CaptureService.dll

Description: Microsoft Windows Capture User Service

Version: 10.0.19041.4355

Architecture: 64-bit

Operating System: Windows NT

SHA256: f0359bc3b4ecf1400d150f889cc8625b

File Size: 127.5 KB

Uploaded At: Dec. 1, 2025, 7:23 a.m.

Views: 19

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

ServiceMain (Ordinal: 1, Address: 0x117f0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CoAddRefServerProcess (Address: 0x180018398)
CoCreateFreeThreadedMarshaler (Address: 0x1800183b0)
CoCreateInstance (Address: 0x1800183d0)
CoDecrementMTAUsage (Address: 0x1800183e0)
CoDisconnectContext (Address: 0x1800183c8)
CoGetCallContext (Address: 0x1800183f0)
CoGetInterfaceAndReleaseStream (Address: 0x1800183b8)
CoGetObjectContext (Address: 0x1800183a8)
CoInitializeSecurity (Address: 0x1800183f8)
CoMarshalInterface (Address: 0x180018418)
CoRegisterClassObject (Address: 0x1800183c0)
CoReleaseMarshalData (Address: 0x1800183e8)
CoReleaseServerProcess (Address: 0x1800183a0)
CoResumeClassObjects (Address: 0x1800183d8)
CoRevokeClassObject (Address: 0x180018400)
CoTaskMemAlloc (Address: 0x180018390)
CoWaitForMultipleHandles (Address: 0x180018410)
CreateStreamOnHGlobal (Address: 0x180018408)

api-ms-win-core-com-l1-1-1.dll

RoGetAgileReference (Address: 0x180018428)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x180018438)
IsDebuggerPresent (Address: 0x180018440)
OutputDebugStringW (Address: 0x180018448)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x180018458)
RaiseException (Address: 0x180018468)
SetLastError (Address: 0x180018460)
SetUnhandledExceptionFilter (Address: 0x180018470)
UnhandledExceptionFilter (Address: 0x180018478)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x180018490)
DuplicateHandle (Address: 0x180018488)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x1800184b0)
HeapAlloc (Address: 0x1800184a0)
HeapFree (Address: 0x1800184a8)

api-ms-win-core-heap-l2-1-0.dll

LocalAlloc (Address: 0x1800184c0)
LocalFree (Address: 0x1800184c8)

api-ms-win-core-interlocked-l1-1-0.dll

InitializeSListHead (Address: 0x1800184d8)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x1800184e8)
GetModuleFileNameA (Address: 0x180018508)
GetModuleHandleExW (Address: 0x180018500)
GetModuleHandleW (Address: 0x1800184f8)
GetProcAddress (Address: 0x1800184f0)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x180018518)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x180018528)
GetCurrentProcessId (Address: 0x180018540)
GetCurrentThreadId (Address: 0x180018530)
GetProcessId (Address: 0x180018548)
OpenProcessToken (Address: 0x180018538)
TerminateProcess (Address: 0x180018550)

api-ms-win-core-processthreads-l1-1-1.dll

IsProcessorFeaturePresent (Address: 0x180018568)
OpenProcess (Address: 0x180018560)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x180018578)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x1800185a8)
RegEnumKeyExW (Address: 0x1800185a0)
RegGetValueW (Address: 0x180018598)
RegOpenKeyExW (Address: 0x180018590)
RegQueryInfoKeyW (Address: 0x180018588)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x1800185c0)
RtlLookupFunctionEntry (Address: 0x1800185c8)
RtlVirtualUnwind (Address: 0x1800185b8)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x180018630)
AcquireSRWLockShared (Address: 0x180018608)
CreateEventExW (Address: 0x180018610)
CreateEventW (Address: 0x1800185f8)
CreateMutexExW (Address: 0x180018620)
CreateSemaphoreExW (Address: 0x1800185e0)
OpenSemaphoreW (Address: 0x1800185d8)
ReleaseMutex (Address: 0x180018640)
ReleaseSemaphore (Address: 0x1800185e8)
ReleaseSRWLockExclusive (Address: 0x180018638)
ReleaseSRWLockShared (Address: 0x180018618)
SetEvent (Address: 0x180018600)
WaitForSingleObject (Address: 0x1800185f0)
WaitForSingleObjectEx (Address: 0x180018628)

api-ms-win-core-synch-l1-2-0.dll

InitOnceBeginInitialize (Address: 0x180018660)
InitOnceComplete (Address: 0x180018650)
InitOnceExecuteOnce (Address: 0x180018658)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime (Address: 0x180018670)

api-ms-win-core-util-l1-1-0.dll

DecodePointer (Address: 0x180018680)
EncodePointer (Address: 0x180018688)

api-ms-win-core-winrt-error-l1-1-0.dll

GetRestrictedErrorInfo (Address: 0x1800186b0)
RoOriginateError (Address: 0x1800186a0)
RoOriginateErrorW (Address: 0x1800186a8)
RoTransformError (Address: 0x180018698)
SetRestrictedErrorInfo (Address: 0x1800186b8)

api-ms-win-core-winrt-error-l1-1-1.dll

IsErrorPropagationEnabled (Address: 0x1800186c8)
RoGetMatchingRestrictedErrorInfo (Address: 0x1800186d0)
RoReportFailedDelegate (Address: 0x1800186d8)

api-ms-win-core-winrt-l1-1-0.dll

RoGetActivationFactory (Address: 0x180018700)
RoInitialize (Address: 0x180018708)
RoRegisterActivationFactories (Address: 0x1800186e8)
RoRevokeActivationFactories (Address: 0x1800186f8)
RoUninitialize (Address: 0x1800186f0)

api-ms-win-core-winrt-string-l1-1-0.dll

WindowsCreateString (Address: 0x180018738)
WindowsCreateStringReference (Address: 0x180018740)
WindowsDeleteString (Address: 0x180018720)
WindowsGetStringRawBuffer (Address: 0x180018718)
WindowsIsStringEmpty (Address: 0x180018728)
WindowsStringHasEmbeddedNull (Address: 0x180018730)

api-ms-win-crt-private-l1-1-0.dll

__C_specific_handler (Address: 0x1800187c8)
__CxxFrameHandler3 (Address: 0x1800187d0)
__CxxFrameHandler4 (Address: 0x180018828)
__std_terminate (Address: 0x180018820)
_CxxThrowException (Address: 0x1800187e0)
_o___std_exception_copy (Address: 0x180018808)
_o___std_exception_destroy (Address: 0x180018800)
_o___std_type_info_destroy_list (Address: 0x1800187f8)
_o___stdio_common_vsnprintf_s (Address: 0x1800187f0)
_o___stdio_common_vswprintf (Address: 0x180018798)
_o__callnewh (Address: 0x1800187e8)
_o__cexit (Address: 0x1800187d8)
_o__configure_narrow_argv (Address: 0x180018810)
_o__crt_atexit (Address: 0x180018818)
_o__errno (Address: 0x180018750)
_o__execute_onexit_table (Address: 0x180018758)
_o__initialize_narrow_environment (Address: 0x180018760)
_o__initialize_onexit_table (Address: 0x180018768)
_o__invalid_parameter_noinfo (Address: 0x180018770)
_o__invalid_parameter_noinfo_noreturn (Address: 0x180018778)
_o__purecall (Address: 0x180018780)
_o__register_onexit_function (Address: 0x180018788)
_o__seh_filter_dll (Address: 0x180018790)
_o_ceil (Address: 0x1800187a8)
_o_free (Address: 0x1800187b0)
_o_malloc (Address: 0x1800187b8)
_o_terminate (Address: 0x1800187c0)
memcpy (Address: 0x180018830)
memmove (Address: 0x1800187a0)

api-ms-win-crt-runtime-l1-1-0.dll

_initterm (Address: 0x180018848)
_initterm_e (Address: 0x180018840)

api-ms-win-crt-string-l1-1-0.dll

memset (Address: 0x180018858)

api-ms-win-eventing-provider-l1-1-0.dll

EventActivityIdControl (Address: 0x180018880)
EventRegister (Address: 0x180018878)
EventSetInformation (Address: 0x180018870)
EventUnregister (Address: 0x180018868)
EventWriteTransfer (Address: 0x180018888)

api-ms-win-security-base-l1-1-0.dll

GetSidSubAuthority (Address: 0x1800188b0)
GetSidSubAuthorityCount (Address: 0x1800188a8)
GetTokenInformation (Address: 0x180018898)
MakeAbsoluteSD (Address: 0x1800188a0)

api-ms-win-security-sddl-l1-1-0.dll

ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800188c0)

api-ms-win-service-core-l1-1-0.dll

RegisterServiceCtrlHandlerExW (Address: 0x1800188d0)
SetServiceStatus (Address: 0x1800188d8)

api-ms-win-shcore-taskpool-l1-1-0.dll

SHTaskPoolAllowThreadReuse (Address: 0x1800188e8)
SHTaskPoolQueueTask (Address: 0x1800188f0)

combase.dll

(Address: 0x180018900)
(Address: 0x180018908)
(Address: 0x180018910)
(Address: 0x180018918)

dcomp.dll

DCompositionCreateDevice (Address: 0x180018928)

msvcp_win.dll

?_Xbad_function_call@std@@YAXXZ (Address: 0x180018940)
?_Xlength_error@std@@YAXPEBD@Z (Address: 0x180018938)

policymanager.dll

PolicyManager_GetPolicyInt (Address: 0x180018950)