wer.dll
Description: Windows Error Reporting DLL
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6280
Architecture: 32-bit
Operating System: Windows NT
SHA256: 43d40e9d6d197b7aa08f09c9d4a8384b
File Size: 720.3 KB
Uploaded At: Dec. 1, 2025, 8:06 a.m.
Views: 9
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess, CreateRemoteThread
Exported Functions
- WerSysprepCleanup (Ordinal: 1, Address: 0x20200)
- WerSysprepGeneralize (Ordinal: 2, Address: 0x20090)
- WerUnattendedSetup (Ordinal: 3, Address: 0x202d0)
- WerpAddAppCompatData (Ordinal: 4, Address: 0x23a20)
- WerpAddIfRegisteredForAppLocalDump (Ordinal: 5, Address: 0x24990)
- WerpAddMemoryBlock (Ordinal: 6, Address: 0x230c0)
- WerpAddRegisteredDataToReport (Ordinal: 7, Address: 0x24dd0)
- WerpAddRegisteredDumpsToReport (Ordinal: 8, Address: 0x24c70)
- WerpAddRegisteredMetadataToReport (Ordinal: 9, Address: 0x24b40)
- WerpArchiveReport (Ordinal: 10, Address: 0x253a0)
- WerpCancelUpload (Ordinal: 11, Address: 0x23990)
- WerpCleanWer (Ordinal: 12, Address: 0x228f0)
- WerpCloseStore (Ordinal: 13, Address: 0x21590)
- WerpCreateMachineStore (Ordinal: 14, Address: 0x207f0)
- WerpDeleteReport (Ordinal: 15, Address: 0x219c0)
- WerpDestroyWerString (Ordinal: 16, Address: 0x213b0)
- WerpEnumerateStoreNext (Ordinal: 17, Address: 0x21450)
- WerpEnumerateStoreStart (Ordinal: 18, Address: 0x213f0)
- WerpFlushImageCache (Ordinal: 19, Address: 0x29110)
- WerpForceDeferredCollection (Ordinal: 20, Address: 0x27060)
- WerpFreeUnmappedVaRanges (Ordinal: 21, Address: 0x26880)
- WerpGetBucketId (Ordinal: 22, Address: 0x22380)
- WerpGetDynamicParameter (Ordinal: 23, Address: 0x23360)
- WerpGetEventType (Ordinal: 24, Address: 0x22050)
- WerpGetExtendedDiagData (Ordinal: 25, Address: 0x25110)
- WerpGetFileByIndex (Ordinal: 26, Address: 0x22810)
- WerpGetFilePathByIndex (Ordinal: 27, Address: 0x226b0)
- WerpGetLegacyBucketId (Ordinal: 28, Address: 0x224a0)
- WerpGetLoadedModuleByIndex (Ordinal: 29, Address: 0x22760)
- WerpGetNumFiles (Ordinal: 30, Address: 0x225c0)
- WerpGetNumLoadedModules (Ordinal: 31, Address: 0x22650)
- WerpGetNumSigParams (Ordinal: 32, Address: 0x220b0)
- WerpGetPathOfWERTempDirectory (Ordinal: 33, Address: 0x20fa0)
- WerpGetReportCount (Ordinal: 34, Address: 0x21500)
- WerpGetReportFinalConsent (Ordinal: 35, Address: 0x23930)
- WerpGetReportFlags (Ordinal: 36, Address: 0x24860)
- WerpGetReportId (Ordinal: 37, Address: 0x25920)
- WerpGetReportInformation (Ordinal: 38, Address: 0x234b0)
- WerpGetReportSettings (Ordinal: 39, Address: 0x25740)
- WerpGetReportTime (Ordinal: 40, Address: 0x22260)
- WerpGetReportType (Ordinal: 41, Address: 0x237c0)
- WerpGetResponseId (Ordinal: 42, Address: 0x221e0)
- WerpGetSigParamByIndex (Ordinal: 43, Address: 0x22110)
- WerpGetStorePath (Ordinal: 44, Address: 0x20d60)
- WerpGetStoreType (Ordinal: 45, Address: 0x23710)
- WerpGetTextFromReport (Ordinal: 46, Address: 0x23440)
- WerpGetUIParamByIndex (Ordinal: 47, Address: 0x22180)
- WerpGetUploadTime (Ordinal: 48, Address: 0x222c0)
- WerpGetWerStringData (Ordinal: 49, Address: 0x21390)
- WerpGetWow64Process (Ordinal: 50, Address: 0x25c30)
- WerpHashApplicationParameters (Ordinal: 51, Address: 0x26330)
- WerpInitializeImageCache (Ordinal: 52, Address: 0x291d0)
- WerpIsOnBattery (Ordinal: 53, Address: 0x25f40)
- WerpIsTransportAvailable (Ordinal: 54, Address: 0x22d20)
- WerpLoadReportFromBuffer (Ordinal: 55, Address: 0x21990)
- WerpOpenMachineArchive (Ordinal: 56, Address: 0x20d40)
- WerpOpenMachineQueue (Ordinal: 57, Address: 0x20a10)
- WerpPromptUser (Ordinal: 58, Address: 0x23820)
- WerpPruneStore (Ordinal: 59, Address: 0x25ca0)
- WerpReportCancel (Ordinal: 60, Address: 0x255e0)
- WerpReportSetMaxProcessHoldMilliseconds (Ordinal: 61, Address: 0x289e0)
- WerpReportSprintfParameter (Ordinal: 62, Address: 0x26290)
- WerpReserveMachineQueueReportDir (Ordinal: 63, Address: 0x26060)
- WerpResetTransientImageCacheStatistics (Ordinal: 64, Address: 0x29210)
- WerpRestartApplication (Ordinal: 65, Address: 0x240c0)
- WerpSetDynamicParameter (Ordinal: 66, Address: 0x232a0)
- WerpSetEventName (Ordinal: 67, Address: 0x247a0)
- WerpSetProcessTimelines (Ordinal: 68, Address: 0x26630)
- WerpSetQuickDumpType (Ordinal: 69, Address: 0x286c0)
- WerpSetReportApplicationIdentity (Ordinal: 70, Address: 0x26460)
- WerpSetReportFlags (Ordinal: 71, Address: 0x24800)
- WerpSetReportInformation (Ordinal: 72, Address: 0x23510)
- WerpSetReportIsFatal (Ordinal: 73, Address: 0x28660)
- WerpSetReportNamespaceParameter (Ordinal: 74, Address: 0x25fe0)
- WerpSetReportTime (Ordinal: 75, Address: 0x22320)
- WerpSetReportUploadContextToken (Ordinal: 76, Address: 0x23210)
- WerpSetTelemetryAppParams (Ordinal: 77, Address: 0x264d0)
- WerpSetTelemetryKernelParams (Ordinal: 78, Address: 0x265d0)
- WerpSetTelemetryServiceParams (Ordinal: 79, Address: 0x26550)
- WerpShowUpsellUI (Ordinal: 80, Address: 0x25370)
- WerpStitchedMinidumpVmPostReadCallback (Ordinal: 81, Address: 0x29f70)
- WerpStitchedMinidumpVmPreReadCallback (Ordinal: 82, Address: 0x2a0a0)
- WerpStitchedMinidumpVmQueryCallback (Ordinal: 83, Address: 0x297c0)
- WerpSubmitReportFromStore (Ordinal: 84, Address: 0x21a20)
- WerpTraceAuxMemDumpStatistics (Ordinal: 85, Address: 0x26c40)
- WerpTraceDuration (Ordinal: 86, Address: 0x26ef0)
- WerpTraceImageCacheStatistics (Ordinal: 87, Address: 0x26d50)
- WerpTraceSnapshotStatistics (Ordinal: 88, Address: 0x268b0)
- WerpTraceStitchedDumpWriterStatistics (Ordinal: 89, Address: 0x26ee0)
- WerpTraceUnmappedVaRangesStatistics (Ordinal: 90, Address: 0x26bc0)
- WerpUnmapProcessViews (Ordinal: 91, Address: 0x26690)
- WerpValidateReportKey (Ordinal: 92, Address: 0x26190)
- WerpWalkGatherBlocks (Ordinal: 93, Address: 0x25060)
- CloseThreadWaitChainSession (Ordinal: 94, Address: 0x1e2a0)
- GetThreadWaitChain (Ordinal: 95, Address: 0x1e300)
- OpenThreadWaitChainSession (Ordinal: 96, Address: 0x1e1e0)
- RegisterWaitChainCOMCallback (Ordinal: 97, Address: 0x1e140)
- WerAddExcludedApplication (Ordinal: 98, Address: 0x1fdd0)
- WerFreeString (Ordinal: 99, Address: 0x27250)
- WerRemoveExcludedApplication (Ordinal: 100, Address: 0x1ff40)
- WerReportAddDump (Ordinal: 101, Address: 0x1f9d0)
- WerReportAddFile (Ordinal: 102, Address: 0x1f660)
- WerReportCloseHandle (Ordinal: 103, Address: 0x1fb30)
- WerReportCreate (Ordinal: 104, Address: 0x1ecf0)
- WerReportSetParameter (Ordinal: 105, Address: 0x1f420)
- WerReportSetUIOption (Ordinal: 106, Address: 0x1f800)
- WerReportSubmit (Ordinal: 107, Address: 0x1f8a0)
- WerStoreClose (Ordinal: 108, Address: 0x273f0)
- WerStoreGetFirstReportKey (Ordinal: 109, Address: 0x27470)
- WerStoreGetNextReportKey (Ordinal: 110, Address: 0x27580)
- WerStoreGetReportCount (Ordinal: 111, Address: 0x27720)
- WerStoreGetSizeOnDisk (Ordinal: 112, Address: 0x27730)
- WerStoreOpen (Ordinal: 113, Address: 0x27260)
- WerStorePurge (Ordinal: 114, Address: 0x25d60)
- WerStoreQueryReportMetadataV1 (Ordinal: 115, Address: 0x277c0)
- WerStoreQueryReportMetadataV2 (Ordinal: 116, Address: 0x27b50)
- WerStoreQueryReportMetadataV3 (Ordinal: 117, Address: 0x27f80)
- WerStoreUploadReport (Ordinal: 118, Address: 0x28370)
- WerpAddFile (Ordinal: 119, Address: 0x22eb0)
- WerpAddFileBuffer (Ordinal: 120, Address: 0x22f60)
- WerpAddFileCallback (Ordinal: 121, Address: 0x23010)
- WerpAddTerminationReason (Ordinal: 122, Address: 0x20690)
- WerpAuxmdDumpProcessImages (Ordinal: 123, Address: 0x2a910)
- WerpAuxmdDumpRegisteredBlocks (Ordinal: 124, Address: 0x2ae70)
- WerpAuxmdFree (Ordinal: 125, Address: 0x2b2e0)
- WerpAuxmdFreeCopyBuffer (Ordinal: 126, Address: 0x2b2b0)
- WerpAuxmdHashVaRanges (Ordinal: 127, Address: 0x2af90)
- WerpAuxmdInitialize (Ordinal: 128, Address: 0x2b1e0)
- WerpAuxmdMapFile (Ordinal: 129, Address: 0x2b160)
- WerpCreateIntegratorReportId (Ordinal: 130, Address: 0x25a00)
- WerpExtractReportFiles (Ordinal: 131, Address: 0x23d60)
- WerpFreeString (Ordinal: 132, Address: 0x25a90)
- WerpGetIntegratorReportId (Ordinal: 133, Address: 0x258b0)
- WerpGetReportConsent (Ordinal: 134, Address: 0x23850)
- WerpGetStoreLocation (Ordinal: 135, Address: 0x23600)
- WerpIsDisabled (Ordinal: 136, Address: 0x25670)
- WerpLoadReport (Ordinal: 137, Address: 0x21960)
- WerpSetAuxiliaryArchivePath (Ordinal: 138, Address: 0x262c0)
- WerpSetCallBack (Ordinal: 139, Address: 0x235a0)
- WerpSetDefaultUserConsent (Ordinal: 140, Address: 0x25ac0)
- WerpSetExitListeners (Ordinal: 141, Address: 0x28970)
- WerpSetIntegratorReportId (Ordinal: 142, Address: 0x25850)
- WerpSetIptEnabled (Ordinal: 143, Address: 0x257e0)
- WerpSetReportOption (Ordinal: 144, Address: 0x285e0)
- WerpSetTtdStatus (Ordinal: 145, Address: 0x28720)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x100a7014)
api-ms-win-core-console-l1-1-0.dll
- SetConsoleCtrlHandler (Address: 0x100a701c)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x100a7028)
- IsDebuggerPresent (Address: 0x100a7030)
- OutputDebugStringA (Address: 0x100a702c)
- OutputDebugStringW (Address: 0x100a7024)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x100a7038)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x100a7040)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x100a704c)
- RaiseException (Address: 0x100a7054)
- SetErrorMode (Address: 0x100a7058)
- SetLastError (Address: 0x100a7050)
- SetUnhandledExceptionFilter (Address: 0x100a705c)
- UnhandledExceptionFilter (Address: 0x100a7048)
api-ms-win-core-errorhandling-l1-1-3.dll
- SetThreadErrorMode (Address: 0x100a7064)
api-ms-win-core-file-l1-1-0.dll
- CompareFileTime (Address: 0x100a706c)
- CreateDirectoryW (Address: 0x100a708c)
- CreateFileA (Address: 0x100a70a0)
- CreateFileW (Address: 0x100a707c)
- DeleteFileW (Address: 0x100a70c0)
- FindClose (Address: 0x100a70a8)
- FindFirstFileExW (Address: 0x100a7094)
- FindFirstFileW (Address: 0x100a70d0)
- FindNextFileW (Address: 0x100a709c)
- FlushFileBuffers (Address: 0x100a70cc)
- GetDiskFreeSpaceExW (Address: 0x100a7088)
- GetDriveTypeW (Address: 0x100a70c4)
- GetFileAttributesW (Address: 0x100a70c8)
- GetFileSizeEx (Address: 0x100a7074)
- GetFileTime (Address: 0x100a7070)
- GetFinalPathNameByHandleW (Address: 0x100a70a4)
- GetFullPathNameW (Address: 0x100a70d4)
- GetLongPathNameW (Address: 0x100a70b8)
- GetTempFileNameW (Address: 0x100a7084)
- ReadFile (Address: 0x100a70b0)
- SetEndOfFile (Address: 0x100a7090)
- SetFileAttributesW (Address: 0x100a7080)
- SetFileInformationByHandle (Address: 0x100a70ac)
- SetFilePointer (Address: 0x100a70b4)
- SetFilePointerEx (Address: 0x100a7098)
- SetFileTime (Address: 0x100a7078)
- WriteFile (Address: 0x100a70bc)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x100a70dc)
api-ms-win-core-file-l2-1-0.dll
- CopyFileExW (Address: 0x100a70ec)
- GetFileInformationByHandleEx (Address: 0x100a70e4)
- MoveFileExW (Address: 0x100a70e8)
api-ms-win-core-file-l2-1-2.dll
- CopyFileW (Address: 0x100a70f4)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x100a7100)
- DuplicateHandle (Address: 0x100a70fc)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x100a7110)
- HeapAlloc (Address: 0x100a7114)
- HeapCreate (Address: 0x100a7108)
- HeapDestroy (Address: 0x100a710c)
- HeapFree (Address: 0x100a7118)
api-ms-win-core-heap-l2-1-0.dll
- GlobalFree (Address: 0x100a7120)
- LocalAlloc (Address: 0x100a7124)
- LocalFree (Address: 0x100a7128)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x100a7130)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- GetSystemPowerStatus (Address: 0x100a7138)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x100a7158)
- FreeLibrary (Address: 0x100a7154)
- FreeLibraryAndExitThread (Address: 0x100a7148)
- GetModuleFileNameA (Address: 0x100a714c)
- GetModuleFileNameW (Address: 0x100a7144)
- GetModuleHandleA (Address: 0x100a7150)
- GetModuleHandleExW (Address: 0x100a7164)
- GetModuleHandleW (Address: 0x100a715c)
- GetProcAddress (Address: 0x100a7140)
- LoadLibraryExW (Address: 0x100a7168)
- LoadStringW (Address: 0x100a7160)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x100a7170)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x100a7188)
- GetSystemDefaultLCID (Address: 0x100a7178)
- GetThreadUILanguage (Address: 0x100a7180)
- GetUserDefaultLCID (Address: 0x100a717c)
- GetUserGeoID (Address: 0x100a718c)
- IsDBCSLeadByte (Address: 0x100a7184)
api-ms-win-core-localization-obsolete-l1-2-0.dll
- GetUserDefaultUILanguage (Address: 0x100a7194)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x100a719c)
- MapViewOfFile (Address: 0x100a71b0)
- ReadProcessMemory (Address: 0x100a71ac)
- UnmapViewOfFile (Address: 0x100a71a4)
- VirtualAlloc (Address: 0x100a71a8)
- VirtualFree (Address: 0x100a71b4)
- VirtualQueryEx (Address: 0x100a71a0)
api-ms-win-core-path-l1-1-0.dll
- PathCchRemoveBackslash (Address: 0x100a71bc)
- PathCchRemoveFileSpec (Address: 0x100a71c0)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x100a71c8)
- GetCurrentDirectoryW (Address: 0x100a71d0)
- GetEnvironmentVariableW (Address: 0x100a71cc)
api-ms-win-core-processsnapshot-l1-1-0.dll
- PssDuplicateSnapshot (Address: 0x100a71dc)
- PssFreeSnapshot (Address: 0x100a71e0)
- PssQuerySnapshot (Address: 0x100a71e4)
- PssWalkMarkerSeekToBeginning (Address: 0x100a71d8)
- PssWalkSnapshot (Address: 0x100a71e8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessAsUserW (Address: 0x100a7218)
- CreateProcessW (Address: 0x100a7214)
- CreateRemoteThread (Address: 0x100a71f4)
- CreateThread (Address: 0x100a7224)
- DeleteProcThreadAttributeList (Address: 0x100a7240)
- GetCurrentProcess (Address: 0x100a7200)
- GetCurrentProcessId (Address: 0x100a721c)
- GetCurrentThread (Address: 0x100a7208)
- GetCurrentThreadId (Address: 0x100a720c)
- GetExitCodeProcess (Address: 0x100a7230)
- GetExitCodeThread (Address: 0x100a7204)
- GetProcessId (Address: 0x100a7244)
- GetProcessTimes (Address: 0x100a7210)
- GetThreadId (Address: 0x100a722c)
- GetThreadPriority (Address: 0x100a7234)
- InitializeProcThreadAttributeList (Address: 0x100a71fc)
- OpenProcessToken (Address: 0x100a7220)
- OpenThread (Address: 0x100a7238)
- OpenThreadToken (Address: 0x100a7228)
- SetThreadPriority (Address: 0x100a723c)
- TerminateProcess (Address: 0x100a71f8)
- UpdateProcThreadAttribute (Address: 0x100a71f0)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x100a724c)
api-ms-win-core-processtopology-obsolete-l1-1-0.dll
- GetProcessIoCounters (Address: 0x100a7254)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x100a7260)
- QueryPerformanceFrequency (Address: 0x100a725c)
api-ms-win-core-psapi-l1-1-0.dll
- K32GetMappedFileNameW (Address: 0x100a726c)
- K32GetModuleFileNameExW (Address: 0x100a7270)
- K32GetProcessMemoryInfo (Address: 0x100a7268)
- QueryFullProcessImageNameW (Address: 0x100a7274)
api-ms-win-core-realtime-l1-1-0.dll
- QueryThreadCycleTime (Address: 0x100a727c)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x100a7298)
- RegCreateKeyExW (Address: 0x100a7284)
- RegDeleteKeyExW (Address: 0x100a72a8)
- RegDeleteTreeW (Address: 0x100a7290)
- RegDeleteValueW (Address: 0x100a729c)
- RegEnumKeyExW (Address: 0x100a72b0)
- RegEnumValueW (Address: 0x100a7288)
- RegGetValueW (Address: 0x100a72b4)
- RegLoadAppKeyW (Address: 0x100a7294)
- RegOpenKeyExW (Address: 0x100a72a0)
- RegQueryInfoKeyW (Address: 0x100a728c)
- RegQueryValueExW (Address: 0x100a72a4)
- RegSetValueExW (Address: 0x100a72ac)
api-ms-win-core-registry-l1-1-1.dll
- RegSetKeyValueW (Address: 0x100a72bc)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathFileExistsW (Address: 0x100a72c4)
api-ms-win-core-string-l1-1-0.dll
- CompareStringW (Address: 0x100a72d4)
- MultiByteToWideChar (Address: 0x100a72cc)
- WideCharToMultiByte (Address: 0x100a72d0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x100a7330)
- AcquireSRWLockShared (Address: 0x100a72f0)
- CreateEventExW (Address: 0x100a72e4)
- CreateEventW (Address: 0x100a7310)
- CreateMutexExW (Address: 0x100a72dc)
- CreateMutexW (Address: 0x100a7320)
- CreateSemaphoreExW (Address: 0x100a730c)
- DeleteCriticalSection (Address: 0x100a72e8)
- EnterCriticalSection (Address: 0x100a732c)
- InitializeCriticalSection (Address: 0x100a7324)
- InitializeCriticalSectionAndSpinCount (Address: 0x100a7314)
- InitializeCriticalSectionEx (Address: 0x100a7334)
- LeaveCriticalSection (Address: 0x100a7328)
- OpenMutexW (Address: 0x100a72f4)
- OpenSemaphoreW (Address: 0x100a72e0)
- ReleaseMutex (Address: 0x100a72fc)
- ReleaseSemaphore (Address: 0x100a7308)
- ReleaseSRWLockExclusive (Address: 0x100a731c)
- ReleaseSRWLockShared (Address: 0x100a7338)
- ResetEvent (Address: 0x100a72ec)
- SetEvent (Address: 0x100a7300)
- WaitForMultipleObjectsEx (Address: 0x100a7318)
- WaitForSingleObject (Address: 0x100a7304)
- WaitForSingleObjectEx (Address: 0x100a72f8)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x100a7340)
- InitOnceComplete (Address: 0x100a7344)
- Sleep (Address: 0x100a7348)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x100a7350)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetComputerNameExW (Address: 0x100a7374)
- GetLocalTime (Address: 0x100a7360)
- GetSystemDirectoryW (Address: 0x100a735c)
- GetSystemInfo (Address: 0x100a7370)
- GetSystemTime (Address: 0x100a7378)
- GetSystemTimeAsFileTime (Address: 0x100a7368)
- GetTickCount (Address: 0x100a7358)
- GetTickCount64 (Address: 0x100a736c)
- GetVersionExW (Address: 0x100a7364)
- GlobalMemoryStatusEx (Address: 0x100a737c)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetNativeSystemInfo (Address: 0x100a7384)
- GetProductInfo (Address: 0x100a7388)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x100a7394)
- CreateThreadpoolTimer (Address: 0x100a739c)
- SetThreadpoolTimer (Address: 0x100a7398)
- WaitForThreadpoolTimerCallbacks (Address: 0x100a7390)
api-ms-win-core-timezone-l1-1-0.dll
- FileTimeToSystemTime (Address: 0x100a73ac)
- GetTimeZoneInformation (Address: 0x100a73a4)
- SystemTimeToFileTime (Address: 0x100a73a8)
api-ms-win-core-toolhelp-l1-1-0.dll
- CreateToolhelp32Snapshot (Address: 0x100a73b8)
- Module32FirstW (Address: 0x100a73bc)
- Module32NextW (Address: 0x100a73b4)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x100a73c4)
- EncodePointer (Address: 0x100a73c8)
api-ms-win-core-version-l1-1-0.dll
- GetFileVersionInfoExW (Address: 0x100a73d4)
- GetFileVersionInfoSizeExW (Address: 0x100a73d0)
- VerQueryValueW (Address: 0x100a73d8)
api-ms-win-core-windowserrorreporting-l1-1-0.dll
- GetApplicationRecoveryCallback (Address: 0x100a73e0)
- GetApplicationRestartSettings (Address: 0x100a73e4)
- WerGetFlags (Address: 0x100a73e8)
api-ms-win-core-wow64-l1-1-0.dll
- IsWow64Process (Address: 0x100a73f0)
api-ms-win-core-wow64-l1-1-1.dll
- GetSystemWow64DirectoryW (Address: 0x100a73f8)
- IsWow64Process2 (Address: 0x100a73fc)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x100a7404)
- EventRegister (Address: 0x100a7414)
- EventSetInformation (Address: 0x100a7408)
- EventUnregister (Address: 0x100a740c)
- EventWriteTransfer (Address: 0x100a7410)
api-ms-win-oobe-notification-l1-1-0.dll
- OOBEComplete (Address: 0x100a741c)
api-ms-win-security-base-l1-1-0.dll
- AddAccessAllowedAceEx (Address: 0x100a7444)
- AddMandatoryAce (Address: 0x100a7438)
- AllocateAndInitializeSid (Address: 0x100a7458)
- CheckTokenMembership (Address: 0x100a7428)
- CopySid (Address: 0x100a7468)
- CreateWellKnownSid (Address: 0x100a7484)
- DuplicateToken (Address: 0x100a7460)
- FreeSid (Address: 0x100a7434)
- GetAce (Address: 0x100a7450)
- GetFileSecurityW (Address: 0x100a743c)
- GetKernelObjectSecurity (Address: 0x100a745c)
- GetLengthSid (Address: 0x100a744c)
- GetSecurityDescriptorDacl (Address: 0x100a7464)
- GetSecurityDescriptorSacl (Address: 0x100a7454)
- GetSidSubAuthority (Address: 0x100a747c)
- GetSidSubAuthorityCount (Address: 0x100a7478)
- GetTokenInformation (Address: 0x100a746c)
- ImpersonateLoggedOnUser (Address: 0x100a7474)
- InitializeAcl (Address: 0x100a7448)
- InitializeSecurityDescriptor (Address: 0x100a7424)
- IsValidSid (Address: 0x100a7440)
- RevertToSelf (Address: 0x100a7480)
- SetKernelObjectSecurity (Address: 0x100a7470)
- SetSecurityDescriptorDacl (Address: 0x100a742c)
- SetSecurityDescriptorSacl (Address: 0x100a7430)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x100a74bc)
- __dllonexit (Address: 0x100a74d4)
- _amsg_exit (Address: 0x100a74f0)
- _CxxThrowException (Address: 0x100a74b4)
- _except_handler4_common (Address: 0x100a74c4)
- _ftol2 (Address: 0x100a74b0)
- _initterm (Address: 0x100a74e4)
- _lock (Address: 0x100a74dc)
- _onexit (Address: 0x100a74d0)
- _purecall (Address: 0x100a74e0)
- _set_errno (Address: 0x100a7510)
- _unlock (Address: 0x100a74d8)
- _vsnprintf_s (Address: 0x100a74f8)
- _vsnwprintf (Address: 0x100a7514)
- _wcsdup (Address: 0x100a7504)
- _wfopen (Address: 0x100a74a0)
- _XcptFilter (Address: 0x100a74f4)
- ??0exception@@QAE@ABV0@@Z (Address: 0x100a74fc)
- ??0exception@@QAE@XZ (Address: 0x100a7500)
- ??1exception@@UAE@XZ (Address: 0x100a7508)
- ??1type_info@@UAE@XZ (Address: 0x100a74c8)
- ?terminate@@YAXXZ (Address: 0x100a74cc)
- fclose (Address: 0x100a749c)
- fread (Address: 0x100a748c)
- free (Address: 0x100a74ec)
- fseek (Address: 0x100a7490)
- fwprintf (Address: 0x100a7494)
- fwrite (Address: 0x100a7498)
- malloc (Address: 0x100a74e8)
- memcmp (Address: 0x100a74a4)
- memcpy (Address: 0x100a7518)
- memcpy_s (Address: 0x100a750c)
- memmove (Address: 0x100a74b8)
- memset (Address: 0x100a751c)
- rand (Address: 0x100a74ac)
- realloc (Address: 0x100a74c0)
- srand (Address: 0x100a74a8)
ntdll.dll
- _errno (Address: 0x100a7524)
- _snwprintf_s (Address: 0x100a75b4)
- _snwscanf_s (Address: 0x100a75b8)
- _strnicmp (Address: 0x100a75d0)
- _vscwprintf (Address: 0x100a7684)
- _vsnprintf (Address: 0x100a75c4)
- _wcsicmp (Address: 0x100a767c)
- _wcsnicmp (Address: 0x100a7680)
- _wcstoui64 (Address: 0x100a7560)
- _wtoi (Address: 0x100a766c)
- _wtoi64 (Address: 0x100a75f8)
- atoi (Address: 0x100a75cc)
- DbgPrintEx (Address: 0x100a75dc)
- EtwEventWriteNoRegistration (Address: 0x100a7598)
- EtwGetTraceEnableFlags (Address: 0x100a76c4)
- EtwGetTraceEnableLevel (Address: 0x100a76c8)
- EtwGetTraceLoggerHandle (Address: 0x100a76cc)
- EtwRegisterTraceGuidsW (Address: 0x100a7690)
- EtwTraceMessage (Address: 0x100a76d0)
- EtwUnregisterTraceGuids (Address: 0x100a768c)
- iswspace (Address: 0x100a7678)
- memmove_s (Address: 0x100a756c)
- NtAlpcConnectPort (Address: 0x100a75a0)
- NtAlpcQueryInformation (Address: 0x100a7638)
- NtAlpcSendWaitReceivePort (Address: 0x100a75a4)
- NtClose (Address: 0x100a7538)
- NtCreateFile (Address: 0x100a761c)
- NtDeviceIoControlFile (Address: 0x100a753c)
- NtOpenEvent (Address: 0x100a7578)
- NtQueryEvent (Address: 0x100a757c)
- NtQueryInformationFile (Address: 0x100a7588)
- NtQueryInformationProcess (Address: 0x100a7604)
- NtQueryInformationThread (Address: 0x100a7628)
- NtQueryInformationToken (Address: 0x100a7580)
- NtQueryLicenseValue (Address: 0x100a7574)
- NtQueryMutant (Address: 0x100a7618)
- NtQueryObject (Address: 0x100a7620)
- NtQuerySystemInformation (Address: 0x100a7610)
- NtQueryVirtualMemory (Address: 0x100a7600)
- NtQueryWnfStateData (Address: 0x100a7608)
- NtReadVirtualMemory (Address: 0x100a7554)
- NtSetInformationFile (Address: 0x100a758c)
- NtSetInformationThread (Address: 0x100a7534)
- NtUnmapViewOfSection (Address: 0x100a75fc)
- NtWaitForSingleObject (Address: 0x100a7614)
- qsort (Address: 0x100a7570)
- qsort_s (Address: 0x100a7548)
- RtlAcquirePrivilege (Address: 0x100a7540)
- RtlAcquireSRWLockExclusive (Address: 0x100a7644)
- RtlAcquireSRWLockShared (Address: 0x100a7640)
- RtlAllocateAndInitializeSid (Address: 0x100a759c)
- RtlAllocateHeap (Address: 0x100a7664)
- RtlCompareUnicodeString (Address: 0x100a7694)
- RtlCompressBuffer (Address: 0x100a76a4)
- RtlComputeCrc32 (Address: 0x100a76ac)
- RtlCreateQueryDebugBuffer (Address: 0x100a7630)
- RtlDecompressBufferEx (Address: 0x100a76b0)
- RtlDestroyQueryDebugBuffer (Address: 0x100a7658)
- RtlDetermineDosPathNameType_U (Address: 0x100a7688)
- RtlDisableThreadProfiling (Address: 0x100a7528)
- RtlEnableThreadProfiling (Address: 0x100a7530)
- RtlEqualUnicodeString (Address: 0x100a765c)
- RtlFreeHeap (Address: 0x100a762c)
- RtlFreeSid (Address: 0x100a75a8)
- RtlFreeUnicodeString (Address: 0x100a7654)
- RtlGetCompressionWorkSpaceSize (Address: 0x100a76a0)
- RtlGetDeviceFamilyInfoEnum (Address: 0x100a75d8)
- RtlGetVersion (Address: 0x100a7564)
- RtlGUIDFromString (Address: 0x100a7584)
- RtlInitializeSRWLock (Address: 0x100a7660)
- RtlInitUnicodeString (Address: 0x100a764c)
- RtlNtStatusToDosError (Address: 0x100a7624)
- RtlNtStatusToDosErrorNoTeb (Address: 0x100a7698)
- RtlPublishWnfStateData (Address: 0x100a755c)
- RtlQueryHeapInformation (Address: 0x100a7550)
- RtlQueryPackageClaims (Address: 0x100a760c)
- RtlQueryPackageIdentityEx (Address: 0x100a75e0)
- RtlQueryProcessDebugInformation (Address: 0x100a7650)
- RtlQueryTokenHostIdAsUlong64 (Address: 0x100a75e4)
- RtlRbInsertNodeEx (Address: 0x100a769c)
- RtlRbRemoveNode (Address: 0x100a76a8)
- RtlReadThreadProfilingData (Address: 0x100a752c)
- RtlReleasePrivilege (Address: 0x100a7544)
- RtlReleaseSRWLockExclusive (Address: 0x100a7648)
- RtlReleaseSRWLockShared (Address: 0x100a763c)
- RtlSecondsSince1970ToTime (Address: 0x100a76bc)
- RtlStringFromGUID (Address: 0x100a7634)
- strpbrk (Address: 0x100a76b4)
- strrchr (Address: 0x100a75c8)
- strstr (Address: 0x100a76b8)
- swprintf_s (Address: 0x100a76c0)
- swscanf_s (Address: 0x100a75d4)
- toupper (Address: 0x100a7668)
- towlower (Address: 0x100a75ac)
- wcscat_s (Address: 0x100a75f0)
- wcschr (Address: 0x100a7674)
- wcscpy_s (Address: 0x100a75f4)
- wcscspn (Address: 0x100a75c0)
- wcsncmp (Address: 0x100a75b0)
- wcsncpy_s (Address: 0x100a75e8)
- wcspbrk (Address: 0x100a7670)
- wcsrchr (Address: 0x100a75ec)
- wcsspn (Address: 0x100a75bc)
- wcsstr (Address: 0x100a7568)
- wcstok_s (Address: 0x100a754c)
- wcstoul (Address: 0x100a7558)
- ZwQueryWnfStateNameInformation (Address: 0x100a7590)
- ZwUpdateWnfStateData (Address: 0x100a7594)
RPCRT4.dll
- RpcStringFreeW (Address: 0x100a7000)
- UuidCreate (Address: 0x100a700c)
- UuidCreateSequential (Address: 0x100a7008)
- UuidToStringW (Address: 0x100a7004)