UserDeviceRegistration.dll

Description: AAD User Device Registration WinRT

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 32-bit

Operating System: Windows NT

SHA256: 33d020da726008f7410def611541e001

File Size: 171.0 KB

Uploaded At: Dec. 1, 2025, 8:05 a.m.

Views: 15

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x11360)
  • DllGetActivationFactory (Ordinal: 2, Address: 0x112f0)
  • DllGetClassObject (Ordinal: 3, Address: 0x11310)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x10028078)
  • CoCreateInstance (Address: 0x10028084)
  • CoGetCallContext (Address: 0x10028068)
  • CoGetInterfaceAndReleaseStream (Address: 0x10028064)
  • CoImpersonateClient (Address: 0x10028080)
  • CoMarshalInterface (Address: 0x10028074)
  • CoReleaseMarshalData (Address: 0x1002806c)
  • CoRevertToSelf (Address: 0x10028070)
  • CoTaskMemAlloc (Address: 0x1002807c)
  • CoTaskMemFree (Address: 0x10028088)
  • CreateStreamOnHGlobal (Address: 0x1002808c)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x10028094)
api-ms-win-core-com-midlproxystub-l1-1-0.dll
  • CStdStubBuffer2_Connect (Address: 0x100280f0)
  • CStdStubBuffer2_CountRefs (Address: 0x100280a0)
  • CStdStubBuffer2_Disconnect (Address: 0x100280c0)
  • CStdStubBuffer2_QueryInterface (Address: 0x100280d0)
  • NdrProxyForwardingFunction3 (Address: 0x100280f4)
  • NdrProxyForwardingFunction4 (Address: 0x100280e0)
  • NdrProxyForwardingFunction5 (Address: 0x100280e4)
  • ObjectStublessClient10 (Address: 0x100280fc)
  • ObjectStublessClient11 (Address: 0x100280a8)
  • ObjectStublessClient12 (Address: 0x10028100)
  • ObjectStublessClient13 (Address: 0x100280c8)
  • ObjectStublessClient14 (Address: 0x100280ac)
  • ObjectStublessClient15 (Address: 0x100280b8)
  • ObjectStublessClient16 (Address: 0x100280dc)
  • ObjectStublessClient17 (Address: 0x100280f8)
  • ObjectStublessClient18 (Address: 0x100280b0)
  • ObjectStublessClient19 (Address: 0x100280d4)
  • ObjectStublessClient20 (Address: 0x100280b4)
  • ObjectStublessClient21 (Address: 0x10028108)
  • ObjectStublessClient22 (Address: 0x100280a4)
  • ObjectStublessClient23 (Address: 0x100280bc)
  • ObjectStublessClient24 (Address: 0x100280d8)
  • ObjectStublessClient25 (Address: 0x100280cc)
  • ObjectStublessClient3 (Address: 0x10028104)
  • ObjectStublessClient6 (Address: 0x100280e8)
  • ObjectStublessClient7 (Address: 0x100280c4)
  • ObjectStublessClient8 (Address: 0x100280ec)
  • ObjectStublessClient9 (Address: 0x1002809c)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1002811c)
  • IsDebuggerPresent (Address: 0x10028110)
  • OutputDebugStringA (Address: 0x10028118)
  • OutputDebugStringW (Address: 0x10028114)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x10028124)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1002812c)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1002813c)
  • RaiseException (Address: 0x10028144)
  • SetLastError (Address: 0x10028138)
  • SetUnhandledExceptionFilter (Address: 0x10028140)
  • UnhandledExceptionFilter (Address: 0x10028134)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1002814c)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1002815c)
  • HeapAlloc (Address: 0x10028154)
  • HeapFree (Address: 0x10028158)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x10028164)
  • LocalFree (Address: 0x10028168)
api-ms-win-core-libraryloader-l1-2-0.dll
  • FreeLibrary (Address: 0x10028170)
  • GetModuleFileNameA (Address: 0x10028178)
  • GetModuleHandleExW (Address: 0x10028180)
  • GetModuleHandleW (Address: 0x1002817c)
  • GetProcAddress (Address: 0x10028174)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x10028188)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x1002819c)
  • GetCurrentProcessId (Address: 0x10028198)
  • GetCurrentThread (Address: 0x10028190)
  • GetCurrentThreadId (Address: 0x100281a4)
  • OpenProcessToken (Address: 0x100281a0)
  • OpenThreadToken (Address: 0x100281a8)
  • TerminateProcess (Address: 0x10028194)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x100281b0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x100281b8)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x100281c0)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x100281cc)
  • AcquireSRWLockShared (Address: 0x100281ec)
  • CreateEventExW (Address: 0x100281f0)
  • CreateMutexExW (Address: 0x10028200)
  • CreateSemaphoreExW (Address: 0x10028208)
  • DeleteCriticalSection (Address: 0x10028204)
  • EnterCriticalSection (Address: 0x100281f4)
  • InitializeCriticalSectionEx (Address: 0x100281dc)
  • InitializeSRWLock (Address: 0x100281f8)
  • LeaveCriticalSection (Address: 0x100281d8)
  • OpenSemaphoreW (Address: 0x100281e4)
  • ReleaseMutex (Address: 0x100281c8)
  • ReleaseSemaphore (Address: 0x100281fc)
  • ReleaseSRWLockExclusive (Address: 0x100281d4)
  • ReleaseSRWLockShared (Address: 0x1002820c)
  • SetEvent (Address: 0x100281e8)
  • WaitForSingleObject (Address: 0x100281d0)
  • WaitForSingleObjectEx (Address: 0x100281e0)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x10028214)
  • Sleep (Address: 0x10028218)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x10028228)
  • GetTickCount (Address: 0x10028224)
  • GetTickCount64 (Address: 0x10028220)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x10028230)
  • CreateThreadpoolTimer (Address: 0x1002823c)
  • SetThreadpoolTimer (Address: 0x10028238)
  • WaitForThreadpoolTimerCallbacks (Address: 0x10028234)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • QueueUserWorkItem (Address: 0x10028244)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x10028250)
  • EncodePointer (Address: 0x1002824c)
api-ms-win-core-winrt-error-l1-1-0.dll
  • GetRestrictedErrorInfo (Address: 0x10028264)
  • RoOriginateError (Address: 0x10028268)
  • RoOriginateErrorW (Address: 0x10028258)
  • RoTransformError (Address: 0x1002825c)
  • SetRestrictedErrorInfo (Address: 0x10028260)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x10028278)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x10028274)
  • RoReportFailedDelegate (Address: 0x10028270)
api-ms-win-core-winrt-l1-1-0.dll
  • RoGetActivationFactory (Address: 0x10028288)
  • RoInitialize (Address: 0x10028280)
  • RoUninitialize (Address: 0x10028284)
api-ms-win-core-winrt-string-l1-1-0.dll
  • HSTRING_UserFree (Address: 0x1002829c)
  • HSTRING_UserMarshal (Address: 0x100282b4)
  • HSTRING_UserSize (Address: 0x10028290)
  • HSTRING_UserUnmarshal (Address: 0x10028298)
  • WindowsCreateString (Address: 0x10028294)
  • WindowsCreateStringReference (Address: 0x100282ac)
  • WindowsDeleteString (Address: 0x100282b0)
  • WindowsDuplicateString (Address: 0x100282a0)
  • WindowsGetStringRawBuffer (Address: 0x100282a4)
  • WindowsIsStringEmpty (Address: 0x100282a8)
  • WindowsStringHasEmbeddedNull (Address: 0x100282b8)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x100282c0)
  • EventUnregister (Address: 0x100282c4)
  • EventWriteTransfer (Address: 0x100282c8)
api-ms-win-security-base-l1-1-0.dll
  • AllocateAndInitializeSid (Address: 0x100282d4)
  • CopySid (Address: 0x100282d0)
  • FreeSid (Address: 0x100282dc)
  • GetLengthSid (Address: 0x100282e0)
  • GetTokenInformation (Address: 0x100282d8)
api-ms-win-security-base-l1-2-0.dll
  • CheckTokenCapability (Address: 0x100282e8)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertSidToStringSidW (Address: 0x100282f0)
api-ms-win-shcore-taskpool-l1-1-0.dll
  • SHTaskPoolAllowThreadReuse (Address: 0x100282f8)
  • SHTaskPoolQueueTask (Address: 0x100282fc)
CRYPT32.dll
  • CertNameToStrW (Address: 0x10028004)
  • CryptAcquireCertificatePrivateKey (Address: 0x10028000)
  • CryptHashCertificate (Address: 0x10028008)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x10028334)
  • __dllonexit (Address: 0x10028328)
  • _amsg_exit (Address: 0x10028340)
  • _callnewh (Address: 0x10028318)
  • _errno (Address: 0x1002830c)
  • _except_handler4_common (Address: 0x10028320)
  • _initterm (Address: 0x10028338)
  • _lock (Address: 0x10028330)
  • _onexit (Address: 0x10028324)
  • _purecall (Address: 0x10028304)
  • _unlock (Address: 0x1002832c)
  • _vsnwprintf (Address: 0x10028308)
  • _XcptFilter (Address: 0x10028344)
  • free (Address: 0x1002834c)
  • malloc (Address: 0x1002833c)
  • memcmp (Address: 0x10028348)
  • memcpy (Address: 0x10028350)
  • memmove (Address: 0x1002831c)
  • memmove_s (Address: 0x10028314)
  • memset (Address: 0x10028354)
  • realloc (Address: 0x10028310)
ncrypt.dll
  • NCryptFreeObject (Address: 0x10028360)
  • NCryptSignHash (Address: 0x1002835c)
ntdll.dll
  • LdrDisableThreadCalloutsForDll (Address: 0x1002836c)
  • RtlImageNtHeader (Address: 0x10028368)
RPCRT4.dll
  • CStdStubBuffer_AddRef (Address: 0x10028014)
  • CStdStubBuffer_Connect (Address: 0x10028050)
  • CStdStubBuffer_CountRefs (Address: 0x1002801c)
  • CStdStubBuffer_DebugServerQueryInterface (Address: 0x10028020)
  • CStdStubBuffer_DebugServerRelease (Address: 0x10028024)
  • CStdStubBuffer_Disconnect (Address: 0x10028030)
  • CStdStubBuffer_Invoke (Address: 0x10028040)
  • CStdStubBuffer_IsIIDSupported (Address: 0x10028058)
  • CStdStubBuffer_QueryInterface (Address: 0x1002805c)
  • IUnknown_AddRef_Proxy (Address: 0x10028028)
  • IUnknown_QueryInterface_Proxy (Address: 0x1002802c)
  • IUnknown_Release_Proxy (Address: 0x10028010)
  • NdrCStdStubBuffer_Release (Address: 0x10028044)
  • NdrCStdStubBuffer2_Release (Address: 0x10028054)
  • NdrDllCanUnloadNow (Address: 0x10028048)
  • NdrDllGetClassObject (Address: 0x1002804c)
  • NdrOleAllocate (Address: 0x10028038)
  • NdrOleFree (Address: 0x10028018)
  • NdrStubCall2 (Address: 0x1002803c)
  • NdrStubForwardingFunction (Address: 0x10028034)