RegCreateKeyExW, AdjustTokenPrivileges, OpenProcessToken, ConvertStringSidToSidW, MakeAbsoluteSD, InitializeSecurityDescriptor, CryptAcquireContextW, GetSecurityInfo, AddAccessAllowedAce, InitializeAcl, GetAce, SetKernelObjectSecurity, GetTokenInformation, DuplicateTokenEx, LookupAccountNameW, OpenThreadToken, EqualSid, SetSecurityInfo, GetSecurityDescriptorSacl, SetSecurityDescriptorDacl, CryptGenRandom, CryptReleaseContext, LookupPrivilegeValueW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegSetValueExW, RegDeleteValueW, RegEnumValueW

GetPixel

_IswGetModuleByPtr@24, _IswIpcConnect@4

TlsAlloc, GetProcessAffinityMask, OutputDebugStringW, HeapFree, SwitchToThread, WaitForSingleObjectEx, SetEndOfFile, GetFileSizeEx, SystemTimeToFileTime, CreateToolhelp32Snapshot, Thread32First, OpenThread, GetThreadTimes, Thread32Next, CloseHandle, Sleep, GetThreadContext, GetLastError, CreateMutexW, CreateEventW, SetLastError, CreateFileMappingW, MapViewOfFile, GetCurrentProcessId, CreateProcessW, GetCommandLineW, WaitForSingleObject, TerminateProcess, GetCurrentThreadId, SetUnhandledExceptionFilter, LoadLibraryW, UnhandledExceptionFilter, GetTickCount, GetThreadPriority, UnmapViewOfFile, GetCurrentThread, SetThreadPriority, SetEvent, WaitForMultipleObjects, CreateFileW, GetFileType, TlsFree, GetFileSize, SetFilePointer, ReadFile, FindClose, DeleteFileW, FindFirstFileW, GetSystemTimeAsFileTime, MoveFileW, GetComputerNameW, GetEnvironmentVariableW, GetLocalTime, ReadProcessMemory, FindNextFileW, GetExitCodeProcess, OpenProcess, GetModuleHandleW, FreeLibrary, InterlockedCompareExchange, VirtualQueryEx, SearchPathW, InterlockedExchange, GetCurrentProcess, IsDebuggerPresent, QueryPerformanceCounter, LocalAlloc, LocalFree, GetProcAddress, LoadLibraryA, RaiseException, HeapCreate, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, QueueUserWorkItem, GetModuleFileNameW, MultiByteToWideChar, GetFileAttributesW, GetShortPathNameW, InterlockedIncrement, TlsGetValue, WriteFile, TlsSetValue, HeapDestroy, VirtualProtect, WideCharToMultiByte, GetExitCodeThread, CreateThread, LoadLibraryExW, FlushFileBuffers, CopyFileW, GetCurrentDirectoryW, HeapAlloc, VirtualFree, VirtualAlloc, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, GetEnvironmentStringsW, RemoveDirectoryW, SetFileAttributesW, InterlockedDecrement, CreateDirectoryW, GetVersion, QueryPerformanceFrequency, ReleaseMutex, DuplicateHandle, ExitThread, CompareFileTime, SetFilePointerEx, QueueUserAPC, GetSystemTime, MoveFileExW

DllMain

DllMain

RtlInitUnicodeString, RtlReleasePebLock, RtlAcquirePebLock, ZwQueryKey, RtlGetVersion, ZwQueryVirtualMemory, ZwResetEvent, ZwDelayExecution, ZwOpenThread, ZwYieldExecution, ZwClose, ZwCreateEvent, ZwCreateMutant, ZwSetInformationFile, ZwQueryInformationProcess, ZwOpenMutant, ZwOpenFile, ZwQueryInformationFile, ZwQueryValueKey, ZwSetValueKey, ZwFlushBuffersFile, ZwWriteFile, ZwReadFile, RtlFormatCurrentUserKeyPath, ZwCreateKey, ZwQueryFullAttributesFile, ZwWaitForMultipleObjects, RtlFreeUnicodeString, ZwOpenKey, ZwSetEvent, ZwReleaseMutant, ZwWaitForSingleObject, ZwQueryInformationThread, ZwCreateFile

CoInitialize, CoUninitialize

SHGetSpecialFolderPathW, CommandLineToArgvW

GetWindowThreadProcessId, IsWindowVisible, wsprintfW, SendMessageTimeoutW, EnumChildWindows, CharLowerBuffW, RegisterWindowMessageW, EnumWindows, PeekMessageW, TranslateMessage, DispatchMessageW, MsgWaitForMultipleObjects, GetMessageW, GetQueueStatus, EnumThreadWindows, GetClassNameW, GetWindowTextW, DestroyWindow, PostThreadMessageW, GetDesktopWindow, GetWindowRect, GetDC, ReleaseDC, MessageBoxW, LoadStringW, GetWindowLongW, DefWindowProcW, RegisterClassW, CreateWindowExW, SetWindowLongW, RegisterHotKey, UnregisterHotKey, PostMessageW, CharLowerBuffA, CharUpperBuffA, CharUpperBuffW, GetUserObjectInformationW, FindWindowExW, CloseDesktop, OpenDesktopW, GetThreadDesktop, SetThreadDesktop, OpenInputDesktop