Import table
advapi32.dll
CreateProcessAsUserW, GetLengthSid, SetTokenInformation, AllocateAndInitializeSid, DuplicateTokenEx, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptAcquireContextW, IsValidSid, GetAce, GetAclInformation, GetSecurityDescriptorSacl, GetNamedSecurityInfoW, RegQueryValueExW, RegSetValueExW, RegDeleteValueW, RegOpenKeyExW, RegCreateKeyExW, RegEnumKeyExW, RegEnumValueW, RegCloseKey, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, OpenProcessToken, FreeSid
crypt32.dll
CertCloseStore, CryptMsgClose, CertFindCertificateInStore, CryptMsgGetParam, CryptQueryObject, CertFreeCertificateContext
kernel32.dll
DllMain
ole32.dll
CLSIDFromString, CoGetCurrentLogicalThreadId, CoUnmarshalInterface, CreateStreamOnHGlobal, CoMarshalInterface, CoReleaseMarshalData, CoInitialize, CLSIDFromProgID, CoCreateInstance, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc
rpcrt4.dll
NdrDllGetClassObject, NdrCStdStubBuffer2_Release, NdrDllCanUnloadNow, NdrCStdStubBuffer_Release, NdrStubCall2, NdrStubForwardingFunction, CStdStubBuffer_Connect, CStdStubBuffer_Invoke, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_Disconnect, CStdStubBuffer_DebugServerRelease, IUnknown_AddRef_Proxy, CStdStubBuffer_QueryInterface, CStdStubBuffer_DebugServerQueryInterface, IUnknown_Release_Proxy, CStdStubBuffer_CountRefs, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, CStdStubBuffer_AddRef, NdrAsyncClientCall, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, RpcServerRegisterIfEx, RpcServerUnregisterIf, RpcAsyncAbortCall, RpcServerUseProtseqEpW, RpcStringFreeW, RpcBindingFree, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrAsyncServerCall
setupapi.dll
SetupDecompressOrCopyFileW, SetupGetFileCompressionInfoW
shlwapi.dll
StrChrW, PathFindFileNameW, StrRChrW, SHDeleteKeyW, PathAppendW, StrRetToBufW, PathRenameExtensionW, PathRemoveFileSpecW
user32.dll
MessageBoxW, GetWindowLongW, SetWindowLongW, CallWindowProcW, wsprintfW, DefWindowProcW, GetWindow, GetParent, IsWindow, GetWindowThreadProcessId, GetWindowRect, LoadCursorW, DestroyWindow, DispatchMessageW, TranslateMessage, MsgWaitForMultipleObjectsEx, CallMsgFilterW, PostQuitMessage, PeekMessageW, GetClassInfoExW, RegisterClassExW, PostMessageW, LoadImageW, IsChild, GetActiveWindow, FindWindowExW, UnregisterClassA, KillTimer, SetTimer, CreateWindowExW, IsRectEmpty, MapWindowPoints, SetForegroundWindow, SetParent, SendMessageW, SetWindowPos
userenv.dll
UnloadUserProfile
version.dll
GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
wininet.dll
InternetCrackUrlW
wintrust.dll
WinVerifyTrust
Export table
DllCanUnloadNow
DllGetClassObject
