ustprov.dll
Description: User State WMI Provider
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.1
Architecture: 64-bit
Operating System: Windows NT
SHA256: c72143c38533eb106c87759f937f553d
File Size: 50.5 KB
Uploaded At: Dec. 1, 2025, 7:41 a.m.
Views: 3
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x1170)
- DllGetClassObject (Ordinal: 2, Address: 0x1140)
- DllRegisterServer (Ordinal: 3, Address: 0x1520)
- DllUnregisterServer (Ordinal: 4, Address: 0x1530)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CoCreateInstance (Address: 0x18000a468)
- CoGetCallContext (Address: 0x18000a458)
- CoRevertToSelf (Address: 0x18000a450)
- CoTaskMemFree (Address: 0x18000a460)
- StringFromCLSID (Address: 0x18000a470)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18000a488)
- SetLastError (Address: 0x18000a480)
- SetUnhandledExceptionFilter (Address: 0x18000a498)
- UnhandledExceptionFilter (Address: 0x18000a490)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18000a4a8)
- DuplicateHandle (Address: 0x18000a4b0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18000a4d0)
- HeapAlloc (Address: 0x18000a4c8)
- HeapFree (Address: 0x18000a4c0)
api-ms-win-core-heap-l2-1-0.dll
- LocalFree (Address: 0x18000a4e0)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18000a4f0)
- GetModuleFileNameW (Address: 0x18000a4f8)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18000a538)
- GetCurrentProcessId (Address: 0x18000a530)
- GetCurrentThread (Address: 0x18000a520)
- GetCurrentThreadId (Address: 0x18000a510)
- OpenThreadToken (Address: 0x18000a528)
- SetThreadToken (Address: 0x18000a508)
- TerminateProcess (Address: 0x18000a518)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18000a548)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18000a558)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18000a570)
- RegCreateKeyExW (Address: 0x18000a5a0)
- RegDeleteKeyExW (Address: 0x18000a568)
- RegDeleteValueW (Address: 0x18000a590)
- RegEnumValueW (Address: 0x18000a5a8)
- RegOpenCurrentUser (Address: 0x18000a578)
- RegOpenKeyExW (Address: 0x18000a580)
- RegQueryValueExW (Address: 0x18000a598)
- RegSetValueExW (Address: 0x18000a588)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x18000a5c0)
- RtlLookupFunctionEntry (Address: 0x18000a5b8)
- RtlVirtualUnwind (Address: 0x18000a5c8)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x18000a5d8)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18000a5e8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18000a5f8)
- GetTickCount (Address: 0x18000a600)
api-ms-win-security-base-l1-1-0.dll
- GetTokenInformation (Address: 0x18000a628)
- ImpersonateLoggedOnUser (Address: 0x18000a620)
- IsValidSid (Address: 0x18000a610)
- RevertToSelf (Address: 0x18000a618)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertStringSidToSidW (Address: 0x18000a638)
msvcrt.dll
- __C_specific_handler (Address: 0x18000a670)
- __CxxFrameHandler3 (Address: 0x18000a6a0)
- __dllonexit (Address: 0x18000a680)
- _amsg_exit (Address: 0x18000a6b8)
- _callnewh (Address: 0x18000a6a8)
- _CxxThrowException (Address: 0x18000a698)
- _initterm (Address: 0x18000a6c8)
- _lock (Address: 0x18000a648)
- _onexit (Address: 0x18000a6c0)
- _purecall (Address: 0x18000a678)
- _unlock (Address: 0x18000a650)
- _vsnwprintf (Address: 0x18000a658)
- _XcptFilter (Address: 0x18000a6b0)
- ??1type_info@@UEAA@XZ (Address: 0x18000a660)
- ?terminate@@YAXXZ (Address: 0x18000a668)
- free (Address: 0x18000a688)
- malloc (Address: 0x18000a690)
- memset (Address: 0x18000a6d0)
ntdll.dll
- EtwGetTraceEnableFlags (Address: 0x18000a6e8)
- EtwGetTraceEnableLevel (Address: 0x18000a6f0)
- EtwGetTraceLoggerHandle (Address: 0x18000a6f8)
- EtwRegisterTraceGuidsW (Address: 0x18000a708)
- EtwTraceMessage (Address: 0x18000a700)
- EtwUnregisterTraceGuids (Address: 0x18000a6e0)
OLEAUT32.dll
- SafeArrayCopy (Address: 0x18000a3c8)
- SafeArrayCreate (Address: 0x18000a3f8)
- SafeArrayCreateVector (Address: 0x18000a390)
- SafeArrayDestroy (Address: 0x18000a3a0)
- SafeArrayGetElement (Address: 0x18000a380)
- SafeArrayGetLBound (Address: 0x18000a3b8)
- SafeArrayGetUBound (Address: 0x18000a3a8)
- SafeArrayGetVartype (Address: 0x18000a3d8)
- SafeArrayLock (Address: 0x18000a3e8)
- SafeArrayPutElement (Address: 0x18000a388)
- SafeArrayRedim (Address: 0x18000a398)
- SafeArrayUnlock (Address: 0x18000a3b0)
- SysAllocString (Address: 0x18000a418)
- SysAllocStringLen (Address: 0x18000a400)
- SysFreeString (Address: 0x18000a410)
- SysStringByteLen (Address: 0x18000a3d0)
- SysStringLen (Address: 0x18000a3f0)
- VariantChangeType (Address: 0x18000a378)
- VariantClear (Address: 0x18000a420)
- VariantCopy (Address: 0x18000a3e0)
- VariantCopyInd (Address: 0x18000a3c0)
- VariantInit (Address: 0x18000a408)
SHLWAPI.dll
- SHDeleteKeyW (Address: 0x18000a430)
WTSAPI32.dll
- WTSQueryUserToken (Address: 0x18000a440)