IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

ControlService

SetTokenInformation

ImpersonateLoggedOnUser

CreateProcessAsUserW

StartServiceW

ConvertSidToStringSidW

QueryServiceStatus

DuplicateTokenEx

RegSetValueExW

LsaRetrievePrivateData

LookupAccountNameW

AccessCheck

GetSecurityDescriptorLength

RegCreateKeyExW

ConvertStringSecurityDescriptorToSecurityDescriptorW

QueryServiceStatusEx

SaferCreateLevel

SaferComputeTokenFromLevel

SaferCloseLevel

CommandLineFromMsiDescriptor

IsValidSecurityDescriptor

LookupAccountSidW

FreeSid

AllocateAndInitializeSid

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

AddAccessAllowedAce

InitializeAcl

GetLengthSid

RegCloseKey

RegQueryValueExW

RegOpenKeyExW

CloseServiceHandle

OpenServiceW

OpenSCManagerW

AllocateLocallyUniqueId

SetServiceStatus

RegQueryValueA

RegisterServiceCtrlHandlerExW

RegisterEventSourceW

ReportEventW

DeregisterEventSource

IsValidSid

GetSidIdentifierAuthority

GetSidSubAuthorityCount

GetSidSubAuthority

GetSecurityDescriptorDacl

GetAce

RegOpenKeyW

RegQueryValueW

CryptAcquireContextW

CryptReleaseContext

SystemFunction036

CryptGenRandom

CopySid

RegNotifyChangeKeyValue

RegQueryInfoKeyW

RegEnumValueW

ImpersonateAnonymousToken

OpenThreadToken

RevertToSelf

RegOpenUserClassesRoot

CheckTokenMembership

SaferiCompareTokenLevels

SetThreadToken

CreateWellKnownSid

LsaOpenPolicy

LsaQueryInformationPolicy

LsaClose

EqualSid

GetTokenInformation

OpenProcessToken

ChangeServiceConfigW

LsaFreeMemory

DisableThreadLibraryCalls

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

LoadLibraryA

InterlockedCompareExchange

FreeLibrary

GetProcAddress

TlsAlloc

LocalAlloc

CreateEventA

LocalFree

Sleep

GetComputerNameA

QueryPerformanceCounter

GlobalMemoryStatus

GetDiskFreeSpaceA

InterlockedExchange

EnterCriticalSection

LeaveCriticalSection

GetComputerNameW

GetLastError

lstrcmpW

GetProcessHeap

HeapAlloc

HeapFree

GetDriveTypeW

lstrcpynW

MultiByteToWideChar

lstrlenA

GetExitCodeProcess

WaitForMultipleObjects

CreateMutexW

UnmapViewOfFile

MapViewOfFile

CreateFileMappingW

ResumeThread

OpenFileMappingW

CreateProcessW

ReadFile

GetModuleFileNameW

WriteFile

WaitNamedPipeW

InitializeCriticalSectionAndSpinCount

lstrcmpiA

MapViewOfFileEx

VirtualAlloc

VirtualFree

GetSystemTimeAsFileTime

DelayLoadFailureHook

SetLastError

CloseHandle

DeviceIoControl

CreateFileW

SleepEx

InterlockedIncrement

InterlockedDecrement

CreateThread

GetSystemInfo

lstrcpyW

lstrlenW

RegisterWaitForSingleObject

CreateEventW

SetEvent

WaitForSingleObject

lstrcatW

TerminateJobObject

GetCurrentThread

InterlockedExchangeAdd

DeleteTimerQueueTimer

CreateTimerQueueTimer

DeleteCriticalSection

IsDebuggerPresent

DebugBreak

ResetEvent

TlsSetValue

TlsGetValue

GetModuleHandleW

LoadLibraryExA

ExpandEnvironmentStringsW

ReleaseMutex

ReleaseActCtx

FindActCtxSectionGuid

FindActCtxSectionStringW

LoadLibraryW

GetSystemDirectoryW

GetSystemWow64DirectoryW

lstrcmpiW

SearchPathW

AddRefActCtx

OpenProcess

DuplicateHandle

InitializeCriticalSection

OpenEventW

LoadLibraryExW

FindClose

FindFirstFileW

_onexit

__dllonexit

_adjust_fdiv

malloc

_initterm

free

_ftol

_resetstkoflw

_except_handler3

memmove

_wtoi

_purecall

ceil

wcslen

wcschr

_ultow

strncmp

wcstol

_stricmp

swprintf

_vsnwprintf

_wcsicmp

wcsncpy

towupper

wcscat

wcscpy

RtlAllocateHeap

RtlFreeHeap

RtlImageNtHeader

RtlNtStatusToDosError

NtOpenFile

RtlInitString

RtlDeleteCriticalSection

NtCompareTokens

NtQueryInformationToken

DbgPrint

NtQuerySystemInformation

RtlCopySid

NtOpenSection

NtFsControlFile

NtCreateFile

RtlAdjustPrivilege

NtSetInformationProcess

NtDuplicateToken

RtlInitUnicodeString

RtlEqualUnicodeString

NtSetUuidSeed

RtlSetSaclSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlCreateSecurityDescriptor

RtlAddAce

RtlCreateAcl

RtlGetNtProductType

RtlInitializeCriticalSection

NtAllocateLocallyUniqueId

RtlLengthRequiredSid

RtlInitializeSid

RtlSubAuthoritySid

RtlAllocateAndInitializeSid

NtClose

NtOpenKey

RtlLengthSid

RpcServerRegisterIf2

RpcMgmtSetServerStackSize

UuidCreate

RpcServerListen

RpcMgmtIsServerListening

I_RpcAllocate

I_RpcFree

RpcServerUseProtseqEpExW

RpcBindingFree

RpcBindingSetAuthInfoW

RpcBindingSetAuthInfoExW

NdrAsyncServerCall

NdrAsyncClientCall

MesEncodeFixedBufferHandleCreate

MesHandleFree

MesDecodeBufferHandleCreate

NdrMesTypeAlignSize2

NdrMesTypeEncode2

NdrMesTypeDecode2

RpcRevertToSelfEx

RpcImpersonateClient

RpcRaiseException

I_RpcBindingInqTransportType

RpcAsyncCompleteCall

RpcBindingSetOption

I_RpcBindingInqWireIdForSnego

RpcServerUnregisterIf

I_RpcServerInqLocalConnAddress

I_RpcServerCheckClientRestriction

TowerExplode

I_RpcSystemFunction001

RpcServerRegisterIfEx

I_RpcServerRegisterForwardFunction

I_RpcServerSetAddressChangeFn

I_RpcExceptionFilter

NdrClientCall2

NdrServerCall2

RpcStringBindingComposeW

RpcMgmtEnableIdleCleanup

I_RpcBindingInqLocalClientPID

RpcRevertToSelf

RpcBindingReset

RpcAsyncCancelCall

RpcBindingFromStringBindingW

RpcBindingSetObject

RpcAsyncInitializeHandle

RpcBindingCopy

RpcServerInqBindings

RpcBindingVectorFree

RpcStringFreeW

RpcBindingToStringBindingW

RpcStringBindingParseW

RpcServerRegisterAuthInfoW

FreeContextBuffer

LsaLogonUser

LsaLookupAuthenticationPackage

LsaRegisterLogonProcess

LsaFreeReturnBuffer

EnumerateSecurityPackagesW

wsprintfW

LoadStringW

CharUpperW

closesocket

WSAIoctl

WSAGetLastError

inet_ntoa

gethostname

gethostbyname

socket

bind

WSASetServiceW

htons

getsockname

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ