Import table
advapi32.dll
CreateWellKnownSid, TraceMessage, ReportEventW, DeregisterEventSource, RegisterEventSourceW, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, CopySid, IsValidAcl, AddAccessAllowedAceEx, FreeSid, AllocateAndInitializeSid, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ImpersonateLoggedOnUser, RevertToSelf, OpenThreadToken, EqualSid, GetTokenInformation, CheckTokenMembership, EventRegister, EventUnregister, EventWrite, RegConnectRegistryW
api-ms-win-core-localregistry-l1-1-0.dll
RegDeleteKeyExW, RegSetValueExW, RegOpenUserClassesRoot, RegDeleteValueW, RegCreateKeyExW, RegNotifyChangeKeyValue, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegOpenCurrentUser
kernel32.dll
SleepEx, OpenThread, SwitchToThread, TlsGetValue, TlsSetValue, GetModuleHandleExW, GetSystemInfo, TlsFree, TlsAlloc, FreeLibraryAndExitThread, GetModuleHandleW, DeleteTimerQueueTimer, CreateTimerQueueTimer, lstrcmpiW, CancelIo, WaitForSingleObjectEx, QueueUserAPC, ReadFileEx, ProcessIdToSessionId, CancelIoEx, GetThreadId, ResumeThread, ReleaseSemaphore, CreateSemaphoreW, WaitForMultipleObjects, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, QueryPerformanceCounter, InterlockedExchange, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, WaitForMultipleObjectsEx, lstrlenW, CreateWaitableTimerW, LoadLibraryW, GetProcAddress, GetTickCount, Sleep, CancelWaitableTimer, GetFileSize, ReadFile, FormatMessageW, GetTempPathW, WriteFile, DeleteFileW, QueryDosDeviceW, GetSystemWindowsDirectoryW, LocalAlloc, MultiByteToWideChar, FreeLibrary, GetCurrentThreadId, SetWaitableTimer, GetLastError, InitializeCriticalSection, DeleteCriticalSection, CloseHandle, GetCurrentThread, LocalFree, GetCurrentProcessId, DuplicateHandle, GetCurrentProcess, OpenProcess, InterlockedIncrement, GetVersionExW, InterlockedDecrement, LeaveCriticalSection, EnterCriticalSection, SetEvent, WaitForSingleObject, UnregisterWait, CreateEventW, SetLastError, HeapAlloc, DeviceIoControl, HeapFree, HeapReAlloc, ResetEvent, GetOverlappedResult, CreateFileW, VerifyVersionInfoW, CreateThread
msvcrt.dll
DllMain
ntdll.dll
RtlEnumerateGenericTableWithoutSplaying, EtwEventWrite, RtlMultiByteToUnicodeN, NtCreateFile, NtQueryInformationProcess, RtlInitUnicodeString, NtCreateSymbolicLinkObject, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, NtClose, NtMakeTemporaryObject, NtMakePermanentObject, RtlNtStatusToDosError, RtlOpenCurrentUser, VerSetConditionMask, DbgPrint, RtlEnumerateGenericTable, RtlDeleteResource, RtlDeleteElementGenericTable, RtlLookupElementGenericTable, RtlInsertElementGenericTable, RtlInitializeGenericTable, RtlInitializeResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, EtwEventRegister, RtlReleaseResource, EtwEventUnregister, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage
slc.dll
SLGetWindowsInformationDWORD
user32.dll
RegisterDeviceNotificationW, UnregisterDeviceNotification, LoadStringW, DispatchMessageW, PeekMessageW, MsgWaitForMultipleObjectsEx, PostThreadMessageW, PostMessageW, DestroyWindow, DefWindowProcW, RegisterClassExW, GetClassInfoExW, CreateWindowExW, UnregisterClassW
winspool.drv
DeletePrinter, SetPrinterW, OpenPrinterW, FindClosePrinterChangeNotification, EnumPrintersW, SetPrinterDataW, GetPrinterW, EnumPrinterDriversW, FindNextPrinterChangeNotification, FindFirstPrinterChangeNotification, FreePrinterNotifyInfo, GetPrinterDataW, ClosePrinter
Export table
ServiceMain
SvchostPushServiceGlobals
