Update malware-analysis_ref_and_memo.md

malware-analysis_ref_and_memo.md

@@ -543,6 +543,8 @@ Injecition/Hollowingされたプロセスの自動検出<br>
 |[InitializeListHead](https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-initializelisthead)<br>wdm.h (include Wdm.h, Ntddk.h, Ntifs.h, Wudfwdm.h)|PLIST_ENTRY ListHead|-|LIST_ENTRY構造体の初期化|
 |[CreateMutex](https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-createmutexa)<br>kernel32/synchapi.h (include Windows.h)|1.LPSECURITY_ATTRIBUTES lpMutexAttributes<br>2.BOOL bInitialOwner<br>3.LPCSTR lpName|**Success**:a handle to the newly created mutex object<br>**Fail**:Null|Mutexを作成|
 |[GetModuleFileName](https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getmodulefilenamea)<br>kernel32/libloaderapi.h (include Windows.h)|1. HMODULE hModule<br>2. LPSTR lpFilenam<br>3. DWORD nSize|**Success**:the length of the string that is copied to the buffer, in characters, not including the terminating null character<br>**Fail**:zero|現在のプロセスにロードされている特定のモジュールの完全修飾パスを取得,hModuleがNullの場合現在のプロセスの実行ファイルのパスを取得|
+|[GetUserName](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getusernamea)<br>Advapi32.dll/winbase.h (include Windows.h)|1. LPSTR lpBuffer<br>2. LPDWORD pcbBuffer|**Success**:a nonzero value<br>**Fail**:zero|現在のスレッドのユーザ名を取得|
+