usermgrcli.dll

  • File Path: C:\Windows\SysWOW64\usermgrcli.dll
  • Description: UserMgr API DLL

Hashes

Type Hash
MD5 ACF20A7CF8BDFA34960C10A262448780
SHA1 0E11930FA9D12807214920142175A611A415D1DD
SHA256 12F409FB3D390656821F13ECDA08392DAC99954C81F313DC6C725E25A9CF8152
SHA384 A3DA9685563469BCA958C2DA7C825191A6346D484D08C4029CBDFC55EEEC192251A46C1D64A4A48CF092C576E8AB37CD
SHA512 CA6919ACDBA7E5992DE09FC7EE06C291989428506FC59A098E20C496BE5D891DCF69E002D42AFF4AB5C556664F7AD19F8A32B3E3096B126219472EAF70EB3919
SSDEEP 1536:Xw4F++OVb/Y9Lxr1s/9g11mTPksqpoCII1++mfP/:Xw4F+xY9L/s/9g11mTPkBBIIGfH
IMP FD490A0262FEBD37990BDBD445C01509
PESHA1 38F1B30DEEA2F75C15A692CE9997C1EDDE9C8A71
PE256 8AB2E55CA5EBCA5E9ED4929F263AF5E66D9F18353F41272C3FC8E419C31A12C1

DLL Exports:

Function Name Ordinal Type
UMgrLaunchShellInfrastructureHost 33 Exported Function
UMgrLaunchShell 32 Exported Function
UMgrIsAllowedToActivateAsUser 31 Exported Function
UMgrOpenProcessTokenForQuery 36 Exported Function
UMgrOpenProcessHandleForAccess 35 Exported Function
UMgrLogonUser 34 Exported Function
UMgrGetSessionActiveShellUserToken 27 Exported Function
UMgrGetImpersonationTokenForContext 26 Exported Function
UMgrGetDefaultSignInAccount 25 Exported Function
UMgrInformUserLogon 30 Exported Function
UMgrInformUserLogoff 29 Exported Function
UMgrInformFlags 28 Exported Function
UMgrQueryUserTokenFromName 44 Exported Function
UMgrQueryUserToken 43 Exported Function
UMgrQueryUserContextFromSid 42 Exported Function
UMgrSetShellInformation 47 Exported Function
UMgrSetCachedCredentials 46 Exported Function
UMgrQueryUserTokenFromSid 45 Exported Function
UMgrQuerySessionUserToken 38 Exported Function
UMgrQueryDefaultAccountToken 37 Exported Function
UMgrpGetRegistryLocation 48 Exported Function
UMgrQueryUserContextFromName 41 Exported Function
UMgrQueryUserContext 40 Exported Function
UMgrQuerySessionVirtualAccountToken 39 Exported Function
CamIsEphemeralCandidateUser 9 Exported Function
CamIsCandidateUser 8 Exported Function
CamGetNonCandidateUserSessionIds 7 Exported Function
QueryActiveSession 12 Exported Function
IsInteractiveUserSession 11 Exported Function
CamRefreshCandidateUser 10 Exported Function
CamFreeAuthBuffer 3 Exported Function
CamConnectCandidateUser 2 Exported Function
CamCleanupDisardedCandidateAccounts 1 Exported Function
CamGetCandidateUserSessionIds 6 Exported Function
CamGetCandidateAccountCredz 5 Exported Function
CamFreeBuffer 4 Exported Function
UMgrFreeSessionUsers 21 Exported Function
UMgrEnumerateSessionUsers 20 Exported Function
UMgrDisconnectLocalUser 19 Exported Function
UMgrGetConstrainedUserToken 24 Exported Function
UMgrGetCachedCredentials 23 Exported Function
UMgrFreeUserCredentials 22 Exported Function
UMgrChangeSessionActiveShellUser 15 Exported Function
RegisterUsertokenForNoWinlogon 14 Exported Function
QueryUserToken 13 Exported Function
UMgrConnectLocalUser 18 Exported Function
UMgrClearDefaultSignInAccount 17 Exported Function
UMgrChangeSessionUserToken 16 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: usermgrcli.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/12f409fb3d390656821f13ecda08392dac99954c81f313dc6c725e25a9cf8152/detection/

MIT License. Copyright (c) 2020-2021 Strontic.