ncryptprov.dll
Description: Microsoft KSP
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6456
Architecture: 64-bit
Operating System: Windows NT
SHA256: a98b4a31efe52f4c15e616d455191d81
File Size: 346.0 KB
Uploaded At: Dec. 1, 2025, 7:34 a.m.
Views: 4
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- GetKeyStorageInterface (Ordinal: 1, Address: 0x7f40)
- SKCacheFlush (Ordinal: 2, Address: 0x84d0)
- SetAuditingInterface (Ordinal: 3, Address: 0x145b0)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180049dc8)
api-ms-win-core-com-l1-1-0.dll
- CoTaskMemAlloc (Address: 0x180049dd8)
- CoTaskMemFree (Address: 0x180049de0)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180049df0)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180049e00)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180049e18)
- SetLastError (Address: 0x180049e10)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x180049e60)
- DeleteFileW (Address: 0x180049e58)
- FindClose (Address: 0x180049e78)
- FindCloseChangeNotification (Address: 0x180049e50)
- FindFirstChangeNotificationW (Address: 0x180049e70)
- FindFirstFileExW (Address: 0x180049e38)
- FindNextChangeNotification (Address: 0x180049e28)
- FindNextFileW (Address: 0x180049e40)
- GetFileSize (Address: 0x180049e68)
- GetTempFileNameW (Address: 0x180049e48)
- ReadFile (Address: 0x180049e80)
- WriteFile (Address: 0x180049e30)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x180049e90)
api-ms-win-core-file-l2-1-0.dll
- MoveFileExW (Address: 0x180049ea0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180049eb0)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180049ed0)
- HeapAlloc (Address: 0x180049ec0)
- HeapFree (Address: 0x180049ec8)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x180049ee0)
- LocalFree (Address: 0x180049ee8)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x180049f10)
- GetModuleFileNameW (Address: 0x180049ef8)
- GetModuleHandleExW (Address: 0x180049f00)
- GetModuleHandleW (Address: 0x180049f20)
- GetProcAddress (Address: 0x180049f08)
- LoadLibraryExW (Address: 0x180049f18)
- LoadStringW (Address: 0x180049f28)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x180049f38)
- VirtualProtect (Address: 0x180049f40)
- VirtualQuery (Address: 0x180049f48)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x180049f58)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x180049f98)
- GetCurrentProcessId (Address: 0x180049f90)
- GetCurrentThread (Address: 0x180049f68)
- GetCurrentThreadId (Address: 0x180049f80)
- OpenProcessToken (Address: 0x180049f88)
- OpenThreadToken (Address: 0x180049fa0)
- SetThreadStackGuarantee (Address: 0x180049f78)
- SetThreadToken (Address: 0x180049f70)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x180049fb0)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x180049fc0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x180049fe0)
- RegCreateKeyExW (Address: 0x180049ff0)
- RegOpenKeyExA (Address: 0x180049fd0)
- RegOpenKeyExW (Address: 0x180049ff8)
- RegQueryValueExA (Address: 0x180049fd8)
- RegQueryValueExW (Address: 0x180049fe8)
api-ms-win-core-string-l1-1-0.dll
- MultiByteToWideChar (Address: 0x18004a010)
- WideCharToMultiByte (Address: 0x18004a008)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventW (Address: 0x18004a038)
- DeleteCriticalSection (Address: 0x18004a020)
- EnterCriticalSection (Address: 0x18004a040)
- InitializeCriticalSection (Address: 0x18004a030)
- LeaveCriticalSection (Address: 0x18004a028)
- SetEvent (Address: 0x18004a048)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18004a058)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x18004a068)
- GetSystemTimeAsFileTime (Address: 0x18004a078)
- GetTickCount (Address: 0x18004a070)
api-ms-win-core-threadpool-l1-2-0.dll
- CallbackMayRunLong (Address: 0x18004a090)
- TrySubmitThreadpoolCallback (Address: 0x18004a088)
api-ms-win-core-xstate-l2-1-0.dll
- GetEnabledXStateFeatures (Address: 0x18004a0a0)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x18004a0b8)
- GetTraceEnableLevel (Address: 0x18004a0c0)
- GetTraceLoggerHandle (Address: 0x18004a0b0)
- TraceMessage (Address: 0x18004a0c8)
- UnregisterTraceGuids (Address: 0x18004a0d0)
api-ms-win-eventing-obsolete-l1-1-0.dll
- RegisterTraceGuidsA (Address: 0x18004a0e0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventRegister (Address: 0x18004a0f8)
- EventSetInformation (Address: 0x18004a100)
- EventUnregister (Address: 0x18004a0f0)
- EventWriteTransfer (Address: 0x18004a108)
api-ms-win-security-base-l1-1-0.dll
- CopySid (Address: 0x18004a198)
- EqualSid (Address: 0x18004a118)
- GetAce (Address: 0x18004a160)
- GetAclInformation (Address: 0x18004a170)
- GetFileSecurityW (Address: 0x18004a148)
- GetLengthSid (Address: 0x18004a140)
- GetSecurityDescriptorControl (Address: 0x18004a158)
- GetSecurityDescriptorDacl (Address: 0x18004a190)
- GetSecurityDescriptorLength (Address: 0x18004a138)
- GetSidIdentifierAuthority (Address: 0x18004a150)
- GetSidSubAuthority (Address: 0x18004a180)
- GetSidSubAuthorityCount (Address: 0x18004a130)
- GetTokenInformation (Address: 0x18004a1a0)
- IsValidSecurityDescriptor (Address: 0x18004a188)
- IsValidSid (Address: 0x18004a168)
- PrivilegeCheck (Address: 0x18004a120)
- RevertToSelf (Address: 0x18004a128)
- SetFileSecurityW (Address: 0x18004a178)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x18004a1c0)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x18004a1b0)
- ConvertStringSidToSidW (Address: 0x18004a1b8)
api-ms-win-service-private-l1-1-0.dll
- I_QueryTagInformation (Address: 0x18004a1d0)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x18004a288)
- BCryptCreateHash (Address: 0x18004a268)
- BCryptDecrypt (Address: 0x18004a248)
- BCryptDeriveKey (Address: 0x18004a210)
- BCryptDestroyHash (Address: 0x18004a280)
- BCryptDestroyKey (Address: 0x18004a250)
- BCryptDestroySecret (Address: 0x18004a1e8)
- BCryptDuplicateKey (Address: 0x18004a230)
- BCryptEncrypt (Address: 0x18004a258)
- BCryptExportKey (Address: 0x18004a260)
- BCryptFinalizeKeyPair (Address: 0x18004a228)
- BCryptFinishHash (Address: 0x18004a290)
- BCryptGenerateKeyPair (Address: 0x18004a220)
- BCryptGenerateSymmetricKey (Address: 0x18004a1f0)
- BCryptGenRandom (Address: 0x18004a240)
- BCryptGetProperty (Address: 0x18004a2a8)
- BCryptHash (Address: 0x18004a2a0)
- BCryptHashData (Address: 0x18004a278)
- BCryptImportKey (Address: 0x18004a218)
- BCryptImportKeyPair (Address: 0x18004a1e0)
- BCryptKeyDerivation (Address: 0x18004a238)
- BCryptOpenAlgorithmProvider (Address: 0x18004a298)
- BCryptSecretAgreement (Address: 0x18004a208)
- BCryptSetProperty (Address: 0x18004a200)
- BCryptSignHash (Address: 0x18004a1f8)
- BCryptVerifySignature (Address: 0x18004a270)
msvcrt.dll
- __C_specific_handler (Address: 0x18004a2f0)
- _strlwr (Address: 0x18004a2d0)
- _vsnwprintf (Address: 0x18004a2c0)
- _wcsicmp (Address: 0x18004a2b8)
- _wcslwr (Address: 0x18004a2c8)
- memcmp (Address: 0x18004a2f8)
- memcpy (Address: 0x18004a300)
- memset (Address: 0x18004a308)
- strcmp (Address: 0x18004a310)
- wcscat_s (Address: 0x18004a2e8)
- wcscmp (Address: 0x18004a318)
- wcsncmp (Address: 0x18004a2d8)
- wcsncpy_s (Address: 0x18004a2e0)
ncrypt.dll
- NCryptCloseProtectionDescriptor (Address: 0x18004a338)
- NCryptCreateProtectionDescriptor (Address: 0x18004a330)
- NCryptProtectSecret (Address: 0x18004a328)
- NCryptUnprotectSecret (Address: 0x18004a340)
ntdll.dll
- EtwTraceMessage (Address: 0x18004a4a8)
- LdrDisableThreadCalloutsForDll (Address: 0x18004a4e0)
- NtClose (Address: 0x18004a470)
- NtCreateFile (Address: 0x18004a428)
- NtDuplicateToken (Address: 0x18004a420)
- NtOpenKey (Address: 0x18004a3b0)
- NtQueryInformationProcess (Address: 0x18004a3d0)
- NtQueryInformationToken (Address: 0x18004a400)
- NtQuerySystemInformationEx (Address: 0x18004a3b8)
- NtQueryValueKey (Address: 0x18004a3c0)
- NtSetInformationThread (Address: 0x18004a410)
- NtSetInformationToken (Address: 0x18004a418)
- NtTerminateProcess (Address: 0x18004a360)
- RtlAbsoluteToSelfRelativeSD (Address: 0x18004a440)
- RtlAcquireResourceExclusive (Address: 0x18004a460)
- RtlAcquireResourceShared (Address: 0x18004a480)
- RtlAcquireSRWLockExclusive (Address: 0x18004a490)
- RtlAllocateAndInitializeSid (Address: 0x18004a408)
- RtlAllocateHeap (Address: 0x18004a3a0)
- RtlAnsiStringToUnicodeString (Address: 0x18004a388)
- RtlAppendUnicodeToString (Address: 0x18004a3c8)
- RtlCaptureContext (Address: 0x18004a350)
- RtlCheckTokenCapability (Address: 0x18004a3e8)
- RtlCompareMemory (Address: 0x18004a398)
- RtlDeleteCriticalSection (Address: 0x18004a4c8)
- RtlDeleteResource (Address: 0x18004a488)
- RtlDosPathNameToRelativeNtPathName_U (Address: 0x18004a450)
- RtlEnterCriticalSection (Address: 0x18004a4c0)
- RtlFreeAnsiString (Address: 0x18004a390)
- RtlFreeHeap (Address: 0x18004a438)
- RtlFreeSid (Address: 0x18004a3f8)
- RtlFreeUnicodeString (Address: 0x18004a380)
- RtlGetControlSecurityDescriptor (Address: 0x18004a458)
- RtlImageNtHeader (Address: 0x18004a3a8)
- RtlInitAnsiString (Address: 0x18004a368)
- RtlInitializeCriticalSection (Address: 0x18004a4b8)
- RtlInitializeResource (Address: 0x18004a468)
- RtlInitializeSRWLock (Address: 0x18004a4a0)
- RtlInitUnicodeString (Address: 0x18004a378)
- RtlLeaveCriticalSection (Address: 0x18004a4b0)
- RtlLookupFunctionEntry (Address: 0x18004a358)
- RtlNtStatusToDosError (Address: 0x18004a430)
- RtlReleaseRelativeName (Address: 0x18004a448)
- RtlReleaseResource (Address: 0x18004a478)
- RtlReleaseSRWLockExclusive (Address: 0x18004a498)
- RtlSidDominates (Address: 0x18004a3f0)
- RtlUnhandledExceptionFilter (Address: 0x18004a4d0)
- RtlUnicodeStringToAnsiString (Address: 0x18004a370)
- RtlVirtualUnwind (Address: 0x18004a4d8)
- WinSqmIncrementDWORD (Address: 0x18004a3d8)
- WinSqmSetString (Address: 0x18004a3e0)
profapi.dll
- (Address: 0x18004a4f0)