Microsoft.Uev.AgentWmi.dll

Description: Microsoft.Uev.AgentWmi DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5915

Architecture: 32-bit

Operating System: Windows NT

SHA256: 6ca89e9bd94eb3122ee7e23ff6ad4705

File Size: 1.0 MB

Uploaded At: Dec. 1, 2025, 8:11 a.m.

Views: 17

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x24860)
  • DllGetClassObject (Ordinal: 2, Address: 0x24890)
  • DllInstall (Ordinal: 3, Address: 0x24960)
  • DllRegisterServer (Ordinal: 4, Address: 0x248c0)
  • DllUnregisterServer (Ordinal: 5, Address: 0x24900)

Imported DLLs & Functions

ACTIVEDS.dll
  • (Address: 0x100fa000)
ADVAPI32.dll
  • CreateWellKnownSid (Address: 0x100fa00c)
  • EqualSid (Address: 0x100fa008)
  • EventRegister (Address: 0x100fa058)
  • EventSetInformation (Address: 0x100fa054)
  • EventUnregister (Address: 0x100fa050)
  • EventWriteTransfer (Address: 0x100fa038)
  • GetNamedSecurityInfoW (Address: 0x100fa010)
  • GetTokenInformation (Address: 0x100fa018)
  • OpenProcessToken (Address: 0x100fa014)
  • RegCloseKey (Address: 0x100fa04c)
  • RegCreateKeyExW (Address: 0x100fa044)
  • RegDeleteKeyExW (Address: 0x100fa024)
  • RegDeleteTreeW (Address: 0x100fa02c)
  • RegDeleteValueW (Address: 0x100fa05c)
  • RegEnumKeyExW (Address: 0x100fa040)
  • RegEnumValueW (Address: 0x100fa028)
  • RegGetValueW (Address: 0x100fa034)
  • RegOpenKeyExW (Address: 0x100fa01c)
  • RegQueryInfoKeyW (Address: 0x100fa048)
  • RegQueryValueExW (Address: 0x100fa030)
  • RegSetKeyValueW (Address: 0x100fa020)
  • RegSetValueExW (Address: 0x100fa03c)
KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x100fa1a0)
  • AcquireSRWLockShared (Address: 0x100fa0a0)
  • AreFileApisANSI (Address: 0x100fa06c)
  • CloseHandle (Address: 0x100fa168)
  • CloseThreadpoolTimer (Address: 0x100fa0b0)
  • CopyFileW (Address: 0x100fa070)
  • CreateDirectoryW (Address: 0x100fa088)
  • CreateEventA (Address: 0x100fa160)
  • CreateFileW (Address: 0x100fa0f0)
  • CreateMutexExW (Address: 0x100fa110)
  • CreateSemaphoreExW (Address: 0x100fa1fc)
  • CreateThreadpoolTimer (Address: 0x100fa0a4)
  • DebugBreak (Address: 0x100fa108)
  • DecodePointer (Address: 0x100fa188)
  • DeleteCriticalSection (Address: 0x100fa15c)
  • DeleteFileW (Address: 0x100fa0e0)
  • DeviceIoControl (Address: 0x100fa084)
  • EncodePointer (Address: 0x100fa184)
  • EnterCriticalSection (Address: 0x100fa120)
  • ExpandEnvironmentStringsW (Address: 0x100fa204)
  • FindClose (Address: 0x100fa094)
  • FindFirstFileW (Address: 0x100fa09c)
  • FindNextFileW (Address: 0x100fa098)
  • FindResourceExW (Address: 0x100fa13c)
  • FormatMessageA (Address: 0x100fa068)
  • FormatMessageW (Address: 0x100fa1d8)
  • FreeLibrary (Address: 0x100fa14c)
  • GetComputerNameExW (Address: 0x100fa0e8)
  • GetCurrentDirectoryW (Address: 0x100fa074)
  • GetCurrentProcess (Address: 0x100fa194)
  • GetCurrentProcessId (Address: 0x100fa1b0)
  • GetCurrentThreadId (Address: 0x100fa1b4)
  • GetExitCodeProcess (Address: 0x100fa0c4)
  • GetFileAttributesExW (Address: 0x100fa078)
  • GetFileAttributesW (Address: 0x100fa0ec)
  • GetFileSize (Address: 0x100fa0d8)
  • GetFileTime (Address: 0x100fa0d0)
  • GetLastError (Address: 0x100fa134)
  • GetLocaleInfoW (Address: 0x100fa17c)
  • GetLocalTime (Address: 0x100fa114)
  • GetLongPathNameW (Address: 0x100fa0bc)
  • GetModuleFileNameA (Address: 0x100fa20c)
  • GetModuleFileNameW (Address: 0x100fa124)
  • GetModuleHandleExW (Address: 0x100fa208)
  • GetModuleHandleW (Address: 0x100fa148)
  • GetProcAddress (Address: 0x100fa144)
  • GetProcessHeap (Address: 0x100fa10c)
  • GetProcessMitigationPolicy (Address: 0x100fa090)
  • GetStringTypeW (Address: 0x100fa174)
  • GetSystemTimeAsFileTime (Address: 0x100fa1b8)
  • GetTempPathW (Address: 0x100fa0b8)
  • GetThreadLocale (Address: 0x100fa128)
  • GetTickCount (Address: 0x100fa1bc)
  • HeapAlloc (Address: 0x100fa1c8)
  • HeapFree (Address: 0x100fa1c4)
  • InitializeCriticalSection (Address: 0x100fa158)
  • InitializeCriticalSectionEx (Address: 0x100fa178)
  • IsDebuggerPresent (Address: 0x100fa104)
  • LeaveCriticalSection (Address: 0x100fa12c)
  • LoadLibraryExW (Address: 0x100fa154)
  • LoadResource (Address: 0x100fa140)
  • LocalAlloc (Address: 0x100fa08c)
  • LocalFree (Address: 0x100fa170)
  • LocalLock (Address: 0x100fa0fc)
  • LocalUnlock (Address: 0x100fa0d4)
  • lstrcmpiW (Address: 0x100fa150)
  • lstrlenA (Address: 0x100fa0c0)
  • MoveFileExW (Address: 0x100fa0dc)
  • MultiByteToWideChar (Address: 0x100fa130)
  • OpenEventA (Address: 0x100fa064)
  • OpenProcess (Address: 0x100fa0cc)
  • OpenSemaphoreW (Address: 0x100fa1cc)
  • OutputDebugStringA (Address: 0x100fa1c0)
  • OutputDebugStringW (Address: 0x100fa1d4)
  • ProcessIdToSessionId (Address: 0x100fa200)
  • QueryPerformanceCounter (Address: 0x100fa1ac)
  • RaiseException (Address: 0x100fa138)
  • ReadFile (Address: 0x100fa100)
  • ReleaseMutex (Address: 0x100fa1dc)
  • ReleaseSemaphore (Address: 0x100fa1e8)
  • ReleaseSRWLockExclusive (Address: 0x100fa19c)
  • ReleaseSRWLockShared (Address: 0x100fa0a8)
  • RemoveDirectoryW (Address: 0x100fa080)
  • ResetEvent (Address: 0x100fa1ec)
  • SetEvent (Address: 0x100fa164)
  • SetFileAttributesW (Address: 0x100fa0e4)
  • SetFileTime (Address: 0x100fa07c)
  • SetLastError (Address: 0x100fa1e4)
  • SetThreadLocale (Address: 0x100fa11c)
  • SetThreadpoolTimer (Address: 0x100fa0ac)
  • SetUnhandledExceptionFilter (Address: 0x100fa190)
  • SizeofResource (Address: 0x100fa118)
  • Sleep (Address: 0x100fa180)
  • SleepConditionVariableSRW (Address: 0x100fa1a8)
  • SystemTimeToFileTime (Address: 0x100fa0c8)
  • TerminateProcess (Address: 0x100fa198)
  • TlsAlloc (Address: 0x100fa1f0)
  • TlsFree (Address: 0x100fa1f8)
  • TlsGetValue (Address: 0x100fa1f4)
  • TlsSetValue (Address: 0x100fa0f4)
  • UnhandledExceptionFilter (Address: 0x100fa18c)
  • WaitForSingleObject (Address: 0x100fa1e0)
  • WaitForSingleObjectEx (Address: 0x100fa1d0)
  • WaitForThreadpoolTimerCallbacks (Address: 0x100fa0b4)
  • WakeAllConditionVariable (Address: 0x100fa1a4)
  • WideCharToMultiByte (Address: 0x100fa16c)
  • WriteFile (Address: 0x100fa0f8)
msvcrt.dll
  • ___lc_codepage_func (Address: 0x100fa394)
  • ___lc_collate_cp_func (Address: 0x100fa324)
  • ___lc_handle_func (Address: 0x100fa398)
  • ___mb_cur_max_func (Address: 0x100fa390)
  • __crtCompareStringA (Address: 0x100fa374)
  • __crtCompareStringW (Address: 0x100fa378)
  • __crtLCMapStringA (Address: 0x100fa36c)
  • __crtLCMapStringW (Address: 0x100fa370)
  • __CxxFrameHandler3 (Address: 0x100fa2c8)
  • __dllonexit (Address: 0x100fa304)
  • __mb_cur_max (Address: 0x100fa33c)
  • __pctype_func (Address: 0x100fa3a0)
  • __uncaught_exception (Address: 0x100fa364)
  • _amsg_exit (Address: 0x100fa310)
  • _callnewh (Address: 0x100fa3c4)
  • _CxxThrowException (Address: 0x100fa3bc)
  • _errno (Address: 0x100fa3b0)
  • _except_handler4_common (Address: 0x100fa2f8)
  • _fseeki64 (Address: 0x100fa2e8)
  • _Getdays (Address: 0x100fa354)
  • _Getmonths (Address: 0x100fa350)
  • _Gettnames (Address: 0x100fa338)
  • _initterm (Address: 0x100fa30c)
  • _ismbblead (Address: 0x100fa38c)
  • _lock (Address: 0x100fa3ac)
  • _onexit (Address: 0x100fa300)
  • _purecall (Address: 0x100fa2dc)
  • _Strftime (Address: 0x100fa334)
  • _stricmp (Address: 0x100fa29c)
  • _unlock (Address: 0x100fa3a8)
  • _vsnprintf_s (Address: 0x100fa318)
  • _vsnwprintf (Address: 0x100fa2c0)
  • _W_Getdays (Address: 0x100fa34c)
  • _W_Getmonths (Address: 0x100fa348)
  • _W_Gettnames (Address: 0x100fa344)
  • _wcsdup (Address: 0x100fa380)
  • _Wcsftime (Address: 0x100fa340)
  • _wcsicmp (Address: 0x100fa2a8)
  • _wcsnicmp (Address: 0x100fa3f8)
  • _wfopen_s (Address: 0x100fa288)
  • _wfsopen (Address: 0x100fa2ac)
  • _wsetlocale (Address: 0x100fa368)
  • _wtoi (Address: 0x100fa2a0)
  • _XcptFilter (Address: 0x100fa314)
  • ??_V@YAXPAX@Z (Address: 0x100fa2cc)
  • ??0bad_cast@@QAE@ABV0@@Z (Address: 0x100fa40c)
  • ??0bad_cast@@QAE@PBD@Z (Address: 0x100fa410)
  • ??0exception@@QAE@ABQBD@Z (Address: 0x100fa400)
  • ??0exception@@QAE@ABQBDH@Z (Address: 0x100fa3d0)
  • ??0exception@@QAE@ABV0@@Z (Address: 0x100fa3e8)
  • ??0exception@@QAE@XZ (Address: 0x100fa3c0)
  • ??1bad_cast@@UAE@XZ (Address: 0x100fa414)
  • ??1exception@@UAE@XZ (Address: 0x100fa404)
  • ??1type_info@@UAE@XZ (Address: 0x100fa2fc)
  • ??3@YAXPAX@Z (Address: 0x100fa41c)
  • ??8type_info@@QBEHABV0@@Z (Address: 0x100fa37c)
  • ?name@type_info@@QBEPBDXZ (Address: 0x100fa3e0)
  • ?terminate@@YAXXZ (Address: 0x100fa308)
  • ?what@exception@@UBEPBDXZ (Address: 0x100fa408)
  • abort (Address: 0x100fa360)
  • calloc (Address: 0x100fa3c8)
  • fclose (Address: 0x100fa2b4)
  • feof (Address: 0x100fa298)
  • ferror (Address: 0x100fa294)
  • fflush (Address: 0x100fa2b8)
  • fgetc (Address: 0x100fa2b0)
  • fgetpos (Address: 0x100fa2f4)
  • fputc (Address: 0x100fa2bc)
  • fread (Address: 0x100fa290)
  • free (Address: 0x100fa2e0)
  • fseek (Address: 0x100fa28c)
  • fsetpos (Address: 0x100fa2ec)
  • ftell (Address: 0x100fa284)
  • fwrite (Address: 0x100fa3f4)
  • isalnum (Address: 0x100fa31c)
  • isdigit (Address: 0x100fa3f0)
  • islower (Address: 0x100fa384)
  • isspace (Address: 0x100fa330)
  • isupper (Address: 0x100fa39c)
  • ldexp (Address: 0x100fa358)
  • ldiv (Address: 0x100fa3e4)
  • localeconv (Address: 0x100fa3d8)
  • malloc (Address: 0x100fa3fc)
  • mbstowcs_s (Address: 0x100fa280)
  • memchr (Address: 0x100fa328)
  • memcmp (Address: 0x100fa320)
  • memcpy (Address: 0x100fa3b8)
  • memcpy_s (Address: 0x100fa2d0)
  • memmove (Address: 0x100fa3b4)
  • memmove_s (Address: 0x100fa3cc)
  • memset (Address: 0x100fa388)
  • realloc (Address: 0x100fa35c)
  • setlocale (Address: 0x100fa3a4)
  • setvbuf (Address: 0x100fa2c4)
  • sprintf_s (Address: 0x100fa3d4)
  • strchr (Address: 0x100fa278)
  • strcspn (Address: 0x100fa3dc)
  • strerror (Address: 0x100fa2a4)
  • swprintf_s (Address: 0x100fa3ec)
  • time (Address: 0x100fa27c)
  • tolower (Address: 0x100fa32c)
  • towlower (Address: 0x100fa2e4)
  • ungetc (Address: 0x100fa2f0)
  • wcscat_s (Address: 0x100fa2d8)
  • wcscpy_s (Address: 0x100fa2d4)
  • wcsncpy_s (Address: 0x100fa418)
ole32.dll
  • CLSIDFromProgID (Address: 0x100fa428)
  • CLSIDFromString (Address: 0x100fa42c)
  • CoCreateGuid (Address: 0x100fa430)
  • CoCreateInstance (Address: 0x100fa444)
  • CoImpersonateClient (Address: 0x100fa450)
  • CoInitializeEx (Address: 0x100fa43c)
  • CoTaskMemAlloc (Address: 0x100fa434)
  • CoTaskMemFree (Address: 0x100fa448)
  • CoTaskMemRealloc (Address: 0x100fa44c)
  • CoUninitialize (Address: 0x100fa438)
  • OleRun (Address: 0x100fa424)
  • StringFromGUID2 (Address: 0x100fa440)
OLEAUT32.dll
  • LoadTypeLib (Address: 0x100fa240)
  • RegisterTypeLib (Address: 0x100fa248)
  • SafeArrayAccessData (Address: 0x100fa234)
  • SafeArrayCreateVector (Address: 0x100fa230)
  • SafeArrayGetLBound (Address: 0x100fa22c)
  • SafeArrayGetUBound (Address: 0x100fa214)
  • SafeArrayPutElement (Address: 0x100fa224)
  • SafeArrayUnaccessData (Address: 0x100fa228)
  • SysAllocString (Address: 0x100fa24c)
  • SysAllocStringByteLen (Address: 0x100fa220)
  • SysAllocStringLen (Address: 0x100fa258)
  • SysFreeString (Address: 0x100fa244)
  • SysStringByteLen (Address: 0x100fa25c)
  • SysStringLen (Address: 0x100fa250)
  • UnRegisterTypeLib (Address: 0x100fa23c)
  • VariantChangeType (Address: 0x100fa21c)
  • VariantClear (Address: 0x100fa238)
  • VariantInit (Address: 0x100fa218)
  • VarUI4FromStr (Address: 0x100fa254)
SHELL32.dll
  • SHGetKnownFolderPath (Address: 0x100fa264)
USER32.dll
  • CharNextW (Address: 0x100fa26c)
  • UnregisterClassA (Address: 0x100fa270)