frprov.dll

Description: Folder Redirection WMI Provider

Version: 10.0.19041.1

Architecture: 64-bit

Operating System: Windows NT

SHA256: 7c6d0214b84f9196c104d233d95f6be6

File Size: 85.5 KB

Uploaded At: Dec. 1, 2025, 7:28 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

DllCanUnloadNow (Ordinal: 1, Address: 0x1580)
DllGetClassObject (Ordinal: 2, Address: 0x1550)
DllRegisterServer (Ordinal: 3, Address: 0x1930)
DllUnregisterServer (Ordinal: 4, Address: 0x1940)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CLSIDFromString (Address: 0x18000ff10)
CoCreateInstance (Address: 0x18000ff20)
CoGetCallContext (Address: 0x18000ff28)
CoRevertToSelf (Address: 0x18000ff00)
CoTaskMemFree (Address: 0x18000ff18)
StringFromCLSID (Address: 0x18000ff30)
StringFromGUID2 (Address: 0x18000ff08)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x18000ff58)
SetLastError (Address: 0x18000ff40)
SetUnhandledExceptionFilter (Address: 0x18000ff48)
UnhandledExceptionFilter (Address: 0x18000ff50)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x18000ff68)
DuplicateHandle (Address: 0x18000ff70)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x18000ff88)
HeapAlloc (Address: 0x18000ff80)
HeapFree (Address: 0x18000ff90)

api-ms-win-core-heap-l2-1-0.dll

LocalFree (Address: 0x18000ffa0)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x18000ffb0)
GetModuleFileNameW (Address: 0x18000ffc0)
GetProcAddress (Address: 0x18000ffb8)

api-ms-win-core-libraryloader-l1-2-1.dll

LoadLibraryW (Address: 0x18000ffd0)

api-ms-win-core-processenvironment-l1-1-0.dll

ExpandEnvironmentStringsW (Address: 0x18000ffe0)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x180010010)
GetCurrentProcessId (Address: 0x180010008)
GetCurrentThread (Address: 0x180010020)
GetCurrentThreadId (Address: 0x180010000)
OpenThreadToken (Address: 0x18000fff0)
SetThreadToken (Address: 0x18000fff8)
TerminateProcess (Address: 0x180010018)

api-ms-win-core-processthreads-l1-1-1.dll

OpenProcess (Address: 0x180010030)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x180010040)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x180010068)
RegCreateKeyExW (Address: 0x180010090)
RegDeleteKeyExW (Address: 0x180010070)
RegDeleteTreeW (Address: 0x180010050)
RegDeleteValueW (Address: 0x180010058)
RegEnumValueW (Address: 0x180010060)
RegGetValueW (Address: 0x180010078)
RegOpenCurrentUser (Address: 0x180010088)
RegOpenKeyExW (Address: 0x1800100a0)
RegQueryValueExW (Address: 0x180010080)
RegSetValueExW (Address: 0x180010098)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x1800100c0)
RtlLookupFunctionEntry (Address: 0x1800100b8)
RtlVirtualUnwind (Address: 0x1800100b0)

api-ms-win-core-string-l1-1-0.dll

CompareStringOrdinal (Address: 0x1800100d0)

api-ms-win-core-synch-l1-2-0.dll

Sleep (Address: 0x1800100e0)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime (Address: 0x1800100f8)
GetTickCount (Address: 0x180010100)
GetVersionExW (Address: 0x1800100f0)

api-ms-win-security-base-l1-1-0.dll

GetTokenInformation (Address: 0x180010118)
ImpersonateLoggedOnUser (Address: 0x180010120)
IsValidSid (Address: 0x180010110)
RevertToSelf (Address: 0x180010128)

api-ms-win-security-sddl-l1-1-0.dll

ConvertSidToStringSidW (Address: 0x180010140)
ConvertStringSidToSidW (Address: 0x180010138)

msvcrt.dll

__C_specific_handler (Address: 0x1800101f8)
__CxxFrameHandler3 (Address: 0x180010218)
__dllonexit (Address: 0x1800101c0)
_amsg_exit (Address: 0x1800101c8)
_callnewh (Address: 0x1800101b8)
_CxxThrowException (Address: 0x1800101d8)
_initterm (Address: 0x180010220)
_lock (Address: 0x180010170)
_onexit (Address: 0x180010160)
_purecall (Address: 0x180010158)
_unlock (Address: 0x1800101e0)
_vsnwprintf (Address: 0x180010208)
_XcptFilter (Address: 0x1800101a8)
??_V@YAXPEAX@Z (Address: 0x180010150)
??0exception@@QEAA@AEBQEBD@Z (Address: 0x180010190)
??0exception@@QEAA@AEBQEBDH@Z (Address: 0x180010198)
??0exception@@QEAA@AEBV0@@Z (Address: 0x180010188)
??1exception@@UEAA@XZ (Address: 0x180010210)
??1type_info@@UEAA@XZ (Address: 0x1800101e8)
??3@YAXPEAX@Z (Address: 0x180010178)
?terminate@@YAXXZ (Address: 0x1800101b0)
?what@exception@@UEBAPEBDXZ (Address: 0x1800101a0)
free (Address: 0x1800101d0)
malloc (Address: 0x180010180)
memcpy (Address: 0x1800101f0)
memcpy_s (Address: 0x180010200)
memmove (Address: 0x180010168)
memset (Address: 0x180010228)

ntdll.dll

EtwGetTraceEnableFlags (Address: 0x180010260)
EtwGetTraceEnableLevel (Address: 0x180010248)
EtwGetTraceLoggerHandle (Address: 0x180010250)
EtwRegisterTraceGuidsW (Address: 0x180010240)
EtwTraceMessage (Address: 0x180010258)
EtwUnregisterTraceGuids (Address: 0x180010238)

OLEAUT32.dll

SafeArrayCopy (Address: 0x18000fea8)
SafeArrayCreate (Address: 0x18000fec8)
SafeArrayCreateVector (Address: 0x18000fe68)
SafeArrayDestroy (Address: 0x18000fe80)
SafeArrayGetElement (Address: 0x18000fe58)
SafeArrayGetLBound (Address: 0x18000fe98)
SafeArrayGetUBound (Address: 0x18000fe88)
SafeArrayGetVartype (Address: 0x18000feb8)
SafeArrayLock (Address: 0x18000fed0)
SafeArrayPutElement (Address: 0x18000fe60)
SafeArrayRedim (Address: 0x18000fe78)
SafeArrayUnlock (Address: 0x18000fe90)
SysAllocString (Address: 0x18000fe50)
SysAllocStringLen (Address: 0x18000fe70)
SysFreeString (Address: 0x18000fe48)
SysStringByteLen (Address: 0x18000feb0)
SysStringLen (Address: 0x18000fe30)
VariantChangeType (Address: 0x18000fec0)
VariantClear (Address: 0x18000fe40)
VariantCopy (Address: 0x18000fe28)
VariantCopyInd (Address: 0x18000fe38)
VariantInit (Address: 0x18000fea0)

SHLWAPI.dll

SHDeleteKeyW (Address: 0x18000fee0)

WTSAPI32.dll

WTSQueryUserToken (Address: 0x18000fef0)