List of clean mutexes and mutants

List of clean mutexes and mutants
2023-3-12 08:3:36 Author: www.hexacorn.com(查看原文) 阅读量:23 收藏

A few years ago I released a list of ‘bad’ mutexes/mutants. That list was generated from my malware sandbox reports.

I thought that it may be good to revisit the idea, but this time with a focus on a ‘clean’ list.

What do I mean by that?

Windows native binaries reference many ‘clean’ mutexes and mutants. By looking for references to CreateMutex* and OpenMutex API invocations inside the native OS applications and DLLs we can build a list presented below.

I hope you will agree that amongst all the items presented, the x9pv45dxghk mutex looks the most suspicious, as if malware just hit your system, but … it’s actually not a bad guy! Also, some of these mutexes you will probably never see in your logs f.ex. anything RAS-related is kinda dead, because dialers are long gone (of course, RAS is a bit wider in scope, but you know what I mean). But then some of them may actually still be helpful in detecting interesting OS events f.ex. everything with a ‘RDP’ in name. There are also some eye-catching mutexes that may be worth further exploration, f.ex. Global\SignedDriversMutex is created before driverquery.exe runs a WQL query “select * from Win32_PnpSignedDriver where DeviceName != NULL“. Why that mutex is needed there? Hmm…

Let’s remember that mutexes often guard program’s important business logic. By understanding why these mutexes are created we may affect some of this logic and take over the program’s narrative. For example, the WerMgr.exe uses Global\WerMgrUploadingLock mutex to ensure only one instance of WerMgr.exe is uploading Windows Error Reports (for wemgr.exe options –upload and –uploadforce). It’s not very useful per se, but it makes the point.

Here’s the list I collected:

2F8FA37B-8158-476F-9B22-3283D2A6FEC2

Windows\System32\phoneactivate.exe

5615046C-3289-4BC3-A5C7-0E9B0FE4C2DA

Windows\System32\CourtesyEngine.dll

ACTIONDIALOG_MUTEX

Windows\System32\WindowsActionDialog.exe

AD8DA490-28A3-4dfd-96BA-37453388BAEF

Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll
Program Files\Windows Photo Viewer\PhotoAcq.dll

AMResourceMutex3

Windows\SysWOW64\quartz.dll
Windows\System32\quartz.dll

AccessibilitySoundAgentRunning

Windows\SysWOW64\PlaySndSrv.dll
Windows\SysWOW64\sethc.exe
Windows\System32\PlaySndSrv.dll
Windows\System32\sethc.exe

AppIDSvc\CertStore

Windows\System32\appidcertstorecheck.exe

AppIDSvc\PolicyMutex

Windows\System32\appidpolicyconverter.exe

AssignedAccessCspDataStore{2DB91A08-F99F-4E50-A831-6D917523A264}

Windows\System32\AssignedAccessCsp.dll

AuthHostAppContainerMutex.SSO

Windows\SysWOW64\AuthBroker.dll
Windows\System32\AuthBroker.dll

AutoTune

Windows\SysWOW64\psisdecd.dll
Windows\System32\psisdecd.dll

BDATIF_Mutex

Windows\SysWOW64\psisdecd.dll
Windows\System32\psisdecd.dll

BFFF9080-1DAE-43B1-96B6-738575D01524

Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll
Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
Program Files\Common Files\microsoft shared\ink\mshwLatin.dll
Windows\System32\msTextPrediction.dll

CB35EF5D-4591-41d9-BBA2-0363342F3783

Windows\System32\cscsvc.dll

CSM Policy Key Mutex

Windows\SysWOW64\SearchIndexer.exe
Windows\SysWOW64\srchadmin.dll
Windows\System32\SearchIndexer.exe
Windows\System32\srchadmin.dll

CWpcTridentWebFilter::Initialize

Windows\SysWOW64\WpcWebFilter.dll
Windows\System32\WpcWebFilter.dll

ClearTypeTunerWizardMutex

Windows\SysWOW64\cttune.exe
Windows\System32\cttune.exe

CloudNotifications

Windows\SysWOW64\CloudNotifications.exe
Windows\System32\CloudNotifications.exe

Connection Manager Phonebook Access

Windows\SysWOW64\cmdl32.exe
Windows\System32\cmdl32.exe

Connection Manager Profile Installer Mutex

Windows\SysWOW64\cmstp.exe
Windows\System32\cmstp.exe

CredPicker.Mutex_CAED75DD_5855_49C7_A2FD_4CC470A3575E

Windows\System32\Windows.Security.Credentials.UI.CredentialPicker.dll

DBWinMutex

Windows\SysWOW64\KernelBase.dll
Windows\System32\KernelBase.dll

DSKQUOTA_SIDCACHE_MUTEX

Windows\SysWOW64\dskquota.dll
Windows\System32\dskquota.dll

DirectMusiCPcClockMutex

Windows\SysWOW64\dmusic.dll
Windows\System32\dmusic.dll

DirectMusicMasterClockMutex

Windows\SysWOW64\dmusic.dll
Windows\System32\dmusic.dll

DiskSnapshot-Mutex

Windows\System32\DiskSnapshot.exe

DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}

Windows\System32\drvinst.exe
Windows\System32\pnppolicy.dll

EUPPSYNCLOCK

Windows\SysWOW64\msfeeds.dll
Windows\System32\msfeeds.dll

EduPrintProvSingleInstance

Windows\System32\EduPrintProv.exe

EnterpriseIDMutex-61982412-20ce-4a9a-b974-55c3ce44b9b0

Windows\SysWOW64\efswrt.dll
Windows\System32\efswrt.dll

FinishInstallOperation_mutex_{13f20490-1533-411a-9489-1a6da95d2b85}

Windows\SysWOW64\newdev.dll
Windows\System32\newdev.dll

FlightActionManagerConsolidateMutex

Windows\SysWOW64\FlightSettings.dll
Windows\System32\FlightSettings.dll

GeneratingSchemaGlobalMapping

Windows\SysWOW64\propsys.dll
Windows\System32\propsys.dll

Global\552FFA80-3393-423d-8671-7BA046BB5906

Windows\SysWOW64\sppc.dll
Windows\System32\sppc.dll
Windows\System32\sppsvc.exe

Global\AudioResourceAcquisitionMutex

Windows\System32\audioresourceregistrar.dll
Windows\System32\audiosrv.dll

Global\CDNDownloadMutex

Windows\SysWOW64\dmenrollengine.dll
Windows\System32\DeviceEnroller.exe

Global\ComPortNumberDatabaseMutexObject

Windows\SysWOW64\msports.dll
Windows\System32\msports.dll

Global\DFXLIB_STORE_MUTEX

Windows\SysWOW64\difxapi.dll
Windows\System32\difxapi.dll

Global\DVD_Region_Cntry_List_Mutex

Windows\SysWOW64\Storprop.dll

Global\DeclaredConfigurationMutex

Windows\SysWOW64\dmenrollengine.dll
Windows\System32\omadmclient.exe

Global\DeviceManagementContainerMutex

Windows\SysWOW64\dmcmnutils.dll
Windows\System32\dmcmnutils.dll

Global\F659A567-8ACB-4E4A-92A7-5C2DD1884F72

Windows\SysWOW64\RacEngn.dll
Windows\System32\RacEngn.dll

Global\FillWindowsUpdatePrinterCatalog

Windows\SysWOW64\ntprint.dll
Windows\System32\ntprint.dll

Global\FindNetPrinters{60E245A9-955D-421b-985C-A48F7CBF0476}

Windows\SysWOW64\findnetprinters.dll
Windows\System32\findnetprinters.dll

Global\Fve-AAD-Mutex

Windows\System32\fveskybackup.dll

Global\LicenseUI

Windows\System32\LicensingUI.exe

Global\Lpksetup-TempFolderToken

Windows\System32\lpksetup.exe

Global\MS ODBC PerfMon

Windows\SysWOW64\odbc32.dll
Windows\System32\odbc32.dll

Global\Microsoft.Windows.Setup.Box

Windows\System32\UpdateAgent.dll

Global\Microsoft.Windows.Setup.SetupCln

Windows\SysWOW64\setupcln.dll
Windows\System32\setupcln.dll

Global\Microsoft.Windows.WindowsColorSystem.CalibrationLoaderMutex

Windows\SysWOW64\mscms.dll
Windows\System32\mscms.dll

Global\NetSetupShimDriverInstallUninstall

Windows\SysWOW64\NetSetupShim.dll
Windows\System32\NetSetupShim.dll

Global\PolicyManagerMutex

Windows\System32\Win32AppSettingsProvider.dll

Global\RasMpDevices

Windows\SysWOW64\mprdim.dll
Windows\System32\mprdim.dll
Windows\System32\rasmans.dll
Windows\System32\sstpsvc.dll

Global\RasPbFile

Windows\SysWOW64\rasplap.dll
Windows\System32\rasapi32.dll
Windows\System32\rasdlg.dll
Windows\System32\rasgcw.dll
Windows\System32\rasmans.dll
Windows\System32\rasplap.dll

Global\RecentDocumentsUpdate

Windows\SysWOW64\windows.storage.dll

Global\SQMWindowsConsolidator

Windows\System32\wsqmcons.exe

Global\ServicePackOrHotfix

Program Files (x86)\Windows Media Player\setup_wm.exe
Program Files\Windows Media Player\setup_wm.exe

Global\SetupLog

Windows\SysWOW64\wimgapi.dll
Windows\System32\wimgapi.dll
Windows\System32\wimserv.exe

Global\SignedDriversMutex

Windows\SysWOW64\driverquery.exe
Windows\System32\driverquery.exe

Global\SpaceWorker_Mutex

Windows\System32\SpaceAgent.exe

Global\TPAC_DEBUG_FILE_ACCESS

Windows\System32\TPSvc.dll

Global\WAU running

Windows\SysWOW64\LicensingWinRT.dll
Windows\System32\LicensingWinRT.dll

Global\WDC.0AF0EEEF-BDEC-4D4C-AC72-6AF58B3EEE01

Windows\SysWOW64\wdc.dll
Windows\System32\wdc.dll

Global\WIATRACE_MUTEX

Windows\SysWOW64\sti.dll
Windows\SysWOW64\wiaaut.dll
Windows\System32\sti.dll
Windows\System32\sti_ci.dll
Windows\System32\wiaaut.dll
Windows\System32\wiarpc.dll
Windows\System32\wiaservc.dll

Global\WerKernelVerticalConvertingLiveDump

Windows\SysWOW64\WerFault.exe
Windows\System32\WerFault.exe

Global\WerKernelVerticalGeneratingDump

Windows\SysWOW64\WerFault.exe
Windows\System32\WerFault.exe

Global\WerKernelVerticalReporting

Windows\SysWOW64\WerFault.exe
Windows\System32\WerFault.exe

Global\WerMgrUploadingLock

Windows\SysWOW64\wermgr.exe
Windows\System32\wermgr.exe

Global\WinSATMutex

Windows\System32\WinSAT.exe

Global\Windows.User.OOBE

Windows\SysWOW64\explorer.exe
Windows\SysWOW64\twinui.dll
Windows\System32\twinui.dll

Global\lpksetup-init

Windows\System32\lpksetup.exe

Global\mbaeapi.mutex

Windows\SysWOW64\MbaeApi.dll
Windows\System32\MbaeApi.dll

Global\{5E5C36C0-5E7C-471f-84D7-110FDC1AFD0D}

Windows\SysWOW64\esent.dll
Windows\System32\esent.dll
Windows\System32\esentutl.exe

Global\{B817B57E-5013-4b35-BD74-24B3C225ED6E}

Windows\System32\dstokenclean.exe

IESettingSyncMutex

Windows\System32\IESettingSync.exe

KeyMgrMutex

Windows\SysWOW64\keymgr.dll
Windows\System32\keymgr.dll

LOCATIONNOTIFICATION_MUTEX

Windows\System32\LocationNotificationWindows.exe

Local\!BrowserEmulation!SharedMemory!Mutex

Windows\SysWOW64\urlmon.dll
Windows\System32\urlmon.dll

Local\BitLockerChangePinTaskDialogMutex

Windows\System32\bdechangepin.exe

Local\C9E8AF12-FA27-4748-EC04-38CA71239739_RegisterDevice

Windows\System32\DeviceDirectoryClient.dll

Local\Color CPL Startup Mutex

Windows\SysWOW64\colorui.dll
Windows\System32\colorui.dll

Local\CscUnpinSingletonProcess

Windows\System32\Microsoft.Uev.CscUnpinTool.exe

Local\DCCW Startup Mutex

Windows\SysWOW64\dccw.exe
Windows\System32\dccw.exe

Local\DDrawDriverObjectListMutex

Windows\SysWOW64\ddraw.dll

Local\DDrawWindowListMutex

Windows\SysWOW64\ddraw.dll

Local\DSREGCMD-Recovery

Windows\SysWOW64\dsreg.dll
Windows\System32\dsreg.dll

Local\DialersIveBeenStartedMutex

Windows\SysWOW64\dialer.exe
Windows\System32\dialer.exe

Local\E2A05719-7EDD-4269-94FB-E5C725AE176B

Windows\System32\Windows.Cortana.Desktop.dll

Local\ERCAPPSINGLEINSTANCE

Windows\System32\werconcpl.dll

Local\ExplorerIsShellMutex

Windows\SysWOW64\explorer.exe

Local\Feeds Store Mutex LoRIE

Windows\SysWOW64\msfeeds.dll
Windows\System32\msfeeds.dll

Local\FmsRegChangeMutex

Windows\SysWOW64\fms.dll
Windows\System32\fms.dll

Local\FmsRegMutex

Windows\SysWOW64\fms.dll
Windows\System32\fms.dll

Local\HelpPaneRunningMutex

Windows\HelpPane.exe

Local\InputServiceHostMutex

Windows\SysWOW64\MsCtfMonitor.dll
Windows\System32\MsCtfMonitor.dll

Local\LRIEElevationPolicyMutex

Program Files (x86)\Internet Explorer\IEShims.dll
Program Files\Internet Explorer\IEShims.dll

Local\LockAppHostThreadProcMutex

Windows\System32\LockHostingFramework.dll

Local\MICROSOFT_WMDM_MUTEX

Windows\SysWOW64\mswmdm.dll
Windows\System32\mswmdm.dll

Local\MPSWabDataAccessMutex

Program Files (x86)\Common Files\System\wab32.dll
Program Files\Common Files\System\wab32.dll

Local\MSIdent Logon

Windows\SysWOW64\msident.dll
Windows\System32\msident.dll

Local\Microsoft-Windows-LockScreenHistory

Windows\SysWOW64\Windows.UI.Immersive.dll
Windows\System32\Windows.UI.Immersive.dll

Local\Microsoft:VisionTools:GlobalsMutex

Windows\SysWOW64\MSPhotography.dll
Windows\SysWOW64\MSVideoDSP.dll
Windows\System32\MSPhotography.dll
Windows\System32\MSVideoDSP.dll

Local\Microsoft_WMP_70_CheckForOtherInstanceMutex

Program Files (x86)\Windows Media Player\wmplayer.exe
Program Files\Windows Media Player\wmplayer.exe

Local\MidiMapper_modLongMessage_RefCnt

Windows\SysWOW64\midimap.dll
Windows\System32\midimap.dll

Local\RdpInitMutex

Windows\System32\rdpinit.exe

Local\RdpInitSxSMutex

Windows\System32\rdpinit.exe

Local\RdpShellMutex

Windows\System32\rdpshell.exe

Local\RemoteAssistanceNoviceLock

Windows\System32\msra.exe

Local\RemoteAssistanceSettingLockS

Windows\System32\msra.exe
Windows\System32\msrahc.dll

Local\SessionImmersiveColorMutex

Windows\SysWOW64\explorer.exe
Windows\SysWOW64\uxtheme.dll
Windows\System32\uxtheme.dll

Local\Shell.CMruPidlList

Windows\SysWOW64\windows.storage.dll

Local\Shell_LightDismissOverlay_Sync

Windows\SysWOW64\Windows.UI.Immersive.dll
Windows\System32\Windows.UI.Immersive.dll

Local\SpeechUX~Running

Windows\IME\SPTIP.DLL

Local\SyncCenterAllowIsolationServer

Windows\SysWOW64\SyncCenter.dll
Windows\System32\SyncCenter.dll

Local\SyncServiceThread

Windows\SysWOW64\SyncCenter.dll
Windows\System32\SyncCenter.dll

Local\SystemResetExeAlreadyRunning

Windows\System32\systemreset.exe

Local\TpmInit

Windows\SysWOW64\TpmInit.exe
Windows\System32\TpmInit.exe

Local\WMDMLogger.LogFile.Mutex

Windows\SysWOW64\wmdmlog.dll
Windows\System32\wmdmlog.dll

Local\WMDMLogger.Registry.Mutex

Windows\SysWOW64\wmdmlog.dll
Windows\System32\wmdmlog.dll

Local\WindowsSearchService_EfsRegKeysMutex

Windows\SysWOW64\mssrch.dll
Windows\System32\mssrch.dll

Local\ZonesCacheCounterMutex

Windows\SysWOW64\urlmon.dll

Local\ZonesLockedCacheCounterMutex

Windows\SysWOW64\urlmon.dll

Local\__DDrawCheckExclMode__

Windows\SysWOW64\ddraw.dll

Local\__DDrawExclMode__

Windows\SysWOW64\d3d8.dll
Windows\SysWOW64\d3d9.dll
Windows\SysWOW64\ddraw.dll
Windows\System32\d3d9.dll

Local\ba76e584-735b-45d5-ab75-7ecb8ec8f208

Windows\System32\rekeywiz.exe

Local\tapi_dp_mutex

Windows\SysWOW64\tapi32.dll
Windows\System32\tapi32.dll

Local\workspace_status_notifier

Windows\System32\TSWorkspace.dll

Local\{62D41444-0649-48E1-9670-1E54E5B06001}

Windows\SysWOW64\themecpl.dll
Windows\System32\themecpl.dll

Local\{9ea26f7c-c1a5-466d-9c5e-0be4435f9910}

Windows\System32\Dxpserver.exe

Local\{EA35C8AC-BCAE-4458-98BD-F3ECB90DBC09}

Windows\SysWOW64\psr.exe
Windows\System32\psr.exe

LockScreenDataLayerMutex

Windows\SysWOW64\LockAppBroker.dll
Windows\System32\LockAppBroker.dll

MCICDA_InitCritSection

Windows\SysWOW64\mcicda.dll
Windows\System32\mcicda.dll

MOBILITYCENTER_MUTEX

Windows\System32\mblctr.exe

MSDevicePairingWizard

Windows\SysWOW64\DevicePairing.dll
Windows\System32\DevicePairing.dll

MSORCL32.DLL:NO ORACLE MESSAGE MUTEX

Windows\SysWOW64\msorcl32.dll

MSScreenMagnifierAlreadyExistsMutex

Windows\System32\winlogon.exe

MSScreenMagnifierContextAreaMutex

Windows\SysWOW64\Magnify.exe
Windows\System32\Magnify.exe

MS_FAXXP_ATTACHMENTREGION_MUTEX

Windows\System32\FXSAPI.dll
Windows\System32\FXSCOMPOSE.dll

MS_FAXXP_ATTACHMENT_MUTEX

Windows\System32\FXSAPI.dll
Windows\System32\FXSCOMPOSE.dll

ManagedAccountManager{8466CE10-BD83-44BF-81A9-9B35D36EB77C}

Windows\System32\assignedaccessmanagersvc.dll

Microsoft.Windows.Migration.MigWiz

Program Files\Common Files\microsoft shared\ink\tabskb.dll
Program Files\Common Files\microsoft shared\ink\tipskins.dll

Microsoft.Windows.Setup.FirstUXRefCount

Windows\SysWOW64\spwizeng.dll
Windows\System32\sppnp.dll
Windows\System32\spwizeng.dll

Microsoft_WMP_70_CheckForOtherInstanceMutex

Windows\SysWOW64\wmpshell.dll
Windows\System32\wmpshell.dll

Mutex:Pubwiz:Icons

Windows\SysWOW64\shwebsvc.dll
Windows\System32\shwebsvc.dll

Mutex:Pubwiz:Regs

Windows\SysWOW64\shwebsvc.dll
Windows\System32\shwebsvc.dll

Notification serialiazer Mutex

Windows\SysWOW64\InstallService.dll
Windows\System32\InstallService.dll

OFFLINEDEVICEID-CREATERANDOMSEED

Windows\System32\ClipSVC.dll
Windows\System32\TpmTasks.dll

OOC State Mutex

Windows\SysWOW64\hidserv.dll
Windows\System32\hidserv.dll

ORTC_TracingLock

Windows\SysWOW64\rtmpal.dll
Windows\System32\rtmpal.dll

OnlineHistoryUUIDGenLock

Windows\System32\EdgeContent.dll

PRESENTATIONSETTINGS_MUTEX

Windows\System32\PresentationSettings.exe

PRWIZARDMUTEX

Windows\SysWOW64\keymgr.dll
Windows\System32\keymgr.dll

Provisioning\ProvMutex

Windows\SysWOW64\provcore.dll
Windows\System32\provcore.dll

RasPbFile

Windows\SysWOW64\rasplap.dll
Windows\System32\rasapi32.dll
Windows\System32\rasdlg.dll
Windows\System32\rasgcw.dll
Windows\System32\rasmans.dll
Windows\System32\rasplap.dll

RdpClipAlreadyRunningMutex

Windows\System32\rdpclip.exe

RdpInputAlreadyRunningMutex

Windows\System32\rdpclip.exe
Windows\System32\rdpinput.exe

RecommendedTroubleshootingServiceMutexName

Windows\System32\MitigationClient.dll

Search Admin Control Panel

Windows\SysWOW64\srchadmin.dll
Windows\System32\srchadmin.dll

SearchServiceMUT

Windows\SysWOW64\SearchIndexer.exe
Windows\System32\SearchIndexer.exe

SetuplogMutex

Windows\SysWOW64\setupapi.dll
Windows\System32\setupapi.dll

ShellNewConsolidationMutex

Windows\SysWOW64\shell32.dll

ShellNewConsolidationMutex64

Windows\System32\shell32

SpellingHostSingletonMutex

Windows\System32\MsSpellCheckingHost.exe

StoreCacheInit_Mutex

Windows\System32\Windows.CloudStore.dll

System_Feed_Scheduler_Mutex

Windows\SysWOW64\msfeeds.dll
Windows\System32\msfeeds.dll

TSLicensingLock

Windows\SysWOW64\tlscsp.dll
Windows\System32\tlscsp.dll

TabCalSingleInstance

Windows\System32\tabcal.exe

TapisrvProviderListMutex

Windows\SysWOW64\tapi32.dll
Windows\SysWOW64\tapisrv.dll
Windows\SysWOW64\tcmsetup.exe
Windows\System32\tapi32.dll
Windows\System32\tapisrv.dll
Windows\System32\tcmsetup.exe

TraceLogStorageMutex

Windows\SysWOW64\IndexedDbLegacy.dll
Windows\System32\IndexedDbLegacy.dll

WBEMPROVIDERSTATICMUTEX

Windows\SysWOW64\framedyn.dll
Windows\SysWOW64\framedynos.dll

WMSetup10RTM-UI

Program Files (x86)\Windows Media Player\setup_wm.exe
Program Files\Windows Media Player\setup_wm.exe

WdsSetupLogInit

Windows\SysWOW64\ieUnatt.exe
Windows\SysWOW64\wdscore.dll
Windows\System32\DismApi.dll
Windows\System32\UpdateAgent.dll
Windows\System32\ieUnatt.exe
Windows\System32\mssrch.dll
Windows\System32\wdscore.dll

Windows Volume App Window

Windows\SysWOW64\SndVol.exe
Windows\SysWOW64\SndVolSSO.dll
Windows\System32\SndVol.exe
Windows\System32\SndVolSSO.dll

WindowsInsiderServiceMutexName

Windows\SysWOW64\FlightSettings.dll
Windows\System32\FlightSettings.dll

WindowsPhotoGallerySlideshow

Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll
Program Files\Windows Photo Viewer\PhotoViewer.dll

WofCompressionPolicyEval

Windows\SysWOW64\WofUtil.dll
Windows\SysWOW64\compact.exe
Windows\System32\WofUtil.dll
Windows\System32\compact.exe

_SHuassist.mtx

Windows\SysWOW64\shell32.dll
Windows\System32\shell32

__EXTENSION_POINTS_STATE_MUTEX__

Windows\SysWOW64\Windows.UI.Search.dll
Windows\SysWOW64\twinui.appcore.dll
Windows\SysWOW64\twinui.dll
Windows\System32\ApplicationFrame.dll
Windows\System32\SettingsHandlers_nt.dll
Windows\System32\Windows.UI.Search.dll
Windows\System32\twinui.appcore.dll
Windows\System32\twinui.dll

__MDM_LOCAL_MANAGEMENT_NAMED_MUTEX__

Windows\SysWOW64\mdmlocalmanagement.dll
Windows\System32\mdmlocalmanagement.dll

__MsiPromptForCD

Windows\SysWOW64\msi.dll
Windows\System32\msi.dll

__OMADM_NAMED_MUTEX__

Windows\SysWOW64\omadmapi.dll
Windows\System32\omadmapi.dll

___ENUMDEVSYNCH___

Windows\SysWOW64\msmpeg2vdec.dll
Windows\System32\msmpeg2vdec.dll

__clickonce_app_store__

Windows\SysWOW64\dfshim.dll
Windows\System32\dfshim.dll

eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0

Windows\SysWOW64\qedit.dll
Windows\System32\qedit.dll

g_nTpmCoreProvisioningClass_SerializationMutex_

Windows\SysWOW64\TpmCoreProvisioning.dll
Windows\System32\TpmCoreProvisioning.dll

x9pv45dxghk

Windows\SysWOW64\winipcsecproc.dll
Windows\System32\winipcsecproc.dll

{08E99B95-8687-49A7-9F6E-21D4EEA9346F}

Program Files\Windows Defender\Offline\OfflineScannerShell.exe

{14B2AE96-6F90-421C-A255-E7916D51FEF1}

Windows\SysWOW64\srmscan.dll
Windows\System32\srmscan.dll

{4ae7cdb7-4608-4a6a-b8f1-55d7c500f2ef}

Windows\System32\cofire.exe

{5312EE61-79E3-4A24-BFE1-132B85B23C3A}

Windows\SysWOW64\iedkcs32.dll
Windows\SysWOW64\msfeeds.dll
Windows\System32\ie4uinit.exe
Windows\System32\iedkcs32.dll
Windows\System32\msfeeds.dll

{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}

Windows\SysWOW64\iedkcs32.dll
Windows\System32\ie4uinit.exe
Windows\System32\iedkcs32.dll

{91ff306c-a88d-4173-9df3-f9fb73e3b047}

Windows\System32\DFDWiz.exe

{9ebf696d-2428-4dc4-b048-d46c6da4b717}

Windows\System32\BdeHdCfg.exe

{A5B99A4D-2959-11D1-BAC8-00C04FC2E20D}

Windows\SysWOW64\iaspolcy.dll
Windows\SysWOW64\iasrad.dll
Windows\SysWOW64\iassvcs.dll
Windows\System32\iaspolcy.dll
Windows\System32\iasrad.dll
Windows\System32\iassvcs.dll

{D4445657-0FBC-11dc-A692-00037AF63586}

Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll

文章来源: https://www.hexacorn.com/blog/2023/03/12/list-of-clean-mutexes-and-mutants/
如有侵权请联系:admin#unsafe.sh