IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

SendMessageW

LoadStringW

GetWindowRect

GetDlgItem

LoadImageW

EndDialog

CloseDesktop

GetDlgItemTextW

DialogBoxParamW

ShowWindow

EnumWindows

LockWindowStation

UnlockWindowStation

SetWindowStationUser

UpdatePerUserSystemParameters

FindWindowW

SwitchDesktopWithFade

LoadLocalFonts

RegisterLogonProcess

CreateWindowStationW

SetProcessWindowStation

CloseWindowStation

SetUserObjectSecurity

SwitchDesktop

RealGetWindowClassW

GetWindowLongW

GetParent

GetDesktopWindow

SetWindowPos

SetForegroundWindow

GetLastInputInfo

GetKeyState

SystemParametersInfoW

CreateDesktopW

CancelShutdown

GetAsyncKeyState

ExitWindowsEx

GetSystemMetrics

MessageBoxW

OpenInputDesktop

GetUserObjectInformationW

SetThreadDesktop

??2@YAPAXI@Z

memcpy

memset

_vsnwprintf

memmove

_wcsicmp

wcschr

wcsrchr

iswspace

wcstok

??3@YAXPAX@Z

_ultow

_wtoi

__getmainargs

_cexit

_exit

_XcptFilter

_ismbblead

exit

_acmdln

_initterm

_amsg_exit

__setusermatherr

__p__commode

wcsstr

__isascii

isupper

_tolower

__p__fmode

__set_app_type

_except_handler4_common

?terminate@@YAXXZ

_controlfp

_wcsnicmp

RtlLeaveCriticalSection

RtlAdjustPrivilege

NtCreateToken

NtSetInformationToken

RtlCreateEnvironment

RtlInitUnicodeString

RtlQueryEnvironmentVariable_U

RtlSetEnvironmentVariable

RtlInitUnicodeStringEx

RtlCompareUnicodeString

NtOpenThreadToken

EtwEventActivityIdControl

EtwEventWriteStartScenario

EtwEventWriteEndScenario

RtlpVerifyAndCommitUILanguageSettings

WinSqmSetDWORD

RtlDeleteCriticalSection

EtwEventUnregister

EtwEventRegister

RtlRemovePrivileges

EtwUnregisterTraceGuids

RtlEnterCriticalSection

EtwGetTraceLoggerHandle

EtwGetTraceEnableLevel

EtwGetTraceEnableFlags

NtSystemDebugControl

NtQuerySystemInformation

RtlCopyLuid

RtlGetNtProductType

EtwEventEnabled

EtwEventWrite

WinSqmEndSession

WinSqmStartSession

NtOpenProcessToken

NtQueryInformationToken

NtClose

RtlNtStatusToDosError

NtShutdownSystem

EtwTraceMessage

RtlInitializeCriticalSection

RtlLengthSid

RtlInitString

NtAllocateLocallyUniqueId

WinSqmAddToStream

RtlDestroyEnvironment

TpSimpleTryPost

TpReleaseWork

TpWaitForWork

TpReleaseWait

TpWaitForWait

TpSetWait

TpPostWork

TpAllocWork

TpWaitForTimer

RtlGetDaclSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlAddAce

NtAdjustPrivilegesToken

NtDuplicateToken

RtlUnhandledExceptionFilter

NtQueryInformationProcess

TpReleaseTimer

NtReplyPort

NtCompleteConnectPort

NtReplyWaitReceivePort

NtAcceptConnectPort

NtCreatePort

NtCreateEvent

TpAllocWait

RtlExpandEnvironmentStrings_U

RtlNtStatusToDosErrorNoTeb

RtlCopySid

RtlOpenCurrentUser

RtlFreeSid

NtSetSecurityObject

RtlSetSaclSecurityDescriptor

RtlAddMandatoryAce

RtlCreateAcl

RtlCreateSecurityDescriptor

RtlAllocateAndInitializeSid

RtlTimeToSecondsSince1980

TpSetTimer

TpAllocTimer

NtOpenDirectoryObject

NtInitiatePowerAction

RtlFreeUnicodeString

RtlDuplicateUnicodeString

NtFilterToken

RtlEqualSid

EtwRegisterTraceGuidsW

RegEnumValueW

RegDeleteKeyExW

RegCloseKey

RegQueryValueExW

RegOpenKeyExW

RegDeleteValueW

RegQueryInfoKeyW

RegSetValueExW

RegCreateKeyExW

RegSetKeySecurity

CreateWellKnownSid

EqualSid

GetTokenInformation

GetLengthSid

RevertToSelf

ImpersonateLoggedOnUser

CheckTokenMembership

DuplicateTokenEx

AllocateLocallyUniqueId

WinStationNegotiateSession

WinStationReportUIResult

WinStationFreeMemory

WinStationQueryInformationW

WinStationIsSessionPermitted

_WinStationWaitForConnect

WinStationGetUserCredentials

WinStationFreeUserCredentials

WinStationIsSessionRemoteable

WinStationDisconnect

I_RpcMapWin32Status

NdrAsyncClientCall

RpcAsyncInitializeHandle

RpcAsyncCancelCall

RpcMgmtIsServerListening

RpcStringFreeW

RpcStringBindingComposeW

RpcBindingFromStringBindingW

RpcServerUnsubscribeForNotification

RpcServerSubscribeForNotification

I_RpcBindingIsClientLocal

RpcServerUnregisterIf

RpcBindingVectorFree

RpcEpUnregister

RpcServerListen

RpcEpRegisterW

RpcServerInqBindings

RpcServerRegisterIfEx

RpcServerUseProtseqW

NdrServerCall2

NdrAsyncServerCall

RpcRaiseException

RpcServerInqCallAttributesW

RpcServerTestCancel

RpcServerUseProtseqEpW

RpcBindingSetAuthInfoExW

UuidFromStringW

RpcBindingUnbind

RpcBindingCreateW

RpcBindingBind

RpcBindingFree

NdrClientCall2

RpcAsyncAbortCall

RpcAsyncCompleteCall

I_RpcExceptionFilter

I_RpcBindingInqLocalClientPID

RpcImpersonateClient

RpcRevertToSelf

CreateEventW

FreeLibrary

GetProcAddress

LoadLibraryW

SetEvent

LocalReAlloc

CloseHandle

WaitForSingleObject

GetComputerNameExW

GetModuleFileNameW

LocalAlloc

GetLastError

HeapCreate

HeapDestroy

HeapAlloc

HeapFree

HeapSize

SetThreadPriority

GetCurrentThread

SetPriorityClass

GetCurrentProcess

LockResource

LoadResource

FindResourceExW

FormatMessageW

InterlockedCompareExchange

LocalSize

MoveFileExW

GetSystemTimeAsFileTime

SetLastError

GetSystemDirectoryW

SetProcessWorkingSetSize

Sleep

UnregisterWaitEx

InterlockedExchange

WaitForSingleObjectEx

HeapSetInformation

GetCurrentProcessId

RegGetValueA

RegDeleteTreeW

RegEnumKeyExW

CreateProcessInternalW

BaseInitAppcompatCacheSupport

SleepEx

GetFileAttributesW

SetTimerQueueTimer

CreateRemoteThread

GetThreadUILanguage

GetVersionExW

GetTickCount64

WideCharToMultiByte

DebugBreak

UnhandledExceptionFilter

GetCurrentThreadId

QueryPerformanceCounter

GetModuleHandleA

SetUnhandledExceptionFilter

GetStartupInfoA

LoadLibraryExA

DelayLoadFailureHook

SetInformationJobObject

WaitForMultipleObjects

CreateThread

SetErrorMode

CreateFileW

ReadFile

GetModuleHandleW

GetProcessId

OpenEventW

CreateTimerQueueTimer

DeleteTimerQueueTimer

CreateProcessW

SearchPathW

AssignProcessToJobObject

TerminateProcess

GetTickCount

CompareFileTime

ResumeThread

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

GetTimeFormatW

GetDateFormatW

VirtualLock

GetProcessWorkingSetSize

LocalFree

VirtualUnlock

VirtualFree

CreateJobObjectW

GetCommandLineW

TerminateJobObject

ResetEvent

GetComputerNameW

InterlockedIncrement

InterlockedDecrement

DuplicateHandle

QueryInformationJobObject

RegisterWaitForSingleObject

OpenProcess

UnregisterWait

QueryFullProcessImageNameW

GetExitCodeProcess

GetProcessHeap

SetEnvironmentVariableW

CompareStringW

GetShortPathNameW

lstrlenW

ExpandEnvironmentStringsW

VirtualAlloc

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE