termsrv.dll

Description: Remote Desktop Session Host Server Remote Connections Manager

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6926

Architecture: 64-bit

Operating System: Windows NT

SHA256: 65cf3dfae9cd0469cfdb0640cfa73f2e

File Size: 1.2 MB

Uploaded At: Feb. 15, 2026, 10:51 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x38960)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x39960)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x1800d0820)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1800d0848)
  • IsDebuggerPresent (Address: 0x1800d0838)
  • OutputDebugStringA (Address: 0x1800d0840)
  • OutputDebugStringW (Address: 0x1800d0830)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1800d0858)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1800d0868)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1800d0898)
  • RaiseException (Address: 0x1800d0878)
  • SetLastError (Address: 0x1800d0888)
  • SetUnhandledExceptionFilter (Address: 0x1800d0880)
  • UnhandledExceptionFilter (Address: 0x1800d0890)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x1800d08a8)
  • CreateDirectoryW (Address: 0x1800d08b0)
  • CreateFileW (Address: 0x1800d08c0)
  • QueryDosDeviceW (Address: 0x1800d08b8)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800d08d0)
  • DuplicateHandle (Address: 0x1800d08d8)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800d08f0)
  • HeapAlloc (Address: 0x1800d08f8)
  • HeapFree (Address: 0x1800d08e8)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800d0908)
  • LocalFree (Address: 0x1800d0910)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • LocalSize (Address: 0x1800d0920)
api-ms-win-core-io-l1-1-0.dll
  • DeviceIoControl (Address: 0x1800d0930)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • GetComputerNameW (Address: 0x1800d0948)
  • RegisterWaitForSingleObject (Address: 0x1800d0940)
  • UnregisterWait (Address: 0x1800d0950)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • VerifyVersionInfoW (Address: 0x1800d0960)
api-ms-win-core-kernel32-private-l1-1-0.dll
  • CheckElevationEnabled (Address: 0x1800d0970)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x1800d09b8)
  • FindResourceExW (Address: 0x1800d0980)
  • FreeLibrary (Address: 0x1800d09c0)
  • GetModuleFileNameA (Address: 0x1800d09a8)
  • GetModuleFileNameW (Address: 0x1800d0990)
  • GetModuleHandleExW (Address: 0x1800d09d8)
  • GetModuleHandleW (Address: 0x1800d09d0)
  • GetProcAddress (Address: 0x1800d0988)
  • LoadLibraryExW (Address: 0x1800d09c8)
  • LoadResource (Address: 0x1800d0998)
  • LoadStringW (Address: 0x1800d09a0)
  • SizeofResource (Address: 0x1800d09b0)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryW (Address: 0x1800d09e8)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x1800d09f8)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x1800d0a08)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x1800d0a88)
  • CreateProcessW (Address: 0x1800d0a38)
  • CreateThread (Address: 0x1800d0a78)
  • ExitThread (Address: 0x1800d0a18)
  • GetCurrentProcess (Address: 0x1800d0a98)
  • GetCurrentProcessId (Address: 0x1800d0a30)
  • GetCurrentThread (Address: 0x1800d0a60)
  • GetCurrentThreadId (Address: 0x1800d0a68)
  • GetExitCodeThread (Address: 0x1800d0a90)
  • OpenProcessToken (Address: 0x1800d0a50)
  • OpenThreadToken (Address: 0x1800d0a58)
  • ProcessIdToSessionId (Address: 0x1800d0a80)
  • TerminateProcess (Address: 0x1800d0a48)
  • TlsAlloc (Address: 0x1800d0a40)
  • TlsFree (Address: 0x1800d0a28)
  • TlsGetValue (Address: 0x1800d0a70)
  • TlsSetValue (Address: 0x1800d0a20)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x1800d0aa8)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1800d0ab8)
api-ms-win-core-psapi-l1-1-0.dll
  • K32EnumProcessModules (Address: 0x1800d0ac8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x1800d0af0)
  • RegCreateKeyExW (Address: 0x1800d0b18)
  • RegDeleteValueW (Address: 0x1800d0ae0)
  • RegEnumKeyExW (Address: 0x1800d0ad8)
  • RegGetValueW (Address: 0x1800d0b08)
  • RegOpenKeyExW (Address: 0x1800d0af8)
  • RegQueryInfoKeyW (Address: 0x1800d0ae8)
  • RegQueryValueExW (Address: 0x1800d0b00)
  • RegSetValueExW (Address: 0x1800d0b10)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x1800d0b28)
api-ms-win-core-string-l2-1-0.dll
  • CharNextW (Address: 0x1800d0b38)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x1800d0b48)
  • lstrcmpW (Address: 0x1800d0b50)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800d0ba0)
  • AcquireSRWLockShared (Address: 0x1800d0bd8)
  • CreateEventW (Address: 0x1800d0c00)
  • CreateMutexExW (Address: 0x1800d0bf8)
  • CreateSemaphoreExW (Address: 0x1800d0bf0)
  • DeleteCriticalSection (Address: 0x1800d0ba8)
  • EnterCriticalSection (Address: 0x1800d0b90)
  • InitializeCriticalSection (Address: 0x1800d0c10)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800d0bc0)
  • InitializeCriticalSectionEx (Address: 0x1800d0b98)
  • InitializeSRWLock (Address: 0x1800d0b88)
  • LeaveCriticalSection (Address: 0x1800d0c08)
  • OpenEventW (Address: 0x1800d0b68)
  • OpenSemaphoreW (Address: 0x1800d0bd0)
  • ReleaseMutex (Address: 0x1800d0bb0)
  • ReleaseSemaphore (Address: 0x1800d0b70)
  • ReleaseSRWLockExclusive (Address: 0x1800d0b78)
  • ReleaseSRWLockShared (Address: 0x1800d0b80)
  • ResetEvent (Address: 0x1800d0bb8)
  • SetEvent (Address: 0x1800d0b60)
  • WaitForMultipleObjectsEx (Address: 0x1800d0be8)
  • WaitForSingleObject (Address: 0x1800d0bc8)
  • WaitForSingleObjectEx (Address: 0x1800d0be0)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x1800d0c20)
api-ms-win-core-synch-l1-2-1.dll
  • CreateSemaphoreW (Address: 0x1800d0c30)
  • WaitForMultipleObjects (Address: 0x1800d0c38)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemDirectoryW (Address: 0x1800d0c50)
  • GetSystemTime (Address: 0x1800d0c58)
  • GetSystemTimeAsFileTime (Address: 0x1800d0c68)
  • GetTickCount (Address: 0x1800d0c48)
  • GetTickCount64 (Address: 0x1800d0c60)
  • GetVersionExW (Address: 0x1800d0c70)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetProductInfo (Address: 0x1800d0c80)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpool (Address: 0x1800d0cd0)
  • CloseThreadpoolCleanupGroup (Address: 0x1800d0c98)
  • CloseThreadpoolCleanupGroupMembers (Address: 0x1800d0cc0)
  • CloseThreadpoolTimer (Address: 0x1800d0ce0)
  • CreateThreadpool (Address: 0x1800d0cb8)
  • CreateThreadpoolCleanupGroup (Address: 0x1800d0ca0)
  • CreateThreadpoolTimer (Address: 0x1800d0c90)
  • SetThreadpoolThreadMaximum (Address: 0x1800d0cb0)
  • SetThreadpoolThreadMinimum (Address: 0x1800d0cd8)
  • SetThreadpoolTimer (Address: 0x1800d0ce8)
  • TrySubmitThreadpoolCallback (Address: 0x1800d0cc8)
  • WaitForThreadpoolTimerCallbacks (Address: 0x1800d0ca8)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueue (Address: 0x1800d0d10)
  • CreateTimerQueueTimer (Address: 0x1800d0d20)
  • DeleteTimerQueueEx (Address: 0x1800d0cf8)
  • DeleteTimerQueueTimer (Address: 0x1800d0d18)
  • QueueUserWorkItem (Address: 0x1800d0d08)
  • UnregisterWaitEx (Address: 0x1800d0d00)
api-ms-win-core-timezone-l1-1-0.dll
  • SystemTimeToFileTime (Address: 0x1800d0d30)
api-ms-win-devices-query-l1-1-0.dll
  • DevCloseObjectQuery (Address: 0x1800d0d60)
  • DevCreateObjectQuery (Address: 0x1800d0d40)
  • DevFindProperty (Address: 0x1800d0d48)
  • DevFreeObjectProperties (Address: 0x1800d0d58)
  • DevGetObjectProperties (Address: 0x1800d0d50)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • TraceMessage (Address: 0x1800d0d70)
api-ms-win-eventing-controller-l1-1-0.dll
  • ControlTraceW (Address: 0x1800d0d80)
  • EnableTraceEx2 (Address: 0x1800d0d90)
  • StartTraceW (Address: 0x1800d0d88)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x1800d0da0)
  • EventProviderEnabled (Address: 0x1800d0dc0)
  • EventRegister (Address: 0x1800d0da8)
  • EventSetInformation (Address: 0x1800d0db0)
  • EventUnregister (Address: 0x1800d0db8)
  • EventWriteTransfer (Address: 0x1800d0dc8)
api-ms-win-security-base-l1-1-0.dll
  • AccessCheckAndAuditAlarmW (Address: 0x1800d0df0)
  • AddAce (Address: 0x1800d0df8)
  • AllocateAndInitializeSid (Address: 0x1800d0e58)
  • AllocateLocallyUniqueId (Address: 0x1800d0e40)
  • CheckTokenMembership (Address: 0x1800d0ea8)
  • CopySid (Address: 0x1800d0e28)
  • CreateWellKnownSid (Address: 0x1800d0e48)
  • DuplicateToken (Address: 0x1800d0eb0)
  • DuplicateTokenEx (Address: 0x1800d0de0)
  • EqualSid (Address: 0x1800d0e20)
  • FreeSid (Address: 0x1800d0dd8)
  • GetAce (Address: 0x1800d0e18)
  • GetAclInformation (Address: 0x1800d0e70)
  • GetFileSecurityW (Address: 0x1800d0e00)
  • GetLengthSid (Address: 0x1800d0e30)
  • GetSecurityDescriptorControl (Address: 0x1800d0e98)
  • GetSecurityDescriptorDacl (Address: 0x1800d0e90)
  • GetSecurityDescriptorLength (Address: 0x1800d0e50)
  • GetTokenInformation (Address: 0x1800d0ea0)
  • ImpersonateLoggedOnUser (Address: 0x1800d0e10)
  • InitializeAcl (Address: 0x1800d0de8)
  • InitializeSecurityDescriptor (Address: 0x1800d0e60)
  • IsValidSecurityDescriptor (Address: 0x1800d0e08)
  • IsValidSid (Address: 0x1800d0e38)
  • MakeAbsoluteSD (Address: 0x1800d0e78)
  • MakeSelfRelativeSD (Address: 0x1800d0e80)
  • RevertToSelf (Address: 0x1800d0e88)
  • SetSecurityDescriptorDacl (Address: 0x1800d0e68)
api-ms-win-security-base-l1-2-2.dll
  • DeriveCapabilitySidsFromName (Address: 0x1800d0ec0)
KERNEL32.dll
  • OOBEComplete (Address: 0x1800d06e8)
KERNELBASE.dll
  • WTSIsServerContainer (Address: 0x1800d06f8)
msvcrt.dll
  • __C_specific_handler (Address: 0x1800d0ed0)
  • __CxxFrameHandler3 (Address: 0x1800d0ff8)
  • __dllonexit (Address: 0x1800d0f38)
  • _amsg_exit (Address: 0x1800d0ee0)
  • _callnewh (Address: 0x1800d1020)
  • _CxxThrowException (Address: 0x1800d1000)
  • _errno (Address: 0x1800d0f48)
  • _initterm (Address: 0x1800d0ef0)
  • _lock (Address: 0x1800d0f20)
  • _onexit (Address: 0x1800d0f40)
  • _purecall (Address: 0x1800d0ed8)
  • _resetstkoflw (Address: 0x1800d1030)
  • _stricmp (Address: 0x1800d0fc0)
  • _unlock (Address: 0x1800d0f30)
  • _vscwprintf (Address: 0x1800d0fc8)
  • _vsnprintf (Address: 0x1800d0fb0)
  • _vsnprintf_s (Address: 0x1800d0ef8)
  • _vsnwprintf (Address: 0x1800d0ee8)
  • _wcsicmp (Address: 0x1800d0f88)
  • _wcsnicmp (Address: 0x1800d0f60)
  • _XcptFilter (Address: 0x1800d0fe8)
  • ??_V@YAXPEAX@Z (Address: 0x1800d0ff0)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800d1018)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800d1010)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800d0f78)
  • ??0exception@@QEAA@XZ (Address: 0x1800d0f68)
  • ??1exception@@UEAA@XZ (Address: 0x1800d0f70)
  • ??1type_info@@UEAA@XZ (Address: 0x1800d0f10)
  • ??3@YAXPEAX@Z (Address: 0x1800d1028)
  • ?terminate@@YAXXZ (Address: 0x1800d0f08)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x1800d1008)
  • free (Address: 0x1800d0fa8)
  • iswspace (Address: 0x1800d0fd8)
  • malloc (Address: 0x1800d0fa0)
  • memcmp (Address: 0x1800d0fb8)
  • memcpy (Address: 0x1800d0fe0)
  • memcpy_s (Address: 0x1800d1040)
  • memmove (Address: 0x1800d0f00)
  • memmove_s (Address: 0x1800d0f80)
  • memset (Address: 0x1800d1050)
  • qsort (Address: 0x1800d0f28)
  • realloc (Address: 0x1800d0f58)
  • swprintf_s (Address: 0x1800d1038)
  • toupper (Address: 0x1800d0f18)
  • wcschr (Address: 0x1800d0fd0)
  • wcscpy_s (Address: 0x1800d1048)
  • wcsncpy_s (Address: 0x1800d0f98)
  • wcsrchr (Address: 0x1800d0f50)
  • wcstok_s (Address: 0x1800d0f90)
ntdll.dll
  • DbgPrint (Address: 0x1800d10c8)
  • EtwEventActivityIdControl (Address: 0x1800d1158)
  • EtwEventRegister (Address: 0x1800d11d8)
  • EtwEventUnregister (Address: 0x1800d11e0)
  • EtwEventWriteFull (Address: 0x1800d11c8)
  • EtwEventWriteTransfer (Address: 0x1800d1188)
  • NtCreateFile (Address: 0x1800d1138)
  • NtDuplicateToken (Address: 0x1800d10a0)
  • NtOpenProcess (Address: 0x1800d1060)
  • NtOpenProcessToken (Address: 0x1800d1068)
  • NtQueryInformationProcess (Address: 0x1800d1090)
  • NtQueryInformationToken (Address: 0x1800d10b0)
  • NtQuerySystemInformation (Address: 0x1800d10e8)
  • NtQuerySystemTime (Address: 0x1800d1180)
  • NtQueryVirtualMemory (Address: 0x1800d10f0)
  • RtlAcquireResourceExclusive (Address: 0x1800d10a8)
  • RtlAcquireResourceShared (Address: 0x1800d10b8)
  • RtlAdjustPrivilege (Address: 0x1800d1148)
  • RtlAllocateAndInitializeSid (Address: 0x1800d11d0)
  • RtlAreBitsSet (Address: 0x1800d1168)
  • RtlCaptureContext (Address: 0x1800d1118)
  • RtlCaptureStackBackTrace (Address: 0x1800d10e0)
  • RtlClearBits (Address: 0x1800d1160)
  • RtlCompareMemory (Address: 0x1800d1128)
  • RtlCopySecurityDescriptor (Address: 0x1800d1078)
  • RtlCopySid (Address: 0x1800d11e8)
  • RtlCreateUserSecurityObject (Address: 0x1800d1088)
  • RtlDeleteElementGenericTable (Address: 0x1800d11a0)
  • RtlDeleteResource (Address: 0x1800d11c0)
  • RtlDeleteSecurityObject (Address: 0x1800d1070)
  • RtlEnumerateGenericTable (Address: 0x1800d1190)
  • RtlEqualSid (Address: 0x1800d10d0)
  • RtlFindClearBitsAndSet (Address: 0x1800d1170)
  • RtlFreeSid (Address: 0x1800d10f8)
  • RtlGetControlSecurityDescriptor (Address: 0x1800d1080)
  • RtlInitializeBitMap (Address: 0x1800d1178)
  • RtlInitializeGenericTable (Address: 0x1800d11b0)
  • RtlInitializeResource (Address: 0x1800d11b8)
  • RtlInitString (Address: 0x1800d1130)
  • RtlInitUnicodeString (Address: 0x1800d1140)
  • RtlInsertElementGenericTable (Address: 0x1800d11a8)
  • RtlLengthSid (Address: 0x1800d1098)
  • RtlLookupElementGenericTable (Address: 0x1800d1198)
  • RtlLookupFunctionEntry (Address: 0x1800d1110)
  • RtlNtStatusToDosError (Address: 0x1800d10c0)
  • RtlNumberGenericTableElements (Address: 0x1800d1150)
  • RtlReleaseResource (Address: 0x1800d1100)
  • RtlVerifyVersionInfo (Address: 0x1800d10d8)
  • RtlVirtualUnwind (Address: 0x1800d1108)
  • VerSetConditionMask (Address: 0x1800d1120)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x1800d0770)
  • I_RpcBindingIsClientLocal (Address: 0x1800d0788)
  • NdrServerCall2 (Address: 0x1800d0748)
  • NdrServerCallAll (Address: 0x1800d0740)
  • RpcBindingToStringBindingW (Address: 0x1800d0720)
  • RpcImpersonateClient (Address: 0x1800d0750)
  • RpcRevertToSelf (Address: 0x1800d0758)
  • RpcServerInqCallAttributesW (Address: 0x1800d0738)
  • RpcServerInqDefaultPrincNameW (Address: 0x1800d0768)
  • RpcServerListen (Address: 0x1800d0760)
  • RpcServerRegisterAuthInfoW (Address: 0x1800d0778)
  • RpcServerRegisterIf3 (Address: 0x1800d0780)
  • RpcServerRegisterIfEx (Address: 0x1800d0710)
  • RpcServerUnregisterIfEx (Address: 0x1800d0718)
  • RpcServerUseProtseqEpW (Address: 0x1800d0708)
  • RpcStringBindingParseW (Address: 0x1800d0728)
  • RpcStringFreeW (Address: 0x1800d0730)
  • UuidFromStringW (Address: 0x1800d0790)
  • UuidToStringW (Address: 0x1800d0798)
UMPDC.dll
  • PdcTaskClientRegister (Address: 0x1800d07b8)
  • PdcTaskClientRequest (Address: 0x1800d07c0)
  • PdcTaskClientUnregister (Address: 0x1800d07d8)
  • Pdcv2ActivationClientActivate (Address: 0x1800d07b0)
  • Pdcv2ActivationClientDeactivate (Address: 0x1800d07a8)
  • Pdcv2ActivationClientRegister (Address: 0x1800d07d0)
  • Pdcv2ActivationClientUnregister (Address: 0x1800d07c8)
USER32.dll
  • UnregisterDeviceNotification (Address: 0x1800d07e8)
WS2_32.dll
  • GetNameInfoW (Address: 0x1800d0810)
  • WSACleanup (Address: 0x1800d0808)
  • WSAGetLastError (Address: 0x1800d0800)
  • WSAStartup (Address: 0x1800d07f8)