IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

NtMapViewOfSection

NtCreateSection

NtUnmapViewOfSection

NtAllocateVirtualMemory

NtFreeVirtualMemory

NtQuerySystemInformation

NtQueryVirtualMemory

_alloca_probe

NtQueryDirectoryFile

NtOpenFile

RtlxAnsiStringToUnicodeSize

NlsMbCodePageTag

RtlUnicodeStringToInteger

DbgPrint

NtQueryInformationProcess

RtlGetVersion

NtEnumerateValueKey

NtQueryKey

NtCreateKey

NtSetValueKey

NtDeleteValueKey

RtlDowncaseUnicodeString

RtlGetFullPathName_U

NtSetInformationKey

NtDeleteKey

strpbrk

strspn

_wcsupr

RtlUpcaseUnicodeChar

toupper

RtlUpcaseUnicodeString

NtWriteFile

RtlSecondsSince1970ToTime

RtlImageRvaToVa

RtlGUIDFromString

strchr

isdigit

LdrResFindResource

LdrResSearchResource

RtlUnwind

NtReadFile

qsort

NtDeleteFile

NtCreateFile

RtlDoesFileExists_U

NtOpenProcessToken

NtQueryInformationToken

RtlGetFileMUIPath

NtQueryInformationFile

RtlCreateUnicodeString

_vscwprintf

EtwEventRegister

EtwEventUnregister

EtwEventWrite

RtlAppendUnicodeStringToString

DbgPrintEx

wcsstr

strncmp

wcspbrk

wcsspn

wcschr

_vsnwprintf

ord7

RtlGetNativeSystemInformation

ord3

ord4

RtlEnterCriticalSection

LdrInitShimEngineDynamic

RtlLeaveCriticalSection

LdrLoadDll

LdrGetProcedureAddress

LdrUnloadDll

RtlTimeToTimeFields

RtlCompareUnicodeString

strrchr

LdrLockLoaderLock

LdrUnlockLoaderLock

RtlInitAnsiString

RtlAnsiStringToUnicodeString

RtlInitString

LdrGetProcedureAddressEx

NtFlushInstructionCache

LdrFindEntryForAddress

RtlImageDirectoryEntryToData

_stricmp

_vsnprintf

RtlDeleteCriticalSection

RtlInitializeCriticalSection

_wcsnicmp

NtProtectVirtualMemory

RtlDosPathNameToNtPathName_U

LdrGetDllHandle

NtOpenKey

NtQueryValueKey

RtlExpandEnvironmentStrings_U

NtClose

RtlFormatCurrentUserKeyPath

RtlCopyUnicodeString

RtlAppendUnicodeToString

RtlStringFromGUID

RtlDuplicateUnicodeString

RtlQueryEnvironmentVariable_U

RtlSetEnvironmentVariable

RtlUnicodeStringToAnsiString

RtlFreeHeap

RtlFreeAnsiString

RtlDosPathNameToRelativeNtPathName_U

WinSqmIsOptedIn

RtlRandom

RtlCompareMemory

wcsnlen

RtlCaptureStackBackTrace

RtlNtStatusToDosError

RtlCreateServiceSid

RtlLengthRequiredSid

RtlEqualSid

RtlGetOwnerSecurityDescriptor

NtQuerySecurityObject

ord6

_strnicmp

RtlCreateUnicodeStringFromAsciiz

NtQueryObject

_strupr

_itoa_s

strcpy_s

LdrEnumerateLoadedModules

wcscat_s

wcscpy_s

RtlComputeCrc32

memset

NtApphelpCacheControl

wcsrchr

_wcsicmp

memcpy

RtlInitUnicodeString

RtlNtPathNameToDosPathName

RtlpEnsureBufferSize

RtlFreeUnicodeString

RtlAllocateHeap

RtlUpcaseUnicodeToMultiByteN

memmove

RtlReleaseRelativeName

RtlDosPathNameToRelativeNtPathName_U_WithStatus

RtlImageNtHeader

RegOpenKeyExA

RegOpenKeyExW

RegGetKeySecurity

RegCloseKey

GetModuleFileNameW

WideCharToMultiByte

CompareStringW

CompareStringA

lstrlenA

LoadLibraryExW

SetLastError

GetFileSizeEx

LocalAlloc

LocalFree

GetSystemDirectoryW

GetFileAttributesW

GetCurrentDirectoryW

WriteFile

IsDBCSLeadByte

VerLanguageNameW

OutputDebugStringW

GetLongPathNameW

ReadProcessMemory

GetSystemWindowsDirectoryW

Wow64DisableWow64FsRedirection

CreateProcessW

WaitForSingleObject

GetExitCodeProcess

Wow64RevertWow64FsRedirection

GetUserDefaultUILanguage

FreeLibrary

GetTempPathW

GetTempFileNameW

LoadLibraryW

SetErrorMode

GetProcessTimes

FindNextFileW

FindClose

FindFirstFileW

SetFilePointerEx

SetFilePointer

ReadFile

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetSystemTimeAsFileTime

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

TerminateProcess

GetProcessHeap

GetCurrentProcess

IsWow64Process

GetModuleHandleW

GetProcAddress

GetCurrentProcessId

OutputDebugStringA

FindResourceW

LoadResource

LockResource

SizeofResource

BaseDumpAppcompatCache

BaseFlushAppcompatCache

GetDriveTypeW

BaseCheckAppcompatCacheEx

BaseUpdateAppcompatCache

BaseIsAppcompatInfrastructureDisabled

OpenProcess

CreateFileW

GetLastError

CloseHandle

DisableThreadLibraryCalls

CompareFileTime

GetAclInformation

GetAce

GetSecurityDescriptorDacl

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ