mscorsvc.dll
Description: .NET Runtime Optimization Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 4.8.9093.0
Architecture: 64-bit
Operating System: Windows
SHA256: 95ddd4af27c91b2a5bf9cb977aded743
File Size: 464.4 KB
Uploaded At: Dec. 1, 2025, 7:19 a.m.
Views: 13
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CorCreateNGenProcess (Ordinal: 1, Address: 0x2e540)
- CorGetNGenPolicy (Ordinal: 2, Address: 0x2e790)
- CorGetSvc (Ordinal: 3, Address: 0x8780)
- CorInitSvcLogger (Ordinal: 4, Address: 0x3630)
- CorSetCriticalTaskState (Ordinal: 5, Address: 0x16210)
- CorStopNonCriticalTask (Ordinal: 6, Address: 0x16700)
- CorSvcLog (Ordinal: 7, Address: 0x36a0)
Imported DLLs & Functions
ADVAPI32.dll
- ConvertSidToStringSidW (Address: 0x180048050)
- ConvertStringSidToSidW (Address: 0x180048068)
- CreateProcessAsUserW (Address: 0x180048080)
- DeregisterEventSource (Address: 0x180048088)
- DuplicateTokenEx (Address: 0x180048060)
- EventWrite (Address: 0x1800480a0)
- FreeSid (Address: 0x180048058)
- GetLengthSid (Address: 0x180048078)
- GetSidSubAuthority (Address: 0x1800480c0)
- GetSidSubAuthorityCount (Address: 0x1800480b8)
- GetTokenInformation (Address: 0x180048048)
- OpenProcessToken (Address: 0x180048040)
- RegCloseKey (Address: 0x180048008)
- RegCreateKeyExW (Address: 0x1800480a8)
- RegDeleteKeyW (Address: 0x180048010)
- RegDeleteValueW (Address: 0x180048028)
- RegEnumKeyExW (Address: 0x180048030)
- RegEnumValueW (Address: 0x180048038)
- RegisterEventSourceW (Address: 0x180048090)
- RegNotifyChangeKeyValue (Address: 0x180048000)
- RegOpenKeyExW (Address: 0x1800480b0)
- RegQueryValueExW (Address: 0x180048018)
- RegSetValueExW (Address: 0x180048020)
- ReportEventW (Address: 0x180048098)
- SetTokenInformation (Address: 0x180048070)
fusion.dll
- CreateApplicationContext (Address: 0x180048580)
- CreateAssemblyCache (Address: 0x180048570)
- CreateAssemblyNameObject (Address: 0x180048588)
- InitializeFusion (Address: 0x180048578)
KERNEL32.dll
- ActivateActCtx (Address: 0x1800482f8)
- CloseHandle (Address: 0x1800483c8)
- CreateActCtxW (Address: 0x180048300)
- CreateDirectoryW (Address: 0x180048120)
- CreateEventW (Address: 0x1800483d0)
- CreateFileMappingW (Address: 0x180048138)
- CreateFileW (Address: 0x1800481f8)
- CreateMutexW (Address: 0x1800482a8)
- CreatePipe (Address: 0x180048188)
- CreateProcessW (Address: 0x1800481d0)
- CreateSemaphoreW (Address: 0x180048278)
- CreateThread (Address: 0x1800483e0)
- DeactivateActCtx (Address: 0x1800482f0)
- DebugBreak (Address: 0x1800480d0)
- DeleteCriticalSection (Address: 0x180048358)
- DeleteFileW (Address: 0x180048380)
- EnterCriticalSection (Address: 0x180048330)
- ExitProcess (Address: 0x180048160)
- FileTimeToSystemTime (Address: 0x180048250)
- FindClose (Address: 0x1800481f0)
- FindFirstFileW (Address: 0x1800483a0)
- FindNextFileW (Address: 0x1800482e0)
- FormatMessageW (Address: 0x180048448)
- FreeLibrary (Address: 0x180048198)
- GetACP (Address: 0x180048458)
- GetCommandLineW (Address: 0x180048150)
- GetCPInfo (Address: 0x180048460)
- GetCurrentProcess (Address: 0x1800480e0)
- GetCurrentProcessId (Address: 0x180048170)
- GetCurrentThread (Address: 0x180048388)
- GetCurrentThreadId (Address: 0x1800481c0)
- GetEnvironmentVariableW (Address: 0x180048100)
- GetExitCodeProcess (Address: 0x180048158)
- GetFileAttributesExW (Address: 0x180048310)
- GetFileAttributesW (Address: 0x180048400)
- GetFileSize (Address: 0x180048130)
- GetFileSizeEx (Address: 0x180048318)
- GetFullPathNameW (Address: 0x1800483f8)
- GetLastError (Address: 0x1800483d8)
- GetLocalTime (Address: 0x1800481b8)
- GetModuleFileNameW (Address: 0x180048208)
- GetModuleHandleW (Address: 0x180048210)
- GetProcAddress (Address: 0x1800483f0)
- GetProcessAffinityMask (Address: 0x180048398)
- GetProcessHeap (Address: 0x180048468)
- GetSystemDirectoryW (Address: 0x180048390)
- GetSystemInfo (Address: 0x180048428)
- GetSystemPowerStatus (Address: 0x1800483e8)
- GetSystemTime (Address: 0x180048408)
- GetSystemTimeAsFileTime (Address: 0x180048328)
- GetSystemWindowsDirectoryW (Address: 0x1800481e8)
- GetTickCount (Address: 0x180048348)
- GetVersionExW (Address: 0x1800480e8)
- GetWindowsDirectoryW (Address: 0x1800481e0)
- GlobalAlloc (Address: 0x180048180)
- GlobalMemoryStatusEx (Address: 0x180048110)
- HeapAlloc (Address: 0x180048420)
- HeapCreate (Address: 0x1800482d8)
- HeapDestroy (Address: 0x180048280)
- HeapFree (Address: 0x180048418)
- HeapValidate (Address: 0x180048298)
- InitializeCriticalSection (Address: 0x180048350)
- InitializeSListHead (Address: 0x180048218)
- IsDBCSLeadByte (Address: 0x180048440)
- IsDebuggerPresent (Address: 0x1800483c0)
- IsProcessorFeaturePresent (Address: 0x180048220)
- LCMapStringW (Address: 0x180048438)
- LeaveCriticalSection (Address: 0x180048338)
- LoadLibraryExA (Address: 0x180048200)
- LoadLibraryExW (Address: 0x180048148)
- LocalFree (Address: 0x1800481a8)
- MapViewOfFile (Address: 0x180048140)
- MoveFileExW (Address: 0x180048308)
- MultiByteToWideChar (Address: 0x180048450)
- OpenEventW (Address: 0x180048168)
- OpenProcess (Address: 0x180048190)
- OutputDebugStringW (Address: 0x1800481c8)
- QueryInformationJobObject (Address: 0x1800483a8)
- QueryPerformanceCounter (Address: 0x180048320)
- RaiseException (Address: 0x1800481b0)
- ReadFile (Address: 0x180048178)
- ReleaseActCtx (Address: 0x1800482e8)
- ReleaseMutex (Address: 0x1800482a0)
- ReleaseSemaphore (Address: 0x1800482b8)
- ResetEvent (Address: 0x180048360)
- RtlCaptureContext (Address: 0x180048248)
- RtlLookupFunctionEntry (Address: 0x180048240)
- RtlVirtualUnwind (Address: 0x180048238)
- SetConsoleCtrlHandler (Address: 0x1800480f0)
- SetEnvironmentVariableW (Address: 0x180048108)
- SetErrorMode (Address: 0x180048118)
- SetEvent (Address: 0x180048340)
- SetLastError (Address: 0x180048128)
- SetProcessShutdownParameters (Address: 0x1800480f8)
- SetUnhandledExceptionFilter (Address: 0x180048228)
- SleepEx (Address: 0x180048270)
- SwitchToThread (Address: 0x180048378)
- SystemTimeToFileTime (Address: 0x180048410)
- TerminateProcess (Address: 0x1800480d8)
- TlsAlloc (Address: 0x180048288)
- TlsFree (Address: 0x180048260)
- TlsGetValue (Address: 0x180048268)
- TlsSetValue (Address: 0x1800482d0)
- UnhandledExceptionFilter (Address: 0x180048230)
- UnmapViewOfFile (Address: 0x1800481a0)
- VerifyVersionInfoW (Address: 0x1800483b0)
- VerSetConditionMask (Address: 0x1800483b8)
- VirtualAlloc (Address: 0x1800482b0)
- VirtualFree (Address: 0x1800482c0)
- VirtualProtect (Address: 0x1800482c8)
- VirtualQuery (Address: 0x180048258)
- WaitForMultipleObjects (Address: 0x180048370)
- WaitForSingleObject (Address: 0x180048368)
- WaitForSingleObjectEx (Address: 0x180048290)
- WideCharToMultiByte (Address: 0x180048430)
- WriteFile (Address: 0x1800481d8)
mscoree.dll
- CLRCreateInstance (Address: 0x1800485a8)
- CreateConfigStream (Address: 0x1800485b0)
- GetRequestedRuntimeInfo (Address: 0x1800485a0)
- GetXMLObject (Address: 0x180048598)
ole32.dll
- CoAddRefServerProcess (Address: 0x1800485c8)
- CoCreateGuid (Address: 0x180048600)
- CoCreateInstance (Address: 0x1800485f8)
- CoDisconnectObject (Address: 0x180048608)
- CoInitializeEx (Address: 0x1800485f0)
- CoReleaseServerProcess (Address: 0x1800485c0)
- CoTaskMemFree (Address: 0x1800485d0)
- CoUninitialize (Address: 0x1800485e8)
- CoUnmarshalInterface (Address: 0x1800485e0)
- CreateStreamOnHGlobal (Address: 0x1800485d8)
OLEAUT32.dll
- SafeArrayCreateVector (Address: 0x180048478)
- SafeArrayDestroy (Address: 0x180048490)
- SafeArrayGetElement (Address: 0x180048480)
- SafeArrayGetUBound (Address: 0x180048488)
- SafeArrayPutElement (Address: 0x1800484a0)
- SetErrorInfo (Address: 0x1800484b8)
- SysAllocString (Address: 0x1800484c8)
- SysFreeString (Address: 0x1800484c0)
- SysStringLen (Address: 0x180048498)
- VariantChangeType (Address: 0x1800484d0)
- VariantClear (Address: 0x1800484a8)
- VariantInit (Address: 0x1800484b0)
ucrtbase_clr0400.dll
- __acrt_iob_func (Address: 0x180048680)
- __stdio_common_vfwprintf (Address: 0x180048670)
- __stdio_common_vsnprintf_s (Address: 0x180048660)
- __stdio_common_vsnwprintf_s (Address: 0x180048668)
- __stdio_common_vswprintf_s (Address: 0x1800486a0)
- _cexit (Address: 0x180048710)
- _configure_narrow_argv (Address: 0x1800486e0)
- _crt_atexit (Address: 0x180048708)
- _errno (Address: 0x180048718)
- _execute_onexit_table (Address: 0x180048700)
- _flushall (Address: 0x180048628)
- _initialize_narrow_environment (Address: 0x1800486e8)
- _initialize_onexit_table (Address: 0x1800486f0)
- _initterm (Address: 0x1800486c8)
- _initterm_e (Address: 0x1800486d0)
- _putws (Address: 0x180048720)
- _register_onexit_function (Address: 0x1800486f8)
- _seh_filter_dll (Address: 0x1800486d8)
- _wcsicmp (Address: 0x1800486b0)
- _wcsnicmp (Address: 0x180048698)
- _wtoi (Address: 0x1800486a8)
- fflush (Address: 0x180048678)
- free (Address: 0x180048620)
- iswspace (Address: 0x180048640)
- malloc (Address: 0x180048618)
- strcpy_s (Address: 0x180048658)
- strncmp (Address: 0x180048650)
- wcscat_s (Address: 0x180048638)
- wcscpy_s (Address: 0x180048690)
- wcsncmp (Address: 0x180048648)
- wcsncpy_s (Address: 0x180048688)
- wcstok_s (Address: 0x180048630)
- wcstol (Address: 0x1800486b8)
- wcstoul (Address: 0x1800486c0)
USER32.dll
- GetProcessWindowStation (Address: 0x1800484e8)
- GetUserObjectInformationW (Address: 0x1800484f0)
- LoadStringW (Address: 0x1800484f8)
- SystemParametersInfoW (Address: 0x1800484e0)
VCRUNTIME140_1_CLR0400.dll
- __CxxFrameHandler4 (Address: 0x180048508)
VCRUNTIME140_CLR0400.dll
- __C_specific_handler (Address: 0x180048528)
- __std_type_info_destroy_list (Address: 0x180048548)
- _CxxThrowException (Address: 0x180048538)
- _purecall (Address: 0x180048530)
- memcpy (Address: 0x180048518)
- memmove (Address: 0x180048550)
- memset (Address: 0x180048520)
- wcschr (Address: 0x180048558)
- wcsrchr (Address: 0x180048540)
- wcsstr (Address: 0x180048560)