offlinelsa.dll
Description: Windows
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.2905
Architecture: 64-bit
Operating System: Windows NT
SHA256: 1a0172c0a50c87e93f7195de6599c10d
File Size: 167.3 KB
Uploaded At: Dec. 1, 2025, 8:17 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- LsaOfflineAddAccountRights (Ordinal: 1, Address: 0x10690)
- LsaOfflineAddPrivilegesToAccount (Ordinal: 2, Address: 0x10400)
- LsaOfflineClose (Ordinal: 3, Address: 0x10a90)
- LsaOfflineCreateAccount (Ordinal: 4, Address: 0x10190)
- LsaOfflineDelete (Ordinal: 5, Address: 0x10c00)
- LsaOfflineEnumerateAccountRights (Ordinal: 6, Address: 0x10570)
- LsaOfflineEnumerateAccounts (Ordinal: 7, Address: 0x100a0)
- LsaOfflineEnumeratePrivilegesOfAccount (Ordinal: 8, Address: 0x10350)
- LsaOfflineFreeMemory (Ordinal: 9, Address: 0x10ca0)
- LsaOfflineGetSystemAccessAccount (Ordinal: 10, Address: 0x10940)
- LsaOfflineOpenAccount (Ordinal: 11, Address: 0x10270)
- LsaOfflineOpenPolicy (Ordinal: 12, Address: 0xfc80)
- LsaOfflineOpenPolicyExternal (Ordinal: 13, Address: 0xfe70)
- LsaOfflineOpenPolicyForInstaller (Ordinal: 14, Address: 0xfd90)
- LsaOfflineQueryInformationPolicy (Ordinal: 15, Address: 0xffd0)
- LsaOfflineRemoveAccountRights (Ordinal: 16, Address: 0x107f0)
- LsaOfflineRemovePrivilegesFromAccount (Ordinal: 17, Address: 0x104b0)
- LsaOfflineSetSystemAccessAccount (Ordinal: 18, Address: 0x109f0)
- LsaOfflineSyskeyRequest (Ordinal: 19, Address: 0x10cd0)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18001e5d8)
- IsDebuggerPresent (Address: 0x18001e5e0)
- OutputDebugStringW (Address: 0x18001e5e8)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18001e608)
- SetLastError (Address: 0x18001e5f8)
- SetUnhandledExceptionFilter (Address: 0x18001e600)
- UnhandledExceptionFilter (Address: 0x18001e610)
api-ms-win-core-file-l1-1-0.dll
- GetFileAttributesW (Address: 0x18001e620)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18001e630)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18001e648)
- HeapAlloc (Address: 0x18001e650)
- HeapFree (Address: 0x18001e640)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalAlloc (Address: 0x18001e668)
- LocalFree (Address: 0x18001e660)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- WTSGetActiveConsoleSessionId (Address: 0x18001e678)
api-ms-win-core-libraryloader-l1-1-0.dll
- DisableThreadLibraryCalls (Address: 0x18001e6a0)
- GetModuleFileNameA (Address: 0x18001e690)
- GetModuleHandleExW (Address: 0x18001e688)
- GetModuleHandleW (Address: 0x18001e6a8)
- GetProcAddress (Address: 0x18001e698)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18001e6b8)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x18001e6c8)
- VirtualProtect (Address: 0x18001e6d0)
- VirtualQuery (Address: 0x18001e6d8)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x18001e708)
- GetCurrentProcessId (Address: 0x18001e6f0)
- GetCurrentThreadId (Address: 0x18001e6f8)
- OpenProcessToken (Address: 0x18001e6e8)
- SetThreadStackGuarantee (Address: 0x18001e700)
- TerminateProcess (Address: 0x18001e710)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18001e720)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18001e730)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18001e760)
- AcquireSRWLockShared (Address: 0x18001e748)
- CreateMutexExW (Address: 0x18001e770)
- CreateSemaphoreExW (Address: 0x18001e758)
- DeleteCriticalSection (Address: 0x18001e750)
- EnterCriticalSection (Address: 0x18001e7a0)
- InitializeCriticalSectionEx (Address: 0x18001e790)
- InitializeSRWLock (Address: 0x18001e788)
- LeaveCriticalSection (Address: 0x18001e768)
- OpenSemaphoreW (Address: 0x18001e7b0)
- ReleaseMutex (Address: 0x18001e7b8)
- ReleaseSemaphore (Address: 0x18001e7a8)
- ReleaseSRWLockExclusive (Address: 0x18001e778)
- ReleaseSRWLockShared (Address: 0x18001e740)
- WaitForSingleObject (Address: 0x18001e780)
- WaitForSingleObjectEx (Address: 0x18001e798)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x18001e7c8)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x18001e7d8)
- GetSystemTimeAsFileTime (Address: 0x18001e7e0)
- GetTickCount (Address: 0x18001e7e8)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x18001e810)
- CreateThreadpoolTimer (Address: 0x18001e808)
- SetThreadpoolTimer (Address: 0x18001e7f8)
- WaitForThreadpoolTimerCallbacks (Address: 0x18001e800)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x18001e830)
- GetTraceEnableLevel (Address: 0x18001e820)
- GetTraceLoggerHandle (Address: 0x18001e848)
- RegisterTraceGuidsW (Address: 0x18001e828)
- TraceMessage (Address: 0x18001e838)
- UnregisterTraceGuids (Address: 0x18001e840)
api-ms-win-security-base-l1-1-0.dll
- DuplicateTokenEx (Address: 0x18001e868)
- GetLengthSid (Address: 0x18001e870)
- GetTokenInformation (Address: 0x18001e860)
- IsValidSid (Address: 0x18001e858)
api-ms-win-security-cryptoapi-l1-1-0.dll
- CryptAcquireContextW (Address: 0x18001e888)
- CryptGenRandom (Address: 0x18001e890)
- CryptReleaseContext (Address: 0x18001e880)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupPrivilegeNameW (Address: 0x18001e8a0)
- LookupPrivilegeValueW (Address: 0x18001e8a8)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x18001e8c0)
- ConvertStringSidToSidW (Address: 0x18001e8b8)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x18001e8f0)
- BCryptCreateHash (Address: 0x18001e8d8)
- BCryptDestroyHash (Address: 0x18001e908)
- BCryptDestroyKey (Address: 0x18001e8e0)
- BCryptEncrypt (Address: 0x18001e8e8)
- BCryptFinishHash (Address: 0x18001e910)
- BCryptGenerateSymmetricKey (Address: 0x18001e8d0)
- BCryptHashData (Address: 0x18001e900)
- BCryptOpenAlgorithmProvider (Address: 0x18001e8f8)
msvcrt.dll
- __C_specific_handler (Address: 0x18001e940)
- __dllonexit (Address: 0x18001e9a0)
- _amsg_exit (Address: 0x18001e988)
- _initterm (Address: 0x18001e978)
- _lock (Address: 0x18001e938)
- _onexit (Address: 0x18001e958)
- _purecall (Address: 0x18001e960)
- _unlock (Address: 0x18001e920)
- _vsnwprintf (Address: 0x18001e980)
- _wcsicmp (Address: 0x18001e930)
- _XcptFilter (Address: 0x18001e950)
- free (Address: 0x18001e998)
- malloc (Address: 0x18001e990)
- memcmp (Address: 0x18001e970)
- memcpy (Address: 0x18001e968)
- memcpy_s (Address: 0x18001e928)
- memmove_s (Address: 0x18001e948)
- memset (Address: 0x18001e9a8)
ntdll.dll
- DbgPrintEx (Address: 0x18001e9c0)
- NtAdjustPrivilegesToken (Address: 0x18001ea38)
- NtClose (Address: 0x18001eb68)
- NtCreateKey (Address: 0x18001eb58)
- NtDeleteKey (Address: 0x18001eaf0)
- NtDeleteValueKey (Address: 0x18001eac8)
- NtDuplicateToken (Address: 0x18001ea68)
- NtFlushKey (Address: 0x18001eb28)
- NtLoadKey (Address: 0x18001eb38)
- NtOpenKey (Address: 0x18001eb80)
- NtOpenProcessToken (Address: 0x18001ea70)
- NtOpenThreadToken (Address: 0x18001ea48)
- NtQueryInformationToken (Address: 0x18001ea50)
- NtQueryKey (Address: 0x18001eaf8)
- NtQuerySystemInformation (Address: 0x18001ea60)
- NtQueryValueKey (Address: 0x18001eaa8)
- NtSetInformationThread (Address: 0x18001ea58)
- NtSetSecurityObject (Address: 0x18001ead0)
- NtSetValueKey (Address: 0x18001eab8)
- NtUnloadKey2 (Address: 0x18001eb20)
- RtlAddAccessAllowedAce (Address: 0x18001ea18)
- RtlAllocateAndInitializeSid (Address: 0x18001eb08)
- RtlAllocateHeap (Address: 0x18001e9d0)
- RtlAnsiStringToUnicodeString (Address: 0x18001eb90)
- RtlCaptureContext (Address: 0x18001e9f8)
- RtlCompareUnicodeString (Address: 0x18001ea78)
- RtlCopySid (Address: 0x18001eb60)
- RtlCreateAcl (Address: 0x18001ea08)
- RtlCreateSecurityDescriptor (Address: 0x18001ea00)
- RtlDosPathNameToRelativeNtPathName_U_WithStatus (Address: 0x18001eb30)
- RtlEqualSid (Address: 0x18001ea40)
- RtlEqualUnicodeString (Address: 0x18001eb50)
- RtlFormatCurrentUserKeyPath (Address: 0x18001e9e0)
- RtlFreeAnsiString (Address: 0x18001eaa0)
- RtlFreeHeap (Address: 0x18001eb18)
- RtlFreeSid (Address: 0x18001eb00)
- RtlFreeUnicodeString (Address: 0x18001ea90)
- RtlGetAce (Address: 0x18001ea20)
- RtlGetDaclSecurityDescriptor (Address: 0x18001eab0)
- RtlGetGroupSecurityDescriptor (Address: 0x18001eac0)
- RtlGetOwnerSecurityDescriptor (Address: 0x18001ead8)
- RtlGetSaclSecurityDescriptor (Address: 0x18001eae0)
- RtlImageNtHeader (Address: 0x18001ea98)
- RtlInitAnsiString (Address: 0x18001ea80)
- RtlInitializeRXact (Address: 0x18001eb40)
- RtlInitUnicodeString (Address: 0x18001eb78)
- RtlLengthSecurityDescriptor (Address: 0x18001eb48)
- RtlLengthSid (Address: 0x18001eb70)
- RtlLookupFunctionEntry (Address: 0x18001e9f0)
- RtlNewSecurityObject (Address: 0x18001ea10)
- RtlpNtEnumerateSubKey (Address: 0x18001eae8)
- RtlRaiseStatus (Address: 0x18001e9d8)
- RtlReAllocateHeap (Address: 0x18001e9c8)
- RtlSetDaclSecurityDescriptor (Address: 0x18001ea28)
- RtlSetOwnerSecurityDescriptor (Address: 0x18001ea30)
- RtlSubAuthoritySid (Address: 0x18001eb10)
- RtlUnicodeStringToAnsiString (Address: 0x18001ea88)
- RtlUpcaseUnicodeChar (Address: 0x18001e9b8)
- RtlValidSid (Address: 0x18001eb88)
- RtlVirtualUnwind (Address: 0x18001e9e8)
RPCRT4.dll
- RpcStringFreeW (Address: 0x18001e5c0)
- UuidCreate (Address: 0x18001e5b8)
- UuidToStringW (Address: 0x18001e5c8)