usermgrcli.dll
Description: UserMgr API DLL
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6328
Architecture: 64-bit
Operating System: Windows NT
SHA256: cf4294513725cb439b3ab530738981f0
File Size: 80.3 KB
Uploaded At: Dec. 1, 2025, 7:41 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CamCleanupDisardedCandidateAccounts (Ordinal: 1, Address: 0x3860)
- CamConnectCandidateUser (Ordinal: 2, Address: 0x9210)
- CamFreeAuthBuffer (Ordinal: 3, Address: 0x9250)
- CamFreeBuffer (Ordinal: 4, Address: 0x92a0)
- CamGetCandidateAccountCredz (Ordinal: 5, Address: 0x92d0)
- CamGetCandidateUserSessionIds (Ordinal: 6, Address: 0x9300)
- CamGetNonCandidateUserSessionIds (Ordinal: 7, Address: 0x9330)
- CamIsCandidateUser (Ordinal: 8, Address: 0x3b80)
- CamIsEphemeralCandidateUser (Ordinal: 9, Address: 0x9360)
- CamRefreshCandidateUser (Ordinal: 10, Address: 0x9390)
- IsInteractiveUserSession (Ordinal: 11, Address: 0x97f0)
- QueryActiveSession (Ordinal: 12, Address: 0x9860)
- QueryUserToken (Ordinal: 13, Address: 0x98e0)
- RegisterUsertokenForNoWinlogon (Ordinal: 14, Address: 0x99d0)
- UMgrChangeSessionActiveShellUser (Ordinal: 15, Address: 0x9480)
- UMgrChangeSessionUserToken (Ordinal: 16, Address: 0x94b0)
- UMgrClearDefaultSignInAccount (Ordinal: 17, Address: 0x94c0)
- UMgrConnectLocalUser (Ordinal: 18, Address: 0x94d0)
- UMgrDisconnectLocalUser (Ordinal: 19, Address: 0x9520)
- UMgrEnumerateSessionUsers (Ordinal: 20, Address: 0x17f0)
- UMgrFreeSessionUsers (Ordinal: 21, Address: 0x1250)
- UMgrFreeUserCredentials (Ordinal: 22, Address: 0x9580)
- UMgrGetCachedCredentials (Ordinal: 23, Address: 0x95e0)
- UMgrGetConstrainedUserToken (Ordinal: 24, Address: 0x16a0)
- UMgrGetDefaultSignInAccount (Ordinal: 25, Address: 0x9610)
- UMgrGetImpersonationTokenForContext (Ordinal: 26, Address: 0x9620)
- UMgrGetSessionActiveShellUserToken (Ordinal: 27, Address: 0x9650)
- UMgrInformFlags (Ordinal: 28, Address: 0x3930)
- UMgrInformUserLogoff (Ordinal: 29, Address: 0x3850)
- UMgrInformUserLogon (Ordinal: 30, Address: 0x39d0)
- UMgrIsAllowedToActivateAsUser (Ordinal: 31, Address: 0x1aa0)
- UMgrLaunchShell (Ordinal: 32, Address: 0x39b0)
- UMgrLaunchShellInfrastructureHost (Ordinal: 33, Address: 0x39a0)
- UMgrLogonUser (Ordinal: 34, Address: 0x12a0)
- UMgrOpenProcessHandleForAccess (Ordinal: 35, Address: 0x11a0)
- UMgrOpenProcessTokenForQuery (Ordinal: 36, Address: 0x1100)
- UMgrQueryDefaultAccountToken (Ordinal: 37, Address: 0x3c40)
- UMgrQuerySessionUserToken (Ordinal: 38, Address: 0x9680)
- UMgrQuerySessionVirtualAccountToken (Ordinal: 39, Address: 0x96b0)
- UMgrQueryUserContext (Ordinal: 40, Address: 0x23f0)
- UMgrQueryUserContextFromName (Ordinal: 41, Address: 0x96e0)
- UMgrQueryUserContextFromSid (Ordinal: 42, Address: 0x9710)
- UMgrQueryUserToken (Ordinal: 43, Address: 0x1f50)
- UMgrQueryUserTokenFromName (Ordinal: 44, Address: 0x9740)
- UMgrQueryUserTokenFromSid (Ordinal: 45, Address: 0x9770)
- UMgrSetCachedCredentials (Ordinal: 46, Address: 0x97a0)
- UMgrSetShellInformation (Ordinal: 47, Address: 0x39c0)
- UMgrpGetRegistryLocation (Ordinal: 48, Address: 0x97e0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18000be40)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18000be58)
- IsDebuggerPresent (Address: 0x18000be60)
- OutputDebugStringW (Address: 0x18000be50)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18000be70)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18000be80)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18000bea8)
- SetLastError (Address: 0x18000be90)
- SetUnhandledExceptionFilter (Address: 0x18000bea0)
- UnhandledExceptionFilter (Address: 0x18000be98)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18000beb8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18000bec8)
- HeapAlloc (Address: 0x18000bed0)
- HeapFree (Address: 0x18000bed8)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18000bef0)
- LocalFree (Address: 0x18000bee8)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleFileNameA (Address: 0x18000bf00)
- GetModuleHandleExW (Address: 0x18000bf10)
- GetModuleHandleW (Address: 0x18000bf08)
- GetProcAddress (Address: 0x18000bf18)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18000bf28)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18000bf40)
- GetCurrentProcessId (Address: 0x18000bf50)
- GetCurrentThreadId (Address: 0x18000bf58)
- OpenProcessToken (Address: 0x18000bf48)
- TerminateProcess (Address: 0x18000bf38)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18000bf68)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18000bf78)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18000bf90)
- RtlLookupFunctionEntry (Address: 0x18000bf88)
- RtlVirtualUnwind (Address: 0x18000bf98)
api-ms-win-core-synch-l1-1-0.dll
- CreateMutexExW (Address: 0x18000bfb0)
- CreateSemaphoreExW (Address: 0x18000bfb8)
- OpenSemaphoreW (Address: 0x18000bfd0)
- ReleaseMutex (Address: 0x18000bfd8)
- ReleaseSemaphore (Address: 0x18000bfa8)
- WaitForSingleObject (Address: 0x18000bfc0)
- WaitForSingleObjectEx (Address: 0x18000bfc8)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18000bfe8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18000c000)
- GetTickCount (Address: 0x18000bff8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventWriteTransfer (Address: 0x18000c010)
api-ms-win-security-base-l1-1-0.dll
- CreateWellKnownSid (Address: 0x18000c020)
msvcrt.dll
- __C_specific_handler (Address: 0x18000c0f8)
- __CxxFrameHandler3 (Address: 0x18000c038)
- __dllonexit (Address: 0x18000c100)
- _amsg_exit (Address: 0x18000c070)
- _callnewh (Address: 0x18000c0a8)
- _CxxThrowException (Address: 0x18000c098)
- _initterm (Address: 0x18000c088)
- _lock (Address: 0x18000c0a0)
- _onexit (Address: 0x18000c0e8)
- _purecall (Address: 0x18000c0d0)
- _unlock (Address: 0x18000c0b8)
- _vsnprintf_s (Address: 0x18000c048)
- _vsnwprintf (Address: 0x18000c0f0)
- _XcptFilter (Address: 0x18000c060)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18000c0b0)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18000c0c8)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x18000c068)
- ??0exception@@QEAA@XZ (Address: 0x18000c078)
- ??1exception@@UEAA@XZ (Address: 0x18000c090)
- ??1type_info@@UEAA@XZ (Address: 0x18000c0c0)
- ??3@YAXPEAX@Z (Address: 0x18000c0d8)
- ?what@exception@@UEBAPEBDXZ (Address: 0x18000c040)
- free (Address: 0x18000c080)
- malloc (Address: 0x18000c058)
- memcpy (Address: 0x18000c030)
- memcpy_s (Address: 0x18000c0e0)
- memmove (Address: 0x18000c050)
- memset (Address: 0x18000c108)
ntdll.dll
- RtlGetCurrentServiceSessionId (Address: 0x18000c120)
- RtlIsMultiSessionSku (Address: 0x18000c118)
RPCRT4.dll
- I_RpcExceptionFilter (Address: 0x18000be18)
- NdrClientCall3 (Address: 0x18000be30)
- RpcBindingFree (Address: 0x18000be00)
- RpcBindingFromStringBindingW (Address: 0x18000be08)
- RpcBindingSetAuthInfoExW (Address: 0x18000be20)
- RpcStringBindingComposeW (Address: 0x18000be10)
- RpcStringFreeW (Address: 0x18000be28)