AuditNativeSnapIn.dll

File Path: C:\Windows\SysWOW64\AuditNativeSnapIn.dll
Description: Audit Policy Group Policy Editor Extension

Hashes

Type	Hash
MD5	`2D16EA9876A4416759EF0F727F5C548D`
SHA1	`C5AAA76CB68B9FCFF16903439AA190B93A1B4729`
SHA256	`FFBB7096593439184A4DE3F6754828DFBF961305EE5D7703447789AE41E4C0F9`
SHA384	`ACFFEDB4AE677507599CACE063E4DF85F58ADB2C8B2C9CC46B6AEA871309BE17237BE126B87ACA9AC6FB841383EB0895`
SHA512	`1D54B804D08571D1E427D51097314986A87E9F717A9B92D1FB4EB449CEF80467F76A88293E46CDDA6F327CFDA4377D157192AA094077A0F603BBFA1469F71BB0`
SSDEEP	`3072:Nv6KYCZon9d7PxB3m10RgFz/4vB1Tn1m9d7PxB3m10RgFz/4vB1Tn1S:Nv6TwJLATn1VLATn1`
IMP	`EF154CC80FF982AEC2AE8B7880140833`
PESHA1	`10BE4E662CF417BF66788BB0F50D3AA53DF97337`
PE256	`9278AA0C233D6AEFA9D05217B867AE60F02CF99E5E3D04DF4A64BCC2665752FF`

DLL Exports:

Function Name	Ordinal	Type
`DllGetClassObject`	2	Exported Function
`DllCanUnloadNow`	1	Exported Function

Signature

Status: Signature verified.
Serial: 330000023241FB59996DCC4DFF000000000232
Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: auditgp.dll
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/68
VirusTotal Link: https://www.virustotal.com/gui/file/ffbb7096593439184a4de3f6754828dfbf961305ee5d7703447789ae41e4c0f9/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\AuditNativeSnapIn.dll	94
C:\Windows\system32\auditpolmsg.dll	60
C:\Windows\SysWOW64\auditpolmsg.dll	60

MIT License. Copyright (c) 2020-2021 Strontic.