WmiPrvSD.dll
Description: WMI
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3636
Architecture: 64-bit
Operating System: Windows NT
SHA256: 4f1de69a4ac73e9e209ef42d7d3c4b45
File Size: 838.0 KB
Uploaded At: Dec. 1, 2025, 7:51 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x1ea30)
- DllGetClassObject (Ordinal: 2, Address: 0x35e0)
- DllRegisterServer (Ordinal: 3, Address: 0x3b580)
- DllUnregisterServer (Ordinal: 4, Address: 0x3b670)
Imported DLLs & Functions
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18009ef58)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18009ef68)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18009ef80)
- SetUnhandledExceptionFilter (Address: 0x18009ef88)
- UnhandledExceptionFilter (Address: 0x18009ef78)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x18009ef98)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18009efa8)
- DuplicateHandle (Address: 0x18009efb0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18009efe0)
- HeapAlloc (Address: 0x18009efc8)
- HeapCreate (Address: 0x18009efc0)
- HeapDestroy (Address: 0x18009efd8)
- HeapFree (Address: 0x18009efd0)
api-ms-win-core-heap-l2-1-0.dll
- GlobalAlloc (Address: 0x18009f008)
- GlobalFree (Address: 0x18009f000)
- LocalAlloc (Address: 0x18009eff8)
- LocalFree (Address: 0x18009eff0)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- GlobalLock (Address: 0x18009f020)
- GlobalUnlock (Address: 0x18009f018)
api-ms-win-core-job-l2-1-0.dll
- AssignProcessToJobObject (Address: 0x18009f038)
- CreateJobObjectW (Address: 0x18009f030)
- OpenJobObjectW (Address: 0x18009f050)
- SetInformationJobObject (Address: 0x18009f048)
- TerminateJobObject (Address: 0x18009f040)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18009f060)
- GetModuleFileNameW (Address: 0x18009f068)
- GetProcAddress (Address: 0x18009f078)
- LoadLibraryExW (Address: 0x18009f070)
api-ms-win-core-localization-l1-2-0.dll
- LCMapStringW (Address: 0x18009f088)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x18009f098)
- MapViewOfFile (Address: 0x18009f0a8)
- OpenFileMappingW (Address: 0x18009f0a0)
- UnmapViewOfFile (Address: 0x18009f0b0)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x18009f0f8)
- GetCurrentProcess (Address: 0x18009f108)
- GetCurrentProcessId (Address: 0x18009f0d0)
- GetCurrentThread (Address: 0x18009f118)
- GetCurrentThreadId (Address: 0x18009f110)
- GetProcessTimes (Address: 0x18009f100)
- OpenProcessToken (Address: 0x18009f130)
- OpenThreadToken (Address: 0x18009f0c0)
- SetThreadToken (Address: 0x18009f128)
- SwitchToThread (Address: 0x18009f0d8)
- TerminateProcess (Address: 0x18009f120)
- TlsAlloc (Address: 0x18009f0c8)
- TlsFree (Address: 0x18009f0e0)
- TlsGetValue (Address: 0x18009f0e8)
- TlsSetValue (Address: 0x18009f0f0)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18009f140)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18009f150)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18009f180)
- RegCreateKeyExW (Address: 0x18009f198)
- RegDeleteKeyExW (Address: 0x18009f168)
- RegEnumKeyExW (Address: 0x18009f160)
- RegOpenKeyExW (Address: 0x18009f178)
- RegQueryValueExW (Address: 0x18009f170)
- RegSetKeySecurity (Address: 0x18009f190)
- RegSetValueExW (Address: 0x18009f188)
api-ms-win-core-string-l1-1-0.dll
- GetStringTypeExW (Address: 0x18009f1a8)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x18009f1e8)
- DeleteCriticalSection (Address: 0x18009f1d0)
- EnterCriticalSection (Address: 0x18009f1c8)
- InitializeCriticalSectionAndSpinCount (Address: 0x18009f1b8)
- LeaveCriticalSection (Address: 0x18009f1e0)
- OpenEventW (Address: 0x18009f1d8)
- SetEvent (Address: 0x18009f1f0)
- WaitForMultipleObjectsEx (Address: 0x18009f1f8)
- WaitForSingleObject (Address: 0x18009f1c0)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18009f208)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x18009f218)
- GetTickCount (Address: 0x18009f220)
- GetVersionExW (Address: 0x18009f228)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- ChangeTimerQueueTimer (Address: 0x18009f238)
- CreateTimerQueueTimer (Address: 0x18009f250)
- DeleteTimerQueueTimer (Address: 0x18009f258)
- QueueUserWorkItem (Address: 0x18009f240)
- UnregisterWaitEx (Address: 0x18009f248)
api-ms-win-core-threadpool-private-l1-1-0.dll
- RegisterWaitForSingleObjectEx (Address: 0x18009f268)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x18009f278)
- SystemTimeToFileTime (Address: 0x18009f280)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x18009f298)
- EventUnregister (Address: 0x18009f290)
- EventWrite (Address: 0x18009f2a0)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x18009f300)
- AddAccessAllowedAce (Address: 0x18009f2b0)
- AddAce (Address: 0x18009f310)
- AllocateAndInitializeSid (Address: 0x18009f2d8)
- AllocateLocallyUniqueId (Address: 0x18009f308)
- CopySid (Address: 0x18009f2e8)
- CreateWellKnownSid (Address: 0x18009f330)
- DuplicateTokenEx (Address: 0x18009f378)
- FreeSid (Address: 0x18009f358)
- GetAclInformation (Address: 0x18009f370)
- GetKernelObjectSecurity (Address: 0x18009f350)
- GetLengthSid (Address: 0x18009f2e0)
- GetSecurityDescriptorDacl (Address: 0x18009f368)
- GetSecurityDescriptorLength (Address: 0x18009f320)
- GetTokenInformation (Address: 0x18009f360)
- ImpersonateLoggedOnUser (Address: 0x18009f2c0)
- InitializeAcl (Address: 0x18009f2f0)
- InitializeSecurityDescriptor (Address: 0x18009f328)
- MakeAbsoluteSD (Address: 0x18009f318)
- MakeSelfRelativeSD (Address: 0x18009f2c8)
- MapGenericMask (Address: 0x18009f2f8)
- RevertToSelf (Address: 0x18009f2b8)
- SetSecurityDescriptorDacl (Address: 0x18009f338)
- SetSecurityDescriptorGroup (Address: 0x18009f340)
- SetSecurityDescriptorOwner (Address: 0x18009f348)
- SetTokenInformation (Address: 0x18009f2d0)
FastProx.dll
- ?AddRef@CWbemCallSecurity@@UEAAKXZ (Address: 0x18009eef0)
- ?GetThreadSecurity@CWbemCallSecurity@@UEAAJW4tag_WMI_THREAD_SECURITY_ORIGIN@@PEAPEAU_IWmiThreadSecHandle@@@Z (Address: 0x18009eef8)
- ?New@CWbemCallSecurity@@SAPEAV1@XZ (Address: 0x18009ef18)
- ?QueryInterface@CWbemCallSecurity@@UEAAJAEBU_GUID@@PEAPEAX@Z (Address: 0x18009ef08)
- ?Release@CWbemCallSecurity@@UEAAKXZ (Address: 0x18009ef10)
- ?SetThreadSecurity@CWbemCallSecurity@@UEAAJPEAU_IWmiThreadSecHandle@@@Z (Address: 0x18009ef00)
msvcrt.dll
- __C_specific_handler (Address: 0x18009f410)
- __CxxFrameHandler3 (Address: 0x18009f3d8)
- __dllonexit (Address: 0x18009f3c8)
- _amsg_exit (Address: 0x18009f390)
- _CxxThrowException (Address: 0x18009f3e8)
- _initterm (Address: 0x18009f3a0)
- _lock (Address: 0x18009f3b8)
- _onexit (Address: 0x18009f428)
- _purecall (Address: 0x18009f408)
- _unlock (Address: 0x18009f3c0)
- _vsnwprintf (Address: 0x18009f420)
- _wcsicmp (Address: 0x18009f418)
- _XcptFilter (Address: 0x18009f388)
- ??1type_info@@UEAA@XZ (Address: 0x18009f3b0)
- ??8type_info@@QEBAHAEBV0@@Z (Address: 0x18009f3f8)
- ?terminate@@YAXXZ (Address: 0x18009f3a8)
- free (Address: 0x18009f398)
- malloc (Address: 0x18009f3f0)
- memcmp (Address: 0x18009f3e0)
- memcpy (Address: 0x18009f3d0)
- memset (Address: 0x18009f438)
- realloc (Address: 0x18009f430)
- wcsstr (Address: 0x18009f400)
NCObjAPI.DLL
- WmiCreateObjectWithFormat (Address: 0x18009ef48)
- WmiDestroyObject (Address: 0x18009ef28)
- WmiEventSourceConnect (Address: 0x18009ef40)
- WmiEventSourceDisconnect (Address: 0x18009ef30)
- WmiSetAndCommitObject (Address: 0x18009ef38)
ntdll.dll
- EtwGetTraceEnableFlags (Address: 0x18009f458)
- EtwGetTraceEnableLevel (Address: 0x18009f450)
- EtwGetTraceLoggerHandle (Address: 0x18009f448)
- EtwRegisterTraceGuidsW (Address: 0x18009f460)
- EtwTraceMessage (Address: 0x18009f4a8)
- EtwUnregisterTraceGuids (Address: 0x18009f468)
- RtlCaptureContext (Address: 0x18009f490)
- RtlInitializeSid (Address: 0x18009f478)
- RtlLengthRequiredSid (Address: 0x18009f470)
- RtlLengthSid (Address: 0x18009f488)
- RtlLookupFunctionEntry (Address: 0x18009f498)
- RtlSubAuthoritySid (Address: 0x18009f480)
- RtlVirtualUnwind (Address: 0x18009f4a0)
wbemcomn.dll
- _ThrowMemoryException_ (Address: 0x18009f530)
- ?_Free@CMUILocale@@SAHPEAX@Z (Address: 0x18009f598)
- ??0CLike@@QEAA@PEBGG@Z (Address: 0x18009f550)
- ??0CNtAce@@QEAA@KKKAEAVCNtSid@@@Z (Address: 0x18009f4c8)
- ??0CNtAcl@@QEAA@K@Z (Address: 0x18009f5a0)
- ??0CNtSecurityDescriptor@@QEAA@AEAV0@@Z (Address: 0x18009f4f0)
- ??0CNtSecurityDescriptor@@QEAA@PEAX@Z (Address: 0x18009f500)
- ??0CNtSid@@QEAA@PEAX@Z (Address: 0x18009f4d8)
- ??1CLike@@QEAA@XZ (Address: 0x18009f558)
- ??1CNtAce@@UEAA@XZ (Address: 0x18009f508)
- ??1CNtAcl@@QEAA@XZ (Address: 0x18009f4e8)
- ??1CNtSecurityDescriptor@@QEAA@XZ (Address: 0x18009f4f8)
- ??1CNtSid@@QEAA@XZ (Address: 0x18009f4d0)
- ?AddAce@CNtAcl@@QEAAHPEAVCNtAce@@@Z (Address: 0x18009f538)
- ?ContainsSid@CNtAcl@@QEAAHAEAVCNtSid@@AEAE@Z (Address: 0x18009f4b8)
- ?GetDacl@CNtSecurityDescriptor@@QEAAHAEAVCNtAcl@@@Z (Address: 0x18009f4e0)
- ?GetPreferredLanguages@CMUILocale@@SAJKPEAPEAGPEAK@Z (Address: 0x18009f5a8)
- ?GetSid@CNtAce@@QEAAHAEAVCNtSid@@@Z (Address: 0x18009f4c0)
- ?GetSize@CNtSecurityDescriptor@@QEAAKXZ (Address: 0x18009f548)
- ?Init@CPublishWMIOperationEvent@@SAJXZ (Address: 0x18009f568)
- ?Match@CLike@@QEAA_NPEBG@Z (Address: 0x18009f560)
- ?PublishProviderInfo@CPublishWMIOperationEvent@@SAJKPEAGK000PEAUIWbemContext@@@Z (Address: 0x18009f590)
- ?PublishProviderStarted@CPublishWMIOperationEvent@@SAJPEAGJ0K0@Z (Address: 0x18009f570)
- ?SetDacl@CNtSecurityDescriptor@@QEAAHPEAVCNtAcl@@@Z (Address: 0x18009f540)
- ?SetPreferredLanguages@CMUILocale@@SAJKPEBGPEAK@Z (Address: 0x18009f580)
- ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z (Address: 0x18009f578)
- ?Write@CMemoryLog@@QEAAXJ@Z (Address: 0x18009f528)
- BreakOnDbgAndRenterLoop (Address: 0x18009f518)
- BuildOperationInfo (Address: 0x18009f588)
- GetMemLogObject (Address: 0x18009f520)
- WinPEKey (Address: 0x18009f510)