GetCurrentHwProfileW, OpenThreadToken, GetTokenInformation, CheckTokenMembership, LookupAccountSidW, RegDeleteValueW, RegEnumValueW, AddAccessAllowedAce, AddAccessAllowedAceEx, InitializeAcl, GetLengthSid, GetAce, GetSecurityInfo, SetSecurityInfo, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, QueryServiceStatus, QueryServiceConfigW, RegDeleteKeyW, DuplicateTokenEx, GetUserNameW, RegEnumKeyExW, RegQueryInfoKeyW, SetServiceStatus, RegisterServiceCtrlHandlerExW, CreateServiceW, ChangeServiceConfig2W, ChangeServiceConfigW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, RegCloseKey, OpenSCManagerW, OpenServiceW, CloseServiceHandle, DeleteService, ImpersonateLoggedOnUser, RevertToSelf, EqualSid, CreateProcessAsUserW, OpenProcessToken, AllocateAndInitializeSid, FreeSid

FreeLibraryAndExitThread, Sleep, OpenEventW, GetCurrentThreadId, GetCurrentProcessId, CreateThread, LoadLibraryW, lstrcpynW, lstrcatW, GetSystemDirectoryW, FormatMessageW, GetTickCount, ActivateActCtx, DeactivateActCtx, CreateActCtxW, ReleaseActCtx, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, SetLastError, GetLastError, GetCurrentThread, RegisterWaitForSingleObject, UnregisterWait, ResetEvent, SetEvent, QueueUserWorkItem, InterlockedExchange, GetModuleHandleW, CreateEventW, InterlockedIncrement, InterlockedDecrement, CreateFileW, GetVolumeNameForVolumeMountPointW, DeviceIoControl, VirtualFreeEx, VirtualAllocEx, QueueUserAPC, FindClose, FindFirstFileW, GetVolumePathNamesForVolumeNameW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetFileAttributesW, GetVolumeInformationW, FlushFileBuffers, lstrlenA, GetModuleFileNameW, LocalFileTimeToFileTime, SystemTimeToFileTime, GetLocalTime, SetFilePointer, GetWindowsDirectoryW, WriteFile, SetThreadPriority, GetSystemTimeAsFileTime, GetExitCodeThread, GetExitCodeProcess, WaitForSingleObject, WaitForMultipleObjects, TerminateProcess, GetCurrentProcess, DuplicateHandle, ReadProcessMemory, LocalAlloc, LocalFree, ExitProcess, lstrcmpW, WriteProcessMemory, OpenProcess, CloseHandle, lstrlenW, lstrcpyW, lstrcmpiW, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, UnhandledExceptionFilter, DelayLoadFailureHook, QueryPerformanceCounter, UnmapViewOfFile, SetUnhandledExceptionFilter, ResumeThread

DllMain

NtFilterToken, RtlUnhandledExceptionFilter, NtReplyPort, NtOpenThread, NtOpenThreadToken, NtOpenProcessToken, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCompleteConnectPort, NtCreatePort, NtDuplicateToken, NtSetInformationThread, NtClose, RtlDeleteCriticalSection, RtlInitializeCriticalSection, RtlAllocateAndInitializeSid, RtlFreeSid, RtlNtStatusToDosError, NtQueryVolumeInformationFile, NtOpenEvent, NtCreateEvent, NtQuerySystemInformation, RtlImageNtHeader, NtQueryInformationToken, RtlCreateUserThread, NtQueryInformationProcess, NtRequestWaitReplyPort, RtlInitUnicodeString, NtConnectPort, NtOpenProcess

StrCmpNW, PathAppendW, SHGetValueW, PathFindFileNameW

SetTimer, UnregisterUserApiHook, CloseDesktop, SetThreadDesktop, DialogBoxParamW, GetThreadDesktop, RegisterDeviceNotificationW, UnregisterDeviceNotification, GetDlgItem, SendMessageW, KillTimer, GetDlgItemTextW, SetDlgItemTextW, GetWindowRect, GetSystemMetrics, OpenInputDesktop, PostMessageW, IsWindowVisible, PostThreadMessageW, SetWindowPos, GetWindowThreadProcessId, wsprintfW, UnregisterClassW, EnumWindows, DestroyWindow, SetWindowLongW, DefWindowProcW, GetWindowLongW, DispatchMessageW, TranslateMessage, PeekMessageW, MsgWaitForMultipleObjects, CreateWindowExW, RegisterClassExW, MessageBoxW, LoadStringW, SetForegroundWindow, EndDialog