UserMgrProxy.dll
Description: UserMgrProxy
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 32-bit
Operating System: Windows NT
SHA256: 5a8c464d929b31764a7ba0dcfe8ea29e
File Size: 199.5 KB
Uploaded At: Dec. 1, 2025, 8:05 a.m.
Views: 10
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x14730)
- DllGetActivationFactory (Ordinal: 2, Address: 0x1ef70)
- DllGetClassObject (Ordinal: 3, Address: 0x122f0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1002d084)
api-ms-win-core-com-l1-1-0.dll
- CoCopyProxy (Address: 0x1002d08c)
- CoCreateFreeThreadedMarshaler (Address: 0x1002d0ac)
- CoCreateInstance (Address: 0x1002d0b8)
- CoGetStandardMarshal (Address: 0x1002d0a8)
- CoImpersonateClient (Address: 0x1002d0b0)
- CoReleaseMarshalData (Address: 0x1002d098)
- CoRevertToSelf (Address: 0x1002d0a4)
- CoSetProxyBlanket (Address: 0x1002d090)
- CoSwitchCallContext (Address: 0x1002d09c)
- CoTaskMemAlloc (Address: 0x1002d0b4)
- CoTaskMemFree (Address: 0x1002d0a0)
- CoWaitForMultipleHandles (Address: 0x1002d094)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1002d0c0)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
- CStdStubBuffer2_Connect (Address: 0x1002d0c8)
- CStdStubBuffer2_CountRefs (Address: 0x1002d0d8)
- CStdStubBuffer2_Disconnect (Address: 0x1002d104)
- CStdStubBuffer2_QueryInterface (Address: 0x1002d118)
- NdrProxyForwardingFunction3 (Address: 0x1002d110)
- NdrProxyForwardingFunction4 (Address: 0x1002d128)
- NdrProxyForwardingFunction5 (Address: 0x1002d12c)
- ObjectStublessClient10 (Address: 0x1002d11c)
- ObjectStublessClient11 (Address: 0x1002d0d4)
- ObjectStublessClient12 (Address: 0x1002d0e8)
- ObjectStublessClient13 (Address: 0x1002d10c)
- ObjectStublessClient14 (Address: 0x1002d124)
- ObjectStublessClient15 (Address: 0x1002d0e0)
- ObjectStublessClient16 (Address: 0x1002d0ec)
- ObjectStublessClient17 (Address: 0x1002d114)
- ObjectStublessClient18 (Address: 0x1002d0d0)
- ObjectStublessClient19 (Address: 0x1002d0e4)
- ObjectStublessClient20 (Address: 0x1002d134)
- ObjectStublessClient21 (Address: 0x1002d0f0)
- ObjectStublessClient22 (Address: 0x1002d0cc)
- ObjectStublessClient23 (Address: 0x1002d0f4)
- ObjectStublessClient24 (Address: 0x1002d0fc)
- ObjectStublessClient25 (Address: 0x1002d100)
- ObjectStublessClient26 (Address: 0x1002d0f8)
- ObjectStublessClient3 (Address: 0x1002d0dc)
- ObjectStublessClient6 (Address: 0x1002d130)
- ObjectStublessClient7 (Address: 0x1002d108)
- ObjectStublessClient8 (Address: 0x1002d138)
- ObjectStublessClient9 (Address: 0x1002d120)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1002d140)
- IsDebuggerPresent (Address: 0x1002d148)
- OutputDebugStringW (Address: 0x1002d144)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1002d150)
- RaiseException (Address: 0x1002d158)
- SetLastError (Address: 0x1002d15c)
- SetUnhandledExceptionFilter (Address: 0x1002d160)
- UnhandledExceptionFilter (Address: 0x1002d154)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1002d168)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1002d174)
- HeapAlloc (Address: 0x1002d170)
- HeapFree (Address: 0x1002d178)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x1002d188)
- LocalFree (Address: 0x1002d180)
- LocalReAlloc (Address: 0x1002d184)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x1002d190)
- GetModuleFileNameA (Address: 0x1002d194)
- GetModuleHandleExW (Address: 0x1002d1a8)
- GetModuleHandleW (Address: 0x1002d1a4)
- GetProcAddress (Address: 0x1002d1a0)
- LoadLibraryExA (Address: 0x1002d19c)
- LoadLibraryExW (Address: 0x1002d198)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1002d1b0)
api-ms-win-core-memory-l1-1-0.dll
- VirtualProtect (Address: 0x1002d1b8)
- VirtualQuery (Address: 0x1002d1bc)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1002d1c4)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1002d1e4)
- GetCurrentProcessId (Address: 0x1002d1d4)
- GetCurrentThread (Address: 0x1002d1d0)
- GetCurrentThreadId (Address: 0x1002d1cc)
- OpenProcessToken (Address: 0x1002d1e0)
- OpenThreadToken (Address: 0x1002d1dc)
- TerminateProcess (Address: 0x1002d1d8)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1002d1ec)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1002d1f4)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1002d1fc)
- RegGetValueW (Address: 0x1002d200)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1002d208)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1002d244)
- AcquireSRWLockShared (Address: 0x1002d238)
- CreateEventExW (Address: 0x1002d210)
- CreateMutexExW (Address: 0x1002d22c)
- CreateSemaphoreExW (Address: 0x1002d21c)
- DeleteCriticalSection (Address: 0x1002d248)
- EnterCriticalSection (Address: 0x1002d250)
- InitializeCriticalSectionEx (Address: 0x1002d24c)
- InitializeSRWLock (Address: 0x1002d218)
- LeaveCriticalSection (Address: 0x1002d228)
- OpenSemaphoreW (Address: 0x1002d220)
- ReleaseMutex (Address: 0x1002d224)
- ReleaseSemaphore (Address: 0x1002d240)
- ReleaseSRWLockExclusive (Address: 0x1002d234)
- ReleaseSRWLockShared (Address: 0x1002d214)
- SetEvent (Address: 0x1002d254)
- WaitForSingleObject (Address: 0x1002d23c)
- WaitForSingleObjectEx (Address: 0x1002d230)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x1002d25c)
- Sleep (Address: 0x1002d260)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x1002d270)
- GetSystemTimeAsFileTime (Address: 0x1002d26c)
- GetTickCount (Address: 0x1002d268)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1002d280)
- CreateThreadpoolTimer (Address: 0x1002d284)
- SetThreadpoolTimer (Address: 0x1002d278)
- WaitForThreadpoolTimerCallbacks (Address: 0x1002d27c)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x1002d28c)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1002d298)
- EncodePointer (Address: 0x1002d294)
api-ms-win-core-winrt-error-l1-1-0.dll
- GetRestrictedErrorInfo (Address: 0x1002d2a0)
- RoOriginateError (Address: 0x1002d2a4)
- RoOriginateErrorW (Address: 0x1002d2a8)
- RoTransformError (Address: 0x1002d2ac)
- SetRestrictedErrorInfo (Address: 0x1002d2b0)
api-ms-win-core-winrt-error-l1-1-1.dll
- IsErrorPropagationEnabled (Address: 0x1002d2bc)
- RoGetMatchingRestrictedErrorInfo (Address: 0x1002d2b8)
- RoReportFailedDelegate (Address: 0x1002d2c0)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x1002d2d4)
- RoGetActivationFactory (Address: 0x1002d2cc)
- RoInitialize (Address: 0x1002d2d0)
- RoUninitialize (Address: 0x1002d2c8)
api-ms-win-core-winrt-string-l1-1-0.dll
- HSTRING_UserFree (Address: 0x1002d2f8)
- HSTRING_UserMarshal (Address: 0x1002d2e8)
- HSTRING_UserSize (Address: 0x1002d2f0)
- HSTRING_UserUnmarshal (Address: 0x1002d2e4)
- WindowsCompareStringOrdinal (Address: 0x1002d304)
- WindowsCreateString (Address: 0x1002d308)
- WindowsCreateStringReference (Address: 0x1002d2f4)
- WindowsDeleteString (Address: 0x1002d2e0)
- WindowsDuplicateString (Address: 0x1002d2ec)
- WindowsGetStringRawBuffer (Address: 0x1002d2fc)
- WindowsIsStringEmpty (Address: 0x1002d2dc)
- WindowsStringHasEmbeddedNull (Address: 0x1002d300)
api-ms-win-security-base-l1-1-0.dll
- CreateWellKnownSid (Address: 0x1002d31c)
- EqualSid (Address: 0x1002d318)
- GetAce (Address: 0x1002d314)
- GetTokenInformation (Address: 0x1002d310)
api-ms-win-security-base-l1-2-0.dll
- CheckTokenMembershipEx (Address: 0x1002d324)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1002d32c)
combase.dll
- (Address: 0x1002d334)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x1002d398)
- __dllonexit (Address: 0x1002d39c)
- _amsg_exit (Address: 0x1002d340)
- _callnewh (Address: 0x1002d38c)
- _CxxThrowException (Address: 0x1002d354)
- _except_handler4_common (Address: 0x1002d3a8)
- _get_errno (Address: 0x1002d37c)
- _initterm (Address: 0x1002d3c0)
- _lock (Address: 0x1002d384)
- _onexit (Address: 0x1002d3b8)
- _purecall (Address: 0x1002d394)
- _set_errno (Address: 0x1002d378)
- _unlock (Address: 0x1002d390)
- _vscwprintf (Address: 0x1002d380)
- _vsnprintf_s (Address: 0x1002d344)
- _vsnwprintf (Address: 0x1002d3b4)
- _XcptFilter (Address: 0x1002d33c)
- ??0exception@@QAE@ABQBD@Z (Address: 0x1002d388)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x1002d360)
- ??0exception@@QAE@ABV0@@Z (Address: 0x1002d35c)
- ??0exception@@QAE@XZ (Address: 0x1002d370)
- ??1exception@@UAE@XZ (Address: 0x1002d358)
- ??1type_info@@UAE@XZ (Address: 0x1002d3a0)
- ??3@YAXPAX@Z (Address: 0x1002d3ac)
- ?terminate@@YAXXZ (Address: 0x1002d364)
- ?what@exception@@UBEPBDXZ (Address: 0x1002d36c)
- free (Address: 0x1002d348)
- malloc (Address: 0x1002d34c)
- memcmp (Address: 0x1002d368)
- memcpy (Address: 0x1002d350)
- memcpy_s (Address: 0x1002d3b0)
- memmove (Address: 0x1002d3bc)
- memmove_s (Address: 0x1002d3a4)
- memset (Address: 0x1002d3c4)
- wcschr (Address: 0x1002d374)
ntdll.dll
- NtQuerySecurityObject (Address: 0x1002d3e0)
- NtSetSecurityObject (Address: 0x1002d3d8)
- RtlAddAccessAllowedAce (Address: 0x1002d3ec)
- RtlAddAce (Address: 0x1002d3f0)
- RtlAllocateHeap (Address: 0x1002d3fc)
- RtlCapabilityCheck (Address: 0x1002d40c)
- RtlCreateAcl (Address: 0x1002d3f8)
- RtlCreateSecurityDescriptor (Address: 0x1002d3dc)
- RtlFreeHeap (Address: 0x1002d3e4)
- RtlGetAce (Address: 0x1002d3f4)
- RtlGetDaclSecurityDescriptor (Address: 0x1002d408)
- RtlInitUnicodeString (Address: 0x1002d3cc)
- RtlIsMultiSessionSku (Address: 0x1002d3d0)
- RtlLengthSid (Address: 0x1002d400)
- RtlNtStatusToDosError (Address: 0x1002d3d4)
- RtlQueryInformationAcl (Address: 0x1002d404)
- RtlSetDaclSecurityDescriptor (Address: 0x1002d3e8)
OLEAUT32.dll
- SysAllocString (Address: 0x1002d00c)
- SysFreeString (Address: 0x1002d000)
- VariantClear (Address: 0x1002d004)
- VariantInit (Address: 0x1002d008)
RPCRT4.dll
- CStdStubBuffer_AddRef (Address: 0x1002d050)
- CStdStubBuffer_Connect (Address: 0x1002d030)
- CStdStubBuffer_CountRefs (Address: 0x1002d048)
- CStdStubBuffer_DebugServerQueryInterface (Address: 0x1002d068)
- CStdStubBuffer_DebugServerRelease (Address: 0x1002d040)
- CStdStubBuffer_Disconnect (Address: 0x1002d03c)
- CStdStubBuffer_Invoke (Address: 0x1002d078)
- CStdStubBuffer_IsIIDSupported (Address: 0x1002d034)
- CStdStubBuffer_QueryInterface (Address: 0x1002d044)
- I_RpcExceptionFilter (Address: 0x1002d018)
- IUnknown_AddRef_Proxy (Address: 0x1002d06c)
- IUnknown_QueryInterface_Proxy (Address: 0x1002d038)
- IUnknown_Release_Proxy (Address: 0x1002d04c)
- NdrClientCall4 (Address: 0x1002d014)
- NdrCStdStubBuffer_Release (Address: 0x1002d064)
- NdrCStdStubBuffer2_Release (Address: 0x1002d058)
- NdrDllCanUnloadNow (Address: 0x1002d060)
- NdrDllGetClassObject (Address: 0x1002d05c)
- NdrOleAllocate (Address: 0x1002d07c)
- NdrOleFree (Address: 0x1002d054)
- NdrStubCall2 (Address: 0x1002d070)
- NdrStubForwardingFunction (Address: 0x1002d074)
- RpcBindingFree (Address: 0x1002d01c)
- RpcBindingFromStringBindingW (Address: 0x1002d028)
- RpcBindingSetAuthInfoExW (Address: 0x1002d020)
- RpcStringBindingComposeW (Address: 0x1002d02c)
- RpcStringFreeW (Address: 0x1002d024)