mscorsvc.dll
Description: .NET Runtime Optimization Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 4.8.9093.0
Architecture: 32-bit
Operating System: Windows
SHA256: 6590fdeab0e82ebcd8de9e30ec7b2d34
File Size: 426.9 KB
Uploaded At: Dec. 1, 2025, 7:19 a.m.
Views: 37
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- CorCreateNGenProcess (Ordinal: 1, Address: 0x3fcf0)
- CorGetNGenPolicy (Ordinal: 2, Address: 0x3fec0)
- CorGetSvc (Ordinal: 3, Address: 0x10e00)
- CorInitSvcLogger (Ordinal: 4, Address: 0x208c0)
- CorSetCriticalTaskState (Ordinal: 5, Address: 0x30a90)
- CorStopNonCriticalTask (Ordinal: 6, Address: 0x30f20)
- CorSvcLog (Ordinal: 7, Address: 0x20a10)
Imported DLLs & Functions
ADVAPI32.dll
- ConvertSidToStringSidW (Address: 0x10062028)
- ConvertStringSidToSidW (Address: 0x10062034)
- CreateProcessAsUserW (Address: 0x10062040)
- DeregisterEventSource (Address: 0x10062044)
- DuplicateTokenEx (Address: 0x10062030)
- EventWrite (Address: 0x10062050)
- FreeSid (Address: 0x1006202c)
- GetLengthSid (Address: 0x1006203c)
- GetSidSubAuthority (Address: 0x10062060)
- GetSidSubAuthorityCount (Address: 0x1006205c)
- GetTokenInformation (Address: 0x10062024)
- OpenProcessToken (Address: 0x10062020)
- RegCloseKey (Address: 0x10062004)
- RegCreateKeyExW (Address: 0x10062054)
- RegDeleteKeyW (Address: 0x10062008)
- RegDeleteValueW (Address: 0x10062014)
- RegEnumKeyExW (Address: 0x10062018)
- RegEnumValueW (Address: 0x1006201c)
- RegisterEventSourceW (Address: 0x10062048)
- RegNotifyChangeKeyValue (Address: 0x10062000)
- RegOpenKeyExW (Address: 0x10062058)
- RegQueryValueExW (Address: 0x1006200c)
- RegSetValueExW (Address: 0x10062010)
- ReportEventW (Address: 0x1006204c)
- SetTokenInformation (Address: 0x10062038)
fusion.dll
- CreateApplicationContext (Address: 0x10062378)
- CreateAssemblyCache (Address: 0x10062370)
- CreateAssemblyNameObject (Address: 0x1006237c)
- InitializeFusion (Address: 0x10062374)
KERNEL32.dll
- ActivateActCtx (Address: 0x10062174)
- CloseHandle (Address: 0x100621dc)
- CreateActCtxW (Address: 0x10062178)
- CreateDirectoryW (Address: 0x10062090)
- CreateEventW (Address: 0x100621e0)
- CreateFileMappingW (Address: 0x1006209c)
- CreateFileW (Address: 0x100620fc)
- CreateMutexW (Address: 0x1006214c)
- CreatePipe (Address: 0x100620c4)
- CreateProcessW (Address: 0x100620e8)
- CreateSemaphoreW (Address: 0x10062134)
- CreateThread (Address: 0x100621e8)
- DeactivateActCtx (Address: 0x10062170)
- DebugBreak (Address: 0x10062068)
- DeleteCriticalSection (Address: 0x100621a0)
- DeleteFileW (Address: 0x100621b4)
- EnterCriticalSection (Address: 0x1006218c)
- ExitProcess (Address: 0x100620b0)
- FileTimeToSystemTime (Address: 0x10062120)
- FindClose (Address: 0x100620f8)
- FindFirstFileW (Address: 0x100621c0)
- FindNextFileW (Address: 0x10062168)
- FormatMessageW (Address: 0x10062214)
- FreeLibrary (Address: 0x100620cc)
- GetACP (Address: 0x1006221c)
- GetCommandLineW (Address: 0x100620a8)
- GetCPInfo (Address: 0x10062220)
- GetCurrentProcess (Address: 0x10062070)
- GetCurrentProcessId (Address: 0x100620b8)
- GetCurrentThreadId (Address: 0x100620e0)
- GetEnvironmentVariableW (Address: 0x10062080)
- GetExitCodeProcess (Address: 0x100620ac)
- GetFileAttributesExW (Address: 0x10062180)
- GetFileAttributesW (Address: 0x100621f8)
- GetFileSize (Address: 0x10062098)
- GetFileSizeEx (Address: 0x10062184)
- GetFullPathNameW (Address: 0x100621f4)
- GetLastError (Address: 0x100621e4)
- GetLocalTime (Address: 0x100620dc)
- GetModuleFileNameW (Address: 0x10062104)
- GetModuleHandleW (Address: 0x10062108)
- GetProcAddress (Address: 0x100621f0)
- GetProcessAffinityMask (Address: 0x100621bc)
- GetProcessHeap (Address: 0x10062224)
- GetSystemDirectoryW (Address: 0x100621b8)
- GetSystemInfo (Address: 0x100621d0)
- GetSystemPowerStatus (Address: 0x100621ec)
- GetSystemTime (Address: 0x100621fc)
- GetSystemTimeAsFileTime (Address: 0x10062188)
- GetSystemWindowsDirectoryW (Address: 0x100620f4)
- GetTickCount (Address: 0x10062198)
- GetVersionExW (Address: 0x10062074)
- GetWindowsDirectoryW (Address: 0x100620f0)
- GlobalAlloc (Address: 0x100620c0)
- GlobalMemoryStatusEx (Address: 0x10062088)
- HeapAlloc (Address: 0x10062208)
- HeapCreate (Address: 0x10062164)
- HeapDestroy (Address: 0x10062138)
- HeapFree (Address: 0x10062204)
- HeapValidate (Address: 0x10062144)
- InitializeCriticalSection (Address: 0x1006219c)
- InitializeSListHead (Address: 0x1006210c)
- IsDBCSLeadByte (Address: 0x10062210)
- IsDebuggerPresent (Address: 0x100621d8)
- IsProcessorFeaturePresent (Address: 0x10062114)
- LCMapStringW (Address: 0x1006220c)
- LeaveCriticalSection (Address: 0x10062190)
- LoadLibraryExA (Address: 0x10062100)
- LoadLibraryExW (Address: 0x100620a4)
- LocalFree (Address: 0x100620d4)
- MapViewOfFile (Address: 0x100620a0)
- MoveFileExW (Address: 0x1006217c)
- MultiByteToWideChar (Address: 0x10062218)
- OpenEventW (Address: 0x100620b4)
- OpenProcess (Address: 0x100620c8)
- OutputDebugStringW (Address: 0x100620e4)
- QueryInformationJobObject (Address: 0x100621c4)
- QueryPerformanceCounter (Address: 0x10062110)
- RaiseException (Address: 0x100620d8)
- ReadFile (Address: 0x100620bc)
- ReleaseActCtx (Address: 0x1006216c)
- ReleaseMutex (Address: 0x10062148)
- ReleaseSemaphore (Address: 0x10062154)
- ResetEvent (Address: 0x100621a4)
- SetConsoleCtrlHandler (Address: 0x10062078)
- SetEnvironmentVariableW (Address: 0x10062084)
- SetErrorMode (Address: 0x1006208c)
- SetEvent (Address: 0x10062194)
- SetLastError (Address: 0x10062094)
- SetProcessShutdownParameters (Address: 0x1006207c)
- SetUnhandledExceptionFilter (Address: 0x10062118)
- SleepEx (Address: 0x10062130)
- SwitchToThread (Address: 0x100621b0)
- SystemTimeToFileTime (Address: 0x10062200)
- TerminateProcess (Address: 0x1006206c)
- TlsAlloc (Address: 0x1006213c)
- TlsFree (Address: 0x10062128)
- TlsGetValue (Address: 0x1006212c)
- TlsSetValue (Address: 0x10062160)
- UnhandledExceptionFilter (Address: 0x1006211c)
- UnmapViewOfFile (Address: 0x100620d0)
- VerifyVersionInfoW (Address: 0x100621c8)
- VerSetConditionMask (Address: 0x100621cc)
- VirtualAlloc (Address: 0x10062150)
- VirtualFree (Address: 0x10062158)
- VirtualProtect (Address: 0x1006215c)
- VirtualQuery (Address: 0x10062124)
- WaitForMultipleObjects (Address: 0x100621ac)
- WaitForSingleObject (Address: 0x100621a8)
- WaitForSingleObjectEx (Address: 0x10062140)
- WideCharToMultiByte (Address: 0x100621d4)
- WriteFile (Address: 0x100620ec)
mscoree.dll
- CLRCreateInstance (Address: 0x10062368)
- CreateConfigStream (Address: 0x10062360)
- GetRequestedRuntimeInfo (Address: 0x10062364)
- GetXMLObject (Address: 0x1006235c)
ole32.dll
- CoAddRefServerProcess (Address: 0x10062304)
- CoCreateGuid (Address: 0x1006231c)
- CoCreateInstance (Address: 0x10062320)
- CoDisconnectObject (Address: 0x100622fc)
- CoInitializeEx (Address: 0x10062318)
- CoReleaseServerProcess (Address: 0x10062300)
- CoTaskMemFree (Address: 0x10062308)
- CoUninitialize (Address: 0x10062314)
- CoUnmarshalInterface (Address: 0x10062310)
- CreateStreamOnHGlobal (Address: 0x1006230c)
OLEAUT32.dll
- SafeArrayCreateVector (Address: 0x10062328)
- SafeArrayDestroy (Address: 0x10062334)
- SafeArrayGetElement (Address: 0x1006232c)
- SafeArrayGetUBound (Address: 0x10062330)
- SafeArrayPutElement (Address: 0x1006233c)
- SetErrorInfo (Address: 0x10062348)
- SysAllocString (Address: 0x10062350)
- SysFreeString (Address: 0x1006234c)
- SysStringLen (Address: 0x10062338)
- VariantChangeType (Address: 0x10062354)
- VariantClear (Address: 0x10062340)
- VariantInit (Address: 0x10062344)
ucrtbase_clr0400.dll
- __acrt_iob_func (Address: 0x10062294)
- __stdio_common_vfwprintf (Address: 0x1006228c)
- __stdio_common_vsnprintf_s (Address: 0x10062284)
- __stdio_common_vsnwprintf_s (Address: 0x10062288)
- __stdio_common_vswprintf_s (Address: 0x100622a4)
- _cexit (Address: 0x100622dc)
- _configure_narrow_argv (Address: 0x100622c4)
- _crt_atexit (Address: 0x100622d8)
- _errno (Address: 0x10062278)
- _execute_onexit_table (Address: 0x100622d4)
- _flushall (Address: 0x10062264)
- _initialize_narrow_environment (Address: 0x100622c8)
- _initialize_onexit_table (Address: 0x100622cc)
- _initterm (Address: 0x100622b8)
- _initterm_e (Address: 0x100622bc)
- _putws (Address: 0x100622e0)
- _register_onexit_function (Address: 0x100622d0)
- _seh_filter_dll (Address: 0x100622c0)
- _wcsicmp (Address: 0x100622ac)
- _wcsnicmp (Address: 0x100622a0)
- _wtoi (Address: 0x100622a8)
- fflush (Address: 0x10062290)
- free (Address: 0x10062260)
- iswspace (Address: 0x10062270)
- malloc (Address: 0x1006225c)
- strcpy_s (Address: 0x10062280)
- strncmp (Address: 0x1006227c)
- wcscat_s (Address: 0x1006226c)
- wcscpy_s (Address: 0x1006229c)
- wcsncmp (Address: 0x10062274)
- wcsncpy_s (Address: 0x10062298)
- wcstok_s (Address: 0x10062268)
- wcstol (Address: 0x100622b0)
- wcstoul (Address: 0x100622b4)
USER32.dll
- GetProcessWindowStation (Address: 0x100622ec)
- GetUserObjectInformationW (Address: 0x100622f0)
- LoadStringW (Address: 0x100622f4)
- SystemParametersInfoW (Address: 0x100622e8)
VCRUNTIME140_CLR0400.dll
- __CxxFrameHandler3 (Address: 0x10062238)
- __std_type_info_destroy_list (Address: 0x10062230)
- _CxxThrowException (Address: 0x10062244)
- _except_handler4_common (Address: 0x1006224c)
- _purecall (Address: 0x1006223c)
- memcpy (Address: 0x10062234)
- memmove (Address: 0x10062250)
- memset (Address: 0x1006222c)
- wcschr (Address: 0x10062248)
- wcsrchr (Address: 0x10062240)
- wcsstr (Address: 0x10062254)