offlinelsa.dll
Description: Windows
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3205
Architecture: 32-bit
Operating System: Windows NT
SHA256: 7c924f22c7a52dda61d7b22694b5d671
File Size: 137.8 KB
Uploaded At: Dec. 1, 2025, 8:37 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- LsaOfflineAddAccountRights (Ordinal: 1, Address: 0x12530)
- LsaOfflineAddPrivilegesToAccount (Ordinal: 2, Address: 0x12300)
- LsaOfflineClose (Ordinal: 3, Address: 0x12890)
- LsaOfflineCreateAccount (Ordinal: 4, Address: 0x120a0)
- LsaOfflineDelete (Ordinal: 5, Address: 0x129c0)
- LsaOfflineEnumerateAccountRights (Ordinal: 6, Address: 0x12440)
- LsaOfflineEnumerateAccounts (Ordinal: 7, Address: 0x11fe0)
- LsaOfflineEnumeratePrivilegesOfAccount (Ordinal: 8, Address: 0x12260)
- LsaOfflineFreeMemory (Ordinal: 9, Address: 0x12a50)
- LsaOfflineGetSystemAccessAccount (Ordinal: 10, Address: 0x12750)
- LsaOfflineOpenAccount (Ordinal: 11, Address: 0x12180)
- LsaOfflineOpenPolicy (Ordinal: 12, Address: 0x11c70)
- LsaOfflineOpenPolicyExternal (Ordinal: 13, Address: 0x11e20)
- LsaOfflineOpenPolicyForInstaller (Ordinal: 14, Address: 0x11d60)
- LsaOfflineQueryInformationPolicy (Ordinal: 15, Address: 0x11f30)
- LsaOfflineRemoveAccountRights (Ordinal: 16, Address: 0x12630)
- LsaOfflineRemovePrivilegesFromAccount (Ordinal: 17, Address: 0x123a0)
- LsaOfflineSetSystemAccessAccount (Ordinal: 18, Address: 0x127f0)
- LsaOfflineSyskeyRequest (Ordinal: 19, Address: 0x12a70)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1001f010)
- IsDebuggerPresent (Address: 0x1001f018)
- OutputDebugStringW (Address: 0x1001f014)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1001f02c)
- SetLastError (Address: 0x1001f028)
- SetUnhandledExceptionFilter (Address: 0x1001f020)
- UnhandledExceptionFilter (Address: 0x1001f024)
api-ms-win-core-file-l1-1-0.dll
- GetFileAttributesW (Address: 0x1001f034)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1001f03c)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1001f04c)
- HeapAlloc (Address: 0x1001f044)
- HeapFree (Address: 0x1001f048)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalAlloc (Address: 0x1001f058)
- LocalFree (Address: 0x1001f054)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- WTSGetActiveConsoleSessionId (Address: 0x1001f060)
api-ms-win-core-libraryloader-l1-1-0.dll
- DisableThreadLibraryCalls (Address: 0x1001f06c)
- GetModuleFileNameA (Address: 0x1001f068)
- GetModuleHandleExW (Address: 0x1001f078)
- GetModuleHandleW (Address: 0x1001f070)
- GetProcAddress (Address: 0x1001f074)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1001f080)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x1001f090)
- VirtualProtect (Address: 0x1001f08c)
- VirtualQuery (Address: 0x1001f088)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x1001f098)
- GetCurrentProcessId (Address: 0x1001f0a8)
- GetCurrentThreadId (Address: 0x1001f09c)
- OpenProcessToken (Address: 0x1001f0a4)
- SetThreadStackGuarantee (Address: 0x1001f0a0)
- TerminateProcess (Address: 0x1001f0ac)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x1001f0b4)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1001f0bc)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1001f0c8)
- AcquireSRWLockShared (Address: 0x1001f100)
- CreateMutexExW (Address: 0x1001f0ec)
- CreateSemaphoreExW (Address: 0x1001f0e8)
- DeleteCriticalSection (Address: 0x1001f0c4)
- EnterCriticalSection (Address: 0x1001f0dc)
- InitializeCriticalSectionEx (Address: 0x1001f0f4)
- InitializeSRWLock (Address: 0x1001f0f0)
- LeaveCriticalSection (Address: 0x1001f0cc)
- OpenSemaphoreW (Address: 0x1001f0f8)
- ReleaseMutex (Address: 0x1001f0fc)
- ReleaseSemaphore (Address: 0x1001f0d8)
- ReleaseSRWLockExclusive (Address: 0x1001f0e4)
- ReleaseSRWLockShared (Address: 0x1001f0e0)
- WaitForSingleObject (Address: 0x1001f0d4)
- WaitForSingleObjectEx (Address: 0x1001f0d0)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x1001f108)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x1001f110)
- GetSystemTimeAsFileTime (Address: 0x1001f114)
- GetTickCount (Address: 0x1001f118)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1001f120)
- CreateThreadpoolTimer (Address: 0x1001f128)
- SetThreadpoolTimer (Address: 0x1001f12c)
- WaitForThreadpoolTimerCallbacks (Address: 0x1001f124)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1001f138)
- GetTraceEnableLevel (Address: 0x1001f13c)
- GetTraceLoggerHandle (Address: 0x1001f134)
- RegisterTraceGuidsW (Address: 0x1001f140)
- TraceMessage (Address: 0x1001f144)
- UnregisterTraceGuids (Address: 0x1001f148)
api-ms-win-security-base-l1-1-0.dll
- DuplicateTokenEx (Address: 0x1001f154)
- GetLengthSid (Address: 0x1001f150)
- GetTokenInformation (Address: 0x1001f158)
- IsValidSid (Address: 0x1001f15c)
api-ms-win-security-cryptoapi-l1-1-0.dll
- CryptAcquireContextW (Address: 0x1001f16c)
- CryptGenRandom (Address: 0x1001f168)
- CryptReleaseContext (Address: 0x1001f164)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupPrivilegeNameW (Address: 0x1001f174)
- LookupPrivilegeValueW (Address: 0x1001f178)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x1001f180)
- ConvertStringSidToSidW (Address: 0x1001f184)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x1001f1a4)
- BCryptCreateHash (Address: 0x1001f1ac)
- BCryptDestroyHash (Address: 0x1001f190)
- BCryptDestroyKey (Address: 0x1001f19c)
- BCryptEncrypt (Address: 0x1001f198)
- BCryptFinishHash (Address: 0x1001f18c)
- BCryptGenerateSymmetricKey (Address: 0x1001f1a0)
- BCryptHashData (Address: 0x1001f194)
- BCryptOpenAlgorithmProvider (Address: 0x1001f1a8)
msvcrt.dll
- __dllonexit (Address: 0x1001f1bc)
- _amsg_exit (Address: 0x1001f1d8)
- _except_handler4_common (Address: 0x1001f1e4)
- _initterm (Address: 0x1001f1c8)
- _lock (Address: 0x1001f1c4)
- _onexit (Address: 0x1001f1b8)
- _purecall (Address: 0x1001f1f0)
- _unlock (Address: 0x1001f1c0)
- _vsnwprintf (Address: 0x1001f1f4)
- _wcsicmp (Address: 0x1001f1e8)
- _XcptFilter (Address: 0x1001f1dc)
- free (Address: 0x1001f1d4)
- malloc (Address: 0x1001f1cc)
- memcmp (Address: 0x1001f1d0)
- memcpy (Address: 0x1001f1b4)
- memcpy_s (Address: 0x1001f1ec)
- memmove_s (Address: 0x1001f1e0)
- memset (Address: 0x1001f1f8)
ntdll.dll
- DbgPrintEx (Address: 0x1001f204)
- NtAdjustPrivilegesToken (Address: 0x1001f234)
- NtClose (Address: 0x1001f2cc)
- NtCreateKey (Address: 0x1001f2c4)
- NtDeleteKey (Address: 0x1001f290)
- NtDeleteValueKey (Address: 0x1001f27c)
- NtDuplicateToken (Address: 0x1001f24c)
- NtFlushKey (Address: 0x1001f2ac)
- NtLoadKey (Address: 0x1001f2b4)
- NtOpenKey (Address: 0x1001f2d8)
- NtOpenProcessToken (Address: 0x1001f250)
- NtOpenThreadToken (Address: 0x1001f23c)
- NtQueryInformationToken (Address: 0x1001f240)
- NtQueryKey (Address: 0x1001f294)
- NtQuerySystemInformation (Address: 0x1001f248)
- NtQueryValueKey (Address: 0x1001f2e0)
- NtSetInformationThread (Address: 0x1001f244)
- NtSetSecurityObject (Address: 0x1001f280)
- NtSetValueKey (Address: 0x1001f274)
- NtUnloadKey2 (Address: 0x1001f2a8)
- RtlAddAccessAllowedAce (Address: 0x1001f224)
- RtlAllocateAndInitializeSid (Address: 0x1001f29c)
- RtlAllocateHeap (Address: 0x1001f20c)
- RtlAnsiStringToUnicodeString (Address: 0x1001f264)
- RtlCompareUnicodeString (Address: 0x1001f254)
- RtlCopySid (Address: 0x1001f2c8)
- RtlCreateAcl (Address: 0x1001f21c)
- RtlCreateSecurityDescriptor (Address: 0x1001f218)
- RtlDosPathNameToRelativeNtPathName_U_WithStatus (Address: 0x1001f2b0)
- RtlEqualSid (Address: 0x1001f238)
- RtlEqualUnicodeString (Address: 0x1001f2c0)
- RtlFormatCurrentUserKeyPath (Address: 0x1001f214)
- RtlFreeAnsiString (Address: 0x1001f268)
- RtlFreeHeap (Address: 0x1001f2a4)
- RtlFreeSid (Address: 0x1001f298)
- RtlFreeUnicodeString (Address: 0x1001f260)
- RtlGetAce (Address: 0x1001f228)
- RtlGetDaclSecurityDescriptor (Address: 0x1001f270)
- RtlGetGroupSecurityDescriptor (Address: 0x1001f278)
- RtlGetOwnerSecurityDescriptor (Address: 0x1001f284)
- RtlGetSaclSecurityDescriptor (Address: 0x1001f288)
- RtlImageNtHeader (Address: 0x1001f26c)
- RtlInitAnsiString (Address: 0x1001f258)
- RtlInitializeRXact (Address: 0x1001f2b8)
- RtlInitUnicodeString (Address: 0x1001f2d4)
- RtlLengthSecurityDescriptor (Address: 0x1001f2bc)
- RtlLengthSid (Address: 0x1001f2d0)
- RtlNewSecurityObject (Address: 0x1001f220)
- RtlpNtEnumerateSubKey (Address: 0x1001f28c)
- RtlRaiseStatus (Address: 0x1001f210)
- RtlReAllocateHeap (Address: 0x1001f208)
- RtlSetDaclSecurityDescriptor (Address: 0x1001f22c)
- RtlSetOwnerSecurityDescriptor (Address: 0x1001f230)
- RtlSubAuthoritySid (Address: 0x1001f2a0)
- RtlUnicodeStringToAnsiString (Address: 0x1001f25c)
- RtlUpcaseUnicodeChar (Address: 0x1001f200)
- RtlValidSid (Address: 0x1001f2dc)
RPCRT4.dll
- RpcStringFreeW (Address: 0x1001f000)
- UuidCreate (Address: 0x1001f008)
- UuidToStringW (Address: 0x1001f004)