RstrtMgr.dll

Description: Restart Manager

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 64-bit

Operating System: Windows NT

SHA256: a714a393a1b13ae300e14ce792467ef4

File Size: 202.5 KB

Uploaded At: Dec. 1, 2025, 7:38 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • RmAddFilter (Ordinal: 1, Address: 0x37f0)
  • RmCancelCurrentTask (Ordinal: 2, Address: 0x3890)
  • RmEndSession (Ordinal: 3, Address: 0x3900)
  • RmGetFilterList (Ordinal: 4, Address: 0x3980)
  • RmGetList (Ordinal: 5, Address: 0x3a10)
  • RmJoinSession (Ordinal: 6, Address: 0x3aa0)
  • RmRegisterResources (Ordinal: 7, Address: 0x3bf0)
  • RmRemoveFilter (Ordinal: 8, Address: 0x3ca0)
  • RmReserveHeap (Ordinal: 9, Address: 0x3d30)
  • RmRestart (Ordinal: 10, Address: 0x3ed0)
  • RmShutdown (Ordinal: 11, Address: 0x3f40)
  • RmStartSession (Ordinal: 12, Address: 0x3fc0)

Imported DLLs & Functions

ADVAPI32.dll
  • CloseServiceHandle (Address: 0x180026e90)
  • ControlService (Address: 0x180026e30)
  • ConvertSecurityDescriptorToStringSecurityDescriptorW (Address: 0x180026e00)
  • ConvertSidToStringSidW (Address: 0x180026e10)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180026e08)
  • CopySid (Address: 0x180026e60)
  • CreateProcessAsUserW (Address: 0x180026e40)
  • DuplicateTokenEx (Address: 0x180026e50)
  • EnumDependentServicesW (Address: 0x180026e80)
  • EnumServicesStatusExW (Address: 0x180026df0)
  • EqualSid (Address: 0x180026e58)
  • EventRegister (Address: 0x180026eb8)
  • EventUnregister (Address: 0x180026ea8)
  • EventWrite (Address: 0x180026eb0)
  • GetKernelObjectSecurity (Address: 0x180026e48)
  • GetTokenInformation (Address: 0x180026e68)
  • GetTraceEnableFlags (Address: 0x180026ef0)
  • GetTraceEnableLevel (Address: 0x180026ee8)
  • GetTraceLoggerHandle (Address: 0x180026df8)
  • I_QueryTagInformation (Address: 0x180026e78)
  • LookupAccountSidW (Address: 0x180026e18)
  • OpenProcessToken (Address: 0x180026e70)
  • OpenSCManagerW (Address: 0x180026ea0)
  • OpenServiceW (Address: 0x180026e88)
  • QueryServiceStatus (Address: 0x180026e38)
  • QueryServiceStatusEx (Address: 0x180026e28)
  • RegCloseKey (Address: 0x180026f10)
  • RegCreateKeyExW (Address: 0x180026f00)
  • RegDeleteKeyW (Address: 0x180026ee0)
  • RegDeleteValueW (Address: 0x180026ec8)
  • RegEnumValueW (Address: 0x180026ed0)
  • RegisterTraceGuidsW (Address: 0x180026ef8)
  • RegOpenKeyExW (Address: 0x180026f20)
  • RegQueryInfoKeyW (Address: 0x180026ed8)
  • RegQueryMultipleValuesW (Address: 0x180026ec0)
  • RegQueryValueExW (Address: 0x180026f18)
  • RegSetValueExW (Address: 0x180026f08)
  • StartServiceW (Address: 0x180026e20)
  • TraceMessage (Address: 0x180026e98)
  • UnregisterTraceGuids (Address: 0x180026f28)
api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x180027258)
KERNEL32.dll
  • AttachConsole (Address: 0x180027140)
  • CloseHandle (Address: 0x180026fe8)
  • CompareFileTime (Address: 0x180027070)
  • ConnectNamedPipe (Address: 0x180027190)
  • CreateEventW (Address: 0x180027188)
  • CreateFileMappingW (Address: 0x180026fd0)
  • CreateFileW (Address: 0x180026fc8)
  • CreateMutexExW (Address: 0x180027110)
  • CreateMutexW (Address: 0x180027050)
  • CreateNamedPipeW (Address: 0x180027180)
  • CreateSemaphoreExW (Address: 0x180027118)
  • DebugBreak (Address: 0x180027098)
  • DelayLoadFailureHook (Address: 0x180026f38)
  • DeleteCriticalSection (Address: 0x180026f88)
  • DisableThreadLibraryCalls (Address: 0x180026f78)
  • DuplicateHandle (Address: 0x1800271b0)
  • EnterCriticalSection (Address: 0x180026f68)
  • ExpandEnvironmentStringsW (Address: 0x180026fc0)
  • FileTimeToSystemTime (Address: 0x180027178)
  • FormatMessageW (Address: 0x180027078)
  • FreeConsole (Address: 0x180027138)
  • GenerateConsoleCtrlEvent (Address: 0x180027148)
  • GetApplicationRestartSettings (Address: 0x1800270f8)
  • GetApplicationUserModelId (Address: 0x180027100)
  • GetConsoleProcessList (Address: 0x180027130)
  • GetCurrentProcess (Address: 0x180027030)
  • GetCurrentProcessId (Address: 0x180027020)
  • GetCurrentThreadId (Address: 0x180027080)
  • GetFileInformationByHandle (Address: 0x180027008)
  • GetFileType (Address: 0x180027000)
  • GetLastError (Address: 0x180026fa0)
  • GetModuleFileNameA (Address: 0x180027090)
  • GetModuleFileNameW (Address: 0x180027040)
  • GetModuleHandleExW (Address: 0x180027088)
  • GetModuleHandleW (Address: 0x1800270a0)
  • GetNamedPipeClientProcessId (Address: 0x1800271a0)
  • GetOverlappedResult (Address: 0x180026f60)
  • GetPackageId (Address: 0x180027108)
  • GetProcAddress (Address: 0x1800270a8)
  • GetProcessHeap (Address: 0x180026fb8)
  • GetProcessTimes (Address: 0x180027028)
  • GetSystemTime (Address: 0x180026f40)
  • GetSystemTimeAsFileTime (Address: 0x180027038)
  • GetSystemWindowsDirectoryW (Address: 0x1800270f0)
  • GetTickCount (Address: 0x180027158)
  • HeapAlloc (Address: 0x180026fa8)
  • HeapCreate (Address: 0x180026f98)
  • HeapDestroy (Address: 0x180026f90)
  • HeapFree (Address: 0x180026fb0)
  • InitializeCriticalSection (Address: 0x180027010)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180026f80)
  • IsDebuggerPresent (Address: 0x1800270b0)
  • LeaveCriticalSection (Address: 0x180026f70)
  • LocalFree (Address: 0x1800270e0)
  • MapViewOfFile (Address: 0x180026fd8)
  • OpenMutexW (Address: 0x180027058)
  • OpenProcess (Address: 0x180027068)
  • OpenSemaphoreW (Address: 0x1800270d8)
  • OutputDebugStringW (Address: 0x1800270b8)
  • ProcessIdToSessionId (Address: 0x180027018)
  • QueryFullProcessImageNameW (Address: 0x1800270e8)
  • QueryPerformanceCounter (Address: 0x180026ff8)
  • QueryPerformanceFrequency (Address: 0x180026ff0)
  • ReadFile (Address: 0x180027168)
  • ReleaseMutex (Address: 0x180027048)
  • ReleaseSemaphore (Address: 0x1800270c8)
  • ResetEvent (Address: 0x1800271b8)
  • ResolveDelayLoadedAPI (Address: 0x180026f48)
  • SetConsoleCtrlHandler (Address: 0x180027120)
  • SetEvent (Address: 0x180027198)
  • SetLastError (Address: 0x1800270c0)
  • SetUnhandledExceptionFilter (Address: 0x180026f50)
  • Sleep (Address: 0x180027160)
  • SystemTimeToFileTime (Address: 0x180027170)
  • TerminateProcess (Address: 0x180027150)
  • UnhandledExceptionFilter (Address: 0x180026f58)
  • UnmapViewOfFile (Address: 0x180026fe0)
  • WaitForMultipleObjects (Address: 0x180027128)
  • WaitForSingleObject (Address: 0x180027060)
  • WaitForSingleObjectEx (Address: 0x1800270d0)
  • WriteFile (Address: 0x1800271a8)
KERNELBASE.dll
  • WTSGetServiceSessionId (Address: 0x1800271c8)
msvcrt.dll
  • __C_specific_handler (Address: 0x180027300)
  • __CxxFrameHandler3 (Address: 0x180027358)
  • __dllonexit (Address: 0x180027328)
  • _amsg_exit (Address: 0x180027270)
  • _CxxThrowException (Address: 0x180027290)
  • _initterm (Address: 0x180027268)
  • _lock (Address: 0x180027318)
  • _onexit (Address: 0x180027330)
  • _purecall (Address: 0x1800272a0)
  • _unlock (Address: 0x180027320)
  • _vsnprintf_s (Address: 0x180027348)
  • _vsnwprintf (Address: 0x1800272c8)
  • _wcsicmp (Address: 0x1800272e8)
  • _XcptFilter (Address: 0x180027278)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x180027298)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800272d8)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x1800272d0)
  • ??0exception@@QEAA@XZ (Address: 0x1800272b8)
  • ??1exception@@UEAA@XZ (Address: 0x1800272f8)
  • ??1type_info@@UEAA@XZ (Address: 0x180027310)
  • ?terminate@@YAXXZ (Address: 0x1800272a8)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x1800272e0)
  • free (Address: 0x180027350)
  • malloc (Address: 0x180027340)
  • memcmp (Address: 0x180027338)
  • memcpy (Address: 0x180027288)
  • memcpy_s (Address: 0x1800272b0)
  • memmove (Address: 0x180027280)
  • memset (Address: 0x180027360)
  • towlower (Address: 0x1800272f0)
  • wcschr (Address: 0x1800272c0)
  • wcstoul (Address: 0x180027308)
ncrypt.dll
  • BCryptCloseAlgorithmProvider (Address: 0x180027380)
  • BCryptCreateHash (Address: 0x1800273a0)
  • BCryptDestroyHash (Address: 0x180027378)
  • BCryptFinishHash (Address: 0x180027398)
  • BCryptGetProperty (Address: 0x180027390)
  • BCryptHashData (Address: 0x180027370)
  • BCryptOpenAlgorithmProvider (Address: 0x180027388)
ntdll.dll
  • NtQueryInformationFile (Address: 0x1800273b8)
  • NtQueryInformationProcess (Address: 0x1800273b0)
  • NtQueryInformationToken (Address: 0x180027400)
  • NtQuerySystemInformation (Address: 0x180027408)
  • RtlCaptureContext (Address: 0x1800273e8)
  • RtlCreateUnicodeString (Address: 0x1800273f8)
  • RtlFreeUnicodeString (Address: 0x1800273c0)
  • RtlLookupFunctionEntry (Address: 0x1800273e0)
  • RtlQueryPackageClaims (Address: 0x180027410)
  • RtlVirtualUnwind (Address: 0x1800273d8)
  • WinSqmAddToStreamEx (Address: 0x1800273f0)
  • WinSqmEndSession (Address: 0x1800273d0)
  • WinSqmSetDWORD (Address: 0x180027420)
  • WinSqmSetString (Address: 0x180027418)
  • WinSqmStartSession (Address: 0x1800273c8)
ole32.dll
  • CoCreateInstance (Address: 0x180027440)
  • CoInitializeEx (Address: 0x180027430)
  • CoInitializeSecurity (Address: 0x180027438)
  • CoTaskMemFree (Address: 0x180027448)
  • CoUninitialize (Address: 0x180027450)
OLEAUT32.dll
  • SysAllocString (Address: 0x1800271f0)
  • SysFreeString (Address: 0x1800271e8)
  • VariantClear (Address: 0x1800271e0)
  • VariantInit (Address: 0x1800271d8)
RPCRT4.dll
  • UuidCreate (Address: 0x180027200)
SHLWAPI.dll
  • (Address: 0x180027210)
USER32.dll
  • EnumWindows (Address: 0x180027230)
  • GetSystemMetrics (Address: 0x180027220)
  • GetWindow (Address: 0x180027248)
  • GetWindowLongW (Address: 0x180027238)
  • GetWindowThreadProcessId (Address: 0x180027240)
  • SendMessageTimeoutW (Address: 0x180027228)