| | System call | In-degree centrality |
| | NtClose | 46 |
| | NtAlpcSendWaitReceivePort | 23 |
| | NtAlpcConnectPort | 7 |
| | NtReleaseMutant | 5 |
| | NtAllocateVirtualMemory | 4 |
| | NtDuplicateObject, NtAlertThread, NtOpenThreadToken, NtQueryValueKey, NtUnmapViewOfSection, NtOpenKeyEx, NtCreateTimer, and NtQueryInformationProcess | 3 |
| | NtQueryKey, NtSetEvent, NtOpenProcessToken, NtCreateEvent, NtQueryVirtualMemory, NtTestAlert, NtCreateThreadEx, NtDeviceIoControlFile, NtOpenProcessTokenEx, NtAlpcDeleteSecurityContext, NtResumeThread, NtCreateFile, NtWaitForSingleObject, NtAlpcSetInformation, NtCreateMutant, NtWaitForMultipleObjects, and NtOpenKey | 2 |
| | NtCreateWorkerFactory, NtCreateKeyedEvent, NtOpenProcess, NtAccessCheckByType, NtSetValueKey, NtOpenEvent, NtSetInformationFile, NtCreateKey, NtOpenSection, NtAccessCheck, NtSetInformationThread, NtMapViewOfSection, NtCreateIoCompletion, NtDelayExecution, NtWaitForKeyedEvent, NtGetMUIRegistryInfo, NtFreeVirtualMemory, NtWaitForWorkViaWorkerFactory, NtQuerySystemInformation, NtEnumerateKey, NtEnumerateValueKey, NtOpenFile, NtMapCMFModule, NtQuerySystemInformationEx, NtQueryDefaultLocale, NtRequestPort, NtRequestWaitReplyPort, NtQueryAttributesFile, NtConnectPort, NtProtectVirtualMemory, NtWorkerFactoryWorkerReady, NtNotifyChangeKey, NtCreateSection, NtQueryInformationFile, NtAlpcCreatePort, NtSetInformationProcess, NtSetTimer, and NtTraceControl | 1 |
|
|
