Import table
advapi32.dll
GetLengthSid, CheckTokenMembership, AllocateAndInitializeSid, DuplicateToken, OpenProcessToken, RegGetValueW, CopySid, IsValidSid, FreeSid, ConvertSidToStringSidW, RegQueryValueExW, ImpersonateLoggedOnUser, CreateProcessAsUserW, RevertToSelf, GetTokenInformation, TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegOpenKeyExW
kernel32.dll
InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnmapViewOfFile, CloseHandle, CreateProcessW, SetEvent, GetLastError, MapViewOfFile, CreateMutexW, Wow64RevertWow64FsRedirection, GetSystemDirectoryW, Wow64DisableWow64FsRedirection, IsWow64Process, GlobalFree, GetCommandLineW, HeapSetInformation, GetApplicationRecoveryCallback, DeleteFileW, OpenProcess, GetSystemDefaultLCID, InterlockedIncrement, lstrlenW, InterlockedDecrement, CreateEventW, LocalFree, OutputDebugStringA, GetProcAddress, GetModuleHandleW, OpenMutexW, ReadProcessMemory, UnhandledExceptionFilter, WaitForSingleObject, LoadLibraryExW, FreeLibrary, OpenFileMappingW, ClosePrivateNamespace, CreateFileMappingW, GetProcessHeap, HeapAlloc, OpenPrivateNamespaceW, HeapFree
msvcrt.dll
DllMain
ntdll.dll
NtQueryInformationToken, RtlFreeSid, NtClose, NtAlpcConnectPort, RtlAllocateAndInitializeSid, RtlInitUnicodeString, NtQueryInformationProcess, RtlDeleteBoundaryDescriptor, RtlAddSIDToBoundaryDescriptor, RtlImageNtHeaderEx, RtlCreateBoundaryDescriptor, RtlCreateServiceSid, NtAlpcSendWaitReceivePort
ole32.dll
StringFromGUID2, CoInitialize, CoCreateInstance, CoCreateGuid, CoInitializeEx, CoUninitialize, CoRegisterClassObject, CoRevokeClassObject
shell32.dll
CommandLineToArgvW, ShellExecuteExW
user32.dll
CloseDesktop, CloseWindowStation, GetUserObjectInformationW, GetThreadDesktop, GetProcessWindowStation
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
wer.dll
WerReportCloseHandle, WerpSetReportInformation, WerpAddRegisteredDataToReport, WerpSetCallBack, WerReportAddDump, WerpEnumerateStoreStart, WerpEnumerateStoreNext, WerpGetCustomerWatsonData, WerReportCreate, WerReportSetParameter, WerReportSubmit, WerpGetResponseId, WerpSetCustomerWatsonData, WerpGetReportInformation, WerpOpenMachineQueue, WerpSubmitReportFromStore, WerpOpenUserQueue, WerpCloseStore, WerpShowNXNotification, WerpIsTransportAvailable, WerpLoadReport, WerpGetReportType
wevtapi.dll
EvtNext, EvtClose, EvtRender, EvtCreateRenderContext, EvtQuery
