umrdp.dll

Description: Remote Desktop Services Device Redirector Service

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5965

Architecture: 64-bit

Operating System: Windows NT

SHA256: 1a35a6b108299ca5f679dd87da459df2

File Size: 399.0 KB

Uploaded At: Dec. 1, 2025, 7:41 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0xc340)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0xd080)

Imported DLLs & Functions

ADVAPI32.dll
  • TraceMessage (Address: 0x180044ba0)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180044cf8)
  • IsDebuggerPresent (Address: 0x180044d00)
  • OutputDebugStringW (Address: 0x180044cf0)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180044d10)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180044d20)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180044d38)
  • SetLastError (Address: 0x180044d48)
  • SetUnhandledExceptionFilter (Address: 0x180044d40)
  • UnhandledExceptionFilter (Address: 0x180044d30)
api-ms-win-core-featurestaging-l1-1-0.dll
  • RecordFeatureUsage (Address: 0x180044d60)
  • SubscribeFeatureStateChangeNotification (Address: 0x180044d68)
  • UnsubscribeFeatureStateChangeNotification (Address: 0x180044d58)
api-ms-win-core-file-l1-1-0.dll
  • CreateFileW (Address: 0x180044d80)
  • DeleteFileW (Address: 0x180044d90)
  • GetFileSize (Address: 0x180044d98)
  • QueryDosDeviceW (Address: 0x180044d78)
  • ReadFile (Address: 0x180044da0)
  • WriteFile (Address: 0x180044d88)
api-ms-win-core-file-l1-2-0.dll
  • GetTempPathW (Address: 0x180044db0)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180044dc8)
  • DuplicateHandle (Address: 0x180044dc0)
api-ms-win-core-heap-l1-1-0.dll
  • HeapAlloc (Address: 0x180044de0)
  • HeapFree (Address: 0x180044de8)
  • HeapReAlloc (Address: 0x180044dd8)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x180044df8)
  • LocalFree (Address: 0x180044e00)
api-ms-win-core-io-l1-1-0.dll
  • DeviceIoControl (Address: 0x180044e18)
  • GetOverlappedResult (Address: 0x180044e10)
api-ms-win-core-io-l1-1-1.dll
  • CancelIo (Address: 0x180044e28)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • UnregisterWait (Address: 0x180044e38)
api-ms-win-core-kernel32-legacy-l1-1-1.dll
  • VerifyVersionInfoW (Address: 0x180044e48)
api-ms-win-core-libraryloader-l1-2-0.dll
  • FreeLibrary (Address: 0x180044e58)
  • GetModuleFileNameA (Address: 0x180044e70)
  • GetModuleHandleExA (Address: 0x180044e60)
  • GetProcAddress (Address: 0x180044e78)
  • LoadStringW (Address: 0x180044e68)
api-ms-win-core-libraryloader-l1-2-1.dll
  • LoadLibraryW (Address: 0x180044e88)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180044e98)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateThread (Address: 0x180044ed0)
  • GetCurrentProcess (Address: 0x180044ef0)
  • GetCurrentProcessId (Address: 0x180044ed8)
  • GetCurrentThread (Address: 0x180044f00)
  • GetCurrentThreadId (Address: 0x180044ee0)
  • OpenThread (Address: 0x180044ea8)
  • OpenThreadToken (Address: 0x180044f08)
  • SwitchToThread (Address: 0x180044ec0)
  • TerminateProcess (Address: 0x180044ef8)
  • TlsAlloc (Address: 0x180044ec8)
  • TlsFree (Address: 0x180044eb0)
  • TlsGetValue (Address: 0x180044eb8)
  • TlsSetValue (Address: 0x180044ee8)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x180044f18)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180044f28)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180044f68)
  • RegCreateKeyExW (Address: 0x180044f78)
  • RegDeleteKeyExW (Address: 0x180044f60)
  • RegDeleteValueW (Address: 0x180044f80)
  • RegGetValueW (Address: 0x180044f58)
  • RegNotifyChangeKeyValue (Address: 0x180044f70)
  • RegOpenCurrentUser (Address: 0x180044f88)
  • RegOpenKeyExW (Address: 0x180044f48)
  • RegOpenUserClassesRoot (Address: 0x180044f38)
  • RegQueryValueExW (Address: 0x180044f50)
  • RegSetValueExW (Address: 0x180044f40)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180044fa0)
  • RtlLookupFunctionEntry (Address: 0x180044f98)
  • RtlVirtualUnwind (Address: 0x180044fa8)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x180044fb8)
api-ms-win-core-synch-l1-1-0.dll
  • CancelWaitableTimer (Address: 0x180045038)
  • CreateEventW (Address: 0x180044ff8)
  • CreateMutexExW (Address: 0x180044fc8)
  • CreateSemaphoreExW (Address: 0x180044fd0)
  • DeleteCriticalSection (Address: 0x180045018)
  • EnterCriticalSection (Address: 0x180045040)
  • InitializeCriticalSection (Address: 0x180044ff0)
  • LeaveCriticalSection (Address: 0x180044fe0)
  • OpenSemaphoreW (Address: 0x180044fe8)
  • ReleaseMutex (Address: 0x180045048)
  • ReleaseSemaphore (Address: 0x180045010)
  • ResetEvent (Address: 0x180045028)
  • SetEvent (Address: 0x180045000)
  • SetWaitableTimer (Address: 0x180044fd8)
  • SleepEx (Address: 0x180045020)
  • WaitForMultipleObjectsEx (Address: 0x180045030)
  • WaitForSingleObject (Address: 0x180045008)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180045058)
api-ms-win-core-synch-l1-2-1.dll
  • CreateSemaphoreW (Address: 0x180045070)
  • CreateWaitableTimerW (Address: 0x180045068)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemInfo (Address: 0x180045090)
  • GetSystemTimeAsFileTime (Address: 0x180045098)
  • GetSystemWindowsDirectoryW (Address: 0x1800450a8)
  • GetTickCount (Address: 0x180045088)
  • GetTickCount64 (Address: 0x1800450a0)
  • GetVersionExW (Address: 0x180045080)
api-ms-win-core-sysinfo-l1-2-0.dll
  • VerSetConditionMask (Address: 0x1800450b8)
api-ms-win-devices-config-l1-1-1.dll
  • CM_Get_DevNode_Status (Address: 0x1800450c8)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x1800450e8)
  • EventRegister (Address: 0x1800450e0)
  • EventUnregister (Address: 0x1800450d8)
  • EventWriteTransfer (Address: 0x1800450f0)
api-ms-win-security-base-l1-1-0.dll
  • AddAccessAllowedAce (Address: 0x180045160)
  • AddAccessAllowedAceEx (Address: 0x180045168)
  • AllocateAndInitializeSid (Address: 0x180045118)
  • CheckTokenMembership (Address: 0x180045130)
  • CopySid (Address: 0x180045140)
  • CreateWellKnownSid (Address: 0x180045148)
  • EqualSid (Address: 0x180045190)
  • FreeSid (Address: 0x180045198)
  • GetLengthSid (Address: 0x180045120)
  • GetSidIdentifierAuthority (Address: 0x180045128)
  • GetSidSubAuthority (Address: 0x180045108)
  • GetSidSubAuthorityCount (Address: 0x180045110)
  • GetTokenInformation (Address: 0x180045100)
  • ImpersonateLoggedOnUser (Address: 0x180045180)
  • InitializeAcl (Address: 0x180045138)
  • InitializeSecurityDescriptor (Address: 0x180045170)
  • IsValidAcl (Address: 0x180045158)
  • IsValidSid (Address: 0x180045150)
  • RevertToSelf (Address: 0x180045178)
  • SetSecurityDescriptorDacl (Address: 0x180045188)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1800451a8)
api-ms-win-shcore-registry-l1-1-0.dll
  • SHDeleteKeyW (Address: 0x1800451b8)
KERNEL32.dll
  • CancelIoEx (Address: 0x180044bf0)
  • CloseThreadpool (Address: 0x180044be0)
  • CloseThreadpoolCleanupGroup (Address: 0x180044be8)
  • CloseThreadpoolCleanupGroupMembers (Address: 0x180044c70)
  • CloseThreadpoolWork (Address: 0x180044c08)
  • CreateThreadpool (Address: 0x180044bd8)
  • CreateThreadpoolCleanupGroup (Address: 0x180044bc8)
  • CreateThreadpoolWork (Address: 0x180044bb0)
  • CreateTimerQueueTimer (Address: 0x180044c48)
  • DeleteTimerQueueTimer (Address: 0x180044c40)
  • FreeLibraryAndExitThread (Address: 0x180044c50)
  • GetModuleHandleExW (Address: 0x180044c60)
  • GetModuleHandleW (Address: 0x180044c20)
  • GetProcessHeap (Address: 0x180044c58)
  • GetThreadId (Address: 0x180044c00)
  • InitializeCriticalSectionEx (Address: 0x180044bb8)
  • lstrcmpiW (Address: 0x180044c38)
  • ProcessIdToSessionId (Address: 0x180044c10)
  • QueueUserAPC (Address: 0x180044c28)
  • ReadFileEx (Address: 0x180044c18)
  • ResumeThread (Address: 0x180044c68)
  • SetThreadpoolThreadMaximum (Address: 0x180044bd0)
  • SubmitThreadpoolWork (Address: 0x180044bc0)
  • WaitForMultipleObjects (Address: 0x180044bf8)
  • WaitForSingleObjectEx (Address: 0x180044c30)
msvcrt.dll
  • __C_specific_handler (Address: 0x180045268)
  • __CxxFrameHandler3 (Address: 0x180045240)
  • __dllonexit (Address: 0x180045228)
  • _amsg_exit (Address: 0x180045210)
  • _callnewh (Address: 0x1800451f8)
  • _initterm (Address: 0x180045218)
  • _lock (Address: 0x180045270)
  • _onexit (Address: 0x180045230)
  • _purecall (Address: 0x180045258)
  • _unlock (Address: 0x180045220)
  • _vsnwprintf (Address: 0x180045278)
  • _wcsicmp (Address: 0x1800451c8)
  • _XcptFilter (Address: 0x180045208)
  • free (Address: 0x180045200)
  • malloc (Address: 0x1800451f0)
  • memcpy (Address: 0x180045260)
  • memcpy_s (Address: 0x180045248)
  • memmove (Address: 0x180045238)
  • memset (Address: 0x180045288)
  • rand (Address: 0x1800451d8)
  • srand (Address: 0x180045280)
  • time (Address: 0x1800451d0)
  • wcschr (Address: 0x1800451e0)
  • wcsrchr (Address: 0x1800451e8)
  • wcsstr (Address: 0x180045250)
ntdll.dll
  • DbgPrint (Address: 0x180045308)
  • EtwEventActivityIdControl (Address: 0x180045300)
  • EtwEventRegister (Address: 0x180045340)
  • EtwEventUnregister (Address: 0x180045350)
  • EtwEventWrite (Address: 0x1800452a8)
  • EtwEventWriteFull (Address: 0x180045298)
  • EtwGetTraceEnableFlags (Address: 0x180045368)
  • EtwGetTraceEnableLevel (Address: 0x180045370)
  • EtwGetTraceLoggerHandle (Address: 0x180045378)
  • EtwRegisterTraceGuidsW (Address: 0x180045360)
  • EtwTraceMessage (Address: 0x180045380)
  • EtwUnregisterTraceGuids (Address: 0x180045358)
  • NtClose (Address: 0x1800452d0)
  • NtCreateFile (Address: 0x1800452a0)
  • NtCreateSymbolicLinkObject (Address: 0x1800452e8)
  • NtMakePermanentObject (Address: 0x1800452c0)
  • NtMakeTemporaryObject (Address: 0x1800452c8)
  • NtOpenSymbolicLinkObject (Address: 0x1800452e0)
  • NtQueryInformationProcess (Address: 0x1800452f8)
  • NtQuerySymbolicLinkObject (Address: 0x1800452d8)
  • RtlDeleteElementGenericTable (Address: 0x180045328)
  • RtlEnumerateGenericTable (Address: 0x180045318)
  • RtlEnumerateGenericTableWithoutSplaying (Address: 0x180045338)
  • RtlGetSuiteMask (Address: 0x180045348)
  • RtlInitializeGenericTable (Address: 0x180045310)
  • RtlInitUnicodeString (Address: 0x1800452f0)
  • RtlInsertElementGenericTable (Address: 0x180045320)
  • RtlLookupElementGenericTable (Address: 0x180045330)
  • RtlMultiByteToUnicodeN (Address: 0x180045388)
  • RtlNtStatusToDosError (Address: 0x1800452b8)
  • RtlOpenCurrentUser (Address: 0x1800452b0)
USER32.dll
  • CreateWindowExW (Address: 0x180044c98)
  • DefWindowProcW (Address: 0x180044c88)
  • DestroyWindow (Address: 0x180044c80)
  • DispatchMessageW (Address: 0x180044cc0)
  • GetClassInfoExW (Address: 0x180044c90)
  • MsgWaitForMultipleObjectsEx (Address: 0x180044cb0)
  • PeekMessageW (Address: 0x180044cb8)
  • PostMessageW (Address: 0x180044cc8)
  • PostThreadMessageW (Address: 0x180044ca8)
  • RegisterClassExW (Address: 0x180044cd8)
  • RegisterDeviceNotificationW (Address: 0x180044ce0)
  • UnregisterClassW (Address: 0x180044ca0)
  • UnregisterDeviceNotification (Address: 0x180044cd0)