Import table
advapi32.dll
GetTokenInformation, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, SetTokenInformation, RegisterServiceCtrlHandlerExW, RegCloseKey, RegQueryValueExW, ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, CreateProcessAsUserW, SetKernelObjectSecurity, ImpersonateLoggedOnUser, RevertToSelf, RegGetValueW, RegOpenKeyExW, SetServiceStatus
api-ms-win-core-appcompat-l1-1-1.dll
BaseReadAppCompatDataForProcess, BaseFreeAppCompatDataForProcess
api-ms-win-core-localregistry-l1-1-0.dll
RegGetValueW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey
api-ms-win-core-processthreads-l1-1-0.dll
TerminateProcess, GetExitCodeProcess, GetCurrentProcessId, DeleteProcThreadAttributeList, GetCurrentProcess, GetCurrentThreadId, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, CreateProcessAsUserW, ResumeThread
api-ms-win-core-processthreads-l1-1-1.dll
GetCurrentProcess, GetCurrentThreadId, InitializeProcThreadAttributeList, CreateProcessAsUserW, DeleteProcThreadAttributeList, ResumeThread, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, UpdateProcThreadAttribute, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
GetExitCodeProcess, GetCurrentProcessId, ResumeThread, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, CreateProcessAsUserW, TerminateProcess, GetCurrentThreadId, GetCurrentProcess, InitializeProcThreadAttributeList
api-ms-win-core-registry-l1-1-0.dll
RegQueryValueExW, RegGetValueW, RegOpenKeyExW, RegCloseKey
api-ms-win-security-base-l1-1-0.dll
ImpersonateLoggedOnUser, GetTokenInformation, CheckTokenMembership, SetTokenInformation, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, RevertToSelf
api-ms-win-security-base-l1-2-0.dll
GetSidSubAuthority, GetTokenInformation, SetTokenInformation, GetSidLengthRequired, InitializeSid, CheckTokenMembership, RevertToSelf, ImpersonateLoggedOnUser
api-ms-win-service-core-l1-1-0.dll
RegisterServiceCtrlHandlerExW, SetServiceStatus
api-ms-win-service-core-l1-1-1.dll
SetServiceStatus, RegisterServiceCtrlHandlerExW
kernel32.dll
GetLastError, InterlockedIncrement, LocalFree, WaitForSingleObject, InterlockedDecrement, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, QueryPerformanceCounter, Sleep, InterlockedExchange, LoadLibraryExA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, DelayLoadFailureHook, lstrlenW, GetTempPathW, GetSystemDirectoryW, GetEnvironmentVariableW, CreateFileMappingW, MapViewOfFile, CreateActCtxW, QueryActCtxSettingsW, ReleaseActCtx, UnmapViewOfFile, GetLongPathNameW, CheckElevationEnabled, CreateFileW, CheckElevation, GetFullPathNameW, GetFileAttributesW, ReadProcessMemory, ReleaseMutex, CreateMutexW, LocalAlloc, CreateEventW, CloseHandle, GetTickCount, UnregisterWait, SetEvent, GetCurrentProcess, GetCurrentThreadId, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, GetTempFileNameW, ReadFile, WriteFile, DeleteFileW, GetCurrentProcessId, ResumeThread, GetExitCodeProcess, TerminateProcess, ResolveDelayLoadedAPI, DuplicateHandle, SetLastError, VirtualProtect, VirtualAlloc, VirtualFree, OutputDebugStringW, VirtualQuery
msvcrt.dll
DllMain
ntdll.dll
EtwTraceMessage, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwEventWrite, NtQuerySecurityObject, NtSetSecurityObject, RtlCreateServiceSid, RtlDosPathNameToRelativeNtPathName_U_WithStatus, RtlReleaseRelativeName, RtlFreeUnicodeString, RtlInitUnicodeStringEx, RtlPrefixUnicodeString, RtlQueryEnvironmentVariable, RtlInitUnicodeString, LdrOpenImageFileOptionsKey, LdrQueryImageFileKeyOption, RtlExpandEnvironmentStrings, RtlDestroyEnvironment, RtlCreateEnvironmentEx, RtlSetEnvironmentVar, NtOpenProcess, NtOpenThreadToken, NtQueryInformationToken, NtDuplicateObject, RtlRegisterWait, NtQuerySystemInformation, NtQueryInformationProcess, NtReadVirtualMemory, RtlNtStatusToDosErrorNoTeb, RtlImageNtHeaderEx, RtlDeregisterWaitEx, RtlDeregisterWait, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlAcquireSRWLockShared, RtlReleaseSRWLockShared, NtOpenProcessToken, NtDuplicateToken, NtSetInformationToken, RtlRemovePrivileges, RtlNtStatusToDosError, NtClose, RtlInitializeSRWLock, EtwEventRegister, EtwEventUnregister, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlLengthSid, NtOpenKey, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, NtQueryValueKey, DbgPrintEx, RtlFormatCurrentUserKeyPath, RtlExpandEnvironmentStrings_U, RtlAnsiStringToUnicodeString, NtMapViewOfSection, RtlFreeHeap, RtlInitAnsiString, RtlGetVersion, NtQueryInformationFile, NtUnmapViewOfSection, NtCreateFile, RtlAllocateHeap, RtlGetNativeSystemInformation, RtlUnicodeStringToInteger, NtCreateSection
rpcrt4.dll
RpcRevertToSelf, RpcImpersonateClient, I_RpcBindingInqLocalClientPID, RpcServerUseProtseqW, RpcAsyncCompleteCall, RpcServerInqBindings, RpcServerRegisterIfEx, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree, NdrAsyncServerCall, NdrServerCall2
secur32.dll
GetUserNameExW
user32.dll
MonitorFromPoint
userenv.dll
UnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
Export table
ServiceMain
SvchostPushServiceGlobals