AuditNativeSnapIn.dll

File Path: C:\Windows\system32\AuditNativeSnapIn.dll
Description: Audit Policy Group Policy Editor Extension

Hashes

Type	Hash
MD5	`18F5CAAE7CEFD006F9F35276ECEE4959`
SHA1	`66823A60770DD7FB37BB88343C1653717D6FE661`
SHA256	`AA41D177704D55FD22D1745809F75DFA598E60644D7BEA282ECFADFD0E97B654`
SHA384	`BBF1291C870F82491D4744807B651CF28429F8F2C08351C5C5A457BCE80294548ECCBF324455CB1F8C85C7DA9D55EF91`
SHA512	`F43CFF6999F02C75179747D1E905FE2EB9DF18AEAE01DF24780D3A34997B89549B912210BB46CDB4D18256E7FEAFF15CE3AE3F5E744804B7D27E14F134B4C2CF`
SSDEEP	`3072:6en9d7PxB3m10RgFz/4vB1Tn1m9d7PxB3m10RgFz/4vB1Tn1S:6fLATn1VLATn1`
IMP	`29B0CAEB33609E0D658CECE2B910C6C9`
PESHA1	`7188B916C46C41F6CE205B50D61F59E529A1341D`
PE256	`A66C0638D145A569FA1BAFAD8542AB10F6C1B09D4449B173F7B63420663C5957`

DLL Exports:

Function Name	Ordinal	Type
`DllGetClassObject`	2	Exported Function
`DllCanUnloadNow`	1	Exported Function

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: auditgp.dll.mui
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/72
VirusTotal Link: https://www.virustotal.com/gui/file/aa41d177704d55fd22d1745809f75dfa598e60644d7bea282ecfadfd0e97b654/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\auditpolmsg.dll	65
C:\Windows\SysWOW64\AuditNativeSnapIn.dll	94
C:\Windows\SysWOW64\auditpolmsg.dll	65

MIT License. Copyright (c) 2020-2021 Strontic.