RegCreateKeyExW, CryptReleaseContext, CryptGenRandom, DuplicateTokenEx, LookupAccountNameW, EqualSid, SetSecurityInfo, GetSecurityDescriptorSacl, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, MakeAbsoluteSD, ConvertStringSidToSidW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, GetSecurityInfo, AddAccessAllowedAce, InitializeAcl, GetAce, ImpersonateNamedPipeClient, ImpersonateLoggedOnUser, RevertToSelf, OpenThreadToken, GetTokenInformation, RegEnumValueW, CryptAcquireContextW, RegDeleteValueW, RegSetValueExW, RegOpenKeyExW, RegEnumKeyW, RegCloseKey, RegQueryValueExW, SetKernelObjectSecurity, CreateProcessAsUserW, ConvertSidToStringSidW, RegOverridePredefKey, AddAce, GetLengthSid, CopySid, QueryServiceStatus, SetTokenInformation, AllocateAndInitializeSid, AddAccessDeniedAce, FreeSid, CreateRestrictedToken, GetSidIdentifierAuthority, GetSidSubAuthority, GetSidSubAuthorityCount, GetSecurityDescriptorDacl, RegCreateKeyW, RegFlushKey

GetPixel

GetFileSize, GetShortPathNameW, WideCharToMultiByte, ReleaseSemaphore, CreateSemaphoreW, CompareStringA, CompareStringW, SearchPathW, VirtualAlloc, CopyFileW, GetCurrentDirectoryW, VirtualFree, OutputDebugStringW, MultiByteToWideChar, MoveFileExW, OpenEventW, FindClose, FindFirstFileW, GetEnvironmentVariableW, CreateDirectoryW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, GetEnvironmentStringsW, GetFileAttributesW, FreeLibrary, GetComputerNameW, LoadLibraryW, GetVersion, GlobalFree, GlobalAlloc, GlobalUnlock, GlobalLock, GlobalSize, VirtualQuery, OpenFileMappingW, InterlockedDecrement, InterlockedIncrement, IsDebuggerPresent, LocalFree, WaitNamedPipeW, SetFilePointerEx, CreateNamedPipeW, ConnectNamedPipe, GetSystemTime, DisconnectNamedPipe, FlushFileBuffers, WriteFile, SetThreadPriority, GetCurrentThread, GetThreadPriority, QueueUserWorkItem, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetCurrentThreadId, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, GetTickCount, OpenThread, GetProcessAffinityMask, FormatMessageW, lstrlenW, GetProcessHeap, HeapAlloc, SetFileTime, CreateFileW, DeleteFileW, CreateMutexW, SetEndOfFile, HeapDestroy, HeapCreate, SystemTimeToFileTime, QueueUserAPC, CompareFileTime, QueryPerformanceCounter, ReleaseMutex, ExitThread, GetLocalTime, QueryPerformanceFrequency, GetSystemTimeAsFileTime, UnhandledExceptionFilter, SetUnhandledExceptionFilter, lstrlenA, ReadFile, GetFileSizeEx, HeapFree, GetVersionExW, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetProcAddress, GetModuleHandleW, CreateEventW, InterlockedCompareExchange, CloseHandle, GetCurrentProcessId, ResumeThread, SetLastError, CreateProcessW, OpenProcess, GetCurrentProcess, DuplicateHandle, GetLastError, TerminateProcess, SetEvent, InterlockedExchange, ResetEvent, Sleep, WaitForSingleObject, WaitForMultipleObjects, WaitForSingleObjectEx, GetPrivateProfileIntW, GetLongPathNameW, VirtualProtect, ReadProcessMemory, GetExitCodeThread, GetLogicalDriveStringsW, CreateRemoteThread, SuspendThread, GetSystemDirectoryW, SwitchToThread, FindResourceW, EnumResourceNamesW, LoadLibraryExW, SizeofResource, LoadResource, LockResource, ExpandEnvironmentStringsW, WritePrivateProfileStringW, OpenMutexW, GetExitCodeProcess, SignalObjectAndWait, OpenSemaphoreW, CreateThread, IsBadReadPtr, LocalFileTimeToFileTime, FileTimeToSystemTime, LocalAlloc, GetDriveTypeW, ProcessIdToSessionId, SleepEx, SetCurrentDirectoryW, GetThreadContext, ExitProcess, GetConsoleWindow

DllMain

DllMain

ZwOpenMutant, ZwQueryVirtualMemory, ZwReadVirtualMemory, RtlGetVersion, ZwUnmapViewOfSection, ZwDuplicateObject, ZwCreateMutant, ZwDeviceIoControlFile, ZwOpenFile, ZwReleaseSemaphore, ZwMapViewOfSection, ZwCreateSection, ZwOpenEvent, ZwResetEvent, ZwYieldExecution, ZwClose, ZwCreateEvent, ZwQueryInformationThread, ZwDelayExecution, ZwOpenThread, ZwReleaseMutant, ZwWaitForSingleObject, ZwQueryFullAttributesFile, ZwSetInformationFile, ZwSetInformationThread, RtlInitUnicodeString, ZwCreateKey, ZwSetEvent, _wcsicmp, ZwQueryKey, ZwWaitForMultipleObjects, RtlUnwind, _allmul, memcpy, ZwQueryObject, ZwSignalAndWaitForSingleObject, ZwOpenKey, RtlFreeUnicodeString, ZwCreateFile, ZwQueryInformationFile, ZwSetValueKey, ZwQueryValueKey, ZwFlushBuffersFile, ZwWriteFile, RtlFormatCurrentUserKeyPath, ZwReadFile, _fltused, memset, ZwQueryInformationProcess, ZwCreateSemaphore, _snwprintf, NtQueryVirtualMemory, DllMain

CoCreateInstance, CoUninitialize, CoInitialize, OleRun, StringFromGUID2, CLSIDFromString

SHGetSpecialFolderPathW, CommandLineToArgvW, ShellExecuteExW, SHGetPathFromIDListW, SHEmptyRecycleBinA, SHEmptyRecycleBinW, SHFileOperationA, SHFileOperationW, ShellExecuteW

SHDeleteKeyW

wsprintfW, GetWindowThreadProcessId, CharLowerBuffW, MessageBoxW, RegisterWindowMessageW, CharLowerBuffA, CharUpperBuffA, CharUpperBuffW, CharUpperW, GetDesktopWindow, GetWindowRect, GetDC, ReleaseDC, EnumWindows, SendMessageTimeoutW, GetParent, IsWindowVisible, GetClassNameW, GetQueueStatus, TranslateMessage, DispatchMessageW, MsgWaitForMultipleObjects, PeekMessageW, GetThreadDesktop, CallNextHookEx, FindWindowW, GetShellWindow, SetWindowsHookExW, FindWindowA, SystemParametersInfoW, GetUserObjectInformationA, DefWindowProcW, SystemParametersInfoA, GetUserObjectInformationW, DefWindowProcA, SendMessageTimeoutA, OpenClipboard, CloseClipboard, EnumClipboardFormats, PostThreadMessageA, GetClipboardData, PostThreadMessageW, LoadImageA, PostMessageA, LoadImageW, PostMessageW, LoadCursorA, SetThreadDesktop, LoadCursorW, SendMessageW, LoadIconA, EnumDesktopWindows, LoadIconW, IsWindow, FindWindowExW, FindWindowExA, NotifyWinEvent, GetAsyncKeyState, OpenDesktopW, CloseDesktop, SendMessageA, AllowSetForegroundWindow, OpenInputDesktop

WSAConnect