offreg.dll

• File Path: C:\Windows\SysWOW64\offreg.dll
• Description: Offline registry DLL

Hashes

Type	Hash
MD5	79F41F79DEE175C37662374CE27B8855
SHA1	4CE836408BE94F098D0A6B990864EACE93AF2EB5
SHA256	F66D8C74D661A76095276E54B28170268EC9042CE32D8D95FB094D1BD7AC408B
SHA384	9EB5545EB2D8326EC2B1B487916D3DA1CADEA21A7DD593D41DD3A4F1DE83D68E069D7432C9CEF7FFDE793A9BDA4F7AF9
SHA512	1ED23B3EA3FF5FF192087412ECBD98BCAA89CDC6343E657077235717753D7C4016488A19328D3C10085B9CC9DDE5F046D276AA651C6EABA1B6700DA0F8A47C7D
SSDEEP	1536:pcYtGp8/6JeF507kk4jLxOTmUiWdjJfblqZiZR3H:pcYtz/3F507MtOT/ddzEk/3
IMP	FCCDAB95B6A37F64FA88437E33703DED
PESHA1	BD73E749FE1B321CE275120BB07346D6F565B4E5
PE256	8ECB8E01A050548F6EB36446291825579C18AF9042286E9D7E95DE5DCAA024A2

DLL Exports:

Function Name	Ordinal	Type
OROpenHiveByHandle	15	Exported Function
OROpenKey	16	Exported Function
OROpenHive	14	Exported Function
ORGetVirtualFlags	12	Exported Function
ORMergeHives	13	Exported Function
ORQueryInfoKey	17	Exported Function
ORSetValue	21	Exported Function
ORSetVirtualFlags	22	Exported Function
ORSetKeySecurity	20	Exported Function
ORRenameKey	18	Exported Function
ORSaveHive	19	Exported Function
ORCreateKey	4	Exported Function
ORDeleteKey	5	Exported Function
ORCreateHive	3	Exported Function
ORCloseHive	1	Exported Function
ORCloseKey	2	Exported Function
ORDeleteValue	6	Exported Function
ORGetValue	10	Exported Function
ORGetVersion	11	Exported Function
ORGetKeySecurity	9	Exported Function
OREnumKey	7	Exported Function
OREnumValue	8	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: offreg.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/72
• VirusTotal Link: https://www.virustotal.com/gui/file/f66d8c74d661a76095276e54b28170268ec9042ce32d8d95fb094d1bd7ac408b/detection/

MIT License. Copyright (c) 2020-2021 Strontic.