¿Para qué sirve la dll winrscmd.dll?

remtsvc

Dependencias de la dll winrscmd.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\winrscmd.dll

File Type: DLL

  Image has the following dependencies:

    msvcrt.dll
    api-ms-win-eventing-classicprovider-l1-1-0.dll
    api-ms-win-core-libraryloader-l1-1-0.dll
    api-ms-win-core-synch-l1-1-0.dll
    api-ms-win-core-synch-l1-2-0.dll
    api-ms-win-core-profile-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-0.dll
    api-ms-win-core-sysinfo-l1-1-0.dll
    api-ms-win-core-rtlsupport-l1-1-0.dll
    api-ms-win-core-errorhandling-l1-1-0.dll
    WsmSvc.DLL
    api-ms-win-core-heap-obsolete-l1-1-0.dll
    api-ms-win-core-heap-l1-1-0.dll
    api-ms-win-core-handle-l1-1-0.dll
    api-ms-win-core-file-l1-1-0.dll
    api-ms-win-security-base-l1-1-0.dll
    RPCRT4.dll
    api-ms-win-core-threadpool-legacy-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-1.dll
    api-ms-win-core-kernel32-legacy-l1-1-0.dll
    api-ms-win-core-namedpipe-l1-1-0.dll
    api-ms-win-core-io-l1-1-0.dll
    api-ms-win-core-job-l2-1-0.dll
    ntdll.dll
    api-ms-win-core-delayload-l1-1-1.dll
    api-ms-win-core-delayload-l1-1-0.dll

  Image has the following delay load dependencies:

    api-ms-win-core-com-l1-1-0.dll
    api-ms-win-security-sddl-l1-1-0.dll
    USERENV.dll

  Summary

        1000 .data
        1000 .didat
        1000 .pdata
        8000 .rdata
        1000 .reloc
        1000 .rsrc
       15000 .text

Funciones que tiene la dll winrscmd.dll


1    0 000013B0 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
2    1 00001590 [email protected]@[email protected]@[email protected]@[email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
3    2 000016F0 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
4    3 00001350 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
5    4 000014F0 [email protected]@[email protected]@[email protected]@[email protected]
6    5 000016C0 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
7    6 000011C0 [email protected]@[email protected]
8    7 00016A98 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
9    8 000011E0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@UEBAXXZ
10    9 000017B0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@QEAAXXZ
11    A 000016B0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@QEAA_NXZ
12    B 000014D0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
13    C 000018C0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@XZ
14    D 000011F0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]@@Z
15    E 000011B0 [email protected]@@QEBAKXZ
16    F 000017A0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@XZ
17   10 000017A0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@XZ
18   11 00001270 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]@@Z
19   12 000014E0 [email protected][email protected]@[email protected]@[email protected]@QEBA_NXZ
20   13 000011E0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@UEBAXXZ
21   14 00001730 [email protected][email protected]@[email protected]@[email protected]@QEAAXXZ
22   15 00001810 [email protected][email protected]@[email protected]@[email protected]@IEAAXXZ
23   16 00001EB0 WSManPluginCommand
24   17 00001ED0 WSManPluginReceive
25   18 000011E0 WSManPluginReleaseCommandContext
26   19 000011E0 WSManPluginReleaseShellContext
27   1A 00001EC0 WSManPluginSend
28   1B 00001EA0 WSManPluginShell
29   1C 00001D50 WSManPluginShutdown
30   1D 00001EE0 WSManPluginSignal
31   1E 00001B90 WSManPluginStartup

Información avanzada sobre funciones que tiene la dll winrscmd.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\winrscmd.dll

File Type: DLL

  Section contains the following exports for winrscmd.dll

    00000000 characteristics
    6F23E81A time date stamp
        0.00 version
           1 ordinal base
          31 number of functions
          31 number of names

    ordinal hint RVA      name

          1    0 000013B0 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
          2    1 00001590 [email protected]@[email protected]@[email protected]@[email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
          3    2 000016F0 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
          4    3 00001350 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
          5    4 000014F0 [email protected]@[email protected]@[email protected]@[email protected]
          6    5 000016C0 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
          7    6 000011C0 [email protected]@[email protected]
          8    7 00016A98 [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
          9    8 000011E0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@UEBAXXZ
         10    9 000017B0 [email protected][email protected]@[email protected]@KV?$SafeMap_Iterat[email protected]@[email protected]@[email protected]@@@QEAAXXZ
         11    A 000016B0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@QEAA_NXZ
         12    B 000014D0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]
         13    C 000018C0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@XZ
         14    D 000011F0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]@@Z
         15    E 000011B0 [email protected]@@QEBAKXZ
         16    F 000017A0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@XZ
         17   10 000017A0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@XZ
         18   11 00001270 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@[email protected]@@Z
         19   12 000014E0 [email protected][email protected]@[email protected]@[email protected]@QEBA_NXZ
         20   13 000011E0 [email protected][email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@@UEBAXXZ
         21   14 00001730 [email protected][email protected]@[email protected]@[email protected]@QEAAXXZ
         22   15 00001810 [email protected][email protected]@[email protected]@[email protected]@IEAAXXZ
         23   16 00001EB0 WSManPluginCommand
         24   17 00001ED0 WSManPluginReceive
         25   18 000011E0 WSManPluginReleaseCommandContext
         26   19 000011E0 WSManPluginReleaseShellContext
         27   1A 00001EC0 WSManPluginSend
         28   1B 00001EA0 WSManPluginShell
         29   1C 00001D50 WSManPluginShutdown
         30   1D 00001EE0 WSManPluginSignal
         31   1E 00001B90 WSManPluginStartup

  Summary

        1000 .data
        1000 .didat
        1000 .pdata
        8000 .rdata
        1000 .reloc
        1000 .rsrc
       15000 .text

Integridad de la dll winrscmd.dll



Algorithm       Hash                                                                   Path                                                           
---------       ----                                                                   ----                                                           
SHA256          20020CE9ABCA67596346F83E3717CD65F54254BFDFE5B065CCD0169B486477AF       C:\Windows\System32\winrscmd.dll                               


Detalles sobre el fichero dll winrscmd.dll




PSPath            : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\winrscmd.dll
PSParentPath      : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName       : winrscmd.dll
PSDrive           : C
PSProvider        : Microsoft.PowerShell.Core\FileSystem
PSIsContainer     : False
Mode              : -a----
VersionInfo       : File:             C:\Windows\System32\winrscmd.dll
                    InternalName:     remtsvc.dll
                    OriginalFilename: remtsvc.dll
                    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
                    FileDescription:  remtsvc
                    Product:          Microsoft® Windows® Operating System
                    ProductVersion:   10.0.19041.1
                    Debug:            False
                    Patched:          False
                    PreRelease:       False
                    PrivateBuild:     False
                    SpecialBuild:     False
                    Language:         Inglés (Estados Unidos)
                    
BaseName          : winrscmd
Target            : {C:\Windows\WinSxS\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_10.0.19041.1_none_cc2783ead104d62a\winrscmd.dll}
LinkType          : HardLink
Name              : winrscmd.dll
Length            : 122368
DirectoryName     : C:\Windows\System32
Directory         : C:\Windows\System32
IsReadOnly        : False
Exists            : True
FullName          : C:\Windows\System32\winrscmd.dll
Extension         : .dll
CreationTime      : 07/12/2019 10:08:19
CreationTimeUtc   : 07/12/2019 9:08:19
LastAccessTime    : 03/12/2020 17:34:50
LastAccessTimeUtc : 03/12/2020 16:34:50
LastWriteTime     : 07/12/2019 10:08:19
LastWriteTimeUtc  : 07/12/2019 9:08:19
Attributes        : Archive



Procesos que utilizan la dll winrscmd.dll