usermgrcli.dll

  • File Path: C:\Windows\system32\usermgrcli.dll
  • Description: UserMgr API DLL

Hashes

Type Hash
MD5 D3B0A96821C788F751BAC88879820026
SHA1 FE941B40240053AA1A735FAC16DD8A606EEF366A
SHA256 BEE59FE5C727E8AEE1A36FDB6525B16C0DAD13202B61E76D60A59546864D117E
SHA384 154E505E70A9EA03C95EB751824F5CF966F9E8F9103EFD4DA0D1960C6999A9E7ABA010C5BD7FD0B1512AEF3693BEA785
SHA512 980CED5C9C2F162485A0FDF589C5E994444B1432E521874D20F34D261EF56FD23DEFE77C49D1E31B1BB90FC24BCD153F7A3DF2CA0F6CA52762EB0B27CF29639C
SSDEEP 1536:CcVpOud7iZ3n+cmwZ+svzwpHzQ5VvWBPc:CcVpliZPmwZ+awpUaBU
IMP 0A51776914DF4877E7C224045A441731
PESHA1 994F8D472754BC5803B957B5284EEBB7A0BF2E2B
PE256 ED726B2B41A676778FD938BF9F77CBCF2BD29B0CCC3F1AD66919C547E890C3BE

DLL Exports:

Function Name Ordinal Type
UMgrLaunchShellInfrastructureHost 33 Exported Function
UMgrLaunchShell 32 Exported Function
UMgrIsAllowedToActivateAsUser 31 Exported Function
UMgrOpenProcessTokenForQuery 36 Exported Function
UMgrOpenProcessHandleForAccess 35 Exported Function
UMgrLogonUser 34 Exported Function
UMgrGetSessionActiveShellUserToken 27 Exported Function
UMgrGetImpersonationTokenForContext 26 Exported Function
UMgrGetDefaultSignInAccount 25 Exported Function
UMgrInformUserLogon 30 Exported Function
UMgrInformUserLogoff 29 Exported Function
UMgrInformFlags 28 Exported Function
UMgrQueryUserTokenFromName 44 Exported Function
UMgrQueryUserToken 43 Exported Function
UMgrQueryUserContextFromSid 42 Exported Function
UMgrSetShellInformation 47 Exported Function
UMgrSetCachedCredentials 46 Exported Function
UMgrQueryUserTokenFromSid 45 Exported Function
UMgrQuerySessionUserToken 38 Exported Function
UMgrQueryDefaultAccountToken 37 Exported Function
UMgrpGetRegistryLocation 48 Exported Function
UMgrQueryUserContextFromName 41 Exported Function
UMgrQueryUserContext 40 Exported Function
UMgrQuerySessionVirtualAccountToken 39 Exported Function
CamIsEphemeralCandidateUser 9 Exported Function
CamIsCandidateUser 8 Exported Function
CamGetNonCandidateUserSessionIds 7 Exported Function
QueryActiveSession 12 Exported Function
IsInteractiveUserSession 11 Exported Function
CamRefreshCandidateUser 10 Exported Function
CamFreeAuthBuffer 3 Exported Function
CamConnectCandidateUser 2 Exported Function
CamCleanupDisardedCandidateAccounts 1 Exported Function
CamGetCandidateUserSessionIds 6 Exported Function
CamGetCandidateAccountCredz 5 Exported Function
CamFreeBuffer 4 Exported Function
UMgrFreeSessionUsers 21 Exported Function
UMgrEnumerateSessionUsers 20 Exported Function
UMgrDisconnectLocalUser 19 Exported Function
UMgrGetConstrainedUserToken 24 Exported Function
UMgrGetCachedCredentials 23 Exported Function
UMgrFreeUserCredentials 22 Exported Function
UMgrChangeSessionActiveShellUser 15 Exported Function
RegisterUsertokenForNoWinlogon 14 Exported Function
QueryUserToken 13 Exported Function
UMgrConnectLocalUser 18 Exported Function
UMgrClearDefaultSignInAccount 17 Exported Function
UMgrChangeSessionUserToken 16 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: usermgrcli.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/bee59fe5c727e8aee1a36fdb6525b16c0dad13202b61e76d60a59546864d117e/detection/

MIT License. Copyright (c) 2020-2021 Strontic.