Faultrep.dll

Description: Windows User Mode Crash Reporting DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 4ef91c125bc88f631131cea9ccec3e2c

File Size: 484.8 KB

Uploaded At: Dec. 1, 2025, 7:28 a.m.

Views: 10

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, CreateRemoteThread, VirtualAllocEx

Exported Functions

  • (Ordinal: 1, Address: 0xbd00)
  • (Ordinal: 2, Address: 0xbd40)
  • BasepReportFault (Ordinal: 3, Address: 0xc490)
  • CheckForReadOnlyResourceFilter (Ordinal: 4, Address: 0xc4d0)
  • CheckPerUserCrossProcessThrottle (Ordinal: 5, Address: 0xb7b0)
  • UpdatePerUserLastCrossProcessCollectionTime (Ordinal: 6, Address: 0xb840)
  • AddERExcludedApplicationA (Ordinal: 7, Address: 0xd560)
  • AddERExcludedApplicationW (Ordinal: 8, Address: 0xd530)
  • CancelHangReporting (Ordinal: 9, Address: 0xbe30)
  • DllCanUnloadNow (Ordinal: 10, Address: 0x5610)
  • DllGetClassObject (Ordinal: 11, Address: 0x5650)
  • ReportCoreHang (Ordinal: 12, Address: 0xbd80)
  • ReportFault (Ordinal: 13, Address: 0xd4e0)
  • ReportHang (Ordinal: 14, Address: 0xbcd0)
  • WerReportHang (Ordinal: 15, Address: 0xbdc0)
  • WerpGetDebugger (Ordinal: 16, Address: 0x18f70)
  • WerpInitiateCrashReporting (Ordinal: 17, Address: 0xcf60)
  • WerpLaunchAeDebug (Ordinal: 18, Address: 0x193a0)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x18004b560)
api-ms-win-core-com-l1-1-0.dll
  • CoCreateInstance (Address: 0x18004b598)
  • CoImpersonateClient (Address: 0x18004b570)
  • CoInitializeEx (Address: 0x18004b590)
  • CoRevertToSelf (Address: 0x18004b588)
  • CoSetProxyBlanket (Address: 0x18004b580)
  • CoTaskMemAlloc (Address: 0x18004b5b0)
  • CoTaskMemFree (Address: 0x18004b5a8)
  • CoUninitialize (Address: 0x18004b5a0)
  • CoUnmarshalInterface (Address: 0x18004b578)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
  • ObjectStublessClient3 (Address: 0x18004b5d8)
  • ObjectStublessClient4 (Address: 0x18004b5c8)
  • ObjectStublessClient5 (Address: 0x18004b5c0)
  • ObjectStublessClient6 (Address: 0x18004b5d0)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x18004b5f8)
  • IsDebuggerPresent (Address: 0x18004b5e8)
  • OutputDebugStringW (Address: 0x18004b5f0)
api-ms-win-core-debug-l1-1-1.dll
  • CheckRemoteDebuggerPresent (Address: 0x18004b608)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x18004b618)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x18004b628)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x18004b638)
  • RaiseException (Address: 0x18004b658)
  • SetErrorMode (Address: 0x18004b660)
  • SetLastError (Address: 0x18004b640)
  • SetUnhandledExceptionFilter (Address: 0x18004b648)
  • UnhandledExceptionFilter (Address: 0x18004b650)
api-ms-win-core-errorhandling-l1-1-3.dll
  • SetThreadErrorMode (Address: 0x18004b670)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x18004b6c0)
  • CreateDirectoryW (Address: 0x18004b6b8)
  • CreateFileW (Address: 0x18004b690)
  • DeleteFileW (Address: 0x18004b6e8)
  • FindClose (Address: 0x18004b6f8)
  • FindFirstFileW (Address: 0x18004b698)
  • FindNextFileW (Address: 0x18004b6c8)
  • FlushFileBuffers (Address: 0x18004b6a0)
  • GetDriveTypeW (Address: 0x18004b700)
  • GetFileAttributesW (Address: 0x18004b680)
  • GetFinalPathNameByHandleW (Address: 0x18004b720)
  • GetLogicalDriveStringsW (Address: 0x18004b6e0)
  • GetLongPathNameW (Address: 0x18004b6d0)
  • GetTempFileNameW (Address: 0x18004b6a8)
  • QueryDosDeviceW (Address: 0x18004b6f0)
  • ReadFile (Address: 0x18004b710)
  • SetEndOfFile (Address: 0x18004b6b0)
  • SetFileAttributesW (Address: 0x18004b688)
  • SetFileInformationByHandle (Address: 0x18004b718)
  • SetFilePointerEx (Address: 0x18004b708)
  • WriteFile (Address: 0x18004b6d8)
api-ms-win-core-file-l1-2-0.dll
  • GetTempPathW (Address: 0x18004b730)
api-ms-win-core-file-l2-1-0.dll
  • MoveFileExW (Address: 0x18004b740)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x18004b758)
  • DuplicateHandle (Address: 0x18004b750)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x18004b770)
  • HeapAlloc (Address: 0x18004b768)
  • HeapFree (Address: 0x18004b778)
api-ms-win-core-heap-l2-1-0.dll
  • LocalFree (Address: 0x18004b788)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x18004b7b0)
  • FreeLibrary (Address: 0x18004b7a8)
  • FreeLibraryAndExitThread (Address: 0x18004b7d8)
  • GetModuleFileNameA (Address: 0x18004b7c8)
  • GetModuleFileNameW (Address: 0x18004b7b8)
  • GetModuleHandleExW (Address: 0x18004b7e0)
  • GetModuleHandleW (Address: 0x18004b7c0)
  • GetProcAddress (Address: 0x18004b7a0)
  • LoadLibraryExW (Address: 0x18004b7d0)
  • LoadStringW (Address: 0x18004b798)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryW (Address: 0x18004b7f0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x18004b808)
  • LCMapStringW (Address: 0x18004b800)
api-ms-win-core-localization-obsolete-l1-2-0.dll
  • GetUserDefaultUILanguage (Address: 0x18004b818)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x18004b848)
  • MapViewOfFile (Address: 0x18004b828)
  • ReadProcessMemory (Address: 0x18004b870)
  • UnmapViewOfFile (Address: 0x18004b858)
  • VirtualAlloc (Address: 0x18004b868)
  • VirtualAllocEx (Address: 0x18004b878)
  • VirtualFree (Address: 0x18004b840)
  • VirtualFreeEx (Address: 0x18004b850)
  • VirtualQuery (Address: 0x18004b838)
  • VirtualQueryEx (Address: 0x18004b860)
  • WriteProcessMemory (Address: 0x18004b830)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x18004b890)
  • SearchPathW (Address: 0x18004b888)
  • SetEnvironmentVariableW (Address: 0x18004b898)
api-ms-win-core-processsnapshot-l1-1-0.dll
  • PssDuplicateSnapshot (Address: 0x18004b8b0)
  • PssFreeSnapshot (Address: 0x18004b8a8)
  • PssQuerySnapshot (Address: 0x18004b8c8)
  • PssWalkMarkerCreate (Address: 0x18004b8b8)
  • PssWalkMarkerFree (Address: 0x18004b8c0)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessW (Address: 0x18004b938)
  • CreateRemoteThread (Address: 0x18004b960)
  • CreateThread (Address: 0x18004b918)
  • DeleteProcThreadAttributeList (Address: 0x18004b910)
  • GetCurrentProcess (Address: 0x18004b950)
  • GetCurrentProcessId (Address: 0x18004b968)
  • GetCurrentThread (Address: 0x18004b8f0)
  • GetCurrentThreadId (Address: 0x18004b958)
  • GetExitCodeProcess (Address: 0x18004b928)
  • GetExitCodeThread (Address: 0x18004b920)
  • GetProcessId (Address: 0x18004b970)
  • GetProcessTimes (Address: 0x18004b908)
  • GetThreadId (Address: 0x18004b900)
  • GetThreadPriority (Address: 0x18004b8d8)
  • InitializeProcThreadAttributeList (Address: 0x18004b8e0)
  • OpenProcessToken (Address: 0x18004b940)
  • OpenThread (Address: 0x18004b8e8)
  • SetThreadPriority (Address: 0x18004b8f8)
  • TerminateProcess (Address: 0x18004b948)
  • UpdateProcThreadAttribute (Address: 0x18004b930)
api-ms-win-core-processthreads-l1-1-1.dll
  • GetThreadContext (Address: 0x18004b988)
  • OpenProcess (Address: 0x18004b980)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x18004b9a0)
  • QueryPerformanceFrequency (Address: 0x18004b998)
api-ms-win-core-psapi-l1-1-0.dll
  • K32EnumProcesses (Address: 0x18004b9b8)
  • K32EnumProcessModules (Address: 0x18004b9d8)
  • K32GetMappedFileNameW (Address: 0x18004b9c8)
  • K32GetModuleFileNameExW (Address: 0x18004b9d0)
  • K32GetProcessImageFileNameW (Address: 0x18004b9c0)
  • QueryFullProcessImageNameW (Address: 0x18004b9b0)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18004ba08)
  • RegCreateKeyExW (Address: 0x18004ba30)
  • RegDeleteValueW (Address: 0x18004ba18)
  • RegEnumKeyExW (Address: 0x18004ba10)
  • RegGetKeySecurity (Address: 0x18004b9f0)
  • RegGetValueW (Address: 0x18004ba38)
  • RegOpenKeyExW (Address: 0x18004b9e8)
  • RegQueryInfoKeyW (Address: 0x18004b9f8)
  • RegQueryValueExW (Address: 0x18004ba00)
  • RegSetKeySecurity (Address: 0x18004ba20)
  • RegSetValueExW (Address: 0x18004ba28)
api-ms-win-core-registry-l1-1-1.dll
  • RegSetKeyValueW (Address: 0x18004ba48)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyA (Address: 0x18004ba58)
  • RegDeleteKeyW (Address: 0x18004ba60)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x18004ba70)
  • RtlLookupFunctionEntry (Address: 0x18004ba80)
  • RtlVirtualUnwind (Address: 0x18004ba78)
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
  • StrStrIW (Address: 0x18004ba90)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringW (Address: 0x18004bab0)
  • MultiByteToWideChar (Address: 0x18004baa0)
  • WideCharToMultiByte (Address: 0x18004baa8)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x18004bad0)
  • AcquireSRWLockShared (Address: 0x18004bb58)
  • CreateEventW (Address: 0x18004bad8)
  • CreateMutexExW (Address: 0x18004bb40)
  • CreateMutexW (Address: 0x18004bb18)
  • CreateSemaphoreExW (Address: 0x18004bae0)
  • DeleteCriticalSection (Address: 0x18004bb28)
  • EnterCriticalSection (Address: 0x18004bb30)
  • InitializeCriticalSection (Address: 0x18004bb20)
  • InitializeCriticalSectionEx (Address: 0x18004bb50)
  • InitializeSRWLock (Address: 0x18004baf8)
  • LeaveCriticalSection (Address: 0x18004bb38)
  • OpenEventW (Address: 0x18004bb68)
  • OpenMutexW (Address: 0x18004bb08)
  • OpenSemaphoreW (Address: 0x18004bb48)
  • ReleaseMutex (Address: 0x18004bb10)
  • ReleaseSemaphore (Address: 0x18004bae8)
  • ReleaseSRWLockExclusive (Address: 0x18004bac0)
  • ReleaseSRWLockShared (Address: 0x18004bb70)
  • ResetEvent (Address: 0x18004bb00)
  • SetEvent (Address: 0x18004bac8)
  • WaitForSingleObject (Address: 0x18004baf0)
  • WaitForSingleObjectEx (Address: 0x18004bb60)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceBeginInitialize (Address: 0x18004bb88)
  • InitOnceComplete (Address: 0x18004bb80)
  • Sleep (Address: 0x18004bb90)
api-ms-win-core-synch-l1-2-1.dll
  • WaitForMultipleObjects (Address: 0x18004bba0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemDirectoryW (Address: 0x18004bbb8)
  • GetSystemInfo (Address: 0x18004bbd0)
  • GetSystemTime (Address: 0x18004bbc0)
  • GetSystemTimeAsFileTime (Address: 0x18004bbe0)
  • GetTickCount (Address: 0x18004bbe8)
  • GetTickCount64 (Address: 0x18004bbc8)
  • GetVersionExW (Address: 0x18004bbf0)
  • GetWindowsDirectoryW (Address: 0x18004bbb0)
  • GlobalMemoryStatusEx (Address: 0x18004bbd8)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x18004bc38)
  • CloseThreadpoolWait (Address: 0x18004bc20)
  • CreateThreadpoolTimer (Address: 0x18004bc10)
  • CreateThreadpoolWait (Address: 0x18004bc28)
  • SetThreadpoolTimer (Address: 0x18004bc08)
  • SetThreadpoolWait (Address: 0x18004bc30)
  • WaitForThreadpoolTimerCallbacks (Address: 0x18004bc00)
  • WaitForThreadpoolWaitCallbacks (Address: 0x18004bc18)
api-ms-win-core-timezone-l1-1-0.dll
  • FileTimeToSystemTime (Address: 0x18004bc50)
  • SystemTimeToFileTime (Address: 0x18004bc48)
api-ms-win-core-toolhelp-l1-1-0.dll
  • CreateToolhelp32Snapshot (Address: 0x18004bc90)
  • Module32FirstW (Address: 0x18004bc88)
  • Module32NextW (Address: 0x18004bc70)
  • Process32FirstW (Address: 0x18004bc68)
  • Process32NextW (Address: 0x18004bc60)
  • Thread32First (Address: 0x18004bc80)
  • Thread32Next (Address: 0x18004bc78)
api-ms-win-core-version-l1-1-0.dll
  • GetFileVersionInfoExW (Address: 0x18004bca8)
  • GetFileVersionInfoSizeExW (Address: 0x18004bca0)
  • VerQueryValueW (Address: 0x18004bcb0)
api-ms-win-core-windowserrorreporting-l1-1-0.dll
  • GetApplicationRecoveryCallback (Address: 0x18004bcc0)
  • WerGetFlags (Address: 0x18004bcc8)
api-ms-win-core-winrt-l1-1-0.dll
  • RoGetActivationFactory (Address: 0x18004bce0)
  • RoInitialize (Address: 0x18004bce8)
  • RoUninitialize (Address: 0x18004bcd8)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCreateStringReference (Address: 0x18004bcf8)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x18004bd08)
api-ms-win-core-wow64-l1-1-1.dll
  • GetSystemWow64Directory2W (Address: 0x18004bd28)
  • GetSystemWow64DirectoryW (Address: 0x18004bd18)
  • IsWow64Process2 (Address: 0x18004bd20)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventProviderEnabled (Address: 0x18004bd58)
  • EventRegister (Address: 0x18004bd38)
  • EventSetInformation (Address: 0x18004bd40)
  • EventUnregister (Address: 0x18004bd60)
  • EventWrite (Address: 0x18004bd50)
  • EventWriteTransfer (Address: 0x18004bd48)
api-ms-win-eventlog-legacy-l1-1-0.dll
  • DeregisterEventSource (Address: 0x18004bd78)
  • RegisterEventSourceW (Address: 0x18004bd80)
  • ReportEventW (Address: 0x18004bd70)
api-ms-win-security-base-l1-1-0.dll
  • AdjustTokenGroups (Address: 0x18004bde8)
  • AdjustTokenPrivileges (Address: 0x18004bd90)
  • AllocateAndInitializeSid (Address: 0x18004bda8)
  • CheckTokenMembership (Address: 0x18004bda0)
  • CopySid (Address: 0x18004be00)
  • CreateWellKnownSid (Address: 0x18004bdf8)
  • DuplicateToken (Address: 0x18004bdc0)
  • FreeSid (Address: 0x18004bd98)
  • GetLengthSid (Address: 0x18004bdb0)
  • GetSidSubAuthority (Address: 0x18004bdc8)
  • GetSidSubAuthorityCount (Address: 0x18004bdd0)
  • GetTokenInformation (Address: 0x18004bdb8)
  • ImpersonateLoggedOnUser (Address: 0x18004bde0)
  • IsValidSid (Address: 0x18004bdf0)
  • RevertToSelf (Address: 0x18004bdd8)
api-ms-win-security-lsalookup-l2-1-0.dll
  • LookupAccountSidW (Address: 0x18004be18)
  • LookupPrivilegeValueW (Address: 0x18004be10)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x18004be30)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18004be28)
api-ms-win-security-trustee-l1-1-0.dll
  • BuildSecurityDescriptorW (Address: 0x18004be40)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x18004be58)
  • OpenSCManagerW (Address: 0x18004be60)
  • OpenServiceW (Address: 0x18004be68)
  • StartServiceW (Address: 0x18004be50)
api-ms-win-service-private-l1-1-0.dll
  • I_QueryTagInformation (Address: 0x18004be78)
api-ms-win-shcore-obsolete-l1-1-0.dll
  • CommandLineToArgvW (Address: 0x18004be88)
dbghelp.dll
  • MiniDumpWriteDump (Address: 0x18004bec0)
  • StackWalk64 (Address: 0x18004beb8)
  • SymCleanup (Address: 0x18004bea8)
  • SymFunctionTableAccess64 (Address: 0x18004bec8)
  • SymGetModuleBase64 (Address: 0x18004bea0)
  • SymGetModuleInfoW64 (Address: 0x18004be98)
  • SymInitialize (Address: 0x18004beb0)
KERNELBASE.dll
  • CreateProcessAsUserW (Address: 0x18004b4a0)
  • LocalAlloc (Address: 0x18004b4a8)
msvcrt.dll
  • __C_specific_handler (Address: 0x18004bf18)
  • __CxxFrameHandler3 (Address: 0x18004bf98)
  • __dllonexit (Address: 0x18004bfc0)
  • _amsg_exit (Address: 0x18004bef8)
  • _callnewh (Address: 0x18004bf40)
  • _CxxThrowException (Address: 0x18004bf28)
  • _initterm (Address: 0x18004bf10)
  • _local_unwind (Address: 0x18004bf48)
  • _lock (Address: 0x18004bf88)
  • _onexit (Address: 0x18004bfb8)
  • _purecall (Address: 0x18004bf38)
  • _unlock (Address: 0x18004bfa0)
  • _vsnprintf_s (Address: 0x18004bed8)
  • _vsnwprintf (Address: 0x18004bf30)
  • _XcptFilter (Address: 0x18004bf70)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18004bfc8)
  • ??0exception@@QEAA@XZ (Address: 0x18004bf60)
  • ??1exception@@UEAA@XZ (Address: 0x18004bef0)
  • ??1type_info@@UEAA@XZ (Address: 0x18004bfa8)
  • ?terminate@@YAXXZ (Address: 0x18004bfb0)
  • free (Address: 0x18004bf08)
  • malloc (Address: 0x18004bf00)
  • memcmp (Address: 0x18004bf50)
  • memcpy (Address: 0x18004bf78)
  • memcpy_s (Address: 0x18004bee8)
  • memmove (Address: 0x18004bf80)
  • memset (Address: 0x18004bf90)
  • rand (Address: 0x18004bf58)
  • realloc (Address: 0x18004bf20)
  • srand (Address: 0x18004bf68)
  • time (Address: 0x18004bee0)
  • wcscmp (Address: 0x18004bfd0)
ntdll.dll
  • _errno (Address: 0x18004c258)
  • _vscwprintf (Address: 0x18004c298)
  • _wcsicmp (Address: 0x18004c288)
  • _wcsnicmp (Address: 0x18004c290)
  • _wcstoui64 (Address: 0x18004c028)
  • _wtoi (Address: 0x18004c270)
  • DbgPrint (Address: 0x18004c030)
  • DbgPrintEx (Address: 0x18004c2a0)
  • EtwCheckCoverage (Address: 0x18004c0f8)
  • EtwEventWriteNoRegistration (Address: 0x18004c168)
  • EtwGetTraceEnableFlags (Address: 0x18004c2b8)
  • EtwGetTraceEnableLevel (Address: 0x18004c2c0)
  • EtwGetTraceLoggerHandle (Address: 0x18004c2c8)
  • EtwRegisterTraceGuidsW (Address: 0x18004c2b0)
  • EtwTraceMessage (Address: 0x18004c2d0)
  • EtwUnregisterTraceGuids (Address: 0x18004c2a8)
  • isspace (Address: 0x18004c038)
  • iswspace (Address: 0x18004c280)
  • memmove_s (Address: 0x18004c068)
  • NtAllocateVirtualMemory (Address: 0x18004c008)
  • NtAlpcConnectPort (Address: 0x18004c198)
  • NtAlpcSendWaitReceivePort (Address: 0x18004c1a0)
  • NtClearEvent (Address: 0x18004c088)
  • NtClose (Address: 0x18004c240)
  • NtCreateFile (Address: 0x18004bff8)
  • NtDeviceIoControlFile (Address: 0x18004c000)
  • NtFreeVirtualMemory (Address: 0x18004c010)
  • NtOpenEvent (Address: 0x18004c178)
  • NtOpenKey (Address: 0x18004c0c8)
  • NtOpenProcess (Address: 0x18004c1f0)
  • NtQueryEvent (Address: 0x18004c1d8)
  • NtQueryInformationProcess (Address: 0x18004c248)
  • NtQueryInformationThread (Address: 0x18004c020)
  • NtQueryInformationToken (Address: 0x18004c1c0)
  • NtQueryLicenseValue (Address: 0x18004c1c8)
  • NtQuerySystemInformation (Address: 0x18004c170)
  • NtQueryValueKey (Address: 0x18004c0b8)
  • NtResumeProcess (Address: 0x18004c110)
  • NtResumeThread (Address: 0x18004c120)
  • NtSetInformationFile (Address: 0x18004c1e0)
  • NtSetInformationProcess (Address: 0x18004c100)
  • NtSetSystemInformation (Address: 0x18004c140)
  • NtSuspendProcess (Address: 0x18004c128)
  • NtSuspendThread (Address: 0x18004c118)
  • NtSystemDebugControl (Address: 0x18004c228)
  • NtWaitForMultipleObjects (Address: 0x18004c090)
  • NtWaitForSingleObject (Address: 0x18004c180)
  • PssNtCaptureSnapshot (Address: 0x18004c1f8)
  • PssNtFreeSnapshot (Address: 0x18004c150)
  • RtlAcquireSRWLockExclusive (Address: 0x18004bfe0)
  • RtlAdjustPrivilege (Address: 0x18004c018)
  • RtlAllocateAndInitializeSid (Address: 0x18004c188)
  • RtlAllocateHeap (Address: 0x18004c050)
  • RtlCompareMemory (Address: 0x18004c220)
  • RtlCompareUnicodeString (Address: 0x18004c1b0)
  • RtlCreateProcessReflection (Address: 0x18004c238)
  • RtlDecodeSystemPointer (Address: 0x18004c080)
  • RtlDetermineDosPathNameType_U (Address: 0x18004c0b0)
  • RtlFreeHeap (Address: 0x18004c048)
  • RtlFreeSid (Address: 0x18004c1a8)
  • RtlGetCurrentTransaction (Address: 0x18004c0a0)
  • RtlGetNtSystemRoot (Address: 0x18004c0a8)
  • RtlGetUnloadEventTraceEx (Address: 0x18004c0f0)
  • RtlIdentifierAuthoritySid (Address: 0x18004c138)
  • RtlImageNtHeaderEx (Address: 0x18004c1d0)
  • RtlInitUnicodeString (Address: 0x18004c190)
  • RtlInitUnicodeStringEx (Address: 0x18004c0c0)
  • RtlNtStatusToDosError (Address: 0x18004c078)
  • RtlNtStatusToDosErrorNoTeb (Address: 0x18004c1b8)
  • RtlQueryResourcePolicy (Address: 0x18004c1e8)
  • RtlQueryWnfStateData (Address: 0x18004c060)
  • RtlReleasePebLock (Address: 0x18004c0d8)
  • RtlReleaseSRWLockExclusive (Address: 0x18004bfe8)
  • RtlSecondsSince1970ToTime (Address: 0x18004c200)
  • RtlSetCurrentTransaction (Address: 0x18004c098)
  • RtlSetThreadErrorMode (Address: 0x18004c040)
  • RtlSleepConditionVariableSRW (Address: 0x18004c2d8)
  • RtlSubAuthorityCountSid (Address: 0x18004c130)
  • RtlTryAcquirePebLock (Address: 0x18004c0e8)
  • RtlWakeAllConditionVariable (Address: 0x18004c148)
  • RtlWerpReportException (Address: 0x18004c230)
  • swprintf_s (Address: 0x18004c208)
  • tolower (Address: 0x18004c058)
  • toupper (Address: 0x18004c268)
  • towlower (Address: 0x18004c108)
  • wcscat_s (Address: 0x18004c210)
  • wcschr (Address: 0x18004c278)
  • wcscpy_s (Address: 0x18004bff0)
  • wcsncmp (Address: 0x18004c0e0)
  • wcsncpy_s (Address: 0x18004c218)
  • wcsrchr (Address: 0x18004c260)
  • wcsstr (Address: 0x18004c0d0)
  • wcstoul (Address: 0x18004c250)
  • ZwQueryInformationThread (Address: 0x18004c070)
  • ZwQueryWnfStateNameInformation (Address: 0x18004c158)
  • ZwUpdateWnfStateData (Address: 0x18004c160)
RPCRT4.dll
  • CStdStubBuffer_AddRef (Address: 0x18004b530)
  • CStdStubBuffer_Connect (Address: 0x18004b508)
  • CStdStubBuffer_CountRefs (Address: 0x18004b548)
  • CStdStubBuffer_DebugServerQueryInterface (Address: 0x18004b4f0)
  • CStdStubBuffer_DebugServerRelease (Address: 0x18004b528)
  • CStdStubBuffer_Disconnect (Address: 0x18004b520)
  • CStdStubBuffer_Invoke (Address: 0x18004b4c0)
  • CStdStubBuffer_IsIIDSupported (Address: 0x18004b510)
  • CStdStubBuffer_QueryInterface (Address: 0x18004b540)
  • IUnknown_AddRef_Proxy (Address: 0x18004b4c8)
  • IUnknown_QueryInterface_Proxy (Address: 0x18004b518)
  • IUnknown_Release_Proxy (Address: 0x18004b550)
  • NdrCStdStubBuffer_Release (Address: 0x18004b500)
  • NdrDllCanUnloadNow (Address: 0x18004b4b8)
  • NdrDllGetClassObject (Address: 0x18004b4d0)
  • NdrOleAllocate (Address: 0x18004b538)
  • NdrOleFree (Address: 0x18004b4f8)
  • RpcStringFreeW (Address: 0x18004b4e8)
  • UuidCreate (Address: 0x18004b4e0)
  • UuidToStringW (Address: 0x18004b4d8)