diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md
index 71f0c24..e446b58 100644
--- a/malware-analysis_ref_and_memo.md
+++ b/malware-analysis_ref_and_memo.md
@@ -543,6 +543,8 @@ Injecition/Hollowingされたプロセスの自動検出
|[InitializeListHead](https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-initializelisthead)
wdm.h (include Wdm.h, Ntddk.h, Ntifs.h, Wudfwdm.h)|PLIST_ENTRY ListHead|-|LIST_ENTRY構造体の初期化|
|[CreateMutex](https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-createmutexa)
kernel32/synchapi.h (include Windows.h)|1.LPSECURITY_ATTRIBUTES lpMutexAttributes
2.BOOL bInitialOwner
3.LPCSTR lpName|**Success**:a handle to the newly created mutex object
**Fail**:Null|Mutexを作成|
|[GetModuleFileName](https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getmodulefilenamea)
kernel32/libloaderapi.h (include Windows.h)|1. HMODULE hModule
2. LPSTR lpFilenam
3. DWORD nSize|**Success**:the length of the string that is copied to the buffer, in characters, not including the terminating null character
**Fail**:zero|現在のプロセスにロードされている特定のモジュールの完全修飾パスを取得,hModuleがNullの場合現在のプロセスの実行ファイルのパスを取得|
+|[GetUserName](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getusernamea)
Advapi32.dll/winbase.h (include Windows.h)|1. LPSTR lpBuffer
2. LPDWORD pcbBuffer|**Success**:a nonzero value
**Fail**:zero|現在のスレッドのユーザ名を取得|
+