IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_AGGRESIVE_WS_TRIM

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DEBUG_STRIPPED

__setusermatherr

wcstok

wcscat

wcschr

_except_handler3

_snwprintf

_wcsicmp

wcsncat

atoi

memmove

swprintf

_snprintf

wcsstr

wcspbrk

_exit

_XcptFilter

exit

_acmdln

__getmainargs

_initterm

__p__commode

_adjust_fdiv

wcsncmp

wcscpy

wcslen

_controlfp

__p__fmode

__set_app_type

wcscmp

RegQueryInfoKeyW

AddAccessAllowedAce

RegEnumValueW

SetSecurityDescriptorDacl

EnumServicesStatusW

AllocateLocallyUniqueId

RegNotifyChangeKeyValue

QueryServiceConfigW

SetKernelObjectSecurity

RegEnumKeyExW

RegQueryInfoKeyA

AdjustTokenPrivileges

SynchronizeWindows31FilesAndWindowsNTRegistry

QueryWindows31FilesMigration

OpenProcessToken

LogonUserW

OpenThreadToken

LookupAccountSidW

CheckTokenMembership

RegCreateKeyExW

LsaGetUserName

CreateProcessAsUserW

RegQueryValueExA

RegDeleteValueW

FreeSid

InitializeSecurityDescriptor

AllocateAndInitializeSid

GetLengthSid

InitializeAcl

RegCloseKey

RegQueryValueExW

RegOpenKeyExW

RegSetValueExW

CloseServiceHandle

ControlService

StartServiceW

QueryServiceStatus

OpenServiceW

OpenSCManagerW

DeregisterEventSource

ReportEventW

GetTokenInformation

RegisterEventSourceW

GetUserNameW

RevertToSelf

ImpersonateLoggedOnUser

DuplicateToken

RegOpenKeyW

SetTimerQueueTimer

FindFirstFileW

PostQueuedCompletionStatus

Beep

CloseProfileUserMapping

ExitProcess

DelayLoadFailureHook

OpenProfileUserMapping

GetDriveTypeW

GetStartupInfoA

GetModuleHandleA

GlobalGetAtomNameW

SetNamedPipeHandleState

TransactNamedPipe

AssignProcessToJobObject

CreateJobObjectW

CreateIoCompletionPort

SetInformationJobObject

GetQueuedCompletionStatus

VirtualQuery

TerminateJobObject

FindClose

VirtualFree

InitializeCriticalSection

CreateFileA

LocalFree

LocalAlloc

lstrcatW

lstrcpyW

GetCurrentThreadId

Sleep

FormatMessageW

GetLastError

FreeLibrary

GetProcAddress

LoadLibraryA

GetSystemTimeAsFileTime

ReleaseMutex

SetWaitableTimer

WaitForSingleObject

CloseHandle

UnregisterWaitEx

RegisterWaitForSingleObject

CreateWaitableTimerW

GetCurrentProcessId

CreateEventW

LoadLibraryW

CreateMutexW

GlobalFree

GlobalAlloc

lstrlenW

GetTimeFormatW

GetUserDefaultLCID

FileTimeToSystemTime

FileTimeToLocalFileTime

GetProfileIntW

lstrcmpiW

lstrcpynW

GetShortPathNameW

GetProfileStringW

GetModuleHandleW

ReleaseSemaphore

CreateSemaphoreW

GetCurrentThread

WaitForSingleObjectEx

CreateThread

SetEvent

LoadResource

FindResourceW

SetThreadExecutionState

GetComputerNameW

SetEnvironmentVariableW

VirtualLock

GetCurrentProcess

SetPriorityClass

SearchPathW

GetTickCount

LocalReAlloc

ExpandEnvironmentStringsW

TerminateThread

ResumeThread

SetLastError

GetExitCodeProcess

WriteProfileStringW

ExitThread

DeleteFileW

TerminateProcess

CreateProcessW

GetSystemDirectoryW

ReadFile

CreateFileW

FindVolumeClose

FindNextVolumeW

FindFirstVolumeW

SetThreadPriority

OpenEventW

MoveFileExW

WaitForMultipleObjectsEx

SleepEx

InterlockedExchange

RaiseException

lstrcmpW

LeaveCriticalSection

EnterCriticalSection

CompareStringW

UnregisterWait

GetPrivateProfileStringW

DebugBreak

CreateRemoteThread

OpenProcess

SetErrorMode

SetUnhandledExceptionFilter

LocalSize

VirtualAlloc

VirtualQueryEx

GetEnvironmentVariableW

RemoveFontResourceW

AddFontResourceW

ExitWindowsEx

SetProcessWindowStation

PostMessageW

MoveWindow

ShowWindow

UpdateWindow

GetDlgItemTextW

CharNextW

CreateWindowExW

RegisterClassW

SetTimer

GetMessageTime

KillTimer

DefWindowProcW

RegisterHotKey

UnregisterHotKey

ReplyMessage

CreateDesktopW

SetUserObjectSecurity

DispatchMessageW

GetMessageW

GetAsyncKeyState

SetUserObjectInformationW

PostThreadMessageW

SetWindowPlacement

DeleteMenu

GetSystemMenu

GetWindowPlacement

EnumWindows

GetWindowTextW

SetWindowsHookW

UnhookWindowsHook

CallNextHookEx

MessageBoxW

CreateWindowStationW

SetDlgItemTextW

SetCursor

LoadCursorW

SetFocus

CheckDlgButton

IsDlgButtonChecked

CloseWindowStation

CreateDialogParamW

OpenDesktopW

SwitchDesktop

SetForegroundWindow

GetParent

GetKeyState

LoadImageW

SetLastErrorEx

wvsprintfW

TranslateMessage

RegisterWindowMessageW

MsgWaitForMultipleObjects

PostQuitMessage

SendNotifyMessageW

FindWindowW

DestroyWindow

SystemParametersInfoW

SendMessageTimeoutW

GetThreadDesktop

OpenInputDesktop

SetThreadDesktop

GetDesktopWindow

FindWindowExW

DialogBoxParamW

CloseDesktop

GetWindowLongW

UpdatePerUserSystemParameters

SetWindowStationUser

LockWindowStation

UnlockWindowStation

SetLogonNotifyWindow

LoadLocalFonts

RegisterLogonProcess

MBToWCSEx

EnableWindow

GetWindowRect

GetSystemMetrics

SetWindowPos

EndDialog

wsprintfW

SetWindowLongW

SendMessageW

GetUserObjectInformationW

SetWindowTextW

LoadStringW

GetDlgItem

PeekMessageW

DialogBoxIndirectParamW

SendDlgItemMessageW

RpcImpersonateClient

RpcServerListen

RpcServerUseProtseqEpW

RpcServerRegisterIf

I_RpcMapWin32Status

NdrServerCall2

RpcRevertToSelf

NtCreateEvent

RtlCreateSecurityDescriptor

RtlAddAce

RtlCreateAcl

RtlGetDaclSecurityDescriptor

RtlCopySid

RtlLengthSid

NtSetInformationThread

NtDuplicateToken

NtDuplicateObject

RtlEqualSid

NtQueryInformationToken

RtlNtStatusToDosError

NtAllocateLocallyUniqueId

RtlSetDaclSecurityDescriptor

RtlFreeHeap

NtCreatePagingFile

RtlDosPathNameToNtPathName_U

NtQuerySystemInformation

RtlRegisterWait

NtOpenDirectoryObject

NtPrivilegeObjectAuditAlarm

NtOpenProcessToken

NtQuerySystemTime

RtlTimeToSecondsSince1980

NtPrivilegeCheck

NtOpenThreadToken

DbgPrint

NtSetInformationProcess

RtlSubAuthoritySid

NtInitiatePowerAction

NtQueryInformationJobObject

NtFilterToken

NtOpenEvent

NtSetValueKey

RtlOemStringToUnicodeString

RtlInitAnsiString

NtReadFile

NtClose

RtlGetAce

RtlAddAccessAllowedAce

RtlFreeSid

NtCreateKey

NtOpenKey

RtlAppendUnicodeToString

RtlCopyUnicodeString

RtlDestroyHeap

RtlCreateHeap

NtQueryValueKey

RtlUpcaseUnicodeChar

RtlAppendUnicodeStringToString

RtlExpandEnvironmentStrings_U

NtQueryInformationFile

RtlQueryInformationAcl

NtQuerySecurityObject

RtlCompareUnicodeString

RtlLengthRequiredSid

RtlInitializeSid

NtOpenSymbolicLinkObject

NtSetSystemPowerState

NtRaiseHardError

NtSetSecurityObject

NtQuerySymbolicLinkObject

NtQueryVolumeInformationFile

NtFsControlFile

RtlAdjustPrivilege

NtOpenFile

NtQueryInformationProcess

DbgBreakPoint

RtlAllocateHeap

RtlAllocateAndInitializeSid

RtlDestroyEnvironment

NtShutdownSystem

RtlEnterCriticalSection

RtlLeaveCriticalSection

RtlCreateEnvironment

RtlSetEnvironmentVariable

NtCreatePort

RtlInitializeCriticalSection

RtlInitUnicodeString

RtlQueryEnvironmentVariable_U

NtAcceptConnectPort

RtlOpenCurrentUser

NtReplyPort

NtCompleteConnectPort

NtReplyWaitReceivePort

ord118

GetDefaultUserProfileDirectoryW

ord131

ord117

GetAllUsersProfileDirectoryW

DestroyEnvironmentBlock

UnloadUserProfile

CreateEnvironmentBlock

ord130

GetUserProfileDirectoryW

LoadUserProfileW

UnregisterGPNotification

RegisterGPNotification

ord611

ord612

ord613

ord603

ord1

ord2

GetUserNameExW

InitializeProfileMappingApi

RemapAndMoveUserW

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ