!This program cannot be run in DOS mode.
wh|mw"
wRich#
`.rdata
@.data
.pdata
@.didat
@.reloc
@USVWATAUAVAWH
fD9,Au
A_A^A]A\_^[]
\$ UVWATAUAVAWH
D9l$0u
A_A^A]A\_^]
USVATAUAVI
D9l$lt
A^A]A\^[]
fE9$xu
l$PM9f
L$ VWH
UVWATAUAVAWH
A_A^A]A\_^]
[ UVWH
H9|$xt eH
@SUVWH
X UATAUAVAWH
@A_A^A]A\]
q0R^G'
H3E H3E
fD9,Au
D9l$HD
D9|$XuzA
thfD9;tbI
t$ UWAVH
I9@Hr.M
\$ VWAWH
AHL9A8s
ServiceMain
SvchostPushServiceGlobalsEx
SvchostPushServiceGlobals
WldpIsAllowedEntryPoint
api-ms-win-service-private-l1-1-3.dll
api-ms-win-service-winsvc-l1-1-0.dll
api-ms-win-service-core-l1-1-0.dll
api-ms-win-core-com-l1-1-0.dll
RPCRT4.dll
NoUrlMimeFilters
Calling_ExitProcess
CommandLine
SleepConditionVariableSRW_Failed
ServiceName
ErrorCode
UnloadingServiceDll
DllName
ActivateActCtxFailedInUnloadPath
ServiceName
ErrorCode
PushingGlobals
ServiceName
SvcLimitsEnable
PolicyName
Status
GetServiceMainFunctions_Failed
ServiceName
FailCode
ErrorCode
GetServiceDllFunction_Failed
DllName
FunctionName
FailCode
ErrorCode
LoadingServiceDll
DllName
ConfigCiSecurityPolicyCheck_Failed
DllName
FunctionName
FailCode
ErrorCode
AbortHostedService_Failed
ServiceName
FailCode
AbortHostedService
ServiceName
LowResourceCallback
serviceName
heapLimit
notifyService
ServiceHeapUsage
PartA_PrivTags
serviceName
aveHeapAlloc
maxHeapAlloc
currentHeapAlloc
singleServiceHost
ServiceHeapUsage
PartA_PrivTags
serviceName
aveHeapAlloc
maxHeapAlloc
currentHeapAlloc
singleServiceHost
Microsoft.Windows.SvchostTelemetryProvider
svchost.pdb
.text$lp01svchost.exe!20_pri7
.text$lp03svchost.exe!35_hybridboot
.text$mn
.text$mn$00
.text$zy
.text$zz
.rdata$brc
.rdata$00$brc
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.gfids
.giats
.rdata
.rdata$00
.rdata$voltmd
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zz
.rdata$zzzdbg
.xdata
.didat$2
.didat$3
.didat$4
.didat$6
.didat$7
.idata$2
.idata$3
.idata$4
.idata$6
.data$dk01$brc
.data$pr00
.bss$00
.bss$dk00
.bss$pr00
.bss$zz
.pdata
.didat$5
.rsrc$01
.rsrc$02
I_RegisterSvchostNotificationCallback
RegisterServiceCtrlHandlerW
SetServiceStatus
CLSIDFromString
RpcMgmtSetServerStackSize
I_RpcServerDisableExceptionFilter
StartServiceCtrlDispatcherW
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
I_RpcMapWin32Status
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcServerUnregisterIf
RpcServerRegisterIf
RpcMgmtWaitServerListen
RpcServerListen
RpcMgmtStopServerListening
_initterm_e
_initterm
api-ms-win-core-crt-l2-1-0.dll
__wgetmainargs
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-rtlsupport-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
_wcsicmp
qsort_s
api-ms-win-core-crt-l1-1-0.dll
EventRegister
EventSetInformation
EventWriteTransfer
GetLastError
GetProcAddress
GetProcessHeap
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LoadLibraryExW
MultiByteToWideChar
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ExpandEnvironmentStringsW
RegEnumKeyExW
CompareStringOrdinal
SetProcessMitigationPolicy
SetProtectedPolicy
HeapSetInformation
InitializeSRWLock
InitializeConditionVariable
DebugBreak
LCMapStringW
FreeLibrary
WakeAllConditionVariable
SetErrorMode
RegDisablePredefinedCacheEx
SetProcessAffinityUpdateMode
ExitProcess
GetCommandLineW
SleepConditionVariableSRW
HeapAlloc
HeapFree
RegGetValueW
WideCharToMultiByte
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
AddAccessAllowedAce
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
CloseHandle
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetTickCount64
ResolveDelayLoadedAPI
DelayLoadFailureHook
api-ms-win-eventing-provider-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-synch-l1-1-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-registry-l1-1-0.dll
api-ms-win-core-processenvironment-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
api-ms-win-core-processthreads-l1-1-2.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-debug-l1-1-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-security-base-l1-1-0.dll
api-ms-win-core-handle-l1-1-0.dll
api-ms-win-core-delayload-l1-1-1.dll
api-ms-win-core-delayload-l1-1-0.dll
bsearch_s
api-ms-win-crt-utility-l1-1-0.dll
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
RegisterWaitForSingleObjectEx
api-ms-win-core-sidebyside-l1-1-0.dll
api-ms-win-core-threadpool-private-l1-1-0.dll
RtlNtStatusToDosError
NtQuerySystemInformation
RtlRunOnceExecuteOnce
RtlValidSecurityDescriptor
RtlImageNtHeader
RtlSetProcessIsCritical
NtSetInformationProcess
RtlUnhandledExceptionFilter
EtwEventRegister
TpAllocWait
TpSetWait
RtlNtStatusToDosErrorNoTeb
TpReleaseWait
EtwEventEnabled
EtwEventWrite
RtlAllocateHeap
RtlFreeHeap
TpSetTimerEx
TpWaitForTimer
TpReleaseTimer
TpSetTimer
TpAllocTimer
RtlQueryHeapInformation
ntdll.dll
_vsnwprintf
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
api-ms-win-core-heap-l2-1-0.dll
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
memcpy
memset
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="5.1.0.0"
processorArchitecture="amd64"
name="Microsoft.Windows.Services.SvcHost"
type="win32"
<description>Host Process for Windows Services</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
IX+$]Q
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 20110
220127193119Z
230126193119Z0z1
Washington1
Redmond1
Microsoft Corporation1$0"
Microsoft Windows Publisher0
*T)u,^
I0G1-0+
$Microsoft Ireland Operations Limited1
230280+4690830
Chttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0
/C'yrx
]ObB4P
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
111019184142Z
261019185142Z0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 20110
i %(\6
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 2011
,VIhI3GKL11R69SuLoU2mX/B+sP0QIwmzEvRtdozvByk=0Z
http://www.microsoft.com/windows0
Lo}V2T
20220506222157.489Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:DD8C-E337-2FAE1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
211202190519Z
230228190519Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:DD8C-E337-2FAE1%0#
Microsoft Time-Stamp Service0
>e-f)2
i_>iQJ
8$i9cw
Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
210930182225Z
300930183225Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
3http://www.microsoft.com/pkiops/Docs/Repository.htm0
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
as.,k{n?,
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:DD8C-E337-2FAE1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20220507060424Z
20220508060424Z0w0=
L?bZmY-
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
|t?&Pp
ServiceMain
Parameters
System\CurrentControlSet\Services
ServiceDll
ServiceManifest
LegacyCOMBehavior
ServiceDllUnloadOnStop
Software\Microsoft\Windows NT\CurrentVersion\Svchost
COMAccessPermissionsSD
NoGuiAccess
COM_RoSettings
SystemCritical
DynamicCodePolicy
ImpersonationLevel
AuthenticationLevel
DefaultRpcStackSize
BinarySignaturePolicy
ExtensionPointsPolicy
COM_UnmarshalingPolicy
RpcExceptionFilterMode
RedirectionTrustPolicy
CoInitializeSecurityParam
CoInitializeSecurityAppID
AuthenticationCapabilities
CoInitializeSecurityAllowLowBox
CoInitializeSecurityAllowComCapability
CoInitializeSecurityAllowCrossContainer
CoInitializeSecurityAllowInteractiveUsers
Software\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\TraceProfile
EnableSvchostMitigationPolicy
SvchostHeapReportingThresholdInKB
System\CurrentControlSet\Control\SCMConfig
[%ws] [%ws]
WLDP.DLL
ext-ms-win-resourcemanager-limits-l1-1-0
DebugBreak
lpacServicesManagement
svchost
\PIPE\
ncacn_np
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Host Process for Windows Services
FileVersion
10.0.22621.1 (WinBuild.160101.0800)
InternalName
svchost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
svchost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.22621.1
VarFileInfo
Translation
"Microsoft Window