wer.dll

Description: Windows Error Reporting DLL

Version: 10.0.19041.6280

Architecture: 64-bit

Operating System: Windows NT

SHA256: cf28a4c0c668e251f27ac07f560468f9

File Size: 906.5 KB

Uploaded At: Dec. 1, 2025, 7:42 a.m.

Views: 8

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess, CreateRemoteThread

Exported Functions

WerSysprepCleanup (Ordinal: 1, Address: 0x58f20)
WerSysprepGeneralize (Ordinal: 2, Address: 0x58fe0)
WerUnattendedSetup (Ordinal: 3, Address: 0x59100)
WerpAddAppCompatData (Ordinal: 4, Address: 0x5a2e0)
WerpAddIfRegisteredForAppLocalDump (Ordinal: 5, Address: 0x5a750)
WerpAddMemoryBlock (Ordinal: 6, Address: 0x5a940)
WerpAddRegisteredDataToReport (Ordinal: 7, Address: 0x40ab0)
WerpAddRegisteredDumpsToReport (Ordinal: 8, Address: 0x5ab10)
WerpAddRegisteredMetadataToReport (Ordinal: 9, Address: 0x5acd0)
WerpArchiveReport (Ordinal: 10, Address: 0x5ae30)
WerpCancelUpload (Ordinal: 11, Address: 0x5b140)
WerpCleanWer (Ordinal: 12, Address: 0x5b1e0)
WerpCloseStore (Ordinal: 13, Address: 0x5b430)
WerpCreateMachineStore (Ordinal: 14, Address: 0x5b4c0)
WerpDeleteReport (Ordinal: 15, Address: 0x5b700)
WerpDestroyWerString (Ordinal: 16, Address: 0x4c730)
WerpEnumerateStoreNext (Ordinal: 17, Address: 0x2a3f0)
WerpEnumerateStoreStart (Ordinal: 18, Address: 0x4a2f0)
WerpFlushImageCache (Ordinal: 19, Address: 0x4a460)
WerpForceDeferredCollection (Ordinal: 20, Address: 0x5b770)
WerpFreeUnmappedVaRanges (Ordinal: 21, Address: 0x5b9a0)
WerpGetBucketId (Ordinal: 22, Address: 0x5bb50)
WerpGetDynamicParameter (Ordinal: 23, Address: 0x5bca0)
WerpGetEventType (Ordinal: 24, Address: 0x5bdb0)
WerpGetExtendedDiagData (Ordinal: 25, Address: 0x5be30)
WerpGetFileByIndex (Ordinal: 26, Address: 0x5c0e0)
WerpGetFilePathByIndex (Ordinal: 27, Address: 0x5c200)
WerpGetLegacyBucketId (Ordinal: 28, Address: 0x5c2e0)
WerpGetLoadedModuleByIndex (Ordinal: 29, Address: 0x5c430)
WerpGetNumFiles (Ordinal: 30, Address: 0x5c500)
WerpGetNumLoadedModules (Ordinal: 31, Address: 0x5c5a0)
WerpGetNumSigParams (Ordinal: 32, Address: 0x5c610)
WerpGetPathOfWERTempDirectory (Ordinal: 33, Address: 0x5c690)
WerpGetReportCount (Ordinal: 34, Address: 0x5ca10)
WerpGetReportFinalConsent (Ordinal: 35, Address: 0x5cab0)
WerpGetReportFlags (Ordinal: 36, Address: 0x5cb20)
WerpGetReportId (Ordinal: 37, Address: 0x4c820)
WerpGetReportInformation (Ordinal: 38, Address: 0x5cbb0)
WerpGetReportSettings (Ordinal: 39, Address: 0x5cc20)
WerpGetReportTime (Ordinal: 40, Address: 0x5ccd0)
WerpGetReportType (Ordinal: 41, Address: 0x5cd40)
WerpGetResponseId (Ordinal: 42, Address: 0x5cdb0)
WerpGetSigParamByIndex (Ordinal: 43, Address: 0x5ce50)
WerpGetStorePath (Ordinal: 44, Address: 0x22440)
WerpGetStoreType (Ordinal: 45, Address: 0x5cee0)
WerpGetTextFromReport (Ordinal: 46, Address: 0x5cfb0)
WerpGetUIParamByIndex (Ordinal: 47, Address: 0x5d030)
WerpGetUploadTime (Ordinal: 48, Address: 0x5d100)
WerpGetWerStringData (Ordinal: 49, Address: 0x5d180)
WerpGetWow64Process (Ordinal: 50, Address: 0x5d1a0)
WerpHashApplicationParameters (Ordinal: 51, Address: 0x5d230)
WerpInitializeImageCache (Ordinal: 52, Address: 0x620c0)
WerpIsOnBattery (Ordinal: 53, Address: 0x5d370)
WerpIsTransportAvailable (Ordinal: 54, Address: 0x20910)
WerpLoadReportFromBuffer (Ordinal: 55, Address: 0x5d5f0)
WerpOpenMachineArchive (Ordinal: 56, Address: 0x5d810)
WerpOpenMachineQueue (Ordinal: 57, Address: 0x205f0)
WerpPromptUser (Ordinal: 58, Address: 0x5d820)
WerpPruneStore (Ordinal: 59, Address: 0x5d890)
WerpReportCancel (Ordinal: 60, Address: 0x5d940)
WerpReportSetMaxProcessHoldMilliseconds (Ordinal: 61, Address: 0x5d9e0)
WerpReportSprintfParameter (Ordinal: 62, Address: 0x5da40)
WerpReserveMachineQueueReportDir (Ordinal: 63, Address: 0x5db30)
WerpResetTransientImageCacheStatistics (Ordinal: 64, Address: 0x62100)
WerpRestartApplication (Ordinal: 65, Address: 0x5dd50)
WerpSetDynamicParameter (Ordinal: 66, Address: 0x5e5d0)
WerpSetEventName (Ordinal: 67, Address: 0x5e6d0)
WerpSetProcessTimelines (Ordinal: 68, Address: 0x5e740)
WerpSetQuickDumpType (Ordinal: 69, Address: 0x5e7b0)
WerpSetReportApplicationIdentity (Ordinal: 70, Address: 0x5e820)
WerpSetReportFlags (Ordinal: 71, Address: 0x5e890)
WerpSetReportInformation (Ordinal: 72, Address: 0x5e8f0)
WerpSetReportIsFatal (Ordinal: 73, Address: 0x5e980)
WerpSetReportNamespaceParameter (Ordinal: 74, Address: 0x5e9f0)
WerpSetReportTime (Ordinal: 75, Address: 0x5eae0)
WerpSetReportUploadContextToken (Ordinal: 76, Address: 0x5eb50)
WerpSetTelemetryAppParams (Ordinal: 77, Address: 0x5ec00)
WerpSetTelemetryKernelParams (Ordinal: 78, Address: 0x5ec90)
WerpSetTelemetryServiceParams (Ordinal: 79, Address: 0x5ecf0)
WerpShowUpsellUI (Ordinal: 80, Address: 0x5eda0)
WerpStitchedMinidumpVmPostReadCallback (Ordinal: 81, Address: 0x120c0)
WerpStitchedMinidumpVmPreReadCallback (Ordinal: 82, Address: 0x11e50)
WerpStitchedMinidumpVmQueryCallback (Ordinal: 83, Address: 0x514f0)
WerpSubmitReportFromStore (Ordinal: 84, Address: 0x1efc0)
WerpTraceAuxMemDumpStatistics (Ordinal: 85, Address: 0x5edf0)
WerpTraceDuration (Ordinal: 86, Address: 0x5ef40)
WerpTraceImageCacheStatistics (Ordinal: 87, Address: 0x5f130)
WerpTraceSnapshotStatistics (Ordinal: 88, Address: 0x5f3c0)
WerpTraceStitchedDumpWriterStatistics (Ordinal: 89, Address: 0x51560)
WerpTraceUnmappedVaRangesStatistics (Ordinal: 90, Address: 0x5f7a0)
WerpUnmapProcessViews (Ordinal: 91, Address: 0x3fc80)
WerpValidateReportKey (Ordinal: 92, Address: 0x5f870)
WerpWalkGatherBlocks (Ordinal: 93, Address: 0x473a0)
CloseThreadWaitChainSession (Ordinal: 94, Address: 0x58430)
GetThreadWaitChain (Ordinal: 95, Address: 0x584c0)
OpenThreadWaitChainSession (Ordinal: 96, Address: 0x586c0)
RegisterWaitChainCOMCallback (Ordinal: 97, Address: 0x587e0)
WerAddExcludedApplication (Ordinal: 98, Address: 0x59470)
WerFreeString (Ordinal: 99, Address: 0x5fa70)
WerRemoveExcludedApplication (Ordinal: 100, Address: 0x59660)
WerReportAddDump (Ordinal: 101, Address: 0x59810)
WerReportAddFile (Ordinal: 102, Address: 0x59a00)
WerReportCloseHandle (Ordinal: 103, Address: 0x20060)
WerReportCreate (Ordinal: 104, Address: 0x38580)
WerReportSetParameter (Ordinal: 105, Address: 0x59b40)
WerReportSetUIOption (Ordinal: 106, Address: 0x59d50)
WerReportSubmit (Ordinal: 107, Address: 0x59e10)
WerStoreClose (Ordinal: 108, Address: 0x5fa80)
WerStoreGetFirstReportKey (Ordinal: 109, Address: 0x5fb10)
WerStoreGetNextReportKey (Ordinal: 110, Address: 0x5fc60)
WerStoreGetReportCount (Ordinal: 111, Address: 0x5fe30)
WerStoreGetSizeOnDisk (Ordinal: 112, Address: 0x5fe40)
WerStoreOpen (Ordinal: 113, Address: 0x5fee0)
WerStorePurge (Ordinal: 114, Address: 0x600d0)
WerStoreQueryReportMetadataV1 (Ordinal: 115, Address: 0x60320)
WerStoreQueryReportMetadataV2 (Ordinal: 116, Address: 0x60700)
WerStoreQueryReportMetadataV3 (Ordinal: 117, Address: 0x60b70)
WerStoreUploadReport (Ordinal: 118, Address: 0x61010)
WerpAddFile (Ordinal: 119, Address: 0x612f0)
WerpAddFileBuffer (Ordinal: 120, Address: 0x613d0)
WerpAddFileCallback (Ordinal: 121, Address: 0x614d0)
WerpAddTerminationReason (Ordinal: 122, Address: 0x29c20)
WerpAuxmdDumpProcessImages (Ordinal: 123, Address: 0x11040)
WerpAuxmdDumpRegisteredBlocks (Ordinal: 124, Address: 0x40570)
WerpAuxmdFree (Ordinal: 125, Address: 0x43c40)
WerpAuxmdFreeCopyBuffer (Ordinal: 126, Address: 0x626c0)
WerpAuxmdHashVaRanges (Ordinal: 127, Address: 0x31940)
WerpAuxmdInitialize (Ordinal: 128, Address: 0x62700)
WerpAuxmdMapFile (Ordinal: 129, Address: 0x62830)
WerpCreateIntegratorReportId (Ordinal: 130, Address: 0x615d0)
WerpExtractReportFiles (Ordinal: 131, Address: 0x61670)
WerpFreeString (Ordinal: 132, Address: 0x61730)
WerpGetIntegratorReportId (Ordinal: 133, Address: 0x61760)
WerpGetReportConsent (Ordinal: 134, Address: 0x617d0)
WerpGetStoreLocation (Ordinal: 135, Address: 0x618f0)
WerpIsDisabled (Ordinal: 136, Address: 0x61a20)
WerpLoadReport (Ordinal: 137, Address: 0x61b10)
WerpSetAuxiliaryArchivePath (Ordinal: 138, Address: 0x61b40)
WerpSetCallBack (Ordinal: 139, Address: 0x61bc0)
WerpSetDefaultUserConsent (Ordinal: 140, Address: 0x61c30)
WerpSetExitListeners (Ordinal: 141, Address: 0x61e40)
WerpSetIntegratorReportId (Ordinal: 142, Address: 0x61ed0)
WerpSetIptEnabled (Ordinal: 143, Address: 0x61f40)
WerpSetReportOption (Ordinal: 144, Address: 0x61fc0)
WerpSetTtdStatus (Ordinal: 145, Address: 0x62060)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll

ApiSetQueryApiSetPresence (Address: 0x1800ac7c0)

api-ms-win-core-console-l1-1-0.dll

SetConsoleCtrlHandler (Address: 0x1800ac7d0)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x1800ac7e8)
IsDebuggerPresent (Address: 0x1800ac7e0)
OutputDebugStringA (Address: 0x1800ac7f8)
OutputDebugStringW (Address: 0x1800ac7f0)

api-ms-win-core-delayload-l1-1-0.dll

DelayLoadFailureHook (Address: 0x1800ac808)

api-ms-win-core-delayload-l1-1-1.dll

ResolveDelayLoadedAPI (Address: 0x1800ac818)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x1800ac848)
RaiseException (Address: 0x1800ac850)
SetErrorMode (Address: 0x1800ac838)
SetLastError (Address: 0x1800ac840)
SetUnhandledExceptionFilter (Address: 0x1800ac830)
UnhandledExceptionFilter (Address: 0x1800ac828)

api-ms-win-core-errorhandling-l1-1-3.dll

SetThreadErrorMode (Address: 0x1800ac860)

api-ms-win-core-file-l1-1-0.dll

CompareFileTime (Address: 0x1800ac888)
CreateDirectoryW (Address: 0x1800ac938)
CreateFileA (Address: 0x1800ac940)
CreateFileW (Address: 0x1800ac8e8)
DeleteFileW (Address: 0x1800ac890)
FindClose (Address: 0x1800ac8c0)
FindFirstFileExW (Address: 0x1800ac8b0)
FindFirstFileW (Address: 0x1800ac930)
FindNextFileW (Address: 0x1800ac8b8)
FlushFileBuffers (Address: 0x1800ac8f8)
GetDiskFreeSpaceExW (Address: 0x1800ac8a8)
GetDriveTypeW (Address: 0x1800ac8f0)
GetFileAttributesW (Address: 0x1800ac898)
GetFileSizeEx (Address: 0x1800ac8d8)
GetFileTime (Address: 0x1800ac8a0)
GetFinalPathNameByHandleW (Address: 0x1800ac908)
GetFullPathNameW (Address: 0x1800ac918)
GetLongPathNameW (Address: 0x1800ac920)
GetTempFileNameW (Address: 0x1800ac928)
ReadFile (Address: 0x1800ac8e0)
SetEndOfFile (Address: 0x1800ac910)
SetFileAttributesW (Address: 0x1800ac880)
SetFileInformationByHandle (Address: 0x1800ac900)
SetFilePointer (Address: 0x1800ac8c8)
SetFilePointerEx (Address: 0x1800ac8d0)
SetFileTime (Address: 0x1800ac870)
WriteFile (Address: 0x1800ac878)

api-ms-win-core-file-l1-2-0.dll

GetTempPathW (Address: 0x1800ac950)

api-ms-win-core-file-l2-1-0.dll

CopyFileExW (Address: 0x1800ac960)
GetFileInformationByHandleEx (Address: 0x1800ac968)
MoveFileExW (Address: 0x1800ac970)

api-ms-win-core-file-l2-1-2.dll

CopyFileW (Address: 0x1800ac980)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x1800ac990)
DuplicateHandle (Address: 0x1800ac998)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x1800ac9c8)
HeapAlloc (Address: 0x1800ac9a8)
HeapCreate (Address: 0x1800ac9b0)
HeapDestroy (Address: 0x1800ac9c0)
HeapFree (Address: 0x1800ac9b8)

api-ms-win-core-heap-l2-1-0.dll

GlobalFree (Address: 0x1800ac9e0)
LocalAlloc (Address: 0x1800ac9e8)
LocalFree (Address: 0x1800ac9d8)

api-ms-win-core-io-l1-1-0.dll

DeviceIoControl (Address: 0x1800ac9f8)

api-ms-win-core-kernel32-legacy-l1-1-0.dll

GetSystemPowerStatus (Address: 0x1800aca08)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x1800aca58)
FreeLibrary (Address: 0x1800aca40)
FreeLibraryAndExitThread (Address: 0x1800aca60)
GetModuleFileNameA (Address: 0x1800aca20)
GetModuleFileNameW (Address: 0x1800aca48)
GetModuleHandleExW (Address: 0x1800aca30)
GetModuleHandleW (Address: 0x1800aca38)
GetProcAddress (Address: 0x1800aca50)
LoadLibraryExW (Address: 0x1800aca28)
LoadStringW (Address: 0x1800aca18)

api-ms-win-core-libraryloader-l1-2-1.dll

LoadLibraryW (Address: 0x1800aca70)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x1800aca88)
GetSystemDefaultLCID (Address: 0x1800aca80)
GetThreadUILanguage (Address: 0x1800acaa8)
GetUserDefaultLCID (Address: 0x1800acaa0)
GetUserGeoID (Address: 0x1800aca90)
IsDBCSLeadByte (Address: 0x1800aca98)

api-ms-win-core-localization-obsolete-l1-2-0.dll

GetUserDefaultUILanguage (Address: 0x1800acab8)

api-ms-win-core-memory-l1-1-0.dll

CreateFileMappingW (Address: 0x1800acae8)
MapViewOfFile (Address: 0x1800acaf0)
ReadProcessMemory (Address: 0x1800acae0)
UnmapViewOfFile (Address: 0x1800acac8)
VirtualAlloc (Address: 0x1800acad8)
VirtualFree (Address: 0x1800acaf8)
VirtualQueryEx (Address: 0x1800acad0)

api-ms-win-core-path-l1-1-0.dll

PathCchRemoveBackslash (Address: 0x1800acb08)
PathCchRemoveFileSpec (Address: 0x1800acb10)

api-ms-win-core-processenvironment-l1-1-0.dll

ExpandEnvironmentStringsW (Address: 0x1800acb20)
GetCurrentDirectoryW (Address: 0x1800acb30)
GetEnvironmentVariableW (Address: 0x1800acb28)

api-ms-win-core-processsnapshot-l1-1-0.dll

PssDuplicateSnapshot (Address: 0x1800acb58)
PssFreeSnapshot (Address: 0x1800acb50)
PssQuerySnapshot (Address: 0x1800acb60)
PssWalkMarkerSeekToBeginning (Address: 0x1800acb40)
PssWalkSnapshot (Address: 0x1800acb48)

api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessAsUserW (Address: 0x1800acbc0)
CreateProcessW (Address: 0x1800acbf0)
CreateRemoteThread (Address: 0x1800acc08)
CreateThread (Address: 0x1800acbe0)
DeleteProcThreadAttributeList (Address: 0x1800acb70)
GetCurrentProcess (Address: 0x1800acba8)
GetCurrentProcessId (Address: 0x1800acbb8)
GetCurrentThread (Address: 0x1800acb80)
GetCurrentThreadId (Address: 0x1800acba0)
GetExitCodeProcess (Address: 0x1800acb90)
GetExitCodeThread (Address: 0x1800acb98)
GetProcessId (Address: 0x1800acbd0)
GetProcessTimes (Address: 0x1800acc18)
GetThreadId (Address: 0x1800acbf8)
GetThreadPriority (Address: 0x1800acc10)
InitializeProcThreadAttributeList (Address: 0x1800acb88)
OpenProcessToken (Address: 0x1800acbe8)
OpenThread (Address: 0x1800acc00)
OpenThreadToken (Address: 0x1800acbb0)
SetThreadPriority (Address: 0x1800acb78)
TerminateProcess (Address: 0x1800acbd8)
UpdateProcThreadAttribute (Address: 0x1800acbc8)

api-ms-win-core-processthreads-l1-1-1.dll

OpenProcess (Address: 0x1800acc28)

api-ms-win-core-processtopology-obsolete-l1-1-0.dll

GetProcessIoCounters (Address: 0x1800acc38)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x1800acc48)
QueryPerformanceFrequency (Address: 0x1800acc50)

api-ms-win-core-psapi-l1-1-0.dll

K32GetMappedFileNameW (Address: 0x1800acc60)
K32GetModuleFileNameExW (Address: 0x1800acc68)
K32GetProcessMemoryInfo (Address: 0x1800acc78)
QueryFullProcessImageNameW (Address: 0x1800acc70)

api-ms-win-core-realtime-l1-1-0.dll

QueryThreadCycleTime (Address: 0x1800acc88)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x1800accb0)
RegCreateKeyExW (Address: 0x1800acca0)
RegDeleteKeyExW (Address: 0x1800accf8)
RegDeleteTreeW (Address: 0x1800acce8)
RegDeleteValueW (Address: 0x1800accc8)
RegEnumKeyExW (Address: 0x1800acca8)
RegEnumValueW (Address: 0x1800accb8)
RegGetValueW (Address: 0x1800acce0)
RegLoadAppKeyW (Address: 0x1800accd0)
RegOpenKeyExW (Address: 0x1800accd8)
RegQueryInfoKeyW (Address: 0x1800accc0)
RegQueryValueExW (Address: 0x1800acc98)
RegSetValueExW (Address: 0x1800accf0)

api-ms-win-core-registry-l1-1-1.dll

RegSetKeyValueW (Address: 0x1800acd08)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x1800acd18)
RtlLookupFunctionEntry (Address: 0x1800acd28)
RtlVirtualUnwind (Address: 0x1800acd20)

api-ms-win-core-shlwapi-legacy-l1-1-0.dll

PathFileExistsW (Address: 0x1800acd38)

api-ms-win-core-sidebyside-l1-1-0.dll

ActivateActCtx (Address: 0x1800acd48)
CreateActCtxW (Address: 0x1800acd50)
DeactivateActCtx (Address: 0x1800acd58)
FindActCtxSectionStringW (Address: 0x1800acd60)
QueryActCtxW (Address: 0x1800acd68)

api-ms-win-core-string-l1-1-0.dll

CompareStringW (Address: 0x1800acd80)
MultiByteToWideChar (Address: 0x1800acd78)
WideCharToMultiByte (Address: 0x1800acd88)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x1800acdc8)
AcquireSRWLockShared (Address: 0x1800ace40)
CreateEventExW (Address: 0x1800acdd8)
CreateEventW (Address: 0x1800ace18)
CreateMutexExW (Address: 0x1800ace10)
CreateMutexW (Address: 0x1800ace20)
CreateSemaphoreExW (Address: 0x1800acd98)
DeleteCriticalSection (Address: 0x1800ace28)
EnterCriticalSection (Address: 0x1800acde0)
InitializeCriticalSection (Address: 0x1800acdf8)
InitializeCriticalSectionAndSpinCount (Address: 0x1800acdd0)
InitializeCriticalSectionEx (Address: 0x1800ace48)
LeaveCriticalSection (Address: 0x1800acde8)
OpenMutexW (Address: 0x1800acdf0)
OpenSemaphoreW (Address: 0x1800ace08)
ReleaseMutex (Address: 0x1800acdc0)
ReleaseSemaphore (Address: 0x1800acda0)
ReleaseSRWLockExclusive (Address: 0x1800acdb0)
ReleaseSRWLockShared (Address: 0x1800ace50)
ResetEvent (Address: 0x1800ace38)
SetEvent (Address: 0x1800acdb8)
WaitForMultipleObjectsEx (Address: 0x1800ace30)
WaitForSingleObject (Address: 0x1800acda8)
WaitForSingleObjectEx (Address: 0x1800ace00)

api-ms-win-core-synch-l1-2-0.dll

InitOnceBeginInitialize (Address: 0x1800ace70)
InitOnceComplete (Address: 0x1800ace60)
Sleep (Address: 0x1800ace68)

api-ms-win-core-synch-l1-2-1.dll

WaitForMultipleObjects (Address: 0x1800ace80)

api-ms-win-core-sysinfo-l1-1-0.dll

GetComputerNameExW (Address: 0x1800aced8)
GetLocalTime (Address: 0x1800aced0)
GetSystemDirectoryW (Address: 0x1800acec0)
GetSystemInfo (Address: 0x1800acea0)
GetSystemTime (Address: 0x1800aceb0)
GetSystemTimeAsFileTime (Address: 0x1800aceb8)
GetTickCount (Address: 0x1800acec8)
GetTickCount64 (Address: 0x1800ace98)
GetVersionExW (Address: 0x1800acea8)
GlobalMemoryStatusEx (Address: 0x1800ace90)

api-ms-win-core-sysinfo-l1-2-0.dll

GetNativeSystemInfo (Address: 0x1800acef0)
GetProductInfo (Address: 0x1800acee8)

api-ms-win-core-threadpool-l1-2-0.dll

CloseThreadpoolTimer (Address: 0x1800acf18)
CreateThreadpoolTimer (Address: 0x1800acf10)
SetThreadpoolTimer (Address: 0x1800acf08)
WaitForThreadpoolTimerCallbacks (Address: 0x1800acf00)

api-ms-win-core-timezone-l1-1-0.dll

FileTimeToSystemTime (Address: 0x1800acf30)
GetTimeZoneInformation (Address: 0x1800acf38)
SystemTimeToFileTime (Address: 0x1800acf28)

api-ms-win-core-toolhelp-l1-1-0.dll

CreateToolhelp32Snapshot (Address: 0x1800acf48)
Module32FirstW (Address: 0x1800acf50)
Module32NextW (Address: 0x1800acf58)

api-ms-win-core-util-l1-1-0.dll

DecodePointer (Address: 0x1800acf68)
EncodePointer (Address: 0x1800acf70)

api-ms-win-core-version-l1-1-0.dll

GetFileVersionInfoExW (Address: 0x1800acf90)
GetFileVersionInfoSizeExW (Address: 0x1800acf80)
VerQueryValueW (Address: 0x1800acf88)

api-ms-win-core-windowserrorreporting-l1-1-0.dll

GetApplicationRecoveryCallback (Address: 0x1800acfa8)
GetApplicationRestartSettings (Address: 0x1800acfa0)
WerGetFlags (Address: 0x1800acfb0)

api-ms-win-core-wow64-l1-1-0.dll

IsWow64Process (Address: 0x1800acfc0)

api-ms-win-core-wow64-l1-1-1.dll

GetSystemWow64DirectoryW (Address: 0x1800acfd0)
IsWow64Process2 (Address: 0x1800acfd8)

api-ms-win-eventing-provider-l1-1-0.dll

EventProviderEnabled (Address: 0x1800acff0)
EventRegister (Address: 0x1800acfe8)
EventSetInformation (Address: 0x1800acff8)
EventUnregister (Address: 0x1800ad008)
EventWriteTransfer (Address: 0x1800ad000)

api-ms-win-oobe-notification-l1-1-0.dll

OOBEComplete (Address: 0x1800ad018)

api-ms-win-security-base-l1-1-0.dll

AddAccessAllowedAceEx (Address: 0x1800ad028)
AddMandatoryAce (Address: 0x1800ad068)
AllocateAndInitializeSid (Address: 0x1800ad040)
CheckTokenMembership (Address: 0x1800ad078)
CopySid (Address: 0x1800ad088)
CreateWellKnownSid (Address: 0x1800ad0e8)
DuplicateToken (Address: 0x1800ad0c0)
FreeSid (Address: 0x1800ad070)
GetAce (Address: 0x1800ad0a8)
GetFileSecurityW (Address: 0x1800ad050)
GetKernelObjectSecurity (Address: 0x1800ad080)
GetLengthSid (Address: 0x1800ad038)
GetSecurityDescriptorDacl (Address: 0x1800ad0a0)
GetSecurityDescriptorSacl (Address: 0x1800ad0e0)
GetSidSubAuthority (Address: 0x1800ad0d0)
GetSidSubAuthorityCount (Address: 0x1800ad0c8)
GetTokenInformation (Address: 0x1800ad0b0)
ImpersonateLoggedOnUser (Address: 0x1800ad060)
InitializeAcl (Address: 0x1800ad030)
InitializeSecurityDescriptor (Address: 0x1800ad098)
IsValidSid (Address: 0x1800ad090)
RevertToSelf (Address: 0x1800ad058)
SetKernelObjectSecurity (Address: 0x1800ad0b8)
SetSecurityDescriptorDacl (Address: 0x1800ad0d8)
SetSecurityDescriptorSacl (Address: 0x1800ad048)

msvcrt.dll

__C_specific_handler (Address: 0x1800ad198)
__CxxFrameHandler3 (Address: 0x1800ad108)
__dllonexit (Address: 0x1800ad178)
_amsg_exit (Address: 0x1800ad1c8)
_CxxThrowException (Address: 0x1800ad218)
_initterm (Address: 0x1800ad1a0)
_lock (Address: 0x1800ad188)
_onexit (Address: 0x1800ad160)
_purecall (Address: 0x1800ad190)
_set_errno (Address: 0x1800ad1e0)
_unlock (Address: 0x1800ad180)
_vsnprintf_s (Address: 0x1800ad1d8)
_vsnwprintf (Address: 0x1800ad210)
_wcsdup (Address: 0x1800ad1b0)
_wfopen (Address: 0x1800ad100)
_XcptFilter (Address: 0x1800ad1d0)
??0exception@@QEAA@AEBV0@@Z (Address: 0x1800ad1e8)
??0exception@@QEAA@XZ (Address: 0x1800ad1f0)
??1exception@@UEAA@XZ (Address: 0x1800ad200)
??1type_info@@UEAA@XZ (Address: 0x1800ad140)
?terminate@@YAXXZ (Address: 0x1800ad158)
fclose (Address: 0x1800ad110)
fread (Address: 0x1800ad120)
free (Address: 0x1800ad1c0)
fseek (Address: 0x1800ad1b8)
fwprintf (Address: 0x1800ad128)
fwrite (Address: 0x1800ad118)
malloc (Address: 0x1800ad1a8)
memcmp (Address: 0x1800ad148)
memcpy (Address: 0x1800ad150)
memcpy_s (Address: 0x1800ad208)
memmove (Address: 0x1800ad168)
memset (Address: 0x1800ad1f8)
rand (Address: 0x1800ad130)
realloc (Address: 0x1800ad170)
srand (Address: 0x1800ad0f8)
strcmp (Address: 0x1800ad138)
wcscmp (Address: 0x1800ad220)

ntdll.dll

_errno (Address: 0x1800ad230)
_snwprintf_s (Address: 0x1800ad338)
_snwscanf_s (Address: 0x1800ad340)
_strnicmp (Address: 0x1800ad370)
_vscwprintf (Address: 0x1800ad4f8)
_vsnprintf (Address: 0x1800ad358)
_wcsicmp (Address: 0x1800ad4e8)
_wcsnicmp (Address: 0x1800ad4f0)
_wcstoui64 (Address: 0x1800ad2a8)
_wtoi (Address: 0x1800ad4c8)
_wtoi64 (Address: 0x1800ad3e0)
atoi (Address: 0x1800ad368)
DbgPrintEx (Address: 0x1800ad388)
EtwEventWriteNoRegistration (Address: 0x1800ad300)
EtwGetTraceEnableFlags (Address: 0x1800ad570)
EtwGetTraceEnableLevel (Address: 0x1800ad578)
EtwGetTraceLoggerHandle (Address: 0x1800ad580)
EtwRegisterTraceGuidsW (Address: 0x1800ad568)
EtwTraceMessage (Address: 0x1800ad588)
EtwUnregisterTraceGuids (Address: 0x1800ad500)
iswspace (Address: 0x1800ad4e0)
memmove_s (Address: 0x1800ad3b0)
NtAlpcConnectPort (Address: 0x1800ad310)
NtAlpcQueryInformation (Address: 0x1800ad458)
NtAlpcSendWaitReceivePort (Address: 0x1800ad318)
NtClose (Address: 0x1800ad258)
NtCreateFile (Address: 0x1800ad420)
NtDeviceIoControlFile (Address: 0x1800ad260)
NtOpenEvent (Address: 0x1800ad2c0)
NtQueryEvent (Address: 0x1800ad2c8)
NtQueryInformationFile (Address: 0x1800ad2e0)
NtQueryInformationProcess (Address: 0x1800ad498)
NtQueryInformationThread (Address: 0x1800ad438)
NtQueryInformationToken (Address: 0x1800ad2d0)
NtQueryLicenseValue (Address: 0x1800ad2b8)
NtQueryMutant (Address: 0x1800ad418)
NtQueryObject (Address: 0x1800ad428)
NtQuerySystemInformation (Address: 0x1800ad408)
NtQueryVirtualMemory (Address: 0x1800ad3f0)
NtQueryWnfStateData (Address: 0x1800ad3f8)
NtReadVirtualMemory (Address: 0x1800ad290)
NtSetInformationFile (Address: 0x1800ad2e8)
NtSetInformationThread (Address: 0x1800ad250)
NtUnmapViewOfSection (Address: 0x1800ad3e8)
NtWaitForSingleObject (Address: 0x1800ad410)
qsort (Address: 0x1800ad3b8)
qsort_s (Address: 0x1800ad278)
RtlAcquirePrivilege (Address: 0x1800ad268)
RtlAcquireSRWLockExclusive (Address: 0x1800ad470)
RtlAcquireSRWLockShared (Address: 0x1800ad468)
RtlAllocateAndInitializeSid (Address: 0x1800ad308)
RtlAllocateHeap (Address: 0x1800ad4b8)
RtlCompareUnicodeString (Address: 0x1800ad508)
RtlCompressBuffer (Address: 0x1800ad528)
RtlComputeCrc32 (Address: 0x1800ad538)
RtlCreateQueryDebugBuffer (Address: 0x1800ad448)
RtlDecompressBufferEx (Address: 0x1800ad540)
RtlDestroyQueryDebugBuffer (Address: 0x1800ad4a0)
RtlDetermineDosPathNameType_U (Address: 0x1800ad390)
RtlDisableThreadProfiling (Address: 0x1800ad238)
RtlEnableThreadProfiling (Address: 0x1800ad248)
RtlEqualUnicodeString (Address: 0x1800ad4a8)
RtlFreeHeap (Address: 0x1800ad440)
RtlFreeSid (Address: 0x1800ad320)
RtlFreeUnicodeString (Address: 0x1800ad490)
RtlGetCompressionWorkSpaceSize (Address: 0x1800ad520)
RtlGetDeviceFamilyInfoEnum (Address: 0x1800ad380)
RtlGetVersion (Address: 0x1800ad2b0)
RtlGUIDFromString (Address: 0x1800ad2d8)
RtlInitializeSRWLock (Address: 0x1800ad4b0)
RtlInitUnicodeString (Address: 0x1800ad480)
RtlNtStatusToDosError (Address: 0x1800ad430)
RtlNtStatusToDosErrorNoTeb (Address: 0x1800ad510)
RtlPublishWnfStateData (Address: 0x1800ad2a0)
RtlQueryHeapInformation (Address: 0x1800ad288)
RtlQueryPackageClaims (Address: 0x1800ad400)
RtlQueryPackageIdentityEx (Address: 0x1800ad398)
RtlQueryProcessDebugInformation (Address: 0x1800ad488)
RtlQueryTokenHostIdAsUlong64 (Address: 0x1800ad3a0)
RtlRbInsertNodeEx (Address: 0x1800ad518)
RtlRbRemoveNode (Address: 0x1800ad530)
RtlReadThreadProfilingData (Address: 0x1800ad240)
RtlReleasePrivilege (Address: 0x1800ad270)
RtlReleaseSRWLockExclusive (Address: 0x1800ad478)
RtlReleaseSRWLockShared (Address: 0x1800ad460)
RtlSecondsSince1970ToTime (Address: 0x1800ad558)
RtlStringFromGUID (Address: 0x1800ad450)
strpbrk (Address: 0x1800ad548)
strrchr (Address: 0x1800ad360)
strstr (Address: 0x1800ad550)
swprintf_s (Address: 0x1800ad560)
swscanf_s (Address: 0x1800ad378)
toupper (Address: 0x1800ad4c0)
towlower (Address: 0x1800ad328)
wcscat_s (Address: 0x1800ad3d0)
wcschr (Address: 0x1800ad4d8)
wcscpy_s (Address: 0x1800ad3d8)
wcscspn (Address: 0x1800ad350)
wcsncmp (Address: 0x1800ad330)
wcsncpy_s (Address: 0x1800ad3c0)
wcspbrk (Address: 0x1800ad4d0)
wcsrchr (Address: 0x1800ad3c8)
wcsspn (Address: 0x1800ad348)
wcsstr (Address: 0x1800ad3a8)
wcstok_s (Address: 0x1800ad280)
wcstoul (Address: 0x1800ad298)
ZwQueryWnfStateNameInformation (Address: 0x1800ad2f0)
ZwUpdateWnfStateData (Address: 0x1800ad2f8)

RPCRT4.dll

RpcStringFreeW (Address: 0x1800ac7a0)
UuidCreate (Address: 0x1800ac798)
UuidCreateSequential (Address: 0x1800ac7b0)
UuidToStringW (Address: 0x1800ac7a8)