offlinelsa.dll
Description: Windows
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4467
Architecture: 32-bit
Operating System: Windows NT
SHA256: 4744bb5dd69f48715440ef209cd4982c
File Size: 113.4 KB
Uploaded At: Dec. 1, 2025, 8:37 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- LsaOfflineAddAccountRights (Ordinal: 1, Address: 0xce40)
- LsaOfflineAddPrivilegesToAccount (Ordinal: 2, Address: 0xcc10)
- LsaOfflineClose (Ordinal: 3, Address: 0xd1a0)
- LsaOfflineCreateAccount (Ordinal: 4, Address: 0xc9b0)
- LsaOfflineDelete (Ordinal: 5, Address: 0xd2d0)
- LsaOfflineEnumerateAccountRights (Ordinal: 6, Address: 0xcd50)
- LsaOfflineEnumerateAccounts (Ordinal: 7, Address: 0xc8f0)
- LsaOfflineEnumeratePrivilegesOfAccount (Ordinal: 8, Address: 0xcb70)
- LsaOfflineFreeMemory (Ordinal: 9, Address: 0xd360)
- LsaOfflineGetSystemAccessAccount (Ordinal: 10, Address: 0xd060)
- LsaOfflineOpenAccount (Ordinal: 11, Address: 0xca90)
- LsaOfflineOpenPolicy (Ordinal: 12, Address: 0xc580)
- LsaOfflineOpenPolicyExternal (Ordinal: 13, Address: 0xc730)
- LsaOfflineOpenPolicyForInstaller (Ordinal: 14, Address: 0xc670)
- LsaOfflineQueryInformationPolicy (Ordinal: 15, Address: 0xc840)
- LsaOfflineRemoveAccountRights (Ordinal: 16, Address: 0xcf40)
- LsaOfflineRemovePrivilegesFromAccount (Ordinal: 17, Address: 0xccb0)
- LsaOfflineSetSystemAccessAccount (Ordinal: 18, Address: 0xd100)
- LsaOfflineSyskeyRequest (Ordinal: 19, Address: 0xd380)
Imported DLLs & Functions
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x10019018)
- SetUnhandledExceptionFilter (Address: 0x10019014)
- UnhandledExceptionFilter (Address: 0x10019010)
api-ms-win-core-file-l1-1-0.dll
- GetFileAttributesW (Address: 0x10019020)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x10019028)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalAlloc (Address: 0x10019030)
- LocalFree (Address: 0x10019034)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- WTSGetActiveConsoleSessionId (Address: 0x1001903c)
api-ms-win-core-libraryloader-l1-1-0.dll
- DisableThreadLibraryCalls (Address: 0x10019044)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x1001904c)
- VirtualProtect (Address: 0x10019054)
- VirtualQuery (Address: 0x10019050)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x10019068)
- GetCurrentProcessId (Address: 0x1001905c)
- GetCurrentThreadId (Address: 0x1001906c)
- OpenProcessToken (Address: 0x10019064)
- SetThreadStackGuarantee (Address: 0x10019070)
- TerminateProcess (Address: 0x10019060)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x10019078)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x10019080)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1001908c)
- InitializeSRWLock (Address: 0x10019090)
- ReleaseSRWLockExclusive (Address: 0x10019088)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x10019098)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x100190a8)
- GetSystemTimeAsFileTime (Address: 0x100190a0)
- GetTickCount (Address: 0x100190a4)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x100190b8)
- GetTraceEnableLevel (Address: 0x100190b4)
- GetTraceLoggerHandle (Address: 0x100190bc)
- RegisterTraceGuidsW (Address: 0x100190c4)
- TraceMessage (Address: 0x100190c0)
- UnregisterTraceGuids (Address: 0x100190b0)
api-ms-win-security-base-l1-1-0.dll
- DuplicateTokenEx (Address: 0x100190d4)
- GetLengthSid (Address: 0x100190cc)
- GetTokenInformation (Address: 0x100190d0)
- IsValidSid (Address: 0x100190d8)
api-ms-win-security-cryptoapi-l1-1-0.dll
- CryptAcquireContextW (Address: 0x100190e8)
- CryptGenRandom (Address: 0x100190e0)
- CryptReleaseContext (Address: 0x100190e4)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupPrivilegeNameW (Address: 0x100190f4)
- LookupPrivilegeValueW (Address: 0x100190f0)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x100190fc)
- ConvertStringSidToSidW (Address: 0x10019100)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x10019124)
- BCryptCreateHash (Address: 0x10019128)
- BCryptDestroyHash (Address: 0x1001910c)
- BCryptDestroyKey (Address: 0x1001911c)
- BCryptEncrypt (Address: 0x10019110)
- BCryptFinishHash (Address: 0x10019118)
- BCryptGenerateSymmetricKey (Address: 0x10019108)
- BCryptHashData (Address: 0x10019114)
- BCryptOpenAlgorithmProvider (Address: 0x10019120)
msvcrt.dll
- _amsg_exit (Address: 0x10019144)
- _except_handler4_common (Address: 0x10019138)
- _initterm (Address: 0x10019134)
- _purecall (Address: 0x10019150)
- _vsnwprintf (Address: 0x10019130)
- _wcsicmp (Address: 0x1001914c)
- _XcptFilter (Address: 0x10019148)
- free (Address: 0x10019140)
- malloc (Address: 0x1001913c)
- memcpy (Address: 0x10019154)
- memset (Address: 0x10019158)
ntdll.dll
- DbgPrintEx (Address: 0x10019164)
- NtAdjustPrivilegesToken (Address: 0x10019194)
- NtClose (Address: 0x1001922c)
- NtCreateKey (Address: 0x10019224)
- NtDeleteKey (Address: 0x100191f0)
- NtDeleteValueKey (Address: 0x100191dc)
- NtDuplicateToken (Address: 0x100191ac)
- NtFlushKey (Address: 0x1001920c)
- NtLoadKey (Address: 0x10019214)
- NtOpenKey (Address: 0x10019238)
- NtOpenProcessToken (Address: 0x100191b0)
- NtOpenThreadToken (Address: 0x1001919c)
- NtQueryInformationToken (Address: 0x100191a0)
- NtQueryKey (Address: 0x100191f4)
- NtQuerySystemInformation (Address: 0x100191a8)
- NtQueryValueKey (Address: 0x10019240)
- NtSetInformationThread (Address: 0x100191a4)
- NtSetSecurityObject (Address: 0x100191e0)
- NtSetValueKey (Address: 0x100191d4)
- NtUnloadKey2 (Address: 0x10019208)
- RtlAddAccessAllowedAce (Address: 0x10019184)
- RtlAllocateAndInitializeSid (Address: 0x100191fc)
- RtlAllocateHeap (Address: 0x1001916c)
- RtlAnsiStringToUnicodeString (Address: 0x100191c4)
- RtlCompareUnicodeString (Address: 0x100191b4)
- RtlCopySid (Address: 0x10019228)
- RtlCreateAcl (Address: 0x1001917c)
- RtlCreateSecurityDescriptor (Address: 0x10019178)
- RtlDosPathNameToRelativeNtPathName_U_WithStatus (Address: 0x10019210)
- RtlEqualSid (Address: 0x10019198)
- RtlEqualUnicodeString (Address: 0x10019220)
- RtlFormatCurrentUserKeyPath (Address: 0x10019174)
- RtlFreeAnsiString (Address: 0x100191c8)
- RtlFreeHeap (Address: 0x10019204)
- RtlFreeSid (Address: 0x100191f8)
- RtlFreeUnicodeString (Address: 0x100191c0)
- RtlGetAce (Address: 0x10019188)
- RtlGetDaclSecurityDescriptor (Address: 0x100191d0)
- RtlGetGroupSecurityDescriptor (Address: 0x100191d8)
- RtlGetOwnerSecurityDescriptor (Address: 0x100191e4)
- RtlGetSaclSecurityDescriptor (Address: 0x100191e8)
- RtlImageNtHeader (Address: 0x100191cc)
- RtlInitAnsiString (Address: 0x100191b8)
- RtlInitializeRXact (Address: 0x10019218)
- RtlInitUnicodeString (Address: 0x10019234)
- RtlLengthSecurityDescriptor (Address: 0x1001921c)
- RtlLengthSid (Address: 0x10019230)
- RtlNewSecurityObject (Address: 0x10019180)
- RtlpNtEnumerateSubKey (Address: 0x100191ec)
- RtlRaiseStatus (Address: 0x10019170)
- RtlReAllocateHeap (Address: 0x10019168)
- RtlSetDaclSecurityDescriptor (Address: 0x1001918c)
- RtlSetOwnerSecurityDescriptor (Address: 0x10019190)
- RtlSubAuthoritySid (Address: 0x10019200)
- RtlUnicodeStringToAnsiString (Address: 0x100191bc)
- RtlUpcaseUnicodeChar (Address: 0x10019160)
- RtlValidSid (Address: 0x1001923c)
RPCRT4.dll
- RpcStringFreeW (Address: 0x10019000)
- UuidCreate (Address: 0x10019004)
- UuidToStringW (Address: 0x10019008)