DeviceCensus.exe

• File Path: C:\WINDOWS\system32\DeviceCensus.exe
• Description: Device Census

Hashes

Type	Hash
MD5	AC7BD0E738FDE12FB29DA98D88C903EA
SHA1	83DCF09996467B8C9ED3DB56172E9DBC5D86A0C8
SHA256	42D05239F096FB64197CD00BACCE0C0B390D9889BD108638BA792DE35BC2562E
SHA384	5DECB50AA5DE13EE19BED441130256B300C34F4DD1D1B478F673E66383C28C9120307616A9D1C053DD41C6AA320D42C6
SHA512	0BA268A9F52ABC3B28E6533AAE505A722DC79B13BBC690919DB03ACE9F9B2D82C5D3444A9BE9E14CC1003FCE63E437147BB1CC01FB1CA17CE8612B4DD3724010
SSDEEP	384:/9FRwpU6F4NF1s0bFOaog3N4UA7Oy1All2RtzVrMFWYG4i6XiWbgW7/zD1IDBRJ3:/3qp1ssuvWRCll0zrMF7G4i6XfnI1P3

Runtime Data

Child Processes:

conhost.exe

Signature

• Status: Signature verified.
• Serial: 330000023241FB59996DCC4DFF000000000232
• Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: DeviceCensus.exe
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.18362.1035 (WinBuild.160101.0800)
• Product Version: 10.0.18362.1035
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	27
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll	27
C:\Windows\system32\AppVClientPS.dll	27
C:\Windows\system32\AppVSentinel.dll	29
C:\Windows\system32\AppVTerminator.dll	29
C:\Windows\system32\avrt.dll	32
C:\Windows\system32\backgroundTaskHost.exe	30
C:\Windows\system32\bootstr.dll	24
C:\Windows\system32\BOOTVID.DLL	32
C:\Windows\system32\computelibeventlog.dll	24
C:\Windows\system32\DefaultDeviceManager.dll	30
C:\Windows\system32\DeviceCensus.exe	85
C:\Windows\system32\DeviceCensus.exe	97
C:\Windows\system32\dllhost.exe	30
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll	29
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	29
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll	22
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll	25
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll	27
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	21
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll	21
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	22
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll	22
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	21
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll	29
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	25
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll	21
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll	30
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll	27
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	21
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	27
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	25
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	21
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll	29
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	27
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	27
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	24
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll	22
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll	24
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll	25
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll	30
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	21
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll	33
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll	33
C:\Windows\system32\dsrole.dll	33
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL	32
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL	27
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL	27
C:\Windows\system32\kd.dll	24
C:\Windows\system32\kd_02_1af4.dll	32
C:\Windows\system32\kd_07_1415.dll	27
C:\Windows\system32\kdnet_uart16550.dll	27
C:\Windows\system32\kdstub.dll	32
C:\Windows\system32\ksuser.dll	33
C:\Windows\system32\microsoft-windows-battery-events.dll	32
C:\Windows\system32\microsoft-windows-hal-events.dll	25
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll	29
C:\Windows\system32\msdmo.dll	27
C:\Windows\system32\NDKPing.exe	27
C:\Windows\system32\oobe\FirstLogonAnim.exe	30
C:\Windows\system32\pcwum.dll	25
C:\Windows\system32\prproc.exe	30
C:\Windows\system32\psapi.dll	25
C:\Windows\system32\ResetEngine.exe	33
C:\WINDOWS\system32\ResetEngine.exe	25
C:\WINDOWS\system32\ScriptRunner.exe	29
C:\Windows\system32\setupetw.dll	27
C:\Windows\system32\sfc.dll	24
C:\Windows\system32\SlideToShutDown.exe	27
C:\Windows\system32\smphost.dll	29
C:\Windows\system32\spwizres.dll	30
C:\Windows\system32\streamci.dll	25
C:\Windows\system32\ttdloader.dll	27
C:\Windows\system32\UtilityVmSysprep.dll	25
C:\Windows\system32\uxlibres.dll	29
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll	29
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll	27
C:\Windows\system32\winnsi.dll	30
C:\Windows\system32\wshhyperv.dll	27
C:\Windows\system32\wshunix.dll	29
C:\Windows\system32\wuauclt.exe	27
C:\Windows\SysWOW64\AppVClientPS.dll	27
C:\Windows\SysWOW64\AppVSentinel.dll	25
C:\Windows\SysWOW64\AppVTerminator.dll	22
C:\Windows\SysWOW64\avrt.dll	33
C:\Windows\SysWOW64\backgroundTaskHost.exe	29
C:\Windows\SysWOW64\BOOTVID.DLL	27
C:\Windows\SysWOW64\CameraSettingsUIHost.exe	27
C:\Windows\SysWOW64\DefaultDeviceManager.dll	32
C:\Windows\SysWOW64\dllhost.exe	25
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll	27
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	29
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll	29
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	21
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	25
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll	25
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll	22
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll	24
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	24
C:\Windows\SysWOW64\dsrole.dll	29
C:\Windows\SysWOW64\fltLib.dll	29
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL	22
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll	29
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL	24
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL	30
C:\Windows\SysWOW64\ksuser.dll	25
C:\Windows\SysWOW64\LocationFrameworkPS.dll	32
C:\Windows\SysWOW64\pcwum.dll	24
C:\Windows\SysWOW64\psapi.dll	25
C:\Windows\SysWOW64\sfc.dll	24
C:\Windows\SysWOW64\smphost.dll	29
C:\Windows\SysWOW64\ttdloader.dll	27
C:\Windows\SysWOW64\uxlibres.dll	25
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll	29
C:\Windows\SysWOW64\winnsi.dll	29
C:\Windows\SysWOW64\wshhyperv.dll	27
C:\Windows\SysWOW64\wshunix.dll	27

Possible Misuse

The following table contains possible examples of DeviceCensus.exe being misused. While DeviceCensus.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	image_load_wmi_module_load.yml	- '\DeviceCensus.exe'	DRL 1.0
sigma	registry_event_asep_reg_keys_modification_currentversion.yml	- 'C:\WINDOWS\system32\devicecensus.exe'	DRL 1.0
sigma	registry_event_telemetry_persistence.yml	- '\system32\DeviceCensus.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.