RstrtMgr.dll

Description: Restart Manager

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 32-bit

Operating System: Windows NT

SHA256: d02ab25dbf94d90a0dc0c4ff29cebe59

File Size: 171.0 KB

Uploaded At: Dec. 1, 2025, 8:03 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • RmAddFilter (Ordinal: 1, Address: 0x7710)
  • RmCancelCurrentTask (Ordinal: 2, Address: 0x7780)
  • RmEndSession (Ordinal: 3, Address: 0x77e0)
  • RmGetFilterList (Ordinal: 4, Address: 0x7840)
  • RmGetList (Ordinal: 5, Address: 0x78b0)
  • RmJoinSession (Ordinal: 6, Address: 0x7910)
  • RmRegisterResources (Ordinal: 7, Address: 0x7a20)
  • RmRemoveFilter (Ordinal: 8, Address: 0x7a90)
  • RmReserveHeap (Ordinal: 9, Address: 0x7b00)
  • RmRestart (Ordinal: 10, Address: 0x7c30)
  • RmShutdown (Ordinal: 11, Address: 0x7c90)
  • RmStartSession (Ordinal: 12, Address: 0x7cf0)

Imported DLLs & Functions

ADVAPI32.dll
  • CloseServiceHandle (Address: 0x10026050)
  • ControlService (Address: 0x10026020)
  • ConvertSecurityDescriptorToStringSecurityDescriptorW (Address: 0x10026008)
  • ConvertSidToStringSidW (Address: 0x10026010)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1002600c)
  • CopySid (Address: 0x10026038)
  • CreateProcessAsUserW (Address: 0x10026028)
  • DuplicateTokenEx (Address: 0x10026030)
  • EnumDependentServicesW (Address: 0x10026048)
  • EnumServicesStatusExW (Address: 0x10026000)
  • EqualSid (Address: 0x10026034)
  • EventRegister (Address: 0x10026064)
  • EventUnregister (Address: 0x1002605c)
  • EventWrite (Address: 0x10026060)
  • GetKernelObjectSecurity (Address: 0x1002602c)
  • GetTokenInformation (Address: 0x1002603c)
  • GetTraceEnableFlags (Address: 0x10026080)
  • GetTraceEnableLevel (Address: 0x1002607c)
  • GetTraceLoggerHandle (Address: 0x10026004)
  • I_QueryTagInformation (Address: 0x10026044)
  • LookupAccountSidW (Address: 0x10026014)
  • OpenProcessToken (Address: 0x10026040)
  • OpenSCManagerW (Address: 0x10026058)
  • OpenServiceW (Address: 0x1002604c)
  • QueryServiceStatus (Address: 0x10026024)
  • QueryServiceStatusEx (Address: 0x1002601c)
  • RegCloseKey (Address: 0x10026090)
  • RegCreateKeyExW (Address: 0x10026088)
  • RegDeleteKeyW (Address: 0x10026078)
  • RegDeleteValueW (Address: 0x1002606c)
  • RegEnumValueW (Address: 0x10026070)
  • RegisterTraceGuidsW (Address: 0x10026084)
  • RegOpenKeyExW (Address: 0x10026098)
  • RegQueryInfoKeyW (Address: 0x10026074)
  • RegQueryMultipleValuesW (Address: 0x10026068)
  • RegQueryValueExW (Address: 0x10026094)
  • RegSetValueExW (Address: 0x1002608c)
  • StartServiceW (Address: 0x10026018)
  • TraceMessage (Address: 0x10026054)
  • UnregisterTraceGuids (Address: 0x1002609c)
api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x10026238)
KERNEL32.dll
  • AttachConsole (Address: 0x100261a0)
  • CloseHandle (Address: 0x100260f8)
  • CompareFileTime (Address: 0x10026138)
  • ConnectNamedPipe (Address: 0x100261c8)
  • CreateEventW (Address: 0x100261c4)
  • CreateFileMappingW (Address: 0x100260ec)
  • CreateFileW (Address: 0x100260e8)
  • CreateMutexExW (Address: 0x10026188)
  • CreateMutexW (Address: 0x10026128)
  • CreateNamedPipeW (Address: 0x100261c0)
  • CreateSemaphoreExW (Address: 0x1002618c)
  • DebugBreak (Address: 0x1002614c)
  • DelayLoadFailureHook (Address: 0x100260a4)
  • DeleteCriticalSection (Address: 0x100260c0)
  • DisableThreadLibraryCalls (Address: 0x100260b8)
  • DuplicateHandle (Address: 0x100261d8)
  • EnterCriticalSection (Address: 0x100260b0)
  • ExpandEnvironmentStringsW (Address: 0x100260e4)
  • FileTimeToSystemTime (Address: 0x100261bc)
  • FormatMessageW (Address: 0x1002613c)
  • FreeConsole (Address: 0x1002619c)
  • GenerateConsoleCtrlEvent (Address: 0x100261a4)
  • GetApplicationRestartSettings (Address: 0x1002617c)
  • GetApplicationUserModelId (Address: 0x10026180)
  • GetConsoleProcessList (Address: 0x10026198)
  • GetCurrentProcess (Address: 0x100260e0)
  • GetCurrentProcessId (Address: 0x10026114)
  • GetCurrentThreadId (Address: 0x10026140)
  • GetFileInformationByHandle (Address: 0x10026108)
  • GetFileType (Address: 0x10026104)
  • GetLastError (Address: 0x100260cc)
  • GetModuleFileNameA (Address: 0x10026148)
  • GetModuleFileNameW (Address: 0x10026120)
  • GetModuleHandleExW (Address: 0x10026144)
  • GetModuleHandleW (Address: 0x10026150)
  • GetNamedPipeClientProcessId (Address: 0x100261d0)
  • GetOverlappedResult (Address: 0x100261e4)
  • GetPackageId (Address: 0x10026184)
  • GetProcAddress (Address: 0x10026154)
  • GetProcessHeap (Address: 0x100260d8)
  • GetProcessTimes (Address: 0x10026118)
  • GetSystemTime (Address: 0x100261b4)
  • GetSystemTimeAsFileTime (Address: 0x1002611c)
  • GetSystemWindowsDirectoryW (Address: 0x10026178)
  • GetTickCount (Address: 0x100261ac)
  • HeapAlloc (Address: 0x100260d0)
  • HeapCreate (Address: 0x100260c8)
  • HeapDestroy (Address: 0x100260c4)
  • HeapFree (Address: 0x100260d4)
  • InitializeCriticalSection (Address: 0x1002610c)
  • InitializeCriticalSectionAndSpinCount (Address: 0x100260bc)
  • IsDebuggerPresent (Address: 0x10026158)
  • IsWow64Process (Address: 0x100260dc)
  • LeaveCriticalSection (Address: 0x100260b4)
  • LocalFree (Address: 0x10026170)
  • MapViewOfFile (Address: 0x100260f0)
  • OpenMutexW (Address: 0x1002612c)
  • OpenProcess (Address: 0x10026134)
  • OpenSemaphoreW (Address: 0x1002616c)
  • OutputDebugStringW (Address: 0x1002615c)
  • ProcessIdToSessionId (Address: 0x10026110)
  • QueryFullProcessImageNameW (Address: 0x10026174)
  • QueryPerformanceCounter (Address: 0x10026100)
  • QueryPerformanceFrequency (Address: 0x100260fc)
  • ReadFile (Address: 0x100261e0)
  • ReleaseMutex (Address: 0x10026124)
  • ReleaseSemaphore (Address: 0x10026164)
  • ResetEvent (Address: 0x100261dc)
  • ResolveDelayLoadedAPI (Address: 0x100260ac)
  • SetConsoleCtrlHandler (Address: 0x10026190)
  • SetEvent (Address: 0x100261cc)
  • SetLastError (Address: 0x10026160)
  • SetUnhandledExceptionFilter (Address: 0x100261b8)
  • Sleep (Address: 0x100261b0)
  • SystemTimeToFileTime (Address: 0x100260a8)
  • TerminateProcess (Address: 0x100261a8)
  • UnhandledExceptionFilter (Address: 0x100261e8)
  • UnmapViewOfFile (Address: 0x100260f4)
  • WaitForMultipleObjects (Address: 0x10026194)
  • WaitForSingleObject (Address: 0x10026130)
  • WaitForSingleObjectEx (Address: 0x10026168)
  • WriteFile (Address: 0x100261d4)
KERNELBASE.dll
  • WTSGetServiceSessionId (Address: 0x100261f0)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x100262b8)
  • __dllonexit (Address: 0x10026294)
  • _amsg_exit (Address: 0x100262a4)
  • _CxxThrowException (Address: 0x1002624c)
  • _except_handler4_common (Address: 0x10026258)
  • _initterm (Address: 0x100262a0)
  • _lock (Address: 0x1002628c)
  • _onexit (Address: 0x10026298)
  • _purecall (Address: 0x10026254)
  • _unlock (Address: 0x10026290)
  • _vsnprintf_s (Address: 0x100262b0)
  • _vsnwprintf (Address: 0x100262a8)
  • _wcsicmp (Address: 0x10026278)
  • _XcptFilter (Address: 0x100262b4)
  • ??0exception@@QAE@ABQBD@Z (Address: 0x10026250)
  • ??0exception@@QAE@ABQBDH@Z (Address: 0x10026270)
  • ??0exception@@QAE@ABV0@@Z (Address: 0x1002626c)
  • ??0exception@@QAE@XZ (Address: 0x10026260)
  • ??1exception@@UAE@XZ (Address: 0x10026280)
  • ??1type_info@@UAE@XZ (Address: 0x10026288)
  • ?terminate@@YAXXZ (Address: 0x100262ac)
  • ?what@exception@@UBEPBDXZ (Address: 0x10026274)
  • free (Address: 0x10026240)
  • malloc (Address: 0x10026268)
  • memcmp (Address: 0x1002629c)
  • memcpy (Address: 0x10026248)
  • memcpy_s (Address: 0x1002625c)
  • memmove (Address: 0x10026244)
  • memset (Address: 0x100262bc)
  • towlower (Address: 0x1002627c)
  • wcschr (Address: 0x10026264)
  • wcstoul (Address: 0x10026284)
ncrypt.dll
  • BCryptCloseAlgorithmProvider (Address: 0x100262c4)
  • BCryptCreateHash (Address: 0x100262d0)
  • BCryptDestroyHash (Address: 0x100262dc)
  • BCryptFinishHash (Address: 0x100262d8)
  • BCryptGetProperty (Address: 0x100262cc)
  • BCryptHashData (Address: 0x100262d4)
  • BCryptOpenAlgorithmProvider (Address: 0x100262c8)
ntdll.dll
  • NtQueryInformationFile (Address: 0x100262e8)
  • NtQueryInformationProcess (Address: 0x100262fc)
  • NtQueryInformationToken (Address: 0x10026300)
  • NtQuerySystemInformation (Address: 0x10026304)
  • RtlCreateUnicodeString (Address: 0x100262f8)
  • RtlFreeUnicodeString (Address: 0x100262e4)
  • RtlQueryPackageClaims (Address: 0x10026308)
  • WinSqmAddToStreamEx (Address: 0x100262f4)
  • WinSqmEndSession (Address: 0x100262f0)
  • WinSqmSetDWORD (Address: 0x10026310)
  • WinSqmSetString (Address: 0x1002630c)
  • WinSqmStartSession (Address: 0x100262ec)
ole32.dll
  • CoCreateInstance (Address: 0x10026320)
  • CoInitializeEx (Address: 0x1002631c)
  • CoInitializeSecurity (Address: 0x10026324)
  • CoTaskMemFree (Address: 0x10026328)
  • CoUninitialize (Address: 0x10026318)
OLEAUT32.dll
  • SysAllocString (Address: 0x100261f8)
  • SysFreeString (Address: 0x100261fc)
  • VariantClear (Address: 0x10026204)
  • VariantInit (Address: 0x10026200)
RPCRT4.dll
  • UuidCreate (Address: 0x1002620c)
SHLWAPI.dll
  • (Address: 0x10026214)
USER32.dll
  • EnumWindows (Address: 0x10026224)
  • GetSystemMetrics (Address: 0x10026220)
  • GetWindow (Address: 0x1002621c)
  • GetWindowLongW (Address: 0x10026228)
  • GetWindowThreadProcessId (Address: 0x10026230)
  • SendMessageTimeoutW (Address: 0x1002622c)