winrscmd.dll
Description: remtsvc
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3636
Architecture: 64-bit
Operating System: Windows NT
SHA256: e4df05a42e1b7ce5d9090b5e872b5d19
File Size: 119.5 KB
Uploaded At: Dec. 1, 2025, 7:44 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ (Ordinal: 1, Address: 0x13b0)
- ??0?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@AEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z (Ordinal: 2, Address: 0x1590)
- ??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@AEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z (Ordinal: 3, Address: 0x16f0)
- ??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ (Ordinal: 4, Address: 0x1350)
- ??1?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@XZ (Ordinal: 5, Address: 0x14f0)
- ??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ (Ordinal: 6, Address: 0x16c0)
- ??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ (Ordinal: 7, Address: 0x11c0)
- ??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@ (Ordinal: 8, Address: 0x16a98)
- ?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ (Ordinal: 9, Address: 0x11e0)
- ?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAXXZ (Ordinal: 10, Address: 0x17b0)
- ?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA_NXZ (Ordinal: 11, Address: 0x16b0)
- ?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAAEAV1@XZ (Ordinal: 12, Address: 0x14d0)
- ?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IEBAAEAV?$STLMap@VKey@Locale@@K@@XZ (Ordinal: 13, Address: 0x18c0)
- ?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z (Ordinal: 14, Address: 0x11f0)
- ?GetInitError@CWSManCriticalSection@@QEBAKXZ (Ordinal: 15, Address: 0x11b0)
- ?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QEBAAEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ (Ordinal: 16, Address: 0x17a0)
- ?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEBAAEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ (Ordinal: 17, Address: 0x17a0)
- ?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z (Ordinal: 18, Address: 0x1270)
- ?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QEBA_NXZ (Ordinal: 19, Address: 0x14e0)
- ?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ (Ordinal: 20, Address: 0x11e0)
- ?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QEAAXXZ (Ordinal: 21, Address: 0x1730)
- ?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IEAAXXZ (Ordinal: 22, Address: 0x1810)
- WSManPluginCommand (Ordinal: 23, Address: 0x1eb0)
- WSManPluginReceive (Ordinal: 24, Address: 0x1ed0)
- WSManPluginReleaseCommandContext (Ordinal: 25, Address: 0x11e0)
- WSManPluginReleaseShellContext (Ordinal: 26, Address: 0x11e0)
- WSManPluginSend (Ordinal: 27, Address: 0x1ec0)
- WSManPluginShell (Ordinal: 28, Address: 0x1ea0)
- WSManPluginShutdown (Ordinal: 29, Address: 0x1d50)
- WSManPluginSignal (Ordinal: 30, Address: 0x1ee0)
- WSManPluginStartup (Ordinal: 31, Address: 0x1b90)
Imported DLLs & Functions
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180016e10)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180016e20)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180016e30)
- SetLastError (Address: 0x180016e40)
- SetUnhandledExceptionFilter (Address: 0x180016e48)
- UnhandledExceptionFilter (Address: 0x180016e38)
api-ms-win-core-file-l1-1-0.dll
- ReadFile (Address: 0x180016e58)
- WriteFile (Address: 0x180016e60)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180016e78)
- DuplicateHandle (Address: 0x180016e70)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180016ea8)
- HeapAlloc (Address: 0x180016e98)
- HeapCreate (Address: 0x180016e88)
- HeapDestroy (Address: 0x180016ea0)
- HeapFree (Address: 0x180016e90)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalFree (Address: 0x180016eb8)
api-ms-win-core-io-l1-1-0.dll
- CancelIoEx (Address: 0x180016ec8)
api-ms-win-core-job-l2-1-0.dll
- AssignProcessToJobObject (Address: 0x180016ee0)
- CreateJobObjectW (Address: 0x180016ee8)
- SetInformationJobObject (Address: 0x180016ed8)
- TerminateJobObject (Address: 0x180016ef0)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- RegisterWaitForSingleObject (Address: 0x180016f00)
api-ms-win-core-libraryloader-l1-1-0.dll
- DisableThreadLibraryCalls (Address: 0x180016f10)
api-ms-win-core-namedpipe-l1-1-0.dll
- CreatePipe (Address: 0x180016f20)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x180016f50)
- GetCurrentProcess (Address: 0x180016f70)
- GetCurrentProcessId (Address: 0x180016f60)
- GetCurrentThread (Address: 0x180016f38)
- GetCurrentThreadId (Address: 0x180016f58)
- GetExitCodeProcess (Address: 0x180016f48)
- OpenProcessToken (Address: 0x180016f30)
- OpenThreadToken (Address: 0x180016f40)
- ResumeThread (Address: 0x180016f78)
- TerminateProcess (Address: 0x180016f68)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x180016f88)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180016f98)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180016fb0)
- RtlLookupFunctionEntry (Address: 0x180016fb8)
- RtlVirtualUnwind (Address: 0x180016fa8)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x180016ff0)
- DeleteCriticalSection (Address: 0x180016fe0)
- EnterCriticalSection (Address: 0x180016fc8)
- InitializeCriticalSection (Address: 0x180016fd8)
- LeaveCriticalSection (Address: 0x180016fd0)
- SetEvent (Address: 0x180016ff8)
- WaitForMultipleObjectsEx (Address: 0x180016fe8)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180017008)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x180017018)
- GetTickCount (Address: 0x180017020)
- GetVersionExW (Address: 0x180017028)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x180017040)
- UnregisterWaitEx (Address: 0x180017038)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x180017070)
- GetTraceEnableLevel (Address: 0x180017068)
- GetTraceLoggerHandle (Address: 0x180017050)
- RegisterTraceGuidsW (Address: 0x180017058)
- TraceMessage (Address: 0x180017060)
- UnregisterTraceGuids (Address: 0x180017078)
api-ms-win-security-base-l1-1-0.dll
- CopySid (Address: 0x180017098)
- GetLengthSid (Address: 0x180017090)
- GetTokenInformation (Address: 0x180017088)
msvcrt.dll
- __C_specific_handler (Address: 0x1800170b0)
- __CxxFrameHandler3 (Address: 0x180017150)
- __dllonexit (Address: 0x1800170f0)
- _amsg_exit (Address: 0x180017128)
- _CxxThrowException (Address: 0x180017120)
- _initterm (Address: 0x1800170a8)
- _lock (Address: 0x1800170e0)
- _onexit (Address: 0x180017100)
- _purecall (Address: 0x180017118)
- _unlock (Address: 0x180017148)
- _wcsicmp (Address: 0x180017158)
- _wcsnicmp (Address: 0x180017160)
- _XcptFilter (Address: 0x180017168)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x1800170c8)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x1800170d0)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x180017140)
- ??1exception@@UEAA@XZ (Address: 0x180017138)
- ??1type_info@@UEAA@XZ (Address: 0x1800170c0)
- ?terminate@@YAXXZ (Address: 0x1800170b8)
- ?what@exception@@UEBAPEBDXZ (Address: 0x180017130)
- free (Address: 0x1800170e8)
- malloc (Address: 0x180017110)
- memcpy (Address: 0x1800170f8)
- memmove (Address: 0x1800170d8)
- memset (Address: 0x180017108)
- wcscmp (Address: 0x180017170)
ntdll.dll
- RtlInitUnicodeString (Address: 0x180017180)
RPCRT4.dll
- RpcStringFreeW (Address: 0x180016c40)
- UuidCreate (Address: 0x180016c48)
- UuidToStringW (Address: 0x180016c38)
WsmSvc.DLL
- ??0?$AutoDeleteVector@G@@QEAA@PEAG@Z (Address: 0x180016cf8)
- ??0?$AutoDeleteVector@G@@QEAA@XZ (Address: 0x180016d78)
- ??0?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QEAA@XZ (Address: 0x180016ce8)
- ??0?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QEAA@XZ (Address: 0x180016d70)
- ??0?$AutoRelease@VCWinRSPluginConfigCache@@@@QEAA@XZ (Address: 0x180016c88)
- ??0?$AutoRelease@VCWinRSPluginConfigSettings@@@@QEAA@PEAVCWinRSPluginConfigSettings@@@Z (Address: 0x180016c78)
- ??0AutoHandle@@QEAA@PEAX@Z (Address: 0x180016d58)
- ??0AutoHandle@@QEAA@XZ (Address: 0x180016d50)
- ??0CErrorContext@@QEAA@_N@Z (Address: 0x180016cc8)
- ??0CRequestContext@@QEAA@PEBG@Z (Address: 0x180016df8)
- ??0CRequestContext@@QEAA@XZ (Address: 0x180016dd0)
- ??0CWSManCriticalSection@@QEAA@XZ (Address: 0x180016c60)
- ??1?$AutoDeleteVector@G@@QEAA@XZ (Address: 0x180016d60)
- ??1?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QEAA@XZ (Address: 0x180016cd0)
- ??1?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QEAA@XZ (Address: 0x180016d68)
- ??1?$AutoRelease@VCWinRSPluginConfigCache@@@@QEAA@XZ (Address: 0x180016c68)
- ??1?$AutoRelease@VCWinRSPluginConfigSettings@@@@QEAA@XZ (Address: 0x180016c70)
- ??1AutoHandle@@QEAA@XZ (Address: 0x180016d08)
- ??1CErrorContext@@UEAA@XZ (Address: 0x180016cc0)
- ??1CRequestContext@@UEAA@XZ (Address: 0x180016dd8)
- ??1CWSManCriticalSection@@QEAA@XZ (Address: 0x180016d90)
- ??4?$AutoDeleteVector@G@@QEAAAEAV0@PEAG@Z (Address: 0x180016cf0)
- ??4?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QEAAAEAV0@PEAU_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@Z (Address: 0x180016ce0)
- ??4?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QEAAAEAV0@PEAU_WINRS_RUN_COMMAND_ARG@@@Z (Address: 0x180016cd8)
- ??4?$AutoRelease@VCWinRSPluginConfigCache@@@@QEAAAEAV0@PEAVCWinRSPluginConfigCache@@@Z (Address: 0x180016c80)
- ??4AutoHandle@@QEAAAEAV0@PEAX@Z (Address: 0x180016d38)
- ?Acquire@CWSManCriticalSection@@QEAAXXZ (Address: 0x180016d30)
- ?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z (Address: 0x180016d88)
- ?CreateActivityId@EventHandler@WSMan@@SAXAEAU_GUID@@@Z (Address: 0x180016c90)
- ?EnsureActivityIdOnThread@EventHandler@WSMan@@SAXXZ (Address: 0x180016d40)
- ?Free@WSManMemory@@SAXPEAXH@Z (Address: 0x180016d80)
- ?GenerateTransferId@EventHandler@WSMan@@SAXAEBU_EVENT_DESCRIPTOR@@PEBU_GUID@@1@Z (Address: 0x180016d18)
- ?GetConfigCache@CWinRSPluginConfigCache@@SAPEAV1@PEAVIRequestContext@@W4ErrorLogging@@H@Z (Address: 0x180016c98)
- ?GetCurrentSettings@CWinRSPluginConfigCache@@QEAAPEAVCWinRSPluginConfigSettings@@PEAVIRequestContext@@@Z (Address: 0x180016cb8)
- ?GetErrorCode@CErrorContext@@UEBAKXZ (Address: 0x180016cb0)
- ?IsEventEnabled@EventHandler@WSMan@@SA_NAEBU_EVENT_DESCRIPTOR@@@Z (Address: 0x180016d20)
- ?IsEventProviderEnabled@EventHandler@WSMan@@SA_NXZ (Address: 0x180016d48)
- ?IsValid@CWSManCriticalSection@@QEBAHXZ (Address: 0x180016d10)
- ?ProcessContext@CRequestContext@@UEAAHHPEAU_WSMAN_ERROR@@@Z (Address: 0x180016de0)
- ?ProviderShutdownCleanup@CWinRSPluginConfigCache@@SAXXZ (Address: 0x180016da0)
- ?RecordFailure@CRequestContext@@UEAAXKKZZ (Address: 0x180016e00)
- ?Release@CWSManCriticalSection@@QEAAXXZ (Address: 0x180016d28)
- ?Shutdown@CConfigManager@@SAHXZ (Address: 0x180016db8)
- ?Shutdown@CWSManGroupPolicyManager@@SAHXZ (Address: 0x180016db0)
- ?ShutdownLocaleMap@Locale@@SAXXZ (Address: 0x180016da8)
- ?StringToDword@@YAHPEBGPEAK@Z (Address: 0x180016d00)
- StringCchEqualsCI (Address: 0x180016ca0)
- WrapperCoSetProxyBlanket (Address: 0x180016ca8)
- WSManError (Address: 0x180016d98)
- WSManPluginFreeRequestDetails (Address: 0x180016df0)
- WSManPluginGetOperationParameters (Address: 0x180016dc8)
- WSManPluginOperationComplete (Address: 0x180016dc0)
- WSManPluginReceiveResult (Address: 0x180016c58)
- WSManPluginReportContext (Address: 0x180016de8)