xwreg.dll

Description: Extensible Wizard Registration Manager Module

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 32-bit

Operating System: Windows NT

SHA256: 33ecc20387b077231aa28a3f13a33faf

File Size: 96.5 KB

Uploaded At: Dec. 1, 2025, 8:08 a.m.

Views: 12

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x6b40)
  • DllGetClassObject (Ordinal: 2, Address: 0x6b60)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CLSIDFromString (Address: 0x10015018)
  • CoCreateInstance (Address: 0x10015020)
  • CoTaskMemAlloc (Address: 0x10015014)
  • CoTaskMemFree (Address: 0x10015024)
  • CoTaskMemRealloc (Address: 0x10015028)
  • StringFromGUID2 (Address: 0x1001501c)
api-ms-win-core-debug-l1-1-0.dll
  • OutputDebugStringA (Address: 0x10015030)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x10015038)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x10015040)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x10015048)
  • RaiseException (Address: 0x10015054)
  • SetUnhandledExceptionFilter (Address: 0x1001504c)
  • UnhandledExceptionFilter (Address: 0x10015050)
api-ms-win-core-file-l1-1-0.dll
  • DeleteFileW (Address: 0x1001506c)
  • FlushFileBuffers (Address: 0x1001505c)
  • GetFullPathNameW (Address: 0x10015074)
  • GetTempFileNameW (Address: 0x10015060)
  • ReadFile (Address: 0x10015070)
  • SetFilePointer (Address: 0x10015064)
  • WriteFile (Address: 0x10015068)
api-ms-win-core-file-l1-2-0.dll
  • GetTempPathW (Address: 0x1001507c)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x10015084)
  • DuplicateHandle (Address: 0x10015088)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x10015090)
  • FindResourceExW (Address: 0x10015098)
  • FreeLibrary (Address: 0x100150b0)
  • GetModuleFileNameW (Address: 0x100150a0)
  • GetModuleHandleW (Address: 0x100150ac)
  • GetProcAddress (Address: 0x100150a8)
  • LoadLibraryExW (Address: 0x10015094)
  • LoadResource (Address: 0x1001509c)
  • SizeofResource (Address: 0x100150a4)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x100150c0)
  • GetCurrentProcessId (Address: 0x100150c8)
  • GetCurrentThreadId (Address: 0x100150bc)
  • OpenProcessToken (Address: 0x100150b8)
  • TerminateProcess (Address: 0x100150c4)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x100150d0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x100150d8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x100150f0)
  • RegCreateKeyExW (Address: 0x100150fc)
  • RegDeleteValueW (Address: 0x100150ec)
  • RegEnumKeyExW (Address: 0x100150f8)
  • RegOpenKeyExW (Address: 0x100150e0)
  • RegQueryInfoKeyW (Address: 0x100150f4)
  • RegQueryValueExW (Address: 0x100150e4)
  • RegRestoreKeyW (Address: 0x10015100)
  • RegSetValueExW (Address: 0x100150e8)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyW (Address: 0x1001510c)
  • RegSaveKeyW (Address: 0x10015108)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
  • PathFileExistsW (Address: 0x10015114)
  • PathUnExpandEnvStringsW (Address: 0x10015118)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x10015120)
api-ms-win-core-string-l2-1-0.dll
  • CharNextW (Address: 0x10015128)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x10015130)
api-ms-win-core-synch-l1-1-0.dll
  • CreateMutexW (Address: 0x1001514c)
  • DeleteCriticalSection (Address: 0x10015148)
  • EnterCriticalSection (Address: 0x10015140)
  • InitializeCriticalSection (Address: 0x10015150)
  • LeaveCriticalSection (Address: 0x1001513c)
  • OpenMutexW (Address: 0x10015138)
  • ReleaseMutex (Address: 0x10015144)
  • ReleaseSemaphore (Address: 0x10015154)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x1001515c)
api-ms-win-core-synch-l1-2-1.dll
  • CreateSemaphoreW (Address: 0x10015164)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1001516c)
  • GetTickCount (Address: 0x10015170)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x10015180)
  • GetTraceEnableLevel (Address: 0x10015188)
  • GetTraceLoggerHandle (Address: 0x1001517c)
  • RegisterTraceGuidsW (Address: 0x10015178)
  • TraceMessage (Address: 0x10015184)
  • UnregisterTraceGuids (Address: 0x1001518c)
api-ms-win-security-base-l1-1-0.dll
  • AdjustTokenPrivileges (Address: 0x10015194)
  • AllocateAndInitializeSid (Address: 0x10015198)
  • CheckTokenMembership (Address: 0x1001519c)
  • FreeSid (Address: 0x100151a0)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x1001520c)
  • __dllonexit (Address: 0x100151fc)
  • _amsg_exit (Address: 0x100151c4)
  • _callnewh (Address: 0x100151b8)
  • _CxxThrowException (Address: 0x100151bc)
  • _errno (Address: 0x100151d8)
  • _except_handler4_common (Address: 0x100151d0)
  • _initterm (Address: 0x100151c8)
  • _lock (Address: 0x100151f4)
  • _onexit (Address: 0x10015200)
  • _purecall (Address: 0x10015204)
  • _unlock (Address: 0x100151f8)
  • _vsnprintf (Address: 0x100151ec)
  • _vsnwprintf (Address: 0x100151cc)
  • _XcptFilter (Address: 0x100151dc)
  • ??0exception@@QAE@ABV0@@Z (Address: 0x100151a8)
  • ??0exception@@QAE@XZ (Address: 0x100151ac)
  • ??1exception@@UAE@XZ (Address: 0x100151c0)
  • ??1type_info@@UAE@XZ (Address: 0x10015214)
  • ?what@exception@@UBEPBDXZ (Address: 0x100151b4)
  • free (Address: 0x100151f0)
  • iswxdigit (Address: 0x100151b0)
  • malloc (Address: 0x100151e8)
  • memcpy_s (Address: 0x10015210)
  • memset (Address: 0x10015218)
  • realloc (Address: 0x100151e0)
  • tolower (Address: 0x100151e4)
  • towlower (Address: 0x10015208)
  • wcsncpy_s (Address: 0x100151d4)
USER32.dll
  • DispatchMessageW (Address: 0x10015000)
  • MsgWaitForMultipleObjectsEx (Address: 0x10015008)
  • PeekMessageW (Address: 0x1001500c)
  • TranslateMessage (Address: 0x10015004)