DeviceCensus.exe

• File Path: C:\Windows\system32\DeviceCensus.exe
• Description: Device Census

Hashes

Type	Hash
MD5	8159944C79034D2BCABF73D461A7E643
SHA1	9E488437B2233E5AD9ABD3151EC28EA51EB64C2D
SHA256	DBEA7473D5E7B3B4948081DACC6E35327D5A588F4FD0A2D68184BFFD10439296
SHA384	46DBFAF363BC335B3BB688DFAA324F234C86B4A38BFFF986A5822262E905965676D77263A3E7A870FA5B33D238DC94D9
SHA512	49CA6F6357EB41241900F1997759ECCEB3EE0B3905118060F07109FFC2E09D3CB69A7DD2ABE77635DD5D2C41484AD2E889EAAC5882E989E494CCA97ACF7E2440
SSDEEP	384:/ZFRwpU6F4NF1s0bFOaog3N4UA7Oy1All2RtzVrMFWYG4i6XiWbgW7/zD1IDBRJ6:/Dqp1ssuvWRCll0zrMF7G4i6XfnI1PyR

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: DeviceCensus.exe
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.18362.1035 (WinBuild.160101.0800)
• Product Version: 10.0.18362.1035
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	25
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll	27
C:\Windows\system32\AppVClientPS.dll	27
C:\Windows\system32\AppVSentinel.dll	29
C:\Windows\system32\AppVTerminator.dll	29
C:\Windows\system32\avrt.dll	32
C:\Windows\system32\backgroundTaskHost.exe	30
C:\Windows\system32\bootstr.dll	25
C:\Windows\system32\BOOTVID.DLL	30
C:\Windows\system32\computelibeventlog.dll	24
C:\Windows\system32\DefaultDeviceManager.dll	30
C:\Windows\system32\DeviceCensus.exe	83
C:\WINDOWS\system32\DeviceCensus.exe	97
C:\Windows\system32\dllhost.exe	33
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	29
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll	22
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	21
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll	21
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	22
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll	22
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll	29
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	24
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll	21
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll	32
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll	30
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	29
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	25
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	21
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	27
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	27
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	25
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll	30
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	21
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll	32
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll	32
C:\Windows\system32\dsrole.dll	33
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL	32
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL	27
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL	25
C:\Windows\system32\kd.dll	24
C:\Windows\system32\kd_02_1af4.dll	33
C:\Windows\system32\kd_07_1415.dll	27
C:\Windows\system32\kdnet_uart16550.dll	27
C:\Windows\system32\kdstub.dll	32
C:\Windows\system32\ksuser.dll	33
C:\Windows\system32\microsoft-windows-battery-events.dll	30
C:\Windows\system32\microsoft-windows-hal-events.dll	25
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll	29
C:\Windows\system32\msdmo.dll	27
C:\Windows\system32\NDKPing.exe	27
C:\Windows\system32\oobe\FirstLogonAnim.exe	30
C:\Windows\system32\pcwum.dll	25
C:\Windows\system32\prproc.exe	30
C:\Windows\system32\psapi.dll	25
C:\Windows\system32\ResetEngine.exe	33
C:\WINDOWS\system32\ResetEngine.exe	25
C:\WINDOWS\system32\ScriptRunner.exe	25
C:\Windows\system32\setupetw.dll	27
C:\Windows\system32\sfc.dll	24
C:\Windows\system32\SlideToShutDown.exe	27
C:\Windows\system32\smphost.dll	29
C:\Windows\system32\spwizres.dll	30
C:\Windows\system32\streamci.dll	25
C:\Windows\system32\ttdloader.dll	27
C:\Windows\system32\UtilityVmSysprep.dll	25
C:\Windows\system32\uxlibres.dll	29
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll	29
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll	29
C:\Windows\system32\winnsi.dll	30
C:\Windows\system32\wshhyperv.dll	27
C:\Windows\system32\wshunix.dll	25
C:\Windows\system32\wuauclt.exe	27
C:\Windows\SysWOW64\AppVClientPS.dll	27
C:\Windows\SysWOW64\AppVSentinel.dll	25
C:\Windows\SysWOW64\AppVTerminator.dll	24
C:\Windows\SysWOW64\avrt.dll	32
C:\Windows\SysWOW64\backgroundTaskHost.exe	29
C:\Windows\SysWOW64\BOOTVID.DLL	29
C:\Windows\SysWOW64\CameraSettingsUIHost.exe	27
C:\Windows\SysWOW64\DefaultDeviceManager.dll	32
C:\Windows\SysWOW64\dllhost.exe	25
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll	30
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll	27
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	29
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll	29
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	24
C:\Windows\SysWOW64\dsrole.dll	30
C:\Windows\SysWOW64\fltLib.dll	25
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL	22
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll	29
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL	25
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL	30
C:\Windows\SysWOW64\ksuser.dll	25
C:\Windows\SysWOW64\LocationFrameworkPS.dll	32
C:\Windows\SysWOW64\pcwum.dll	24
C:\Windows\SysWOW64\psapi.dll	27
C:\Windows\SysWOW64\sfc.dll	24
C:\Windows\SysWOW64\smphost.dll	29
C:\Windows\SysWOW64\ttdloader.dll	27
C:\Windows\SysWOW64\uxlibres.dll	25
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll	29
C:\Windows\SysWOW64\winnsi.dll	29
C:\Windows\SysWOW64\wshhyperv.dll	27
C:\Windows\SysWOW64\wshunix.dll	27

Possible Misuse

The following table contains possible examples of DeviceCensus.exe being misused. While DeviceCensus.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	image_load_wmi_module_load.yml	- '\DeviceCensus.exe'	DRL 1.0
sigma	registry_event_asep_reg_keys_modification_currentversion.yml	- 'C:\WINDOWS\system32\devicecensus.exe'	DRL 1.0
sigma	registry_event_telemetry_persistence.yml	- '\system32\DeviceCensus.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.