Import table
cfgmgr32.dll
CM_Open_Class_Key_ExW
firewallapi.dll
FwChangeSourceShutdown, FwChangeSourceInitialize, FwAlloc, FwFree, FwVerifyNoHeapLeaks, FwChangeSourceSignalStart, FwSddlStringVerify, FWVerifyMainModeRuleQuery, FwMMRuleVerify, FWVerifyCryptoSetQuery, FWVerifyCryptoSet, FWVerifyAuthenticationSetQuery, FwSetSet, FwDeleteSet, FWVerifyAuthenticationSet, FWVerifyConnectionSecurityRuleQuery, FwCSRuleVerify, FwSetRule, FwVerifyWFRuleSemantics, FwDeleteRule, FWVerifyFirewallRuleQuery, FwDeleteAllRules, FwDeleteAllSets, FwReduceObjectsToVersion, FWResolveGPONames, FwCreateLocalTempStore, FwGetGlobalConfigFromLocalTempStore, FwSetGlobalConfig, FwSetConfig, FwDestroyLocalTempStore, FwAddRule, FwAddSet, FwIPV4RangeContainsMulticast, FwIPV6RangeContainsMulticast, FwDoNothingOnObject, FwCopyWFAddressesContents, Isv4Orv6AddressesEmpty, FwEmptyWFAddresses, FwPortsToBstr, FwGetAddressesAsString, IsRuleOldGlobalOpenPort, IsRuleOldAuthApp, LoadGPExtensionDll, FWGPLock, FWGPUnlock, FwChangeSourceSignal, FwSetResolveFlags, FwCopyCSRule, FwCopyMMRule, FwCopyAuthSet, FwCopyCryptoSet, FwMigrateLegacyAuthenticatedBypassSddl, FwCopyRule, FwRuleResolveFlags, FwGetConfig, FwGetGlobalConfig, FwOpenPolicyStore, FwClosePolicyStore, FwEnumRules, FwEnumSets, FwFreeRules, FwFreeSets, FwAddrChangeSourceInitialize, FwAddrChangeSourceSignal, FwAllocCheckSize, FwAddrChangeSourceShutdown, IsAddressesEmpty, FwCopyLUID, FwSetMemLeakPolicy
fwpuclnt.dll
IkeextSaDeleteById0, IkeextSaDestroyEnumHandle0, FwpmEngineOpen0, IPsecSaContextCreateEnumHandle0, IPsecSaContextEnum0, IPsecSaContextDeleteById0, FwpmFreeMemory0, IPsecSaContextDestroyEnumHandle0, FwpmEngineClose0, IkeextSaEnum0, IkeextSaCreateEnumHandle0, FwpmNetEventDestroyEnumHandle0, FwpmNetEventEnum1, FwpmIPsecTunnelAddConditions0, FwpmIPsecTunnelDeleteByKey0, FwpmProviderContextDeleteByKey0, FwpmTransactionCommit0, FwpmIPsecTunnelAdd1, FwpmTransactionAbort0, FwpmNetEventCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmFilterDeleteById0, FwpmProviderContextDeleteById0, FwpmCalloutAdd0, FwpmTransactionBegin0, FwpmFilterAdd0, FwpmSubLayerAdd0, FwpmProviderAdd0, FwpmProviderContextAdd0
kernel32.dll
ExpandEnvironmentStringsW, SetLastError, LoadLibraryExW, GetLongPathNameW, CreateDirectoryW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, OutputDebugStringA, InterlockedExchange, CreateEventA, CreateWaitableTimerA, QueueUserAPC, SetWaitableTimer, WideCharToMultiByte, MultiByteToWideChar, QueueUserWorkItem, DelayLoadFailureHook, GetProcAddress, GetLastError, FreeLibrary, InterlockedCompareExchange, LoadLibraryExA, CloseHandle, CreateMutexW, CreateEventW, ReleaseMutex, WaitForSingleObject, SetEvent, WaitForMultipleObjects, GetCurrentThreadId, UnregisterWait, UnregisterWaitEx, CreateThread, RegisterWaitForSingleObject, EnterCriticalSection, LeaveCriticalSection, InterlockedIncrement, InterlockedDecrement, Sleep, ResetEvent, WaitForSingleObjectEx, CancelIo, DeviceIoControl, CreateFileW, LocalFree, lstrcmpiW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, CreateTimerQueue, InitializeCriticalSection, CloseThreadpoolIo, WaitForThreadpoolIoCallbacks, FileTimeToSystemTime, FileTimeToLocalFileTime, CancelThreadpoolIo, WriteFile, StartThreadpoolIo, GetFileType, lstrlenA, HeapAlloc, GetProcessHeap, SetEndOfFile, SetFilePointerEx, CopyFileW, GetLocalTime, HeapFree, DeleteTimerQueueTimer, TerminateThread, DeleteTimerQueueEx, CreateThreadpoolIo, GetFileSize, CreateTimerQueueTimer, GetVersionExW, CompareStringOrdinal, QueryDosDeviceW, GetLogicalDriveStringsW, DuplicateHandle, GetCurrentProcess, TerminateProcess, LocalAlloc, ResumeThread, LoadLibraryW, lstrlenW, CompareStringW, GetCurrentThread, GetModuleHandleW, FormatMessageW, OpenProcess
msvcrt.dll
DllMain
nsi.dll
NsiAllocateAndGetTable, NsiFreeTable
ntdll.dll
NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, NtClose, RtlNtStatusToDosError, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwEventUnregister, EtwEventRegister, EtwTraceMessage, EtwEventWrite, RtlIpv6AddressToStringA, RtlIpv4AddressToStringA, DbgPrint, NtQueryInformationProcess, EtwEventEnabled, RtlCreateServiceSid, WinSqmSetDWORD, WinSqmAddToStream, RtlInitUnicodeString
rpcrt4.dll
RpcServerRegisterIfEx, RpcServerUnregisterIfEx, RpcBindingVectorFree, RpcEpUnregister, RpcStringFreeW, RpcServerRegisterAuthInfoW, RpcServerInqDefaultPrincNameW, RpcEpRegisterW, RpcServerInqBindings, NdrServerCall2, RpcServerUseProtseqW, RpcBindingInqAuthClientW, RpcStringBindingParseW, RpcBindingToStringBindingW, I_RpcBindingIsClientLocal, I_RpcBindingInqLocalClientPID, RpcRevertToSelf, RpcImpersonateClient, UuidCreate
Export table
ServiceMain
SvchostPushServiceGlobals
