ncryptprov.dll
Description: Microsoft KSP
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6456
Architecture: 32-bit
Operating System: Windows NT
SHA256: a8b6f5d6790206bc3e592347c15922a0
File Size: 270.5 KB
Uploaded At: Dec. 1, 2025, 8:01 a.m.
Views: 22
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- GetKeyStorageInterface (Ordinal: 1, Address: 0xd870)
- SKCacheFlush (Ordinal: 2, Address: 0xdf80)
- SetAuditingInterface (Ordinal: 3, Address: 0x17d10)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x10040000)
api-ms-win-core-com-l1-1-0.dll
- CoTaskMemAlloc (Address: 0x10040008)
- CoTaskMemFree (Address: 0x1004000c)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x10040014)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1004001c)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x10040024)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1004003c)
- DeleteFileW (Address: 0x10040040)
- FindClose (Address: 0x1004002c)
- FindCloseChangeNotification (Address: 0x10040034)
- FindFirstChangeNotificationW (Address: 0x10040038)
- FindFirstFileExW (Address: 0x10040054)
- FindNextChangeNotification (Address: 0x10040050)
- FindNextFileW (Address: 0x1004004c)
- GetFileSize (Address: 0x10040048)
- GetTempFileNameW (Address: 0x10040058)
- ReadFile (Address: 0x10040030)
- WriteFile (Address: 0x10040044)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x10040060)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x10040068)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x10040070)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x10040080)
- HeapAlloc (Address: 0x1004007c)
- HeapFree (Address: 0x10040078)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x10040088)
- LocalFree (Address: 0x1004008c)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x10040094)
- GetModuleFileNameW (Address: 0x100400a4)
- GetModuleHandleExW (Address: 0x100400a8)
- GetModuleHandleW (Address: 0x10040098)
- GetProcAddress (Address: 0x100400a0)
- LoadLibraryExW (Address: 0x1004009c)
- LoadStringW (Address: 0x100400ac)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x100400b8)
- VirtualProtect (Address: 0x100400b4)
- VirtualQuery (Address: 0x100400bc)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x100400c4)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x100400e4)
- GetCurrentProcessId (Address: 0x100400e8)
- GetCurrentThread (Address: 0x100400d4)
- GetCurrentThreadId (Address: 0x100400dc)
- OpenProcessToken (Address: 0x100400e0)
- OpenThreadToken (Address: 0x100400cc)
- SetThreadStackGuarantee (Address: 0x100400d8)
- SetThreadToken (Address: 0x100400d0)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x100400f0)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x100400f8)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x10040100)
- RegCreateKeyExW (Address: 0x10040104)
- RegOpenKeyExA (Address: 0x1004010c)
- RegOpenKeyExW (Address: 0x10040110)
- RegQueryValueExA (Address: 0x10040114)
- RegQueryValueExW (Address: 0x10040108)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x10040120)
- WideCharToMultiByte (Address: 0x1004011c)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x1004013c)
- DeleteCriticalSection (Address: 0x10040128)
- EnterCriticalSection (Address: 0x10040130)
- InitializeCriticalSection (Address: 0x10040138)
- LeaveCriticalSection (Address: 0x1004012c)
- SetEvent (Address: 0x10040134)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x10040144)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x1004014c)
- GetSystemTimeAsFileTime (Address: 0x10040150)
- GetTickCount (Address: 0x10040154)
api-ms-win-core-threadpool-l1-2-0.dll
- CallbackMayRunLong (Address: 0x10040160)
- TrySubmitThreadpoolCallback (Address: 0x1004015c)
api-ms-win-core-xstate-l2-1-0.dll
- GetEnabledXStateFeatures (Address: 0x10040168)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x10040180)
- GetTraceEnableLevel (Address: 0x10040178)
- GetTraceLoggerHandle (Address: 0x10040174)
- TraceMessage (Address: 0x10040170)
- UnregisterTraceGuids (Address: 0x1004017c)
api-ms-win-eventing-obsolete-l1-1-0.dll
- RegisterTraceGuidsA (Address: 0x10040188)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x10040194)
- EventSetInformation (Address: 0x10040190)
- EventUnregister (Address: 0x10040198)
- EventWriteTransfer (Address: 0x1004019c)
api-ms-win-security-base-l1-1-0.dll
- CopySid (Address: 0x100401b8)
- EqualSid (Address: 0x100401a4)
- GetAce (Address: 0x100401c0)
- GetAclInformation (Address: 0x100401c8)
- GetFileSecurityW (Address: 0x100401b0)
- GetLengthSid (Address: 0x100401e0)
- GetSecurityDescriptorControl (Address: 0x100401bc)
- GetSecurityDescriptorDacl (Address: 0x100401dc)
- GetSecurityDescriptorLength (Address: 0x100401a8)
- GetSidIdentifierAuthority (Address: 0x100401c4)
- GetSidSubAuthority (Address: 0x100401d0)
- GetSidSubAuthorityCount (Address: 0x100401d8)
- GetTokenInformation (Address: 0x100401e4)
- IsValidSecurityDescriptor (Address: 0x100401b4)
- IsValidSid (Address: 0x100401ac)
- PrivilegeCheck (Address: 0x100401e8)
- RevertToSelf (Address: 0x100401d4)
- SetFileSecurityW (Address: 0x100401cc)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x100401f0)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x100401f4)
- ConvertStringSidToSidW (Address: 0x100401f8)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x10040200)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x1004025c)
- BCryptCreateHash (Address: 0x10040250)
- BCryptDecrypt (Address: 0x1004023c)
- BCryptDeriveKey (Address: 0x10040220)
- BCryptDestroyHash (Address: 0x10040258)
- BCryptDestroyKey (Address: 0x10040240)
- BCryptDestroySecret (Address: 0x1004021c)
- BCryptDuplicateKey (Address: 0x1004024c)
- BCryptEncrypt (Address: 0x10040244)
- BCryptExportKey (Address: 0x10040268)
- BCryptFinalizeKeyPair (Address: 0x1004022c)
- BCryptFinishHash (Address: 0x10040264)
- BCryptGenerateKeyPair (Address: 0x10040228)
- BCryptGenerateSymmetricKey (Address: 0x10040208)
- BCryptGenRandom (Address: 0x10040238)
- BCryptGetProperty (Address: 0x10040260)
- BCryptHash (Address: 0x10040248)
- BCryptHashData (Address: 0x10040254)
- BCryptImportKey (Address: 0x10040224)
- BCryptImportKeyPair (Address: 0x10040218)
- BCryptKeyDerivation (Address: 0x10040234)
- BCryptOpenAlgorithmProvider (Address: 0x1004026c)
- BCryptSecretAgreement (Address: 0x10040210)
- BCryptSetProperty (Address: 0x10040214)
- BCryptSignHash (Address: 0x1004020c)
- BCryptVerifySignature (Address: 0x10040230)
msvcrt.dll
- _except_handler4_common (Address: 0x1004028c)
- _strlwr (Address: 0x1004027c)
- _vsnwprintf (Address: 0x10040274)
- _wcsicmp (Address: 0x10040288)
- _wcslwr (Address: 0x10040278)
- memcmp (Address: 0x10040294)
- memcpy (Address: 0x10040298)
- memset (Address: 0x1004029c)
- wcscat_s (Address: 0x10040290)
- wcsncmp (Address: 0x10040280)
- wcsncpy_s (Address: 0x10040284)
ncrypt.dll
- NCryptCloseProtectionDescriptor (Address: 0x100402ac)
- NCryptCreateProtectionDescriptor (Address: 0x100402a8)
- NCryptProtectSecret (Address: 0x100402a4)
- NCryptUnprotectSecret (Address: 0x100402b0)
ntdll.dll
- EtwTraceMessage (Address: 0x10040360)
- LdrDisableThreadCalloutsForDll (Address: 0x10040374)
- NtClose (Address: 0x10040344)
- NtCreateFile (Address: 0x10040320)
- NtDuplicateToken (Address: 0x1004031c)
- NtOpenKey (Address: 0x100402e4)
- NtQueryInformationProcess (Address: 0x100402f4)
- NtQueryInformationToken (Address: 0x1004030c)
- NtQuerySystemInformationEx (Address: 0x100402e8)
- NtQueryValueKey (Address: 0x100402ec)
- NtSetInformationThread (Address: 0x10040314)
- NtSetInformationToken (Address: 0x10040318)
- NtTerminateProcess (Address: 0x100402bc)
- RtlAbsoluteToSelfRelativeSD (Address: 0x1004032c)
- RtlAcquireResourceExclusive (Address: 0x1004033c)
- RtlAcquireResourceShared (Address: 0x1004034c)
- RtlAcquireSRWLockExclusive (Address: 0x10040354)
- RtlAllocateAndInitializeSid (Address: 0x10040310)
- RtlAllocateHeap (Address: 0x100402dc)
- RtlAnsiStringToUnicodeString (Address: 0x100402d0)
- RtlAppendUnicodeToString (Address: 0x100402f0)
- RtlCheckTokenCapability (Address: 0x10040300)
- RtlCompareMemory (Address: 0x100402d8)
- RtlDeleteCriticalSection (Address: 0x10040370)
- RtlDeleteResource (Address: 0x10040350)
- RtlDosPathNameToRelativeNtPathName_U (Address: 0x10040334)
- RtlEnterCriticalSection (Address: 0x1004036c)
- RtlFreeAnsiString (Address: 0x100402d4)
- RtlFreeHeap (Address: 0x10040328)
- RtlFreeSid (Address: 0x10040308)
- RtlFreeUnicodeString (Address: 0x100402cc)
- RtlGetControlSecurityDescriptor (Address: 0x10040338)
- RtlImageNtHeader (Address: 0x100402e0)
- RtlInitAnsiString (Address: 0x100402c0)
- RtlInitializeCriticalSection (Address: 0x10040368)
- RtlInitializeResource (Address: 0x10040340)
- RtlInitializeSRWLock (Address: 0x1004035c)
- RtlInitUnicodeString (Address: 0x100402c8)
- RtlLeaveCriticalSection (Address: 0x10040364)
- RtlNtStatusToDosError (Address: 0x10040324)
- RtlReleaseRelativeName (Address: 0x10040330)
- RtlReleaseResource (Address: 0x10040348)
- RtlReleaseSRWLockExclusive (Address: 0x10040358)
- RtlSidDominates (Address: 0x10040304)
- RtlUnhandledExceptionFilter (Address: 0x100402b8)
- RtlUnicodeStringToAnsiString (Address: 0x100402c4)
- WinSqmIncrementDWORD (Address: 0x100402f8)
- WinSqmSetString (Address: 0x100402fc)
profapi.dll
- (Address: 0x1004037c)