Overview
overview
10Static
static
10kayflock-b...nt.dll
windows7-x64
1kayflock-b...nt.dll
windows10-2004-x64
1kayflock-b...on.exe
windows7-x64
1kayflock-b...on.exe
windows10-2004-x64
1kayflock-b...ck.exe
windows7-x64
1kayflock-b...ck.exe
windows10-2004-x64
7kayflock-b...us.dll
windows7-x64
1kayflock-b...us.dll
windows10-2004-x64
1kayflock-b...ne.exe
windows10-2004-x64
1kayflock-b...vc.exe
windows10-2004-x64
1kayflock-b...er.exe
windows10-2004-x64
1kayflock-b...ic.exe
windows7-x64
8kayflock-b...ic.exe
windows10-2004-x64
8kayflock-b...hh.exe
windows10-2004-x64
1kayflock-b...ad.exe
windows10-2004-x64
1kayflock-b...64.exe
windows10-2004-x64
1kayflock-b...32.dll
windows10-2004-x64
1kayflock-b...32.exe
windows10-2004-x64
1kayflock-b...te.exe
windows10-2004-x64
7Behavioral task
behavioral1
Sample
kayflock-beta/System.Management.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
kayflock-beta/System.Management.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
kayflock-beta/byfron.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
kayflock-beta/byfron.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
kayflock-beta/kayflock.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
kayflock-beta/kayflock.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
kayflock-beta/nexus.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
kayflock-beta/nexus.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
kayflock-beta/packages/ranks/HelpPane.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
kayflock-beta/packages/ranks/bfsvc.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
kayflock-beta/packages/ranks/explorer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
kayflock-beta/packages/ranks/hh.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
kayflock-beta/packages/ranks/notepad.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
kayflock-beta/packages/ranks/splwow64.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
kayflock-beta/packages/ranks/twain_32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
kayflock-beta/packages/ranks/winhlp32.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
kayflock-beta/packages/ranks/write.exe
Resource
win10v2004-20240412-en
General
-
Target
kayflock-beta.rar
-
Size
9.9MB
-
MD5
97aa3a079dd9755550f3dc33b5cfc215
-
SHA1
68706f4f9fada471773b87c051c1d0bbc0da1ac6
-
SHA256
9ecbf28720a944bdd3f3c20cdb3f4da7f40da903b651be520348e01a8efa2504
-
SHA512
bb94b7252d1eaf201ec3bac6ed154159c30c69759d9683866be1be4ee6c173581eb5ab033e5fb346dfb0eb811ec850204ae2b925d125230579c6978e7737990a
-
SSDEEP
196608:I9wZUrLVz1Ik1+pfk/1eAD5kh7mv486rCujLl/yvhEW9NZ1elAbinuDll:FY1zWk/1XD5Y7VPjhyvSWHZ1AGinGll
Malware Config
Signatures
-
AgentTesla payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/kayflock-beta/Guna.UI2.dll family_agenttesla -
Agenttesla family
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule static1/unpack001/kayflock-beta/nexus.dll agile_net -
Unsigned PE 11 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/kayflock-beta/byfron.dll unpack001/kayflock-beta/kayflock.exe unpack001/kayflock-beta/packages/ranks/HelpPane.exe unpack001/kayflock-beta/packages/ranks/bfsvc.exe unpack001/kayflock-beta/packages/ranks/fullstack-magic.exe unpack001/kayflock-beta/packages/ranks/hh.exe unpack001/kayflock-beta/packages/ranks/notepad.exe unpack001/kayflock-beta/packages/ranks/splwow64.exe unpack001/kayflock-beta/packages/ranks/twain_32.dll unpack001/kayflock-beta/packages/ranks/winhlp32.exe unpack001/kayflock-beta/packages/ranks/write.exe
Files
-
kayflock-beta.rar.rar
Password: hell nigga
-
kayflock-beta/Guna.UI2.dll.dll windows:4 windows x86 arch:x86
Password: hell nigga
dae02f32a21e03ce65412f6e56942daa
Code Sign
7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate
IssuerCN=Sobatdata Root CANot Before23-10-2019 05:22Not After22-10-2025 17:00SubjectCN=Sobatdata Software0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14-07-2023 00:00Not After13-10-2034 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
fc:f1:4f:80:29:85:d5:17:61:00:50:90:0b:29:ff:b3:2a:f2:5b:54Signer
Actual PE Digestfc:f1:4f:80:29:85:d5:17:61:00:50:90:0b:29:ff:b3:2a:f2:5b:54Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/System.Management.dll.dll windows:4 windows x86 arch:x86
Password: hell nigga
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11-02-2021 20:09Not After10-02-2022 20:09SubjectCN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08-07-2011 20:59Not After08-07-2026 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f9:29:e4:44:46:e1:a8:0c:76:29:93:8e:25:54:3c:9a:f6:db:f6:85:a2:77:71:3c:9e:5b:42:43:63:07:8e:d7Signer
Actual PE Digestf9:29:e4:44:46:e1:a8:0c:76:29:93:8e:25:54:3c:9a:f6:db:f6:85:a2:77:71:3c:9e:5b:42:43:63:07:8e:d7Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Management/net6.0-Release/System.Management.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/byfron.deps.json
-
kayflock-beta/byfron.dll.exe windows:4 windows x86 arch:x86
Password: hell nigga
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nevin\source\repos\byfron\byfron\obj\Debug\net6.0-windows\byfron.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 15.0MB - Virtual size: 15.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/byfron.pdb
-
kayflock-beta/byfron.runtimeconfig.json
-
kayflock-beta/kayflock.exe.exe windows:6 windows x64 arch:x64
Password: hell nigga
6dbf27f4c70fe2c8ed3e0122ba75d641
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
Imports
kernel32
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
user32
MessageBoxW
shell32
ShellExecuteW
advapi32
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
api-ms-win-crt-runtime-l1-1-0
_exit
__p___argc
_initterm_e
_initterm
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
__p___wargv
_seh_filter_exe
_register_onexit_function
_cexit
terminate
_errno
exit
abort
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
api-ms-win-crt-stdio-l1-1-0
setvbuf
fflush
_wfopen
__stdio_common_vswprintf
__stdio_common_vfwprintf
_set_fmode
__stdio_common_vsprintf_s
__acrt_iob_func
fputwc
fputws
__p__commode
api-ms-win-crt-heap-l1-1-0
_set_new_mode
_callnewh
free
malloc
calloc
api-ms-win-crt-string-l1-1-0
wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper
api-ms-win-crt-convert-l1-1-0
_wtoi
wcstoul
api-ms-win-crt-locale-l1-1-0
setlocale
___lc_locale_name_func
localeconv
_unlock_locales
_lock_locales
___mb_cur_max_func
_configthreadlocale
__pctype_func
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
frexp
__setusermatherr
api-ms-win-crt-time-l1-1-0
_gmtime64_s
_time64
wcsftime
Sections
.text Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
kayflock-beta/nexus.dll.dll windows:4 windows x86 arch:x86
Password: hell nigga
dae02f32a21e03ce65412f6e56942daa
Code Sign
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2031 00:00SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:f8:b2:43:88:63:93:78:21:d1:77:24:80:3c:cf:30Certificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-11-2017 00:00Not After12-11-2018 12:00SubjectSERIALNUMBER=P051534213R,CN=Bunifu Technologies\, LTD,O=Bunifu Technologies\, LTD,L=Nairobi,C=KE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b45Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18-04-2012 12:00Not After18-04-2027 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5c:77:06:b1:6d:99:75:73:11:ed:06:41:47:14:c8:c3:c0:0b:e3:a1Signer
Actual PE Digest5c:77:06:b1:6d:99:75:73:11:ed:06:41:47:14:c8:c3:c0:0b:e3:a1Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\bunifu\Desktop\Bunifu Framework\Projects\Master\bunifu-framework-winforms-repo\Obfuscation\1.5.4 - secured\Bunifu_UI_v1.5.3.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 506KB - Virtual size: 505KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/Core.xml
-
kayflock-beta/packages/ranks/DtcInstall.log
-
kayflock-beta/packages/ranks/HelpPane.exe.exe windows:10 windows x64 arch:x64
Password: hell nigga
77598c173b521d9294a60fea0a91cc1e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
helppane.pdb
Imports
advapi32
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
EqualSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetSidLengthRequired
InitializeSid
IsValidSid
GetSidSubAuthority
GetLengthSid
CopySid
SetEntriesInAclW
kernel32
LocalFree
CloseHandle
GetLastError
WaitForSingleObject
SetEvent
GetQueuedCompletionStatus
ResetEvent
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
CreateEventW
ProcessIdToSessionId
GetCurrentProcessId
GetExitCodeThread
TerminateThread
LoadLibraryExW
LoadResource
CreateMutexW
GetSystemDirectoryW
SetCurrentDirectoryW
HeapSetInformation
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateThreadpoolTimer
GetFileAttributesW
GetPackagesByPackageFamily
GetCurrentThread
CompareStringW
InitOnceBeginInitialize
InitOnceComplete
CreateMutexExW
CreateSemaphoreExW
CreateThread
ResumeThread
MulDiv
WaitForMultipleObjects
GetCurrentProcess
LocalAlloc
GlobalFree
GlobalAlloc
MultiByteToWideChar
LoadLibraryW
FreeLibrary
RaiseException
GetCurrentThreadId
SetLastError
GetModuleFileNameW
InitializeCriticalSection
ExpandEnvironmentStringsW
LockResource
FindResourceExW
SizeofResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
OutputDebugStringW
GetVersionExW
DelayLoadFailureHook
ResolveDelayLoadedAPI
lstrcmpiW
gdi32
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
GetObjectW
SetTextColor
SetBkMode
DeleteObject
user32
GetWindowPlacement
MonitorFromRect
GetMonitorInfoW
GetWindowRect
MonitorFromPoint
GetProcessDefaultLayout
GetDC
ReleaseDC
ShowWindow
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
EnableWindow
EndDialog
BringWindowToTop
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
SendMessageW
GetSysColor
GetSysColorBrush
SetWindowPos
LockWindowUpdate
PostQuitMessage
LoadCursorW
IsZoomed
DestroyIcon
DispatchMessageW
GetWindowLongW
GetMenu
AdjustWindowRectEx
MoveWindow
IsWindowEnabled
GetSystemMetrics
UnregisterClassA
IsWindowVisible
SetFocus
CreateWindowExW
DefWindowProcW
GetClassInfoExW
RegisterClassExW
SetWindowLongPtrW
CallWindowProcW
GetSubMenu
LoadMenuW
GetParent
InvalidateRect
GetWindowLongPtrW
CheckMenuRadioItem
EnableMenuItem
IsIconic
SystemParametersInfoW
SetCursor
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
CharNextW
PostMessageW
KillTimer
SetTimer
MessageBoxW
SetActiveWindow
GetKeyState
SetWindowTextW
DestroyMenu
DialogBoxParamW
TrackPopupMenuEx
ClientToScreen
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-string-l1-1-0
wcscmp
memset
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm
api-ms-win-crt-private-l1-1-0
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wtoi
_o_calloc
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__beginthreadex
wcschr
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__configthreadlocale
_o__cexit
_o__callnewh
memcmp
memcpy
memmove
comctl32
ImageList_LoadImageW
ord380
ord344
InitCommonControlsEx
ord345
ImageList_Destroy
ole32
CoCreateInstance
CoImpersonateClient
CoUninitialize
CoRevertToSelf
CoInitialize
CoIncrementMTAUsage
CoTaskMemFree
CoTaskMemRealloc
OleInitialize
CoInitializeSecurity
PropVariantClear
CoResumeClassObjects
CoRevokeClassObject
CoGetMalloc
OleUninitialize
CoTaskMemAlloc
CoRegisterClassObject
oleaut32
VarBstrCat
VarUI4FromStr
LoadTypeLibEx
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantClear
VariantInit
SysStringLen
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysAllocStringLen
VariantCopy
SysStringByteLen
shell32
ShellExecuteW
SHGetPropertyStoreForWindow
shlwapi
SHRegGetValueW
ord176
SHGetValueW
ord2
UrlUnescapeW
UrlEscapeW
SHStrDupW
slwga
SLIsGenuineLocal
ntdll
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-path-l1-1-0
PathCchAppend
api-ms-win-core-heap-l1-1-0
HeapReAlloc
HeapSize
HeapDestroy
api-ms-win-core-memory-l1-1-0
VirtualAlloc
VirtualFree
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExA
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
FlushInstructionCache
GetProcessMitigationPolicy
api-ms-win-core-interlocked-l1-1-0
InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
GetStartupInfoW
TerminateProcess
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionAndSpinCount
OpenEventW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-security-base-l1-1-0
FreeSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetSecurityDescriptorDacl
api-ms-win-core-sysinfo-l1-2-0
GetProductInfo
api-ms-win-core-localization-l1-2-0
GetUserPreferredUILanguages
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateStringReference
api-ms-win-core-winrt-error-l1-1-0
GetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoOriginateLanguageException
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
Sections
.text Size: 370KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 524KB - Virtual size: 523KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/PFRO.log
-
kayflock-beta/packages/ranks/WMSysPr9.prx
-
kayflock-beta/packages/ranks/bfsvc.exe.exe windows:10 windows x64 arch:x64
Password: hell nigga
8f37383f783aa5f937062790b2149d46
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
bfsvc.pdb
Imports
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenThreadToken
SetThreadToken
DuplicateTokenEx
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
OpenProcessToken
ConvertSidToStringSidW
kernel32
GetLastError
LocalFree
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVolumeInformationW
FindFirstFileW
HeapFree
SetLastError
FindNextFileW
WriteFile
GetPrivateProfileSectionW
FindClose
GetVolumePathNameW
CreateFileW
GetFileAttributesW
GetVolumeNameForVolumeMountPointW
SetFileAttributesW
CloseHandle
HeapAlloc
GetProcAddress
MoveFileExW
GetProcessHeap
CreateDirectoryW
GetFileSizeEx
DeviceIoControl
UnmapViewOfFile
GetCurrentThread
GetFullPathNameW
CopyFileExW
DeleteFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
LocalAlloc
FreeLibrary
LoadLibraryExW
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
GetStartupInfoW
msvcrt
__iob_func
memcpy
wcsnlen
memset
_wcslwr
_snwscanf_s
wcsstr
swprintf_s
fwprintf
_vsnwprintf_s
fflush
wcschr
wcsncmp
wcsrchr
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
_wcsnicmp
_vsnwprintf
rpcrt4
UuidCreate
bcrypt
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
wintrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
crypt32
CertGetNameStringW
imagehlp
CheckSumMappedFile
shell32
CommandLineToArgvW
shlwapi
PathRemoveBackslashW
ntdll
NtEnumerateBootEntries
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryBootOptions
NtQueryBootEntryOrder
NtQueryValueKey
NtQuerySymbolicLinkObject
NtOpenKey
NtOpenSymbolicLinkObject
RtlImpersonateSelf
NtOpenThreadTokenEx
NtOpenProcessTokenEx
NtAdjustPrivilegesToken
NtTranslateFilePath
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
NtQuerySystemEnvironmentValueEx
LdrAccessResource
LdrFindResource_U
NtOpenFile
NtQueryInformationThread
NtQueryInformationFile
RtlImageNtHeader
NtDeviceIoControlFile
NtSetInformationThread
NtReadFile
NtOpenProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtClose
RtlInitUnicodeString
NtWriteFile
NtQuerySystemInformation
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sections
.text Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/bootstat.dat
-
kayflock-beta/packages/ranks/explorer.exe.exe windows:10 windows x64 arch:x64
Password: hell nigga
54dc9b405d017a6766f4cd96028ba126
Code Sign
33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16-11-2023 19:20Not After14-11-2024 19:20SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
32:07:f7:39:6f:57:33:f3:f5:40:cc:36:54:45:87:21:1b:52:ac:22:c6:f3:03:0d:21:32:ed:1f:e6:f5:5a:29Signer
Actual PE Digest32:07:f7:39:6f:57:33:f3:f5:40:cc:36:54:45:87:21:1b:52:ac:22:c6:f3:03:0d:21:32:ed:1f:e6:f5:5a:29Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
explorer.pdb
Imports
msvcp_win
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Xinvalid_argument@std@@YAXPEBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
_Mtx_init_in_situ
_Xtime_get_ticks
_Mtx_destroy_in_situ
_Mtx_unlock
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
_Wcsxfrm
api-ms-win-crt-runtime-l1-1-0
_set_error_mode
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
api-ms-win-crt-string-l1-1-0
_wcsrev
wcsncpy
wcsncmp
strncmp
memset
wcscspn
wcscmp
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-private-l1-1-0
_o_iswalnum
_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_roundf
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoll
__C_specific_handler
__CxxFrameHandler3
_o__purecall
_o_free
_o__mktime64
_o_floor
_o_exit
_o_ceil
memmove
_o_bsearch
_o__wtoi
_o__wcsnicmp
_o__wcsicmp
_o__localtime64
_o__itow_s
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsstr
__std_terminate
__CxxFrameHandler4
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_CxxThrowException
memcmp
memcpy
aepic
PicRetrieveFileInfo
PicFreeFileInfo
twinapi
ord9
api-ms-win-core-job-l2-1-0
AssignProcessToJobObject
CreateJobObjectW
QueryInformationJobObject
SetInformationJobObject
api-ms-win-core-windowserrorreporting-l1-1-3
RegisterApplicationRestart
api-ms-win-core-url-l1-1-0
HashData
UrlUnescapeW
PathIsURLW
api-ms-win-core-kernel32-private-l1-1-0
CheckElevation
CheckElevationEnabled
api-ms-win-core-registryuserspecific-l1-1-0
SHRegGetUSValueW
SHRegGetBoolUSValueW
api-ms-win-core-com-private-l1-1-0
CoRegisterMessageFilter
api-ms-win-core-atoms-l1-1-0
GlobalGetAtomNameW
api-ms-win-core-sidebyside-l1-1-0
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ntdll
RtlGetVersion
RtlInitString
wcsspn
RtlQueryResourcePolicy
ZwQuerySystemInformation
RtlInitUnicodeString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQueryDirectoryFile
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlFormatCurrentUserKeyPath
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
wcschr
RtlpEnsureBufferSize
wcsrchr
strchr
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
ZwQueryValueKey
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlNtStatusToDosError
ZwOpenKey
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
NtQueryInformationProcess
ZwClose
RtlReAllocateHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlIsStateSeparationEnabled
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
NtSetThreadExecutionState
VerSetConditionMask
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx
api-ms-win-core-libraryloader-l1-2-0
SizeofResource
GetProcAddress
FindStringOrdinal
GetModuleHandleA
FindResourceExW
LockResource
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
LoadResource
LoadStringW
FreeLibrary
GetModuleFileNameA
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
CreateSemaphoreExW
OpenMutexW
OpenEventW
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SleepEx
InitializeCriticalSection
CreateEventW
SetEvent
ReleaseSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
CreateMutexExW
TryAcquireSRWLockExclusive
CreateMutexW
CreateEventExW
ReleaseSRWLockShared
ResetEvent
OpenSemaphoreW
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
AcquireSRWLockShared
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError
RaiseException
api-ms-win-core-file-l1-1-0
GetLongPathNameW
FindClose
DeleteFileW
GetFileAttributesW
WriteFile
CreateFileW
FindNextFileW
CompareFileTime
FindFirstFileW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventActivityIdControl
EventEnabled
EventSetInformation
EventRegister
EventWrite
EventProviderEnabled
EventUnregister
api-ms-win-core-registry-l1-1-0
RegDeleteTreeW
RegOpenKeyExW
RegDeleteValueW
RegSetKeySecurity
RegOpenCurrentUser
RegGetKeySecurity
RegSetValueExW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumValueW
RegGetValueW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
api-ms-win-core-threadpool-l1-2-0
SubmitThreadpoolWork
CreateThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolWait
api-ms-win-core-processthreads-l1-1-0
GetStartupInfoW
ExitProcess
GetCurrentProcess
GetPriorityClass
GetExitCodeProcess
SetThreadPriorityBoost
SetProcessShutdownParameters
QueueUserAPC
CreateProcessW
GetCurrentProcessId
ProcessIdToSessionId
GetThreadPriority
GetCurrentThreadId
TerminateProcess
ResumeThread
SetPriorityClass
GetProcessId
CreateThread
OpenProcessToken
GetCurrentThread
OpenThreadToken
OpenThread
SetThreadPriority
api-ms-win-core-localization-l1-2-0
GetLocaleInfoEx
GetThreadUILanguage
GetGeoInfoW
GetCalendarInfoW
GetUserDefaultLangID
FormatMessageW
GetLocaleInfoW
GetUserDefaultLocaleName
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
oleaut32
SafeArrayDestroy
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SafeArrayUnaccessData
SafeArrayCreate
SysStringLen
VariantClear
VariantInit
SysFreeString
SafeArrayAccessData
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext
api-ms-win-shcore-sysinfo-l1-1-0
SetCurrentProcessExplicitAppUserModelID
IsOS
api-ms-win-core-com-l1-1-0
CoFreeUnusedLibraries
CoGetObjectContext
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoGetApartmentType
CoWaitForMultipleHandles
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoGetStdMarshalEx
CoInitializeSecurity
IIDFromString
PropVariantClear
CoCancelCall
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoDisableCallCancellation
StringFromGUID2
StringFromIID
CoEnableCallCancellation
CoCreateGuid
CLSIDFromString
CoRegisterClassObject
CoSetProxyBlanket
CoGetCallContext
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoInitializeEx
CoUninitialize
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrCmpICW
StrStrIW
StrToIntW
StrCmpIW
StrCmpNICW
StrCmpICA
StrChrW
QISearch
StrCmpW
StrCmpNIW
StrChrIW
StrRChrW
api-ms-win-shcore-obsolete-l1-1-0
CommandLineToArgvW
SHStrDupW
api-ms-win-shcore-comhelpers-l1-1-0
IUnknown_Set
IUnknown_SetSite
IUnknown_QueryService
IUnknown_GetSite
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalAlloc
LocalReAlloc
GlobalFree
LocalAlloc
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
api-ms-win-core-sysinfo-l1-1-0
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetWindowsDirectoryW
GetVersionExW
GetSystemTime
GetLogicalProcessorInformation
api-ms-win-core-datetime-l1-1-1
GetDateFormatEx
GetTimeFormatEx
api-ms-win-core-processenvironment-l1-1-0
GetCurrentDirectoryW
SearchPathW
ExpandEnvironmentStringsW
GetCommandLineW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
PathRemoveBlanksW
PathFindFileNameW
PathRemoveFileSpecW
PathQuoteSpacesW
PathFindExtensionW
PathGetDriveNumberW
PathCombineW
PathIsFileSpecW
SHExpandEnvironmentStringsW
PathParseIconLocationW
PathGetArgsW
PathCommonPrefixW
api-ms-win-core-winrt-string-l1-1-0
WindowsCompareStringOrdinal
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsDeleteStringBuffer
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringLen
WindowsCreateStringReference
WindowsCreateString
api-ms-win-core-winrt-l1-1-0
RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance
api-ms-win-shcore-registry-l1-1-0
SHQueryInfoKeyW
SHDeleteKeyW
SHGetValueW
SHDeleteValueW
SHEnumKeyExW
SHRegGetValueW
SHSetValueW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
CompareStringW
CompareStringOrdinal
WideCharToMultiByte
api-ms-win-shcore-thread-l1-1-0
SetProcessReference
SHCreateThread
SHGetThreadRef
SHCreateThreadRef
SHSetThreadRef
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrlenW
api-ms-win-security-base-l1-1-0
IsValidSid
CopySid
GetTokenInformation
GetLengthSid
SetKernelObjectSecurity
AddAce
EqualSid
InitializeAcl
DeleteAce
GetAce
MakeAbsoluteSD
CreateWellKnownSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
CheckTokenMembership
DuplicateToken
GetAclInformation
api-ms-win-eventing-classicprovider-l1-1-0
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
api-ms-win-core-localization-obsolete-l1-2-0
GetUserDefaultUILanguage
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
FindResourceW
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-core-errorhandling-l1-1-1
RemoveVectoredExceptionHandler
api-ms-win-core-registry-l1-1-1
RegDeleteKeyValueW
RegSetKeyValueW
api-ms-win-core-com-l1-1-1
RoGetAgileReference
api-ms-win-core-winrt-error-l1-1-0
RoFailFastWithErrorContext
RoOriginateError
RoTransformError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException
api-ms-win-core-path-l1-1-0
PathAllocCombine
PathCchCombine
PathCchRemoveFileSpec
PathCchAppend
PathCchAddExtension
api-ms-win-shcore-unicodeansi-l1-1-0
SHAnsiToUnicode
api-ms-win-core-heap-obsolete-l1-1-0
GlobalUnlock
GlobalLock
api-ms-win-core-processthreads-l1-1-3
SetProcessInformation
SetThreadDescription
api-ms-win-core-memory-l1-1-0
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-shcore-stream-l1-1-0
IStream_Reset
IStream_Write
SHOpenRegStream2W
IStream_Read
SHCreateStreamOnFileW
SHCreateMemStream
SHCreateStreamOnFileEx
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-shcore-path-l1-1-0
ord170
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
api-ms-win-core-sysinfo-l1-2-0
GetOsSafeBootMode
GetProductInfo
api-ms-win-core-localization-l1-2-3
GetUserDefaultGeoName
userenv
GetProfileType
DeriveAppContainerSidFromAppContainerName
api-ms-win-core-timezone-l1-1-0
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
GetDynamicTimeZoneInformation
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
GetSystemPowerStatus
RegisterWaitForSingleObject
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InterlockedPushEntrySList
InitializeSListHead
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
api-ms-win-security-lsalookup-l2-1-0
LookupAccountNameW
api-ms-win-core-string-l2-1-0
CharNextW
CharLowerBuffW
api-ms-win-service-management-l2-1-0
QueryServiceConfigW
NotifyServiceStatusChangeW
api-ms-win-core-io-l1-1-0
CreateIoCompletionPort
GetQueuedCompletionStatus
api-ms-win-core-sysinfo-l1-2-1
GetPhysicallyInstalledSystemMemory
api-ms-win-shcore-stream-winrt-l1-1-0
CreateStreamOverRandomAccessStream
api-ms-win-shcore-registry-l1-1-1
SHRegGetValueFromHKCUHKLM
api-ms-win-shcore-scaling-l1-1-1
ord244
GetDpiForMonitor
iphlpapi
GetNetworkConnectivityHint
api-ms-win-core-toolhelp-l1-1-0
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
api-ms-win-core-stringansi-l1-1-0
CharNextA
api-ms-win-power-base-l1-1-0
CallNtPowerInformation
GetPwrCapabilities
PowerDeterminePlatformRoleEx
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-shlwapi-winrt-storage-l1-1-1
ord197
SHIsChildOrSelf
SHPinDllOfCLSID
ord509
SHCreateWorkerWindowW
ord635
ord544
ord478
ord165
ord479
ord481
ord279
StrRetToBufW
ShellMessageBoxW
IUnknown_GetWindow
StrRetToStrW
ord292
PathRemoveArgsW
AssocQueryStringW
api-ms-win-ntuser-sysparams-l1-1-0
QueryDisplayConfig
GetDisplayConfigBufferSizes
GetSystemMetrics
EnumDisplayMonitors
EnumDisplayDevicesW
GetMonitorInfoW
SystemParametersInfoW
api-ms-win-ntuser-rectangle-l1-1-0
CopyRect
InflateRect
PtInRect
SetRect
IsRectEmpty
EqualRect
SetRectEmpty
IntersectRect
OffsetRect
SubtractRect
UnionRect
api-ms-win-rtcore-ntuser-winevent-l1-1-0
UnhookWinEvent
SetWinEventHook
NotifyWinEvent
api-ms-win-shell-namespace-l1-1-0
SHBindToParent
ILCombine
SHCreateItemFromIDList
SHBindToFolderIDListParent
SHBindToObject
ILIsParent
SHGetNameFromIDList
ILFindLastID
ILFree
ILIsEqual
ILRemoveLastID
ILCloneFirst
ILGetSize
SHGetIDListFromObject
SHCreateItemFromParsingName
SHParseDisplayName
ILClone
dxgi
DXGIDeclareAdapterRemovalSupport
api-ms-win-rtcore-ntuser-wmpointer-l1-1-0
GetPointerDevices
GetCurrentInputMessageSource
EnableMouseInPointer
GetPointerType
GetPointerInfo
api-ms-win-storage-exports-internal-l1-1-0
SetThreadFlags
GetThreadFlags
SHGetFolderPathEx
SHGetKnownFolderIDList
api-ms-win-rtcore-ntuser-synch-l1-1-0
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
api-ms-win-appmodel-runtime-l1-1-0
GetPackageFullName
GetPackagesByPackageFamily
api-ms-win-rtcore-ntuser-wmpointer-l1-1-2
SetWindowFeedbackSetting
api-ms-win-rtcore-ntuser-clipboard-l1-1-0
RegisterClipboardFormatW
api-ms-win-rtcore-ntuser-private-l1-1-0
GetWindowBand
CreateWindowInBand
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
propsys
PSCreateMemoryPropertyStore
PropVariantToBoolean
InitVariantFromResource
InitVariantFromGUIDAsString
PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc
PSGetPropertyFromPropertyStorage
coremessaging
CreateDispatcherQueueController
urlmon
URLOpenBlockingStreamW
api-ms-win-shell-changenotify-l1-1-0
SHChangeNotify
api-ms-win-shell-dataobject-l1-1-0
SHCreateDataObject
api-ms-win-appmodel-runtime-l1-1-1
FindPackagesByPackageFamily
ParseApplicationUserModelId
wtsapi32
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
gdi32
StretchBlt
ExcludeClipRect
SetStretchBltMode
Rectangle
GetCurrentObject
SelectClipRgn
GetClipRgn
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
GetStockObject
ExtTextOutW
GetTextMetricsW
GetDeviceCaps
CreateRectRgn
GetClipBox
SetRectRgn
OffsetRgn
CombineRgn
DeleteObject
GetObjectW
DeleteDC
CreateCompatibleDC
SelectObject
CreateFontIndirectW
SetTextColor
SetTextAlign
kernel32
IsBadWritePtr
rpcrt4
RpcBindingFree
NdrClientCall3
RpcStringFreeW
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringBindingComposeW
UuidFromStringW
RpcBindingFromStringBindingW
wininet
InternetCrackUrlW
shcore
ord121
ord174
ord109
ord126
ord213
ord183
ord210
ord192
ord1
ord162
SHUnicodeToAnsi
ord190
ord123
ord187
ord186
ord142
ord200
ord184
shell32
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord193
ord906
ord895
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord181
ord244
ExtractIconExW
ShellExecuteW
ord132
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord2
ord711
SHFileOperationW
ord4
SHGetPathFromIDListW
ord645
ord644
ord753
ord733
SHChangeNotifyRegisterThread
DragQueryFileW
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord172
ord680
ord723
ord885
ord95
ord850
ord22
ord137
ord134
shlwapi
ChrCmpIW
ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
AssocCreate
PathIsRelativeW
uxtheme
GetThemeBackgroundExtent
GetThemeBool
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
ord138
BufferedPaintSetAlpha
ord126
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetThemeInt
GetThemeColor
GetThemeMetric
SetWindowTheme
GetWindowTheme
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint
IsAppThemed
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
ord86
GetThemeFont
DrawThemeTextEx
IsCompositionActive
BufferedPaintInit
dwmapi
ord113
DwmGetWindowAttribute
DwmRegisterThumbnail
ord159
ord140
DwmQueryThumbnailSourceSize
ord124
ord141
DwmSetWindowAttribute
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmEnableBlurBehindWindow
ord138
DwmIsCompositionEnabled
ord139
ord114
user32
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
EndTask
SetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
ord2573
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
BringWindowToTop
ord2611
MonitorFromRect
GetGuiResources
IsHungAppWindow
ord2574
SwitchToThisWindow
GetMenuState
UnregisterHotKey
RegisterHotKey
SendDlgItemMessageW
EndDialog
ExitWindowsEx
GetKeyState
LoadIconW
HungWindowFromGhostWindow
CascadeWindows
TileWindows
LockWorkStation
InjectMouseInput
MapVirtualKeyExW
InjectKeyboardInput
DeleteMenu
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
InsertMenuW
GetSystemMetricsForDpi
ord2005
GetLastActivePopup
TrackMouseEvent
SetCapture
ShowWindowAsync
GetCursorInfo
PostThreadMessageW
UnregisterClassA
GetWindowCompositionAttribute
GetWindowProcessHandle
GetClassLongPtrW
UpdateLayeredWindow
ord2521
UnregisterClassW
ord2522
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
GetCapture
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
ReleaseCapture
GetDoubleClickTime
LoadCursorW
DestroyMenu
IsTopLevelWindow
GetPhysicalCursorPos
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetClassLongW
GetClassWord
DefWindowProcA
SetMenuItemInfoW
DrawIconEx
SetCursor
GetSysColorBrush
GetSystemMenu
ModifyMenuW
CalculatePopupWindowPosition
GetAsyncKeyState
ReplyMessage
CopyIcon
MonitorFromPoint
GetMenuItemInfoW
GetMenuItemCount
GetLastInputInfo
AdjustWindowRect
CreateIconIndirect
GetDpiForWindow
GetSubMenu
SetWindowCompositionAttribute
SetGestureConfig
LoadMenuW
LoadImageW
DrawTextW
CheckMenuItem
FillRect
GetMenuDefaultItem
CreatePopupMenu
EnableMenuItem
IsIconic
MonitorFromWindow
ReleaseDC
GetDC
RemoveMenu
SetMenuDefaultItem
GetLayeredWindowAttributes
TrackPopupMenuEx
AdjustWindowRectEx
sspicli
GetUserNameExW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
PowerCreateRequest
PowerSetRequest
api-ms-win-security-isolatedcontainer-l1-1-1
IsProcessInWDAGContainer
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-kernel32-legacy-l1-1-2
SetTermsrvAppInstallMode
api-ms-win-shell-shdirectory-l1-1-0
ord292
api-ms-win-eventing-controller-l1-1-0
StopTraceW
StartTraceW
EnableTraceEx2
api-ms-win-appmodel-runtime-l1-1-3
GetStagedPackagePathByFullName2
api-ms-win-core-biptcltapi-l1-1-7
BiPtEnumerateWorkItemsForPackageName
BiPtQueryWorkItem
BiPtAssociateApplicationEntryPoint
BiPtFreeMemory
api-ms-win-crt-math-l1-1-0
ceilf
floorf
Sections
.text Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.imrsiv Size: - Virtual size: 4B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 753KB - Virtual size: 752KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/fullstack-magic.exe.exe windows:6 windows x64 arch:x64
cda4bf1ee2e43c5921d64b48cad76c9e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nevin\Desktop\kay\output\build\silence-workspace.pdb
Imports
kernel32
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
MoveFileExA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetTickCount
GetLocaleInfoEx
GetFileType
QueryPerformanceCounter
VerSetConditionMask
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
QueryPerformanceFrequency
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
Process32Next
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
Process32First
GetCurrentProcess
SetLastError
CloseHandle
LoadLibraryA
GetCurrentProcessId
VirtualAlloc
DeviceIoControl
GetModuleFileNameA
VirtualFree
GetConsoleWindow
Sleep
GetModuleHandleA
SetConsoleTitleA
FormatMessageA
FreeLibrary
QueryFullProcessImageNameW
ReadFile
GetStdHandle
GetEnvironmentVariableA
VerifyVersionInfoA
WaitForSingleObjectEx
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
CreateThread
DeleteCriticalSection
CreateDirectoryW
InitializeCriticalSectionEx
GetProcAddress
GetLastError
LoadLibraryExA
user32
ReleaseCapture
SetCursorPos
SetCursor
SetCapture
GetKeyboardLayout
SetProcessDPIAware
OpenClipboard
ClientToScreen
CloseClipboard
GetCapture
MonitorFromWindow
IsWindowUnicode
GetClientRect
EmptyClipboard
GetClipboardData
TrackMouseEvent
SetClipboardData
GetWindowRect
DestroyWindow
GetSystemMetrics
SetWindowLongA
SetWindowDisplayAffinity
MessageBoxA
GetMonitorInfoA
ScreenToClient
GetAsyncKeyState
GetForegroundWindow
GetCursorPos
SendInput
FindWindowA
GetMessageA
DispatchMessageA
ShowWindow
MoveWindow
RegisterClassA
DefWindowProcA
LoadCursorA
GetMessageExtraInfo
GetKeyState
UpdateWindow
RegisterClassExA
UnregisterClassA
PeekMessageA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PostQuitMessage
SetForegroundWindow
gdi32
CreateSolidBrush
advapi32
CryptDestroyKey
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptEncrypt
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegCreateKeyA
RegOpenKeyExA
shell32
Shell_NotifyIconA
ShellExecuteA
SHGetFolderPathW
msvcp140
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
_Query_perf_counter
_Thrd_detach
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setf@ios_base@std@@QEAAHHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Xtime_get_ticks
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
ntdll
RtlInitAnsiString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
dbghelp
ImageRvaToVa
ImageDirectoryEntryToData
ImageNtHeader
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
rpcrt4
UuidToStringA
UuidCreate
RpcStringFreeA
psapi
GetModuleInformation
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
memmove
memcpy
__current_exception
__std_exception_copy
memcmp
memchr
_CxxThrowException
_purecall
__std_exception_destroy
__C_specific_handler
strrchr
longjmp
strchr
__intrinsic_setjmp
strstr
__std_terminate
memset
api-ms-win-crt-heap-l1-1-0
malloc
_set_new_mode
realloc
free
_callnewh
calloc
api-ms-win-crt-math-l1-1-0
asin
acosf
ceil
atan2
_dclass
atan2f
pow
ldexp
roundf
log10
log
fmodf
fmod
floor
acos
_dsign
sin
ceilf
sinf
powf
sqrt
exp
cosf
tan
sqrtf
llround
cos
__setusermatherr
frexp
api-ms-win-crt-string-l1-1-0
isblank
strncmp
toupper
isalnum
strspn
isdigit
isxdigit
isspace
isalpha
isupper
_strdup
strcspn
strcmp
tolower
strncpy
iscntrl
_stricmp
strpbrk
strcoll
islower
ispunct
isgraph
api-ms-win-crt-runtime-l1-1-0
perror
_invalid_parameter_noinfo_noreturn
_errno
strerror
abort
exit
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
system
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_getpid
_beginthreadex
terminate
__sys_nerr
api-ms-win-crt-stdio-l1-1-0
fseek
ftell
__stdio_common_vsscanf
fputs
_lseeki64
_get_stream_buffer_pointers
fsetpos
fgetpos
fgetc
fputc
tmpnam
_set_fmode
__p__commode
__stdio_common_vsprintf
_fseeki64
_ftelli64
ungetc
_popen
setvbuf
tmpfile
_pclose
clearerr
_read
fgets
fwrite
_write
fread
feof
_close
__stdio_common_vfprintf
getc
fclose
fflush
__acrt_iob_func
fopen
ferror
freopen
_open
_wfopen
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
setlocale
_configthreadlocale
localeconv
api-ms-win-crt-time-l1-1-0
strftime
_time64
_localtime64
_gmtime64
_difftime64
_mktime64
clock
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-convert-l1-1-0
strtoul
strtol
strtod
strtoull
atoi
strtoll
atof
api-ms-win-crt-filesystem-l1-1-0
_unlink
remove
_unlock_file
_fstat64
_access
rename
_lock_file
_stat64
api-ms-win-crt-utility-l1-1-0
qsort
rand
ws2_32
send
recv
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
bind
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
WSAGetLastError
normaliz
IdnToAscii
crypt32
CryptStringToBinaryA
CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore
wldap32
ord46
ord217
ord50
ord41
ord22
ord45
ord27
ord32
ord33
ord143
ord301
ord35
ord60
ord26
ord200
ord79
ord30
ord211
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 254KB - Virtual size: 254KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/hh.exe.exe windows:10 windows x64 arch:x64
d3d9c3e81a404e7f5c5302429636f04c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
hh.pdb
Imports
advapi32
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
kernel32
ExpandEnvironmentStringsA
LoadLibraryA
HeapSetInformation
SetProcessDEPPolicy
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
GetSystemTimeAsFileTime
Sleep
GetTickCount
msvcrt
?terminate@@YAXXZ
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnprintf
_commode
__C_specific_handler
memset
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/lsasetup.log
-
kayflock-beta/packages/ranks/mib.bin
-
kayflock-beta/packages/ranks/notepad.exe.exe windows:10 windows x64 arch:x64
09ed737a03db7295bf734a9953f6eb5e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
notepad.pdb
Imports
kernel32
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GlobalFree
GetLocaleInfoW
CreateFileW
ReadFile
GetACP
MulDiv
GetCurrentProcess
GetCommandLineW
HeapSetInformation
FreeLibrary
LocalFree
LocalAlloc
FindFirstFileW
FindClose
FoldStringW
GetModuleFileNameW
GetUserDefaultUILanguage
HeapFree
HeapAlloc
GetTimeFormatW
WideCharToMultiByte
WriteFile
GetFileAttributesW
LocalLock
LocalUnlock
DeleteFileW
SetEndOfFile
GetFileAttributesExW
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
LocalReAlloc
UnmapViewOfFile
GetFullPathNameW
LocalSize
GetStartupInfoW
lstrcmpiW
FindNLSString
GlobalLock
GlobalUnlock
GlobalAlloc
GetDiskFreeSpaceExW
CreateDirectoryW
RegisterApplicationRestart
CreateSemaphoreExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
GetDateFormatW
SetLastError
GetLocalTime
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetModuleFileNameA
gdi32
CreateDCW
StartPage
StartDocW
SetAbortProc
DeleteDC
EndDoc
AbortDoc
EndPage
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetTextExtentPoint32W
TextOutW
EnumFontsW
GetTextFaceW
SelectObject
DeleteObject
CreateFontIndirectW
GetDeviceCaps
user32
PostMessageW
MessageBoxW
GetMenu
CheckMenuItem
GetSubMenu
EnableMenuItem
ShowWindow
GetDC
ReleaseDC
SetCursor
GetDpiForWindow
SetActiveWindow
LoadStringW
DefWindowProcW
IsIconic
SetFocus
PostQuitMessage
DestroyWindow
MessageBeep
GetForegroundWindow
GetDlgCtrlID
SetWindowPos
RedrawWindow
GetKeyboardLayout
CharNextW
SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
SetScrollPos
InvalidateRect
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
CreateWindowExW
MonitorFromWindow
RegisterWindowMessageW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
LoadIconW
LoadImageW
DialogBoxParamW
SetThreadDpiAwarenessContext
SendMessageW
MoveWindow
GetClientRect
GetFocus
api-ms-win-crt-string-l1-1-0
memset
wcsnlen
wcscmp
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
_o_toupper
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___stdio_common_vswprintf
__C_specific_handler
memcmp
memcpy
memmove
api-ms-win-core-com-l1-1-0
CoWaitForMultipleHandles
CoUninitialize
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeEx
CoCreateGuid
api-ms-win-core-shlwapi-legacy-l1-1-0
PathIsFileSpecW
PathFindExtensionW
PathFileExistsW
api-ms-win-shcore-obsolete-l1-1-0
SHStrDupW
api-ms-win-shcore-path-l1-1-0
ord170
api-ms-win-shcore-scaling-l1-1-1
GetDpiForMonitor
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
api-ms-win-core-synch-l1-1-0
SetEvent
CreateEventExW
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-winrt-l1-1-0
RoInitialize
RoUninitialize
RoGetActivationFactory
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-eventing-provider-l1-1-0
EventProviderEnabled
api-ms-win-core-synch-l1-2-0
Sleep
comctl32
CreateStatusWindowW
ord345
Sections
.text Size: 145KB - Virtual size: 145KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 376B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 728B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/setupact.log
-
kayflock-beta/packages/ranks/splwow64.exe.exe windows:10 windows x64 arch:x64
0c613b55d7b5ccc10e4a17a05d719c8e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
splwow64.pdb
Imports
advapi32
TraceMessage
RegOpenKeyW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
OpenThreadToken
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
kernel32
SystemTimeToFileTime
Sleep
GetProcAddress
SetLastError
FreeLibrary
LoadLibraryExW
CreateActCtxW
ActivateActCtx
GetFullPathNameW
GetSystemDirectoryW
GetFileAttributesW
DeactivateActCtx
ReleaseActCtx
LoadLibraryW
TlsAlloc
TlsFree
GetModuleHandleW
HeapSetInformation
SetErrorMode
GetErrorMode
TlsSetValue
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateThreadpoolTimer
CreateFileW
OpenProcess
DuplicateHandle
GetCurrentProcess
CreateMutexExW
CreateSemaphoreExW
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW
SetThreadPreferredUILanguages
LocalFree
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
GetCurrentThread
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObject
CreateThread
ProcessIdToSessionId
GetSystemTime
GetCurrentProcessId
RaiseException
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
user32
GetGUIThreadInfo
IsWindow
AttachThreadInput
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
msvcrt
memset
memcpy
?terminate@@YAXXZ
__CxxFrameHandler3
memcmp
__dllonexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
memmove_s
memcpy_s
_wtol
_wcsicmp
_vsnwprintf
_purecall
__C_specific_handler
_cexit
_onexit
sqrt
winspool.drv
ClosePrinter
GetPrinterDataW
GetPrintOutputInfo
GetPrinterDriverW
OpenPrinterW
rpcrt4
RpcRevertToSelf
RpcImpersonateClient
RpcAsyncCompleteCall
RpcMgmtStopServerListening
RpcServerListen
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIf3
RpcServerInqBindings
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoInitializeEx
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
NtReplyPort
NtAlpcOpenSenderThread
NtClose
NtCompleteConnectPort
NtAcceptConnectPort
NtCreatePort
RtlInitUnicodeString
TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpSimpleTryPost
TpAllocWork
TpPostWork
TpAllocWait
TpAllocTimer
TpSetTimer
TpAllocIoCompletion
TpStartAsyncIoOperation
TpAllocAlpcCompletion
TpWaitForWork
TpReleaseWork
TpWaitForWait
RtlVirtualUnwind
TpWaitForTimer
TpReleaseTimer
TpWaitForIoCompletion
TpReleaseIoCompletion
TpWaitForAlpcCompletion
TpReleaseAlpcCompletion
EtwTraceMessage
EtwEventEnabled
EtwEventWrite
NtReplyWaitReceivePort
RtlNtStatusToDosError
ZwQueryWnfStateData
TpReleaseWait
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/system.ini
-
kayflock-beta/packages/ranks/twain_32.dll.dll windows:10 windows x86 arch:x86
316cd668ed705c998eae8d3bd7bd168f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
twain_32.pdb
Imports
msvcrt
_chdir
strcpy_s
_getcwd
_errno
_strcmpi
_chdrive
strcat_s
sprintf_s
strncpy_s
_snprintf_s
_purecall
_ltoa
atol
free
_strnicmp
_vsnwprintf
memcpy_s
remove
_read
_close
_write
_lseek
_sopen
_locking
_vsnprintf
strncmp
_XcptFilter
_amsg_exit
_initterm
_lock
malloc
_getdrive
_unlock
__dllonexit
_onexit
_except_handler4_common
memcpy
memset
kernel32
SetLastError
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetTempPathA
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
HeapAlloc
PowerClearRequest
OpenSemaphoreW
WaitForSingleObjectEx
InitOnceComplete
OutputDebugStringW
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
InitOnceBeginInitialize
PowerSetRequest
GetModuleFileNameA
WriteProfileStringA
GetCurrentProcess
lstrcmpiA
MultiByteToWideChar
lstrlenA
GlobalSize
GetVersion
GetLastError
GlobalFlags
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
PowerCreateRequest
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
GetWindowsDirectoryA
GetProcAddress
FreeLibrary
GetProfileStringA
GlobalHandle
OpenFile
user32
RegisterWindowMessageA
LoadStringA
SendMessageA
FindWindowA
PeekMessageA
DdeCmpStringHandles
DdeConnect
DdeQueryConvInfo
DdeClientTransaction
DdeDisconnect
DdeGetData
DdeGetLastError
DdeCreateStringHandleA
DdeCreateDataHandle
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DispatchMessageA
TranslateMessage
UnhookWindowsHook
CallNextHookEx
EndDialog
DialogBoxParamA
SetFocus
SendDlgItemMessageA
SetWindowsHookA
GetDlgItem
EnableWindow
PostMessageA
IsWindow
CharUpperA
apphelp
ApphelpCheckExe
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
Exports
Exports
AboutDlgProc
ChooseDlgProc
DSM_Entry
InfoHook
WGDlgProc
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/win.ini
-
kayflock-beta/packages/ranks/winhlp32.exe.exe windows:10 windows x86 arch:x86
0dfde2c713801a5c7e6dc0108384fb68
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
winhstb.pdb
Imports
advapi32
EventRegister
EventWriteTransfer
EventUnregister
kernel32
GetModuleHandleExW
RaiseException
HeapSetInformation
GetProcAddress
FreeLibrary
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
msvcrt
__p__fmode
_controlfp
?terminate@@YAXXZ
free
_XcptFilter
__p__commode
_amsg_exit
__setusermatherr
_initterm
_cexit
_exit
exit
__set_app_type
__getmainargs
_except_handler4_common
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/packages/ranks/write.exe.exe windows:10 windows x64 arch:x64
90a23f469ba0443719430cba4569b220
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
write.pdb
Imports
shell32
ShellExecuteW
kernel32
TerminateProcess
GetCurrentProcess
GetStartupInfoW
HeapSetInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
Sleep
msvcrt
_commode
?terminate@@YAXXZ
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 204B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kayflock-beta/runtimes/win/lib/net6.0/System.Management.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11-02-2021 20:09Not After10-02-2022 20:09SubjectCN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08-07-2011 20:59Not After08-07-2026 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a1:1f:af:de:e3:96:53:43:12:1d:b3:69:f3:c4:14:7a:af:b0:e0:69:63:ab:74:f0:17:b1:9c:67:e4:03:5e:baSigner
Actual PE Digesta1:1f:af:de:e3:96:53:43:12:1d:b3:69:f3:c4:14:7a:af:b0:e0:69:63:ab:74:f0:17:b1:9c:67:e4:03:5e:baDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Management/net6.0-windows-Release/System.Management.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 272KB - Virtual size: 271KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ