¿Para qué sirve la dll PayloadRestrictions.dll?
Payload Restrictions Mitigation ProviderDependencias de la dll PayloadRestrictions.dll
Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file C:\Windows\System32\PayloadRestrictions.dll
File Type: DLL
Image has the following dependencies:
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-private-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-rtlsupport-l1-1-0.dll
api-ms-win-core-interlocked-l1-1-0.dll
api-ms-win-core-debug-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
ntdll.dll
api-ms-win-eventing-provider-l1-1-0.dll
Summary
1D000 .data
3000 .detourc
1000 .detourd
2000 .mrdata
1000 .pdata
78000 .rdata
9000 .reloc
1000 .rsrc
4D000 .text
Funciones que tiene la dll PayloadRestrictions.dll
1 0 000388D0 MitLibInitialize
2 1 00038CD0 MitLibQueryMitigations
3 2 00038C80 MitLibUninitialize
Información avanzada sobre funciones que tiene la dll PayloadRestrictions.dll
Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file C:\Windows\System32\PayloadRestrictions.dll
File Type: DLL
Section contains the following exports for PAYLOADRESTRICTIONS.dll
00000000 characteristics
6E9DD03B time date stamp
0.00 version
1 ordinal base
3 number of functions
3 number of names
ordinal hint RVA name
1 0 000388D0 MitLibInitialize
2 1 00038CD0 MitLibQueryMitigations
3 2 00038C80 MitLibUninitialize
Summary
1D000 .data
3000 .detourc
1000 .detourd
2000 .mrdata
1000 .pdata
78000 .rdata
9000 .reloc
1000 .rsrc
4D000 .text
Integridad de la dll PayloadRestrictions.dll
Algorithm Hash Path
--------- ---- ----
SHA256 7BFB1DA601A979F7E9374EA6C0883257F41587D3F666843260FA2C460246B546 C:\Windows\System32\PayloadRestrictions.dll
Detalles sobre el fichero dll PayloadRestrictions.dll
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\PayloadRestrictions.dll
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName : PayloadRestrictions.dll
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
Mode : -a----
VersionInfo : File: C:\Windows\System32\PayloadRestrictions.dll
InternalName: PayloadRestrictions.dll
OriginalFilename: PayloadRestrictions.dll
FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
FileDescription: Payload Restrictions Mitigation Provider
Product: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.1
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language: Inglés (Estados Unidos)
BaseName : PayloadRestrictions
Target : {C:\Windows\WinSxS\amd64_microsoft-windows-v..payloadrestrictions_31bf3856ad364e35_10.0.19041.1_none_06c7ed6c782
964a5\PayloadRestrictions.dll}
LinkType : HardLink
Name : PayloadRestrictions.dll
Length : 973312
DirectoryName : C:\Windows\System32
Directory : C:\Windows\System32
IsReadOnly : False
Exists : True
FullName : C:\Windows\System32\PayloadRestrictions.dll
Extension : .dll
CreationTime : 07/12/2019 10:09:33
CreationTimeUtc : 07/12/2019 9:09:33
LastAccessTime : 03/12/2020 14:00:52
LastAccessTimeUtc : 03/12/2020 13:00:52
LastWriteTime : 07/12/2019 10:09:33
LastWriteTimeUtc : 07/12/2019 9:09:33
Attributes : Archive
Procesos que utilizan la dll PayloadRestrictions.dll