termsrv 2.dll

Description: Remote Desktop Session Host Server Remote Connections Manager

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.26100.8328

Architecture: 64-bit

Operating System: Windows NT

SHA256: d6c1f5638a0f11de072e8b03c6328555

File Size: 1.2 MB

Uploaded At: May 15, 2026, 9:44 a.m.

Views: 16

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x35d00)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x365b0)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x1800d7e08)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1800d7e20)
  • IsDebuggerPresent (Address: 0x1800d7e18)
  • OutputDebugStringA (Address: 0x1800d7e30)
  • OutputDebugStringW (Address: 0x1800d7e28)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1800d7e40)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1800d7e50)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1800d7e80)
  • RaiseException (Address: 0x1800d7e70)
  • SetLastError (Address: 0x1800d7e68)
  • SetUnhandledExceptionFilter (Address: 0x1800d7e78)
  • UnhandledExceptionFilter (Address: 0x1800d7e60)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x1800d7e98)
  • CreateDirectoryW (Address: 0x1800d7eb0)
  • CreateFileW (Address: 0x1800d7ea8)
  • GetFileAttributesExW (Address: 0x1800d7e90)
  • QueryDosDeviceW (Address: 0x1800d7ea0)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800d7ec8)
  • DuplicateHandle (Address: 0x1800d7ec0)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800d7ee8)
  • HeapAlloc (Address: 0x1800d7ed8)
  • HeapFree (Address: 0x1800d7ee0)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800d7f00)
  • LocalFree (Address: 0x1800d7ef8)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • LocalSize (Address: 0x1800d7f10)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x1800d7f20)
api-ms-win-core-io-l1-1-0.dll
  • DeviceIoControl (Address: 0x1800d7f30)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • GetComputerNameW (Address: 0x1800d7f50)
  • RegisterWaitForSingleObject (Address: 0x1800d7f40)
  • UnregisterWait (Address: 0x1800d7f48)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • VerifyVersionInfoW (Address: 0x1800d7f60)
api-ms-win-core-kernel32-private-l1-1-0.dll
  • CheckElevationEnabled (Address: 0x1800d7f70)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x1800d7f88)
  • FindResourceExW (Address: 0x1800d7f90)
  • FreeLibrary (Address: 0x1800d7fb8)
  • GetModuleFileNameA (Address: 0x1800d7fc8)
  • GetModuleFileNameW (Address: 0x1800d7f98)
  • GetModuleHandleExA (Address: 0x1800d7fb0)
  • GetModuleHandleExW (Address: 0x1800d7fd8)
  • GetModuleHandleW (Address: 0x1800d7fd0)
  • GetProcAddress (Address: 0x1800d7fe0)
  • LoadLibraryExW (Address: 0x1800d7fc0)
  • LoadResource (Address: 0x1800d7f80)
  • LoadStringW (Address: 0x1800d7fa8)
  • SizeofResource (Address: 0x1800d7fa0)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryW (Address: 0x1800d7ff0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x1800d8000)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x1800d8010)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x1800d8058)
  • CreateProcessW (Address: 0x1800d8048)
  • CreateThread (Address: 0x1800d8020)
  • ExitThread (Address: 0x1800d8030)
  • GetCurrentProcess (Address: 0x1800d8098)
  • GetCurrentProcessId (Address: 0x1800d8068)
  • GetCurrentThread (Address: 0x1800d8040)
  • GetCurrentThreadId (Address: 0x1800d8090)
  • GetExitCodeThread (Address: 0x1800d8028)
  • OpenProcessToken (Address: 0x1800d8050)
  • OpenThreadToken (Address: 0x1800d8088)
  • ProcessIdToSessionId (Address: 0x1800d8038)
  • TerminateProcess (Address: 0x1800d8060)
  • TlsAlloc (Address: 0x1800d80a0)
  • TlsFree (Address: 0x1800d8070)
  • TlsGetValue (Address: 0x1800d8080)
  • TlsSetValue (Address: 0x1800d8078)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x1800d80b8)
  • OpenProcess (Address: 0x1800d80b0)
  • SetProcessMitigationPolicy (Address: 0x1800d80c0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1800d80d0)
api-ms-win-core-psapi-l1-1-0.dll
  • K32EnumProcessModules (Address: 0x1800d80e0)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x1800d80f8)
  • RegCreateKeyExW (Address: 0x1800d8108)
  • RegDeleteValueW (Address: 0x1800d8130)
  • RegEnumKeyExW (Address: 0x1800d8128)
  • RegGetValueW (Address: 0x1800d80f0)
  • RegOpenKeyExW (Address: 0x1800d8110)
  • RegQueryInfoKeyW (Address: 0x1800d8120)
  • RegQueryValueExW (Address: 0x1800d8118)
  • RegSetValueExW (Address: 0x1800d8100)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x1800d8148)
  • WideCharToMultiByte (Address: 0x1800d8140)
api-ms-win-core-string-l2-1-0.dll
  • CharNextW (Address: 0x1800d8158)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x1800d8170)
  • lstrcmpW (Address: 0x1800d8168)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800d8180)
  • CreateEventW (Address: 0x1800d8190)
  • CreateMutexExW (Address: 0x1800d81e0)
  • CreateSemaphoreExW (Address: 0x1800d81a0)
  • DeleteCriticalSection (Address: 0x1800d8198)
  • EnterCriticalSection (Address: 0x1800d81b8)
  • InitializeCriticalSection (Address: 0x1800d81e8)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800d81f0)
  • InitializeSRWLock (Address: 0x1800d8200)
  • LeaveCriticalSection (Address: 0x1800d81d0)
  • OpenEventW (Address: 0x1800d81d8)
  • OpenSemaphoreW (Address: 0x1800d8218)
  • ReleaseMutex (Address: 0x1800d81c0)
  • ReleaseSemaphore (Address: 0x1800d81a8)
  • ReleaseSRWLockExclusive (Address: 0x1800d81c8)
  • ResetEvent (Address: 0x1800d8210)
  • SetEvent (Address: 0x1800d8188)
  • WaitForMultipleObjectsEx (Address: 0x1800d8208)
  • WaitForSingleObject (Address: 0x1800d81b0)
  • WaitForSingleObjectEx (Address: 0x1800d81f8)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x1800d8228)
api-ms-win-core-synch-l1-2-1.dll
  • CreateSemaphoreW (Address: 0x1800d8238)
  • WaitForMultipleObjects (Address: 0x1800d8240)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemDirectoryW (Address: 0x1800d8270)
  • GetSystemTime (Address: 0x1800d8260)
  • GetSystemTimeAsFileTime (Address: 0x1800d8250)
  • GetTickCount (Address: 0x1800d8268)
  • GetTickCount64 (Address: 0x1800d8258)
  • GetVersionExW (Address: 0x1800d8278)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetProductInfo (Address: 0x1800d8288)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpool (Address: 0x1800d82a8)
  • CloseThreadpoolCleanupGroup (Address: 0x1800d82b8)
  • CloseThreadpoolCleanupGroupMembers (Address: 0x1800d82c0)
  • CloseThreadpoolTimer (Address: 0x1800d82a0)
  • CreateThreadpool (Address: 0x1800d82f0)
  • CreateThreadpoolCleanupGroup (Address: 0x1800d82c8)
  • CreateThreadpoolTimer (Address: 0x1800d8298)
  • SetThreadpoolThreadMaximum (Address: 0x1800d82d8)
  • SetThreadpoolThreadMinimum (Address: 0x1800d82d0)
  • SetThreadpoolTimer (Address: 0x1800d82e0)
  • TrySubmitThreadpoolCallback (Address: 0x1800d82e8)
  • WaitForThreadpoolTimerCallbacks (Address: 0x1800d82b0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueue (Address: 0x1800d8320)
  • CreateTimerQueueTimer (Address: 0x1800d8318)
  • DeleteTimerQueueEx (Address: 0x1800d8328)
  • DeleteTimerQueueTimer (Address: 0x1800d8300)
  • QueueUserWorkItem (Address: 0x1800d8308)
  • UnregisterWaitEx (Address: 0x1800d8310)
api-ms-win-core-timezone-l1-1-0.dll
  • SystemTimeToFileTime (Address: 0x1800d8338)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x1800d8480)
  • __C_specific_handler_noexcept (Address: 0x1800d84a0)
  • __current_exception (Address: 0x1800d83f8)
  • __current_exception_context (Address: 0x1800d8400)
  • __CxxFrameHandler3 (Address: 0x1800d8408)
  • __CxxFrameHandler4 (Address: 0x1800d8490)
  • __std_terminate (Address: 0x1800d8488)
  • _CxxThrowException (Address: 0x1800d8418)
  • _o___std_exception_copy (Address: 0x1800d8470)
  • _o___std_exception_destroy (Address: 0x1800d8468)
  • _o___std_type_info_destroy_list (Address: 0x1800d8460)
  • _o___stdio_common_vsprintf (Address: 0x1800d8458)
  • _o___stdio_common_vswprintf (Address: 0x1800d8450)
  • _o___stdio_common_vswprintf_s (Address: 0x1800d8448)
  • _o__callnewh (Address: 0x1800d8440)
  • _o__cexit (Address: 0x1800d8438)
  • _o__configure_narrow_argv (Address: 0x1800d8430)
  • _o__crt_atexit (Address: 0x1800d8428)
  • _o__errno (Address: 0x1800d8420)
  • _o__execute_onexit_table (Address: 0x1800d8410)
  • _o__initialize_narrow_environment (Address: 0x1800d8348)
  • _o__initialize_onexit_table (Address: 0x1800d8350)
  • _o__invalid_parameter_noinfo (Address: 0x1800d8358)
  • _o__invalid_parameter_noinfo_noreturn (Address: 0x1800d8360)
  • _o__purecall (Address: 0x1800d8368)
  • _o__recalloc (Address: 0x1800d8370)
  • _o__register_onexit_function (Address: 0x1800d8378)
  • _o__resetstkoflw (Address: 0x1800d8380)
  • _o__seh_filter_dll (Address: 0x1800d8388)
  • _o__stricmp (Address: 0x1800d8390)
  • _o__wcsicmp (Address: 0x1800d8398)
  • _o__wcsnicmp (Address: 0x1800d83a0)
  • _o_ceilf (Address: 0x1800d83b0)
  • _o_free (Address: 0x1800d83b8)
  • _o_iswspace (Address: 0x1800d83c0)
  • _o_malloc (Address: 0x1800d83c8)
  • _o_qsort (Address: 0x1800d83d0)
  • _o_terminate (Address: 0x1800d83d8)
  • _o_wcscpy_s (Address: 0x1800d83e0)
  • _o_wcsncpy_s (Address: 0x1800d83e8)
  • _o_wcstok_s (Address: 0x1800d83f0)
  • memcmp (Address: 0x1800d84a8)
  • memcpy (Address: 0x1800d83a8)
  • wcschr (Address: 0x1800d8478)
  • wcsrchr (Address: 0x1800d8498)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x1800d84b8)
  • _initterm_e (Address: 0x1800d84c0)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x1800d84d0)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • TraceMessage (Address: 0x1800d84e0)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x1800d8510)
  • EventRegister (Address: 0x1800d84f8)
  • EventSetInformation (Address: 0x1800d8500)
  • EventUnregister (Address: 0x1800d8508)
  • EventWriteTransfer (Address: 0x1800d84f0)
api-ms-win-security-base-l1-1-0.dll
  • AccessCheck (Address: 0x1800d8590)
  • AccessCheckAndAuditAlarmW (Address: 0x1800d8538)
  • AddAce (Address: 0x1800d8598)
  • AllocateAndInitializeSid (Address: 0x1800d8620)
  • AllocateLocallyUniqueId (Address: 0x1800d85d0)
  • CheckTokenMembership (Address: 0x1800d8618)
  • CopySid (Address: 0x1800d85c0)
  • CreateWellKnownSid (Address: 0x1800d85c8)
  • DuplicateToken (Address: 0x1800d8540)
  • DuplicateTokenEx (Address: 0x1800d8550)
  • EqualSid (Address: 0x1800d85b0)
  • FreeSid (Address: 0x1800d8530)
  • GetAce (Address: 0x1800d85e8)
  • GetAclInformation (Address: 0x1800d85f0)
  • GetFileSecurityW (Address: 0x1800d85e0)
  • GetLengthSid (Address: 0x1800d85a8)
  • GetSecurityDescriptorControl (Address: 0x1800d8520)
  • GetSecurityDescriptorDacl (Address: 0x1800d85f8)
  • GetSecurityDescriptorLength (Address: 0x1800d85d8)
  • GetSidSubAuthority (Address: 0x1800d8580)
  • GetSidSubAuthorityCount (Address: 0x1800d8578)
  • GetTokenInformation (Address: 0x1800d8558)
  • ImpersonateLoggedOnUser (Address: 0x1800d8588)
  • InitializeAcl (Address: 0x1800d8568)
  • InitializeSecurityDescriptor (Address: 0x1800d8608)
  • IsTokenRestricted (Address: 0x1800d85a0)
  • IsValidSecurityDescriptor (Address: 0x1800d8528)
  • IsValidSid (Address: 0x1800d85b8)
  • MakeAbsoluteSD (Address: 0x1800d8570)
  • MakeSelfRelativeSD (Address: 0x1800d8548)
  • MapGenericMask (Address: 0x1800d8560)
  • RevertToSelf (Address: 0x1800d8610)
  • SetSecurityDescriptorDacl (Address: 0x1800d8600)
api-ms-win-security-base-l1-2-2.dll
  • DeriveCapabilitySidsFromName (Address: 0x1800d8630)
api-ms-win-security-lsalookup-l2-1-0.dll
  • LookupAccountSidW (Address: 0x1800d8640)
KERNEL32.dll
  • OOBEComplete (Address: 0x1800d7d40)
KERNELBASE.dll
  • WTSIsServerContainer (Address: 0x1800d7d50)
msvcp_win.dll
  • ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x1800d8650)
ntdll.dll
  • DbgPrint (Address: 0x1800d87d0)
  • EtwEventActivityIdControl (Address: 0x1800d8738)
  • EtwEventRegister (Address: 0x1800d87b0)
  • EtwEventUnregister (Address: 0x1800d87b8)
  • EtwEventWriteFull (Address: 0x1800d87a8)
  • EtwEventWriteTransfer (Address: 0x1800d8748)
  • NtCreateFile (Address: 0x1800d86f0)
  • NtDuplicateToken (Address: 0x1800d8758)
  • NtOpenProcess (Address: 0x1800d86a0)
  • NtOpenProcessToken (Address: 0x1800d86a8)
  • NtQueryInformationProcess (Address: 0x1800d8768)
  • NtQueryInformationToken (Address: 0x1800d8698)
  • NtQuerySystemInformation (Address: 0x1800d8668)
  • NtQuerySystemTime (Address: 0x1800d8740)
  • NtQueryVirtualMemory (Address: 0x1800d8660)
  • RtlAcquireResourceExclusive (Address: 0x1800d8770)
  • RtlAcquireResourceShared (Address: 0x1800d87c0)
  • RtlAdjustPrivilege (Address: 0x1800d8700)
  • RtlAllocateAndInitializeSid (Address: 0x1800d87e0)
  • RtlCaptureContext (Address: 0x1800d86d0)
  • RtlCaptureStackBackTrace (Address: 0x1800d8670)
  • RtlCompareMemory (Address: 0x1800d86e0)
  • RtlCopySecurityDescriptor (Address: 0x1800d8708)
  • RtlCopySid (Address: 0x1800d8690)
  • RtlCreateUserSecurityObject (Address: 0x1800d8728)
  • RtlDeleteElementGenericTable (Address: 0x1800d8778)
  • RtlDeleteResource (Address: 0x1800d87a0)
  • RtlDeleteSecurityObject (Address: 0x1800d86b0)
  • RtlEnumerateGenericTable (Address: 0x1800d8750)
  • RtlEqualSid (Address: 0x1800d87d8)
  • RtlFreeSid (Address: 0x1800d86b8)
  • RtlGetControlSecurityDescriptor (Address: 0x1800d8720)
  • RtlGetCurrentServiceSessionId (Address: 0x1800d8718)
  • RtlInitializeGenericTable (Address: 0x1800d8790)
  • RtlInitializeResource (Address: 0x1800d8798)
  • RtlInitString (Address: 0x1800d86e8)
  • RtlInitUnicodeString (Address: 0x1800d86f8)
  • RtlInsertElementGenericTable (Address: 0x1800d8780)
  • RtlLengthSid (Address: 0x1800d8730)
  • RtlLookupElementGenericTable (Address: 0x1800d8760)
  • RtlLookupFunctionEntry (Address: 0x1800d86c8)
  • RtlNotifyFeatureUsage (Address: 0x1800d8678)
  • RtlNtStatusToDosError (Address: 0x1800d87c8)
  • RtlNumberGenericTableElements (Address: 0x1800d8710)
  • RtlQueryElevationFlags (Address: 0x1800d8680)
  • RtlQueryFeatureConfiguration (Address: 0x1800d8688)
  • RtlReleaseResource (Address: 0x1800d8788)
  • RtlVerifyVersionInfo (Address: 0x1800d87e8)
  • RtlVirtualUnwind (Address: 0x1800d86c0)
  • VerSetConditionMask (Address: 0x1800d86d8)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x1800d7da0)
  • I_RpcBindingIsClientLocal (Address: 0x1800d7de8)
  • I_RpcServerDisableExceptionFilter (Address: 0x1800d7d88)
  • NdrServerCall2 (Address: 0x1800d7d80)
  • NdrServerCallAll (Address: 0x1800d7d78)
  • RpcBindingToStringBindingW (Address: 0x1800d7de0)
  • RpcImpersonateClient (Address: 0x1800d7db0)
  • RpcRevertToSelf (Address: 0x1800d7da8)
  • RpcServerInqCallAttributesW (Address: 0x1800d7dc0)
  • RpcServerInqDefaultPrincNameW (Address: 0x1800d7d60)
  • RpcServerListen (Address: 0x1800d7dd0)
  • RpcServerRegisterAuthInfoW (Address: 0x1800d7d68)
  • RpcServerRegisterIf3 (Address: 0x1800d7d70)
  • RpcServerRegisterIfEx (Address: 0x1800d7dc8)
  • RpcServerUnregisterIfEx (Address: 0x1800d7dd8)
  • RpcServerUseProtseqEpW (Address: 0x1800d7db8)
  • RpcStringBindingParseW (Address: 0x1800d7df0)
  • RpcStringFreeW (Address: 0x1800d7df8)
  • UuidFromStringW (Address: 0x1800d7d90)
  • UuidToStringW (Address: 0x1800d7d98)