dpapisrv.dll

Description: DPAPI Server

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 8685256613005e68d38ba32d7c89eacd

File Size: 266.5 KB

Uploaded At: Dec. 1, 2025, 7:26 a.m.

Views: 9

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

InitializeLsaExtension (Ordinal: 1, Address: 0xdfe0)
QueryLsaInterface (Ordinal: 2, Address: 0xe6a0)

Imported DLLs & Functions

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x1800347b8)
IsDebuggerPresent (Address: 0x1800347c0)
OutputDebugStringW (Address: 0x1800347b0)

api-ms-win-core-delayload-l1-1-0.dll

DelayLoadFailureHook (Address: 0x1800347d0)

api-ms-win-core-delayload-l1-1-1.dll

ResolveDelayLoadedAPI (Address: 0x1800347e0)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x180034808)
SetLastError (Address: 0x1800347f8)
SetUnhandledExceptionFilter (Address: 0x180034800)
UnhandledExceptionFilter (Address: 0x1800347f0)

api-ms-win-core-file-l1-1-0.dll

CompareFileTime (Address: 0x180034860)
CreateFileW (Address: 0x180034848)
DeleteFileW (Address: 0x180034858)
FindClose (Address: 0x180034840)
FindFirstFileW (Address: 0x180034818)
FindNextFileW (Address: 0x180034838)
FlushFileBuffers (Address: 0x180034868)
GetFileSize (Address: 0x180034820)
ReadFile (Address: 0x180034850)
SetEndOfFile (Address: 0x180034828)
SetFilePointer (Address: 0x180034870)
WriteFile (Address: 0x180034830)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x180034888)
DuplicateHandle (Address: 0x180034880)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x180034898)
HeapAlloc (Address: 0x1800348a0)
HeapFree (Address: 0x1800348a8)

api-ms-win-core-heap-l2-1-0.dll

LocalAlloc (Address: 0x1800348b8)
LocalFree (Address: 0x1800348c0)
LocalReAlloc (Address: 0x1800348c8)

api-ms-win-core-heap-obsolete-l1-1-0.dll

LocalSize (Address: 0x1800348d8)

api-ms-win-core-interlocked-l1-1-0.dll

InitializeSListHead (Address: 0x1800348e8)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x180034918)
GetModuleFileNameA (Address: 0x180034908)
GetModuleFileNameW (Address: 0x180034910)
GetModuleHandleExW (Address: 0x180034920)
GetModuleHandleW (Address: 0x1800348f8)
GetProcAddress (Address: 0x180034900)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x180034930)

api-ms-win-core-memory-l1-1-0.dll

CreateFileMappingW (Address: 0x180034940)
MapViewOfFile (Address: 0x180034948)
UnmapViewOfFile (Address: 0x180034950)
VirtualQuery (Address: 0x180034958)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x180034988)
GetCurrentProcessId (Address: 0x180034980)
GetCurrentThread (Address: 0x180034970)
GetCurrentThreadId (Address: 0x180034978)
OpenProcessToken (Address: 0x180034990)
OpenThreadToken (Address: 0x180034998)
SetThreadToken (Address: 0x180034968)
TerminateProcess (Address: 0x1800349a0)

api-ms-win-core-processthreads-l1-1-1.dll

IsProcessorFeaturePresent (Address: 0x1800349b0)
OpenProcess (Address: 0x1800349b8)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x1800349c8)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x180034a10)
RegCreateKeyExW (Address: 0x180034a00)
RegLoadKeyW (Address: 0x1800349f0)
RegNotifyChangeKeyValue (Address: 0x1800349f8)
RegOpenKeyExW (Address: 0x1800349e0)
RegQueryValueExW (Address: 0x180034a08)
RegSetValueExW (Address: 0x1800349d8)
RegUnLoadKeyW (Address: 0x1800349e8)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x180034a30)
RtlLookupFunctionEntry (Address: 0x180034a28)
RtlVirtualUnwind (Address: 0x180034a20)

api-ms-win-core-string-l1-1-0.dll

CompareStringOrdinal (Address: 0x180034a48)
CompareStringW (Address: 0x180034a40)

api-ms-win-core-string-obsolete-l1-1-0.dll

lstrlenW (Address: 0x180034a58)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x180034b10)
AcquireSRWLockShared (Address: 0x180034a98)
CreateEventW (Address: 0x180034ac0)
CreateMutexExW (Address: 0x180034aa8)
CreateMutexW (Address: 0x180034a70)
CreateSemaphoreExW (Address: 0x180034ae0)
DeleteCriticalSection (Address: 0x180034a90)
EnterCriticalSection (Address: 0x180034ac8)
InitializeCriticalSection (Address: 0x180034b18)
InitializeCriticalSectionEx (Address: 0x180034a78)
InitializeSRWLock (Address: 0x180034ae8)
LeaveCriticalSection (Address: 0x180034a88)
OpenEventW (Address: 0x180034ab8)
OpenMutexW (Address: 0x180034a80)
OpenSemaphoreW (Address: 0x180034af0)
ReleaseMutex (Address: 0x180034aa0)
ReleaseSemaphore (Address: 0x180034ab0)
ReleaseSRWLockExclusive (Address: 0x180034b00)
ReleaseSRWLockShared (Address: 0x180034ad8)
SetEvent (Address: 0x180034ad0)
TryAcquireSRWLockExclusive (Address: 0x180034af8)
WaitForSingleObject (Address: 0x180034a68)
WaitForSingleObjectEx (Address: 0x180034b08)

api-ms-win-core-synch-l1-2-0.dll

InitOnceExecuteOnce (Address: 0x180034b30)
Sleep (Address: 0x180034b28)

api-ms-win-core-sysinfo-l1-1-0.dll

GetComputerNameExW (Address: 0x180034b50)
GetSystemDirectoryW (Address: 0x180034b58)
GetSystemTime (Address: 0x180034b48)
GetSystemTimeAsFileTime (Address: 0x180034b40)
GetTickCount (Address: 0x180034b60)

api-ms-win-core-threadpool-l1-2-0.dll

CloseThreadpoolTimer (Address: 0x180034b78)
CloseThreadpoolWork (Address: 0x180034b80)
CreateThreadpoolTimer (Address: 0x180034b98)
CreateThreadpoolWork (Address: 0x180034b90)
SetThreadpoolTimer (Address: 0x180034b70)
SubmitThreadpoolWork (Address: 0x180034ba0)
WaitForThreadpoolTimerCallbacks (Address: 0x180034b88)

api-ms-win-core-threadpool-legacy-l1-1-0.dll

QueueUserWorkItem (Address: 0x180034bb0)

api-ms-win-core-timezone-l1-1-0.dll

SystemTimeToFileTime (Address: 0x180034bc0)

api-ms-win-crt-private-l1-1-0.dll

__C_specific_handler (Address: 0x180034c50)
__CxxFrameHandler4 (Address: 0x180034c60)
__std_terminate (Address: 0x180034c58)
_CxxThrowException (Address: 0x180034c88)
_o___std_exception_copy (Address: 0x180034c90)
_o___std_exception_destroy (Address: 0x180034c80)
_o___std_type_info_destroy_list (Address: 0x180034c78)
_o___stdio_common_vsnprintf_s (Address: 0x180034c70)
_o___stdio_common_vswprintf (Address: 0x180034c68)
_o__cexit (Address: 0x180034c48)
_o__configure_narrow_argv (Address: 0x180034c40)
_o__crt_atexit (Address: 0x180034c38)
_o__errno (Address: 0x180034c30)
_o__execute_onexit_table (Address: 0x180034c28)
_o__initialize_narrow_environment (Address: 0x180034bd0)
_o__initialize_onexit_table (Address: 0x180034bd8)
_o__invalid_parameter_noinfo (Address: 0x180034be0)
_o__purecall (Address: 0x180034be8)
_o__register_onexit_function (Address: 0x180034bf0)
_o__seh_filter_dll (Address: 0x180034bf8)
_o__wcsicmp (Address: 0x180034c08)
_o_wcscat_s (Address: 0x180034c10)
_o_wcscpy_s (Address: 0x180034c18)
_o_wcsncat_s (Address: 0x180034c20)
memcmp (Address: 0x180034c98)
memcpy (Address: 0x180034ca0)
memmove (Address: 0x180034c00)

api-ms-win-crt-runtime-l1-1-0.dll

_initterm (Address: 0x180034cb8)
_initterm_e (Address: 0x180034cb0)

api-ms-win-crt-string-l1-1-0.dll

memset (Address: 0x180034cc8)

api-ms-win-eventing-provider-l1-1-0.dll

EventRegister (Address: 0x180034cf0)
EventSetInformation (Address: 0x180034ce8)
EventUnregister (Address: 0x180034cd8)
EventWriteTransfer (Address: 0x180034ce0)

api-ms-win-security-base-l1-1-0.dll

AdjustTokenPrivileges (Address: 0x180034d00)
AllocateAndInitializeSid (Address: 0x180034d08)
AllocateLocallyUniqueId (Address: 0x180034d80)
CheckTokenMembership (Address: 0x180034d78)
CopySid (Address: 0x180034d58)
CreateWellKnownSid (Address: 0x180034d48)
DuplicateToken (Address: 0x180034d88)
DuplicateTokenEx (Address: 0x180034d20)
EqualSid (Address: 0x180034d40)
FreeSid (Address: 0x180034d38)
GetLengthSid (Address: 0x180034d18)
GetSidSubAuthorityCount (Address: 0x180034d30)
GetTokenInformation (Address: 0x180034d28)
ImpersonateLoggedOnUser (Address: 0x180034d68)
ImpersonateSelf (Address: 0x180034d10)
IsValidSid (Address: 0x180034d70)
RevertToSelf (Address: 0x180034d60)
SetTokenInformation (Address: 0x180034d50)

bcrypt.dll

BCryptCloseAlgorithmProvider (Address: 0x180034dd8)
BCryptCreateHash (Address: 0x180034de8)
BCryptDecrypt (Address: 0x180034de0)
BCryptDeriveKeyCapi (Address: 0x180034df8)
BCryptDestroyHash (Address: 0x180034dc8)
BCryptDestroyKey (Address: 0x180034db0)
BCryptEncrypt (Address: 0x180034db8)
BCryptExportKey (Address: 0x180034e18)
BCryptFinalizeKeyPair (Address: 0x180034e08)
BCryptFinishHash (Address: 0x180034dc0)
BCryptGenerateKeyPair (Address: 0x180034e10)
BCryptGenerateSymmetricKey (Address: 0x180034d98)
BCryptGenRandom (Address: 0x180034da0)
BCryptGetProperty (Address: 0x180034da8)
BCryptHashData (Address: 0x180034dd0)
BCryptImportKeyPair (Address: 0x180034e00)
BCryptKeyDerivation (Address: 0x180034df0)
BCryptOpenAlgorithmProvider (Address: 0x180034e20)

CRYPTBASE.dll

SystemFunction040 (Address: 0x180034688)
SystemFunction041 (Address: 0x180034680)

LSASRV.dll

LsaIDeriveCredentialKey (Address: 0x1800346a0)
LsaILookupUserAccountType (Address: 0x180034698)

lsass.exe

LsaGetInterface (Address: 0x180034e30)

msvcp_win.dll

?_Xlength_error@std@@YAXPEBD@Z (Address: 0x180034e40)

ncrypt.dll

NCryptCreatePersistedKey (Address: 0x180034e60)
NCryptFinalizeKey (Address: 0x180034e58)
NCryptFreeObject (Address: 0x180034e70)
NCryptOpenStorageProvider (Address: 0x180034e50)
NCryptSetProperty (Address: 0x180034e68)

NTASN1.dll

(Address: 0x1800346b0)
(Address: 0x1800346b8)

ntdll.dll

EtwEventActivityIdControl (Address: 0x180034f18)
EtwEventRegister (Address: 0x180034f78)
EtwEventUnregister (Address: 0x180034ee0)
EtwEventWriteTransfer (Address: 0x180034f10)
EtwGetTraceEnableFlags (Address: 0x180034ed0)
EtwGetTraceEnableLevel (Address: 0x180034ec0)
EtwGetTraceLoggerHandle (Address: 0x180034ec8)
EtwRegisterTraceGuidsW (Address: 0x180034eb8)
EtwTraceMessage (Address: 0x180034f50)
EtwUnregisterTraceGuids (Address: 0x180034ed8)
NtClose (Address: 0x180034f70)
NtCreateEvent (Address: 0x180034e90)
NtCreateFile (Address: 0x180034eb0)
NtOpenEvent (Address: 0x180034e88)
NtOpenThreadToken (Address: 0x180034f68)
NtPrivilegeCheck (Address: 0x180034f60)
NtQueryInformationProcess (Address: 0x180034f08)
NtQueryInformationToken (Address: 0x180034f80)
RtlDeleteCriticalSection (Address: 0x180034ef8)
RtlDosPathNameToRelativeNtPathName_U (Address: 0x180034e98)
RtlEnterCriticalSection (Address: 0x180034ee8)
RtlEqualDomainName (Address: 0x180034f20)
RtlEqualSid (Address: 0x180034f88)
RtlFreeHeap (Address: 0x180034ea8)
RtlFreeUnicodeString (Address: 0x180034f30)
RtlGetCurrentServiceSessionId (Address: 0x180034f00)
RtlImageNtHeader (Address: 0x180034ef0)
RtlInitializeCriticalSection (Address: 0x180034f58)
RtlInitUnicodeString (Address: 0x180034f40)
RtlIsStateSeparationEnabled (Address: 0x180034f48)
RtlLeaveCriticalSection (Address: 0x180034e80)
RtlNtStatusToDosError (Address: 0x180034f28)
RtlReleaseRelativeName (Address: 0x180034ea0)
RtlUpcaseUnicodeString (Address: 0x180034f38)

RPCRT4.dll

NdrClientCall3 (Address: 0x180034788)
NdrServerCall2 (Address: 0x180034790)
NdrServerCallAll (Address: 0x180034798)
RpcBindingFree (Address: 0x180034728)
RpcBindingFromStringBindingW (Address: 0x180034758)
RpcBindingInqAuthClientW (Address: 0x1800346d0)
RpcBindingSetAuthInfoExW (Address: 0x180034748)
RpcBindingToStringBindingW (Address: 0x180034718)
RpcEpResolveBinding (Address: 0x180034730)
RpcImpersonateClient (Address: 0x180034778)
RpcNetworkIsProtseqValidW (Address: 0x180034740)
RpcRevertToSelf (Address: 0x1800346e8)
RpcRevertToSelfEx (Address: 0x180034780)
RpcServerInqCallAttributesW (Address: 0x1800346e0)
RpcServerInqDefaultPrincNameW (Address: 0x1800346c8)
RpcServerRegisterAuthInfoW (Address: 0x1800346f0)
RpcServerRegisterIf3 (Address: 0x180034708)
RpcServerRegisterIfEx (Address: 0x1800346d8)
RpcServerUnregisterIf (Address: 0x180034710)
RpcServerUnregisterIfEx (Address: 0x180034768)
RpcServerUseProtseqEpW (Address: 0x180034720)
RpcStringBindingComposeW (Address: 0x180034750)
RpcStringBindingParseW (Address: 0x180034770)
RpcStringFreeW (Address: 0x180034738)
UuidCompare (Address: 0x180034760)
UuidCreate (Address: 0x1800346f8)
UuidFromStringW (Address: 0x180034700)
UuidToStringW (Address: 0x1800347a0)