IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_GUARD_CF

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

NtQueryKey

NtEnumerateValueKey

NtQueryAttributesFile

NtMapViewOfSection

RtlDowncaseUnicodeString

NtDeleteValueKey

RtlInitAnsiString

RtlGetVersion

LdrGetProcedureAddress

RtlInitString

NtCreateKey

NtQueryInformationProcess

NtQueryDirectoryFile

NtUnmapViewOfSection

RtlxAnsiStringToUnicodeSize

NtCreateFile

NtApphelpCacheControl

strspn

NtQueryInformationFile

RtlUnicodeStringToInteger

NtSetValueKey

NtSetInformationKey

NtDeleteKey

RtlGetFullPathName_U

strpbrk

NtOpenFile

NtCreateSection

DbgPrint

_wcsupr_s

RtlUpcaseUnicodeString

toupper

RtlUpcaseUnicodeChar

RtlUpcaseUnicodeToMultiByteN

RtlSecondsSince1970ToTime

RtlImageRvaToVa

RtlImageDirectoryEntryToData

swscanf_s

RtlGUIDFromString

NlsMbCodePageTag

isdigit

LdrResFindResource

wcsncmp

EtwEventWriteNoRegistration

NtQueryObject

RtlAddVectoredExceptionHandler

strcpy_s

_wcslwr

RtlAllocateAndInitializeSid

RtlCheckTokenMembership

RtlFreeSid

_strnicmp

_itoa_s

RtlCreateUnicodeStringFromAsciiz

wcsnlen

RtlEqualSid

_strupr

RtlRandom

RtlCompareMemory

LdrEnumerateLoadedModules

RtlComputeCrc32

LdrLoadDll

sprintf_s

sscanf_s

LdrGetProcedureAddressEx

RtlLengthRequiredSid

RtlCreateServiceSid

NtQuerySecurityObject

RtlGetOwnerSecurityDescriptor

NtProtectVirtualMemory

RtlInitializeSRWLock

RtlAcquireSRWLockExclusive

RtlReleaseSRWLockExclusive

RtlAcquireSRWLockShared

RtlReleaseSRWLockShared

RtlGetFileMUIPath

NtQueryInformationToken

strchr

NtOpenProcessToken

_vscwprintf

DbgPrintEx

wcscpy_s

wcscat_s

wcsspn

RtlAppendUnicodeStringToString

wcspbrk

RtlInitUnicodeString

strncmp

wcschr

NtReadFile

qsort

NtWriteFile

WinSqmIsOptedIn

RtlAllocateHeap

RtlFreeHeap

RtlDosPathNameToRelativeNtPathName_U

RtlVirtualUnwind

RtlLookupFunctionEntry

RtlCaptureContext

ord7

ord4

ord3

NtResumeThread

RtlDoesFileExists_U

RtlCreateUnicodeString

_wcsnicmp

_vsnwprintf

LdrInitShimEngineDynamic

RtlAnsiStringToUnicodeString

RtlInitAnsiStringEx

RtlCaptureStackBackTrace

RtlLeaveCriticalSection

RtlEnterCriticalSection

RtlTimeToTimeFields

_vsnprintf

_stricmp

strrchr

_wtoi

RtlDeleteCriticalSection

RtlInitializeCriticalSection

LdrFindEntryForAddress

swprintf_s

EtwEventWrite

EtwEventUnregister

EtwEventEnabled

EtwEventRegister

_wcsicmp

wcsstr

LdrGetDllHandle

NtClose

RtlExpandEnvironmentStrings_U

NtQueryValueKey

NtOpenKey

RtlDuplicateUnicodeString

RtlStringFromGUID

RtlAppendUnicodeToString

RtlCopyUnicodeString

RtlFormatCurrentUserKeyPath

RtlFreeAnsiString

RtlUnicodeStringToAnsiString

wcsrchr

RtlSetEnvironmentVariable

RtlGetNativeSystemInformation

RtlQueryEnvironmentVariable_U

RtlDosPathNameToNtPathName_U

RtlFreeUnicodeString

RtlNtPathNameToDosPathName

memmove

RtlpEnsureBufferSize

RtlNtStatusToDosError

RtlInitUnicodeStringEx

RtlDosPathNameToRelativeNtPathName_U_WithStatus

RtlReleaseRelativeName

RtlImageNtHeader

__C_specific_handler

__chkstk

memcmp

memcpy

memset

BaseIsAppcompatInfrastructureDisabled

BaseFlushAppcompatCache

BaseDumpAppcompatCache

BaseFreeAppCompatDataForProcess

BaseReadAppCompatDataForProcess

BaseUpdateAppcompatCache

BaseCheckAppcompatCacheEx

CloseHandle

FindClose

GetTempFileNameW

GetTempPathW

DeleteFileW

SetFilePointerEx

WriteFile

GetFileAttributesW

CompareFileTime

CreateFileW

GetDriveTypeW

GetLongPathNameW

ReadFile

FindNextFileW

GetFinalPathNameByHandleW

FindFirstFileW

SetFilePointer

OpenProcess

GetProcessTimes

SwitchToThread

ProcessIdToSessionId

GetExitCodeProcess

CreateProcessW

GetCurrentThreadId

TerminateProcess

GetCurrentProcess

GetCurrentProcessId

WaitForSingleObject

OpenMutexW

FreeLibrary

LockResource

GetModuleHandleExA

SizeofResource

GetModuleHandleExW

LoadResource

LoadLibraryExW

GetModuleFileNameW

DisableThreadLibraryCalls

GetModuleHandleW

GetProcAddress

GetCurrentDirectoryW

ExpandEnvironmentStringsW

GetEnvironmentVariableW

UnhandledExceptionFilter

SetErrorMode

SetLastError

GetLastError

SetUnhandledExceptionFilter

GetSystemWindowsDirectoryW

GetSystemDirectoryW

GetTickCount64

GetTickCount

GetSystemTimeAsFileTime

OutputDebugStringA

OutputDebugStringW

QueryPerformanceCounter

LocalFree

IsWow64Process

Wow64RevertWow64FsRedirection

Wow64DisableWow64FsRedirection

LoadLibraryW

FindResourceW

LocalAlloc

PackageIdFromFullName

GetPackageFullName

GetAce

GetAclInformation

GetSecurityDescriptorDacl

RegCloseKey

RegOpenKeyExA

RegQueryValueExW

RegGetKeySecurity

RegOpenKeyExW

GetFileVersionInfoExW

VerQueryValueW

GetFileVersionInfoSizeExW

HeapReAlloc

GetProcessHeap

HeapAlloc

HeapFree

GetUserDefaultUILanguage

IsDBCSLeadByte

VerLanguageNameW

ReadProcessMemory

VirtualFree

WriteProcessMemory

VirtualAlloc

WideCharToMultiByte

EventRegister

EventWrite

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ