IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

NtCreatePrivateNamespace

NtDeletePrivateNamespace

NtOpenPrivateNamespace

RtlAddSIDToBoundaryDescriptor

RtlFreeAnsiString

RtlAnsiStringToUnicodeString

RtlInitializeSid

NlsMbCodePageTag

RtlSubAuthoritySid

RtlDosPathNameToRelativeNtPathName_U

RtlFreeUnicodeString

RtlInitUnicodeString

RtlGetOwnerSecurityDescriptor

RtlReleaseRelativeName

RtlLengthRequiredSid

RtlUnicodeStringToAnsiString

RtlInitAnsiString

LdrResRelease

NtQueryInformationFile

RtlEqualSid

SbSelectProcedure

LdrResSearchResource

NtQuerySecurityObject

NtOpenFile

_wcsicmp

RtlDecodeSystemPointer

RtlUnicodeToMultiByteN

RtlMultiByteToUnicodeN

RtlDeleteCriticalSection

RtlUpcaseUnicodeChar

RtlEnterCriticalSection

RtlInitializeCriticalSection

RtlLeaveCriticalSection

RtlSubscribeWnfStateChangeNotification

NtQueryWnfStateData

RtlUnsubscribeWnfNotificationWaitForCompletion

NtSetInformationFile

RtlDosPathNameToNtPathName_U

wcscpy_s

wcscat_s

swprintf_s

NtFsControlFile

NtQueryVolumeInformationFile

NtCreateFile

RtlSetLastWin32Error

NtWaitForSingleObject

NtNotifyChangeDirectoryFileEx

RtlSetCurrentTransaction

NtCopyFileChunk

RtlEqualUnicodeString

NtQuerySystemInformation

TpSetWait

RtlReleasePrivilege

NtOpenKey

TpReleaseWait

ZwQueryWnfStateData

RtlDosPathNameToNtPathName_U_WithStatus

RtlGetAce

RtlQueryInformationAcl

RtlVerifyVersionInfo

NtQueryEaFile

RtlAcquirePrivilege

RtlGetCurrentTransaction

NtFlushBuffersFile

RtlGetLastNtStatus

NtCreateEvent

RtlGetLastWin32Error

RtlpMergeSecurityAttributeInformation

VerSetConditionMask

_wcsnicmp

RtlNtStatusToDosError

TpWaitForWait

wcsrchr

RtlFindAceByType

NtQueryValueKey

NtOpenMutant

_vsnwprintf

RtlIsDosDeviceName_U

NtReleaseMutant

RtlIsStateSeparationEnabled

NtCreateKeyTransacted

RtlDetermineDosPathNameType_U

NtCreateKey

NtSetValueKey

RtlUnicodeStringToOemString

NtQueryDirectoryFile

RtlGetPersistedStateLocation

RtlGetExtendedFeaturesMask

RtlGetEnabledExtendedFeatures

RtlInitUnicodeStringEx

RtlCopyContext

RtlSetExtendedFeaturesMask

RtlSetLastWin32ErrorAndNtStatusFromNtStatus

RtlInitializeExtendedContext2

RtlGetExtendedContextLength2

RtlLocateExtendedFeature

iswalpha

wcschr

wcsncmp

RtlNtStatusToDosErrorNoTeb

TpSetTimer

RtlDllShutdownInProgress

memcpy_s

TpWaitForTimer

TpReleaseTimer

RtlInitializeCriticalSectionEx

memmove_s

_vsnprintf

NtTerminateProcess

RtlCaptureContext

RtlUnhandledExceptionFilter

_aullshr

RtlGetLocaleFileMappingAddress

NtEnumerateKey

NtGetNlsSectionPtr

RtlNormalizeString

RtlPublishWnfStateData

NtSetDefaultLocale

_wtoi

_itow_s

wcspbrk

NtDeleteValueKey

RtlUnicodeStringToInteger

RtlLocaleNameToLcid

RtlIsMultiSessionSku

RtlLcidToLocaleName

RtlpLoadUserUIByPolicy

RtlpLoadMachineUIByPolicy

RtlpGetLCIDFromLangInfoNode

NtEnumerateValueKey

qsort

RtlpCreateProcessRegistryInfo

RtlLCIDToCultureName

RtlpGetNameFromLangInfoNode

NtQueryInstallUILanguage

RtlpMuiFreeLangRegistryInfo

RtlpInitializeLangRegistryInfo

RtlpIsQualifiedLanguage

RtlCultureNameToLCID

_ui64tow_s

LdrFindResourceEx_U

RtlGetThreadPreferredUILanguages

RtlSetProcessPreferredUILanguages

RtlGetUILanguageInfo

RtlGetUserPreferredUILanguages

RtlGetSystemPreferredUILanguages

RtlpQueryDefaultUILanguage

RtlGetProcessPreferredUILanguages

RtlSetThreadPreferredUILanguages

RtlSetThreadPreferredUILanguages2

RtlGetFileMUIPath

RtlRestoreThreadPreferredUILanguages

RtlpGetSystemDefaultUILanguage

LdrAccessResource

RtlIdnToNameprepUnicode

RtlIsNormalizedString

RtlIdnToAscii

RtlIdnToUnicode

NtDeleteKey

RtlAppendUnicodeStringToString

RtlLoadString

RtlAppendUnicodeToString

RtlCopyUnicodeString

RtlExpandEnvironmentStrings_U

NtCreateSection

RtlOpenCurrentUser

NtMapViewOfSection

NtQueryDefaultLocale

NtNotifyChangeKey

NtQueryInformationToken

RtlTimeFieldsToTime

RtlUTF8ToUnicodeN

RtlUnicodeToUTF8N

_wcslwr

NtQueryLicenseValue

_wtol

RtlIntegerToUnicodeString

RtlRunOnceExecuteOnce

DbgPrint

memmove

RtlUnwind

NtClose

RtlReleaseSRWLockShared

RtlPrefixUnicodeString

RtlAcquireSRWLockShared

RtlAcquireSRWLockExclusive

RtlReleaseSRWLockExclusive

RtlDeleteBoundaryDescriptor

NtQueryInformationProcess

RtlCreateBoundaryDescriptor

RtlCompareUnicodeString

RtlFreeHeap

RtlQueryPerformanceCounter

RtlLocateLegacyContext

RtlAllocateHeap

RtlQueryWnfStateData

RtlSetProtectedPolicy

NtOpenSymbolicLinkObject

NtQuerySymbolicLinkObject

RtlUnicodeToMultiByteSize

RtlQueryInformationActivationContext

DbgPrintEx

RtlReleaseActivationContext

RtlInitAnsiStringEx

TpAllocTimer

TpAllocIoCompletion

TpAllocWork

TpCallbackMayRunLong

TpAllocCleanupGroup

TpSimpleTryPost

TpQueryPoolStackInformation

TpAllocPool

TpSetPoolMinThreads

TpSetPoolStackInformation

TpAllocWait

RtlConvertSidToUnicodeString

RtlSubAuthorityCountSid

ZwQueryInformationToken

RtlIsMultiUsersInSessionSku

ZwQueryValueKey

ZwClose

ZwOpenKey

NtQueryMultipleValueKey

wcsncpy_s

RtlReAllocateHeap

RtlExitUserProcess

RtlInitializeCriticalSectionAndSpinCount

vswprintf_s

RtlDecodePointer

RtlEncodePointer

RtlSizeHeap

isalpha

_strnicmp

RtlRunOnceInitialize

NtDuplicateObject

RtlFormatCurrentUserKeyPath

NtResetEvent

RtlCheckTokenMembershipEx

RtlDeriveCapabilitySidsFromName

NtQueryEvent

RtlCapabilityCheck

NtSetInformationProcess

RtlCreateUnicodeStringFromAsciiz

NtQueryKey

RtlCreateUnicodeString

RtlValidSecurityDescriptor

RtlRandomEx

RtlStringFromGUID

NtLoadKeyEx

RtlLengthSecurityDescriptor

RtlMakeSelfRelativeSD

LdrGetProcedureAddress

LdrGetDllHandle

RtlInitString

strncat

_strlwr

RtlRaiseException

PssNtCaptureSnapshot

PssNtValidateDescriptor

PssNtFreeSnapshot

PssNtFreeRemoteSnapshot

PssNtQuerySnapshot

PssNtWalkSnapshot

PssNtDuplicateSnapshot

PssNtFreeWalkMarker

ApiSetQueryApiSetPresence

NtQueryVirtualMemory

NtOpenProcessTokenEx

RtlGUIDFromString

RtlQueryPackageIdentityEx

RtlStringFromGUIDEx

EtwEventUnregister

EtwEventRegister

EtwEventEnabled

EtwEventWrite

NtCreateWnfStateName

NtDeleteWnfStateName

RtlFreeSid

RtlInitializeSRWLock

WinSqmIncrementDWORD

WinSqmSetDWORD

WinSqmSetString

RtlGetDaclSecurityDescriptor

RtlCreateAcl

RtlAddAccessAllowedAceEx

RtlAddAce

RtlCreateSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlGetControlSecurityDescriptor

RtlSetControlSecurityDescriptor

NtSetSecurityObject

RtlDowncaseUnicodeString

RtlUpcaseUnicodeString

RtlAllocateAndInitializeSid

wcsspn

NtUnmapViewOfSection

RtlQueryPackageClaims

RtlGetDeviceFamilyInfoEnum

LdrUpdatePackageSearchPath

strncmp

RtlInsertElementGenericTableAvl

RtlInitializeGenericTableAvl

RtlDeleteElementGenericTableAvl

RtlLookupElementGenericTableAvl

RtlValidSid

RtlLengthSid

RtlGetAppContainerSidType

RtlCopySid

RtlExpandEnvironmentStrings

RtlGetAppContainerParent

NtQuerySecurityAttributesToken

RtlIsParentOfChildAppContainer

WinSqmIsOptedIn

WinSqmStartSession

WinSqmAddToStreamEx

WinSqmEndSession

TpReleaseWork

TpPostWork

NtGetCachedSigningLevel

RtlSetSaclSecurityDescriptor

ZwCreateKey

ZwSetValueKey

NtDeviceIoControlFile

EtwEventWriteTransfer

TpCancelAsyncIoOperation

TpWaitForIoCompletion

TpReleaseIoCompletion

RtlEnumerateGenericTableAvl

TpStartAsyncIoOperation

RtlCompareUnicodeStrings

strchr

NtReadFile

RtlRaiseStatus

RtlTryAcquirePebLock

RtlReleasePebLock

wcscspn

wcsstr

RtlGetNtSystemRoot

NtWaitForMultipleObjects

RtlImageNtHeader

NtSetSystemInformation

RtlWow64EnableFsRedirectionEx

RtlExitUserThread

NtYieldExecution

strtoul

_errno

RtlQueryPerformanceFrequency

RtlTryAcquireSRWLockExclusive

RtlGetCurrentDirectory_U

RtlGetSearchPath

RtlDosSearchPath_Ustr

RtlReleasePath

RtlQueryActivationContextApplicationSettings

RtlQueryEnvironmentVariable_U

RtlGetFullPathName_U

RtlIntegerToChar

RtlAnsiCharToUnicodeChar

RtlSetThreadErrorMode

NtDuplicateToken

NtAllocateLocallyUniqueId

NtAccessCheck

NtAccessCheckByType

NtAccessCheckByTypeResultList

NtOpenProcessToken

NtOpenThreadToken

NtSetInformationToken

NtAdjustPrivilegesToken

NtAdjustGroupsToken

NtPrivilegeCheck

NtAccessCheckAndAuditAlarm

NtAccessCheckByTypeAndAuditAlarm

NtAccessCheckByTypeResultListAndAuditAlarm

NtAccessCheckByTypeResultListAndAuditAlarmByHandle

NtOpenObjectAuditAlarm

NtPrivilegeObjectAuditAlarm

NtCloseObjectAuditAlarm

NtDeleteObjectAuditAlarm

NtPrivilegedServiceAuditAlarm

RtlEqualPrefixSid

RtlIdentifierAuthoritySid

RtlAreAllAccessesGranted

RtlAreAnyAccessesGranted

RtlMapGenericMask

RtlValidAcl

RtlSetInformationAcl

RtlDeleteAce

RtlAddAccessAllowedAce

RtlAddMandatoryAce

RtlAddResourceAttributeAce

RtlAddScopedPolicyIDAce

RtlAddAccessDeniedAce

RtlAddAccessDeniedAceEx

RtlAddAuditAccessAce

RtlAddAuditAccessAceEx

RtlAddAccessAllowedObjectAce

RtlAddAccessDeniedObjectAce

RtlAddAuditAccessObjectAce

RtlFirstFreeAce

RtlValidRelativeSecurityDescriptor

RtlGetSaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlNewSecurityObject

RtlConvertToAutoInheritSecurityObject

RtlNewSecurityObjectEx

RtlNewSecurityObjectWithMultipleInheritance

RtlSetSecurityObject

RtlSetSecurityObjectEx

RtlQuerySecurityObject

RtlDeleteSecurityObject

RtlAbsoluteToSelfRelativeSD

RtlSelfRelativeToAbsoluteSD

RtlImpersonateSelf

NtSetInformationThread

NtImpersonateAnonymousToken

EtwEventWriteNoRegistration

NtFilterToken

RtlCheckTokenCapability

RtlSelfRelativeToAbsoluteSD2

RtlGetSecurityDescriptorRMControl

RtlSetSecurityDescriptorRMControl

RtlIsPackageSid

RtlIsCapabilitySid

NtSetCachedSigningLevel

RtlDosApplyFileIsolationRedirection_Ustr

LdrGetDllHandleByName

RtlImageNtHeaderEx

LdrGetDllHandleByMapping

RtlGetActiveActivationContext

LdrAddLoadAsDataTable

_stricmp

strncat_s

LdrGetDllPath

LdrLoadDll

LdrRemoveLoadAsDataTable

LdrUnloadAlternateResourceModule

LdrUnloadDll

LdrDisableThreadCalloutsForDll

LdrGetDllFullName

RtlPcToFileHeader

LdrAddRefDll

LdrGetProcedureAddressForCaller

LdrAddDllDirectory

LdrRemoveDllDirectory

LdrSetDefaultDllDirectories

LdrResolveDelayLoadedAPI

LdrResolveDelayLoadsFromDll

LdrQueryOptionalDelayLoadedAPI

RtlGetProductInfo

RtlGetVersion

LdrFindResource_U

LdrResGetRCConfig

LdrpResGetResourceDirectory

RtlImageDirectoryEntryToData

LdrResFindResourceDirectory

LdrResFindResource

LdrGetFileNameFromLoadAsDataTable

LdrLoadAlternateResourceModule

LdrRscIsTypeExist

LdrLoadAlternateResourceModuleEx

LdrpResGetMappingSize

wcstoul

NtLockVirtualMemory

NtUnlockVirtualMemory

NtReadVirtualMemory

NtProtectVirtualMemory

NtWriteVirtualMemory

NtFlushInstructionCache

NtAllocateVirtualMemory

NtAllocateVirtualMemoryEx

NtFreeVirtualMemory

RtlFlushSecureMemoryCache

NtOpenEvent

NtGetWriteWatch

NtResetWriteWatch

NtSetInformationVirtualMemory

NtAllocateUserPhysicalPages

NtFreeUserPhysicalPages

NtMapUserPhysicalPages

RtlUnsubscribeWnfStateChangeNotification

RtlxAnsiStringToUnicodeSize

RtlxOemStringToUnicodeSize

RtlxUnicodeStringToOemSize

RtlxUnicodeStringToAnsiSize

RtlOemStringToUnicodeString

wcsnlen

RtlGetCurrentServiceSessionId

NtOpenDirectoryObject

NtQueryObject

NtCreateSymbolicLinkObject

NtCreateDirectoryObjectEx

LdrCreateEnclave

NtLoadEnclaveData

LdrInitializeEnclave

LdrLoadEnclaveModule

LdrCallEnclave

NtTerminateEnclave

LdrDeleteEnclave

RtlDefaultNpAcl

EventUnregister

EventRegister

EventActivityIdControl

EventWriteTransfer

EventSetInformation

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ