RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, OpenThreadToken, DuplicateTokenEx, LookupAccountNameW, SetKernelObjectSecurity, GetAce, GetSecurityInfo, InitializeAcl, EqualSid, GetTokenInformation, AddAccessAllowedAce, LookupPrivilegeValueW, AdjustTokenPrivileges, OpenProcessToken, ConvertStringSidToSidW, MakeAbsoluteSD, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, RevertToSelf, RegCloseKey, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, ConvertSidToStringSidW, CryptAcquireContextW, CryptGenRandom, CryptReleaseContext

GetPixel

InitializeCriticalSection, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, EnterCriticalSection, ReadProcessMemory, GetModuleFileNameW, GetEnvironmentStringsW, SetEnvironmentVariableW, QueueUserWorkItem, DeleteCriticalSection, LoadLibraryExW, CreateRemoteThread, GetWindowsDirectoryW, GetTempPathW, CreateDirectoryW, Sleep, GetTickCount, CreateMutexW, SetLastError, ProcessIdToSessionId, WaitForSingleObject, GetCurrentProcessId, CreateToolhelp32Snapshot, Process32FirstW, PulseEvent, OpenProcess, GetModuleHandleW, GetProcAddress, Process32NextW, TerminateProcess, GetLastError, CreateProcessW, CreateEventW, InterlockedCompareExchange, CloseHandle, CreateNamedPipeW, GetProcessTimes, LoadLibraryW, GetVersion, DuplicateHandle, GetCurrentProcess, FreeLibrary, FindFirstFileW, FindClose, SetEvent, ResetEvent, GetCurrentThreadId, IsBadCodePtr, GetCommandLineW, OpenMutexW, InterlockedExchange, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, WaitForMultipleObjects, GetThreadPriority, GetCurrentThread, SetThreadPriority, FlushFileBuffers, DisconnectNamedPipe, ConnectNamedPipe, GetComputerNameW, GetShortPathNameW, GetFileSize, GlobalUnlock, GlobalAlloc, OpenFileMappingW, VirtualQuery, GlobalSize, GlobalLock, CopyFileW, VirtualAlloc, VirtualFree, GetCurrentDirectoryW, OutputDebugStringW, WideCharToMultiByte, GlobalDeleteAtom, GlobalAddAtomW, ResumeThread, SuspendThread, ReleaseMutex, GetFileSizeEx, GetLongPathNameW, HeapDestroy, HeapCreate, HeapAlloc, HeapFree, GetSystemDirectoryW, SwitchToThread, QueryPerformanceFrequency, WaitForSingleObjectEx, SetEndOfFile, MoveFileExW, WriteProcessMemory, QueueUserAPC, SetFilePointerEx, CompareFileTime, ExitThread, GetLocalTime, DeleteFileW, LocalAlloc, LoadLibraryA, RaiseException, GetPrivateProfileStringW, GetPrivateProfileIntW, GetSystemTimeAsFileTime, lstrcmpiA, GetVersionExW, VirtualProtect, FormatMessageW, lstrcmpA, SystemTimeToFileTime, GetSystemTime, IsBadWritePtr, IsBadReadPtr, VerLanguageNameW, lstrcpynW, InterlockedIncrement, InterlockedDecrement, OpenEventW, GetEnvironmentVariableW, OpenThread, GetProcessAffinityMask, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, GlobalFree, CreateFileW, WaitNamedPipeW, WriteFile, ReadFile, MultiByteToWideChar, CompareStringA, CompareStringW, GetFileAttributesW, SearchPathW, LocalFree, LeaveCriticalSection, CreateThread, GetExitCodeThread

DllMain

DllMain

ZwQuerySymbolicLinkObject, ZwQueryFullAttributesFile, ZwOpenSection, ZwMapViewOfSection, ZwAreMappedFilesTheSame, ZwUnmapViewOfSection, RtlNtStatusToDosError, ZwSetInformationFile, RtlAcquirePebLock, RtlReleasePebLock, ZwProtectVirtualMemory, ZwAllocateVirtualMemory, ZwWriteVirtualMemory, ZwWaitForSingleObject, ZwQueryInformationThread, ZwDelayExecution, ZwYieldExecution, ZwOpenSymbolicLinkObject, ZwOpenDirectoryObject, RtlInitUnicodeString, RtlImageDirectoryEntryToData, RtlGetVersion, ZwResetEvent, ZwReleaseMutant, ZwCreateMutant, ZwQueryVirtualMemory, ZwReadVirtualMemory, ZwFlushInstructionCache, ZwCreateKey, ZwWaitForMultipleObjects, ZwOpenKey, RtlFreeUnicodeString, ZwOpenFile, ZwCreateFile, ZwQueryInformationFile, ZwQueryValueKey, ZwSetValueKey, ZwFlushBuffersFile, ZwQueryInformationToken, ZwSetInformationProcess, ZwSetEvent, ZwQueryInformationProcess, NtSuspendProcess, ZwAccessCheckByType, ZwDuplicateObject, ZwWriteFile, RtlFormatCurrentUserKeyPath, ZwReadFile, ZwQueryKey, ZwCreateEvent, ZwOpenEvent, ZwClose, ZwOpenMutant, ZwOpenThread

CoInitialize, CoUninitialize

MessageBoxW, ReleaseDC, GetDC, GetWindowRect, wsprintfW, CharLowerW, FindWindowW, GetWindowThreadProcessId, CharLowerBuffW, FindWindowExW, FindWindowExA, GetClassNameW, GetClassInfoW, FindWindowA, CharUpperBuffW, CharUpperBuffA, CharLowerBuffA, SetWindowLongW, CreateWindowExW, RegisterClassW, PostMessageW, SendMessageTimeoutW, FreeDDElParam, UnpackDDElParam, DefWindowProcW, GetWindowLongW, DestroyWindow, GetWindowTextW, EnumThreadWindows, GetQueueStatus, GetMessageW, PostThreadMessageW, RegisterWindowMessageW, OpenInputDesktop, SetThreadDesktop, GetThreadDesktop, OpenDesktopW, PeekMessageW, TranslateMessage, DispatchMessageW, MsgWaitForMultipleObjects, CallNextHookEx, IsWindow, DdeQueryStringW, DdeGetData, DdeCreateDataHandle, DdeInitializeW, DdeCreateStringHandleW, DdeNameService, DdeGetLastError, SetWindowsHookExW, UnhookWindowsHookEx, DdeFreeStringHandle, DdeUninitialize, AllowSetForegroundWindow, SendMessageW, CharUpperW, GetUserObjectInformationW, GetDesktopWindow, CloseDesktop, LoadStringW

WinVerifyTrust, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext, CryptCATAdminReleaseCatalogContext, CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminAcquireContext, CryptCATAdminCalcHashFromFileHandle