Import table
advapi32.dll
IsValidSid, GetNamedSecurityInfoW, SetNamedSecurityInfoW, RegEnumKeyW, RegCreateKeyW, CreateProcessAsUserW, RegOpenKeyW, ConvertStringSidToSidW, QueryServiceStatusEx, ImpersonateLoggedOnUser, RevertToSelf, QueryServiceStatus, LookupAccountSidW, CryptDecrypt, CryptDeriveKey, CryptSignHashW, CryptAcquireContextW, SetEntriesInAclW, CryptGetProvParam, CryptHashData, GetSecurityDescriptorDacl, CryptGetHashParam, CryptVerifySignatureW, CryptCreateHash, CryptSetProvParam, CryptGetUserKey, CryptDestroyKey, CryptReleaseContext, CryptEncrypt, CryptGenKey, CryptDestroyHash, RegEnumValueW, RegDeleteValueA, AddAccessAllowedAce, GetSecurityDescriptorControl, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherW, CopySid, CloseServiceHandle, ControlService, CreateServiceW, SetSecurityDescriptorOwner, GetLengthSid, UnlockServiceDatabase, LockServiceDatabase, LookupAccountNameW, OpenSCManagerW, QueryServiceConfig2W, SetServiceStatus, GetAce, SetSecurityInfo, StartServiceW, RegDeleteValueW, RegQueryInfoKeyW, AddAce, DeleteService, ChangeServiceConfig2W, RegDeleteKeyW, InitializeAcl, RegisterServiceCtrlHandlerExW, GetAclInformation, OpenServiceW, OpenThreadToken, RegSetValueExW, RegEnumKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorGroup, RegCreateKeyExW, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExW, FreeSid, EqualSid, RegQueryValueExW, AllocateAndInitializeSid, RegCloseKey, OpenProcessToken, AdjustTokenPrivileges, GetTokenInformation, LookupPrivilegeValueW
kernel32.dll
DllMain
ole32.dll
CoRevokeClassObject, CoRegisterClassObject, CoTaskMemAlloc, CoTaskMemRealloc, CoInitializeEx, StringFromCLSID, StringFromGUID2, CreateStreamOnHGlobal, CoGetClassObject, CoCreateGuid, CreateBindCtx, CoFreeUnusedLibraries, CoUninitialize, CoInitializeSecurity, CoInitialize, CoTaskMemFree, CLSIDFromString, CoCreateInstance
psapi.dll
EnumProcessModules, GetModuleBaseNameW, EnumProcesses
shell32.dll
SHGetSpecialFolderPathW, ShellExecuteW, SHGetFolderPathW
shlwapi.dll
SHRegCreateUSKeyW, SHSetValueW, SHDeleteValueW, SHDeleteKeyW, StrDupW, SHRegWriteUSValueW, SHRegCloseUSKey, SHGetValueW
urlmon.dll
MkParseDisplayNameEx
user32.dll
CharUpperW, MsgWaitForMultipleObjects, PostThreadMessageW, CharNextW, GetMessageW, TranslateMessage, KillTimer, RegisterWindowMessageW, SetTimer, UnregisterClassW, SetWindowLongW, CreateWindowExW, DefWindowProcW, GetSystemMetrics, RegisterClassW, LoadStringW, PeekMessageW, wsprintfW, DispatchMessageW, DestroyWindow, PostMessageW, PostQuitMessage, MessageBoxW, RegisterClassExW, GetWindowLongW, UnregisterClassA
wintrust.dll
WinVerifyTrust
wtsapi32.dll
WTSEnumerateSessionsW, WTSFreeMemory
