usermgrcli.dll
Description: UserMgr API DLL
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 32-bit
Operating System: Windows NT
SHA256: a39cb7310d2b3eee5240bfd83e266f31
File Size: 58.6 KB
Uploaded At: Dec. 1, 2025, 8:05 a.m.
Views: 14
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CamCleanupDisardedCandidateAccounts (Ordinal: 1, Address: 0x4710)
- CamConnectCandidateUser (Ordinal: 2, Address: 0x98e0)
- CamFreeAuthBuffer (Ordinal: 3, Address: 0x9920)
- CamFreeBuffer (Ordinal: 4, Address: 0x9960)
- CamGetCandidateAccountCredz (Ordinal: 5, Address: 0x9990)
- CamGetCandidateUserSessionIds (Ordinal: 6, Address: 0x99a0)
- CamGetNonCandidateUserSessionIds (Ordinal: 7, Address: 0x99b0)
- CamIsCandidateUser (Ordinal: 8, Address: 0x4a70)
- CamIsEphemeralCandidateUser (Ordinal: 9, Address: 0x99c0)
- CamRefreshCandidateUser (Ordinal: 10, Address: 0x99d0)
- IsInteractiveUserSession (Ordinal: 11, Address: 0x9d20)
- QueryActiveSession (Ordinal: 12, Address: 0x9d70)
- QueryUserToken (Ordinal: 13, Address: 0x9dd0)
- RegisterUsertokenForNoWinlogon (Ordinal: 14, Address: 0x9e90)
- UMgrChangeSessionActiveShellUser (Ordinal: 15, Address: 0x9a90)
- UMgrChangeSessionUserToken (Ordinal: 16, Address: 0x9ad0)
- UMgrClearDefaultSignInAccount (Ordinal: 17, Address: 0x9ae0)
- UMgrConnectLocalUser (Ordinal: 18, Address: 0x9b00)
- UMgrDisconnectLocalUser (Ordinal: 19, Address: 0x9b70)
- UMgrEnumerateSessionUsers (Ordinal: 20, Address: 0x3ce0)
- UMgrFreeSessionUsers (Ordinal: 21, Address: 0x37f0)
- UMgrFreeUserCredentials (Ordinal: 22, Address: 0x9be0)
- UMgrGetCachedCredentials (Ordinal: 23, Address: 0x9c30)
- UMgrGetConstrainedUserToken (Ordinal: 24, Address: 0x3b30)
- UMgrGetDefaultSignInAccount (Ordinal: 25, Address: 0x9c40)
- UMgrGetImpersonationTokenForContext (Ordinal: 26, Address: 0x3c10)
- UMgrGetSessionActiveShellUserToken (Ordinal: 27, Address: 0x9c60)
- UMgrInformFlags (Ordinal: 28, Address: 0x47e0)
- UMgrInformUserLogoff (Ordinal: 29, Address: 0x4700)
- UMgrInformUserLogon (Ordinal: 30, Address: 0x48d0)
- UMgrIsAllowedToActivateAsUser (Ordinal: 31, Address: 0x3f20)
- UMgrLaunchShell (Ordinal: 32, Address: 0x48b0)
- UMgrLaunchShellInfrastructureHost (Ordinal: 33, Address: 0x48a0)
- UMgrLogonUser (Ordinal: 34, Address: 0x3830)
- UMgrOpenProcessHandleForAccess (Ordinal: 35, Address: 0x4860)
- UMgrOpenProcessTokenForQuery (Ordinal: 36, Address: 0x3750)
- UMgrQueryDefaultAccountToken (Ordinal: 37, Address: 0x4af0)
- UMgrQuerySessionUserToken (Ordinal: 38, Address: 0x9c70)
- UMgrQuerySessionVirtualAccountToken (Ordinal: 39, Address: 0x9c80)
- UMgrQueryUserContext (Ordinal: 40, Address: 0x43c0)
- UMgrQueryUserContextFromName (Ordinal: 41, Address: 0x9c90)
- UMgrQueryUserContextFromSid (Ordinal: 42, Address: 0x9ca0)
- UMgrQueryUserToken (Ordinal: 43, Address: 0x4170)
- UMgrQueryUserTokenFromName (Ordinal: 44, Address: 0x9cb0)
- UMgrQueryUserTokenFromSid (Ordinal: 45, Address: 0x9cc0)
- UMgrSetCachedCredentials (Ordinal: 46, Address: 0x9cd0)
- UMgrSetShellInformation (Ordinal: 47, Address: 0x48c0)
- UMgrpGetRegistryLocation (Ordinal: 48, Address: 0x9d10)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1000c020)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1000c028)
- IsDebuggerPresent (Address: 0x1000c02c)
- OutputDebugStringW (Address: 0x1000c030)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1000c038)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1000c040)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1000c050)
- SetLastError (Address: 0x1000c054)
- SetUnhandledExceptionFilter (Address: 0x1000c048)
- UnhandledExceptionFilter (Address: 0x1000c04c)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1000c05c)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1000c06c)
- HeapAlloc (Address: 0x1000c064)
- HeapFree (Address: 0x1000c068)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1000c078)
- LocalFree (Address: 0x1000c074)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleFileNameA (Address: 0x1000c08c)
- GetModuleHandleExW (Address: 0x1000c084)
- GetModuleHandleW (Address: 0x1000c088)
- GetProcAddress (Address: 0x1000c080)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1000c094)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1000c0ac)
- GetCurrentProcessId (Address: 0x1000c0a8)
- GetCurrentThreadId (Address: 0x1000c0a0)
- OpenProcessToken (Address: 0x1000c09c)
- TerminateProcess (Address: 0x1000c0a4)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1000c0b4)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1000c0bc)
api-ms-win-core-synch-l1-1-0.dll
- CreateMutexExW (Address: 0x1000c0d4)
- CreateSemaphoreExW (Address: 0x1000c0d0)
- OpenSemaphoreW (Address: 0x1000c0c8)
- ReleaseMutex (Address: 0x1000c0c4)
- ReleaseSemaphore (Address: 0x1000c0dc)
- WaitForSingleObject (Address: 0x1000c0cc)
- WaitForSingleObjectEx (Address: 0x1000c0d8)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x1000c0e4)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x1000c0ec)
- GetTickCount (Address: 0x1000c0f0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventWriteTransfer (Address: 0x1000c0f8)
api-ms-win-security-base-l1-1-0.dll
- CreateWellKnownSid (Address: 0x1000c100)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x1000c144)
- __dllonexit (Address: 0x1000c134)
- _amsg_exit (Address: 0x1000c170)
- _callnewh (Address: 0x1000c154)
- _CxxThrowException (Address: 0x1000c108)
- _except_handler4_common (Address: 0x1000c150)
- _initterm (Address: 0x1000c160)
- _lock (Address: 0x1000c13c)
- _onexit (Address: 0x1000c12c)
- _purecall (Address: 0x1000c158)
- _unlock (Address: 0x1000c138)
- _vsnprintf_s (Address: 0x1000c148)
- _vsnwprintf (Address: 0x1000c16c)
- _XcptFilter (Address: 0x1000c124)
- ??0exception@@QAE@ABQBD@Z (Address: 0x1000c120)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x1000c118)
- ??0exception@@QAE@ABV0@@Z (Address: 0x1000c14c)
- ??0exception@@QAE@XZ (Address: 0x1000c130)
- ??1exception@@UAE@XZ (Address: 0x1000c140)
- ??1type_info@@UAE@XZ (Address: 0x1000c128)
- ??3@YAXPAX@Z (Address: 0x1000c15c)
- ?what@exception@@UBEPBDXZ (Address: 0x1000c114)
- free (Address: 0x1000c164)
- malloc (Address: 0x1000c110)
- memcpy (Address: 0x1000c10c)
- memcpy_s (Address: 0x1000c168)
- memmove (Address: 0x1000c11c)
- memset (Address: 0x1000c174)
ntdll.dll
- RtlGetCurrentServiceSessionId (Address: 0x1000c180)
- RtlIsMultiSessionSku (Address: 0x1000c17c)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x1000c008)
- NdrClientCall4 (Address: 0x1000c014)
- RpcBindingFree (Address: 0x1000c00c)
- RpcBindingFromStringBindingW (Address: 0x1000c000)
- RpcBindingSetAuthInfoExW (Address: 0x1000c010)
- RpcStringBindingComposeW (Address: 0x1000c004)
- RpcStringFreeW (Address: 0x1000c018)