profprov.dll

Description: User Profile WMI Provider

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 95ef799504beecb460f681cf53ba7a4f

File Size: 137.0 KB

Uploaded At: Dec. 1, 2025, 7:36 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

DllCanUnloadNow (Ordinal: 1, Address: 0x7b90)
DllGetClassObject (Ordinal: 2, Address: 0x7ad0)
DllRegisterServer (Ordinal: 3, Address: 0x7f40)
DllUnregisterServer (Ordinal: 4, Address: 0x7f50)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CoCreateInstance (Address: 0x180019cb0)
CoGetCallContext (Address: 0x180019ca8)
CoRevertToSelf (Address: 0x180019c98)
CoSetProxyBlanket (Address: 0x180019c88)
CoTaskMemFree (Address: 0x180019cb8)
StringFromCLSID (Address: 0x180019c90)
StringFromGUID2 (Address: 0x180019ca0)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x180019cc8)
IsDebuggerPresent (Address: 0x180019cd0)
OutputDebugStringW (Address: 0x180019cd8)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x180019ce8)
SetLastError (Address: 0x180019d00)
SetUnhandledExceptionFilter (Address: 0x180019cf8)
UnhandledExceptionFilter (Address: 0x180019cf0)

api-ms-win-core-file-l1-1-0.dll

CompareFileTime (Address: 0x180019d18)
FindClose (Address: 0x180019d10)
FindFirstFileW (Address: 0x180019d20)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x180019d30)
DuplicateHandle (Address: 0x180019d38)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x180019d60)
HeapAlloc (Address: 0x180019d50)
HeapFree (Address: 0x180019d48)
HeapReAlloc (Address: 0x180019d58)

api-ms-win-core-heap-l2-1-0.dll

LocalFree (Address: 0x180019d70)

api-ms-win-core-interlocked-l1-1-0.dll

InitializeSListHead (Address: 0x180019d80)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x180019db0)
GetModuleFileNameA (Address: 0x180019d98)
GetModuleFileNameW (Address: 0x180019d90)
GetModuleHandleExW (Address: 0x180019da8)
GetModuleHandleW (Address: 0x180019db8)
GetProcAddress (Address: 0x180019da0)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x180019dc8)

api-ms-win-core-processenvironment-l1-1-0.dll

ExpandEnvironmentStringsW (Address: 0x180019dd8)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x180019df0)
GetCurrentProcessId (Address: 0x180019e08)
GetCurrentThread (Address: 0x180019e10)
GetCurrentThreadId (Address: 0x180019df8)
OpenThreadToken (Address: 0x180019e18)
SetThreadToken (Address: 0x180019e00)
TerminateProcess (Address: 0x180019de8)

api-ms-win-core-processthreads-l1-1-1.dll

IsProcessorFeaturePresent (Address: 0x180019e30)
OpenProcess (Address: 0x180019e28)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x180019e40)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x180019e68)
RegCreateKeyExW (Address: 0x180019e58)
RegDeleteKeyExW (Address: 0x180019e88)
RegDeleteValueW (Address: 0x180019e80)
RegEnumKeyExW (Address: 0x180019e78)
RegEnumValueW (Address: 0x180019e98)
RegOpenCurrentUser (Address: 0x180019e60)
RegOpenKeyExW (Address: 0x180019ea0)
RegQueryInfoKeyW (Address: 0x180019e70)
RegQueryValueExW (Address: 0x180019e50)
RegSetValueExW (Address: 0x180019e90)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x180019eb0)
RtlLookupFunctionEntry (Address: 0x180019eb8)
RtlVirtualUnwind (Address: 0x180019ec0)

api-ms-win-core-string-l1-1-0.dll

CompareStringOrdinal (Address: 0x180019ed0)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x180019f18)
AcquireSRWLockShared (Address: 0x180019f28)
CreateMutexExW (Address: 0x180019f30)
CreateSemaphoreExW (Address: 0x180019ee0)
DeleteCriticalSection (Address: 0x180019f20)
EnterCriticalSection (Address: 0x180019ee8)
InitializeCriticalSectionAndSpinCount (Address: 0x180019ef8)
InitializeCriticalSectionEx (Address: 0x180019f38)
LeaveCriticalSection (Address: 0x180019f10)
OpenSemaphoreW (Address: 0x180019f50)
ReleaseMutex (Address: 0x180019f58)
ReleaseSemaphore (Address: 0x180019f00)
ReleaseSRWLockExclusive (Address: 0x180019ef0)
ReleaseSRWLockShared (Address: 0x180019f40)
WaitForSingleObject (Address: 0x180019f08)
WaitForSingleObjectEx (Address: 0x180019f48)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTime (Address: 0x180019f70)
GetSystemTimeAsFileTime (Address: 0x180019f68)

api-ms-win-core-threadpool-l1-2-0.dll

CloseThreadpoolTimer (Address: 0x180019f98)
CreateThreadpoolTimer (Address: 0x180019f88)
SetThreadpoolTimer (Address: 0x180019f90)
WaitForThreadpoolTimerCallbacks (Address: 0x180019f80)

api-ms-win-core-timezone-l1-1-0.dll

FileTimeToSystemTime (Address: 0x180019fa8)
SystemTimeToFileTime (Address: 0x180019fb0)

api-ms-win-crt-private-l1-1-0.dll

__C_specific_handler (Address: 0x18001a088)
__CxxFrameHandler3 (Address: 0x18001a020)
__CxxFrameHandler4 (Address: 0x18001a098)
__std_terminate (Address: 0x18001a090)
_CxxThrowException (Address: 0x18001a028)
_o___std_exception_copy (Address: 0x18001a080)
_o___std_exception_destroy (Address: 0x18001a078)
_o___std_type_info_destroy_list (Address: 0x18001a070)
_o___stdio_common_vsnprintf_s (Address: 0x18001a068)
_o___stdio_common_vswprintf (Address: 0x18001a060)
_o__callnewh (Address: 0x18001a058)
_o__cexit (Address: 0x18001a050)
_o__configure_narrow_argv (Address: 0x18001a048)
_o__crt_atexit (Address: 0x18001a030)
_o__errno (Address: 0x18001a040)
_o__execute_onexit_table (Address: 0x18001a038)
_o__get_errno (Address: 0x180019fc0)
_o__initialize_narrow_environment (Address: 0x180019fc8)
_o__initialize_onexit_table (Address: 0x180019fd0)
_o__invalid_parameter_noinfo (Address: 0x180019fd8)
_o__purecall (Address: 0x180019fe0)
_o__register_onexit_function (Address: 0x180019fe8)
_o__seh_filter_dll (Address: 0x180019ff0)
_o__set_errno (Address: 0x180019ff8)
_o_free (Address: 0x18001a008)
_o_malloc (Address: 0x18001a010)
_o_terminate (Address: 0x18001a018)
memcmp (Address: 0x18001a0a0)
memcpy (Address: 0x18001a0a8)
memmove (Address: 0x18001a000)

api-ms-win-crt-runtime-l1-1-0.dll

_initterm (Address: 0x18001a0c0)
_initterm_e (Address: 0x18001a0b8)

api-ms-win-crt-string-l1-1-0.dll

memset (Address: 0x18001a0d0)

api-ms-win-security-base-l1-1-0.dll

GetTokenInformation (Address: 0x18001a0e0)
ImpersonateLoggedOnUser (Address: 0x18001a0f8)
IsValidSid (Address: 0x18001a0f0)
RevertToSelf (Address: 0x18001a0e8)

api-ms-win-security-sddl-l1-1-0.dll

ConvertStringSidToSidW (Address: 0x18001a108)

ATL.DLL

(Address: 0x180019b48)

ntdll.dll

EtwTraceMessage (Address: 0x18001a128)
RtlExpandEnvironmentStrings (Address: 0x18001a120)
RtlNtStatusToDosError (Address: 0x18001a118)

OLEAUT32.dll

SafeArrayCopy (Address: 0x180019bf8)
SafeArrayCreate (Address: 0x180019b68)
SafeArrayCreateVector (Address: 0x180019bd8)
SafeArrayDestroy (Address: 0x180019c00)
SafeArrayGetElement (Address: 0x180019bd0)
SafeArrayGetLBound (Address: 0x180019bb0)
SafeArrayGetUBound (Address: 0x180019bb8)
SafeArrayGetVartype (Address: 0x180019bc0)
SafeArrayLock (Address: 0x180019b60)
SafeArrayPutElement (Address: 0x180019be0)
SafeArrayRedim (Address: 0x180019bc8)
SafeArrayUnlock (Address: 0x180019b70)
SysAllocString (Address: 0x180019b88)
SysAllocStringLen (Address: 0x180019b98)
SysFreeString (Address: 0x180019b78)
SysStringByteLen (Address: 0x180019be8)
SysStringLen (Address: 0x180019ba0)
VariantChangeType (Address: 0x180019b58)
VariantClear (Address: 0x180019b80)
VariantCopy (Address: 0x180019b90)
VariantCopyInd (Address: 0x180019bf0)
VariantInit (Address: 0x180019ba8)

profapi.dll

(Address: 0x18001a138)

RPCRT4.dll

I_RpcExceptionFilter (Address: 0x180019c18)
NdrClientCall3 (Address: 0x180019c10)
RpcBindingFree (Address: 0x180019c28)
RpcBindingFromStringBindingW (Address: 0x180019c30)
RpcStringBindingComposeW (Address: 0x180019c38)
RpcStringFreeW (Address: 0x180019c20)

SHLWAPI.dll

SHDeleteKeyW (Address: 0x180019c50)
StrToInt64ExW (Address: 0x180019c48)

USERENV.dll

(Address: 0x180019c60)
DeleteProfileW (Address: 0x180019c68)

WTSAPI32.dll

WTSQueryUserToken (Address: 0x180019c78)