offlinelsa.dll
Description: Windows
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5071
Architecture: 64-bit
Operating System: Windows NT
SHA256: a98deb05de71dec8e118bbcbd9b70bc3
File Size: 133.0 KB
Uploaded At: Dec. 1, 2025, 8:18 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- LsaOfflineAddAccountRights (Ordinal: 1, Address: 0x9600)
- LsaOfflineAddPrivilegesToAccount (Ordinal: 2, Address: 0x9370)
- LsaOfflineClose (Ordinal: 3, Address: 0x9a00)
- LsaOfflineCreateAccount (Ordinal: 4, Address: 0x9100)
- LsaOfflineDelete (Ordinal: 5, Address: 0x9b70)
- LsaOfflineEnumerateAccountRights (Ordinal: 6, Address: 0x94e0)
- LsaOfflineEnumerateAccounts (Ordinal: 7, Address: 0x9010)
- LsaOfflineEnumeratePrivilegesOfAccount (Ordinal: 8, Address: 0x92c0)
- LsaOfflineFreeMemory (Ordinal: 9, Address: 0x9c10)
- LsaOfflineGetSystemAccessAccount (Ordinal: 10, Address: 0x98b0)
- LsaOfflineOpenAccount (Ordinal: 11, Address: 0x91e0)
- LsaOfflineOpenPolicy (Ordinal: 12, Address: 0x8bf0)
- LsaOfflineOpenPolicyExternal (Ordinal: 13, Address: 0x8de0)
- LsaOfflineOpenPolicyForInstaller (Ordinal: 14, Address: 0x8d00)
- LsaOfflineQueryInformationPolicy (Ordinal: 15, Address: 0x8f40)
- LsaOfflineRemoveAccountRights (Ordinal: 16, Address: 0x9760)
- LsaOfflineRemovePrivilegesFromAccount (Ordinal: 17, Address: 0x9420)
- LsaOfflineSetSystemAccessAccount (Ordinal: 18, Address: 0x9960)
- LsaOfflineSyskeyRequest (Ordinal: 19, Address: 0x9c40)
Imported DLLs & Functions
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180016590)
- SetUnhandledExceptionFilter (Address: 0x180016588)
- UnhandledExceptionFilter (Address: 0x180016598)
api-ms-win-core-file-l1-1-0.dll
- GetFileAttributesW (Address: 0x1800165a8)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800165b8)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalAlloc (Address: 0x1800165d0)
- LocalFree (Address: 0x1800165c8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- WTSGetActiveConsoleSessionId (Address: 0x1800165e0)
api-ms-win-core-libraryloader-l1-1-0.dll
- DisableThreadLibraryCalls (Address: 0x1800165f0)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x180016610)
- VirtualProtect (Address: 0x180016608)
- VirtualQuery (Address: 0x180016600)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x180016638)
- GetCurrentProcessId (Address: 0x180016620)
- GetCurrentThreadId (Address: 0x180016648)
- OpenProcessToken (Address: 0x180016640)
- SetThreadStackGuarantee (Address: 0x180016628)
- TerminateProcess (Address: 0x180016630)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x180016658)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180016668)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180016680)
- InitializeSRWLock (Address: 0x180016688)
- ReleaseSRWLockExclusive (Address: 0x180016678)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180016698)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemInfo (Address: 0x1800166b8)
- GetSystemTimeAsFileTime (Address: 0x1800166a8)
- GetTickCount (Address: 0x1800166b0)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800166d8)
- GetTraceEnableLevel (Address: 0x1800166d0)
- GetTraceLoggerHandle (Address: 0x1800166e0)
- RegisterTraceGuidsW (Address: 0x1800166f0)
- TraceMessage (Address: 0x1800166e8)
- UnregisterTraceGuids (Address: 0x1800166c8)
api-ms-win-security-base-l1-1-0.dll
- DuplicateTokenEx (Address: 0x180016710)
- GetLengthSid (Address: 0x180016700)
- GetTokenInformation (Address: 0x180016708)
- IsValidSid (Address: 0x180016718)
api-ms-win-security-cryptoapi-l1-1-0.dll
- CryptAcquireContextW (Address: 0x180016738)
- CryptGenRandom (Address: 0x180016728)
- CryptReleaseContext (Address: 0x180016730)
api-ms-win-security-lsalookup-l2-1-0.dll
- LookupPrivilegeNameW (Address: 0x180016750)
- LookupPrivilegeValueW (Address: 0x180016748)
api-ms-win-security-sddl-l1-1-0.dll
- ConvertSidToStringSidW (Address: 0x180016768)
- ConvertStringSidToSidW (Address: 0x180016760)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x1800167a0)
- BCryptCreateHash (Address: 0x1800167b8)
- BCryptDestroyHash (Address: 0x180016778)
- BCryptDestroyKey (Address: 0x180016780)
- BCryptEncrypt (Address: 0x1800167b0)
- BCryptFinishHash (Address: 0x180016798)
- BCryptGenerateSymmetricKey (Address: 0x180016788)
- BCryptHashData (Address: 0x1800167a8)
- BCryptOpenAlgorithmProvider (Address: 0x180016790)
msvcrt.dll
- __C_specific_handler (Address: 0x1800167e0)
- _amsg_exit (Address: 0x1800167f0)
- _initterm (Address: 0x1800167d8)
- _purecall (Address: 0x180016808)
- _vsnwprintf (Address: 0x1800167d0)
- _wcsicmp (Address: 0x180016800)
- _XcptFilter (Address: 0x1800167f8)
- free (Address: 0x1800167c8)
- malloc (Address: 0x1800167e8)
- memcpy (Address: 0x180016810)
- memset (Address: 0x180016818)
ntdll.dll
- DbgPrintEx (Address: 0x180016830)
- NtAdjustPrivilegesToken (Address: 0x1800168a8)
- NtClose (Address: 0x1800169d8)
- NtCreateKey (Address: 0x1800169c8)
- NtDeleteKey (Address: 0x180016960)
- NtDeleteValueKey (Address: 0x180016938)
- NtDuplicateToken (Address: 0x1800168d8)
- NtFlushKey (Address: 0x180016998)
- NtLoadKey (Address: 0x1800169a8)
- NtOpenKey (Address: 0x1800169f0)
- NtOpenProcessToken (Address: 0x1800168e0)
- NtOpenThreadToken (Address: 0x1800168b8)
- NtQueryInformationToken (Address: 0x1800168c0)
- NtQueryKey (Address: 0x180016968)
- NtQuerySystemInformation (Address: 0x1800168d0)
- NtQueryValueKey (Address: 0x180016918)
- NtSetInformationThread (Address: 0x1800168c8)
- NtSetSecurityObject (Address: 0x180016940)
- NtSetValueKey (Address: 0x180016928)
- NtUnloadKey2 (Address: 0x180016990)
- RtlAddAccessAllowedAce (Address: 0x180016888)
- RtlAllocateAndInitializeSid (Address: 0x180016978)
- RtlAllocateHeap (Address: 0x180016840)
- RtlAnsiStringToUnicodeString (Address: 0x180016a00)
- RtlCaptureContext (Address: 0x180016868)
- RtlCompareUnicodeString (Address: 0x1800168e8)
- RtlCopySid (Address: 0x1800169d0)
- RtlCreateAcl (Address: 0x180016878)
- RtlCreateSecurityDescriptor (Address: 0x180016870)
- RtlDosPathNameToRelativeNtPathName_U_WithStatus (Address: 0x1800169a0)
- RtlEqualSid (Address: 0x1800168b0)
- RtlEqualUnicodeString (Address: 0x1800169c0)
- RtlFormatCurrentUserKeyPath (Address: 0x180016850)
- RtlFreeAnsiString (Address: 0x180016910)
- RtlFreeHeap (Address: 0x180016988)
- RtlFreeSid (Address: 0x180016970)
- RtlFreeUnicodeString (Address: 0x180016900)
- RtlGetAce (Address: 0x180016890)
- RtlGetDaclSecurityDescriptor (Address: 0x180016920)
- RtlGetGroupSecurityDescriptor (Address: 0x180016930)
- RtlGetOwnerSecurityDescriptor (Address: 0x180016948)
- RtlGetSaclSecurityDescriptor (Address: 0x180016950)
- RtlImageNtHeader (Address: 0x180016908)
- RtlInitAnsiString (Address: 0x1800168f0)
- RtlInitializeRXact (Address: 0x1800169b0)
- RtlInitUnicodeString (Address: 0x1800169e8)
- RtlLengthSecurityDescriptor (Address: 0x1800169b8)
- RtlLengthSid (Address: 0x1800169e0)
- RtlLookupFunctionEntry (Address: 0x180016860)
- RtlNewSecurityObject (Address: 0x180016880)
- RtlpNtEnumerateSubKey (Address: 0x180016958)
- RtlRaiseStatus (Address: 0x180016848)
- RtlReAllocateHeap (Address: 0x180016838)
- RtlSetDaclSecurityDescriptor (Address: 0x180016898)
- RtlSetOwnerSecurityDescriptor (Address: 0x1800168a0)
- RtlSubAuthoritySid (Address: 0x180016980)
- RtlUnicodeStringToAnsiString (Address: 0x1800168f8)
- RtlUpcaseUnicodeChar (Address: 0x180016828)
- RtlValidSid (Address: 0x1800169f8)
- RtlVirtualUnwind (Address: 0x180016858)
RPCRT4.dll
- RpcStringFreeW (Address: 0x180016568)
- UuidCreate (Address: 0x180016570)
- UuidToStringW (Address: 0x180016578)