CoreShell.dll

Description: CoreShell

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5848

Architecture: 64-bit

Operating System: Windows NT

SHA256: 48cfbdbd1075daebc416c267cddd264e

File Size: 2.0 MB

Uploaded At: Dec. 1, 2025, 7:24 a.m.

Views: 11

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x9fd0)
  • DllGetActivationFactory (Ordinal: 2, Address: 0x9cd0)
  • DllGetClassObject (Ordinal: 3, Address: 0x9eb0)

Imported DLLs & Functions

api-ms-win-appmodel-runtime-l1-1-1.dll
  • GetApplicationUserModelIdFromToken (Address: 0x180193738)
api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x180193748)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180193758)
  • IsDebuggerPresent (Address: 0x180193768)
  • OutputDebugStringW (Address: 0x180193760)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180193778)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180193788)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180193798)
  • RaiseException (Address: 0x1801937a8)
  • SetLastError (Address: 0x1801937a0)
  • SetUnhandledExceptionFilter (Address: 0x1801937b0)
  • UnhandledExceptionFilter (Address: 0x1801937b8)
api-ms-win-core-errorhandling-l1-1-2.dll
  • RaiseFailFastException (Address: 0x1801937c8)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1801937d8)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1801937f8)
  • HeapAlloc (Address: 0x1801937e8)
  • HeapFree (Address: 0x1801937f0)
api-ms-win-core-heap-l2-1-0.dll
  • LocalFree (Address: 0x180193808)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x180193820)
  • InterlockedPushEntrySList (Address: 0x180193818)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180193838)
  • GetModuleFileNameA (Address: 0x180193850)
  • GetModuleHandleExW (Address: 0x180193848)
  • GetModuleHandleW (Address: 0x180193830)
  • GetProcAddress (Address: 0x180193840)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180193860)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x180193890)
  • GetCurrentProcessId (Address: 0x180193880)
  • GetCurrentThread (Address: 0x180193878)
  • GetCurrentThreadId (Address: 0x180193898)
  • OpenProcessToken (Address: 0x180193870)
  • OpenThreadToken (Address: 0x180193888)
  • TerminateProcess (Address: 0x1801938a0)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x1801938b8)
  • OpenProcess (Address: 0x1801938b0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1801938c8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x1801938f8)
  • RegCreateKeyExW (Address: 0x1801938e8)
  • RegEnumKeyExW (Address: 0x180193908)
  • RegGetValueW (Address: 0x1801938f0)
  • RegOpenKeyExW (Address: 0x1801938e0)
  • RegQueryValueExW (Address: 0x1801938d8)
  • RegSetValueExW (Address: 0x180193900)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyW (Address: 0x180193918)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180193930)
  • RtlLookupFunctionEntry (Address: 0x180193928)
  • RtlVirtualUnwind (Address: 0x180193938)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x180193948)
  • MultiByteToWideChar (Address: 0x180193950)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180193998)
  • AcquireSRWLockShared (Address: 0x180193a00)
  • CreateEventExW (Address: 0x180193990)
  • CreateEventW (Address: 0x180193980)
  • CreateMutexExW (Address: 0x1801939c8)
  • CreateSemaphoreExW (Address: 0x1801939b0)
  • DeleteCriticalSection (Address: 0x180193960)
  • EnterCriticalSection (Address: 0x180193968)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180193978)
  • InitializeCriticalSectionEx (Address: 0x1801939e8)
  • InitializeSRWLock (Address: 0x1801939e0)
  • LeaveCriticalSection (Address: 0x180193970)
  • OpenSemaphoreW (Address: 0x1801939d8)
  • ReleaseMutex (Address: 0x1801939f0)
  • ReleaseSemaphore (Address: 0x1801939c0)
  • ReleaseSRWLockExclusive (Address: 0x1801939a8)
  • ReleaseSRWLockShared (Address: 0x180193988)
  • ResetEvent (Address: 0x1801939b8)
  • SetEvent (Address: 0x1801939a0)
  • WaitForSingleObject (Address: 0x1801939d0)
  • WaitForSingleObjectEx (Address: 0x1801939f8)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceBeginInitialize (Address: 0x180193a30)
  • InitOnceComplete (Address: 0x180193a28)
  • InitOnceExecuteOnce (Address: 0x180193a10)
  • Sleep (Address: 0x180193a38)
  • WaitOnAddress (Address: 0x180193a20)
  • WakeByAddressAll (Address: 0x180193a18)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x180193a58)
  • GetTickCount (Address: 0x180193a50)
  • GetTickCount64 (Address: 0x180193a48)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x180193a68)
  • CloseThreadpoolWait (Address: 0x180193a98)
  • CreateThreadpoolTimer (Address: 0x180193a78)
  • CreateThreadpoolWait (Address: 0x180193a88)
  • SetThreadpoolTimer (Address: 0x180193aa0)
  • SetThreadpoolWait (Address: 0x180193a90)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180193a70)
  • WaitForThreadpoolWaitCallbacks (Address: 0x180193a80)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueueTimer (Address: 0x180193ab8)
  • DeleteTimerQueueTimer (Address: 0x180193ab0)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x180193ad0)
  • EncodePointer (Address: 0x180193ac8)
api-ms-win-core-winrt-error-l1-1-0.dll
  • GetRestrictedErrorInfo (Address: 0x180193af8)
  • RoOriginateError (Address: 0x180193af0)
  • RoOriginateErrorW (Address: 0x180193b00)
  • RoTransformError (Address: 0x180193ae0)
  • SetRestrictedErrorInfo (Address: 0x180193ae8)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x180193b10)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x180193b20)
  • RoOriginateLanguageException (Address: 0x180193b28)
  • RoReportFailedDelegate (Address: 0x180193b18)
api-ms-win-core-winrt-l1-1-0.dll
  • RoActivateInstance (Address: 0x180193b38)
  • RoGetActivationFactory (Address: 0x180193b40)
api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll
  • RoCreatePropertySetSerializer (Address: 0x180193b50)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCompareStringOrdinal (Address: 0x180193b90)
  • WindowsConcatString (Address: 0x180193b78)
  • WindowsCreateString (Address: 0x180193ba0)
  • WindowsCreateStringReference (Address: 0x180193bb8)
  • WindowsDeleteString (Address: 0x180193ba8)
  • WindowsDeleteStringBuffer (Address: 0x180193bb0)
  • WindowsDuplicateString (Address: 0x180193b98)
  • WindowsGetStringLen (Address: 0x180193b80)
  • WindowsGetStringRawBuffer (Address: 0x180193b68)
  • WindowsIsStringEmpty (Address: 0x180193b70)
  • WindowsPreallocateStringBuffer (Address: 0x180193bc0)
  • WindowsPromoteStringBuffer (Address: 0x180193b88)
  • WindowsStringHasEmbeddedNull (Address: 0x180193b60)
  • WindowsSubstringWithSpecifiedLength (Address: 0x180193bc8)
api-ms-win-crt-math-l1-1-0.dll
  • ceilf (Address: 0x180193bd8)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x180193c58)
  • __CxxFrameHandler3 (Address: 0x180193ce0)
  • __CxxFrameHandler4 (Address: 0x180193cc0)
  • __std_terminate (Address: 0x180193cb8)
  • _CxxThrowException (Address: 0x180193cd8)
  • _o___std_exception_copy (Address: 0x180193cb0)
  • _o___std_exception_destroy (Address: 0x180193ca8)
  • _o___std_type_info_destroy_list (Address: 0x180193ca0)
  • _o___stdio_common_vsnprintf_s (Address: 0x180193c98)
  • _o___stdio_common_vswprintf (Address: 0x180193c90)
  • _o__callnewh (Address: 0x180193c88)
  • _o__cexit (Address: 0x180193c80)
  • _o__configure_narrow_argv (Address: 0x180193c78)
  • _o__crt_atexit (Address: 0x180193c70)
  • _o__errno (Address: 0x180193c68)
  • _o__execute_onexit_table (Address: 0x180193c60)
  • _o__initialize_narrow_environment (Address: 0x180193be8)
  • _o__initialize_onexit_table (Address: 0x180193bf0)
  • _o__invalid_parameter_noinfo (Address: 0x180193bf8)
  • _o__invalid_parameter_noinfo_noreturn (Address: 0x180193c00)
  • _o__purecall (Address: 0x180193c08)
  • _o__register_onexit_function (Address: 0x180193c10)
  • _o__seh_filter_dll (Address: 0x180193c18)
  • _o__wcsicmp (Address: 0x180193c28)
  • _o_free (Address: 0x180193c30)
  • _o_iswspace (Address: 0x180193c38)
  • _o_malloc (Address: 0x180193c40)
  • _o_realloc (Address: 0x180193c48)
  • _o_terminate (Address: 0x180193c50)
  • memcmp (Address: 0x180193cc8)
  • memcpy (Address: 0x180193cd0)
  • memmove (Address: 0x180193c20)
  • wcsrchr (Address: 0x180193ce8)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x180193d00)
  • _initterm_e (Address: 0x180193cf8)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x180193d10)
  • wcscspn (Address: 0x180193d18)
  • wcsncmp (Address: 0x180193d20)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x180193d48)
  • EventRegister (Address: 0x180193d30)
  • EventSetInformation (Address: 0x180193d50)
  • EventUnregister (Address: 0x180193d40)
  • EventWriteTransfer (Address: 0x180193d38)
api-ms-win-rtcore-ntuser-window-l1-1-0.dll
  • GetWindowThreadProcessId (Address: 0x180193d60)
api-ms-win-security-base-l1-1-0.dll
  • GetTokenInformation (Address: 0x180193d70)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180193d80)
api-ms-win-shcore-registry-l1-1-0.dll
  • SHCopyKeyW (Address: 0x180193d90)
api-ms-win-shcore-scaling-l1-1-1.dll
  • (Address: 0x180193da8)
  • GetScaleFactorForMonitor (Address: 0x180193da0)
api-ms-win-shcore-taskpool-l1-1-0.dll
  • SHTaskPoolAllowThreadReuse (Address: 0x180193dc8)
  • SHTaskPoolGetUniqueContext (Address: 0x180193db8)
  • SHTaskPoolQueueTask (Address: 0x180193dc0)
api-ms-win-shcore-thread-l1-1-0.dll
  • SHGetThreadRef (Address: 0x180193dd8)
api-ms-win-stateseparation-helpers-l1-1-0.dll
  • GetPersistedRegistryLocationW (Address: 0x180193de8)
CoreMessaging.dll
  • CoreUICreate (Address: 0x1801936c0)
  • MsgRelease (Address: 0x1801936d0)
  • MsgStringCreateShared (Address: 0x1801936c8)
CoreUIComponents.dll
  • CoreUIClientCreate (Address: 0x1801936e0)
  • CoreUIFactoryCreate (Address: 0x1801936e8)
msvcp_win.dll
  • _Cnd_broadcast (Address: 0x180193e98)
  • _Cnd_destroy_in_situ (Address: 0x180193e50)
  • _Cnd_init_in_situ (Address: 0x180193e38)
  • _Cnd_wait (Address: 0x180193e08)
  • _Mtx_destroy_in_situ (Address: 0x180193ed0)
  • _Mtx_init_in_situ (Address: 0x180193e40)
  • _Mtx_lock (Address: 0x180193e70)
  • _Mtx_unlock (Address: 0x180193e78)
  • ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z (Address: 0x180193eb8)
  • ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z (Address: 0x180193ef8)
  • ?__ExceptionPtrCreate@@YAXPEAX@Z (Address: 0x180193ec0)
  • ?__ExceptionPtrCurrentException@@YAXPEAX@Z (Address: 0x180193ed8)
  • ?__ExceptionPtrDestroy@@YAXPEAX@Z (Address: 0x180193ea8)
  • ?__ExceptionPtrRethrow@@YAXPEBX@Z (Address: 0x180193ef0)
  • ?__ExceptionPtrToBool@@YA_NPEBX@Z (Address: 0x180193ee8)
  • ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z (Address: 0x180193e58)
  • ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ (Address: 0x180193e48)
  • ?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z (Address: 0x180193ee0)
  • ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180193e00)
  • ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z (Address: 0x180193df8)
  • ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180193e18)
  • ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180193e10)
  • ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180193e28)
  • ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ (Address: 0x180193f00)
  • ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z (Address: 0x180193eb0)
  • ?_ReportUnobservedException@details@Concurrency@@YAXXZ (Address: 0x180193e20)
  • ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ (Address: 0x180193e80)
  • ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z (Address: 0x180193ec8)
  • ?_Throw_C_error@std@@YAXH@Z (Address: 0x180193e90)
  • ?_Xbad_function_call@std@@YAXXZ (Address: 0x180193e68)
  • ?_XGetLastError@std@@YAXXZ (Address: 0x180193ea0)
  • ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x180193e30)
  • ??0task_continuation_context@Concurrency@@AEAA@XZ (Address: 0x180193e88)
  • ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ (Address: 0x180193e60)
ntdll.dll
  • NtQueryWnfStateData (Address: 0x180193f28)
  • RtlGetDeviceFamilyInfoEnum (Address: 0x180193f18)
  • RtlPublishWnfStateData (Address: 0x180193f30)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x180193f10)
  • RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x180193f20)
OLEAUT32.dll
  • SysFreeString (Address: 0x1801936f8)
  • SysStringLen (Address: 0x180193700)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x180193720)
  • RpcImpersonateClient (Address: 0x180193710)
  • RpcRevertToSelf (Address: 0x180193728)
  • RpcServerInqCallAttributesW (Address: 0x180193718)