IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_AGGRESIVE_WS_TRIM

IMAGE_FILE_32BIT_MACHINE

A_SHAInit

A_SHAUpdate

A_SHAFinal

MD5Final

MD5Update

MD5Init

I_ScSendTSMessage

RegSetKeySecurity

AddAccessAllowedAceEx

RegDeleteKeyW

RegOpenCurrentUser

CryptReleaseContext

CryptGetProvParam

CryptDestroyHash

CryptGetHashParam

CryptHashData

CryptSetHashParam

GetCurrentHwProfileW

CryptCreateHash

CryptAcquireContextW

CryptGenRandom

CryptDeriveKey

CryptSignHashW

CryptSetProvParam

CryptDestroyKey

CryptDecrypt

CryptEncrypt

CryptVerifySignatureW

CryptGetKeyParam

CryptGetUserKey

LsaNtStatusToWinError

CryptImportKey

LsaStorePrivateData

LsaRetrievePrivateData

RegCloseKey

RegQueryValueExW

RegOpenKeyW

FreeSid

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

AddAccessAllowedAce

InitializeAcl

GetLengthSid

AllocateAndInitializeSid

RegOpenKeyExW

CreateProcessAsUserW

DuplicateTokenEx

CloseServiceHandle

ControlService

StartServiceW

QueryServiceStatus

OpenServiceW

OpenSCManagerW

EqualSid

GetTokenInformation

RegSetValueExW

RegCreateKeyExW

RegEnumValueW

RegQueryInfoKeyW

RegDeleteValueW

CredFree

CredDeleteW

CredEnumerateW

CopySid

GetSidLengthRequired

GetSidSubAuthority

GetSidSubAuthorityCount

GetUserNameW

OpenThreadToken

ReportEventW

RegisterEventSourceW

EnumServicesStatusW

ImpersonateLoggedOnUser

RegQueryValueExA

CheckTokenMembership

DeregisterEventSource

LsaGetUserName

RevertToSelf

LookupAccountSidW

IsValidSid

SetTokenInformation

LogonUserW

LookupAccountNameW

OpenProcessToken

SynchronizeWindows31FilesAndWindowsNTRegistry

QueryWindows31FilesMigration

AdjustTokenPrivileges

SystemFunction036

RegQueryInfoKeyA

RegEnumKeyExW

ConvertStringSecurityDescriptorToSecurityDescriptorW

SetKernelObjectSecurity

QueryServiceConfigW

RegNotifyChangeKeyValue

LsaClose

LsaFreeMemory

LsaQueryInformationPolicy

LsaOpenPolicy

AllocateLocallyUniqueId

AuthzAccessCheck

AuthziFreeAuditEventType

AuthziInitializeAuditEvent

AuthziInitializeAuditParams

AuthziInitializeAuditEventType

AuthzFreeResourceManager

AuthzFreeAuditEvent

AuthziLogAuditEvent

AuthzInitializeResourceManager

AuthzFreeHandle

CryptImportPublicKeyInfoEx

CertEnumCertificatesInStore

CertOpenStore

CertVerifySubjectCertificateContext

CertGetIssuerCertificateFromStore

CertAddCertificateContextToStore

CertFindExtension

CryptExportPublicKeyInfo

CertComparePublicKeyInfo

CertGetCertificateContextProperty

CryptDecryptMessage

CertCloseStore

CryptSignMessage

CryptImportPublicKeyInfo

CryptVerifyMessageSignature

CertCreateCertificateContext

CertDuplicateCertificateContext

CertSetCertificateContextProperty

CertFreeCertificateContext

RemoveFontResourceW

AddFontResourceW

LoadLibraryW

ReleaseSemaphore

CreateSemaphoreW

GetCurrentThread

WaitForSingleObjectEx

CreateThread

LoadResource

FindResourceW

SetThreadExecutionState

ResetEvent

GetComputerNameW

GetSystemDirectoryW

SetLastError

TransactNamedPipe

SetNamedPipeHandleState

GetTickCount

GetProfileStringW

GlobalGetAtomNameW

SetEnvironmentVariableW

VirtualLock

VirtualQuery

GetDriveTypeW

Beep

QueueUserWorkItem

LeaveCriticalSection

EnterCriticalSection

DisconnectNamedPipe

TerminateProcess

GetCurrentProcess

SearchPathW

lstrcatW

LocalReAlloc

ExpandEnvironmentStringsW

TerminateThread

ResumeThread

GetDiskFreeSpaceExW

GlobalMemoryStatusEx

DeleteFileW

WriteProfileStringW

ReadFile

FindVolumeClose

FindNextVolumeW

FindFirstVolumeW

SetThreadPriority

SetPriorityClass

MoveFileExW

WaitForMultipleObjectsEx

GetExitCodeProcess

GetProcAddress

InterlockedExchange

SetTimerQueueTimer

GetComputerNameA

VerifyVersionInfoW

VerSetConditionMask

WriteFile

WaitNamedPipeW

WaitForMultipleObjects

ConnectNamedPipe

DuplicateHandle

OpenProcess

GetOverlappedResult

GetVersionExA

lstrcmpW

UnregisterWait

CreateNamedPipeW

CreateRemoteThread

CreateActCtxW

GetModuleFileNameW

SetErrorMode

SetUnhandledExceptionFilter

GetPrivateProfileStringW

LocalSize

VirtualAlloc

VirtualQueryEx

GetEnvironmentVariableW

DebugBreak

CreateFileA

InitializeCriticalSection

ProcessIdToSessionId

FindClose

FindFirstFileW

SetInformationJobObject

AssignProcessToJobObject

TerminateJobObject

PostQueuedCompletionStatus

PulseEvent

GetQueuedCompletionStatus

CreateIoCompletionPort

CreateJobObjectW

ActivateActCtx

DeactivateActCtx

InterlockedCompareExchange

LoadLibraryA

GetModuleHandleA

GetStartupInfoA

FreeLibrary

SleepEx

GetModuleHandleW

GetShortPathNameW

lstrcpynW

FileTimeToLocalFileTime

FileTimeToSystemTime

GetUserDefaultLCID

GetTimeFormatW

WTSGetActiveConsoleSessionId

GetCurrentProcessId

GetCurrentThreadId

GetVersionExW

FormatMessageW

lstrcmpiW

GetProfileIntW

lstrcpyW

lstrlenW

Sleep

LocalAlloc

CreateEventW

CreateWaitableTimerW

CreateMutexW

OpenEventW

RegisterWaitForSingleObject

WaitForSingleObject

CreateProcessW

SetWaitableTimer

ReleaseMutex

SetEvent

UnregisterWaitEx

CloseHandle

GlobalAlloc

GlobalFree

GetLastError

LocalFree

GetVolumeInformationW

GetDriveTypeA

GetLogicalDriveStringsA

lstrlenA

lstrcpyA

MultiByteToWideChar

GetACP

WideCharToMultiByte

SystemTimeToFileTime

GetSystemTime

HeapAlloc

GetProcessHeap

LoadLibraryExW

HeapFree

GetSystemDefaultUILanguage

UnmapViewOfFile

MapViewOfFile

CreateFileMappingW

lstrcmpiA

GetFileSize

GetSystemInfo

GetExitCodeThread

SetThreadAffinityMask

GetProcessAffinityMask

SizeofResource

LockResource

FindResourceExW

GetSystemDirectoryA

SetFilePointer

OpenMutexW

CreateFileW

GlobalMemoryStatus

lstrcmpA

DelayLoadFailureHook

BaseInitAppcompatCacheSupport

OpenProfileUserMapping

CloseProfileUserMapping

BaseCleanupAppcompatCacheSupport

DeleteCriticalSection

RtlUnwind

InitializeCriticalSectionAndSpinCount

CreateSemaphoreA

CreateEventA

ExitProcess

VirtualFree

VirtualProtect

FlushInstructionCache

GetSystemTimeAsFileTime

wcsstr

wcsncpy

atoi

_wcsicmp

memmove

wcschr

wcsncat

swprintf

swscanf

_local_unwind2

wcscmp

free

malloc

_c_exit

wcslen

_XcptFilter

_cexit

exit

_acmdln

__getmainargs

_initterm

__setusermatherr

_adjust_fdiv

_snwprintf

__p__fmode

__set_app_type

??3@YAXPAX@Z

??2@YAPAXI@Z

__CxxFrameHandler

_itow

_wtol

_strnicmp

sscanf

sprintf

_except_handler3

_controlfp

wcsncmp

_ftol

ceil

_wcsupr

wcscpy

__p__commode

wcscat

_exit

wcstok

ord613

ord612

ord611

ord603

NtPowerInformation

NtSetSystemPowerState

NtRaiseHardError

RtlDeleteCriticalSection

NtOpenSymbolicLinkObject

NtReplyPort

NtCompleteConnectPort

NtReplyWaitReceivePort

NtAcceptConnectPort

NtCreatePort

RtlConvertSidToUnicodeString

RtlFreeUnicodeString

NtLockProductActivationKeys

RtlTimeToTimeFields

NtUnmapViewOfSection

NtMapViewOfSection

NtOpenSection

NtQuerySymbolicLinkObject

NtQueryVolumeInformationFile

NtSetSecurityObject

RtlAdjustPrivilege

NtOpenFile

NtFsControlFile

RtlAllocateAndInitializeSid

RtlDestroyEnvironment

RtlFreeHeap

NtQueryInformationToken

NtShutdownSystem

RtlEnterCriticalSection

RtlLeaveCriticalSection

RtlCompareUnicodeString

RtlInitializeCriticalSection

RtlCreateEnvironment

RtlQueryEnvironmentVariable_U

RtlSetEnvironmentVariable

RtlAllocateHeap

RtlSubAuthoritySid

RtlInitializeSid

RtlLengthRequiredSid

RtlGetDaclSecurityDescriptor

RtlCopySid

RtlLengthSid

NtSetInformationThread

NtDuplicateToken

NtDuplicateObject

RtlEqualSid

RtlSetDaclSecurityDescriptor

RtlInitUnicodeString

NtOpenKey

NtQueryValueKey

NtClose

RtlOpenCurrentUser

RtlCreateSecurityDescriptor

RtlAddAce

RtlCreateAcl

RtlNtStatusToDosError

NtSetInformationProcess

NtCreateEvent

NtCreatePagingFile

RtlDosPathNameToNtPathName_U

NtQuerySystemInformation

NtOpenDirectoryObject

RtlRegisterWait

RtlTimeToSecondsSince1980

NtQuerySystemTime

NtPrivilegeObjectAuditAlarm

NtPrivilegeCheck

NtOpenThreadToken

NtOpenProcessToken

RtlUnhandledExceptionFilter

NtQueryInformationProcess

DbgBreakPoint

RtlCheckProcessParameters

RtlSetThreadIsCritical

RtlSetProcessIsCritical

RtlInitString

NtInitiatePowerAction

DbgPrint

NtFilterToken

NtQueryInformationJobObject

NtOpenEvent

RtlGetAce

RtlQueryInformationAcl

NtQuerySecurityObject

NtAllocateLocallyUniqueId

InitializeProfileMappingApi

RemapAndMoveUserW

GetModuleBaseNameW

EnumProcessModules

EnumProcesses

RegDefaultUserConfigQueryW

RegUserConfigQuery

RpcRevertToSelf

RpcFreeAuthorizationContext

RpcGetAuthorizationContextForClient

RpcServerListen

RpcImpersonateClient

RpcServerRegisterIfEx

UuidCreate

RpcServerRegisterIf

I_RpcMapWin32Status

NdrServerCall2

RpcServerUseProtseqEpW

LsaLookupAuthenticationPackage

LsaCallAuthenticationPackage

LsaRegisterLogonProcess

GetUserNameExW

SetupDiEnumDeviceInfo

SetupDiGetClassDevsW

SetupDiGetDeviceRegistryPropertyW

SetupDiDestroyDeviceInfoList

SfcIsFileProtected

CheckDlgButton

LoadCursorW

SetCursor

SetFocus

EnumWindows

UnhookWindowsHook

SetWindowsHookW

GetWindowTextW

CallNextHookEx

DialogBoxParamW

GetWindowPlacement

SetLastErrorEx

GetSystemMenu

DeleteMenu

SetWindowPlacement

SetUserObjectInformationW

GetAsyncKeyState

PostThreadMessageW

SetUserObjectSecurity

CreateDesktopW

KillTimer

GetMessageTime

SetTimer

wvsprintfW

UnregisterHotKey

DialogBoxIndirectParamW

OpenInputDesktop

GetUserObjectInformationW

CloseDesktop

RegisterDeviceNotificationW

SetThreadDesktop

CreateWindowExW

GetMessageW

TranslateMessage

RegisterWindowMessageW

RegisterClassW

IsDlgButtonChecked

FindWindowW

MessageBoxW

SendNotifyMessageW

PostQuitMessage

MsgWaitForMultipleObjects

GetWindowRect

GetSystemMetrics

PeekMessageW

DispatchMessageW

SetProcessWindowStation

UpdateWindow

ShowWindow

SetWindowPos

PostMessageW

ExitWindowsEx

EnumDisplayMonitors

SystemParametersInfoW

GetDlgItem

SendMessageW

CreateDialogParamW

DestroyWindow

GetWindowLongW

GetDlgItemTextW

EndDialog

SetWindowLongW

LoadStringW

SetWindowTextW

SetDlgItemTextW

wsprintfW

wsprintfA

CloseWindowStation

LoadImageW

GetKeyState

GetParent

RegisterLogonProcess

RecordShutdownReason

LoadLocalFonts

SetLogonNotifyWindow

UnlockWindowStation

LockWindowStation

GetDesktopWindow

CreateWindowStationW

OpenDesktopW

SwitchDesktop

DefWindowProcW

SetForegroundWindow

MBToWCSEx

SetWindowStationUser

UpdatePerUserSystemParameters

RegisterHotKey

ReplyMessage

ord131

ord117

GetAllUsersProfileDirectoryW

WaitForUserPolicyForegroundProcessing

ord140

WaitForMachinePolicyForegroundProcessing

ord118

ord150

ord152

UnregisterGPNotification

DestroyEnvironmentBlock

CreateEnvironmentBlock

RegisterGPNotification

GetUserProfileDirectoryW

ord130

LoadUserProfileW

UnloadUserProfile

ord151

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

WinStationQueryLogonCredentialsW

_WinStationWaitForConnect

WinStationSetInformationW

_WinStationNotifyLogoff

_WinStationNotifyLogon

WinStationCheckLoopBack

WinStationShutdownSystem

_WinStationCallback

WinStationNameFromLogonIdW

WinStationDisconnect

_WinStationFUSCanRemoteUserDisconnect

WinStationConnectW

_WinStationNotifyDisconnectPipe

WinStationReset

WinStationQueryInformationW

WinStationGetMachinePolicy

WinStationEnumerate_IndexedW

WinStationIsHelpAssistantSession

WSACleanup

getaddrinfo

WSAStartup

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE