dsreg.dll

• File Path: C:\Windows\SysWOW64\dsreg.dll
• Description: AD/AAD User Device Registration

Hashes

Type	Hash
MD5	0189C68C6BC6F5745C720B24EF6659EE
SHA1	B2FD62C86AAD424B7B9270E9EB7ACEDE079E9CC0
SHA256	3C8637E4CD64B4D97C50B38B085692ED6C912DF901588A036E12BA3D08947433
SHA384	6D24B0BB57B9F1639C9C35200C7E0B8369D06032F66805644329548927AE7A96DAE9FAFF82FA8822DB5D8B943D95F7CA
SHA512	CEFEDA695C77D2E6A57799DCDAAABD80BF8CEE7AF7D08E1B2A94F1DD9AAE9D3E31508983932AA177890D409B4E2572E2AFED9FAD178AA8D022474B8FA01C1F09
SSDEEP	24576:BcGJGzb3TJISq51++2Nt0v9b8kN62uaVfL89E:BcGJGzb3TSFs+A0zN62H9Lr
IMP	44E66016AB57BEACA89C6D0E140D4E61
PESHA1	B0DE4E5826291FF2A83B6D2C59AB903D54D9D1C7
PE256	6C980B36A47C035A3EA3C54A08A4F1C550896C28480D803DECA58052DBFEE16F

DLL Exports:

Function Name	Ordinal	Type
DsrWriteAutoJoinSvcDebugEvent	33	Exported Function
DsrWriteAutoJoinSvcAdminEvent	32	Exported Function
DsrSaveWorkplaceTokenProperties	31	Exported Function
FidoRegisterKey	36	Exported Function
FidoDeregisterKey	35	Exported Function
DsrWriteAutoJoinSvcTriggerEvent	34	Exported Function
DsrIsDeviceJoined	27	Exported Function
DsrGetResourceAccount	26	Exported Function
DsrGetPrtAuthorityInfo	25	Exported Function
DsrSaveDeviceTokenProperties	30	Exported Function
DsrIsWorkplaceJoined	29	Exported Function
DsrIsDeviceJoinedEx	28	Exported Function
NgcRegisterKey	45	Exported Function
NgcReadRegistryValue	44	Exported Function
NgcNeedProvisionForAccount	43	Exported Function
NgcUpdateStatistics	48	Exported Function
NgcUpdateCertEnrollStatistics	47	Exported Function
NgcResetPinRetryAttempts	46	Exported Function
NgcGetLogonCertPolicy	39	Exported Function
NgcGetKeyId	38	Exported Function
NgcDeregisterKey	37	Exported Function
NgcNeedProvision	42	Exported Function
NgcIncrementPinRetryAttempts	41	Exported Function
NgcGetStatistics	40	Exported Function
DsrBeginWorkplaceJoin	9	Exported Function
DsrBeginRecovery	8	Exported Function
DsrBeginPreprovisionedDeviceJoin	7	Exported Function
DsrCanCurrentUserProvisionNgcKey	13	Exported Function
DsrBeginWorkplaceUpdate	11	Exported Function
DsrBeginWorkplaceUnjoin	10	Exported Function
DsrBeginDeviceJoin	3	Exported Function
DsrBeginDeviceAndResourceAccountJoin	2	Exported Function
DsrBeginDelegatedWorkplaceJoin	1	Exported Function
DsrBeginDiscover	6	Exported Function
DsrBeginDeviceUpdate	5	Exported Function
DsrBeginDeviceUnjoin	4	Exported Function
DsrGetCxhScenarioInfo	21	Exported Function
DsrGetCurrentUserNgcProvisionStatus	20	Exported Function
DsrFreeJoinInfoEx	19	Exported Function
DsrGetJoinInfoEx	24	Exported Function
DsrGetJoinInfo	23	Exported Function
DsrGetDomainRegistrationData	22	Exported Function
DsrEndRecovery	15	Exported Function
DsrCLI	12	Exported Function
DsrCanCurrentUserResetNgcKey	14	Exported Function
DsrFreeJoinInfo	18	Exported Function
DsrFreeDiscoveryMetadata	17	Exported Function
DsrFreeCxhScenarioInfo	16	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: dsreg.dll.mui
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/69
• VirusTotal Link: https://www.virustotal.com/gui/file/3c8637e4cd64b4d97c50b38b085692ed6c912df901588a036e12ba3d08947433/detection/

MIT License. Copyright (c) 2020-2021 Strontic.