wersvc.dll
Description: Windows Error Reporting Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 64-bit
Operating System: Windows NT
SHA256: a74e4215f534d6d07838862cdbc46ade
File Size: 248.5 KB
Uploaded At: Dec. 1, 2025, 7:42 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x17e70)
- SvchostPushServiceGlobals (Ordinal: 2, Address: 0x17fb0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18002fc80)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18002fc90)
- IsDebuggerPresent (Address: 0x18002fca0)
- OutputDebugStringW (Address: 0x18002fc98)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18002fcb0)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18002fcc0)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18002fcd8)
- SetLastError (Address: 0x18002fce8)
- SetUnhandledExceptionFilter (Address: 0x18002fcd0)
- UnhandledExceptionFilter (Address: 0x18002fce0)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x18002fd48)
- CreateFileW (Address: 0x18002fd00)
- FindClose (Address: 0x18002fd60)
- FindFirstFileW (Address: 0x18002fd40)
- FindNextFileW (Address: 0x18002fd18)
- GetFileAttributesW (Address: 0x18002fcf8)
- GetFileSizeEx (Address: 0x18002fd10)
- GetFinalPathNameByHandleW (Address: 0x18002fd58)
- GetLongPathNameW (Address: 0x18002fd38)
- GetTempFileNameW (Address: 0x18002fd30)
- ReadFile (Address: 0x18002fd20)
- SetFileInformationByHandle (Address: 0x18002fd50)
- SetFilePointerEx (Address: 0x18002fd08)
- WriteFile (Address: 0x18002fd28)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x18002fd70)
api-ms-win-core-file-l2-1-0.dll
- CopyFileExW (Address: 0x18002fd80)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18002fd98)
- DuplicateHandle (Address: 0x18002fd90)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18002fdb0)
- HeapAlloc (Address: 0x18002fdb8)
- HeapFree (Address: 0x18002fda8)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18002fdd0)
- LocalFree (Address: 0x18002fdc8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- MoveFileW (Address: 0x18002fde0)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x18002fdf8)
- FreeLibrary (Address: 0x18002fdf0)
- GetModuleFileNameA (Address: 0x18002fe10)
- GetModuleFileNameW (Address: 0x18002fe08)
- GetModuleHandleExW (Address: 0x18002fe18)
- GetModuleHandleW (Address: 0x18002fe00)
- GetProcAddress (Address: 0x18002fe20)
- LoadLibraryExW (Address: 0x18002fe28)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18002fe38)
api-ms-win-core-localization-obsolete-l1-2-0.dll
- GetUserDefaultUILanguage (Address: 0x18002fe48)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x18002fe68)
- MapViewOfFile (Address: 0x18002fe58)
- ReadProcessMemory (Address: 0x18002fe70)
- UnmapViewOfFile (Address: 0x18002fe60)
api-ms-win-core-namespace-l1-1-0.dll
- ClosePrivateNamespace (Address: 0x18002fe88)
- CreatePrivateNamespaceW (Address: 0x18002fe80)
- OpenPrivateNamespaceW (Address: 0x18002fe90)
api-ms-win-core-path-l1-1-0.dll
- PathCchRemoveBackslash (Address: 0x18002fea0)
- PathCchRemoveFileSpec (Address: 0x18002fea8)
api-ms-win-core-processsnapshot-l1-1-0.dll
- PssCaptureSnapshot (Address: 0x18002fec0)
- PssDuplicateSnapshot (Address: 0x18002feb8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x18002ff38)
- CreateProcessW (Address: 0x18002ff60)
- CreateThread (Address: 0x18002ff20)
- DeleteProcThreadAttributeList (Address: 0x18002ff28)
- GetCurrentProcess (Address: 0x18002ff10)
- GetCurrentProcessId (Address: 0x18002ff40)
- GetCurrentThreadId (Address: 0x18002fee0)
- GetExitCodeProcess (Address: 0x18002ff00)
- GetProcessId (Address: 0x18002fed0)
- GetProcessTimes (Address: 0x18002fed8)
- GetThreadId (Address: 0x18002ff30)
- InitializeProcThreadAttributeList (Address: 0x18002ff18)
- OpenProcessToken (Address: 0x18002ff48)
- OpenThread (Address: 0x18002fef0)
- OpenThreadToken (Address: 0x18002fef8)
- ProcessIdToSessionId (Address: 0x18002fee8)
- ResumeThread (Address: 0x18002ff58)
- TerminateProcess (Address: 0x18002ff08)
- UpdateProcThreadAttribute (Address: 0x18002ff50)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18002ff70)
- SetProcessMitigationPolicy (Address: 0x18002ff78)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18002ff88)
api-ms-win-core-psapi-l1-1-0.dll
- K32GetModuleFileNameExW (Address: 0x18002ff98)
- QueryFullProcessImageNameW (Address: 0x18002ffa0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18002ffd8)
- RegCreateKeyExW (Address: 0x18002ffb8)
- RegEnumKeyExW (Address: 0x18002ffd0)
- RegGetValueW (Address: 0x18002ffc8)
- RegOpenKeyExW (Address: 0x18002ffc0)
- RegQueryInfoKeyW (Address: 0x18002ffe0)
- RegSetValueExW (Address: 0x18002ffb0)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180030000)
- RtlLookupFunctionEntry (Address: 0x18002fff8)
- RtlVirtualUnwind (Address: 0x18002fff0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800300b8)
- AcquireSRWLockShared (Address: 0x180030060)
- CreateEventW (Address: 0x180030038)
- CreateMutexExW (Address: 0x1800300a0)
- CreateMutexW (Address: 0x180030088)
- CreateSemaphoreExW (Address: 0x1800300a8)
- DeleteCriticalSection (Address: 0x180030010)
- EnterCriticalSection (Address: 0x180030070)
- InitializeCriticalSection (Address: 0x180030018)
- InitializeCriticalSectionEx (Address: 0x180030020)
- LeaveCriticalSection (Address: 0x180030028)
- OpenEventW (Address: 0x180030048)
- OpenSemaphoreW (Address: 0x180030098)
- ReleaseMutex (Address: 0x180030068)
- ReleaseSemaphore (Address: 0x180030040)
- ReleaseSRWLockExclusive (Address: 0x180030078)
- ReleaseSRWLockShared (Address: 0x180030050)
- ResetEvent (Address: 0x1800300b0)
- SetEvent (Address: 0x180030030)
- WaitForMultipleObjectsEx (Address: 0x180030058)
- WaitForSingleObject (Address: 0x180030080)
- WaitForSingleObjectEx (Address: 0x180030090)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1800300d8)
- InitOnceComplete (Address: 0x1800300c8)
- Sleep (Address: 0x1800300d0)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x1800300e8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x180030100)
- GetSystemDirectoryW (Address: 0x180030118)
- GetSystemInfo (Address: 0x1800300f8)
- GetSystemTimeAsFileTime (Address: 0x180030110)
- GetTickCount (Address: 0x180030108)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x180030128)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolCleanupGroup (Address: 0x180030178)
- CloseThreadpoolCleanupGroupMembers (Address: 0x180030180)
- CloseThreadpoolTimer (Address: 0x180030138)
- CloseThreadpoolWait (Address: 0x180030188)
- CreateThreadpoolCleanupGroup (Address: 0x180030168)
- CreateThreadpoolTimer (Address: 0x180030150)
- CreateThreadpoolWait (Address: 0x180030148)
- LeaveCriticalSectionWhenCallbackReturns (Address: 0x180030190)
- SetThreadpoolTimer (Address: 0x180030170)
- SetThreadpoolWait (Address: 0x180030140)
- TrySubmitThreadpoolCallback (Address: 0x180030158)
- WaitForThreadpoolTimerCallbacks (Address: 0x180030198)
- WaitForThreadpoolWaitCallbacks (Address: 0x180030160)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- UnregisterWaitEx (Address: 0x1800301a8)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x1800301b8)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x1800301d0)
- EncodePointer (Address: 0x1800301c8)
api-ms-win-core-version-l1-1-0.dll
- GetFileVersionInfoExW (Address: 0x1800301e8)
- GetFileVersionInfoSizeExW (Address: 0x1800301f0)
- VerQueryValueW (Address: 0x1800301e0)
api-ms-win-core-wow64-l1-1-0.dll
- IsWow64Process (Address: 0x180030200)
api-ms-win-core-wow64-l1-1-1.dll
- GetSystemWow64Directory2W (Address: 0x180030220)
- GetSystemWow64DirectoryW (Address: 0x180030210)
- IsWow64Process2 (Address: 0x180030218)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x180030230)
- EventRegister (Address: 0x180030240)
- EventSetInformation (Address: 0x180030248)
- EventUnregister (Address: 0x180030238)
- EventWriteTransfer (Address: 0x180030250)
api-ms-win-security-base-l1-1-0.dll
- AllocateAndInitializeSid (Address: 0x1800302d0)
- CheckTokenMembership (Address: 0x180030270)
- CreateRestrictedToken (Address: 0x1800302a0)
- CreateWellKnownSid (Address: 0x180030278)
- DuplicateToken (Address: 0x180030260)
- DuplicateTokenEx (Address: 0x1800302b8)
- FreeSid (Address: 0x180030268)
- GetSidSubAuthority (Address: 0x180030288)
- GetSidSubAuthorityCount (Address: 0x180030280)
- GetTokenInformation (Address: 0x1800302a8)
- ImpersonateLoggedOnUser (Address: 0x180030298)
- InitializeSecurityDescriptor (Address: 0x1800302b0)
- RevertToSelf (Address: 0x180030290)
- SetSecurityDescriptorDacl (Address: 0x1800302c8)
- SetTokenInformation (Address: 0x1800302c0)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1800302e8)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800302e0)
msvcrt.dll
- __C_specific_handler (Address: 0x180030328)
- __CxxFrameHandler3 (Address: 0x180030378)
- __dllonexit (Address: 0x180030308)
- _amsg_exit (Address: 0x180030350)
- _callnewh (Address: 0x1800303d0)
- _CxxThrowException (Address: 0x180030390)
- _initterm (Address: 0x180030340)
- _lock (Address: 0x180030320)
- _onexit (Address: 0x180030300)
- _purecall (Address: 0x180030368)
- _scwprintf (Address: 0x180030310)
- _unlock (Address: 0x180030318)
- _vsnprintf (Address: 0x180030338)
- _vsnprintf_s (Address: 0x180030398)
- _vsnwprintf (Address: 0x1800303c0)
- _XcptFilter (Address: 0x180030358)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800303a0)
- ??0exception@@QEAA@XZ (Address: 0x1800303a8)
- ??1exception@@UEAA@XZ (Address: 0x1800303b0)
- ??1type_info@@UEAA@XZ (Address: 0x180030330)
- ?terminate@@YAXXZ (Address: 0x1800302f8)
- free (Address: 0x180030360)
- malloc (Address: 0x180030348)
- memcmp (Address: 0x180030370)
- memcpy (Address: 0x1800303c8)
- memcpy_s (Address: 0x1800303b8)
- memmove (Address: 0x180030388)
- memmove_s (Address: 0x180030380)
- memset (Address: 0x1800303d8)
ntdll.dll
- _vscwprintf (Address: 0x1800304d8)
- _wcsicmp (Address: 0x1800304c8)
- _wcsnicmp (Address: 0x1800304d0)
- AlpcGetMessageAttribute (Address: 0x180030418)
- AlpcInitializeMessageAttribute (Address: 0x180030420)
- EtwCheckCoverage (Address: 0x1800303f0)
- EtwGetTraceEnableFlags (Address: 0x180030590)
- EtwGetTraceEnableLevel (Address: 0x180030598)
- EtwGetTraceLoggerHandle (Address: 0x1800305a0)
- EtwRegisterTraceGuidsW (Address: 0x180030560)
- EtwTraceMessage (Address: 0x1800305a8)
- EtwUnregisterTraceGuids (Address: 0x180030558)
- iswspace (Address: 0x1800304c0)
- NtAlpcAcceptConnectPort (Address: 0x180030430)
- NtAlpcCancelMessage (Address: 0x1800304e0)
- NtAlpcConnectPort (Address: 0x180030440)
- NtAlpcCreatePort (Address: 0x180030448)
- NtAlpcOpenSenderProcess (Address: 0x180030478)
- NtAlpcOpenSenderThread (Address: 0x180030470)
- NtAlpcSendWaitReceivePort (Address: 0x180030438)
- NtClose (Address: 0x1800304f8)
- NtCreateFile (Address: 0x1800304e8)
- NtDuplicateToken (Address: 0x180030548)
- NtOpenEvent (Address: 0x180030500)
- NtQueryInformationProcess (Address: 0x180030520)
- NtQueryInformationToken (Address: 0x180030550)
- NtQuerySystemInformation (Address: 0x1800304f0)
- NtSetInformationProcess (Address: 0x180030408)
- NtSetSystemInformation (Address: 0x180030410)
- NtTerminateProcess (Address: 0x180030428)
- RtlAddSIDToBoundaryDescriptor (Address: 0x180030458)
- RtlAllocateHeap (Address: 0x180030538)
- RtlCompareUnicodeString (Address: 0x180030528)
- RtlCreateBoundaryDescriptor (Address: 0x180030468)
- RtlCreateServiceSid (Address: 0x180030460)
- RtlDeleteBoundaryDescriptor (Address: 0x180030450)
- RtlFreeHeap (Address: 0x180030540)
- RtlGUIDFromString (Address: 0x180030510)
- RtlIdentifierAuthoritySid (Address: 0x1800303e8)
- RtlInitUnicodeString (Address: 0x180030518)
- RtlNtStatusToDosError (Address: 0x180030508)
- RtlNtStatusToDosErrorNoTeb (Address: 0x180030530)
- RtlQueryResourcePolicy (Address: 0x1800305b0)
- RtlSecondsSince1970ToTime (Address: 0x180030568)
- RtlSetThreadErrorMode (Address: 0x1800303f8)
- RtlSubAuthorityCountSid (Address: 0x180030490)
- swprintf_s (Address: 0x180030570)
- toupper (Address: 0x180030480)
- towlower (Address: 0x180030498)
- vDbgPrintExWithPrefix (Address: 0x180030488)
- wcscat_s (Address: 0x180030580)
- wcschr (Address: 0x1800304b8)
- wcscpy_s (Address: 0x180030578)
- wcsncpy_s (Address: 0x180030588)
- wcsrchr (Address: 0x1800304b0)
- wcsspn (Address: 0x1800304a0)
- wcstol (Address: 0x180030400)
- wcstoul (Address: 0x1800304a8)
RPCRT4.dll
- UuidCreate (Address: 0x18002fc38)
- UuidFromStringW (Address: 0x18002fc40)
WerEtw.dll
- WerMergeEtlEx (Address: 0x18002fc50)
WindowsPerformanceRecorderControl.dll
- WPRCCreateInstanceUnderInstanceName (Address: 0x18002fc60)
- WPRCDisableBuiltinProfiles (Address: 0x18002fc70)
- WPRCReleaseInstanceByName (Address: 0x18002fc68)