PDB Symbols - wininitext.dll (0xB50E542FC13EBE71EA5E2884DA5D8F7B9A4D7D5B81F1905635884CCC92364F51)

Generated by JEB on 2019/08/01

PE: C:\Windows\System32\wininitext.dll Base=0x180000000 SHA-256=B50E542FC13EBE71EA5E2884DA5D8F7B9A4D7D5B81F1905635884CCC92364F51
PDB: wininitext.pdb GUID={B3F30DC7-D9B4-AF81-60CB5ABD642924C0} Age=1

354 located named symbols:
0x1800063E0: "__cdecl _imp_EventSetInformation" __imp_EventSetInformation
0x180003C3C: "__cdecl _raise_securityfailure" __raise_securityfailure
0x1800063E8: "__cdecl _imp_EventRegister" __imp_EventRegister
0x180003A40: "__cdecl FindPESection" _FindPESection
0x180005618: "__cdecl TlgCreateSz" _TlgCreateSz
0x180005780: "__cdecl _delayLoadHelper2" __delayLoadHelper2
0x1800079B8: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x1800028C0: "int __cdecl LaunchUmfdHostWithVirtualAccount(void)" ?LaunchUmfdHostWithVirtualAccount@@YAHXZ
0x180009090: "__cdecl _security_cookie_complement" __security_cookie_complement
0x180004DEC: WPP_SF_ll
0x180001970: "unsigned long __cdecl SetUserIntegrityLabel(void * __ptr64,enum _MANDATORY_LEVEL)" ?SetUserIntegrityLabel@@YAKPEAXW4_MANDATORY_LEVEL@@@Z
0x18000351C: "__cdecl CRT_INIT" _CRT_INIT
0x180006898: "NamedEscape" ??_C@_0M@CAJILOBE@NamedEscape?$AA@
0x1800062A8: "__cdecl _imp_GetCurrentThreadId" __imp_GetCurrentThreadId
0x180004DA0: WPP_SF_l
0x1800064F8: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x1800064E8: "__cdecl _imp_RtlAddAce" __imp_RtlAddAce
0x180004000: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x180006968: "__cdecl TraceLoggingMetadata" _TraceLoggingMetadata
0x1800068E0: WPP_e24da56f9de334935060f76621ccc52a_Traceguids
0x180006B12: "" ??_C@_00CNPNBAHC@?$AA@
0x180006288: "__cdecl _imp_InitializeProcThreadAttributeList" __imp_InitializeProcThreadAttributeList
0x180006B28: "__cdecl _pfnDliFailureHook2" __pfnDliFailureHook2
0x180006278: "__cdecl _imp_GetModuleFileNameA" __imp_GetModuleFileNameA
0x180009678: g_pSidLocal
0x180007A08: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-eventing-classicprovider-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-eventing-classicprovider-l1-1-0
0x180006528: "__cdecl _imp_RtlCreateSecurityDescriptor" __imp_RtlCreateSecurityDescriptor
0x180006260: api-ms-win-core-heap-l2-1-0_NULL_THUNK_DATA
0x180003EB5: "__cdecl _imp_load_WinStationQueryInformationW" __imp_load_WinStationQueryInformationW
0x180006130: "__cdecl _imp_AppContainerDeriveSidFromMoniker" __imp_AppContainerDeriveSidFromMoniker
0x180006788: "%TEMP%" ??_C@_1O@JJHLNNN@?$AA?$CF?$AAT?$AAE?$AAM?$AAP?$AA?$CF?$AA?$AA@
0x1800079F4: "__cdecl _IMPORT_DESCRIPTOR_KERNELBASE" __IMPORT_DESCRIPTOR_KERNELBASE
0x1800056E0: "__cdecl TlgWrite" _TlgWrite
0x180003E12: "__cdecl _tailMerge_winsta_dll" __tailMerge_winsta_dll
0x180006558: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x180006368: "__cdecl _imp_InitializeCriticalSection" __imp_InitializeCriticalSection
0x1800096D0: g_pSidAnyRestrictedPackage
0x180006268: "__cdecl _imp_GetModuleHandleExW" __imp_GetModuleHandleExW
0x180003470: StartLoadingFontsWorker
0x180006150: "__cdecl _imp_SwitchDesktop" __imp_SwitchDesktop
0x180003A24: "__cdecl XcptFilter" _XcptFilter
0x180006560: "__cdecl _xc_a" __xc_a
0x1800062D8: "__cdecl _imp_CreateProcessW" __imp_CreateProcessW
0x1800096B0: g_pSidFontDriverHost
0x180006460: "__cdecl _imp_ConvertStringSidToSidW" __imp_ConvertStringSidToSidW
0x180006158: "__cdecl _imp_CreateDesktopW" __imp_CreateDesktopW
0x180006248: api-ms-win-core-heap-l1-1-0_NULL_THUNK_DATA
0x1800068D0: WPP_acf3d487851d35e64a3099cd5564aee8_Traceguids
0x180006878: "UMFD-%d" ??_C@_1BA@JOFOBAOO@?$AAU?$AAM?$AAF?$AAD?$AA?9?$AA?$CF?$AAd?$AA?$AA@
0x1800065D0: "__cdecl _guard_iat_table" __guard_iat_table
0x1800063D8: "__cdecl _imp_EventWriteTransfer" __imp_EventWriteTransfer
0x180004F9C: "bool __cdecl OneTimeInitialize(void)" ?OneTimeInitialize@@YA_NXZ
0x1800064B8: "__cdecl _imp_memset" __imp_memset
0x180006340: "__cdecl _imp_CreateEventW" __imp_CreateEventW
0x180003C0C: "__cdecl initterm" _initterm
0x1800063B8: "__cdecl _imp_TraceMessage" __imp_TraceMessage
0x1800096B8: g_pSidAdmin
0x18000788C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-sysinfo-l1-1-0
0x180009658: "__cdecl _dyn_tls_init_callback" __dyn_tls_init_callback
0x180006380: "__cdecl _imp_Sleep" __imp_Sleep
0x180006580: "__cdecl _xi_z" __xi_z
0x180006210: "__cdecl _imp_UnhandledExceptionFilter" __imp_UnhandledExceptionFilter
0x1800064F0: "__cdecl _imp_RtlSetEnvironmentVariable" __imp_RtlSetEnvironmentVariable
0x1800061D0: USERENV_NULL_THUNK_DATA
0x180003C18: "__cdecl _C_specific_handler" __C_specific_handler
0x180006360: "__cdecl _imp_ReleaseSRWLockExclusive" __imp_ReleaseSRWLockExclusive
0x18000B010: "__cdecl _imp_WinStationSystemShutdownStarted" __imp_WinStationSystemShutdownStarted
0x180003FDC: memmove
0x180006238: "__cdecl _imp_HeapFree" __imp_HeapFree
0x1800066F8: "Usermode Font Driver Host" ??_C@_1DE@DCHLONFI@?$AAU?$AAs?$AAe?$AAr?$AAm?$AAo?$AAd?$AAe?$AA?5?$AAF?$AAo?$AAn?$AAt?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAH?$AAo?$AAs?$AAt?$AA?$AA@
0x180006520: "__cdecl _imp_RtlCreateAcl" __imp_RtlCreateAcl
0x180003E91: "__cdecl _imp_load_WinStationSystemShutdownWait" __imp_load_WinStationSystemShutdownWait
0x180006228: api-ms-win-core-handle-l1-1-0_NULL_THUNK_DATA
0x180009690: g_pSidWindowManager
0x180006300: "__cdecl _imp_RegCloseKey" __imp_RegCloseKey
0x180006160: "__cdecl _imp_SetThreadDesktop" __imp_SetThreadDesktop
0x180003EEC: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x1800096C0: g_pSidInteractive
0x180007680: WINSTA_NULL_THUNK_DATA_DLN
0x18000792C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-security-base-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-security-base-l1-1-0
0x18000B020: WINSTA_NULL_THUNK_DATA_DLA
0x180007718: WINSTA_NULL_THUNK_DATA_DLB
0x1800065E0: "Respecialize" ??_C@_1BK@CGJOHCEH@?$AAR?$AAe?$AAs?$AAp?$AAe?$AAc?$AAi?$AAa?$AAl?$AAi?$AAz?$AAe?$AA?$AA@
0x180003A30: "__cdecl amsg_exit" _amsg_exit
0x18000517C: MicrosoftTelemetryAssertTriggeredNoArgs
0x1800068C0: "__cdecl _sz_WINSTA_dll" __sz_WINSTA_dll
0x180006B24: "__cdecl _DefaultResolveDelayLoadedAPIFlags" __DefaultResolveDelayLoadedAPIFlags
0x180006B18: "<unknown>" ??_C@_09EEKGDCPH@?$DMunknown?$DO?$AA@
0x180009688: g_pSidSystem
0x180009680: g_pSidService
0x180006370: "__cdecl _imp_EnterCriticalSection" __imp_EnterCriticalSection
0x180003140: "long __cdecl LogonUmfdAccountAndSetTokenIntegrityLevel(void * __ptr64 * __ptr64)" ?LogonUmfdAccountAndSetTokenIntegrityLevel@@YAJPEAPEAX@Z
0x180006310: api-ms-win-core-registry-l1-1-0_NULL_THUNK_DATA
0x180006218: api-ms-win-core-errorhandling-l1-1-0_NULL_THUNK_DATA
0x1800062B0: "__cdecl _imp_GetCurrentProcess" __imp_GetCurrentProcess
0x180006648: "Winlogon" ??_C@_1BC@LLFJKFDH@?$AAW?$AAi?$AAn?$AAl?$AAo?$AAg?$AAo?$AAn?$AA?$AA@
0x1800079A4: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-security-lsalookup-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-security-lsalookup-l1-1-0
0x180009648: "__cdecl _native_startup_lock" __native_startup_lock
0x180003C00: DllMain
0x180006118: "__cdecl _imp_RegOpenKeyW" __imp_RegOpenKeyW
0x180003F50: "__cdecl _GSHandlerCheck_SEH" __GSHandlerCheck_SEH
0x180006490: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x180006190: "__cdecl _imp_CloseDesktop" __imp_CloseDesktop
0x1800062C8: "__cdecl _imp_ResumeThread" __imp_ResumeThread
0x180006318: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x180006280: api-ms-win-core-libraryloader-l1-2-0_NULL_THUNK_DATA
0x180007A1C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-eventing-provider-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-eventing-provider-l1-1-0
0x180003EA3: "__cdecl _imp_load_WinStationSystemShutdownStarted" __imp_load_WinStationSystemShutdownStarted
0x1800034A0: "void __cdecl FontLoaderWorkerCallback(struct _TP_CALLBACK_INSTANCE * __ptr64,void * __ptr64)" ?FontLoaderWorkerCallback@@YAXPEAU_TP_CALLBACK_INSTANCE@@PEAX@Z
0x1800068A8: "gdi32.dll" ??_C@_1BE@BCGFHNLP@?$AAg?$AAd?$AAi?$AA3?$AA2?$AA?4?$AAd?$AAl?$AAl?$AA?$AA@
0x180006438: "__cdecl _imp_LsaLookupManageSidNameMapping" __imp_LsaLookupManageSidNameMapping
0x180006208: "__cdecl _imp_GetLastError" __imp_GetLastError
0x180006450: "__cdecl _imp_ConvertSidToStringSidW" __imp_ConvertSidToStringSidW
0x1800063F0: api-ms-win-eventing-provider-l1-1-0_NULL_THUNK_DATA
0x180009080: "__cdecl _native_dllmain_reason" __native_dllmain_reason
0x180003EC8: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x180006540: "__cdecl _imp_EtwTraceMessage" __imp_EtwTraceMessage
0x180006140: "__cdecl _imp_LogonUserExExW" __imp_LogonUserExExW
0x1800079CC: "__cdecl _IMPORT_DESCRIPTOR_ADVAPI32" __IMPORT_DESCRIPTOR_ADVAPI32
0x180006B08: "NULL" ??_C@_19CIJIHAKK@?$AAN?$AAU?$AAL?$AAL?$AA?$AA@
0x180007A44: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-0
0x180006290: "__cdecl _imp_GetCurrentProcessId" __imp_GetCurrentProcessId
0x180006358: "__cdecl _imp_WaitForSingleObject" __imp_WaitForSingleObject
0x180006768: "Winsta0\Default" ??_C@_1CA@BGFJHJCO@?$AAW?$AAi?$AAn?$AAs?$AAt?$AAa?$AA0?$AA?2?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AA?$AA@
0x180006B24: "__cdecl _ResolveDelayLoadedAPIFlags" __ResolveDelayLoadedAPIFlags
0x180003AF0: "__cdecl ValidateImageBase" _ValidateImageBase
0x1800096A0: g_pSidRestricted
0x1800096E0: "bool gUmfdHostThreadProcExecuted" ?gUmfdHostThreadProcExecuted@@3_NA
0x180007940: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-libraryloader-l1-2-0
0x180004D30: WPP_SF_
0x180007990: "__cdecl _IMPORT_DESCRIPTOR_USERENV" __IMPORT_DESCRIPTOR_USERENV
0x180006230: "__cdecl _imp_HeapAlloc" __imp_HeapAlloc
0x1800061A8: "__cdecl _imp_CloseWindowStation" __imp_CloseWindowStation
0x180006348: "__cdecl _imp_AcquireSRWLockExclusive" __imp_AcquireSRWLockExclusive
0x180006180: "__cdecl _imp_UpdatePerUserSystemParameters" __imp_UpdatePerUserSystemParameters
0x18000763C: "__cdecl _NULL_DELAY_IMPORT_DESCRIPTOR" __NULL_DELAY_IMPORT_DESCRIPTOR
0x180003C30: UIStartupWorker
0x180003760: "__cdecl DllMainCRTStartup" _DllMainCRTStartup
0x180004AE8: GetShutdownTimeout
0x180006498: "__cdecl _imp__initterm" __imp__initterm
0x180006618: "SYSTEM\Setup" ??_C@_1BK@BHBNHDAL@?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA?2?$AAS?$AAe?$AAt?$AAu?$AAp?$AA?$AA@
0x180006200: "__cdecl _imp_SetLastError" __imp_SetLastError
0x180007A30: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-1" __IMPORT_DESCRIPTOR_api-ms-win-core-delayload-l1-1-1
0x1800063A8: "__cdecl _imp_GetVersionExW" __imp_GetVersionExW
0x180007864: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-registry-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-registry-l1-1-0
0x180006638: "Default" ??_C@_1BA@GHOECOCL@?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AA?$AA@
0x180009638: "__cdecl _onexitend" __onexitend
0x1800062D0: "__cdecl _imp_CreateThread" __imp_CreateThread
0x180006418: "__cdecl _imp_AdjustTokenPrivileges" __imp_AdjustTokenPrivileges
0x180006128: "__cdecl _imp_WTSGetServiceSessionId" __imp_WTSGetServiceSessionId
0x180006550: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x1800096A8: g_pSidAnyPackage
0x180006138: KERNELBASE_NULL_THUNK_DATA
0x1800062A0: "__cdecl _imp_TerminateProcess" __imp_TerminateProcess
0x1800061B0: USER32_NULL_THUNK_DATA
0x1800063F8: "__cdecl _imp_GetTokenInformation" __imp_GetTokenInformation
0x1800061C0: "__cdecl _imp_CreateEnvironmentBlock" __imp_CreateEnvironmentBlock
0x180006530: "__cdecl _imp_RtlNtStatusToDosError" __imp_RtlNtStatusToDosError
0x1800063B0: api-ms-win-core-sysinfo-l1-1-0_NULL_THUNK_DATA
0x180006570: "__cdecl _xi_a" __xi_a
0x180006398: "__cdecl _imp_GetTickCount" __imp_GetTickCount
0x1800061E8: "__cdecl _imp_ResolveDelayLoadedAPI" __imp_ResolveDelayLoadedAPI
0x180001F30: "unsigned long __cdecl SetWinlogonDesktopSecurity(struct HDESK__ * __ptr64)" ?SetWinlogonDesktopSecurity@@YAKPEAUHDESK__@@@Z
0x180006430: api-ms-win-security-base-l1-1-0_NULL_THUNK_DATA
0x180006850: "Font Driver Host" ??_C@_1CC@EBNINKLO@?$AAF?$AAo?$AAn?$AAt?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAH?$AAo?$AAs?$AAt?$AA?$AA@
0x180005060: WPP_SF_dd
0x1800096D8: "int (__cdecl* __ptr64 g_pfnNamedEscape)(struct HDC__ * __ptr64,unsigned short * __ptr64,int,int,char const * __ptr64,int,char * __ptr64)" ?g_pfnNamedEscape@@3P6AHPEAUHDC__@@PEAGHHPEBDHPEAD@ZEA
0x180004FCC: WPP_SF_DS
0x180009668: g_pSidCreator
0x180002410: CreateSecurityDescriptor
0x180009000: WPP_GLOBAL_Control
0x180006890: "" ??_C@_11LOCGONAA@?$AA?$AA@
0x1800078C8: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-processthreads-l1-1-0
0x18000B000: "__cdecl _imp_WinStationQueryInformationW" __imp_WinStationQueryInformationW
0x180005660: "__cdecl TlgEnableCallback" _TlgEnableCallback
0x180004D58: WPP_SF_d
0x180004CF0: WPP_SF_D
0x180009660: "__cdecl pRawDllMain" _pRawDllMain
0x180006508: "__cdecl _imp_RtlFreeSid" __imp_RtlFreeSid
0x180001D80: "unsigned long __cdecl AceListSetWinstaSecurity(struct HWINSTA__ * __ptr64,void * __ptr64,int)" ?AceListSetWinstaSecurity@@YAKPEAUHWINSTA__@@PEAXH@Z
0x180005654: "__cdecl TlgDefineProvider_annotation__Tlgmtaum_hTelemetryAssertProv" _TlgDefineProvider_annotation__Tlgmtaum_hTelemetryAssertProv
0x180006148: SspiCli_NULL_THUNK_DATA
0x180007878: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-heap-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-heap-l1-1-0
0x180003A00: "__cdecl _security_check_cookie" __security_check_cookie
0x18000761C: "__cdecl _DELAY_IMPORT_DESCRIPTOR_WINSTA_dll" __DELAY_IMPORT_DESCRIPTOR_WINSTA_dll
0x180006568: "__cdecl _xc_z" __xc_z
0x18000797C: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-heap-l2-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-heap-l2-1-0
0x180009778: "struct _RTL_SRWLOCK g_MicrosoftTelemetryAssertLock" ?g_MicrosoftTelemetryAssertLock@@3U_RTL_SRWLOCK@@A
0x1800062E0: api-ms-win-core-processthreads-l1-1-0_NULL_THUNK_DATA
0x180001010: PrimaryTerminalAndHookWorker
0x180006270: "__cdecl _imp_GetProcAddress" __imp_GetProcAddress
0x180006298: "__cdecl _imp_CreateProcessAsUserW" __imp_CreateProcessAsUserW
0x180006388: "__cdecl _imp_InitOnceExecuteOnce" __imp_InitOnceExecuteOnce
0x180006A5B: "__cdecl TraceLoggingMetadataEnd" _TraceLoggingMetadataEnd
0x180006170: "__cdecl _imp_SetProcessWindowStation" __imp_SetProcessWindowStation
0x1800063A0: "__cdecl _imp_GetSystemTimeAsFileTime" __imp_GetSystemTimeAsFileTime
0x180006748: "fontdrvhost.exe" ??_C@_1CA@OHMECBHA@?$AAf?$AAo?$AAn?$AAt?$AAd?$AAr?$AAv?$AAh?$AAo?$AAs?$AAt?$AA?4?$AAe?$AAx?$AAe?$AA?$AA@
0x180006258: "__cdecl _imp_LocalAlloc" __imp_LocalAlloc
0x1800061D8: "__cdecl _imp_DelayLoadFailureHook" __imp_DelayLoadFailureHook
0x180006448: api-ms-win-security-lsalookup-l1-1-0_NULL_THUNK_DATA
0x180006240: "__cdecl _imp_GetProcessHeap" __imp_GetProcessHeap
0x180009770: "__cdecl _@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUwhUhvxfirgbUfnhgzigfkUfnhsokiUlyquivUznwGEUkivxlnkOlyq@UmsHlpr" __@@_PchSym_@00@KxulyqvxgPillgKxulmvxlivUwhUhvxfirgbUfnhgzigfkUfnhsokiUlyquivUznwGEUkivxlnkOlyq@UmsHlpr
0x180009700: "struct _RTL_CRITICAL_SECTION g_csNamedEscape" ?g_csNamedEscape@@3U_RTL_CRITICAL_SECTION@@A
0x180005574: TraceLoggingRegisterEx
0x180009730: "unsigned short * gwszUmfdAccountName" ?gwszUmfdAccountName@@3PAGA
0x1800049E0: GetLoggedOnUserCount
0x1800062C0: "__cdecl _imp_DeleteProcThreadAttributeList" __imp_DeleteProcThreadAttributeList
0x180006330: api-ms-win-core-rtlsupport-l1-1-0_NULL_THUNK_DATA
0x1800078DC: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-rtlsupport-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-rtlsupport-l1-1-0
0x180006730: "UmfdHost" ??_C@_1BC@GKDNJMPM@?$AAU?$AAm?$AAf?$AAd?$AAH?$AAo?$AAs?$AAt?$AA?$AA@
0x1800062F0: api-ms-win-core-profile-l1-1-0_NULL_THUNK_DATA
0x180006588: "__cdecl _guard_fids_table" __guard_fids_table
0x1800064C0: msvcrt_NULL_THUNK_DATA
0x180006010: "__cdecl load_config_used" _load_config_used
0x1800068F0: WPP_93b9e03668c83b5ad5bb53997a4e2f2c_Traceguids
0x1800064C8: "__cdecl _imp_RtlCopySid" __imp_RtlCopySid
0x180007968: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-security-sddl-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-security-sddl-l1-1-0
0x180006428: "__cdecl _imp_SetTokenInformation" __imp_SetTokenInformation
0x1800013D0: CreatePrimaryTerminal
0x1800061F0: api-ms-win-core-delayload-l1-1-1_NULL_THUNK_DATA
0x1800061E0: api-ms-win-core-delayload-l1-1-0_NULL_THUNK_DATA
0x180006470: "__cdecl _imp_toupper" __imp_toupper
0x180006350: "__cdecl _imp_OpenEventW" __imp_OpenEventW
0x1800079E0: "__cdecl _IMPORT_DESCRIPTOR_USER32" __IMPORT_DESCRIPTOR_USER32
0x1800064B0: "__cdecl _imp__amsg_exit" __imp__amsg_exit
0x1800067B8: "O:SYD:(A;;GA;;;%s)(A;;GA;;;SY)" ??_C@_1DO@KBPFGJHL@?$AAO?$AA?3?$AAS?$AAY?$AAD?$AA?3?$AA?$CI?$AAA?$AA?$DL?$AA?$DL?$AAG?$AAA?$AA?$DL?$AA?$DL?$AA?$DL?$AA?$CF?$AAs?$AA?$CJ?$AA?$CI?$AAA?$AA?$DL?$AA?$DL?$AAG?$AAA?$AA?$DL?$AA?$DL?$AA?$DL?$AAS?$AAY?$AA?$CJ?$AA?$AA@
0x180003E06: "__cdecl _imp_load_WinStationGetTermSrvCountersValue" __imp_load_WinStationGetTermSrvCountersValue
0x1800030C0: "long __cdecl StringCchPrintfW(unsigned short * __ptr64,unsigned __int64,unsigned short const * __ptr64,...)" ?StringCchPrintfW@@YAJPEAG_KPEBGZZ
0x180006800: "SYSTEM\CurrentControlSet\Control" ??_C@_1FA@OCMECJIP@?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAt?$AA?2?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl@
0x180006320: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x1800062E8: "__cdecl _imp_QueryPerformanceCounter" __imp_QueryPerformanceCounter
0x180006168: "__cdecl _imp_RegisterLogonProcess" __imp_RegisterLogonProcess
0x1800064D8: "__cdecl _imp_RtlGetDaclSecurityDescriptor" __imp_RtlGetDaclSecurityDescriptor
0x180009780: "struct MicrosoftTelemetryAssertTriggeredNode * __ptr64 __ptr64 g_MicrosoftTelemetryAssertsTriggeredList" ?g_MicrosoftTelemetryAssertsTriggeredList@@3PEAUMicrosoftTelemetryAssertTriggeredNode@@EA
0x18000B018: "__cdecl _imp_WinStationGetTermSrvCountersValue" __imp_WinStationGetTermSrvCountersValue
0x180006328: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x180006600: "SetupType" ??_C@_1BE@MMGHIOAH@?$AAS?$AAe?$AAt?$AAu?$AAp?$AAT?$AAy?$AAp?$AAe?$AA?$AA@
0x180006B28: "__cdecl _pfnDefaultDliFailureHook2" __pfnDefaultDliFailureHook2
0x180002110: SetUserDesktopSecurity
0x180003C30: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x180006198: "__cdecl _imp_CreateWindowStationW" __imp_CreateWindowStationW
0x180006458: "__cdecl _imp_ConvertStringSecurityDescriptorToSecurityDescriptorW" __imp_ConvertStringSecurityDescriptorToSecurityDescriptorW
0x180007918: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-handle-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-handle-l1-1-0
0x1800096C8: g_pSidPowerUser
0x180006AD8: "ShutdownSessionTimeout" ??_C@_1CO@KCAGLDPP@?$AAS?$AAh?$AAu?$AAt?$AAd?$AAo?$AAw?$AAn?$AAS?$AAe?$AAs?$AAs?$AAi?$AAo?$AAn?$AAT?$AAi?$AAm?$AAe?$AAo?$AAu?$AAt?$AA?$AA@
0x1800063C0: api-ms-win-eventing-classicprovider-l1-1-0_NULL_THUNK_DATA
0x180005198: MicrosoftTelemetryAssertTriggeredWorker
0x180006478: "__cdecl _imp__XcptFilter" __imp__XcptFilter
0x180006548: ntdll_NULL_THUNK_DATA
0x180006410: "__cdecl _imp_GetSecurityDescriptorDacl" __imp_GetSecurityDescriptorDacl
0x180007954: "__cdecl _IMPORT_DESCRIPTOR_SspiCli" __IMPORT_DESCRIPTOR_SspiCli
0x180006518: "__cdecl _imp_RtlAddMandatoryAce" __imp_RtlAddMandatoryAce
0x180006408: "__cdecl _imp_FreeSid" __imp_FreeSid
0x180002850: "unsigned long __cdecl LaunchUmfdHostWithVirtualAccountThreadProc(void * __ptr64)" ?LaunchUmfdHostWithVirtualAccountThreadProc@@YAKPEAX@Z
0x180007904: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-1-0
0x180009088: "__cdecl _security_cookie" __security_cookie
0x1800062F8: "__cdecl _imp_RegQueryValueExW" __imp_RegQueryValueExW
0x180001B10: "unsigned long __cdecl SetDefaultWinstaSecurity(struct HWINSTA__ * __ptr64,void * __ptr64 * __ptr64)" ?SetDefaultWinstaSecurity@@YAKPEAUHWINSTA__@@PEAPEAX@Z
0x1800061B8: "__cdecl _imp_CreateAppContainerProfile" __imp_CreateAppContainerProfile
0x180006220: "__cdecl _imp_CloseHandle" __imp_CloseHandle
0x180006188: "__cdecl _imp_LoadLocalFonts" __imp_LoadLocalFonts
0x180006500: "__cdecl _imp_TpSimpleTryPost" __imp_TpSimpleTryPost
0x180006250: "__cdecl _imp_LocalFree" __imp_LocalFree
0x180006420: "__cdecl _imp_GetLengthSid" __imp_GetLengthSid
0x1800078F0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-errorhandling-l1-1-0
0x1800061A0: "__cdecl _imp_SetUserObjectSecurity" __imp_SetUserObjectSecurity
0x180009640: "__cdecl _onexitbegin" __onexitbegin
0x1800063C8: "__cdecl _imp_EventProviderEnabled" __imp_EventProviderEnabled
0x180004BF0: WaitForWinstationShutdown
0x180006660: "WinSta0" ??_C@_1BA@IMLGMNLL@?$AAW?$AAi?$AAn?$AAS?$AAt?$AAa?$AA0?$AA?$AA@
0x180002E80: "long __cdecl MapUmfdVirtualAccount(void)" ?MapUmfdVirtualAccount@@YAJXZ
0x180006538: "__cdecl _imp_RtlAllocateAndInitializeSid" __imp_RtlAllocateAndInitializeSid
0x180006488: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x1800061F8: "__cdecl _imp_SetUnhandledExceptionFilter" __imp_SetUnhandledExceptionFilter
0x1800061C8: "__cdecl _imp_DestroyEnvironmentBlock" __imp_DestroyEnvironmentBlock
0x180006308: "__cdecl _imp_RegOpenKeyExW" __imp_RegOpenKeyExW
0x180003B24: "__cdecl _security_init_cookie" __security_init_cookie
0x180007850: "__cdecl _IMPORT_DESCRIPTOR_msvcrt" __IMPORT_DESCRIPTOR_msvcrt
0x180006468: api-ms-win-security-sddl-l1-1-0_NULL_THUNK_DATA
0x180006480: "__cdecl _imp_memmove" __imp_memmove
0x180004CB0: WinStationSystemShutdownStartedWorker
0x180006400: "__cdecl _imp_CreateRestrictedToken" __imp_CreateRestrictedToken
0x1800064A0: "__cdecl _imp_malloc" __imp_malloc
0x180006120: ADVAPI32_NULL_THUNK_DATA
0x1800063D0: "__cdecl _imp_EventUnregister" __imp_EventUnregister
0x1800064D0: "__cdecl _imp_RtlLengthSid" __imp_RtlLengthSid
0x180009630: "__cdecl _hmod__WINSTA_dll" __hmod__WINSTA_dll
0x180006900: WPP_c6db3ee58e84378e9d1008d6e475c92c_Traceguids
0x180006888: "LW" ??_C@_15GAHNKDFA@?$AAL?$AAW?$AA?$AA@
0x180003C80: "__cdecl _report_gsfailure" __report_gsfailure
0x1800062B8: "__cdecl _imp_UpdateProcThreadAttribute" __imp_UpdateProcThreadAttribute
0x180005654: "__cdecl TlgDefineProvider_annotation__Tlgmtaum_hTelemetryAssertDiagTrackProv" _TlgDefineProvider_annotation__Tlgmtaum_hTelemetryAssertDiagTrackProv
0x180006338: "__cdecl _imp_LeaveCriticalSection" __imp_LeaveCriticalSection
0x180009650: "__cdecl _native_startup_state" __native_startup_state
0x180006798: "LOCALAPPDATA" ??_C@_1BK@HGNHJGKH@?$AAL?$AAO?$AAC?$AAA?$AAL?$AAA?$AAP?$AAP?$AAD?$AAA?$AAT?$AAA?$AA?$AA@
0x180006178: "__cdecl _imp_SetWindowStationUser" __imp_SetWindowStationUser
0x1800066B8: "microsoft.windows.fontdrvhost" ??_C@_1DM@MFDIAJIM@?$AAm?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?4?$AAw?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?4?$AAf?$AAo?$AAn?$AAt?$AAd?$AAr?$AAv?$AAh?$AAo?$AAs?$AAt?$AA?$AA@
0x180004E48: "int __cdecl LaunchUmfdHostWithCurrentTokenUnconditional(void)" ?LaunchUmfdHostWithCurrentTokenUnconditional@@YAHXZ
0x180006670: "Global\LSA_SUBSYSTEM_INITIALIZED" ??_C@_1EC@GIPHDCME@?$AAG?$AAl?$AAo?$AAb?$AAa?$AAl?$AA?2?$AAL?$AAS?$AAA?$AA_?$AAS?$AAU?$AAB?$AAS?$AAY?$AAS?$AAT?$AAE?$AAM?$AA_?$AAI?$AAN?$AAI?$AAT?$AAI?$AAA?$AAL?$AAI?$AAZ?$AAE?$AAD@
0x180006A60: "Software\Microsoft\Windows\Curre" ??_C@_1HE@KMAPOOMM@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe@
0x180006440: "__cdecl _imp_LsaLookupFreeMemory" __imp_LsaLookupFreeMemory
0x180006510: "__cdecl _imp_RtlSetSaclSecurityDescriptor" __imp_RtlSetSaclSecurityDescriptor
0x1800064E0: "__cdecl _imp_RtlSetDaclSecurityDescriptor" __imp_RtlSetDaclSecurityDescriptor
0x180009670: g_pSidLocalService
0x1800078B4: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0" __IMPORT_DESCRIPTOR_api-ms-win-core-profile-l1-1-0
0x18000B008: "__cdecl _imp_WinStationSystemShutdownWait" __imp_WinStationSystemShutdownWait
0x180004CC0: UHHeapFree
0x1800064A8: "__cdecl _imp_free" __imp_free
0x180003A90: "__cdecl IsNonwritableInCurrentImage" _IsNonwritableInCurrentImage
0x180006390: api-ms-win-core-synch-l1-2-0_NULL_THUNK_DATA
0x180006378: api-ms-win-core-synch-l1-1-0_NULL_THUNK_DATA
0x1800078A0: "__cdecl _IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-2-0" __IMPORT_DESCRIPTOR_api-ms-win-core-synch-l1-2-0
0x180003FE8: memset
0x180007A58: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
0x180009698: g_pSidWorld

[JEB Decompiler by PNF Software]