IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

WriteFile

GetFileSize

SetEndOfFile

CreateFileW

SetFilePointer

ReadFile

GetTempPathW

GetTempFileNameW

OpenProcess

DeleteFileW

InterlockedDecrement

CreateDirectoryW

LoadLibraryA

GetProcAddress

FreeLibrary

ProcessIdToSessionId

GetTickCount

CreateEventA

CreateMutexA

WaitForMultipleObjects

ReleaseMutex

LeaveCriticalSection

EnterCriticalSection

GetLastError

DeleteCriticalSection

lstrlenA

SetEvent

InitializeCriticalSection

ResetEvent

ExpandEnvironmentStringsW

CloseHandle

WaitForSingleObject

CreateProcessW

FindClose

FindNextFileW

InterlockedIncrement

FindFirstFileW

CreateFileA

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

GetLocaleInfoA

GetStringTypeW

GetStringTypeA

GetCurrentProcessId

QueryPerformanceCounter

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

FlushFileBuffers

LCMapStringW

LCMapStringA

HeapSize

Sleep

GetConsoleMode

GetConsoleCP

WideCharToMultiByte

TlsSetValue

TlsAlloc

TlsGetValue

IsValidCodePage

GetOEMCP

GetACP

GetCPInfo

GetModuleFileNameA

GetStdHandle

ExitProcess

GetModuleHandleA

HeapCreate

HeapDestroy

VirtualAlloc

VirtualFree

TlsFree

GetProcessHeap

GetVersionExA

GetCommandLineA

HeapReAlloc

GetSystemTimeAsFileTime

CreateThread

GetCurrentThreadId

ExitThread

MultiByteToWideChar

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

HeapFree

HeapAlloc

SetLastError

RaiseException

RtlUnwind

SetHandleCount

GetFileType

GetStartupInfoA

OpenProcessToken

LookupAccountSidA

LookupAccountSidW

DuplicateTokenEx

ImpersonateLoggedOnUser

RevertToSelf

GetTokenInformation

SysAllocString

VariantClear

SysFreeString

CertFreeCertificateContext

CertOpenStore

CertCloseStore

CertGetCertificateChain

CertVerifyCertificateChainPolicy

CertFreeCertificateChain

CertFindCertificateInStore

CertAddCertificateContextToStore

CertAddEncodedCertificateToStore

PFXExportCertStoreEx

ord48

ord86

ord116

ord110

ord82

ord83

ord75

ord6

ord112

ord12

ord22

ord28

ord8

ord60

ord43

ord78

ord58

ord35

ord166

ord61

ord96

ord84

ord284

ord370

ord391

ord108

ord359

ord265

ord155

ord94

ord74

ord183

ord385

ord1912

ord1804

ord672

ord669

ord668

ord197

ord181

ord658

ord667

ord674

ord246

ord3315

ord2604

ord281

ord224

ord857

ord254

ord851

ord298

ord639

ord333

ord2639

ord364

ord2684

ord2746

ord909

ord1299

ord444

ord1318

ord2734

ord1317

ord2672

ord109

ord1308

ord1291

ord170

ord581

ord653

ord2291

ord3205

ord58

ord188

ord573

ord656

ord670

ord673

ord279

ord3106

ord485

ord3171

ord283

ord3024

ord2186

ord664

ord1653

ord1654

ord1958

ord2442

ord566

ord578

ord579

ord657

ord648

ord129

ord2239

ord150

ord649

ord541

ord633

ord1177

ord1508

ord641

ord66

ord89

ord52

ord421

ord95

ord78

ord754

ord164

WSAStartup

WSACleanup

ntohl

htons

ntohs

WSAAddressToStringA

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ