offreg.dll

File Path: C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll
Description: Offline registry DLL

Hashes

Type	Hash
MD5	`C8D278AECAB57E8531D611D34B297429`
SHA1	`32052D93DA0AED4EA096FB95FBA0FC3C742245DD`
SHA256	`161F36165DC9D2125153A273C607D97AAC16D8CEC8995E6636DBB668EF3BFB3F`
SHA384	`5BF076B211E9A956AAA75D38E0FCDCA4FDA9BEFB58D826A8C16D3EAA8B71FA6C72CA7533EEB4A935E188B9291D4E374E`
SHA512	`A46AC06EBBD3661DFBCAB8C47746C755F869DEDC1048FCA31CDB668E841BE3C20A04113ECBAB132950A5DD7CC62A470202C467509A979093A1C3AA2E9E26A358`
SSDEEP	`1536:f727gS3CrXu2WLTkDRBkPiRg7NxdtA6Tj:fegqCbu2WyPgLQa`
IMP	`F9DAB6CC9FCAC2E4AD27FA85F13493B8`
PESHA1	`A0C11B35358E0855989B4CB045E47B707979D9E3`
PE256	`29D2A2A4D963A0DE953ED8F3785D672DFA5DF5F786531E2D39B4D1316E5BF3CA`

DLL Exports:

Function Name	Ordinal	Type
`OROpenKey`	15	Exported Function
`ORQueryInfoKey`	16	Exported Function
`OROpenHiveByHandle`	14	Exported Function
`ORGetVirtualFlags`	12	Exported Function
`OROpenHive`	13	Exported Function
`ORSetValue`	20	Exported Function
`ORSetVirtualFlags`	21	Exported Function
`ORSetKeySecurity`	19	Exported Function
`ORRenameKey`	17	Exported Function
`ORSaveHive`	18	Exported Function
`ORGetVersion`	11	Exported Function
`ORCreateKey`	4	Exported Function
`ORDeleteKey`	5	Exported Function
`ORCreateHive`	3	Exported Function
`ORCloseHive`	1	Exported Function
`ORCloseKey`	2	Exported Function
`ORGetKeySecurity`	9	Exported Function
`ORGetValue`	10	Exported Function
`OREnumValue`	8	Exported Function
`ORDeleteValue`	6	Exported Function
`OREnumKey`	7	Exported Function

Signature

Status: Signature verified.
Serial: 3300000239B2B4E82A2234492F000000000239
Thumbprint: 7535269B94C1FEA4A5EF6D808E371DA242F27936
Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: offreg.dll
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.18362.1 (WinBuild.160101.0800)
Product Version: 10.0.18362.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/69
VirusTotal Link: https://www.virustotal.com/gui/file/161f36165dc9d2125153a273c607d97aac16d8cec8995e6636dbb668ef3bfb3f/detection/

MIT License. Copyright (c) 2020-2021 Strontic.