Import table
advapi32.dll
OpenServiceW, GetKernelObjectSecurity, AdjustTokenPrivileges, OpenProcessToken, IsValidSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetNamedSecurityInfoW, DuplicateTokenEx, MD5Init, MD5Update, MD5Final, SystemFunction036, RegOpenKeyExA, RegQueryValueExA, GetTokenInformation, RegEnumValueW, QueryServiceStatusEx, QueryServiceConfigW, OpenSCManagerW, EnumServicesStatusW, CloseServiceHandle, ConvertStringSidToSidW, GetNamedSecurityInfoW, GetAce, EqualSid, RegOpenKeyExW, RegQueryValueExW, RegQueryInfoKeyW, RegEnumKeyW, RegDeleteKeyW, RegCloseKey, RegCreateKeyExW, RegCreateKeyW, SetThreadToken, RegisterServiceCtrlHandlerExW, SetServiceStatus, OpenThreadToken, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegisterEventSourceW, ReportEventW, DeregisterEventSource
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-1.dll
SetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLastError
api-ms-win-core-file-l1-2-0.dll
ReadFile, SetEndOfFile, DeleteFileW, CreateFileW, FindFirstFileW, SetFileAttributesW, FindNextFileW, FindClose, SetFilePointer, GetFileSize, FindNextChangeNotification, FindFirstChangeNotificationW, FindCloseChangeNotification, GetFileAttributesW, WriteFile, CompareFileTime, CreateDirectoryW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalSize, LocalReAlloc, LocalFree, LocalAlloc
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedDecrement, InterlockedIncrement, InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-libraryloader-l1-1-1.dll
FreeLibraryAndExitThread, FreeLibrary, DisableThreadLibraryCalls, GetModuleHandleExW
api-ms-win-core-memory-l1-1-1.dll
VirtualQuery, VirtualAlloc, VirtualProtect
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-1.dll
OpenThreadToken, SetThreadStackGuarantee, GetCurrentThread, SetThreadToken, OpenProcessToken, GetCurrentThreadId, GetCurrentProcessId, ExitThread, TerminateProcess, GetCurrentProcess, CreateThread, OpenProcess
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegQueryValueExW, RegQueryValueExA, RegCloseKey, RegOpenKeyExW, RegOpenKeyExA
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, ReleaseSRWLockShared, InitializeSRWLock, AcquireSRWLockShared, ReleaseSRWLockExclusive, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, Sleep, SetEvent, CreateEventA, WaitForSingleObjectEx, CreateEventW
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount, GetSystemInfo, GetSystemTimeAsFileTime
api-ms-win-core-threadpool-legacy-l1-1-0.dll
UnregisterWaitEx
api-ms-win-core-threadpool-private-l1-1-0.dll
RegisterWaitForSingleObjectEx
api-ms-win-security-base-l1-2-0.dll
SetFileSecurityW, IsValidSid, FreeSid, CopySid, GetSidSubAuthorityCount, GetSidIdentifierAuthority, GetSidSubAuthority, GetFileSecurityW, EqualSid, GetLengthSid, GetTokenInformation, RevertToSelf, GetSecurityDescriptorSacl, ImpersonateSelf, GetAce, AllocateAndInitializeSid
crypt32.dll
CryptMemAlloc, I_CertSrvProtectFunction, CryptStringToBinaryW, CryptDecodeObjectEx, CryptQueryObject, CertEnumCRLsInStore, CertFreeCRLContext, CertCloseStore, I_CryptFindLruEntry, I_CryptGetLruEntryData, I_CryptEnumMatchingLruEntries, CryptMemFree, I_CryptRemoveLruEntry, I_CryptCreateLruEntry, I_CryptInsertLruEntry, I_CryptReleaseLruEntry, I_CryptFreeLruCache, I_CryptCreateLruCache, CryptHashCertificate, CertCreateContext, CertFreeCTLContext, CryptDecodeObject, RegOpenHKCUKeyExU, CryptInitOIDFunctionSet, CryptGetDefaultOIDDllList, CryptGetDefaultOIDFunctionAddress, CryptFreeOIDFunctionAddress
cryptnet.dll
I_CryptNetSetUrlCachePreFetchInfo, I_CryptNetSetUrlCacheFlushInfo, CryptRetrieveObjectByUrlW
kernel32.dll
WaitForMultipleObjectsEx, lstrlenW, CompareStringW, LCMapStringW, SetUnhandledExceptionFilter, ReleaseMutex, TerminateProcess, GetCurrentProcessId, GetCurrentThreadId, HeapFree, GetThreadLocale, RaiseException, FileTimeToSystemTime, FileTimeToLocalFileTime, GetSystemWindowsDirectoryW, GetModuleHandleW, GetFullPathNameW, FlushFileBuffers, GetVersionExW, UnhandledExceptionFilter, GetFileAttributesExW, DisableThreadLibraryCalls, CloseHandle, GetCurrentThread, SetEvent, LocalAlloc, LocalFree, LocalSize, LocalReAlloc, GetLastError, UnregisterWaitEx, RegisterWaitForSingleObject, CreateEventW, FreeLibrary, GetProcAddress, LoadLibraryW, SetLastError, WideCharToMultiByte, GetACP, CreateFileW, MoveFileW, DeleteFileW, GetTempFileNameW, LeaveCriticalSection, EnterCriticalSection, GetSystemDirectoryA, GetSystemDirectoryW, FindClose, FindNextFileW, FindFirstFileW, GetFileAttributesW, QueryPerformanceCounter, QueryPerformanceFrequency, LoadLibraryExW, GetModuleFileNameW, WaitForSingleObject, SetThreadPriority, FormatMessageW, SetFileAttributesW, CreateDirectoryW, DeleteFileA, UnmapViewOfFile, CompareFileTime, InterlockedExchange, HeapReAlloc, CopyFileW, GetFileSize, ExitThread, FreeLibraryAndExitThread, ResumeThread, CreateThread, GetTickCount, InitializeCriticalSection, DeleteCriticalSection, GetWindowsDirectoryW, ExpandEnvironmentStringsW, Sleep, DelayLoadFailureHook, InterlockedCompareExchange, LoadLibraryExA, WriteFile, SetEndOfFile, SetFilePointer, OutputDebugStringA, GetDateFormatA, GetTimeFormatA, GetLocalTime, ReadFile, GetModuleHandleExW, InterlockedIncrement, InterlockedDecrement, FindNextChangeNotification, GetSystemTimeAsFileTime, FindCloseChangeNotification, FindFirstChangeNotificationW, WaitForSingleObjectEx, CreateEventA, DuplicateHandle, GetCurrentProcess, OpenProcess, CreateMutexW, MapViewOfFile, CreateFileMappingW, HeapAlloc, GetProcessHeap, CreateFileMappingA, WaitForMultipleObjects, LoadLibraryA
msvcrt.dll
DllMain
ntdll.dll
ShipAssert, EtwEventRegister, EvtIntReportEventAndSourceAsync, EtwEventUnregister, RtlNtStatusToDosError, RtlAllocateHeap, RtlFreeHeap, RtlReAllocateHeap, RtlRaiseStatus, DbgUserBreakPoint, RtlImageNtHeader
ole32.dll
CoInitialize, CoInitializeEx, CoCreateInstance, CoUninitialize
rpcrt4.dll
NdrServerCall2, I_RpcBindingInqLocalClientPID, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUnregisterIf, RpcImpersonateClient, RpcRevertToSelfEx, I_RpcBindingIsClientLocal, RpcServerRegisterIf3
user32.dll
CharNextW, CharPrevW, CharLowerW
vssapi.dll
CreateWriterEx
Export table
CryptServiceMain
SvchostPushServiceGlobals
