Import table
advapi32.dll
TraceMessage, StartTraceW, FlushTraceW, EnableTraceEx, StopTraceW, AllocateAndInitializeSid, DuplicateToken, CheckTokenMembership, FreeSid, GetTokenInformation, GetLengthSid, CopySid, OpenProcessToken, ConvertSidToStringSidW, RegisterServiceCtrlHandlerExW, EventRegister, EventWrite, EventUnregister, SetServiceStatus, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, ControlTraceW, RegCreateKeyExW, RegEnumKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegFlushKey, RegCloseKey, RegGetValueW
aepic.dll
PicFreeFileInfo, PicRetrieveFileInfo, PicAmiClose, PicAmiInitialize
api-ms-win-core-appcompat-l1-1-1.dll
BaseFreeAppCompatDataForProcess, BaseReadAppCompatDataForProcess
api-ms-win-core-com-l1-1-0.dll
CoCreateInstance, CoUninitialize, StringFromGUID2, CoInitializeEx, CoCreateGuid
api-ms-win-core-com-l1-1-1.dll
CoCreateGuid, CoUninitialize, CoInitializeEx, StringFromGUID2, CoCreateInstance
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, GetLastError, SetUnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-file-l1-1-1.dll
GetDriveTypeW, GetTempFileNameW, DeleteFileW, ReadFile, CreateFileW, GetFileSizeEx, GetLongPathNameW, CreateDirectoryW, GetFileSize, GetTempPathW, GetFileAttributesW, QueryDosDeviceW, GetLogicalDriveStringsW, GetFileInformationByHandle, FindFirstFileW, FindNextFileW, FindClose
api-ms-win-core-file-l1-2-0.dll
GetFileSizeEx, DeleteFileW, QueryDosDeviceW, CreateFileW, GetVolumeNameForVolumeMountPointW, GetLogicalDriveStringsW, GetDriveTypeW, CreateDirectoryW, GetTempFileNameW, GetFileSize, GetVolumeInformationW, ReadFile, GetTempPathW, GetLongPathNameW, GetFileInformationByHandle, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
GetDriveTypeW, CreateDirectoryW, GetTempPathW, GetFileAttributesW, CreateFileW, GetFileSizeEx, GetLongPathNameW, GetTempFileNameW, QueryDosDeviceW, GetFileInformationByHandle, GetFileSize, GetVolumeNameForVolumeMountPointW, DeleteFileW, GetLogicalDriveStringsW, GetVolumeInformationW, ReadFile
api-ms-win-core-handle-l1-1-0.dll
CloseHandle, DuplicateHandle
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapAlloc, GetProcessHeap, HeapReAlloc
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedExchange, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedExchange, InterlockedDecrement, InterlockedIncrement, InterlockedCompareExchange
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, InterlockedIncrement
api-ms-win-core-io-l1-1-1.dll
GetQueuedCompletionStatus, CreateIoCompletionPort, PostQueuedCompletionStatus
api-ms-win-core-job-l1-1-0.dll
IsProcessInJob
api-ms-win-core-kernel32-legacy-l1-1-0.dll
UnregisterWait, WTSGetActiveConsoleSessionId, WaitForMultipleObjects, CopyFileW, QueryFullProcessImageNameW
api-ms-win-core-kernel32-legacy-l1-1-1.dll
UnregisterWait, WTSGetActiveConsoleSessionId, WaitForMultipleObjects, CopyFileW
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, GetModuleHandleW
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleW, LoadStringW
api-ms-win-core-localization-l1-1-1.dll
LocaleNameToLCID
api-ms-win-core-memory-l1-1-1.dll
WriteProcessMemory, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW
api-ms-win-core-memory-l1-1-2.dll
WriteProcessMemory, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile
api-ms-win-core-path-l1-1-0.dll
PathIsUNCEx, PathCchRemoveFileSpec, PathCchAppend
api-ms-win-core-processenvironment-l1-1-0.dll
ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-1-1.dll
ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-1.dll
IsProcessorFeaturePresent, GetCurrentProcess, GetExitCodeProcess, OpenProcess, GetCurrentProcessId, OpenProcessToken, ProcessIdToSessionId, GetCurrentThreadId, GetProcessId, TerminateProcess, CreateThread, CreateProcessW
api-ms-win-core-processthreads-l1-1-2.dll
GetProcessId, OpenProcess, IsProcessorFeaturePresent, OpenProcessToken, GetExitCodeProcess, GetCurrentThreadId, CreateProcessAsUserW, GetCurrentProcessId, CreateThread, GetCurrentProcess, TerminateProcess, ProcessIdToSessionId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegLoadAppKeyW, RegDeleteKeyExW, RegOpenKeyExW, RegCloseKey, RegCreateKeyExW, RegQueryValueExW, RegDeleteValueW, RegEnumKeyExW, RegNotifyChangeKeyValue, RegSetValueExW, RegGetValueW
api-ms-win-core-registry-l2-1-0.dll
RegDeleteKeyValueW, RegSetKeyValueW, RegDeleteKeyW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
PathSkipRootW, PathFindExtensionW, PathGetDriveNumberW, PathFileExistsW
api-ms-win-core-string-l1-1-0.dll
CompareStringOrdinal
api-ms-win-core-synch-l1-1-1.dll
Sleep, TryEnterCriticalSection, WaitForSingleObject, CreateEventW, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, ResetEvent, SetEvent, DeleteCriticalSection
api-ms-win-core-synch-l1-2-0.dll
LeaveCriticalSection, SetEvent, WaitForSingleObject, TryEnterCriticalSection, ResetEvent, CreateEventW, EnterCriticalSection, Sleep, DeleteCriticalSection, InitializeCriticalSection
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetTickCount64, GetSystemInfo, GetSystemWindowsDirectoryW, GetSystemTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetTickCount, GetSystemWindowsDirectoryW, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetSystemWindowsDirectoryW, GetSystemTime, GetSystemInfo, GetSystemTimeAsFileTime, GetTickCount, GetTickCount64
api-ms-win-core-threadpool-l1-1-1.dll
CloseThreadpool, SubmitThreadpoolWork, WaitForThreadpoolWorkCallbacks, SetThreadpoolThreadMinimum, WaitForThreadpoolWaitCallbacks, CreateThreadpoolTimer, WaitForThreadpoolTimerCallbacks, QueueUserWorkItem, DeleteTimerQueueTimer, SetThreadpoolThreadMaximum, CreateThreadpoolWork, CreateThreadpoolWait, CreateThreadpool, CloseThreadpoolTimer, ChangeTimerQueueTimer, CloseThreadpoolWait, CreateTimerQueueTimer, SetThreadpoolWait, SetThreadpoolTimer, CloseThreadpoolWork
api-ms-win-core-threadpool-l1-2-0.dll
WaitForThreadpoolWorkCallbacks, SetThreadpoolThreadMinimum, WaitForThreadpoolWaitCallbacks, CloseThreadpool, SetThreadpoolThreadMaximum, WaitForThreadpoolTimerCallbacks, CreateThreadpoolTimer, CreateThreadpoolWait, CloseThreadpoolWork, CreateThreadpool, SubmitThreadpoolWork, SetThreadpoolWait, CloseThreadpoolTimer, CreateThreadpoolWork, CloseThreadpoolWait, SetThreadpoolTimer
api-ms-win-core-threadpool-legacy-l1-1-0.dll
DeleteTimerQueueTimer, CreateTimerQueueTimer, ChangeTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-version-l1-1-0.dll
GetFileVersionInfoExW, VerQueryValueW, GetFileVersionInfoSizeExW
api-ms-win-devices-config-l1-1-0.dll
CM_Get_Parent, CM_Get_Device_IDW
api-ms-win-devices-config-l1-1-1.dll
CM_Get_Parent, CM_Get_Device_IDW
api-ms-win-eventing-classicprovider-l1-1-0.dll
TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
StartTraceW, StopTraceW, ControlTraceW
api-ms-win-eventing-provider-l1-1-0.dll
EventWrite, EventUnregister, EventRegister
api-ms-win-legacy-advapi32-l1-1-0.dll
SetEntriesInAclW, RegSetKeyValueW, EnableTraceEx, FlushTraceW, RegDeleteKeyW
api-ms-win-legacy-kernel32-l1-1-0.dll
UnregisterWait, CheckElevationEnabled, QueryFullProcessImageNameW, CopyFileW
api-ms-win-legacy-shlwapi-l1-1-0.dll
PathSkipRootW, PathFindExtensionW, PathFileExistsW, PathGetDriveNumberW, PathStripToRootW
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalFree
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, GetTokenInformation, ImpersonateLoggedOnUser, InitializeSecurityDescriptor, RevertToSelf
api-ms-win-security-base-l1-2-0.dll
SetSecurityDescriptorOwner, AddAccessAllowedAce, InitializeAcl, SetSecurityDescriptorGroup, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetLengthSid, RevertToSelf, ImpersonateLoggedOnUser, AllocateAndInitializeSid, GetTokenInformation
api-ms-win-security-provider-l1-1-0.dll
SetEntriesInAclW
api-ms-win-security-sddl-l1-1-0.dll
ConvertSidToStringSidW
api-ms-win-service-core-l1-1-1.dll
SetServiceStatus, RegisterServiceCtrlHandlerExW
apphelp.dll
SdbInitDatabase, SdbTagRefToTagID, SdbGetMatchingExe, SdbQueryFlagMask, SdbFindFirstTag, SdbReleaseDatabase, SdbInitDatabaseEx, SdbReadEntryInformation, SdbGetDatabaseMatch, SdbReadBinaryTag, SdbGetEntryFlags, SdbAddLayerTagRefToQuery, SdbFindFirstTagRef, SdbFindFirstStringIndexedTag, SdbTagIDToTagRef, SdbFreeFileAttributes, SdbGetLayerName, SetPermLayerState, SdbQueryData, SdbGetPDBFromGUID, SdbGetFileAttributes, SdbGetAppPatchDir, SdbGetPermLayerKeys, ApphelpDebugPrintf, SdbGetPermMitigationKeys, SdbFindNextMitigation, SdbExtractPermMitigationInfo, SdbGetPermMitigationPath, SdbInitDatabaseInMemory, SdbUntagExeForReinstallUpgrade, SdbTagExeForReinstallUpgrade, SdbSetPermMitigationState, SdbFindFirstMitigation, SdbGetAppCompatData, DlDebugSetListener, DlDelete, DlPrintf, DlCreate, SdbGetStringTagPtr
kernel32.dll
GetSystemInfo, RegGetValueW, CancelWaitableTimer, PostQueuedCompletionStatus, UnregisterWait, ResetEvent, CreateEventW, WaitForMultipleObjectsEx, SetWaitableTimer, CreateWaitableTimerW, OutputDebugStringA, K32GetProcessImageFileNameW, OpenProcess, LocalFree, RegCloseKey, RegFlushKey, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, FileTimeToSystemTime, CreateThread, GetQueuedCompletionStatus, RegisterWaitForSingleObject, OpenEventW, CreateIoCompletionPort, InterlockedCompareExchange, CheckElevationEnabled, AssignProcessToJobObject, SetInformationJobObject, QueryInformationJobObject, GetBinaryTypeW, GetSystemTimeAsFileTime, GetProcessId, DuplicateHandle, GetCurrentProcess, OpenJobObjectW, ExpandEnvironmentStringsW, HeapFree, CreateProcessW, HeapAlloc, GetProcessHeap, FindClose, FindNextFileW, FindFirstFileW, RegOpenKeyExW, RegEnumKeyExW, CompareFileTime, CompareStringOrdinal, DeleteFileW, UnmapViewOfFile, WaitForSingleObject, CloseThreadpoolTimer, WaitForThreadpoolTimerCallbacks, GetSystemWindowsDirectoryW, MapViewOfFile, CreateFileMappingW, GetFileSize, CreateFileW, InterlockedDecrement, GetTempFileNameW, GetTempPathW, SetThreadpoolTimer, CreateThreadpoolTimer, RegNotifyChangeKeyValue, SetThreadpoolWait, WTSGetActiveConsoleSessionId, CloseThreadpool, CloseThreadpoolWork, WaitForThreadpoolWorkCallbacks, CloseThreadpoolWait, WaitForThreadpoolWaitCallbacks, CreateThreadpoolWait, CreateThreadpoolWork, SetThreadpoolThreadMinimum, SetThreadpoolThreadMaximum, CreateThreadpool, ReleaseActCtx, QueryActCtxW, CreateActCtxW, BasepCheckAppCompat, DelayLoadFailureHook, GetProcAddress, FreeLibrary, LoadLibraryExA, InterlockedExchange, Sleep, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadProcessMemory, SetEvent, GetLastError, GetSystemTime, GetExitCodeThread, IsWow64Process, SetLastError, LocalAlloc, GetDriveTypeW, GetSystemDirectoryW, LoadLibraryW, GetModuleHandleW, LoadLibraryExW, RegDeleteValueW, SizeofResource, LoadResource, FindResourceW, FindResourceExW, ReadFile, SetFilePointerEx, CreateDirectoryW, SystemTimeToFileTime, GetFileSizeEx, CloseHandle, CopyFileW, QueueUserWorkItem, SetErrorMode, GetDiskFreeSpaceExW, GetVolumeInformationW, lstrcmpiW, lstrcmpW, SetFilePointer, VirtualQuery, EnumResourceNamesW, SubmitThreadpoolWork, CheckElevation, RegEnumValueW, GetThreadTimes, GetCurrentThread, WriteFile, GetVersionExW, GetShortPathNameW, ReleaseMutex, CreateMutexW, ResolveDelayLoadedAPI, GetLocalTime, RegQueryInfoKeyW, GetFileTime, GetVolumePathNameW, RegSetKeySecurity, RegDeleteTreeW, RegUnLoadKeyW, RegLoadKeyW, GetFileAttributesExW, CreateJobObjectW, GetVolumeNameForVolumeMountPointW, MoveFileExW, K32GetModuleFileNameExW, WaitForMultipleObjects, QueryPerformanceFrequency, VirtualAlloc, VirtualFree, GetModuleFileNameW
msvcrt.dll
DllMain
ntdll.dll
NtQueryInformationFile, NtQuerySystemInformation, NtOpenProcessToken, EtwEventRegister, EtwEventWrite, EtwEventUnregister, RtlImageNtHeaderEx, NtQueryInformationProcess, RtlQueryEnvironmentVariable_U, RtlInitUnicodeString, RtlGetVersion, WinSqmIsOptedIn, EtwTraceMessage, NtOpenProcess, NtOpenThreadToken, NtDuplicateToken, NtQueryInformationToken, RtlNtStatusToDosError, NtClose, RtlNtStatusToDosErrorNoTeb, RtlInitializeSRWLock, RtlCreateHeap, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlAcquireSRWLockShared, RtlReleaseSRWLockShared, RtlFreeHeap, RtlAllocateHeap, RtlDestroyHeap, WinSqmIncrementDWORD, NtQuerySection, NtCreateSection, RtlImageRvaToVa, RtlImageDirectoryEntryToData, RtlReAllocateHeap, NtApphelpCacheControl, RtlFreeUnicodeString, NtCreateFile, NtOpenFile, RtlDosPathNameToNtPathName_U, RtlComputeCrc32, RtlCompareMemory, RtlFreeSid, RtlAllocateAndInitializeSid, RtlAdjustPrivilege, RtlValidSid, RtlInitializeCriticalSection, WinSqmAddToStreamEx, RtlLeaveCriticalSection, RtlDeleteCriticalSection, RtlTryEnterCriticalSection, RtlIsCriticalSectionLockedByThread, RtlSizeHeap, WinSqmEndSession, WinSqmStartSession, RtlEnterCriticalSection, RtlDoesFileExists_U, EtwEventWriteNoRegistration, WinSqmAddToStream, NtQuerySystemTime, RtlValidateHeap, RtlCheckTokenMembership, RtlImageNtHeader, NtResumeProcess, NtSuspendProcess, NtQueryValueKey, NtOpenKey, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlCreateUnicodeString, RtlGUIDFromString, RtlInitUnicodeStringEx
ole32.dll
CoCreateGuid
psapi.dll
GetProcessImageFileNameW
rpcrt4.dll
RpcServerUnregisterIf, RpcServerUseProtseqW, RpcServerInqBindings, RpcServerRegisterIfEx, RpcEpRegisterW, RpcBindingVectorFree, NdrServerCall2, RpcRevertToSelf, RpcImpersonateClient, I_RpcBindingInqLocalClientPID, RpcEpUnregister, RpcRevertToSelfEx
sfc.dll
SfcIsFileProtected
sfc_os.dll
SfcIsFileProtected
shlwapi.dll
PathFileExistsW, PathFindFileNameW, PathFindExtensionW, PathRemoveFileSpecW, PathStripToRootW, PathUnquoteSpacesW, PathQuoteSpacesW, PathRemoveArgsW, PathIsNetworkPathW, PathGetArgsW, PathAppendW, PathRemoveExtensionW
user32.dll
LoadStringW
userenv.dll
ExpandEnvironmentStringsForUserW
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
wevtapi.dll
EvtNext, EvtQuery, EvtClose, EvtCreateRenderContext, EvtSubscribe, EvtRender
Export table
ServiceMain
SvchostPushServiceGlobals