xwreg.dll

Description: Extensible Wizard Registration Manager Module

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 5ba5db9129a0006bd4cfea423f5c0f16

File Size: 118.5 KB

Uploaded At: Dec. 1, 2025, 7:46 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

DllCanUnloadNow (Ordinal: 1, Address: 0x4080)
DllGetClassObject (Ordinal: 2, Address: 0x40a0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CLSIDFromString (Address: 0x180014740)
CoCreateInstance (Address: 0x180014750)
CoTaskMemAlloc (Address: 0x180014748)
CoTaskMemFree (Address: 0x180014758)
CoTaskMemRealloc (Address: 0x180014738)
StringFromGUID2 (Address: 0x180014730)

api-ms-win-core-debug-l1-1-0.dll

OutputDebugStringA (Address: 0x180014768)

api-ms-win-core-delayload-l1-1-0.dll

DelayLoadFailureHook (Address: 0x180014778)

api-ms-win-core-delayload-l1-1-1.dll

ResolveDelayLoadedAPI (Address: 0x180014788)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x1800147a0)
RaiseException (Address: 0x1800147a8)
SetUnhandledExceptionFilter (Address: 0x180014798)
UnhandledExceptionFilter (Address: 0x1800147b0)

api-ms-win-core-file-l1-1-0.dll

DeleteFileW (Address: 0x1800147e8)
FlushFileBuffers (Address: 0x1800147c0)
GetFullPathNameW (Address: 0x1800147d8)
GetTempFileNameW (Address: 0x1800147e0)
ReadFile (Address: 0x1800147f0)
SetFilePointer (Address: 0x1800147c8)
WriteFile (Address: 0x1800147d0)

api-ms-win-core-file-l1-2-0.dll

GetTempPathW (Address: 0x180014800)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x180014818)
DuplicateHandle (Address: 0x180014810)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x180014838)
FindResourceExW (Address: 0x180014848)
FreeLibrary (Address: 0x180014830)
GetModuleFileNameW (Address: 0x180014858)
GetModuleHandleW (Address: 0x180014840)
GetProcAddress (Address: 0x180014860)
LoadLibraryExW (Address: 0x180014828)
LoadResource (Address: 0x180014850)
SizeofResource (Address: 0x180014868)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x180014880)
GetCurrentProcessId (Address: 0x180014890)
GetCurrentThreadId (Address: 0x180014898)
OpenProcessToken (Address: 0x180014888)
TerminateProcess (Address: 0x180014878)

api-ms-win-core-processthreads-l1-1-1.dll

OpenProcess (Address: 0x1800148a8)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x1800148b8)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x1800148e0)
RegCreateKeyExW (Address: 0x1800148c8)
RegDeleteValueW (Address: 0x1800148d8)
RegEnumKeyExW (Address: 0x1800148d0)
RegOpenKeyExW (Address: 0x180014908)
RegQueryInfoKeyW (Address: 0x1800148f8)
RegQueryValueExW (Address: 0x1800148e8)
RegRestoreKeyW (Address: 0x1800148f0)
RegSetValueExW (Address: 0x180014900)

api-ms-win-core-registry-l2-1-0.dll

RegDeleteKeyW (Address: 0x180014920)
RegSaveKeyW (Address: 0x180014918)

api-ms-win-core-rtlsupport-l1-1-0.dll

RtlCaptureContext (Address: 0x180014938)
RtlLookupFunctionEntry (Address: 0x180014940)
RtlVirtualUnwind (Address: 0x180014930)

api-ms-win-core-shlwapi-legacy-l1-1-0.dll

PathFileExistsW (Address: 0x180014958)
PathUnExpandEnvStringsW (Address: 0x180014950)

api-ms-win-core-string-l1-1-0.dll

MultiByteToWideChar (Address: 0x180014968)

api-ms-win-core-string-l2-1-0.dll

CharNextW (Address: 0x180014978)

api-ms-win-core-string-obsolete-l1-1-0.dll

lstrcmpiW (Address: 0x180014988)

api-ms-win-core-synch-l1-1-0.dll

CreateMutexW (Address: 0x1800149c8)
DeleteCriticalSection (Address: 0x180014998)
EnterCriticalSection (Address: 0x1800149d0)
InitializeCriticalSection (Address: 0x1800149a8)
LeaveCriticalSection (Address: 0x1800149c0)
OpenMutexW (Address: 0x1800149b8)
ReleaseMutex (Address: 0x1800149a0)
ReleaseSemaphore (Address: 0x1800149b0)

api-ms-win-core-synch-l1-2-0.dll

Sleep (Address: 0x1800149e0)

api-ms-win-core-synch-l1-2-1.dll

CreateSemaphoreW (Address: 0x1800149f0)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime (Address: 0x180014a08)
GetTickCount (Address: 0x180014a00)

api-ms-win-eventing-classicprovider-l1-1-0.dll

GetTraceEnableFlags (Address: 0x180014a30)
GetTraceEnableLevel (Address: 0x180014a38)
GetTraceLoggerHandle (Address: 0x180014a28)
RegisterTraceGuidsW (Address: 0x180014a40)
TraceMessage (Address: 0x180014a18)
UnregisterTraceGuids (Address: 0x180014a20)

api-ms-win-security-base-l1-1-0.dll

AdjustTokenPrivileges (Address: 0x180014a68)
AllocateAndInitializeSid (Address: 0x180014a50)
CheckTokenMembership (Address: 0x180014a60)
FreeSid (Address: 0x180014a58)

msvcrt.dll

__C_specific_handler (Address: 0x180014b48)
__CxxFrameHandler3 (Address: 0x180014b18)
__dllonexit (Address: 0x180014a88)
_amsg_exit (Address: 0x180014ab0)
_callnewh (Address: 0x180014ad8)
_CxxThrowException (Address: 0x180014ad0)
_errno (Address: 0x180014aa0)
_initterm (Address: 0x180014aa8)
_lock (Address: 0x180014a98)
_onexit (Address: 0x180014a80)
_purecall (Address: 0x180014b38)
_unlock (Address: 0x180014a90)
_vsnprintf (Address: 0x180014ac8)
_vsnwprintf (Address: 0x180014b00)
_XcptFilter (Address: 0x180014ab8)
??0exception@@QEAA@AEBQEBDH@Z (Address: 0x180014b08)
??0exception@@QEAA@AEBV0@@Z (Address: 0x180014af0)
??1exception@@UEAA@XZ (Address: 0x180014ae8)
??1type_info@@UEAA@XZ (Address: 0x180014a78)
?what@exception@@UEBAPEBDXZ (Address: 0x180014ae0)
free (Address: 0x180014b30)
iswxdigit (Address: 0x180014b10)
malloc (Address: 0x180014b28)
memcpy_s (Address: 0x180014b40)
memset (Address: 0x180014b58)
realloc (Address: 0x180014b50)
tolower (Address: 0x180014ac0)
towlower (Address: 0x180014af8)
wcsncpy_s (Address: 0x180014b20)

USER32.dll

DispatchMessageW (Address: 0x180014718)
MsgWaitForMultipleObjectsEx (Address: 0x180014720)
PeekMessageW (Address: 0x180014710)
TranslateMessage (Address: 0x180014708)