IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

_wcslwr_s

memcmp

memcpy

memmove

towlower

wcscmp

_wtoi

qsort_s

wcstok_s

swprintf_s

sprintf_s

__C_specific_handler

wcscpy_s

wcsnlen

wcsstr

memset

wcstoul

_wtol

_ultow_s

wcsrchr

wcsncmp

_wcsicmp

wcschr

_wcsnicmp

iswctype

memmove_s

_vsnwprintf_s

memcpy_s

_purecall

exit

_onexit

__dllonexit3

_initterm

_initterm_e

LoadLibraryExW

GetModuleFileNameA

FreeLibrary

GetModuleHandleExW

LoadStringW

GetModuleHandleW

GetProcAddress

LeaveCriticalSection

CreateWaitableTimerExW

InitializeSRWLock

ReleaseSemaphore

OpenEventW

ReleaseMutex

WaitForSingleObject

CancelWaitableTimer

DeleteCriticalSection

EnterCriticalSection

CreateSemaphoreExW

AcquireSRWLockShared

SetEvent

ReleaseSRWLockExclusive

CreateMutexExW

SetWaitableTimer

InitializeCriticalSectionEx

CreateEventW

TryAcquireSRWLockExclusive

AcquireSRWLockExclusive

WaitForSingleObjectEx

OpenSemaphoreW

WaitForMultipleObjectsEx

ReleaseSRWLockShared

ResetEvent

InitializeCriticalSection

HeapAlloc

GetProcessHeap

HeapFree

HeapSetInformation

GetLastError

SetLastError

SetErrorMode

UnhandledExceptionFilter

SetUnhandledExceptionFilter

CloseThreadpoolCleanupGroupMembers

CloseThreadpool

CloseThreadpoolCleanupGroup

CreateThreadpoolWork

CloseThreadpoolWork

SetThreadpoolTimer

CloseThreadpoolTimer

CreateThreadpoolCleanupGroup

SubmitThreadpoolWork

CreateThreadpool

TrySubmitThreadpoolCallback

CreateThreadpoolTimer

CallbackMayRunLong

WaitForThreadpoolTimerCallbacks

OpenProcessToken

GetCurrentThread

SetThreadPriority

ResumeThread

GetExitCodeProcess

GetProcessTimes

CreateProcessAsUserW

GetCurrentProcess

UpdateProcThreadAttribute

InitializeProcThreadAttributeList

CreateProcessW

SetProcessShutdownParameters

OpenThreadToken

TerminateProcess

GetCurrentThreadId

GetProcessId

GetCurrentProcessId

CreateThread

DeleteProcThreadAttributeList

ExitThread

GetThreadUILanguage

FormatMessageW

DebugBreak

OutputDebugStringW

IsDebuggerPresent

DuplicateHandle

CloseHandle

RpcServerUseProtseqEpW

RpcAsyncAbortCall

UuidCreateNil

I_RpcBindingIsClientLocal

I_RpcSessionStrictContextHandle

I_RpcBindingInqLocalClientPID

UuidEqual

RpcServerUnsubscribeForNotification

RpcServerSubscribeForNotification

I_RpcMapWin32Status

UuidCreate

RpcStringFreeW

UuidFromStringW

NdrClientCall3

I_RpcExceptionFilter

RpcStringBindingComposeW

RpcBindingFromStringBindingW

UuidToStringW

RpcBindingFree

RpcServerInqCallAttributesA

RpcServerInqDefaultPrincNameW

RpcServerRegisterAuthInfoW

RpcEpRegisterW

RpcImpersonateClient

RpcAsyncCompleteCall

RpcRevertToSelf

RpcServerInqCallAttributesW

RpcStringBindingParseW

RpcBindingToStringBindingW

RpcServerInqBindings

RpcServerUseProtseqW

RpcServerRegisterIfEx

RpcServerInqBindingHandle

RpcServerRegisterIf3

RpcBindingVectorFree

RpcServerUnregisterIf

NdrAsyncServerCall

NdrServerCall2

RpcServerRegisterIf

RpcMgmtWaitServerListen

RpcMgmtStopServerListening

RpcServerListen

GetSystemWindowsDirectoryW

GetVersionExW

GlobalMemoryStatusEx

GetSystemDirectoryW

GetTickCount

GetSystemTimeAsFileTime

GetSystemTime

GetComputerNameExW

GetTickCount64

SetTokenInformation

AddAccessAllowedAce

InitializeAcl

SetKernelObjectSecurity

SetSecurityDescriptorDacl

SetFileSecurityW

GetKernelObjectSecurity

AdjustTokenPrivileges

SetSecurityDescriptorSacl

FreeSid

SetSecurityDescriptorGroup

AddAuditAccessAceEx

AddAccessDeniedAceEx

GetSecurityDescriptorDacl

AllocateAndInitializeSid

AllocateLocallyUniqueId

SetSecurityDescriptorOwner

GetLengthSid

InitializeSecurityDescriptor

GetSecurityDescriptorControl

GetAce

AddAce

AddAccessAllowedAceEx

IsValidAcl

EqualSid

GetTokenInformation

RevertToSelf

ImpersonateLoggedOnUser

SetSecurityDescriptorControl

CheckTokenMembership

CopySid

LocalAlloc

LocalFree

RegGetValueW

RegEnumKeyExW

RegCreateKeyExW

RegCloseKey

RegQueryValueExW

RegOpenKeyExW

RegDeleteTreeW

RegSetValueExW

RegEnumValueW

RegQueryInfoKeyW

RegNotifyChangeKeyValue

RegDeleteValueW

RegLoadMUIStringW

RegSetKeySecurity

RegGetKeySecurity

Sleep

GetEnvironmentVariableW

ExpandEnvironmentStringsW

SearchPathW

GetSystemWow64DirectoryW

IsWow64Process2

EventSetInformation

EventRegister

EventWriteTransfer

EventActivityIdControl

EventUnregister

QueryUnbiasedInterruptTime

OpenProcess

SetProcessMitigationPolicy

GetProcessInformation

CompareStringOrdinal

WaitForMultipleObjects

CreateDirectoryW

FindClose

CompareFileTime

FindFirstFileW

FindNextFileW

RemoveDirectoryW

DeleteFileW

SetFileInformationByHandle

CreateFileW

DeviceIoControl

IsWow64Process

IsUserCetAvailableInEnvironment

GetOsManufacturingMode

SetConsoleCtrlHandler

RtlLookupFunctionEntry

RtlVirtualUnwind

RtlCaptureContext

RtlCompareMemory

QueryPerformanceCounter

NtAdjustPrivilegesToken

RtlCreateSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlGetDaclSecurityDescriptor

RtlCreateAcl

RtlAddAccessAllowedAce

RtlGetAce

RtlAddAccessDeniedAce

RtlSetDaclSecurityDescriptor

RtlAbsoluteToSelfRelativeSD

RtlTestProtectedAccess

RtlSetProcessIsCritical

TpReleaseWork

RtlIsStateSeparationEnabled

NtOpenProcessToken

NtOpenEvent

TpAllocPool

TpSetPoolMinThreads

TpAllocTimer

TpAllocWork

RtlUnhandledExceptionFilter

RtlInitializeCriticalSection

NtShutdownSystem

NtInitializeRegistry

NtSetSystemEnvironmentValue

NtQuerySystemInformation

RtlWow64IsWowGuestMachineSupported

wcscspn

RtlSetSaclSecurityDescriptor

RtlInitializeSid

RtlSubAuthorityCountSid

RtlAddAce

RtlLengthRequiredSid

RtlDeriveCapabilitySidsFromName

RtlNewSecurityObject

NtAccessCheckAndAuditAlarm

RtlUnicodeStringToAnsiString

RtlInitAnsiString

RtlGetPersistedStateLocation

wcscat_s

EtwRegisterTraceGuidsW

EtwGetTraceEnableLevel

EtwGetTraceLoggerHandle

EtwGetTraceEnableFlags

RtlUnicodeStringToInteger

_ltow_s

EtwUnregisterTraceGuids

RtlAcquireResourceShared

RtlAreAllAccessesGranted

NtPrivilegeCheck

NtOpenThreadToken

RtlLengthSid

RtlCopyUnicodeString

NtFilterToken

NtClose

RtlReleaseSRWLockShared

RtlReleaseSRWLockExclusive

RtlAcquireSRWLockShared

NtAccessCheck

RtlAcquireSRWLockExclusive

NtPrivilegeObjectAuditAlarm

RtlNtStatusToDosError

RtlCopySid

RtlInitUnicodeString

EtwTraceMessage

RtlFreeHeap

RtlMapGenericMask

RtlAllocateHeap

RtlValidRelativeSecurityDescriptor

RtlQuerySecurityObject

RtlSetSecurityObject

RtlEqualSid

RtlGetOwnerSecurityDescriptor

RtlCreateServiceSid

NtCloseObjectAuditAlarm

NtDuplicateToken

NtCreateWnfStateName

NtOpenThread

NtQueueApcThread

RtlQueueApcWow64Thread

TpWaitForTimer

TpSetTimer

NtQueryInformationFile

NtSetInformationFile

RtlAppendUnicodeStringToString

RtlAppendUnicodeToString

NtWaitForSingleObject

NtQueryDirectoryFile

NtDeleteFile

EtwEventWrite

EtwEventEnabled

EtwEventRegister

EvtIntReportEventAndSourceAsync

RtlUnsubscribeWnfNotificationWaitForCompletion

NtQueryWnfStateData

RtlSubAuthoritySid

RtlReplaceSystemDirectoryInPath

RtlExpandEnvironmentStrings

RtlSetControlSecurityDescriptor

RtlRegisterWait

NtDeleteKey

NtEnumerateKey

NtDeleteValueKey

NtSetValueKey

NtQueryValueKey

NtQueryKey

NtCreateKey

RtlValidSecurityDescriptor

RtlSetEnvironmentVariable

RtlUnsubscribeWnfStateChangeNotification

RtlNtStatusToDosErrorNoTeb

NtSetInformationToken

TpReleaseTimer

RtlGetDeviceFamilyInfoEnum

RtlGetCurrentServiceSessionId

TpSetTimerEx

RtlEqualUnicodeString

NtUnloadDriver

NtQueryDirectoryObject

NtOpenDirectoryObject

NtLoadDriver

RtlRandom

NtSetEvent

RtlSubscribeWnfStateChangeNotification

RtlGetNtProductType

RtlLengthSecurityDescriptor

NtDeleteWnfStateName

NtSetInformationProcess

RtlInitializeResource

TpPostWork

RtlCopyLuid

RtlDeleteSecurityObject

RtlExpandEnvironmentStrings_U

RtlDeregisterWait

NtPowerInformation

DbgPrint

RtlVerifyVersionInfo

RtlDosPathNameToNtPathName_U_WithStatus

RtlCreateProcessParametersEx

NtCreateUserProcess

WinSqmStartSqmOptinListener

DbgPrintEx

RtlPublishWnfStateData

RtlCompareUnicodeString

NtQueryInformationToken

RtlInitUnicodeStringEx

NtQueryInformationProcess

RtlInitializeSRWLock

NtOpenFile

NtQuerySymbolicLinkObject

NtOpenSymbolicLinkObject

RtlFreeUnicodeString

RtlDosPathNameToNtPathName_U

NtDeleteObjectAuditAlarm

RtlAcquireResourceExclusive

RtlDeleteRegistryValue

RtlQueryRegistryValuesEx

RtlAnsiStringToUnicodeString

NtSetInformationThread

NtOpenKey

RtlReleaseResource

ApiSetQueryApiSetPresence

LoadStringByReference

GetRegistryValueWithFallbackW

CryptResetMachineCredentials

EAQueryAggregateEventData

EaFreeAggregatedEventParameters

EaQueryAggregatedEventParameters

EACreateAggregateEvent

EaCreateAggregatedEvent

BriCreateBrokeredEvent

EaDeleteAggregatedEvent

BriDeleteBrokeredEvent

EADeleteAggregateEvent

EnableTraceEx2

StartTraceW

ControlTraceW

GetFileVersionInfoExW

GetFileVersionInfoSizeExW

VerQueryValueW

CM_Get_DevNode_Status

CM_Setup_DevNode

CM_Query_And_Remove_SubTreeW

CM_Locate_DevNodeW

CM_Get_DevNode_Registry_PropertyW

CM_Get_Device_ID_ListW

CM_Get_Device_ID_List_SizeW

TraceMessage

FileTimeToSystemTime

GetDateFormatW

VerSetConditionMask

ResolveDelayLoadedAPI

DelayLoadFailureHook

DevObjOpenDevRegKey

DevObjCreateDeviceInfoList

DevObjOpenDeviceInfo

DevObjDestroyDeviceInfoList

DevObjGetClassDevs

DevObjEnumDeviceInfo

DevObjGetDeviceInfoListDetail

DevObjGetDeviceRegistryProperty

DevObjGetDeviceInstanceId

DevObjDeleteDeviceInfo

DevObjGetDeviceProperty

RegisterWaitForSingleObjectEx

UnregisterWaitEx

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE