ScreenShot
| Created | 2021.08.11 10:14 | Machine | s1_win7_x6402 |
| Filename | termsrv.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 780512970b44c32a56044aeff90bf838 | ||
| sha256 | 0ad0d87284d8c29f6deea82951f4eece7ec94c58bbabbe1cf8df75ee5aa47d1b | ||
| ssdeep | 24576:rBjohhYftdTMLf+qHbJdt3aw/zptiB5S:NjohCfPw7+q7ntqw/zpUB5S | ||
| imphash | 7df88e0684c200a3b664545c1d9e29ed | ||
| impfuzzy | 192:sgMQjFYUTtc4Xm/DBENepEm+CvDJny4aPJWPCbKuLsBCUg0wAbgQ33cBhYq8yojl:sgMQjF9Ta4Xm/DBs/m+CvDRoKuLsBCUb | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x1800c4fc0 _resetstkoflw
0x1800c4fc8 ?terminate@@YAXXZ
0x1800c4fd0 toupper
0x1800c4fd8 qsort
0x1800c4fe0 swprintf_s
0x1800c4fe8 iswspace
0x1800c4ff0 wcsrchr
0x1800c4ff8 wcschr
0x1800c5000 _wcsnicmp
0x1800c5008 _stricmp
0x1800c5010 _vsnprintf
0x1800c5018 ??0exception@@QEAA@AEBV0@@Z
0x1800c5020 free
0x1800c5028 ??1exception@@UEAA@XZ
0x1800c5030 malloc
0x1800c5038 _callnewh
0x1800c5040 wcstok_s
0x1800c5048 memmove_s
0x1800c5050 ?what@exception@@UEBAPEBDXZ
0x1800c5058 _CxxThrowException
0x1800c5060 __CxxFrameHandler3
0x1800c5068 memcpy
0x1800c5070 memmove
0x1800c5078 _XcptFilter
0x1800c5080 _amsg_exit
0x1800c5088 _initterm
0x1800c5090 _lock
0x1800c5098 _unlock
0x1800c50a0 __dllonexit
0x1800c50a8 _onexit
0x1800c50b0 _errno
0x1800c50b8 memcpy_s
0x1800c50c0 _vsnwprintf
0x1800c50c8 _wcsicmp
0x1800c50d0 _purecall
0x1800c50d8 __C_specific_handler
0x1800c50e0 realloc
0x1800c50e8 ??1type_info@@UEAA@XZ
0x1800c50f0 ??0exception@@QEAA@AEBQEBD@Z
0x1800c50f8 wcsncpy_s
0x1800c5100 ??_V@YAXPEAX@Z
0x1800c5108 ??0exception@@QEAA@AEBQEBDH@Z
0x1800c5110 ??3@YAXPEAX@Z
0x1800c5118 memcmp
0x1800c5120 memset
ntdll.dll
0x1800c5130 NtOpenProcess
0x1800c5138 NtOpenProcessToken
0x1800c5140 RtlDeleteSecurityObject
0x1800c5148 RtlCopySecurityDescriptor
0x1800c5150 RtlGetControlSecurityDescriptor
0x1800c5158 RtlCreateUserSecurityObject
0x1800c5160 NtQueryInformationProcess
0x1800c5168 RtlLengthSid
0x1800c5170 NtDuplicateToken
0x1800c5178 RtlAcquireResourceExclusive
0x1800c5180 NtQueryInformationToken
0x1800c5188 RtlAcquireResourceShared
0x1800c5190 RtlNtStatusToDosError
0x1800c5198 DbgPrint
0x1800c51a0 RtlEqualSid
0x1800c51a8 RtlVerifyVersionInfo
0x1800c51b0 RtlCaptureStackBackTrace
0x1800c51b8 NtQuerySystemInformation
0x1800c51c0 NtQueryVirtualMemory
0x1800c51c8 RtlFreeSid
0x1800c51d0 RtlReleaseResource
0x1800c51d8 RtlVirtualUnwind
0x1800c51e0 RtlLookupFunctionEntry
0x1800c51e8 RtlCaptureContext
0x1800c51f0 VerSetConditionMask
0x1800c51f8 RtlCompareMemory
0x1800c5200 RtlInitString
0x1800c5208 NtCreateFile
0x1800c5210 RtlInitUnicodeString
0x1800c5218 RtlAdjustPrivilege
0x1800c5220 RtlNumberGenericTableElements
0x1800c5228 EtwEventActivityIdControl
0x1800c5230 RtlClearBits
0x1800c5238 RtlAreBitsSet
0x1800c5240 RtlFindClearBitsAndSet
0x1800c5248 RtlInitializeBitMap
0x1800c5250 NtQuerySystemTime
0x1800c5258 EtwEventWriteTransfer
0x1800c5260 RtlEnumerateGenericTable
0x1800c5268 RtlLookupElementGenericTable
0x1800c5270 RtlDeleteElementGenericTable
0x1800c5278 RtlInsertElementGenericTable
0x1800c5280 RtlInitializeGenericTable
0x1800c5288 RtlInitializeResource
0x1800c5290 RtlDeleteResource
0x1800c5298 EtwEventWriteFull
0x1800c52a0 RtlAllocateAndInitializeSid
0x1800c52a8 EtwEventRegister
0x1800c52b0 EtwEventUnregister
0x1800c52b8 RtlCopySid
api-ms-win-core-errorhandling-l1-1-0.dll
0x1800c4988 GetLastError
0x1800c4990 SetUnhandledExceptionFilter
0x1800c4998 SetLastError
0x1800c49a0 RaiseException
0x1800c49a8 UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
0x1800c4a90 LoadStringW
0x1800c4a98 GetModuleHandleW
0x1800c4aa0 LoadLibraryExW
0x1800c4aa8 FreeLibrary
0x1800c4ab0 GetModuleFileNameW
0x1800c4ab8 FindResourceExW
0x1800c4ac0 LoadResource
0x1800c4ac8 SizeofResource
0x1800c4ad0 GetProcAddress
0x1800c4ad8 GetModuleFileNameA
0x1800c4ae0 GetModuleHandleExW
0x1800c4ae8 DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0.dll
0x1800c4c70 WaitForSingleObject
0x1800c4c78 OpenSemaphoreW
0x1800c4c80 OpenEventW
0x1800c4c88 WaitForSingleObjectEx
0x1800c4c90 WaitForMultipleObjectsEx
0x1800c4c98 CreateEventW
0x1800c4ca0 DeleteCriticalSection
0x1800c4ca8 InitializeCriticalSection
0x1800c4cb0 SetEvent
0x1800c4cb8 EnterCriticalSection
0x1800c4cc0 LeaveCriticalSection
0x1800c4cc8 InitializeCriticalSectionAndSpinCount
0x1800c4cd0 AcquireSRWLockExclusive
0x1800c4cd8 ReleaseSRWLockExclusive
0x1800c4ce0 ReleaseMutex
0x1800c4ce8 ReleaseSemaphore
0x1800c4cf0 ResetEvent
0x1800c4cf8 CreateSemaphoreExW
0x1800c4d00 CreateMutexExW
0x1800c4d08 InitializeSRWLock
0x1800c4d10 ReleaseSRWLockShared
0x1800c4d18 AcquireSRWLockShared
0x1800c4d20 InitializeCriticalSectionEx
api-ms-win-core-processthreads-l1-1-0.dll
0x1800c4b28 ExitThread
0x1800c4b30 GetCurrentThreadId
0x1800c4b38 TlsAlloc
0x1800c4b40 TerminateProcess
0x1800c4b48 CreateProcessW
0x1800c4b50 OpenProcessToken
0x1800c4b58 CreateThread
0x1800c4b60 ProcessIdToSessionId
0x1800c4b68 GetCurrentThread
0x1800c4b70 OpenThreadToken
0x1800c4b78 TlsGetValue
0x1800c4b80 GetExitCodeThread
0x1800c4b88 GetCurrentProcess
0x1800c4b90 GetCurrentProcessId
0x1800c4b98 TlsSetValue
0x1800c4ba0 CreateProcessAsUserW
0x1800c4ba8 TlsFree
WS2_32.dll
0x1800c4908 WSAGetLastError
0x1800c4910 WSAStartup
0x1800c4918 WSACleanup
0x1800c4920 GetNameInfoW
api-ms-win-core-debug-l1-1-0.dll
0x1800c4940 OutputDebugStringA
0x1800c4948 IsDebuggerPresent
0x1800c4950 OutputDebugStringW
0x1800c4958 DebugBreak
api-ms-win-core-synch-l1-2-0.dll
0x1800c4d30 Sleep
api-ms-win-core-handle-l1-1-0.dll
0x1800c49e0 CloseHandle
0x1800c49e8 DuplicateHandle
api-ms-win-core-heap-l2-1-0.dll
0x1800c4a18 LocalAlloc
0x1800c4a20 LocalFree
api-ms-win-core-registry-l1-1-0.dll
0x1800c4be8 RegQueryValueExW
0x1800c4bf0 RegOpenKeyExW
0x1800c4bf8 RegEnumKeyExW
0x1800c4c00 RegQueryInfoKeyW
0x1800c4c08 RegGetValueW
0x1800c4c10 RegSetValueExW
0x1800c4c18 RegCreateKeyExW
0x1800c4c20 RegDeleteValueW
0x1800c4c28 RegCloseKey
api-ms-win-core-localization-l1-2-0.dll
0x1800c4b08 FormatMessageW
api-ms-win-core-heap-l1-1-0.dll
0x1800c49f8 HeapFree
0x1800c4a00 HeapAlloc
0x1800c4a08 GetProcessHeap
api-ms-win-core-threadpool-l1-2-0.dll
0x1800c4da0 CloseThreadpool
0x1800c4da8 CreateThreadpool
0x1800c4db0 SetThreadpoolThreadMaximum
0x1800c4db8 SetThreadpoolThreadMinimum
0x1800c4dc0 CloseThreadpoolTimer
0x1800c4dc8 CreateThreadpoolCleanupGroup
0x1800c4dd0 CloseThreadpoolCleanupGroup
0x1800c4dd8 TrySubmitThreadpoolCallback
0x1800c4de0 CreateThreadpoolTimer
0x1800c4de8 WaitForThreadpoolTimerCallbacks
0x1800c4df0 CloseThreadpoolCleanupGroupMembers
0x1800c4df8 SetThreadpoolTimer
api-ms-win-security-base-l1-1-0.dll
0x1800c4ed8 MakeAbsoluteSD
0x1800c4ee0 GetAclInformation
0x1800c4ee8 MakeSelfRelativeSD
0x1800c4ef0 ImpersonateLoggedOnUser
0x1800c4ef8 RevertToSelf
0x1800c4f00 EqualSid
0x1800c4f08 CopySid
0x1800c4f10 GetLengthSid
0x1800c4f18 IsValidSid
0x1800c4f20 AllocateLocallyUniqueId
0x1800c4f28 GetTokenInformation
0x1800c4f30 GetSecurityDescriptorLength
0x1800c4f38 SetSecurityDescriptorDacl
0x1800c4f40 GetAce
0x1800c4f48 GetFileSecurityW
0x1800c4f50 CreateWellKnownSid
0x1800c4f58 AddAce
0x1800c4f60 CheckTokenMembership
0x1800c4f68 InitializeSecurityDescriptor
0x1800c4f70 InitializeAcl
0x1800c4f78 GetSecurityDescriptorDacl
0x1800c4f80 DuplicateTokenEx
0x1800c4f88 DuplicateToken
0x1800c4f90 AccessCheckAndAuditAlarmW
0x1800c4f98 AllocateAndInitializeSid
0x1800c4fa0 GetSecurityDescriptorControl
0x1800c4fa8 IsValidSecurityDescriptor
0x1800c4fb0 FreeSid
api-ms-win-core-processenvironment-l1-1-0.dll
0x1800c4b18 ExpandEnvironmentStringsW
api-ms-win-core-string-l2-1-0.dll
0x1800c4c48 CharNextW
api-ms-win-core-string-l1-1-0.dll
0x1800c4c38 MultiByteToWideChar
api-ms-win-core-sysinfo-l1-1-0.dll
0x1800c4d58 GetVersionExW
0x1800c4d60 GetSystemDirectoryW
0x1800c4d68 GetSystemTime
0x1800c4d70 GetSystemTimeAsFileTime
0x1800c4d78 GetTickCount
0x1800c4d80 GetTickCount64
api-ms-win-core-sysinfo-l1-2-0.dll
0x1800c4d90 GetProductInfo
api-ms-win-core-libraryloader-l1-2-1.dll
0x1800c4af8 LoadLibraryW
RPCRT4.dll
0x1800c4818 RpcServerListen
0x1800c4820 RpcServerUnregisterIfEx
0x1800c4828 RpcBindingToStringBindingW
0x1800c4830 RpcStringBindingParseW
0x1800c4838 RpcStringFreeW
0x1800c4840 RpcServerInqCallAttributesW
0x1800c4848 RpcImpersonateClient
0x1800c4850 RpcRevertToSelf
0x1800c4858 I_RpcBindingInqLocalClientPID
0x1800c4860 NdrServerCallAll
0x1800c4868 RpcServerRegisterAuthInfoW
0x1800c4870 RpcServerRegisterIf3
0x1800c4878 I_RpcBindingIsClientLocal
0x1800c4880 UuidToStringW
0x1800c4888 UuidFromStringW
0x1800c4890 NdrServerCall2
0x1800c4898 RpcServerRegisterIfEx
0x1800c48a0 RpcServerInqDefaultPrincNameW
0x1800c48a8 RpcServerUseProtseqEpW
api-ms-win-core-io-l1-1-0.dll
0x1800c4a40 DeviceIoControl
api-ms-win-core-file-l1-1-0.dll
0x1800c49b8 QueryDosDeviceW
0x1800c49c0 CreateFileW
0x1800c49c8 CreateDirectoryW
0x1800c49d0 CompareFileTime
api-ms-win-core-synch-l1-2-1.dll
0x1800c4d40 CreateSemaphoreW
0x1800c4d48 WaitForMultipleObjects
api-ms-win-core-profile-l1-1-0.dll
0x1800c4bc8 QueryPerformanceCounter
api-ms-win-core-string-obsolete-l1-1-0.dll
0x1800c4c58 lstrcmpW
0x1800c4c60 lstrcmpiW
api-ms-win-core-threadpool-legacy-l1-1-0.dll
0x1800c4e08 QueueUserWorkItem
0x1800c4e10 CreateTimerQueue
0x1800c4e18 CreateTimerQueueTimer
0x1800c4e20 DeleteTimerQueueEx
0x1800c4e28 UnregisterWaitEx
0x1800c4e30 DeleteTimerQueueTimer
api-ms-win-core-kernel32-legacy-l1-1-0.dll
0x1800c4a50 RegisterWaitForSingleObject
0x1800c4a58 GetComputerNameW
0x1800c4a60 UnregisterWait
api-ms-win-core-kernel32-legacy-l1-1-1.dll
0x1800c4a70 VerifyVersionInfoW
api-ms-win-core-kernel32-private-l1-1-0.dll
0x1800c4a80 CheckElevationEnabled
api-ms-win-devices-query-l1-1-0.dll
0x1800c4e50 DevFindProperty
0x1800c4e58 DevCloseObjectQuery
0x1800c4e60 DevCreateObjectQuery
KERNELBASE.dll
0x1800c4808 WTSIsServerContainer
USER32.dll
0x1800c48f8 UnregisterDeviceNotification
KERNEL32.dll
0x1800c47f8 OOBEComplete
UMPDC.dll
0x1800c48b8 Pdcv2ActivationClientActivate
0x1800c48c0 PdcTaskClientRegister
0x1800c48c8 Pdcv2ActivationClientRegister
0x1800c48d0 Pdcv2ActivationClientDeactivate
0x1800c48d8 PdcTaskClientRequest
0x1800c48e0 PdcTaskClientUnregister
0x1800c48e8 Pdcv2ActivationClientUnregister
api-ms-win-eventing-classicprovider-l1-1-0.dll
0x1800c4e70 TraceMessage
api-ms-win-eventing-provider-l1-1-0.dll
0x1800c4ea0 EventWriteTransfer
0x1800c4ea8 EventActivityIdControl
0x1800c4eb0 EventUnregister
0x1800c4eb8 EventProviderEnabled
0x1800c4ec0 EventRegister
0x1800c4ec8 EventSetInformation
api-ms-win-core-processthreads-l1-1-1.dll
0x1800c4bb8 OpenProcess
api-ms-win-core-psapi-l1-1-0.dll
0x1800c4bd8 K32EnumProcessModules
api-ms-win-eventing-controller-l1-1-0.dll
0x1800c4e80 StartTraceW
0x1800c4e88 ControlTraceW
0x1800c4e90 EnableTraceEx2
api-ms-win-core-timezone-l1-1-0.dll
0x1800c4e40 SystemTimeToFileTime
api-ms-win-core-delayload-l1-1-1.dll
0x1800c4978 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x1800c4968 DelayLoadFailureHook
api-ms-win-core-heap-obsolete-l1-1-0.dll
0x1800c4a30 LocalSize
api-ms-win-core-apiquery-l1-1-0.dll
0x1800c4930 ApiSetQueryApiSetPresence
EAT(Export Address Table) Library
0x18002e020 ServiceMain
0x18002e950 SvchostPushServiceGlobals
msvcrt.dll
0x1800c4fc0 _resetstkoflw
0x1800c4fc8 ?terminate@@YAXXZ
0x1800c4fd0 toupper
0x1800c4fd8 qsort
0x1800c4fe0 swprintf_s
0x1800c4fe8 iswspace
0x1800c4ff0 wcsrchr
0x1800c4ff8 wcschr
0x1800c5000 _wcsnicmp
0x1800c5008 _stricmp
0x1800c5010 _vsnprintf
0x1800c5018 ??0exception@@QEAA@AEBV0@@Z
0x1800c5020 free
0x1800c5028 ??1exception@@UEAA@XZ
0x1800c5030 malloc
0x1800c5038 _callnewh
0x1800c5040 wcstok_s
0x1800c5048 memmove_s
0x1800c5050 ?what@exception@@UEBAPEBDXZ
0x1800c5058 _CxxThrowException
0x1800c5060 __CxxFrameHandler3
0x1800c5068 memcpy
0x1800c5070 memmove
0x1800c5078 _XcptFilter
0x1800c5080 _amsg_exit
0x1800c5088 _initterm
0x1800c5090 _lock
0x1800c5098 _unlock
0x1800c50a0 __dllonexit
0x1800c50a8 _onexit
0x1800c50b0 _errno
0x1800c50b8 memcpy_s
0x1800c50c0 _vsnwprintf
0x1800c50c8 _wcsicmp
0x1800c50d0 _purecall
0x1800c50d8 __C_specific_handler
0x1800c50e0 realloc
0x1800c50e8 ??1type_info@@UEAA@XZ
0x1800c50f0 ??0exception@@QEAA@AEBQEBD@Z
0x1800c50f8 wcsncpy_s
0x1800c5100 ??_V@YAXPEAX@Z
0x1800c5108 ??0exception@@QEAA@AEBQEBDH@Z
0x1800c5110 ??3@YAXPEAX@Z
0x1800c5118 memcmp
0x1800c5120 memset
ntdll.dll
0x1800c5130 NtOpenProcess
0x1800c5138 NtOpenProcessToken
0x1800c5140 RtlDeleteSecurityObject
0x1800c5148 RtlCopySecurityDescriptor
0x1800c5150 RtlGetControlSecurityDescriptor
0x1800c5158 RtlCreateUserSecurityObject
0x1800c5160 NtQueryInformationProcess
0x1800c5168 RtlLengthSid
0x1800c5170 NtDuplicateToken
0x1800c5178 RtlAcquireResourceExclusive
0x1800c5180 NtQueryInformationToken
0x1800c5188 RtlAcquireResourceShared
0x1800c5190 RtlNtStatusToDosError
0x1800c5198 DbgPrint
0x1800c51a0 RtlEqualSid
0x1800c51a8 RtlVerifyVersionInfo
0x1800c51b0 RtlCaptureStackBackTrace
0x1800c51b8 NtQuerySystemInformation
0x1800c51c0 NtQueryVirtualMemory
0x1800c51c8 RtlFreeSid
0x1800c51d0 RtlReleaseResource
0x1800c51d8 RtlVirtualUnwind
0x1800c51e0 RtlLookupFunctionEntry
0x1800c51e8 RtlCaptureContext
0x1800c51f0 VerSetConditionMask
0x1800c51f8 RtlCompareMemory
0x1800c5200 RtlInitString
0x1800c5208 NtCreateFile
0x1800c5210 RtlInitUnicodeString
0x1800c5218 RtlAdjustPrivilege
0x1800c5220 RtlNumberGenericTableElements
0x1800c5228 EtwEventActivityIdControl
0x1800c5230 RtlClearBits
0x1800c5238 RtlAreBitsSet
0x1800c5240 RtlFindClearBitsAndSet
0x1800c5248 RtlInitializeBitMap
0x1800c5250 NtQuerySystemTime
0x1800c5258 EtwEventWriteTransfer
0x1800c5260 RtlEnumerateGenericTable
0x1800c5268 RtlLookupElementGenericTable
0x1800c5270 RtlDeleteElementGenericTable
0x1800c5278 RtlInsertElementGenericTable
0x1800c5280 RtlInitializeGenericTable
0x1800c5288 RtlInitializeResource
0x1800c5290 RtlDeleteResource
0x1800c5298 EtwEventWriteFull
0x1800c52a0 RtlAllocateAndInitializeSid
0x1800c52a8 EtwEventRegister
0x1800c52b0 EtwEventUnregister
0x1800c52b8 RtlCopySid
api-ms-win-core-errorhandling-l1-1-0.dll
0x1800c4988 GetLastError
0x1800c4990 SetUnhandledExceptionFilter
0x1800c4998 SetLastError
0x1800c49a0 RaiseException
0x1800c49a8 UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
0x1800c4a90 LoadStringW
0x1800c4a98 GetModuleHandleW
0x1800c4aa0 LoadLibraryExW
0x1800c4aa8 FreeLibrary
0x1800c4ab0 GetModuleFileNameW
0x1800c4ab8 FindResourceExW
0x1800c4ac0 LoadResource
0x1800c4ac8 SizeofResource
0x1800c4ad0 GetProcAddress
0x1800c4ad8 GetModuleFileNameA
0x1800c4ae0 GetModuleHandleExW
0x1800c4ae8 DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0.dll
0x1800c4c70 WaitForSingleObject
0x1800c4c78 OpenSemaphoreW
0x1800c4c80 OpenEventW
0x1800c4c88 WaitForSingleObjectEx
0x1800c4c90 WaitForMultipleObjectsEx
0x1800c4c98 CreateEventW
0x1800c4ca0 DeleteCriticalSection
0x1800c4ca8 InitializeCriticalSection
0x1800c4cb0 SetEvent
0x1800c4cb8 EnterCriticalSection
0x1800c4cc0 LeaveCriticalSection
0x1800c4cc8 InitializeCriticalSectionAndSpinCount
0x1800c4cd0 AcquireSRWLockExclusive
0x1800c4cd8 ReleaseSRWLockExclusive
0x1800c4ce0 ReleaseMutex
0x1800c4ce8 ReleaseSemaphore
0x1800c4cf0 ResetEvent
0x1800c4cf8 CreateSemaphoreExW
0x1800c4d00 CreateMutexExW
0x1800c4d08 InitializeSRWLock
0x1800c4d10 ReleaseSRWLockShared
0x1800c4d18 AcquireSRWLockShared
0x1800c4d20 InitializeCriticalSectionEx
api-ms-win-core-processthreads-l1-1-0.dll
0x1800c4b28 ExitThread
0x1800c4b30 GetCurrentThreadId
0x1800c4b38 TlsAlloc
0x1800c4b40 TerminateProcess
0x1800c4b48 CreateProcessW
0x1800c4b50 OpenProcessToken
0x1800c4b58 CreateThread
0x1800c4b60 ProcessIdToSessionId
0x1800c4b68 GetCurrentThread
0x1800c4b70 OpenThreadToken
0x1800c4b78 TlsGetValue
0x1800c4b80 GetExitCodeThread
0x1800c4b88 GetCurrentProcess
0x1800c4b90 GetCurrentProcessId
0x1800c4b98 TlsSetValue
0x1800c4ba0 CreateProcessAsUserW
0x1800c4ba8 TlsFree
WS2_32.dll
0x1800c4908 WSAGetLastError
0x1800c4910 WSAStartup
0x1800c4918 WSACleanup
0x1800c4920 GetNameInfoW
api-ms-win-core-debug-l1-1-0.dll
0x1800c4940 OutputDebugStringA
0x1800c4948 IsDebuggerPresent
0x1800c4950 OutputDebugStringW
0x1800c4958 DebugBreak
api-ms-win-core-synch-l1-2-0.dll
0x1800c4d30 Sleep
api-ms-win-core-handle-l1-1-0.dll
0x1800c49e0 CloseHandle
0x1800c49e8 DuplicateHandle
api-ms-win-core-heap-l2-1-0.dll
0x1800c4a18 LocalAlloc
0x1800c4a20 LocalFree
api-ms-win-core-registry-l1-1-0.dll
0x1800c4be8 RegQueryValueExW
0x1800c4bf0 RegOpenKeyExW
0x1800c4bf8 RegEnumKeyExW
0x1800c4c00 RegQueryInfoKeyW
0x1800c4c08 RegGetValueW
0x1800c4c10 RegSetValueExW
0x1800c4c18 RegCreateKeyExW
0x1800c4c20 RegDeleteValueW
0x1800c4c28 RegCloseKey
api-ms-win-core-localization-l1-2-0.dll
0x1800c4b08 FormatMessageW
api-ms-win-core-heap-l1-1-0.dll
0x1800c49f8 HeapFree
0x1800c4a00 HeapAlloc
0x1800c4a08 GetProcessHeap
api-ms-win-core-threadpool-l1-2-0.dll
0x1800c4da0 CloseThreadpool
0x1800c4da8 CreateThreadpool
0x1800c4db0 SetThreadpoolThreadMaximum
0x1800c4db8 SetThreadpoolThreadMinimum
0x1800c4dc0 CloseThreadpoolTimer
0x1800c4dc8 CreateThreadpoolCleanupGroup
0x1800c4dd0 CloseThreadpoolCleanupGroup
0x1800c4dd8 TrySubmitThreadpoolCallback
0x1800c4de0 CreateThreadpoolTimer
0x1800c4de8 WaitForThreadpoolTimerCallbacks
0x1800c4df0 CloseThreadpoolCleanupGroupMembers
0x1800c4df8 SetThreadpoolTimer
api-ms-win-security-base-l1-1-0.dll
0x1800c4ed8 MakeAbsoluteSD
0x1800c4ee0 GetAclInformation
0x1800c4ee8 MakeSelfRelativeSD
0x1800c4ef0 ImpersonateLoggedOnUser
0x1800c4ef8 RevertToSelf
0x1800c4f00 EqualSid
0x1800c4f08 CopySid
0x1800c4f10 GetLengthSid
0x1800c4f18 IsValidSid
0x1800c4f20 AllocateLocallyUniqueId
0x1800c4f28 GetTokenInformation
0x1800c4f30 GetSecurityDescriptorLength
0x1800c4f38 SetSecurityDescriptorDacl
0x1800c4f40 GetAce
0x1800c4f48 GetFileSecurityW
0x1800c4f50 CreateWellKnownSid
0x1800c4f58 AddAce
0x1800c4f60 CheckTokenMembership
0x1800c4f68 InitializeSecurityDescriptor
0x1800c4f70 InitializeAcl
0x1800c4f78 GetSecurityDescriptorDacl
0x1800c4f80 DuplicateTokenEx
0x1800c4f88 DuplicateToken
0x1800c4f90 AccessCheckAndAuditAlarmW
0x1800c4f98 AllocateAndInitializeSid
0x1800c4fa0 GetSecurityDescriptorControl
0x1800c4fa8 IsValidSecurityDescriptor
0x1800c4fb0 FreeSid
api-ms-win-core-processenvironment-l1-1-0.dll
0x1800c4b18 ExpandEnvironmentStringsW
api-ms-win-core-string-l2-1-0.dll
0x1800c4c48 CharNextW
api-ms-win-core-string-l1-1-0.dll
0x1800c4c38 MultiByteToWideChar
api-ms-win-core-sysinfo-l1-1-0.dll
0x1800c4d58 GetVersionExW
0x1800c4d60 GetSystemDirectoryW
0x1800c4d68 GetSystemTime
0x1800c4d70 GetSystemTimeAsFileTime
0x1800c4d78 GetTickCount
0x1800c4d80 GetTickCount64
api-ms-win-core-sysinfo-l1-2-0.dll
0x1800c4d90 GetProductInfo
api-ms-win-core-libraryloader-l1-2-1.dll
0x1800c4af8 LoadLibraryW
RPCRT4.dll
0x1800c4818 RpcServerListen
0x1800c4820 RpcServerUnregisterIfEx
0x1800c4828 RpcBindingToStringBindingW
0x1800c4830 RpcStringBindingParseW
0x1800c4838 RpcStringFreeW
0x1800c4840 RpcServerInqCallAttributesW
0x1800c4848 RpcImpersonateClient
0x1800c4850 RpcRevertToSelf
0x1800c4858 I_RpcBindingInqLocalClientPID
0x1800c4860 NdrServerCallAll
0x1800c4868 RpcServerRegisterAuthInfoW
0x1800c4870 RpcServerRegisterIf3
0x1800c4878 I_RpcBindingIsClientLocal
0x1800c4880 UuidToStringW
0x1800c4888 UuidFromStringW
0x1800c4890 NdrServerCall2
0x1800c4898 RpcServerRegisterIfEx
0x1800c48a0 RpcServerInqDefaultPrincNameW
0x1800c48a8 RpcServerUseProtseqEpW
api-ms-win-core-io-l1-1-0.dll
0x1800c4a40 DeviceIoControl
api-ms-win-core-file-l1-1-0.dll
0x1800c49b8 QueryDosDeviceW
0x1800c49c0 CreateFileW
0x1800c49c8 CreateDirectoryW
0x1800c49d0 CompareFileTime
api-ms-win-core-synch-l1-2-1.dll
0x1800c4d40 CreateSemaphoreW
0x1800c4d48 WaitForMultipleObjects
api-ms-win-core-profile-l1-1-0.dll
0x1800c4bc8 QueryPerformanceCounter
api-ms-win-core-string-obsolete-l1-1-0.dll
0x1800c4c58 lstrcmpW
0x1800c4c60 lstrcmpiW
api-ms-win-core-threadpool-legacy-l1-1-0.dll
0x1800c4e08 QueueUserWorkItem
0x1800c4e10 CreateTimerQueue
0x1800c4e18 CreateTimerQueueTimer
0x1800c4e20 DeleteTimerQueueEx
0x1800c4e28 UnregisterWaitEx
0x1800c4e30 DeleteTimerQueueTimer
api-ms-win-core-kernel32-legacy-l1-1-0.dll
0x1800c4a50 RegisterWaitForSingleObject
0x1800c4a58 GetComputerNameW
0x1800c4a60 UnregisterWait
api-ms-win-core-kernel32-legacy-l1-1-1.dll
0x1800c4a70 VerifyVersionInfoW
api-ms-win-core-kernel32-private-l1-1-0.dll
0x1800c4a80 CheckElevationEnabled
api-ms-win-devices-query-l1-1-0.dll
0x1800c4e50 DevFindProperty
0x1800c4e58 DevCloseObjectQuery
0x1800c4e60 DevCreateObjectQuery
KERNELBASE.dll
0x1800c4808 WTSIsServerContainer
USER32.dll
0x1800c48f8 UnregisterDeviceNotification
KERNEL32.dll
0x1800c47f8 OOBEComplete
UMPDC.dll
0x1800c48b8 Pdcv2ActivationClientActivate
0x1800c48c0 PdcTaskClientRegister
0x1800c48c8 Pdcv2ActivationClientRegister
0x1800c48d0 Pdcv2ActivationClientDeactivate
0x1800c48d8 PdcTaskClientRequest
0x1800c48e0 PdcTaskClientUnregister
0x1800c48e8 Pdcv2ActivationClientUnregister
api-ms-win-eventing-classicprovider-l1-1-0.dll
0x1800c4e70 TraceMessage
api-ms-win-eventing-provider-l1-1-0.dll
0x1800c4ea0 EventWriteTransfer
0x1800c4ea8 EventActivityIdControl
0x1800c4eb0 EventUnregister
0x1800c4eb8 EventProviderEnabled
0x1800c4ec0 EventRegister
0x1800c4ec8 EventSetInformation
api-ms-win-core-processthreads-l1-1-1.dll
0x1800c4bb8 OpenProcess
api-ms-win-core-psapi-l1-1-0.dll
0x1800c4bd8 K32EnumProcessModules
api-ms-win-eventing-controller-l1-1-0.dll
0x1800c4e80 StartTraceW
0x1800c4e88 ControlTraceW
0x1800c4e90 EnableTraceEx2
api-ms-win-core-timezone-l1-1-0.dll
0x1800c4e40 SystemTimeToFileTime
api-ms-win-core-delayload-l1-1-1.dll
0x1800c4978 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x1800c4968 DelayLoadFailureHook
api-ms-win-core-heap-obsolete-l1-1-0.dll
0x1800c4a30 LocalSize
api-ms-win-core-apiquery-l1-1-0.dll
0x1800c4930 ApiSetQueryApiSetPresence
EAT(Export Address Table) Library
0x18002e020 ServiceMain
0x18002e950 SvchostPushServiceGlobals