Import table
advapi32.dll
OpenProcessToken, RegOpenKeyExA, RegQueryValueExA, RegEnumKeyExW, RegReplaceKeyW, OpenThreadToken, DuplicateTokenEx, LookupPrivilegeValueW, AdjustTokenPrivileges, RegEnumValueW, RegLoadKeyW, RegUnLoadKeyW, RegDeleteKeyW, RegSaveKeyExW, SetThreadToken, InitializeAcl, AddAccessAllowedAce, CheckTokenMembership, ReportEventW, RegCreateKeyExW, GetNamedSecurityInfoW, GetAclInformation, GetAce, EqualSid, SetNamedSecurityInfoW, AllocateAndInitializeSid, SetEntriesInAclW, SetSecurityInfo, LsaQueryInformationPolicy, LsaOpenPolicy, LsaClose, QueryServiceConfigW, ChangeServiceConfigW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetFileSecurityW, FreeSid, OpenSCManagerW, OpenServiceW, CloseServiceHandle, StartServiceA, RegSetValueExW, RegisterIdleTask, UnregisterIdleTask, RegDeleteValueW, RegOpenKeyW, RegQueryValueExW, RegisterServiceCtrlHandlerW, RegOpenKeyExW, RegCloseKey, SetServiceStatus, OpenEncryptedFileRawW, ReadEncryptedFileRaw, CloseEncryptedFileRaw, WriteEncryptedFileRaw, RegisterEventSourceW, DeregisterEventSource
kernel32.dll
WaitForSingleObject, FindClose, FindNextFileW, CreateDirectoryW, GetEnvironmentVariableW, SetEnvironmentVariableW, QueryDosDeviceW, HeapDestroy, HeapCreate, DuplicateHandle, lstrcmpW, FindFirstFileW, BackupRead, BackupWrite, SetFileTime, GetFileTime, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, QueryPerformanceCounter, GetSystemPowerStatus, GetFileAttributesW, GetCurrentThreadId, lstrlenW, BindIoCompletionCallback, lstrcpyW, LoadLibraryW, UnregisterWaitEx, FreeLibrary, QueueUserWorkItem, GetSystemTimeAsFileTime, GetTickCount, DeleteTimerQueueEx, CreateTimerQueue, CreateTimerQueueTimer, GetDiskFreeSpaceExW, GetDriveTypeW, CreateFileW, ExpandEnvironmentStringsW, lstrcatW, SetFileAttributesW, lstrcmpiW, CopyFileW, lstrcpynW, HeapFree, GetProcessHeap, HeapAlloc, RegisterWaitForSingleObject, DisableThreadLibraryCalls, InterlockedDecrement, SetEvent, InterlockedIncrement, ResetEvent, CloseHandle, CreateEventW, GetLastError, SetFilePointer, GetTempFileNameW, DeviceIoControl, GetLongPathNameW, GetWindowsDirectoryW, GetVolumeNameForVolumeMountPointW, CreateThread, GetCurrentThread, WriteFile, GetProcAddress, GetCompressedFileSizeW, FindFirstVolumeW, FindNextVolumeW, FindVolumeClose, FlushFileBuffers, GetFileSize, GetVolumePathNamesForVolumeNameW, SetLastError, ReadFile, ReleaseMutex, OpenMutexW, CreateMutexW, RemoveDirectoryW, MoveFileW, GetVolumeInformationW, GetSystemDirectoryW, LoadLibraryExW, FormatMessageW, DeleteFileW, OpenEventW, LocalAlloc, LocalFree, GetComputerNameW
msvcrt.dll
DllMain
ntdll.dll
NtDeviceIoControlFile, NtQueryObject, NtWaitForSingleObject, NtClose, NtCreateEvent, RtlInitUnicodeString, NtCreateFile, RtlNtStatusToDosError
ole32.dll
CoInitializeEx, CoSetProxyBlanket, CoUninitialize, CoCreateInstance, StringFromGUID2, CoInitialize
powrprof.dll
GetCurrentPowerPolicies
rpcrt4.dll
UuidCreate, RpcRevertToSelf, RpcImpersonateClient, NdrServerCall2, RpcBindingInqAuthClientW, RpcServerRegisterAuthInfoW, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, I_RpcBindingIsClientLocal, RpcServerUnregisterIf
shell32.dll
SHGetSpecialFolderPathW
shlwapi.dll
PathCombineW
user32.dll
GetThreadDesktop, SetProcessWindowStation, GetDesktopWindow, GetSystemMetrics, OpenDesktopW, GetProcessWindowStation, OpenWindowStationW, CharUpperW, LoadStringW, PostMessageW, SetThreadDesktop, RegisterWindowMessageW, CloseDesktop, CloseWindowStation, wsprintfW
Export table
DllMain
ServiceMain