Address: 0x79579234)
MPR.dll
- WNetGetConnectionW (Address: 0x7957923c)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x79579438)
- _amsg_exit (Address: 0x795794a4)
- _CxxThrowException (Address: 0x79579430)
- _except_handler4_common (Address: 0x795794bc)
- _initterm (Address: 0x795794b0)
- _scwprintf (Address: 0x7957946c)
- _stricmp (Address: 0x7957944c)
- _vscprintf (Address: 0x79579498)
- _vscwprintf (Address: 0x79579440)
- _vsnprintf (Address: 0x79579448)
- _vsnwprintf (Address: 0x79579444)
- _wcsicmp (Address: 0x7957943c)
- _wcslwr (Address: 0x79579490)
- _wcsnicmp (Address: 0x79579468)
- _XcptFilter (Address: 0x795794a0)
- ??1type_info@@UAE@XZ (Address: 0x795794b8)
- ?terminate@@YAXXZ (Address: 0x795794b4)
- atol (Address: 0x79579450)
- free (Address: 0x795794a8)
- iswctype (Address: 0x79579478)
- iswspace (Address: 0x7957949c)
- malloc (Address: 0x795794ac)
- memcmp (Address: 0x7957942c)
- memcpy (Address: 0x79579428)
- memmove (Address: 0x79579434)
- memset (Address: 0x795794c0)
- sprintf_s (Address: 0x79579458)
- sscanf_s (Address: 0x79579460)
- strstr (Address: 0x79579454)
- towlower (Address: 0x7957947c)
- vsprintf_s (Address: 0x7957945c)
- wcscat_s (Address: 0x79579484)
- wcschr (Address: 0x79579488)
- wcscpy_s (Address: 0x79579480)
- wcsncmp (Address: 0x79579464)
- wcspbrk (Address: 0x7957948c)
- wcsrchr (Address: 0x79579470)
- wcsspn (Address: 0x79579474)
- wcsstr (Address: 0x79579494)
ntdll.dll
- LdrAccessResource (Address: 0x79579514)
- NtClose (Address: 0x795794e4)
- NtOpenFile (Address: 0x7957950c)
- NtOpenKey (Address: 0x79579540)
- NtQueryInformationProcess (Address: 0x795794f4)
- NtQueryInformationToken (Address: 0x79579524)
- NtQueryKey (Address: 0x795794d0)
- NtQueryObject (Address: 0x79579510)
- NtQuerySecurityObject (Address: 0x7957956c)
- NtQuerySystemInformation (Address: 0x79579518)
- NtQueryValueKey (Address: 0x79579544)
- NtTerminateProcess (Address: 0x795794ec)
- RtlAllocateHeap (Address: 0x795794c8)
- RtlAppendUnicodeToString (Address: 0x79579550)
- RtlCaptureContext (Address: 0x79579504)
- RtlCaptureStackBackTrace (Address: 0x79579500)
- RtlCreateServiceSid (Address: 0x79579560)
- RtlCreateUnicodeStringFromAsciiz (Address: 0x7957952c)
- RtlDosPathNameToNtPathName_U (Address: 0x79579568)
- RtlEqualSid (Address: 0x7957954c)
- RtlEqualUnicodeString (Address: 0x795794dc)
- RtlFormatCurrentUserKeyPath (Address: 0x79579554)
- RtlFreeHeap (Address: 0x795794cc)
- RtlFreeUnicodeString (Address: 0x79579530)
- RtlGetLastNtStatus (Address: 0x79579558)
- RtlGetNtSystemRoot (Address: 0x79579564)
- RtlGetOwnerSecurityDescriptor (Address: 0x79579548)
- RtlImageNtHeader (Address: 0x795794e0)
- RtlInitializeSid (Address: 0x79579520)
- RtlInitUnicodeString (Address: 0x795794d8)
- RtlLengthRequiredSid (Address: 0x7957951c)
- RtlMultiByteToUnicodeN (Address: 0x79579534)
- RtlNtStatusToDosError (Address: 0x795794d4)
- RtlRaiseException (Address: 0x795794f0)
- RtlReportException (Address: 0x795794e8)
- RtlSetLastWin32ErrorAndNtStatusFromNtStatus (Address: 0x7957955c)
- RtlSubAuthoritySid (Address: 0x79579528)
- RtlUnicodeToMultiByteN (Address: 0x7957953c)
- RtlUnicodeToMultiByteSize (Address: 0x79579538)
- RtlUniform (Address: 0x795794f8)
- RtlValidateHeap (Address: 0x795794fc)
- WinSqmAddToStream (Address: 0x79579508)
OLEAUT32.dll
- SysReAllocString (Address: 0x79579244)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x79579254)
- NdrAsyncClientCall (Address: 0x79579270)
- RpcAsyncCancelCall (Address: 0x79579264)
- RpcAsyncCompleteCall (Address: 0x79579258)
- RpcAsyncInitializeHandle (Address: 0x7957925c)
- RpcBindingFree (Address: 0x79579268)
- RpcBindingFromStringBindingW (Address: 0x7957924c)
- RpcBindingSetAuthInfoExW (Address: 0x7957926c)
- RpcStringBindingComposeW (Address: 0x79579250)
- RpcStringFreeW (Address: 0x79579260)
SETUPAPI.dll
- PnpIsFilePnpDriver (Address: 0x79579278)
sfc.dll
- SfcIsFileProtected (Address: 0x79579574)
- SfcIsKeyProtected (Address: 0x79579578)
SHELL32.dll
- ShellExecuteExW (Address: 0x79579280)
- SHGetFolderPathA (Address: 0x79579288)
- SHGetFolderPathW (Address: 0x79579284)
SHLWAPI.dll
- (Address: 0x7957929c)
- (Address: 0x795792a0)
- (Address: 0x795792a4)
- (Address: 0x795792c0)
- (Address: 0x795792c8)
- IntlStrEqWorkerA (Address: 0x795792f4)
- IntlStrEqWorkerW (Address: 0x795792f8)
- PathFindFileNameW (Address: 0x795792fc)
- StrChrA (Address: 0x79579290)
- StrChrIA (Address: 0x795792d4)
- StrChrIW (Address: 0x795792d8)
- StrChrW (Address: 0x795792b4)
- StrCmpNA (Address: 0x79579298)
- StrCmpNIA (Address: 0x7957930c)
- StrCmpNIW (Address: 0x79579300)
- StrCmpNW (Address: 0x795792bc)
- StrCSpnA (Address: 0x795792ac)
- StrCSpnIA (Address: 0x795792ec)
- StrCSpnIW (Address: 0x795792f0)
- StrCSpnW (Address: 0x795792cc)
- StrRChrA (Address: 0x79579294)
- StrRChrIA (Address: 0x795792dc)
- StrRChrIW (Address: 0x795792e0)
- StrRChrW (Address: 0x795792b8)
- StrRetToBufW (Address: 0x79579304)
- StrRStrIA (Address: 0x795792e4)
- StrRStrIW (Address: 0x795792e8)
- StrStrA (Address: 0x79579308)
- StrStrIA (Address: 0x795792a8)
- StrStrIW (Address: 0x79579310)
- StrStrW (Address: 0x795792c4)
- StrToIntA (Address: 0x795792b0)
- StrToIntW (Address: 0x795792d0)
USER32.dll
- AllowSetForegroundWindow (Address: 0x79579318)
- BeginPaint (Address: 0x79579364)
- ChangeDisplaySettingsA (Address: 0x79579378)
- CharUpperW (Address: 0x79579320)
- CreateWindowExW (Address: 0x7957934c)
- DefWindowProcW (Address: 0x79579368)
- DestroyWindow (Address: 0x7957933c)
- DispatchMessageW (Address: 0x79579340)
- EnableWindow (Address: 0x79579398)
- EndPaint (Address: 0x79579360)
- EnumDisplaySettingsA (Address: 0x7957937c)
- EnumDisplaySettingsW (Address: 0x79579324)
- GetAncestor (Address: 0x79579330)
- GetCapture (Address: 0x79579328)
- GetClassInfoExW (Address: 0x79579358)
- GetDesktopWindow (Address: 0x79579388)
- GetGUIThreadInfo (Address: 0x79579384)
- GetMessageW (Address: 0x79579348)
- GetMonitorInfoW (Address: 0x7957938c)
- GetSystemMetrics (Address: 0x7957936c)
- GetWindowThreadProcessId (Address: 0x79579380)
- InvalidateRect (Address: 0x79579338)
- KillTimer (Address: 0x7957935c)
- LoadCursorW (Address: 0x79579354)
- MsgWaitForMultipleObjects (Address: 0x7957931c)
- PeekMessageW (Address: 0x79579390)
- PostQuitMessage (Address: 0x79579370)
- RegisterClassExW (Address: 0x79579350)
- ScreenToClient (Address: 0x7957932c)
- SetCursor (Address: 0x79579394)
- SetLayeredWindowAttributes (Address: 0x7957939c)
- SetWindowPos (Address: 0x79579374)
- TranslateMessage (Address: 0x79579344)
- WindowFromPoint (Address: 0x79579334)
WINSPOOL.DRV
- (Address: 0x795793a4)