webthreatdefusersvc.dll
Description: Web Threat Defense User Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.26100.7309
Architecture: 64-bit
Operating System: Windows NT
SHA256: fbe147c84c45f386e32f10db1cfc92be
File Size: 297.4 KB
Uploaded At: March 4, 2026, 11:38 p.m.
Views: 11
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DllCanUnloadNow (Ordinal: 1, Address: 0x285c0)
- DllGetClassObject (Ordinal: 2, Address: 0x28610)
- ServiceMain (Ordinal: 3, Address: 0x22790)
- SvchostPushServiceGlobals (Ordinal: 4, Address: 0x22870)
Imported DLLs & Functions
api-ms-win-core-com-l1-1-0.dll
- CoCreateFreeThreadedMarshaler (Address: 0x180031798)
- CoCreateInstance (Address: 0x1800317b0)
- CoGetInterfaceAndReleaseStream (Address: 0x1800317a8)
- CoMarshalInterface (Address: 0x180031790)
- CoReleaseMarshalData (Address: 0x1800317a0)
- CoTaskMemAlloc (Address: 0x1800317c0)
- CoTaskMemFree (Address: 0x1800317c8)
- CoWaitForMultipleHandles (Address: 0x1800317b8)
- CreateStreamOnHGlobal (Address: 0x1800317d0)
api-ms-win-core-com-l1-1-1.dll
- RoGetAgileReference (Address: 0x1800317e0)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1800317f0)
- IsDebuggerPresent (Address: 0x180031800)
- OutputDebugStringW (Address: 0x1800317f8)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180031810)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180031820)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180031848)
- RaiseException (Address: 0x180031840)
- SetLastError (Address: 0x180031830)
- SetUnhandledExceptionFilter (Address: 0x180031838)
- UnhandledExceptionFilter (Address: 0x180031850)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180031860)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180031880)
- HeapAlloc (Address: 0x180031878)
- HeapFree (Address: 0x180031870)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x180031898)
- InterlockedPushEntrySList (Address: 0x180031890)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x1800318c8)
- FreeLibrary (Address: 0x1800318b0)
- GetModuleFileNameA (Address: 0x1800318a8)
- GetModuleHandleExA (Address: 0x1800318d8)
- GetModuleHandleExW (Address: 0x1800318c0)
- GetModuleHandleW (Address: 0x1800318e0)
- GetProcAddress (Address: 0x1800318d0)
- LoadLibraryExW (Address: 0x1800318b8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1800318f0)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x180031918)
- GetCurrentProcessId (Address: 0x180031920)
- GetCurrentThreadId (Address: 0x180031900)
- OpenProcessToken (Address: 0x180031908)
- TerminateProcess (Address: 0x180031910)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x180031930)
- OpenProcess (Address: 0x180031938)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180031948)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x180031960)
- WideCharToMultiByte (Address: 0x180031958)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800319d0)
- AcquireSRWLockShared (Address: 0x1800319c0)
- CreateEventExW (Address: 0x180031980)
- CreateEventW (Address: 0x180031990)
- CreateMutexExW (Address: 0x1800319d8)
- CreateSemaphoreExW (Address: 0x180031a08)
- DeleteCriticalSection (Address: 0x1800319a0)
- EnterCriticalSection (Address: 0x1800319a8)
- InitializeCriticalSectionAndSpinCount (Address: 0x180031a10)
- InitializeCriticalSectionEx (Address: 0x180031998)
- LeaveCriticalSection (Address: 0x1800319b0)
- OpenSemaphoreW (Address: 0x1800319e0)
- ReleaseMutex (Address: 0x1800319f0)
- ReleaseSemaphore (Address: 0x180031a00)
- ReleaseSRWLockExclusive (Address: 0x1800319c8)
- ReleaseSRWLockShared (Address: 0x1800319b8)
- ResetEvent (Address: 0x180031970)
- SetEvent (Address: 0x180031988)
- WaitForMultipleObjectsEx (Address: 0x180031978)
- WaitForSingleObject (Address: 0x1800319f8)
- WaitForSingleObjectEx (Address: 0x1800319e8)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x180031a28)
- InitOnceComplete (Address: 0x180031a20)
- InitOnceExecuteOnce (Address: 0x180031a30)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x180031a40)
api-ms-win-core-sysinfo-l1-2-0.dll
- VerSetConditionMask (Address: 0x180031a50)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x180031a78)
- CreateThreadpoolTimer (Address: 0x180031a60)
- SetThreadpoolTimer (Address: 0x180031a68)
- WaitForThreadpoolTimerCallbacks (Address: 0x180031a70)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x180031a90)
- EncodePointer (Address: 0x180031a88)
api-ms-win-core-winrt-l1-1-0.dll
- RoActivateInstance (Address: 0x180031ab0)
- RoGetActivationFactory (Address: 0x180031ab8)
- RoInitialize (Address: 0x180031aa0)
- RoUninitialize (Address: 0x180031aa8)
api-ms-win-core-winrt-string-l1-1-0.dll
- HSTRING_UserFree (Address: 0x180031ad8)
- HSTRING_UserFree64 (Address: 0x180031ae8)
- HSTRING_UserMarshal (Address: 0x180031b08)
- HSTRING_UserMarshal64 (Address: 0x180031af8)
- HSTRING_UserSize (Address: 0x180031af0)
- HSTRING_UserSize64 (Address: 0x180031ad0)
- HSTRING_UserUnmarshal (Address: 0x180031b00)
- HSTRING_UserUnmarshal64 (Address: 0x180031b10)
- WindowsCreateString (Address: 0x180031ae0)
- WindowsCreateStringReference (Address: 0x180031ac8)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x180031ba0)
- __current_exception (Address: 0x180031ba8)
- __current_exception_context (Address: 0x180031bb0)
- __CxxFrameHandler3 (Address: 0x180031bb8)
- __CxxFrameHandler4 (Address: 0x180031c08)
- __std_terminate (Address: 0x180031c00)
- __std_type_info_compare (Address: 0x180031c28)
- _CxxThrowException (Address: 0x180031bc0)
- _o___std_exception_copy (Address: 0x180031be0)
- _o___std_exception_destroy (Address: 0x180031bd8)
- _o___std_type_info_destroy_list (Address: 0x180031bd0)
- _o___stdio_common_vswprintf (Address: 0x180031be8)
- _o__beginthreadex (Address: 0x180031b70)
- _o__callnewh (Address: 0x180031bf8)
- _o__cexit (Address: 0x180031bf0)
- _o__configure_narrow_argv (Address: 0x180031bc8)
- _o__crt_atexit (Address: 0x180031b20)
- _o__errno (Address: 0x180031b28)
- _o__execute_onexit_table (Address: 0x180031b30)
- _o__initialize_narrow_environment (Address: 0x180031b38)
- _o__initialize_onexit_table (Address: 0x180031b40)
- _o__invalid_parameter_noinfo (Address: 0x180031b48)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x180031b50)
- _o__purecall (Address: 0x180031b58)
- _o__register_onexit_function (Address: 0x180031b60)
- _o__seh_filter_dll (Address: 0x180031b68)
- _o_abort (Address: 0x180031b78)
- _o_free (Address: 0x180031b80)
- _o_iswspace (Address: 0x180031b88)
- _o_malloc (Address: 0x180031b90)
- _o_terminate (Address: 0x180031b98)
- memcmp (Address: 0x180031c10)
- memcpy (Address: 0x180031c18)
- memmove (Address: 0x180031c20)
api-ms-win-crt-runtime-l1-1-0.dll
- _initterm (Address: 0x180031c40)
- _initterm_e (Address: 0x180031c38)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x180031c50)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x180031c60)
- EventSetInformation (Address: 0x180031c68)
- EventUnregister (Address: 0x180031c78)
- EventWriteTransfer (Address: 0x180031c70)
combase.dll
- GetErrorInfo (Address: 0x180031c90)
- SetErrorInfo (Address: 0x180031c88)
msvcp_win.dll
- _Cnd_broadcast (Address: 0x180031dc0)
- _Cnd_destroy_in_situ (Address: 0x180031cf8)
- _Cnd_do_broadcast_at_thread_exit (Address: 0x180031db0)
- _Cnd_init_in_situ (Address: 0x180031cf0)
- _Cnd_register_at_thread_exit (Address: 0x180031d08)
- _Cnd_unregister_at_thread_exit (Address: 0x180031d10)
- _Cnd_wait (Address: 0x180031d00)
- _Mtx_destroy_in_situ (Address: 0x180031cd8)
- _Mtx_init_in_situ (Address: 0x180031cd0)
- _Mtx_lock (Address: 0x180031ce0)
- _Mtx_unlock (Address: 0x180031ce8)
- _Thrd_id (Address: 0x180031da8)
- _Thrd_join (Address: 0x180031da0)
- ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z (Address: 0x180031cb0)
- ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z (Address: 0x180031ca8)
- ?__ExceptionPtrCreate@@YAXPEAX@Z (Address: 0x180031d98)
- ?__ExceptionPtrCurrentException@@YAXPEAX@Z (Address: 0x180031cc0)
- ?__ExceptionPtrDestroy@@YAXPEAX@Z (Address: 0x180031ca0)
- ?__ExceptionPtrRethrow@@YAXPEBX@Z (Address: 0x180031cc8)
- ?__ExceptionPtrToBool@@YA_NPEBX@Z (Address: 0x180031cb8)
- ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z (Address: 0x180031d48)
- ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ (Address: 0x180031d58)
- ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180031d70)
- ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z (Address: 0x180031d68)
- ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180031d78)
- ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180031d80)
- ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180031d90)
- ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180031d88)
- ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z (Address: 0x180031d30)
- ?_ReportUnobservedException@details@Concurrency@@YAXXZ (Address: 0x180031d38)
- ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ (Address: 0x180031d50)
- ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z (Address: 0x180031d28)
- ?_Syserror_map@std@@YAPEBDH@Z (Address: 0x180031d18)
- ?_Throw_Cpp_error@std@@YAXH@Z (Address: 0x180031db8)
- ?_Xbad_function_call@std@@YAXXZ (Address: 0x180031d20)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x180031dc8)
- ??0task_continuation_context@Concurrency@@AEAA@XZ (Address: 0x180031d60)
- ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ (Address: 0x180031d40)
ntdll.dll
- RtlGetDeviceFamilyInfoEnum (Address: 0x180031dd8)