Import table
advapi32.dll
CryptDestroyHash, CryptDestroyKey, MakeAbsoluteSD, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, SetServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateServiceW, DeleteService, ControlService, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetThreadToken, GetTokenInformation, OpenThreadToken, CheckTokenMembership, CryptSetProvParam, CryptGetUserKey, AllocateAndInitializeSid, GetLengthSid, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck, FreeSid, OpenProcessToken, InitializeSecurityDescriptor, InitializeAcl, AddAccessAllowedAce, RegNotifyChangeKeyValue, CryptGetProvParam, CryptGetKeyParam, CryptDeriveKey, CryptVerifySignatureW, CryptSignHashW, CredWriteDomainCredentialsW, CredReadW, CreateProcessAsUserW, CryptImportKey, CryptExportKey, EqualSid, GetSidSubAuthorityCount, GetSidLengthRequired, GetSidIdentifierAuthority, InitializeSid, GetSidSubAuthority, IsValidSid, RegQueryValueExA, RegEnumValueA, CryptCreateHash, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptAcquireContextA, CryptGenKey, CryptContextAddRef, RegEnumValueW, ImpersonateSelf, CredWriteW, CredDeleteW, CredEnumerateW, CredFree, CryptDecrypt, CryptDuplicateKey, CryptEncrypt, RegOpenCurrentUser, ConvertSidToStringSidW, DuplicateToken, ImpersonateLoggedOnUser, SetTokenInformation, RevertToSelf, CryptGenRandom, CryptReleaseContext, CryptAcquireContextW
crypt32.dll
CryptAcquireCertificatePrivateKey, CertEnumCertificatesInStore, CertCompareCertificate, CryptUnprotectData, CryptExportPublicKeyInfo, CryptEncodeObjectEx, CryptSignAndEncodeCertificate, CertGetCertificateChain, CertFreeCertificateChain, CryptSignMessage, CertGetNameStringA, CryptVerifyMessageSignature, CertVerifyCertificateChainPolicy, CryptImportPublicKeyInfo, CertSetCertificateContextProperty, CryptProtectData, CertGetIssuerCertificateFromStore, CertFreeCertificateContext, CertGetNameStringW, CertVerifySubjectCertificateContext, CertCreateCertificateContext, CertCloseStore, CertDeleteCertificateFromStore, CertFindCertificateInStore, CertOpenStore, CertAddCertificateContextToStore, CertGetCertificateContextProperty, CertDuplicateCertificateContext
iphlpapi.dll
NotifyAddrChange, CancelIPChangeNotify
kernel32.dll
DllMain, GetSystemDirectoryW, GetLastError, GetSystemTimeAsFileTime, SetEvent, GetModuleHandleW, GetProcAddress, LocalAlloc, LocalFree, DeviceIoControl, CloseHandle, OutputDebugStringW, GetFileSize, RegisterWaitForSingleObject, UnregisterWaitEx, GlobalAlloc, GlobalFree, WaitForMultipleObjects, LoadLibraryW, lstrcmpA, DeleteFileW, CopyFileW, CreateMutexW, GetVersionExW, GetUserDefaultUILanguage, GetSystemInfo, ReleaseMutex, CreateFileW, ResetEvent, GetSystemTime, GetComputerNameW, CreateProcessW, lstrlenA, SetEnvironmentVariableA, CompareStringW, CompareStringA, CreateFileA, GetTimeZoneInformation, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, FlushFileBuffers, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, InterlockedDecrement, GetLocalTime, TerminateProcess, GetDriveTypeA, GetCurrentDirectoryA, GetFullPathNameW, FindFirstFileW, GetDriveTypeW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, lstrlenW, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, GetLocaleInfoA, GetConsoleMode, GetConsoleCP, SetFilePointer, CreateTimerQueueTimer, CreateTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, GetCurrentThread, WideCharToMultiByte, GetCurrentProcess, GetProcessHandleCount, GetProcessHeap, HeapSetInformation, GetCommandLineW, LoadLibraryExW, MultiByteToWideChar, FreeLibrary, CreateEventW, CreateThread, GetCurrentThreadId, Sleep, GetModuleFileNameW, WaitForSingleObject, lstrcmpiW, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetStartupInfoW, RtlUnwind, SetUnhandledExceptionFilter, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, IsValidCodePage, UnhandledExceptionFilter, IsDebuggerPresent, VirtualAlloc, GetModuleHandleA, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, InterlockedIncrement
netapi32.dll
NetUserModalsGet, NetApiBufferFree
ole32.dll
CLSIDFromProgID, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemRealloc, CoUninitialize, CoInitializeEx, CoRevokeClassObject, CoRegisterClassObject, CoInitializeSecurity, CoTaskMemFree, CoSuspendClassObjects, StringFromGUID2, CoCreateInstance, CoResumeClassObjects, CoSetProxyBlanket, CoRevertToSelf, CoImpersonateClient, PropVariantClear
psapi.dll
GetProcessMemoryInfo
rpcrt4.dll
RpcServerRegisterIf, RpcServerListen, UuidToStringA, RpcStringFreeA, UuidToStringW, RpcStringFreeW, RpcServerUseProtseqEpW, RpcImpersonateClient, RpcRevertToSelf, I_RpcBindingInqLocalClientPID, RpcMgmtStopServerListening, NdrServerCall2, RpcServerUnregisterIf, UuidCreate
sensapi.dll
IsNetworkAlive
shell32.dll
SHCreateDirectoryExW, SHGetFolderPathW, SHGetSpecialFolderPathW
shlwapi.dll
PathFileExistsW, SHCopyKeyW, SHStrDupW, PathIsDirectoryW, PathCombineW, SHDeleteKeyW
sqmapi.dll
SqmSetAppId, SqmAddToStreamString, SqmIncrement, SqmSet, SqmGetSession, SqmReadSharedMachineId, SqmCreateNewId, SqmWriteSharedMachineId, SqmSetMachineId, SqmEndSession, SqmSetAppVersion, SqmStartUpload, SqmStartSession, SqmAddToStreamDWord
user32.dll
MessageBoxW, GetMessageW, DispatchMessageW, TranslateMessage, CharUpperW, PostThreadMessageW, CharNextW, LoadStringW
userenv.dll
CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
wer.dll
WerReportSubmit, WerReportCreate, WerReportCloseHandle, WerReportSetParameter, WerReportAddFile
winhttp.dll
WinHttpAddRequestHeaders, WinHttpQueryAuthSchemes, WinHttpSetStatusCallback, WinHttpCrackUrl, WinHttpCloseHandle, WinHttpSetOption, WinHttpOpen, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpCreateUrl, WinHttpConnect, WinHttpQueryHeaders, WinHttpReceiveResponse, WinHttpOpenRequest, WinHttpSendRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpSetTimeouts
winscard.dll
SCardFreeMemory, SCardListReadersW, SCardEstablishContext, SCardReleaseContext
wintrust.dll
WTHelperGetProvSignerFromChain, WTHelperProvDataFromStateData, WinVerifyTrustEx
ws2_32.dll
WSACreateEvent, WSACloseEvent
wtsapi32.dll
WTSFreeMemory, WTSEnumerateSessionsW, WTSQueryUserToken