IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_AGGRESIVE_WS_TRIM

IMAGE_FILE_32BIT_MACHINE

ceil

wcscpy

wcsncmp

_controlfp

_except_handler3

??3@YAXPAX@Z

??2@YAPAXI@Z

__CxxFrameHandler

_itow

_snprintf

_wtol

_strnicmp

sscanf

wcstombs

sprintf

strchr

strncmp

atof

_ftol

isspace

__set_app_type

__p__fmode

__p__commode

_adjust_fdiv

__setusermatherr

_initterm

__getmainargs

_acmdln

exit

_cexit

_XcptFilter

_exit

_c_exit

malloc

free

wcscmp

_local_unwind2

swscanf

swprintf

wcsncat

wcschr

memmove

wcstok

atoi

wcsncpy

wcsstr

_wcsicmp

wcslen

_snwprintf

wcscat

_wcsupr

RegSetValueExW

A_SHAInit

A_SHAUpdate

A_SHAFinal

LsaStorePrivateData

LsaRetrievePrivateData

LsaNtStatusToWinError

CryptGetUserKey

CryptGetKeyParam

CryptVerifySignatureW

CryptEncrypt

CryptDecrypt

CryptDestroyKey

MD5Final

MD5Update

MD5Init

I_ScSendTSMessage

RegSetKeySecurity

AddAccessAllowedAceEx

RegDeleteKeyW

RegOpenCurrentUser

CryptReleaseContext

CryptGetProvParam

CryptDestroyHash

CryptGetHashParam

CryptHashData

CryptSetHashParam

CryptCreateHash

CryptAcquireContextW

GetCurrentHwProfileW

ConvertStringSecurityDescriptorToSecurityDescriptorA

SetFileSecurityA

CryptGenRandom

CryptDeriveKey

RegCloseKey

RegQueryValueExW

RegOpenKeyW

FreeSid

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

AddAccessAllowedAce

InitializeAcl

GetLengthSid

AllocateAndInitializeSid

RegOpenKeyExW

CreateProcessAsUserW

DuplicateTokenEx

CloseServiceHandle

ControlService

StartServiceW

QueryServiceStatus

OpenServiceW

OpenSCManagerW

EqualSid

GetTokenInformation

CryptImportKey

RegCreateKeyExW

RegEnumValueW

RegQueryInfoKeyW

RegDeleteValueW

CredFree

CredDeleteW

CredEnumerateW

CopySid

GetSidLengthRequired

GetSidSubAuthority

GetSidSubAuthorityCount

GetUserNameW

OpenThreadToken

ReportEventW

RegisterEventSourceW

EnumServicesStatusW

ImpersonateLoggedOnUser

RegQueryValueExA

CheckTokenMembership

DeregisterEventSource

LsaGetUserName

RevertToSelf

LookupAccountSidW

IsValidSid

SetTokenInformation

LogonUserW

LookupAccountNameW

OpenProcessToken

SynchronizeWindows31FilesAndWindowsNTRegistry

QueryWindows31FilesMigration

AdjustTokenPrivileges

SystemFunction036

RegQueryInfoKeyA

RegEnumKeyExW

ConvertStringSecurityDescriptorToSecurityDescriptorW

SetKernelObjectSecurity

QueryServiceConfigW

RegNotifyChangeKeyValue

LsaClose

LsaFreeMemory

LsaQueryInformationPolicy

LsaOpenPolicy

AllocateLocallyUniqueId

CryptSignHashW

CryptSetProvParam

CreateSemaphoreW

GetCurrentThread

WaitForSingleObjectEx

CreateThread

LoadResource

FindResourceW

SetThreadExecutionState

ResetEvent

GetComputerNameW

GetSystemDirectoryW

SetLastError

TransactNamedPipe

SetNamedPipeHandleState

GetTickCount

CreateFileW

GlobalGetAtomNameW

SetEnvironmentVariableW

VirtualLock

VirtualQuery

GetDriveTypeW

Beep

OpenMutexW

OpenEventW

LeaveCriticalSection

EnterCriticalSection

DisconnectNamedPipe

TerminateProcess

GetCurrentProcess

SearchPathW

lstrcatW

LocalReAlloc

ExpandEnvironmentStringsW

TerminateThread

ResumeThread

GetDiskFreeSpaceExW

GlobalMemoryStatusEx

DeleteFileW

WriteProfileStringW

ReadFile

FindVolumeClose

FindNextVolumeW

FindFirstVolumeW

SetThreadPriority

SetPriorityClass

MoveFileExW

WaitForMultipleObjectsEx

GetExitCodeProcess

SleepEx

ReleaseSemaphore

FindClose

FindFirstFileW

GetWindowsDirectoryW

SetTimerQueueTimer

GetComputerNameA

VerifyVersionInfoW

VerSetConditionMask

WriteFile

WaitNamedPipeW

WaitForMultipleObjects

ConnectNamedPipe

DuplicateHandle

OpenProcess

GetOverlappedResult

GetVersionExA

lstrcmpW

UnregisterWait

CreateNamedPipeW

CreateRemoteThread

CreateActCtxW

GetModuleFileNameW

SetErrorMode

SetUnhandledExceptionFilter

GetPrivateProfileStringW

LocalSize

VirtualAlloc

FreeLibrary

GetEnvironmentVariableW

DebugBreak

CreateFileA

InitializeCriticalSection

ProcessIdToSessionId

SetInformationJobObject

AssignProcessToJobObject

TerminateJobObject

PostQueuedCompletionStatus

PulseEvent

GetQueuedCompletionStatus

CreateIoCompletionPort

CreateJobObjectW

ActivateActCtx

DeactivateActCtx

InterlockedCompareExchange

LoadLibraryA

GetModuleHandleA

GetStartupInfoA

LoadLibraryW

InterlockedExchange

GetProcAddress

DelayLoadFailureHook

GetModuleHandleW

GetProfileStringW

GetShortPathNameW

lstrcpynW

FileTimeToLocalFileTime

FileTimeToSystemTime

GetUserDefaultLCID

GetTimeFormatW

WTSGetActiveConsoleSessionId

GetCurrentProcessId

GetCurrentThreadId

GetVersionExW

FormatMessageW

lstrcmpiW

GetProfileIntW

lstrcpyW

BaseInitAppcompatCacheSupport

SetFilePointer

GetFileSize

lstrcmpiA

CreateFileMappingW

MapViewOfFile

UnmapViewOfFile

lstrcpynA

GetSystemDefaultUILanguage

HeapFree

LoadLibraryExW

GetProcessHeap

HeapAlloc

GetSystemTime

SystemTimeToFileTime

WideCharToMultiByte

GetACP

MultiByteToWideChar

lstrcpyA

lstrlenA

RegisterWaitForSingleObject

WaitForSingleObject

CreateProcessW

SetWaitableTimer

ReleaseMutex

SetEvent

UnregisterWaitEx

CloseHandle

GlobalAlloc

GlobalFree

GetLastError

LocalFree

lstrlenW

Sleep

GetSystemDirectoryA

SizeofResource

LockResource

FindResourceExW

CreateMutexA

GlobalMemoryStatus

GetVolumeInformationW

GetDriveTypeA

GetLogicalDriveStringsA

lstrcmpA

lstrcatA

GetSystemInfo

GetExitCodeThread

SetThreadAffinityMask

GetProcessAffinityMask

LocalAlloc

CreateEventW

CreateWaitableTimerW

VirtualQueryEx

OpenProfileUserMapping

CloseProfileUserMapping

BaseCleanupAppcompatCacheSupport

CreateMutexW

QueueUserWorkItem

DeleteCriticalSection

RtlUnwind

InitializeCriticalSectionAndSpinCount

CreateSemaphoreA

CreateEventA

ExitProcess

VirtualFree

VirtualProtect

FlushInstructionCache

GetSystemTimeAsFileTime

RemoveFontResourceW

AddFontResourceW

SetProcessWindowStation

DispatchMessageW

PeekMessageW

GetSystemMetrics

wsprintfA

GetWindowRect

MsgWaitForMultipleObjects

PostQuitMessage

SendNotifyMessageW

MessageBoxW

FindWindowW

DefWindowProcW

RegisterClassW

RegisterWindowMessageW

TranslateMessage

GetMessageW

CreateWindowExW

SetThreadDesktop

RegisterDeviceNotificationW

CloseDesktop

GetUserObjectInformationW

OpenInputDesktop

RegisterHotKey

UnregisterHotKey

ReplyMessage

SetTimer

GetMessageTime

KillTimer

CreateDesktopW

SetUserObjectSecurity

PostThreadMessageW

GetAsyncKeyState

SetUserObjectInformationW

SetWindowPlacement

DeleteMenu

GetSystemMenu

GetWindowPlacement

DialogBoxParamW

CallNextHookEx

GetWindowTextW

EnumWindows

SetFocus

wsprintfW

SetDlgItemTextW

SetCursor

LoadCursorW

CheckDlgButton

IsDlgButtonChecked

CloseWindowStation

CreateWindowStationW

OpenDesktopW

SwitchDesktop

SetWindowTextW

LoadStringW

SetWindowLongW

EndDialog

GetDlgItemTextW

GetWindowLongW

DestroyWindow

SetForegroundWindow

GetDesktopWindow

GetParent

GetKeyState

LoadImageW

SetLastErrorEx

wvsprintfW

DialogBoxIndirectParamW

UpdatePerUserSystemParameters

SetWindowStationUser

MBToWCSEx

LockWindowStation

UnlockWindowStation

SetLogonNotifyWindow

LoadLocalFonts

RecordShutdownReason

RegisterLogonProcess

ShowWindow

CreateDialogParamW

SendMessageW

GetDlgItem

SystemParametersInfoW

EnumDisplayMonitors

ExitWindowsEx

PostMessageW

UpdateWindow

SetWindowPos

SetWindowsHookW

UnhookWindowsHook

RpcGetAuthorizationContextForClient

RpcFreeAuthorizationContext

RpcRevertToSelf

RpcImpersonateClient

UuidCreate

RpcServerRegisterIfEx

RpcServerUseProtseqEpW

RpcServerListen

RpcServerRegisterIf

I_RpcMapWin32Status

NdrServerCall2

NtReplyWaitReceivePort

NtAcceptConnectPort

NtCreatePort

RtlConvertSidToUnicodeString

RtlFreeUnicodeString

NtLockProductActivationKeys

RtlTimeToTimeFields

NtUnmapViewOfSection

NtMapViewOfSection

NtOpenSection

NtCompleteConnectPort

NtReplyPort

RtlOpenCurrentUser

NtClose

NtQueryValueKey

NtOpenKey

RtlInitUnicodeString

RtlSetEnvironmentVariable

RtlQueryEnvironmentVariable_U

RtlCompareUnicodeString

NtQuerySecurityObject

RtlQueryInformationAcl

RtlGetAce

NtOpenEvent

NtQueryInformationJobObject

NtFilterToken

DbgPrint

NtInitiatePowerAction

RtlInitString

RtlSetProcessIsCritical

RtlSetThreadIsCritical

RtlCheckProcessParameters

DbgBreakPoint

NtQueryInformationProcess

RtlUnhandledExceptionFilter

NtOpenProcessToken

NtOpenThreadToken

NtPrivilegeCheck

NtPrivilegeObjectAuditAlarm

NtQuerySystemTime

RtlTimeToSecondsSince1980

NtCreateKey

NtSetValueKey

RtlRegisterWait

NtOpenDirectoryObject

NtQuerySystemInformation

RtlDosPathNameToNtPathName_U

NtCreatePagingFile

NtCreateEvent

NtSetInformationProcess

RtlNtStatusToDosError

RtlCreateAcl

RtlAddAce

RtlCreateSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlEqualSid

NtDuplicateObject

NtDuplicateToken

NtSetInformationThread

RtlLengthSid

RtlCopySid

RtlGetDaclSecurityDescriptor

NtAllocateLocallyUniqueId

RtlLengthRequiredSid

RtlInitializeSid

RtlSubAuthoritySid

RtlAllocateHeap

NtPowerInformation

NtSetSystemPowerState

NtRaiseHardError

RtlDeleteCriticalSection

NtOpenSymbolicLinkObject

NtQuerySymbolicLinkObject

NtQueryVolumeInformationFile

NtSetSecurityObject

RtlAdjustPrivilege

NtOpenFile

NtFsControlFile

RtlAllocateAndInitializeSid

RtlDestroyEnvironment

RtlFreeHeap

NtQueryInformationToken

NtShutdownSystem

RtlEnterCriticalSection

RtlLeaveCriticalSection

RtlInitializeCriticalSection

RtlCreateEnvironment

ord140

UnregisterGPNotification

DestroyEnvironmentBlock

CreateEnvironmentBlock

RegisterGPNotification

GetUserProfileDirectoryW

ord130

LoadUserProfileW

UnloadUserProfile

ord152

ord150

ord131

WaitForMachinePolicyForegroundProcessing

ord118

WaitForUserPolicyForegroundProcessing

ord117

ord151

GetAllUsersProfileDirectoryW

ord611

ord612

ord613

ord603

CertComparePublicKeyInfo

CryptExportPublicKeyInfo

CertFindExtension

CertFreeCertificateContext

CertSetCertificateContextProperty

CertCreateCertificateContext

CryptVerifyMessageSignature

CryptImportPublicKeyInfo

CryptSignMessage

CertCloseStore

CryptDecryptMessage

CertGetCertificateContextProperty

CertAddCertificateContextToStore

CertOpenStore

CertVerifySubjectCertificateContext

CertGetIssuerCertificateFromStore

CertDuplicateCertificateContext

CryptImportPublicKeyInfoEx

CertEnumCertificatesInStore

LsaCallAuthenticationPackage

LsaLookupAuthenticationPackage

GetUserNameExW

LsaRegisterLogonProcess

WinStationQueryLogonCredentialsW

WinStationIsHelpAssistantSession

_WinStationNotifyDisconnectPipe

WinStationAutoReconnect

_WinStationWaitForConnect

_WinStationNotifyLogoff

_WinStationNotifyLogon

WinStationCheckLoopBack

WinStationShutdownSystem

WinStationSetInformationW

WinStationConnectW

WinStationReset

WinStationQueryInformationW

WinStationGetMachinePolicy

WinStationEnumerate_IndexedW

_WinStationFUSCanRemoteUserDisconnect

WinStationNameFromLogonIdW

_WinStationCallback

WinStationDisconnect

RemapAndMoveUserW

InitializeProfileMappingApi

RegUserConfigQuery

RegDefaultUserConfigQueryW

WSAStartup

WSACleanup

getaddrinfo

AuthziInitializeAuditEventType

AuthziInitializeAuditParams

AuthziInitializeAuditEvent

AuthziFreeAuditEventType

AuthzAccessCheck

AuthzFreeHandle

AuthzInitializeResourceManager

AuthzFreeResourceManager

AuthziLogAuditEvent

AuthzFreeAuditEvent

EnumProcessModules

GetModuleBaseNameW

EnumProcesses

GetFileVersionInfoW

VerQueryValueW

GetFileVersionInfoSizeW

SetupDiEnumDeviceInfo

SetupDiGetClassDevsW

SetupDiGetDeviceRegistryPropertyW

SetupDiDestroyDeviceInfoList

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE