Import table
api-ms-win-core-localregistry-l1-1-0.dll
RegGetValueW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey
api-ms-win-core-processthreads-l1-1-0.dll
TerminateProcess, GetExitCodeProcess, GetCurrentProcessId, DeleteProcThreadAttributeList, GetCurrentProcess, GetCurrentThreadId, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, CreateProcessAsUserW, ResumeThread
api-ms-win-security-base-l1-1-0.dll
ImpersonateLoggedOnUser, GetTokenInformation, CheckTokenMembership, SetTokenInformation, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, RevertToSelf
api-ms-win-service-core-l1-1-0.dll
RegisterServiceCtrlHandlerExW, SetServiceStatus
kernel32.dll
GetLastError, InterlockedIncrement, LocalFree, WaitForSingleObject, InterlockedDecrement, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, QueryPerformanceCounter, Sleep, InterlockedExchange, LoadLibraryExA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, DelayLoadFailureHook, lstrlenW, GetTempPathW, GetSystemDirectoryW, GetEnvironmentVariableW, CreateFileMappingW, MapViewOfFile, CreateActCtxW, QueryActCtxSettingsW, ReleaseActCtx, UnmapViewOfFile, GetLongPathNameW, CheckElevationEnabled, CreateFileW, CheckElevation, GetFullPathNameW, GetFileAttributesW, ReadProcessMemory, ReleaseMutex, CreateMutexW, LocalAlloc, CreateEventW, CloseHandle, GetTickCount, UnregisterWait, SetEvent
msvcrt.dll
DllMain
ntdll.dll
EtwTraceMessage, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwEventWrite, NtQuerySecurityObject, NtSetSecurityObject, RtlCreateServiceSid, RtlDosPathNameToRelativeNtPathName_U_WithStatus, RtlReleaseRelativeName, RtlFreeUnicodeString, RtlInitUnicodeStringEx, RtlPrefixUnicodeString, RtlQueryEnvironmentVariable, RtlInitUnicodeString, LdrOpenImageFileOptionsKey, LdrQueryImageFileKeyOption, RtlExpandEnvironmentStrings, RtlDestroyEnvironment, RtlCreateEnvironmentEx, RtlSetEnvironmentVar, NtOpenProcess, NtOpenThreadToken, NtQueryInformationToken, NtDuplicateObject, RtlRegisterWait, NtQuerySystemInformation, NtQueryInformationProcess, NtReadVirtualMemory, RtlNtStatusToDosErrorNoTeb, RtlImageNtHeaderEx, RtlDeregisterWaitEx, RtlDeregisterWait, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlAcquireSRWLockShared, RtlReleaseSRWLockShared, NtOpenProcessToken, NtDuplicateToken, NtSetInformationToken, RtlRemovePrivileges, RtlNtStatusToDosError, NtClose, RtlInitializeSRWLock, EtwEventRegister, EtwEventUnregister
rpcrt4.dll
RpcRevertToSelf, RpcImpersonateClient, I_RpcBindingInqLocalClientPID, RpcServerUseProtseqW, RpcAsyncCompleteCall, RpcServerInqBindings, RpcServerRegisterIfEx, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree, NdrAsyncServerCall, NdrServerCall2
Export table
ServiceMain
SvchostPushServiceGlobals
