InprocLogger – InfoDLL

¿Para qué sirve la dll InprocLogger.dll?

In-proc Private Event Trace Logger

Dependencias de la dll InprocLogger.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\InprocLogger.dll

File Type: DLL

  Image has the following dependencies:

    msvcrt.dll
    ntdll.dll
    api-ms-win-core-libraryloader-l1-2-0.dll
    api-ms-win-core-synch-l1-1-0.dll
    api-ms-win-core-heap-l1-1-0.dll
    api-ms-win-core-errorhandling-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-0.dll
    api-ms-win-core-localization-l1-2-0.dll
    api-ms-win-core-debug-l1-1-0.dll
    api-ms-win-core-handle-l1-1-0.dll
    api-ms-win-core-sysinfo-l1-1-0.dll
    api-ms-win-core-threadpool-l1-2-0.dll
    api-ms-win-eventing-provider-l1-1-0.dll
    api-ms-win-core-synch-l1-2-0.dll
    api-ms-win-core-registry-l1-1-0.dll
    api-ms-win-core-heap-l2-1-0.dll
    api-ms-win-eventing-controller-l1-1-0.dll
    api-ms-win-core-com-l1-1-0.dll
    api-ms-win-core-path-l1-1-0.dll
    api-ms-win-core-file-l2-1-0.dll
    api-ms-win-core-profile-l1-1-0.dll
    api-ms-win-core-libraryloader-l1-2-1.dll
    api-ms-win-core-windowserrorreporting-l1-1-0.dll
    api-ms-win-core-delayload-l1-1-1.dll
    api-ms-win-core-delayload-l1-1-0.dll

  Image has the following delay load dependencies:

    api-ms-win-shell-shdirectory-l1-1-0.dll
    profapi.dll

  Summary

        1000 .data
        1000 .didat
        1000 .pdata
        4000 .rdata
        1000 .reloc
        1000 .rsrc
        A000 .text

Funciones que tiene la dll InprocLogger.dll


1    0 00004420 EnableInProcTracingForProvider
2    1 00003EE0 FlushInProcTraceSession
3    2 00003C40 InitializeInProcLogger
4    3 00004290 InitializeInProcTraceFlushTrigger
5    4 000040E0 InitializeInProcTraceSession
6    5 000041E0 IsInProcTraceSessionStarted
7    6 00003C80 ShutdownInProcLogger
8    7 000042A0 ShutdownInProcTraceFlushTrigger
9    8 000040F0 ShutdownInProcTraceSession
10    9 00003DF0 StartInProcTraceSession
11    A 00003FF0 StopInProcTraceSession

Información avanzada sobre funciones que tiene la dll InprocLogger.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\InprocLogger.dll

File Type: DLL

  Section contains the following exports for InprocLogger.dll

    00000000 characteristics
    CC5D63F5 time date stamp
        0.00 version
           1 ordinal base
          11 number of functions
          11 number of names

    ordinal hint RVA      name

          1    0 00004420 EnableInProcTracingForProvider
          2    1 00003EE0 FlushInProcTraceSession
          3    2 00003C40 InitializeInProcLogger
          4    3 00004290 InitializeInProcTraceFlushTrigger
          5    4 000040E0 InitializeInProcTraceSession
          6    5 000041E0 IsInProcTraceSessionStarted
          7    6 00003C80 ShutdownInProcLogger
          8    7 000042A0 ShutdownInProcTraceFlushTrigger
          9    8 000040F0 ShutdownInProcTraceSession
         10    9 00003DF0 StartInProcTraceSession
         11    A 00003FF0 StopInProcTraceSession

  Summary

        1000 .data
        1000 .didat
        1000 .pdata
        4000 .rdata
        1000 .reloc
        1000 .rsrc
        A000 .text

Integridad de la dll InprocLogger.dll



Algorithm       Hash                                                                   Path                                         
---------       ----                                                                   ----                                         
SHA256          66C943D10800309F31DF5EFD1C7D9DBD87A64DF3CC3FA343B67AC817DB1BF082       C:\Windows\System32\InprocLogger.dll

Detalles sobre el fichero dll InprocLogger.dll




PSPath            : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\InprocLogger.dll
PSParentPath      : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName       : InprocLogger.dll
PSDrive           : C
PSProvider        : Microsoft.PowerShell.Core\FileSystem
PSIsContainer     : False
Mode              : -a----
VersionInfo       : File:             C:\Windows\System32\InprocLogger.dll
                    InternalName:     InprocLogger
                    OriginalFilename: InprocLogger.dll
                    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
                    FileDescription:  In-proc Private Event Trace Logger
                    Product:          Microsoft® Windows® Operating System
                    ProductVersion:   10.0.19041.1
                    Debug:            False
                    Patched:          False
                    PreRelease:       False
                    PrivateBuild:     False
                    SpecialBuild:     False
                    Language:         Inglés (Estados Unidos)
                    
BaseName          : InprocLogger
Target            : {C:\Windows\WinSxS\amd64_microsoft-windows-mccs-inproclogger_31bf3856ad364e35_10.0.19041.1_none_181514e8473f1cc9
                    \InprocLogger.dll}
LinkType          : HardLink
Name              : InprocLogger.dll
Length            : 60928
DirectoryName     : C:\Windows\System32
Directory         : C:\Windows\System32
IsReadOnly        : False
Exists            : True
FullName          : C:\Windows\System32\InprocLogger.dll
Extension         : .dll
CreationTime      : 07/12/2019 15:57:17
CreationTimeUtc   : 07/12/2019 14:57:17
LastAccessTime    : 03/12/2020 11:26:02
LastAccessTimeUtc : 03/12/2020 10:26:02
LastWriteTime     : 06/12/2019 17:34:00
LastWriteTimeUtc  : 06/12/2019 16:34:00
Attributes        : Archive

Procesos que utilizan la dll InprocLogger.dll


svchost