winrscmd.dll
Description: remtsvc
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3636
Architecture: 32-bit
Operating System: Windows NT
SHA256: 708ecea198d0173b486c32117277e4ea
File Size: 96.0 KB
Uploaded At: Dec. 1, 2025, 8:07 a.m.
Views: 15
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ (Ordinal: 1, Address: 0x3460)
- ??0?$SafeMap_Iterator@VKey@Locale@@K@@QAE@AAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z (Ordinal: 2, Address: 0x3570)
- ??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@ABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z (Ordinal: 3, Address: 0x3680)
- ??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ (Ordinal: 4, Address: 0x33f0)
- ??1?$SafeMap_Iterator@VKey@Locale@@K@@QAE@XZ (Ordinal: 5, Address: 0x34e0)
- ??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ (Ordinal: 6, Address: 0x3620)
- ??1CWSManCriticalSectionWithConditionVar@@QAE@XZ (Ordinal: 7, Address: 0x32b0)
- ??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@ (Ordinal: 8, Address: 0x154c)
- ?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ (Ordinal: 9, Address: 0x32c0)
- ?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEXXZ (Ordinal: 10, Address: 0x36f0)
- ?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE_NXZ (Ordinal: 11, Address: 0x3610)
- ?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEAAV1@XZ (Ordinal: 12, Address: 0x34c0)
- ?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IBEAAV?$STLMap@VKey@Locale@@K@@XZ (Ordinal: 13, Address: 0x3790)
- ?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z (Ordinal: 14, Address: 0x32d0)
- ?GetInitError@CWSManCriticalSection@@QBEKXZ (Ordinal: 15, Address: 0x32a0)
- ?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QBEAAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ (Ordinal: 16, Address: 0x32a0)
- ?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QBEABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ (Ordinal: 17, Address: 0x32a0)
- ?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z (Ordinal: 18, Address: 0x3330)
- ?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QBE_NXZ (Ordinal: 19, Address: 0x34d0)
- ?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ (Ordinal: 20, Address: 0x32c0)
- ?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QAEXXZ (Ordinal: 21, Address: 0x36b0)
- ?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IAEXXZ (Ordinal: 22, Address: 0x3740)
- WSManPluginCommand (Ordinal: 23, Address: 0x3a40)
- WSManPluginReceive (Ordinal: 24, Address: 0x3aa0)
- WSManPluginReleaseCommandContext (Ordinal: 25, Address: 0x3af0)
- WSManPluginReleaseShellContext (Ordinal: 26, Address: 0x3ae0)
- WSManPluginSend (Ordinal: 27, Address: 0x3a70)
- WSManPluginShell (Ordinal: 28, Address: 0x3a10)
- WSManPluginShutdown (Ordinal: 29, Address: 0x39f0)
- WSManPluginSignal (Ordinal: 30, Address: 0x3ac0)
- WSManPluginStartup (Ordinal: 31, Address: 0x39d0)
Imported DLLs & Functions
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x100160ec)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x100160f4)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x100160fc)
- SetLastError (Address: 0x10016100)
- SetUnhandledExceptionFilter (Address: 0x10016104)
- UnhandledExceptionFilter (Address: 0x10016108)
api-ms-win-core-file-l1-1-0.dll
- ReadFile (Address: 0x10016110)
- WriteFile (Address: 0x10016114)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x10016120)
- DuplicateHandle (Address: 0x1001611c)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x10016138)
- HeapAlloc (Address: 0x10016128)
- HeapCreate (Address: 0x10016134)
- HeapDestroy (Address: 0x10016130)
- HeapFree (Address: 0x1001612c)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalFree (Address: 0x10016140)
api-ms-win-core-io-l1-1-0.dll
- CancelIoEx (Address: 0x10016148)
api-ms-win-core-job-l2-1-0.dll
- AssignProcessToJobObject (Address: 0x10016154)
- CreateJobObjectW (Address: 0x10016158)
- SetInformationJobObject (Address: 0x10016150)
- TerminateJobObject (Address: 0x1001615c)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- RegisterWaitForSingleObject (Address: 0x10016164)
api-ms-win-core-libraryloader-l1-1-0.dll
- DisableThreadLibraryCalls (Address: 0x1001616c)
api-ms-win-core-namedpipe-l1-1-0.dll
- CreatePipe (Address: 0x10016174)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x100161a0)
- GetCurrentProcess (Address: 0x1001619c)
- GetCurrentProcessId (Address: 0x1001618c)
- GetCurrentThread (Address: 0x10016190)
- GetCurrentThreadId (Address: 0x1001617c)
- GetExitCodeProcess (Address: 0x10016180)
- OpenProcessToken (Address: 0x10016184)
- OpenThreadToken (Address: 0x10016194)
- ResumeThread (Address: 0x10016188)
- TerminateProcess (Address: 0x10016198)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x100161a8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x100161b0)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x100161c8)
- DeleteCriticalSection (Address: 0x100161bc)
- EnterCriticalSection (Address: 0x100161c0)
- InitializeCriticalSection (Address: 0x100161cc)
- LeaveCriticalSection (Address: 0x100161b8)
- SetEvent (Address: 0x100161d0)
- WaitForMultipleObjectsEx (Address: 0x100161c4)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x100161d8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x100161e8)
- GetTickCount (Address: 0x100161e0)
- GetVersionExW (Address: 0x100161e4)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x100161f0)
- UnregisterWaitEx (Address: 0x100161f4)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x10016210)
- GetTraceEnableLevel (Address: 0x10016208)
- GetTraceLoggerHandle (Address: 0x1001620c)
- RegisterTraceGuidsW (Address: 0x10016204)
- TraceMessage (Address: 0x100161fc)
- UnregisterTraceGuids (Address: 0x10016200)
api-ms-win-security-base-l1-1-0.dll
- CopySid (Address: 0x1001621c)
- GetLengthSid (Address: 0x10016218)
- GetTokenInformation (Address: 0x10016220)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x10016228)
- __dllonexit (Address: 0x10016278)
- _amsg_exit (Address: 0x10016250)
- _CxxThrowException (Address: 0x10016244)
- _except_handler4_common (Address: 0x10016280)
- _initterm (Address: 0x10016264)
- _lock (Address: 0x10016270)
- _onexit (Address: 0x1001627c)
- _purecall (Address: 0x1001625c)
- _unlock (Address: 0x10016274)
- _wcsicmp (Address: 0x10016230)
- _wcsnicmp (Address: 0x1001622c)
- _XcptFilter (Address: 0x10016284)
- ??0exception@@QAE@ABQBD@Z (Address: 0x10016234)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x10016258)
- ??0exception@@QAE@ABV0@@Z (Address: 0x10016238)
- ??1exception@@UAE@XZ (Address: 0x1001623c)
- ??1type_info@@UAE@XZ (Address: 0x1001626c)
- ?terminate@@YAXXZ (Address: 0x10016268)
- ?what@exception@@UBEPBDXZ (Address: 0x10016240)
- free (Address: 0x10016254)
- malloc (Address: 0x10016260)
- memcpy (Address: 0x10016248)
- memmove (Address: 0x1001624c)
- memset (Address: 0x10016288)
ntdll.dll
- RtlInitUnicodeString (Address: 0x10016290)
RPCRT4.dll
- RpcStringFreeW (Address: 0x10016004)
- UuidCreate (Address: 0x10016008)
- UuidToStringW (Address: 0x10016000)
WsmSvc.DLL
- ??0?$AutoDeleteVector@G@@QAE@PAG@Z (Address: 0x10016060)
- ??0?$AutoDeleteVector@G@@QAE@XZ (Address: 0x100160e0)
- ??0?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAE@XZ (Address: 0x10016058)
- ??0?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QAE@XZ (Address: 0x100160e4)
- ??0?$AutoRelease@VCWinRSPluginConfigCache@@@@QAE@XZ (Address: 0x10016028)
- ??0?$AutoRelease@VCWinRSPluginConfigSettings@@@@QAE@PAVCWinRSPluginConfigSettings@@@Z (Address: 0x10016020)
- ??0AutoHandle@@QAE@PAX@Z (Address: 0x10016090)
- ??0AutoHandle@@QAE@XZ (Address: 0x1001608c)
- ??0CErrorContext@@QAE@_N@Z (Address: 0x10016048)
- ??0CRequestContext@@QAE@PBG@Z (Address: 0x100160d8)
- ??0CRequestContext@@QAE@XZ (Address: 0x100160c4)
- ??0CWSManCriticalSection@@QAE@XZ (Address: 0x10016014)
- ??1?$AutoDeleteVector@G@@QAE@XZ (Address: 0x10016094)
- ??1?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAE@XZ (Address: 0x1001604c)
- ??1?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QAE@XZ (Address: 0x10016098)
- ??1?$AutoRelease@VCWinRSPluginConfigCache@@@@QAE@XZ (Address: 0x10016018)
- ??1?$AutoRelease@VCWinRSPluginConfigSettings@@@@QAE@XZ (Address: 0x1001601c)
- ??1AutoHandle@@QAE@XZ (Address: 0x10016068)
- ??1CErrorContext@@UAE@XZ (Address: 0x10016044)
- ??1CRequestContext@@UAE@XZ (Address: 0x100160c8)
- ??1CWSManCriticalSection@@QAE@XZ (Address: 0x100160a4)
- ??4?$AutoDeleteVector@G@@QAEAAV0@PAG@Z (Address: 0x1001605c)
- ??4?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAEAAV0@PAU_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@Z (Address: 0x10016054)
- ??4?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QAEAAV0@PAU_WINRS_RUN_COMMAND_ARG@@@Z (Address: 0x10016050)
- ??4?$AutoRelease@VCWinRSPluginConfigCache@@@@QAEAAV0@PAVCWinRSPluginConfigCache@@@Z (Address: 0x10016024)
- ??4AutoHandle@@QAEAAV0@PAX@Z (Address: 0x10016080)
- ?Acquire@CWSManCriticalSection@@QAEXXZ (Address: 0x1001607c)
- ?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z (Address: 0x100160a0)
- ?CreateActivityId@EventHandler@WSMan@@SGXAAU_GUID@@@Z (Address: 0x1001602c)
- ?EnsureActivityIdOnThread@EventHandler@WSMan@@SGXXZ (Address: 0x10016084)
- ?Free@WSManMemory@@SGXPAXH@Z (Address: 0x1001609c)
- ?GenerateTransferId@EventHandler@WSMan@@SGXABU_EVENT_DESCRIPTOR@@PBU_GUID@@1@Z (Address: 0x10016070)
- ?GetConfigCache@CWinRSPluginConfigCache@@SGPAV1@PAVIRequestContext@@W4ErrorLogging@@H@Z (Address: 0x10016030)
- ?GetCurrentSettings@CWinRSPluginConfigCache@@QAEPAVCWinRSPluginConfigSettings@@PAVIRequestContext@@@Z (Address: 0x10016040)
- ?GetErrorCode@CErrorContext@@UBEKXZ (Address: 0x1001603c)
- ?IsEventEnabled@EventHandler@WSMan@@SG_NABU_EVENT_DESCRIPTOR@@@Z (Address: 0x10016074)
- ?IsEventProviderEnabled@EventHandler@WSMan@@SG_NXZ (Address: 0x10016088)
- ?IsValid@CWSManCriticalSection@@QBEHXZ (Address: 0x1001606c)
- ?ProcessContext@CRequestContext@@UAEHHPAU_WSMAN_ERROR@@@Z (Address: 0x100160cc)
- ?ProviderShutdownCleanup@CWinRSPluginConfigCache@@SGXXZ (Address: 0x100160ac)
- ?RecordFailure@CRequestContext@@UAAXKKZZ (Address: 0x100160dc)
- ?Release@CWSManCriticalSection@@QAEXXZ (Address: 0x10016078)
- ?Shutdown@CConfigManager@@SGHXZ (Address: 0x100160b8)
- ?Shutdown@CWSManGroupPolicyManager@@SGHXZ (Address: 0x100160b4)
- ?ShutdownLocaleMap@Locale@@SGXXZ (Address: 0x100160b0)
- ?StringToDword@@YGHPBGPAK@Z (Address: 0x10016064)
- StringCchEqualsCI (Address: 0x10016034)
- WrapperCoSetProxyBlanket (Address: 0x10016038)
- WSManError (Address: 0x100160a8)
- WSManPluginFreeRequestDetails (Address: 0x100160d4)
- WSManPluginGetOperationParameters (Address: 0x100160c0)
- WSManPluginOperationComplete (Address: 0x100160bc)
- WSManPluginReceiveResult (Address: 0x10016010)
- WSManPluginReportContext (Address: 0x100160d0)