General

Malware Config

Signatures

Files

• kayflock-beta.rar

  .rar

  Password: oh fuck yla

• kayflock-beta/Guna.UI2.dll

  .dll windows:4 windows x86 arch:x86

  Password: oh fuck yla

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db

  Certificate

  Issuer

  CN=Sobatdata Root CA

  Not Before

  23-10-2019 05:22

  Not After

  22-10-2025 17:00

  Subject

  CN=Sobatdata Software

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  fc:f1:4f:80:29:85:d5:17:61:00:50:90:0b:29:ff:b3:2a:f2:5b:54

  Signer

  Actual PE Digest

  fc:f1:4f:80:29:85:d5:17:61:00:50:90:0b:29:ff:b3:2a:f2:5b:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/System.Management.dll

  .dll windows:4 windows x86 arch:x86

  Password: oh fuck yla

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  11-02-2021 20:09

  Not After

  10-02-2022 20:09

  Subject

  CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  f9:29:e4:44:46:e1:a8:0c:76:29:93:8e:25:54:3c:9a:f6:db:f6:85:a2:77:71:3c:9e:5b:42:43:63:07:8e:d7

  Signer

  Actual PE Digest

  f9:29:e4:44:46:e1:a8:0c:76:29:93:8e:25:54:3c:9a:f6:db:f6:85:a2:77:71:3c:9e:5b:42:43:63:07:8e:d7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  /_/artifacts/obj/System.Management/net6.0-Release/System.Management.pdb

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 58KB - Virtual size: 57KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/byfron.deps.json
• kayflock-beta/byfron.dll

  .exe windows:4 windows x86 arch:x86

  Password: oh fuck yla

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  C:\Users\nevin\source\repos\byfron\byfron\obj\Debug\net6.0-windows\byfron.pdb

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 15.0MB - Virtual size: 15.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 109KB - Virtual size: 108KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/byfron.pdb
• kayflock-beta/byfron.runtimeconfig.json
• kayflock-beta/kayflock.exe

  .exe windows:6 windows x64 arch:x64

  Password: oh fuck yla

  6dbf27f4c70fe2c8ed3e0122ba75d641

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

  Imports

  kernel32

  FindNextFileW

  GetCurrentProcess

  GetModuleHandleExW

  GetModuleFileNameW

  LeaveCriticalSection

  InitializeCriticalSection

  GetEnvironmentVariableW

  FindClose

  MultiByteToWideChar

  GetLastError

  GetFileAttributesExW

  GetFullPathNameW

  GetProcAddress

  DeleteCriticalSection

  WideCharToMultiByte

  IsWow64Process

  LoadLibraryExW

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  EnterCriticalSection

  FindFirstFileExW

  OutputDebugStringW

  LoadLibraryA

  GetModuleHandleW

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RaiseException

  RtlPcToFileHeader

  RtlUnwindEx

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetCurrentProcessId

  QueryPerformanceCounter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  LCMapStringEx

  DecodePointer

  EncodePointer

  InitializeCriticalSectionEx

  GetStringTypeW

  user32

  MessageBoxW

  shell32

  ShellExecuteW

  advapi32

  RegOpenKeyExW

  RegGetValueW

  DeregisterEventSource

  RegisterEventSourceW

  ReportEventW

  RegCloseKey

  api-ms-win-crt-runtime-l1-1-0

  _exit

  __p___argc

  _initterm_e

  _initterm

  _get_initial_wide_environment

  _invalid_parameter_noinfo_noreturn

  _initialize_wide_environment

  _configure_wide_argv

  _initialize_onexit_table

  _set_app_type

  __p___wargv

  _seh_filter_exe

  _register_onexit_function

  _cexit

  terminate

  _errno

  exit

  abort

  _crt_atexit

  _c_exit

  _register_thread_local_exe_atexit_callback

  api-ms-win-crt-stdio-l1-1-0

  setvbuf

  fflush

  _wfopen

  __stdio_common_vswprintf

  __stdio_common_vfwprintf

  _set_fmode

  __stdio_common_vsprintf_s

  __acrt_iob_func

  fputwc

  fputws

  __p__commode

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  _callnewh

  free

  malloc

  calloc

  api-ms-win-crt-string-l1-1-0

  wcsnlen

  strcpy_s

  _wcsdup

  strcspn

  wcsncmp

  toupper

  api-ms-win-crt-convert-l1-1-0

  _wtoi

  wcstoul

  api-ms-win-crt-locale-l1-1-0

  setlocale

  ___lc_locale_name_func

  localeconv

  _unlock_locales

  _lock_locales

  ___mb_cur_max_func

  _configthreadlocale

  __pctype_func

  ___lc_codepage_func

  api-ms-win-crt-math-l1-1-0

  frexp

  __setusermatherr

  api-ms-win-crt-time-l1-1-0

  _gmtime64_s

  _time64

  wcsftime

  Sections

  .text

  Size: 97KB - Virtual size: 96KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 37KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 792B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 109KB - Virtual size: 108KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• kayflock-beta/nexus.dll

  .dll windows:4 windows x86 arch:x86

  Password: oh fuck yla

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2031 00:00

  Subject

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:f8:b2:43:88:63:93:78:21:d1:77:24:80:3c:cf:30

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-11-2017 00:00

  Not After

  12-11-2018 12:00

  Subject

  SERIALNUMBER=P051534213R,CN=Bunifu Technologies\, LTD,O=Bunifu Technologies\, LTD,L=Nairobi,C=KE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b45

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  5c:77:06:b1:6d:99:75:73:11:ed:06:41:47:14:c8:c3:c0:0b:e3:a1

  Signer

  Actual PE Digest

  5c:77:06:b1:6d:99:75:73:11:ed:06:41:47:14:c8:c3:c0:0b:e3:a1

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  C:\Users\bunifu\Desktop\Bunifu Framework\Projects\Master\bunifu-framework-winforms-repo\Obfuscation\1.5.4 - secured\Bunifu_UI_v1.5.3.pdb

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 506KB - Virtual size: 505KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/Core.xml
• kayflock-beta/packages/ranks/DtcInstall.log
• kayflock-beta/packages/ranks/HelpPane.exe

  .exe windows:10 windows x64 arch:x64

  Password: oh fuck yla

  77598c173b521d9294a60fea0a91cc1e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  helppane.pdb

  Imports

  advapi32

  RegisterTraceGuidsW

  GetTraceEnableLevel

  GetTraceEnableFlags

  GetTraceLoggerHandle

  TraceEvent

  RegOpenKeyW

  RegQueryValueExW

  RegCloseKey

  RegQueryInfoKeyW

  RegEnumKeyExW

  RegOpenKeyExW

  RegSetValueExW

  RegCreateKeyExW

  RegDeleteValueW

  UnregisterTraceGuids

  EventUnregister

  EventRegister

  EventSetInformation

  EventWriteTransfer

  RegGetValueW

  EqualSid

  OpenThreadToken

  OpenProcessToken

  GetTokenInformation

  GetSidLengthRequired

  InitializeSid

  IsValidSid

  GetSidSubAuthority

  GetLengthSid

  CopySid

  SetEntriesInAclW

  kernel32

  LocalFree

  CloseHandle

  GetLastError

  WaitForSingleObject

  SetEvent

  GetQueuedCompletionStatus

  ResetEvent

  PostQueuedCompletionStatus

  GetSystemInfo

  CreateIoCompletionPort

  CreateEventW

  ProcessIdToSessionId

  GetCurrentProcessId

  GetExitCodeThread

  TerminateThread

  LoadLibraryExW

  LoadResource

  CreateMutexW

  GetSystemDirectoryW

  SetCurrentDirectoryW

  HeapSetInformation

  ReleaseMutex

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetModuleHandleExW

  GetModuleFileNameA

  DebugBreak

  IsDebuggerPresent

  FormatMessageW

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  AcquireSRWLockShared

  ReleaseSRWLockShared

  ReleaseSemaphore

  SetThreadpoolTimer

  WaitForThreadpoolTimerCallbacks

  CloseThreadpoolTimer

  WaitForSingleObjectEx

  InitializeCriticalSectionEx

  OpenSemaphoreW

  CreateThreadpoolTimer

  GetFileAttributesW

  GetPackagesByPackageFamily

  GetCurrentThread

  CompareStringW

  InitOnceBeginInitialize

  InitOnceComplete

  CreateMutexExW

  CreateSemaphoreExW

  CreateThread

  ResumeThread

  MulDiv

  WaitForMultipleObjects

  GetCurrentProcess

  LocalAlloc

  GlobalFree

  GlobalAlloc

  MultiByteToWideChar

  LoadLibraryW

  FreeLibrary

  RaiseException

  GetCurrentThreadId

  SetLastError

  GetModuleFileNameW

  InitializeCriticalSection

  ExpandEnvironmentStringsW

  LockResource

  FindResourceExW

  SizeofResource

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  GetModuleHandleW

  GetProcAddress

  OutputDebugStringW

  GetVersionExW

  DelayLoadFailureHook

  ResolveDelayLoadedAPI

  lstrcmpiW

  gdi32

  GetTextExtentPoint32W

  SelectObject

  GetDeviceCaps

  GetStockObject

  CreateFontIndirectW

  GetObjectW

  SetTextColor

  SetBkMode

  DeleteObject

  user32

  GetWindowPlacement

  MonitorFromRect

  GetMonitorInfoW

  GetWindowRect

  MonitorFromPoint

  GetProcessDefaultLayout

  GetDC

  ReleaseDC

  ShowWindow

  GetDlgItem

  CheckDlgButton

  IsDlgButtonChecked

  EnableWindow

  EndDialog

  BringWindowToTop

  SetDlgItemTextW

  GetDlgItemTextW

  GetClientRect

  SendMessageW

  GetSysColor

  GetSysColorBrush

  SetWindowPos

  LockWindowUpdate

  PostQuitMessage

  LoadCursorW

  IsZoomed

  DestroyIcon

  DispatchMessageW

  GetWindowLongW

  GetMenu

  AdjustWindowRectEx

  MoveWindow

  IsWindowEnabled

  GetSystemMetrics

  UnregisterClassA

  IsWindowVisible

  SetFocus

  CreateWindowExW

  DefWindowProcW

  GetClassInfoExW

  RegisterClassExW

  SetWindowLongPtrW

  CallWindowProcW

  GetSubMenu

  LoadMenuW

  GetParent

  InvalidateRect

  GetWindowLongPtrW

  CheckMenuRadioItem

  EnableMenuItem

  IsIconic

  SystemParametersInfoW

  SetCursor

  TranslateMessage

  TranslateAcceleratorW

  GetMessageW

  LoadAcceleratorsW

  CharNextW

  PostMessageW

  KillTimer

  SetTimer

  MessageBoxW

  SetActiveWindow

  GetKeyState

  SetWindowTextW

  DestroyMenu

  DialogBoxParamW

  TrackPopupMenuEx

  ClientToScreen

  msvcp_win

  ?_Xlength_error@std@@YAXPEBD@Z

  api-ms-win-crt-string-l1-1-0

  wcscmp

  memset

  api-ms-win-crt-runtime-l1-1-0

  _initterm_e

  _register_thread_local_exe_atexit_callback

  _c_exit

  _initterm

  api-ms-win-crt-private-l1-1-0

  _o__configure_wide_argv

  _o__crt_atexit

  _o__errno

  _o__exit

  _o__get_wide_winmain_command_line

  _o__initialize_onexit_table

  _o__initialize_wide_environment

  _o__invalid_parameter_noinfo

  _o__invalid_parameter_noinfo_noreturn

  _o__itow_s

  _o__purecall

  _o__recalloc

  _o__register_onexit_function

  _o__resetstkoflw

  _o__seh_filter_exe

  _o__set_app_type

  _o__set_fmode

  _o__set_new_mode

  _o__wcsicmp

  _o__wcslwr_s

  _o__wcsnicmp

  _o__wtoi

  _o_calloc

  _o_exit

  _o_free

  _o_iswspace

  _o_malloc

  _o_terminate

  _o_towupper

  _o_wcscat_s

  _o_wcscpy_s

  _o_wcsncpy_s

  _o_wmemcpy_s

  __CxxFrameHandler3

  _CxxThrowException

  _o___stdio_common_vswprintf_s

  _o___stdio_common_vswprintf

  _o___stdio_common_vsnprintf_s

  _o___std_exception_destroy

  _o___std_exception_copy

  _o___p__commode

  _o__beginthreadex

  wcschr

  wcsstr

  __C_specific_handler

  __std_terminate

  __CxxFrameHandler4

  _o__configthreadlocale

  _o__cexit

  _o__callnewh

  memcmp

  memcpy

  memmove

  comctl32

  ImageList_LoadImageW

  ord380

  ord344

  InitCommonControlsEx

  ord345

  ImageList_Destroy

  ole32

  CoCreateInstance

  CoImpersonateClient

  CoUninitialize

  CoRevertToSelf

  CoInitialize

  CoIncrementMTAUsage

  CoTaskMemFree

  CoTaskMemRealloc

  OleInitialize

  CoInitializeSecurity

  PropVariantClear

  CoResumeClassObjects

  CoRevokeClassObject

  CoGetMalloc

  OleUninitialize

  CoTaskMemAlloc

  CoRegisterClassObject

  oleaut32

  VarBstrCat

  VarUI4FromStr

  LoadTypeLibEx

  SysAllocStringByteLen

  SysFreeString

  SysAllocString

  VariantClear

  VariantInit

  SysStringLen

  LoadRegTypeLi

  LoadTypeLi

  DispCallFunc

  SysAllocStringLen

  VariantCopy

  SysStringByteLen

  shell32

  ShellExecuteW

  SHGetPropertyStoreForWindow

  shlwapi

  SHRegGetValueW

  ord176

  SHGetValueW

  ord2

  UrlUnescapeW

  UrlEscapeW

  SHStrDupW

  slwga

  SLIsGenuineLocal

  ntdll

  NtOpenThreadToken

  NtClose

  NtQueryInformationToken

  NtOpenProcessToken

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  api-ms-win-core-path-l1-1-0

  PathCchAppend

  api-ms-win-core-heap-l1-1-0

  HeapReAlloc

  HeapSize

  HeapDestroy

  api-ms-win-core-memory-l1-1-0

  VirtualAlloc

  VirtualFree

  api-ms-win-core-libraryloader-l1-2-0

  LoadLibraryExA

  api-ms-win-core-util-l1-1-0

  EncodePointer

  DecodePointer

  api-ms-win-core-processthreads-l1-1-1

  IsProcessorFeaturePresent

  FlushInstructionCache

  GetProcessMitigationPolicy

  api-ms-win-core-interlocked-l1-1-0

  InterlockedPopEntrySList

  InitializeSListHead

  InterlockedPushEntrySList

  api-ms-win-core-errorhandling-l1-1-0

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  api-ms-win-core-processthreads-l1-1-0

  GetStartupInfoW

  TerminateProcess

  api-ms-win-core-synch-l1-1-0

  InitializeCriticalSectionAndSpinCount

  OpenEventW

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  api-ms-win-core-sysinfo-l1-1-0

  GetSystemTimeAsFileTime

  api-ms-win-security-base-l1-1-0

  FreeSid

  InitializeSecurityDescriptor

  AllocateAndInitializeSid

  SetSecurityDescriptorDacl

  api-ms-win-core-sysinfo-l1-2-0

  GetProductInfo

  api-ms-win-core-localization-l1-2-0

  GetUserPreferredUILanguages

  api-ms-win-core-winrt-string-l1-1-0

  WindowsCreateStringReference

  api-ms-win-core-winrt-error-l1-1-0

  GetRestrictedErrorInfo

  api-ms-win-core-winrt-error-l1-1-1

  RoOriginateLanguageException

  api-ms-win-core-winrt-l1-1-0

  RoGetActivationFactory

  Sections

  .text

  Size: 370KB - Virtual size: 369KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 115KB - Virtual size: 114KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 96B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 524KB - Virtual size: 523KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/PFRO.log
• kayflock-beta/packages/ranks/WMSysPr9.prx
• kayflock-beta/packages/ranks/bfsvc.exe

  .exe windows:10 windows x64 arch:x64

  Password: oh fuck yla

  8f37383f783aa5f937062790b2149d46

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  bfsvc.pdb

  Imports

  advapi32

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  GetTokenInformation

  OpenThreadToken

  SetThreadToken

  DuplicateTokenEx

  LookupPrivilegeValueW

  GetSecurityDescriptorSacl

  AdjustTokenPrivileges

  GetSecurityDescriptorDacl

  GetSecurityDescriptorGroup

  SetNamedSecurityInfoW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  GetSecurityDescriptorControl

  GetSecurityDescriptorOwner

  OpenProcessToken

  ConvertSidToStringSidW

  kernel32

  GetLastError

  LocalFree

  Sleep

  SetUnhandledExceptionFilter

  GetModuleHandleW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  GetTickCount

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetVolumeInformationW

  FindFirstFileW

  HeapFree

  SetLastError

  FindNextFileW

  WriteFile

  GetPrivateProfileSectionW

  FindClose

  GetVolumePathNameW

  CreateFileW

  GetFileAttributesW

  GetVolumeNameForVolumeMountPointW

  SetFileAttributesW

  CloseHandle

  HeapAlloc

  GetProcAddress

  MoveFileExW

  GetProcessHeap

  CreateDirectoryW

  GetFileSizeEx

  DeviceIoControl

  UnmapViewOfFile

  GetCurrentThread

  GetFullPathNameW

  CopyFileExW

  DeleteFileW

  SetFileInformationByHandle

  GetFileInformationByHandle

  GetFileInformationByHandleEx

  LocalAlloc

  FreeLibrary

  LoadLibraryExW

  FlushFileBuffers

  MapViewOfFile

  CreateFileMappingW

  GetStartupInfoW

  msvcrt

  __iob_func

  memcpy

  wcsnlen

  memset

  _wcslwr

  _snwscanf_s

  wcsstr

  swprintf_s

  fwprintf

  _vsnwprintf_s

  fflush

  wcschr

  wcsncmp

  wcsrchr

  ?terminate@@YAXXZ

  _commode

  _fmode

  _wcmdln

  __C_specific_handler

  _initterm

  __setusermatherr

  _cexit

  _exit

  exit

  __set_app_type

  __wgetmainargs

  _amsg_exit

  _XcptFilter

  _wcsicmp

  _wcsnicmp

  _vsnwprintf

  rpcrt4

  UuidCreate

  bcrypt

  BCryptHashData

  BCryptCreateHash

  BCryptDestroyHash

  BCryptCloseAlgorithmProvider

  BCryptFinishHash

  BCryptOpenAlgorithmProvider

  wintrust

  WTHelperProvDataFromStateData

  WTHelperGetProvSignerFromChain

  WinVerifyTrust

  crypt32

  CertGetNameStringW

  imagehlp

  CheckSumMappedFile

  shell32

  CommandLineToArgvW

  shlwapi

  PathRemoveBackslashW

  ntdll

  NtEnumerateBootEntries

  NtQueryDirectoryObject

  NtOpenDirectoryObject

  NtQueryBootOptions

  NtQueryBootEntryOrder

  NtQueryValueKey

  NtQuerySymbolicLinkObject

  NtOpenKey

  NtOpenSymbolicLinkObject

  RtlImpersonateSelf

  NtOpenThreadTokenEx

  NtOpenProcessTokenEx

  NtAdjustPrivilegesToken

  NtTranslateFilePath

  RtlFreeHeap

  RtlAllocateHeap

  NtSetInformationFile

  NtQuerySystemEnvironmentValueEx

  LdrAccessResource

  LdrFindResource_U

  NtOpenFile

  NtQueryInformationThread

  NtQueryInformationFile

  RtlImageNtHeader

  NtDeviceIoControlFile

  NtSetInformationThread

  NtReadFile

  NtOpenProcess

  NtQueryInformationProcess

  RtlNtStatusToDosError

  NtClose

  RtlInitUnicodeString

  NtWriteFile

  NtQuerySystemInformation

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  Sections

  .text

  Size: 54KB - Virtual size: 53KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 64B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/bootstat.dat
• kayflock-beta/packages/ranks/explorer.exe

  .exe windows:10 windows x64 arch:x64

  Password: oh fuck yla

  54dc9b405d017a6766f4cd96028ba126

  
  

  Code Sign

  33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  16-11-2023 19:20

  Not After

  14-11-2024 19:20

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  32:07:f7:39:6f:57:33:f3:f5:40:cc:36:54:45:87:21:1b:52:ac:22:c6:f3:03:0d:21:32:ed:1f:e6:f5:5a:29

  Signer

  Actual PE Digest

  32:07:f7:39:6f:57:33:f3:f5:40:cc:36:54:45:87:21:1b:52:ac:22:c6:f3:03:0d:21:32:ed:1f:e6:f5:5a:29

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  explorer.pdb

  Imports

  msvcp_win

  ?_Xbad_function_call@std@@YAXXZ

  ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z

  ?__ExceptionPtrDestroy@@YAXPEAX@Z

  ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z

  ?__ExceptionPtrCurrentException@@YAXPEAX@Z

  ?__ExceptionPtrCreate@@YAXPEAX@Z

  ?__ExceptionPtrRethrow@@YAXPEBX@Z

  ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z

  _Thrd_detach

  ?_Throw_C_error@std@@YAXH@Z

  ?_Throw_Cpp_error@std@@YAXH@Z

  _Thrd_join

  _Thrd_id

  _Cnd_do_broadcast_at_thread_exit

  ?_Xinvalid_argument@std@@YAXPEBD@Z

  ??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z

  ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z

  ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

  ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z

  ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

  ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

  ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ

  ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z

  ?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

  ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ

  ?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z

  ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z

  ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z

  ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z

  ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ

  ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

  ?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z

  ?_Xbad_alloc@std@@YAXXZ

  ?tolower@?$ctype@G@std@@QEBAGG@Z

  ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z

  ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

  ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

  _Wcscoll

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?id@?$collate@G@std@@2V0locale@2@A

  ??Bid@locale@std@@QEAA_KXZ

  ?id@?$ctype@G@std@@2V0locale@2@A

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ??0facet@locale@std@@IEAA@_K@Z

  ??1facet@locale@std@@MEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ??0_Locinfo@std@@QEAA@PEBD@Z

  ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ

  ??1_Lockit@std@@QEAA@XZ

  ??1_Locinfo@std@@QEAA@XZ

  ?is@?$ctype@G@std@@QEBA_NFG@Z

  ?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?_Incref@facet@locale@std@@UEAAXXZ

  ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

  ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

  ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

  ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z

  ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

  ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

  ??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

  ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ

  ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ

  ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ

  ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ

  ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ

  ?uncaught_exception@std@@YA_NXZ

  ?good@ios_base@std@@QEBA_NXZ

  ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ

  ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ

  ?width@ios_base@std@@QEBA_JXZ

  ?flags@ios_base@std@@QEBAHXZ

  ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

  ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z

  ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ

  ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ

  ?width@ios_base@std@@QEAA_J_J@Z

  ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z

  _Mtx_init_in_situ

  _Xtime_get_ticks

  _Mtx_destroy_in_situ

  _Mtx_unlock

  _Mtx_lock

  ?_Xlength_error@std@@YAXPEBD@Z

  _Wcsxfrm

  api-ms-win-crt-runtime-l1-1-0

  _set_error_mode

  _initterm

  _register_thread_local_exe_atexit_callback

  _c_exit

  _initterm_e

  api-ms-win-crt-string-l1-1-0

  _wcsrev

  wcsncpy

  wcsncmp

  strncmp

  memset

  wcscspn

  wcscmp

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-private-l1-1-0

  _o_iswalnum

  _o_iswspace

  _o_malloc

  _o_memcpy_s

  _o_pow

  _o_realloc

  _o_roundf

  _o_sqrt

  _o_terminate

  _o_toupper

  _o_towlower

  _o_wcscat_s

  _o_wcscpy_s

  _o_wcsncpy_s

  _o_wcstol

  _o_wcstoll

  __C_specific_handler

  __CxxFrameHandler3

  _o__purecall

  _o_free

  _o__mktime64

  _o_floor

  _o_exit

  _o_ceil

  memmove

  _o_bsearch

  _o__wtoi

  _o__wcsnicmp

  _o__wcsicmp

  _o__localtime64

  _o__itow_s

  _o__set_new_mode

  _o__set_fmode

  _o__set_errno

  _o__set_app_type

  _o__invalid_parameter_noinfo_noreturn

  _o__invalid_parameter_noinfo

  _o__initialize_wide_environment

  _o__initialize_onexit_table

  _o__get_wide_winmain_command_line

  _o__get_errno

  _o__exit

  _o__errno

  _o__difftime64

  _o__crt_atexit

  _o__configure_wide_argv

  _o__configthreadlocale

  _o__cexit

  _o__beginthreadex

  _o___stdio_common_vswscanf

  _o___stdio_common_vswprintf_s

  _o___stdio_common_vswprintf

  _o___stdio_common_vsnwprintf_s

  _o___stdio_common_vsnprintf_s

  _o___std_exception_destroy

  _o___std_exception_copy

  _o___p__commode

  wcsstr

  __std_terminate

  __CxxFrameHandler4

  _o__seh_filter_exe

  _o__register_onexit_function

  _o__recalloc

  _CxxThrowException

  memcmp

  memcpy

  aepic

  PicRetrieveFileInfo

  PicFreeFileInfo

  twinapi

  ord9

  api-ms-win-core-job-l2-1-0

  AssignProcessToJobObject

  CreateJobObjectW

  QueryInformationJobObject

  SetInformationJobObject

  api-ms-win-core-windowserrorreporting-l1-1-3

  RegisterApplicationRestart

  api-ms-win-core-url-l1-1-0

  HashData

  UrlUnescapeW

  PathIsURLW

  api-ms-win-core-kernel32-private-l1-1-0

  CheckElevation

  CheckElevationEnabled

  api-ms-win-core-registryuserspecific-l1-1-0

  SHRegGetUSValueW

  SHRegGetBoolUSValueW

  api-ms-win-core-com-private-l1-1-0

  CoRegisterMessageFilter

  api-ms-win-core-atoms-l1-1-0

  GlobalGetAtomNameW

  api-ms-win-core-sidebyside-l1-1-0

  ActivateActCtx

  ReleaseActCtx

  CreateActCtxW

  DeactivateActCtx

  ntdll

  RtlGetVersion

  RtlInitString

  wcsspn

  RtlQueryResourcePolicy

  ZwQuerySystemInformation

  RtlInitUnicodeString

  RtlUpcaseUnicodeChar

  RtlGetNativeSystemInformation

  ZwQueryDirectoryFile

  RtlNtPathNameToDosPathName

  ZwOpenFile

  ZwEnumerateKey

  RtlInitUnicodeStringEx

  RtlFormatCurrentUserKeyPath

  ZwCreateFile

  ZwQueryInformationFile

  ZwCreateSection

  ZwQueryInformationProcess

  ZwSetInformationProcess

  RtlxAnsiStringToUnicodeSize

  RtlAnsiStringToUnicodeString

  ZwUnmapViewOfSection

  ZwMapViewOfSection

  LdrResSearchResource

  RtlVerifyVersionInfo

  RtlImageDirectoryEntryToData

  RtlReleaseSRWLockShared

  RtlAcquireSRWLockShared

  RtlReleaseSRWLockExclusive

  RtlAcquireSRWLockExclusive

  NtOpenThreadToken

  NtClose

  NtQueryInformationToken

  NtOpenProcessToken

  RtlCompareUnicodeString

  RtlFreeHeap

  RtlAllocateHeap

  wcschr

  RtlpEnsureBufferSize

  wcsrchr

  strchr

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlPublishWnfStateData

  NtSetSystemInformation

  RtlFlushHeaps

  ZwQueryValueKey

  NtQueryWnfStateData

  RtlSubscribeWnfStateChangeNotification

  RtlUnsubscribeWnfNotificationWaitForCompletion

  RtlQueryWnfStateData

  RtlNtStatusToDosError

  ZwOpenKey

  RtlCaptureContext

  RtlGetDeviceFamilyInfoEnum

  NtSetInformationProcess

  NtQueryInformationProcess

  ZwClose

  RtlReAllocateHeap

  RtlAppendUnicodeToString

  RtlAppendUnicodeStringToString

  RtlRunOnceExecuteOnce

  RtlCopyUnicodeString

  RtlUpcaseUnicodeString

  RtlIsStateSeparationEnabled

  RtlDosPathNameToNtPathName_U_WithStatus

  RtlNtStatusToDosErrorNoTeb

  RtlFreeUnicodeString

  NtSetThreadExecutionState

  VerSetConditionMask

  WinSqmSetDWORD

  WinSqmIsOptedIn

  WinSqmAddToStreamEx

  api-ms-win-core-libraryloader-l1-2-0

  SizeofResource

  GetProcAddress

  FindStringOrdinal

  GetModuleHandleA

  FindResourceExW

  LockResource

  GetModuleFileNameW

  LoadLibraryExW

  GetModuleHandleW

  GetModuleHandleExW

  LoadResource

  LoadStringW

  FreeLibrary

  GetModuleFileNameA

  api-ms-win-core-synch-l1-2-0

  InitOnceExecuteOnce

  InitOnceComplete

  InitOnceBeginInitialize

  Sleep

  api-ms-win-core-synch-l1-1-0

  InitializeCriticalSectionEx

  LeaveCriticalSection

  ReleaseSemaphore

  ReleaseMutex

  EnterCriticalSection

  CreateSemaphoreExW

  OpenMutexW

  OpenEventW

  WaitForMultipleObjectsEx

  InitializeCriticalSectionAndSpinCount

  TryEnterCriticalSection

  SleepEx

  InitializeCriticalSection

  CreateEventW

  SetEvent

  ReleaseSRWLockExclusive

  DeleteCriticalSection

  WaitForSingleObject

  CreateMutexExW

  TryAcquireSRWLockExclusive

  CreateMutexW

  CreateEventExW

  ReleaseSRWLockShared

  ResetEvent

  OpenSemaphoreW

  AcquireSRWLockExclusive

  InitializeSRWLock

  WaitForSingleObjectEx

  AcquireSRWLockShared

  api-ms-win-core-heap-l1-1-0

  HeapFree

  HeapAlloc

  GetProcessHeap

  api-ms-win-core-errorhandling-l1-1-0

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  SetErrorMode

  SetLastError

  GetLastError

  RaiseException

  api-ms-win-core-file-l1-1-0

  GetLongPathNameW

  FindClose

  DeleteFileW

  GetFileAttributesW

  WriteFile

  CreateFileW

  FindNextFileW

  CompareFileTime

  FindFirstFileW

  api-ms-win-eventing-provider-l1-1-0

  EventWriteTransfer

  EventActivityIdControl

  EventEnabled

  EventSetInformation

  EventRegister

  EventWrite

  EventProviderEnabled

  EventUnregister

  api-ms-win-core-registry-l1-1-0

  RegDeleteTreeW

  RegOpenKeyExW

  RegDeleteValueW

  RegSetKeySecurity

  RegOpenCurrentUser

  RegGetKeySecurity

  RegSetValueExW

  RegDeleteKeyExW

  RegNotifyChangeKeyValue

  RegCreateKeyExW

  RegEnumValueW

  RegGetValueW

  RegCloseKey

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegQueryValueExW

  api-ms-win-core-threadpool-l1-2-0

  SubmitThreadpoolWork

  CreateThreadpoolWait

  CreateThreadpoolWork

  WaitForThreadpoolWaitCallbacks

  SetThreadpoolWait

  WaitForThreadpoolTimerCallbacks

  CloseThreadpoolTimer

  SetThreadpoolTimer

  TrySubmitThreadpoolCallback

  CreateThreadpoolTimer

  CloseThreadpoolWait

  api-ms-win-core-processthreads-l1-1-0

  GetStartupInfoW

  ExitProcess

  GetCurrentProcess

  GetPriorityClass

  GetExitCodeProcess

  SetThreadPriorityBoost

  SetProcessShutdownParameters

  QueueUserAPC

  CreateProcessW

  GetCurrentProcessId

  ProcessIdToSessionId

  GetThreadPriority

  GetCurrentThreadId

  TerminateProcess

  ResumeThread

  SetPriorityClass

  GetProcessId

  CreateThread

  OpenProcessToken

  GetCurrentThread

  OpenThreadToken

  OpenThread

  SetThreadPriority

  api-ms-win-core-localization-l1-2-0

  GetLocaleInfoEx

  GetThreadUILanguage

  GetGeoInfoW

  GetCalendarInfoW

  GetUserDefaultLangID

  FormatMessageW

  GetLocaleInfoW

  GetUserDefaultLocaleName

  api-ms-win-core-debug-l1-1-0

  OutputDebugStringW

  IsDebuggerPresent

  DebugBreak

  api-ms-win-core-handle-l1-1-0

  CloseHandle

  DuplicateHandle

  oleaut32

  SafeArrayDestroy

  SysAllocStringByteLen

  SysAllocString

  VarUI4FromStr

  SafeArrayUnaccessData

  SafeArrayCreate

  SysStringLen

  VariantClear

  VariantInit

  SysFreeString

  SafeArrayAccessData

  api-ms-win-shcore-taskpool-l1-1-0

  SHTaskPoolQueueTask

  SHTaskPoolGetUniqueContext

  api-ms-win-shcore-sysinfo-l1-1-0

  SetCurrentProcessExplicitAppUserModelID

  IsOS

  api-ms-win-core-com-l1-1-0

  CoFreeUnusedLibraries

  CoGetObjectContext

  CoIncrementMTAUsage

  CoCreateFreeThreadedMarshaler

  CoMarshalInterThreadInterfaceInStream

  CoGetApartmentType

  CoWaitForMultipleHandles

  CoGetInterfaceAndReleaseStream

  CoReleaseMarshalData

  CoGetStdMarshalEx

  CoInitializeSecurity

  IIDFromString

  PropVariantClear

  CoCancelCall

  CoTaskMemFree

  CreateStreamOnHGlobal

  CoCreateInstance

  CoDisableCallCancellation

  StringFromGUID2

  StringFromIID

  CoEnableCallCancellation

  CoCreateGuid

  CLSIDFromString

  CoRegisterClassObject

  CoSetProxyBlanket

  CoGetCallContext

  CoRevokeClassObject

  CoTaskMemRealloc

  CoTaskMemAlloc

  CoGetMalloc

  CoInitializeEx

  CoUninitialize

  api-ms-win-core-shlwapi-obsolete-l1-1-0

  StrCmpICW

  StrStrIW

  StrToIntW

  StrCmpIW

  StrCmpNICW

  StrCmpICA

  StrChrW

  QISearch

  StrCmpW

  StrCmpNIW

  StrChrIW

  StrRChrW

  api-ms-win-shcore-obsolete-l1-1-0

  CommandLineToArgvW

  SHStrDupW

  api-ms-win-shcore-comhelpers-l1-1-0

  IUnknown_Set

  IUnknown_SetSite

  IUnknown_QueryService

  IUnknown_GetSite

  api-ms-win-core-heap-l2-1-0

  LocalFree

  GlobalAlloc

  LocalReAlloc

  GlobalFree

  LocalAlloc

  api-ms-win-core-processthreads-l1-1-1

  IsProcessorFeaturePresent

  OpenProcess

  GetProcessMitigationPolicy

  api-ms-win-core-datetime-l1-1-0

  GetDateFormatW

  api-ms-win-core-sysinfo-l1-1-0

  GetLocalTime

  GetSystemDirectoryW

  GetSystemTimeAsFileTime

  GetTickCount

  GetTickCount64

  GetWindowsDirectoryW

  GetVersionExW

  GetSystemTime

  GetLogicalProcessorInformation

  api-ms-win-core-datetime-l1-1-1

  GetDateFormatEx

  GetTimeFormatEx

  api-ms-win-core-processenvironment-l1-1-0

  GetCurrentDirectoryW

  SearchPathW

  ExpandEnvironmentStringsW

  GetCommandLineW

  api-ms-win-core-shlwapi-legacy-l1-1-0

  PathFileExistsW

  PathRemoveBlanksW

  PathFindFileNameW

  PathRemoveFileSpecW

  PathQuoteSpacesW

  PathFindExtensionW

  PathGetDriveNumberW

  PathCombineW

  PathIsFileSpecW

  SHExpandEnvironmentStringsW

  PathParseIconLocationW

  PathGetArgsW

  PathCommonPrefixW

  api-ms-win-core-winrt-string-l1-1-0

  WindowsCompareStringOrdinal

  WindowsSubstringWithSpecifiedLength

  WindowsDuplicateString

  WindowsDeleteStringBuffer

  WindowsDeleteString

  WindowsGetStringRawBuffer

  WindowsPreallocateStringBuffer

  WindowsPromoteStringBuffer

  WindowsGetStringLen

  WindowsCreateStringReference

  WindowsCreateString

  api-ms-win-core-winrt-l1-1-0

  RoInitialize

  RoUninitialize

  RoGetActivationFactory

  RoActivateInstance

  api-ms-win-shcore-registry-l1-1-0

  SHQueryInfoKeyW

  SHDeleteKeyW

  SHGetValueW

  SHDeleteValueW

  SHEnumKeyExW

  SHRegGetValueW

  SHSetValueW

  api-ms-win-core-string-l1-1-0

  MultiByteToWideChar

  CompareStringW

  CompareStringOrdinal

  WideCharToMultiByte

  api-ms-win-shcore-thread-l1-1-0

  SetProcessReference

  SHCreateThread

  SHGetThreadRef

  SHCreateThreadRef

  SHSetThreadRef

  api-ms-win-core-string-obsolete-l1-1-0

  lstrcmpiW

  lstrlenW

  api-ms-win-security-base-l1-1-0

  IsValidSid

  CopySid

  GetTokenInformation

  GetLengthSid

  SetKernelObjectSecurity

  AddAce

  EqualSid

  InitializeAcl

  DeleteAce

  GetAce

  MakeAbsoluteSD

  CreateWellKnownSid

  GetSecurityDescriptorDacl

  SetSecurityDescriptorDacl

  CheckTokenMembership

  DuplicateToken

  GetAclInformation

  api-ms-win-eventing-classicprovider-l1-1-0

  RegisterTraceGuidsW

  UnregisterTraceGuids

  TraceMessage

  GetTraceLoggerHandle

  GetTraceEnableLevel

  GetTraceEnableFlags

  api-ms-win-core-localization-obsolete-l1-2-0

  GetUserDefaultUILanguage

  api-ms-win-core-libraryloader-l1-2-1

  LoadLibraryW

  FindResourceW

  api-ms-win-core-string-l2-1-1

  SHLoadIndirectString

  api-ms-win-core-errorhandling-l1-1-1

  RemoveVectoredExceptionHandler

  api-ms-win-core-registry-l1-1-1

  RegDeleteKeyValueW

  RegSetKeyValueW

  api-ms-win-core-com-l1-1-1

  RoGetAgileReference

  api-ms-win-core-winrt-error-l1-1-0

  RoFailFastWithErrorContext

  RoOriginateError

  RoTransformError

  SetRestrictedErrorInfo

  GetRestrictedErrorInfo

  api-ms-win-core-winrt-error-l1-1-1

  RoGetMatchingRestrictedErrorInfo

  RoOriginateLanguageException

  api-ms-win-core-path-l1-1-0

  PathAllocCombine

  PathCchCombine

  PathCchRemoveFileSpec

  PathCchAppend

  PathCchAddExtension

  api-ms-win-shcore-unicodeansi-l1-1-0

  SHAnsiToUnicode

  api-ms-win-core-heap-obsolete-l1-1-0

  GlobalUnlock

  GlobalLock

  api-ms-win-core-processthreads-l1-1-3

  SetProcessInformation

  SetThreadDescription

  api-ms-win-core-memory-l1-1-0

  OpenFileMappingW

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  VirtualAlloc

  VirtualFree

  VirtualProtect

  api-ms-win-core-largeinteger-l1-1-0

  MulDiv

  api-ms-win-shcore-stream-l1-1-0

  IStream_Reset

  IStream_Write

  SHOpenRegStream2W

  IStream_Read

  SHCreateStreamOnFileW

  SHCreateMemStream

  SHCreateStreamOnFileEx

  api-ms-win-core-file-l1-2-0

  GetTempPathW

  api-ms-win-core-psapi-l1-1-0

  QueryFullProcessImageNameW

  api-ms-win-shcore-path-l1-1-0

  ord170

  api-ms-win-core-threadpool-legacy-l1-1-0

  UnregisterWaitEx

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  api-ms-win-core-sysinfo-l1-2-0

  GetOsSafeBootMode

  GetProductInfo

  api-ms-win-core-localization-l1-2-3

  GetUserDefaultGeoName

  userenv

  GetProfileType

  DeriveAppContainerSidFromAppContainerName

  api-ms-win-core-timezone-l1-1-0

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  GetTimeZoneInformation

  SystemTimeToFileTime

  GetDynamicTimeZoneInformation

  api-ms-win-core-kernel32-legacy-l1-1-0

  GetComputerNameW

  GetSystemPowerStatus

  RegisterWaitForSingleObject

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  api-ms-win-core-interlocked-l1-1-0

  InterlockedPushEntrySList

  InitializeSListHead

  api-ms-win-stateseparation-helpers-l1-1-0

  GetPersistedRegistryLocationW

  api-ms-win-security-lsalookup-l2-1-0

  LookupAccountNameW

  api-ms-win-core-string-l2-1-0

  CharNextW

  CharLowerBuffW

  api-ms-win-service-management-l2-1-0

  QueryServiceConfigW

  NotifyServiceStatusChangeW

  api-ms-win-core-io-l1-1-0

  CreateIoCompletionPort

  GetQueuedCompletionStatus

  api-ms-win-core-sysinfo-l1-2-1

  GetPhysicallyInstalledSystemMemory

  api-ms-win-shcore-stream-winrt-l1-1-0

  CreateStreamOverRandomAccessStream

  api-ms-win-shcore-registry-l1-1-1

  SHRegGetValueFromHKCUHKLM

  api-ms-win-shcore-scaling-l1-1-1

  ord244

  GetDpiForMonitor

  iphlpapi

  GetNetworkConnectivityHint

  api-ms-win-core-toolhelp-l1-1-0

  CreateToolhelp32Snapshot

  Process32NextW

  Process32FirstW

  api-ms-win-core-errorhandling-l1-1-2

  RaiseFailFastException

  api-ms-win-core-stringansi-l1-1-0

  CharNextA

  api-ms-win-power-base-l1-1-0

  CallNtPowerInformation

  GetPwrCapabilities

  PowerDeterminePlatformRoleEx

  api-ms-win-core-apiquery-l1-1-0

  ApiSetQueryApiSetPresence

  api-ms-win-shlwapi-winrt-storage-l1-1-1

  ord197

  SHIsChildOrSelf

  SHPinDllOfCLSID

  ord509

  SHCreateWorkerWindowW

  ord635

  ord544

  ord478

  ord165

  ord479

  ord481

  ord279

  StrRetToBufW

  ShellMessageBoxW

  IUnknown_GetWindow

  StrRetToStrW

  ord292

  PathRemoveArgsW

  AssocQueryStringW

  api-ms-win-ntuser-sysparams-l1-1-0

  QueryDisplayConfig

  GetDisplayConfigBufferSizes

  GetSystemMetrics

  EnumDisplayMonitors

  EnumDisplayDevicesW

  GetMonitorInfoW

  SystemParametersInfoW

  api-ms-win-ntuser-rectangle-l1-1-0

  CopyRect

  InflateRect

  PtInRect

  SetRect

  IsRectEmpty

  EqualRect

  SetRectEmpty

  IntersectRect

  OffsetRect

  SubtractRect

  UnionRect

  api-ms-win-rtcore-ntuser-winevent-l1-1-0

  UnhookWinEvent

  SetWinEventHook

  NotifyWinEvent

  api-ms-win-shell-namespace-l1-1-0

  SHBindToParent

  ILCombine

  SHCreateItemFromIDList

  SHBindToFolderIDListParent

  SHBindToObject

  ILIsParent

  SHGetNameFromIDList

  ILFindLastID

  ILFree

  ILIsEqual

  ILRemoveLastID

  ILCloneFirst

  ILGetSize

  SHGetIDListFromObject

  SHCreateItemFromParsingName

  SHParseDisplayName

  ILClone

  dxgi

  DXGIDeclareAdapterRemovalSupport

  api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

  GetPointerDevices

  GetCurrentInputMessageSource

  EnableMouseInPointer

  GetPointerType

  GetPointerInfo

  api-ms-win-storage-exports-internal-l1-1-0

  SetThreadFlags

  GetThreadFlags

  SHGetFolderPathEx

  SHGetKnownFolderIDList

  api-ms-win-rtcore-ntuser-synch-l1-1-0

  MsgWaitForMultipleObjectsEx

  MsgWaitForMultipleObjects

  api-ms-win-appmodel-runtime-l1-1-0

  GetPackageFullName

  GetPackagesByPackageFamily

  api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

  SetWindowFeedbackSetting

  api-ms-win-rtcore-ntuser-clipboard-l1-1-0

  RegisterClipboardFormatW

  api-ms-win-rtcore-ntuser-private-l1-1-0

  GetWindowBand

  CreateWindowInBand

  api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

  RegisterPowerSettingNotification

  UnregisterPowerSettingNotification

  propsys

  PSCreateMemoryPropertyStore

  PropVariantToBoolean

  InitVariantFromResource

  InitVariantFromGUIDAsString

  PSPropertyBag_WriteStr

  PropVariantToUInt32

  PSPropertyBag_WriteDWORD

  PropVariantToStringAlloc

  PSGetPropertyFromPropertyStorage

  coremessaging

  CreateDispatcherQueueController

  urlmon

  URLOpenBlockingStreamW

  api-ms-win-shell-changenotify-l1-1-0

  SHChangeNotify

  api-ms-win-shell-dataobject-l1-1-0

  SHCreateDataObject

  api-ms-win-appmodel-runtime-l1-1-1

  FindPackagesByPackageFamily

  ParseApplicationUserModelId

  wtsapi32

  WTSRegisterSessionNotification

  WTSUnRegisterSessionNotification

  gdi32

  StretchBlt

  ExcludeClipRect

  SetStretchBltMode

  Rectangle

  GetCurrentObject

  SelectClipRgn

  GetClipRgn

  GetOutlineTextMetricsW

  GetGlyphOutlineW

  CreateRectRgnIndirect

  GetTextExtentPoint32W

  GetStockObject

  ExtTextOutW

  GetTextMetricsW

  GetDeviceCaps

  CreateRectRgn

  GetClipBox

  SetRectRgn

  OffsetRgn

  CombineRgn

  DeleteObject

  GetObjectW

  DeleteDC

  CreateCompatibleDC

  SelectObject

  CreateFontIndirectW

  SetTextColor

  SetTextAlign

  kernel32

  IsBadWritePtr

  rpcrt4

  RpcBindingFree

  NdrClientCall3

  RpcStringFreeW

  RpcBindingSetAuthInfoExW

  I_RpcExceptionFilter

  RpcStringBindingComposeW

  UuidFromStringW

  RpcBindingFromStringBindingW

  wininet

  InternetCrackUrlW

  shcore

  ord121

  ord174

  ord109

  ord126

  ord213

  ord183

  ord210

  ord192

  ord1

  ord162

  SHUnicodeToAnsi

  ord190

  ord123

  ord187

  ord186

  ord142

  ord200

  ord184

  shell32

  ord743

  ord907

  ord43

  Shell_GetCachedImageIndexW

  ord790

  ord792

  ord727

  ord162

  SHAppBarMessage

  ord894

  ord193

  ord906

  ord895

  SHGetLocalizedName

  SHGetPropertyStoreForWindow

  ord764

  ord866

  SHEvaluateSystemCommandTemplate

  ord181

  ord244

  ExtractIconExW

  ShellExecuteW

  ord132

  Shell_NotifyIconW

  Shell_NotifyIconGetRect

  ord6

  SHGetStockIconInfo

  DuplicateIcon

  ord91

  ord254

  ord54

  SHEnableServiceObject

  ord61

  ord896

  SHAddToRecentDocs

  ord60

  SHUpdateRecycleBinIcon

  ord2

  ord711

  SHFileOperationW

  ord4

  SHGetPathFromIDListW

  ord645

  ord644

  ord753

  ord733

  SHChangeNotifyRegisterThread

  DragQueryFileW

  ord67

  SHCreateItemInKnownFolder

  ord206

  ord201

  ord188

  ord899

  ShellExecuteExW

  ord245

  ord200

  ord89

  ord190

  ord85

  ord100

  ord172

  ord680

  ord723

  ord885

  ord95

  ord850

  ord22

  ord137

  ord134

  shlwapi

  ChrCmpIW

  ord164

  PathIsDirectoryW

  ord413

  ord548

  ord163

  ord467

  AssocQueryKeyW

  AssocCreate

  PathIsRelativeW

  uxtheme

  GetThemeBackgroundExtent

  GetThemeBool

  OpenThemeData

  OpenThemeDataForDpi

  GetThemeMargins

  ord138

  BufferedPaintSetAlpha

  ord126

  GetThemePartSize

  IsThemeActive

  GetBufferedPaintBits

  GetThemeInt

  GetThemeColor

  GetThemeMetric

  SetWindowTheme

  GetWindowTheme

  BufferedPaintUnInit

  EndBufferedPaint

  BeginBufferedPaint

  IsAppThemed

  CloseThemeData

  DrawThemeParentBackground

  DrawThemeBackground

  ord86

  GetThemeFont

  DrawThemeTextEx

  IsCompositionActive

  BufferedPaintInit

  dwmapi

  ord113

  DwmGetWindowAttribute

  DwmRegisterThumbnail

  ord159

  ord140

  DwmQueryThumbnailSourceSize

  ord124

  ord141

  DwmSetWindowAttribute

  DwmUnregisterThumbnail

  DwmUpdateThumbnailProperties

  DwmEnableBlurBehindWindow

  ord138

  DwmIsCompositionEnabled

  ord139

  ord114

  user32

  SetScrollInfo

  GetScrollInfo

  SetScrollPos

  GetMenuStringW

  InternalGetWindowText

  EndTask

  SetLayeredWindowAttributes

  DrawTextExW

  IsProcessDPIAware

  SetThreadDpiAwarenessContext

  ord2573

  IsWindowUnicode

  LoadAcceleratorsW

  ChangeWindowMessageFilterEx

  TranslateAcceleratorW

  BringWindowToTop

  ord2611

  MonitorFromRect

  GetGuiResources

  IsHungAppWindow

  ord2574

  SwitchToThisWindow

  GetMenuState

  UnregisterHotKey

  RegisterHotKey

  SendDlgItemMessageW

  EndDialog

  ExitWindowsEx

  GetKeyState

  LoadIconW

  HungWindowFromGhostWindow

  CascadeWindows

  TileWindows

  LockWorkStation

  InjectMouseInput

  MapVirtualKeyExW

  InjectKeyboardInput

  DeleteMenu

  GetCaretBlinkTime

  GetSysColor

  CopyImage

  DestroyIcon

  InsertMenuW

  GetSystemMetricsForDpi

  ord2005

  GetLastActivePopup

  TrackMouseEvent

  SetCapture

  ShowWindowAsync

  GetCursorInfo

  PostThreadMessageW

  UnregisterClassA

  GetWindowCompositionAttribute

  GetWindowProcessHandle

  GetClassLongPtrW

  UpdateLayeredWindow

  ord2521

  UnregisterClassW

  ord2522

  GetMenuInfo

  SetMenuInfo

  GetDpiForSystem

  GetWindowDpiAwarenessContext

  GetCapture

  AreDpiAwarenessContextsEqual

  CharLowerW

  IsCharAlphaNumericW

  ReleaseCapture

  GetDoubleClickTime

  LoadCursorW

  DestroyMenu

  IsTopLevelWindow

  GetPhysicalCursorPos

  GetIconInfo

  GetIconInfoExW

  GhostWindowFromHungWindow

  GetClassLongW

  GetClassWord

  DefWindowProcA

  SetMenuItemInfoW

  DrawIconEx

  SetCursor

  GetSysColorBrush

  GetSystemMenu

  ModifyMenuW

  CalculatePopupWindowPosition

  GetAsyncKeyState

  ReplyMessage

  CopyIcon

  MonitorFromPoint

  GetMenuItemInfoW

  GetMenuItemCount

  GetLastInputInfo

  AdjustWindowRect

  CreateIconIndirect

  GetDpiForWindow

  GetSubMenu

  SetWindowCompositionAttribute

  SetGestureConfig

  LoadMenuW

  LoadImageW

  DrawTextW

  CheckMenuItem

  FillRect

  GetMenuDefaultItem

  CreatePopupMenu

  EnableMenuItem

  IsIconic

  MonitorFromWindow

  ReleaseDC

  GetDC

  RemoveMenu

  SetMenuDefaultItem

  GetLayeredWindowAttributes

  TrackPopupMenuEx

  AdjustWindowRectEx

  sspicli

  GetUserNameExW

  api-ms-win-core-delayload-l1-1-1

  ResolveDelayLoadedAPI

  api-ms-win-core-delayload-l1-1-0

  DelayLoadFailureHook

  api-ms-win-core-kernel32-legacy-l1-1-1

  VerifyVersionInfoW

  PowerCreateRequest

  PowerSetRequest

  api-ms-win-security-isolatedcontainer-l1-1-1

  IsProcessInWDAGContainer

  api-ms-win-core-file-l2-1-2

  CopyFileW

  api-ms-win-core-synch-l1-2-1

  WaitForMultipleObjects

  api-ms-win-core-kernel32-legacy-l1-1-2

  SetTermsrvAppInstallMode

  api-ms-win-shell-shdirectory-l1-1-0

  ord292

  api-ms-win-eventing-controller-l1-1-0

  StopTraceW

  StartTraceW

  EnableTraceEx2

  api-ms-win-appmodel-runtime-l1-1-3

  GetStagedPackagePathByFullName2

  api-ms-win-core-biptcltapi-l1-1-7

  BiPtEnumerateWorkItemsForPackageName

  BiPtQueryWorkItem

  BiPtAssociateApplicationEntryPoint

  BiPtFreeMemory

  api-ms-win-crt-math-l1-1-0

  ceilf

  floorf

  Sections

  .text

  Size: 3.0MB - Virtual size: 3.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .imrsiv

  Size: - Virtual size: 4B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 753KB - Virtual size: 752KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 136KB - Virtual size: 135KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/fullstack-magic.exe

  .exe windows:6 windows x64 arch:x64

  cda4bf1ee2e43c5921d64b48cad76c9e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  C:\Users\nevin\Desktop\kay\output\build\silence-workspace.pdb

  Imports

  kernel32

  PeekNamedPipe

  WaitForMultipleObjects

  GetFileSizeEx

  MoveFileExA

  OutputDebugStringW

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  SleepConditionVariableSRW

  WakeAllConditionVariable

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  GetFileInformationByHandleEx

  AreFileApisANSI

  GetTempPathW

  SetFileInformationByHandle

  GetFullPathNameW

  GetFileAttributesExW

  GetFileAttributesW

  FindNextFileW

  FindFirstFileExW

  FindFirstFileW

  FindClose

  GetTickCount

  GetLocaleInfoEx

  GetFileType

  QueryPerformanceCounter

  VerSetConditionMask

  GetSystemDirectoryA

  SleepEx

  LeaveCriticalSection

  EnterCriticalSection

  LocalFree

  QueryPerformanceFrequency

  GetLocaleInfoA

  GlobalUnlock

  WideCharToMultiByte

  GlobalLock

  GlobalFree

  GlobalAlloc

  MultiByteToWideChar

  lstrcmpiA

  Process32Next

  CreateFileA

  CreateToolhelp32Snapshot

  CreateFileW

  Process32First

  GetCurrentProcess

  SetLastError

  CloseHandle

  LoadLibraryA

  GetCurrentProcessId

  VirtualAlloc

  DeviceIoControl

  GetModuleFileNameA

  VirtualFree

  GetConsoleWindow

  Sleep

  GetModuleHandleA

  SetConsoleTitleA

  FormatMessageA

  FreeLibrary

  QueryFullProcessImageNameW

  ReadFile

  GetStdHandle

  GetEnvironmentVariableA

  VerifyVersionInfoA

  WaitForSingleObjectEx

  GetModuleHandleW

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  VirtualProtect

  CreateThread

  DeleteCriticalSection

  CreateDirectoryW

  InitializeCriticalSectionEx

  GetProcAddress

  GetLastError

  LoadLibraryExA

  user32

  ReleaseCapture

  SetCursorPos

  SetCursor

  SetCapture

  GetKeyboardLayout

  SetProcessDPIAware

  OpenClipboard

  ClientToScreen

  CloseClipboard

  GetCapture

  MonitorFromWindow

  IsWindowUnicode

  GetClientRect

  EmptyClipboard

  GetClipboardData

  TrackMouseEvent

  SetClipboardData

  GetWindowRect

  DestroyWindow

  GetSystemMetrics

  SetWindowLongA

  SetWindowDisplayAffinity

  MessageBoxA

  GetMonitorInfoA

  ScreenToClient

  GetAsyncKeyState

  GetForegroundWindow

  GetCursorPos

  SendInput

  FindWindowA

  GetMessageA

  DispatchMessageA

  ShowWindow

  MoveWindow

  RegisterClassA

  DefWindowProcA

  LoadCursorA

  GetMessageExtraInfo

  GetKeyState

  UpdateWindow

  RegisterClassExA

  UnregisterClassA

  PeekMessageA

  CreateWindowExA

  SetLayeredWindowAttributes

  TranslateMessage

  LoadIconA

  PostQuitMessage

  SetForegroundWindow

  gdi32

  CreateSolidBrush

  advapi32

  CryptDestroyKey

  RegQueryValueExA

  RegCloseKey

  OpenProcessToken

  RegSetValueExA

  RegDeleteKeyA

  RegOpenKeyA

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  CryptEncrypt

  CryptImportKey

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGenRandom

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextA

  SetSecurityInfo

  IsValidSid

  InitializeAcl

  GetTokenInformation

  GetLengthSid

  AddAccessAllowedAce

  RegCreateKeyA

  RegOpenKeyExA

  shell32

  Shell_NotifyIconA

  ShellExecuteA

  SHGetFolderPathW

  msvcp140

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ??Bid@locale@std@@QEAA_KXZ

  ?_Throw_Cpp_error@std@@YAXH@Z

  _Cnd_do_broadcast_at_thread_exit

  _Thrd_id

  _Thrd_join

  _Query_perf_frequency

  _Query_perf_counter

  _Thrd_detach

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

  ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z

  ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

  ?setf@ios_base@std@@QEAAHHH@Z

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

  ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  _Strxfrm

  ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

  ?_Xinvalid_argument@std@@YAXPEBD@Z

  ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

  ?id@?$collate@D@std@@2V0locale@2@A

  _Strcoll

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z

  ?tolower@?$ctype@D@std@@QEBADD@Z

  ??1facet@locale@std@@MEAA@XZ

  ??0facet@locale@std@@IEAA@_K@Z

  ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

  ?_Incref@facet@locale@std@@UEAAXXZ

  ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

  ??1_Locinfo@std@@QEAA@XZ

  ??0_Locinfo@std@@QEAA@PEBD@Z

  _Xtime_get_ticks

  ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

  ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?_Syserror_map@std@@YAPEBDH@Z

  ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Xbad_function_call@std@@YAXXZ

  ?_Xbad_alloc@std@@YAXXZ

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Winerror_map@std@@YAHH@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?uncaught_exceptions@std@@YAHXZ

  ??0_Lockit@std@@QEAA@H@Z

  ??1_Lockit@std@@QEAA@XZ

  ntdll

  RtlInitAnsiString

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  NtQuerySystemInformation

  RtlAnsiStringToUnicodeString

  dbghelp

  ImageRvaToVa

  ImageDirectoryEntryToData

  ImageNtHeader

  d3d11

  D3D11CreateDeviceAndSwapChain

  imm32

  ImmSetCandidateWindow

  ImmReleaseContext

  ImmGetContext

  ImmSetCompositionWindow

  d3dcompiler_47

  D3DCompile

  dwmapi

  DwmExtendFrameIntoClientArea

  rpcrt4

  UuidToStringA

  UuidCreate

  RpcStringFreeA

  psapi

  GetModuleInformation

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __current_exception_context

  memmove

  memcpy

  __current_exception

  __std_exception_copy

  memcmp

  memchr

  _CxxThrowException

  _purecall

  __std_exception_destroy

  __C_specific_handler

  strrchr

  longjmp

  strchr

  __intrinsic_setjmp

  strstr

  __std_terminate

  memset

  api-ms-win-crt-heap-l1-1-0

  malloc

  _set_new_mode

  realloc

  free

  _callnewh

  calloc

  api-ms-win-crt-math-l1-1-0

  asin

  acosf

  ceil

  atan2

  _dclass

  atan2f

  pow

  ldexp

  roundf

  log10

  log

  fmodf

  fmod

  floor

  acos

  _dsign

  sin

  ceilf

  sinf

  powf

  sqrt

  exp

  cosf

  tan

  sqrtf

  llround

  cos

  __setusermatherr

  frexp

  api-ms-win-crt-string-l1-1-0

  isblank

  strncmp

  toupper

  isalnum

  strspn

  isdigit

  isxdigit

  isspace

  isalpha

  isupper

  _strdup

  strcspn

  strcmp

  tolower

  strncpy

  iscntrl

  _stricmp

  strpbrk

  strcoll

  islower

  ispunct

  isgraph

  api-ms-win-crt-runtime-l1-1-0

  perror

  _invalid_parameter_noinfo_noreturn

  _errno

  strerror

  abort

  exit

  _register_thread_local_exe_atexit_callback

  _c_exit

  __p___argv

  __p___argc

  system

  _exit

  _initterm_e

  _initterm

  _get_initial_narrow_environment

  _set_app_type

  _seh_filter_exe

  _cexit

  _crt_atexit

  _register_onexit_function

  _initialize_onexit_table

  _initialize_narrow_environment

  _configure_narrow_argv

  _getpid

  _beginthreadex

  terminate

  __sys_nerr

  api-ms-win-crt-stdio-l1-1-0

  fseek

  ftell

  __stdio_common_vsscanf

  fputs

  _lseeki64

  _get_stream_buffer_pointers

  fsetpos

  fgetpos

  fgetc

  fputc

  tmpnam

  _set_fmode

  __p__commode

  __stdio_common_vsprintf

  _fseeki64

  _ftelli64

  ungetc

  _popen

  setvbuf

  tmpfile

  _pclose

  clearerr

  _read

  fgets

  fwrite

  _write

  fread

  feof

  _close

  __stdio_common_vfprintf

  getc

  fclose

  fflush

  __acrt_iob_func

  fopen

  ferror

  freopen

  _open

  _wfopen

  api-ms-win-crt-locale-l1-1-0

  ___lc_codepage_func

  setlocale

  _configthreadlocale

  localeconv

  api-ms-win-crt-time-l1-1-0

  strftime

  _time64

  _localtime64

  _gmtime64

  _difftime64

  _mktime64

  clock

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-convert-l1-1-0

  strtoul

  strtol

  strtod

  strtoull

  atoi

  strtoll

  atof

  api-ms-win-crt-filesystem-l1-1-0

  _unlink

  remove

  _unlock_file

  _fstat64

  _access

  rename

  _lock_file

  _stat64

  api-ms-win-crt-utility-l1-1-0

  qsort

  rand

  ws2_32

  send

  recv

  closesocket

  connect

  getpeername

  getsockname

  getsockopt

  htons

  ntohs

  setsockopt

  socket

  bind

  WSASetLastError

  WSAIoctl

  WSAStartup

  WSACleanup

  accept

  htonl

  listen

  ioctlsocket

  __WSAFDIsSet

  select

  getaddrinfo

  freeaddrinfo

  recvfrom

  sendto

  gethostname

  ntohl

  WSAGetLastError

  normaliz

  IdnToAscii

  crypt32

  CryptStringToBinaryA

  CryptDecodeObjectEx

  CertOpenStore

  CertCloseStore

  CertEnumCertificatesInStore

  CertFreeCertificateContext

  PFXImportCertStore

  CertAddCertificateContextToStore

  CertFindExtension

  CertGetNameStringA

  CryptQueryObject

  CertCreateCertificateChainEngine

  CertFreeCertificateChainEngine

  CertGetCertificateChain

  CertFreeCertificateChain

  CertFindCertificateInStore

  wldap32

  ord46

  ord217

  ord50

  ord41

  ord22

  ord45

  ord27

  ord32

  ord33

  ord143

  ord301

  ord35

  ord60

  ord26

  ord200

  ord79

  ord30

  ord211

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 254KB - Virtual size: 254KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 50KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 488B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/hh.exe

  .exe windows:10 windows x64 arch:x64

  d3d9c3e81a404e7f5c5302429636f04c

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  hh.pdb

  Imports

  advapi32

  RegOpenKeyExW

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  RegQueryValueExW

  kernel32

  ExpandEnvironmentStringsA

  LoadLibraryA

  HeapSetInformation

  SetProcessDEPPolicy

  GetProcAddress

  FreeLibrary

  GetCurrentThreadId

  GetCurrentProcessId

  QueryPerformanceCounter

  GetModuleHandleW

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  GetStartupInfoW

  GetSystemTimeAsFileTime

  Sleep

  GetTickCount

  msvcrt

  ?terminate@@YAXXZ

  _fmode

  _acmdln

  _initterm

  __setusermatherr

  _ismbblead

  _cexit

  _exit

  exit

  __set_app_type

  __getmainargs

  _amsg_exit

  _XcptFilter

  _vsnprintf

  _commode

  __C_specific_handler

  memset

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 264B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/lsasetup.log
• kayflock-beta/packages/ranks/mib.bin
• kayflock-beta/packages/ranks/notepad.exe

  .exe windows:10 windows x64 arch:x64

  09ed737a03db7295bf734a9953f6eb5e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  notepad.pdb

  Imports

  kernel32

  GetProcAddress

  CreateMutexExW

  AcquireSRWLockShared

  DeleteCriticalSection

  GetCurrentProcessId

  GetProcessHeap

  GetModuleHandleW

  DebugBreak

  IsDebuggerPresent

  GlobalFree

  GetLocaleInfoW

  CreateFileW

  ReadFile

  GetACP

  MulDiv

  GetCurrentProcess

  GetCommandLineW

  HeapSetInformation

  FreeLibrary

  LocalFree

  LocalAlloc

  FindFirstFileW

  FindClose

  FoldStringW

  GetModuleFileNameW

  GetUserDefaultUILanguage

  HeapFree

  HeapAlloc

  GetTimeFormatW

  WideCharToMultiByte

  WriteFile

  GetFileAttributesW

  LocalLock

  LocalUnlock

  DeleteFileW

  SetEndOfFile

  GetFileAttributesExW

  GetFileInformationByHandle

  CreateFileMappingW

  MapViewOfFile

  MultiByteToWideChar

  LocalReAlloc

  UnmapViewOfFile

  GetFullPathNameW

  LocalSize

  GetStartupInfoW

  lstrcmpiW

  FindNLSString

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  GetDiskFreeSpaceExW

  CreateDirectoryW

  RegisterApplicationRestart

  CreateSemaphoreExW

  CreateThreadpoolTimer

  ReleaseSRWLockShared

  SetThreadpoolTimer

  CloseHandle

  OpenSemaphoreW

  WaitForSingleObjectEx

  AcquireSRWLockExclusive

  CloseThreadpoolTimer

  OutputDebugStringW

  ReleaseSRWLockExclusive

  GetLastError

  FormatMessageW

  ReleaseMutex

  GetCurrentThreadId

  WaitForSingleObject

  WaitForThreadpoolTimerCallbacks

  InitializeCriticalSectionEx

  LeaveCriticalSection

  GetModuleHandleExW

  ReleaseSemaphore

  EnterCriticalSection

  GetDateFormatW

  SetLastError

  GetLocalTime

  ResolveDelayLoadedAPI

  DelayLoadFailureHook

  GetModuleFileNameA

  gdi32

  CreateDCW

  StartPage

  StartDocW

  SetAbortProc

  DeleteDC

  EndDoc

  AbortDoc

  EndPage

  GetTextMetricsW

  SetBkMode

  LPtoDP

  SetWindowExtEx

  SetViewportExtEx

  SetMapMode

  GetTextExtentPoint32W

  TextOutW

  EnumFontsW

  GetTextFaceW

  SelectObject

  DeleteObject

  CreateFontIndirectW

  GetDeviceCaps

  user32

  PostMessageW

  MessageBoxW

  GetMenu

  CheckMenuItem

  GetSubMenu

  EnableMenuItem

  ShowWindow

  GetDC

  ReleaseDC

  SetCursor

  GetDpiForWindow

  SetActiveWindow

  LoadStringW

  DefWindowProcW

  IsIconic

  SetFocus

  PostQuitMessage

  DestroyWindow

  MessageBeep

  GetForegroundWindow

  GetDlgCtrlID

  SetWindowPos

  RedrawWindow

  GetKeyboardLayout

  CharNextW

  SetWinEventHook

  GetMessageW

  TranslateAcceleratorW

  IsDialogMessageW

  TranslateMessage

  DispatchMessageW

  UnhookWinEvent

  SetWindowTextW

  OpenClipboard

  IsClipboardFormatAvailable

  CloseClipboard

  SetDlgItemTextW

  GetDlgItemTextW

  EndDialog

  SendDlgItemMessageW

  SetScrollPos

  InvalidateRect

  UpdateWindow

  GetWindowPlacement

  SetWindowPlacement

  CharUpperW

  GetSystemMenu

  LoadAcceleratorsW

  SetWindowLongW

  CreateWindowExW

  MonitorFromWindow

  RegisterWindowMessageW

  LoadCursorW

  RegisterClassExW

  GetWindowTextLengthW

  GetWindowLongW

  PeekMessageW

  GetWindowTextW

  EnableWindow

  CreateDialogParamW

  DrawTextExW

  LoadIconW

  LoadImageW

  DialogBoxParamW

  SetThreadDpiAwarenessContext

  SendMessageW

  MoveWindow

  GetClientRect

  GetFocus

  api-ms-win-crt-string-l1-1-0

  memset

  wcsnlen

  wcscmp

  api-ms-win-crt-runtime-l1-1-0

  _c_exit

  _register_thread_local_exe_atexit_callback

  _initterm_e

  _initterm

  api-ms-win-crt-private-l1-1-0

  _o__callnewh

  _o__cexit

  _o__configthreadlocale

  _o__configure_wide_argv

  _o__crt_atexit

  _o__errno

  _o__exit

  _o__get_wide_winmain_command_line

  _o__initialize_onexit_table

  _o__initialize_wide_environment

  _o__invalid_parameter_noinfo

  _o__purecall

  _o__register_onexit_function

  _o__seh_filter_exe

  _o__set_app_type

  _o__set_fmode

  _o__set_new_mode

  _o__wcsicmp

  _o__wtol

  _o_exit

  _o_free

  _o_iswdigit

  _o_malloc

  _o_terminate

  _o_toupper

  __CxxFrameHandler3

  _CxxThrowException

  _o___std_exception_destroy

  _o___std_exception_copy

  _o___p__commode

  _o___stdio_common_vswprintf

  __C_specific_handler

  memcmp

  memcpy

  memmove

  api-ms-win-core-com-l1-1-0

  CoWaitForMultipleHandles

  CoUninitialize

  PropVariantClear

  CoTaskMemFree

  CoTaskMemAlloc

  CoCreateFreeThreadedMarshaler

  CoCreateInstance

  CoInitializeEx

  CoCreateGuid

  api-ms-win-core-shlwapi-legacy-l1-1-0

  PathIsFileSpecW

  PathFindExtensionW

  PathFileExistsW

  api-ms-win-shcore-obsolete-l1-1-0

  SHStrDupW

  api-ms-win-shcore-path-l1-1-0

  ord170

  api-ms-win-shcore-scaling-l1-1-1

  GetDpiForMonitor

  api-ms-win-core-rtlsupport-l1-1-0

  RtlLookupFunctionEntry

  RtlCaptureContext

  RtlVirtualUnwind

  api-ms-win-core-errorhandling-l1-1-0

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RaiseException

  api-ms-win-core-processthreads-l1-1-0

  TerminateProcess

  api-ms-win-core-processthreads-l1-1-1

  GetProcessMitigationPolicy

  IsProcessorFeaturePresent

  api-ms-win-core-profile-l1-1-0

  QueryPerformanceCounter

  api-ms-win-core-sysinfo-l1-1-0

  GetTickCount

  GetSystemTimeAsFileTime

  api-ms-win-core-interlocked-l1-1-0

  InitializeSListHead

  api-ms-win-core-libraryloader-l1-2-0

  LoadLibraryExW

  api-ms-win-core-winrt-string-l1-1-0

  WindowsCreateString

  WindowsDeleteString

  WindowsGetStringRawBuffer

  WindowsCreateStringReference

  api-ms-win-core-synch-l1-1-0

  SetEvent

  CreateEventExW

  api-ms-win-core-winrt-error-l1-1-0

  SetRestrictedErrorInfo

  api-ms-win-core-string-l1-1-0

  CompareStringOrdinal

  api-ms-win-core-winrt-l1-1-0

  RoInitialize

  RoUninitialize

  RoGetActivationFactory

  api-ms-win-core-winrt-error-l1-1-1

  RoGetMatchingRestrictedErrorInfo

  api-ms-win-eventing-provider-l1-1-0

  EventProviderEnabled

  api-ms-win-core-synch-l1-2-0

  Sleep

  comctl32

  CreateStatusWindowW

  ord345

  Sections

  .text

  Size: 145KB - Virtual size: 145KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 37KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 376B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 728B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/setupact.log
• kayflock-beta/packages/ranks/splwow64.exe

  .exe windows:10 windows x64 arch:x64

  0c613b55d7b5ccc10e4a17a05d719c8e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  splwow64.pdb

  Imports

  advapi32

  TraceMessage

  RegOpenKeyW

  RegQueryValueExW

  RegCloseKey

  GetTraceLoggerHandle

  GetTraceEnableLevel

  GetTraceEnableFlags

  RegisterTraceGuidsW

  UnregisterTraceGuids

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RevertToSelf

  GetSidSubAuthority

  GetSidSubAuthorityCount

  OpenThreadToken

  OpenProcessToken

  ConvertSidToStringSidW

  GetTokenInformation

  kernel32

  SystemTimeToFileTime

  Sleep

  GetProcAddress

  SetLastError

  FreeLibrary

  LoadLibraryExW

  CreateActCtxW

  ActivateActCtx

  GetFullPathNameW

  GetSystemDirectoryW

  GetFileAttributesW

  DeactivateActCtx

  ReleaseActCtx

  LoadLibraryW

  TlsAlloc

  TlsFree

  GetModuleHandleW

  HeapSetInformation

  SetErrorMode

  GetErrorMode

  TlsSetValue

  HeapFree

  GetProcessHeap

  HeapAlloc

  FormatMessageW

  GetCurrentThreadId

  GetModuleHandleExW

  GetModuleFileNameA

  DebugBreak

  IsDebuggerPresent

  OutputDebugStringW

  EnterCriticalSection

  ReleaseSRWLockExclusive

  AcquireSRWLockShared

  ReleaseSRWLockShared

  ReleaseSemaphore

  ReleaseMutex

  SetThreadpoolTimer

  WaitForThreadpoolTimerCallbacks

  CloseThreadpoolTimer

  WaitForSingleObjectEx

  InitializeCriticalSectionEx

  OpenSemaphoreW

  CreateThreadpoolTimer

  CreateFileW

  OpenProcess

  DuplicateHandle

  GetCurrentProcess

  CreateMutexExW

  CreateSemaphoreExW

  SetEvent

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  SetThreadPreferredUILanguages

  LocalFree

  VirtualQuery

  GetSystemInfo

  LoadLibraryExA

  VirtualProtect

  GetCurrentThread

  GetTickCount

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  WaitForSingleObject

  CreateThread

  ProcessIdToSessionId

  GetSystemTime

  GetCurrentProcessId

  RaiseException

  GetLastError

  CloseHandle

  DeleteCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  AcquireSRWLockExclusive

  user32

  GetGUIThreadInfo

  IsWindow

  AttachThreadInput

  EnumWindows

  EnumChildWindows

  GetWindowThreadProcessId

  msvcrt

  memset

  memcpy

  ?terminate@@YAXXZ

  __CxxFrameHandler3

  memcmp

  __dllonexit

  _unlock

  _lock

  _commode

  _fmode

  _initterm

  __setusermatherr

  _exit

  exit

  __set_app_type

  __wgetmainargs

  _amsg_exit

  _XcptFilter

  _callnewh

  malloc

  free

  memmove_s

  memcpy_s

  _wtol

  _wcsicmp

  _vsnwprintf

  _purecall

  __C_specific_handler

  _cexit

  _onexit

  sqrt

  winspool.drv

  ClosePrinter

  GetPrinterDataW

  GetPrintOutputInfo

  GetPrinterDriverW

  OpenPrinterW

  rpcrt4

  RpcRevertToSelf

  RpcImpersonateClient

  RpcAsyncCompleteCall

  RpcMgmtStopServerListening

  RpcServerListen

  NdrAsyncServerCall

  NdrServerCallAll

  Ndr64AsyncServerCallAll

  NdrServerCall2

  RpcServerUseProtseqEpW

  RpcServerRegisterIf3

  RpcServerInqBindings

  RpcBindingVectorFree

  RpcServerRegisterAuthInfoW

  api-ms-win-core-com-l1-1-0

  CoCreateInstance

  CoRegisterClassObject

  CoRevokeClassObject

  CoUninitialize

  CoInitializeEx

  ntdll

  RtlLookupFunctionEntry

  RtlCaptureContext

  NtReplyPort

  NtAlpcOpenSenderThread

  NtClose

  NtCompleteConnectPort

  NtAcceptConnectPort

  NtCreatePort

  RtlInitUnicodeString

  TpReleasePool

  TpCallbackMayRunLong

  TpSetWait

  TpSimpleTryPost

  TpAllocWork

  TpPostWork

  TpAllocWait

  TpAllocTimer

  TpSetTimer

  TpAllocIoCompletion

  TpStartAsyncIoOperation

  TpAllocAlpcCompletion

  TpWaitForWork

  TpReleaseWork

  TpWaitForWait

  RtlVirtualUnwind

  TpWaitForTimer

  TpReleaseTimer

  TpWaitForIoCompletion

  TpReleaseIoCompletion

  TpWaitForAlpcCompletion

  TpReleaseAlpcCompletion

  EtwTraceMessage

  EtwEventEnabled

  EtwEventWrite

  NtReplyWaitReceivePort

  RtlNtStatusToDosError

  ZwQueryWnfStateData

  TpReleaseWait

  Sections

  .text

  Size: 72KB - Virtual size: 72KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 23KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 57KB - Virtual size: 57KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 840B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/system.ini
• kayflock-beta/packages/ranks/twain_32.dll

  .dll windows:10 windows x86 arch:x86

  316cd668ed705c998eae8d3bd7bd168f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  twain_32.pdb

  Imports

  msvcrt

  _chdir

  strcpy_s

  _getcwd

  _errno

  _strcmpi

  _chdrive

  strcat_s

  sprintf_s

  strncpy_s

  _snprintf_s

  _purecall

  _ltoa

  atol

  free

  _strnicmp

  _vsnwprintf

  memcpy_s

  remove

  _read

  _close

  _write

  _lseek

  _sopen

  _locking

  _vsnprintf

  strncmp

  _XcptFilter

  _amsg_exit

  _initterm

  _lock

  malloc

  _getdrive

  _unlock

  __dllonexit

  _onexit

  _except_handler4_common

  memcpy

  memset

  kernel32

  SetLastError

  GetTickCount

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  Sleep

  GetTempPathA

  IsDebuggerPresent

  DebugBreak

  GetModuleHandleW

  GetProcessHeap

  GetCurrentProcessId

  CreateMutexExW

  HeapAlloc

  PowerClearRequest

  OpenSemaphoreW

  WaitForSingleObjectEx

  InitOnceComplete

  OutputDebugStringW

  FormatMessageW

  ReleaseMutex

  GetCurrentThreadId

  WaitForSingleObject

  GetModuleHandleExW

  ReleaseSemaphore

  HeapFree

  CreateSemaphoreExW

  InitOnceBeginInitialize

  PowerSetRequest

  GetModuleFileNameA

  WriteProfileStringA

  GetCurrentProcess

  lstrcmpiA

  MultiByteToWideChar

  lstrlenA

  GlobalSize

  GetVersion

  GetLastError

  GlobalFlags

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalUnlock

  PowerCreateRequest

  CloseHandle

  FindFirstFileA

  FindNextFileA

  FindClose

  GetFileAttributesA

  GetSystemDirectoryA

  LoadLibraryA

  GetWindowsDirectoryA

  GetProcAddress

  FreeLibrary

  GetProfileStringA

  GlobalHandle

  OpenFile

  user32

  RegisterWindowMessageA

  LoadStringA

  SendMessageA

  FindWindowA

  PeekMessageA

  DdeCmpStringHandles

  DdeConnect

  DdeQueryConvInfo

  DdeClientTransaction

  DdeDisconnect

  DdeGetData

  DdeGetLastError

  DdeCreateStringHandleA

  DdeCreateDataHandle

  DdeUninitialize

  DdeInitializeA

  DdeFreeStringHandle

  DispatchMessageA

  TranslateMessage

  UnhookWindowsHook

  CallNextHookEx

  EndDialog

  DialogBoxParamA

  SetFocus

  SendDlgItemMessageA

  SetWindowsHookA

  GetDlgItem

  EnableWindow

  PostMessageA

  IsWindow

  CharUpperA

  apphelp

  ApphelpCheckExe

  api-ms-win-eventing-provider-l1-1-0

  EventRegister

  EventWriteTransfer

  EventSetInformation

  EventUnregister

  Exports

  Exports

  AboutDlgProc

  ChooseDlgProc

  DSM_Entry

  InfoHook

  WGDlgProc

  Sections

  .text

  Size: 53KB - Virtual size: 53KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/win.ini
• kayflock-beta/packages/ranks/winhlp32.exe

  .exe windows:10 windows x86 arch:x86

  0dfde2c713801a5c7e6dc0108384fb68

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  winhstb.pdb

  Imports

  advapi32

  EventRegister

  EventWriteTransfer

  EventUnregister

  kernel32

  GetModuleHandleExW

  RaiseException

  HeapSetInformation

  GetProcAddress

  FreeLibrary

  GetCurrentProcess

  UnhandledExceptionFilter

  GetTickCount

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetCurrentProcessId

  QueryPerformanceCounter

  GetModuleHandleW

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  msvcrt

  __p__fmode

  _controlfp

  ?terminate@@YAXXZ

  free

  _XcptFilter

  __p__commode

  _amsg_exit

  __setusermatherr

  _initterm

  _cexit

  _exit

  exit

  __set_app_type

  __getmainargs

  _except_handler4_common

  ole32

  CoInitialize

  CoUninitialize

  CoCreateInstance

  oleaut32

  SysFreeString

  SysAllocString

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 920B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 420B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/packages/ranks/write.exe

  .exe windows:10 windows x64 arch:x64

  90a23f469ba0443719430cba4569b220

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  write.pdb

  Imports

  shell32

  ShellExecuteW

  kernel32

  TerminateProcess

  GetCurrentProcess

  GetStartupInfoW

  HeapSetInformation

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  GetTickCount

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetCurrentProcessId

  QueryPerformanceCounter

  GetModuleHandleW

  Sleep

  msvcrt

  _commode

  ?terminate@@YAXXZ

  _fmode

  _wcmdln

  __C_specific_handler

  _initterm

  __setusermatherr

  _cexit

  _exit

  exit

  __set_app_type

  __wgetmainargs

  _amsg_exit

  _XcptFilter

  Sections

  .text

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 512B - Virtual size: 204B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• kayflock-beta/runtimes/win/lib/net6.0/System.Management.dll

  .dll windows:4 windows x86 arch:x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  11-02-2021 20:09

  Not After

  10-02-2022 20:09

  Subject

  CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  a1:1f:af:de:e3:96:53:43:12:1d:b3:69:f3:c4:14:7a:af:b0:e0:69:63:ab:74:f0:17:b1:9c:67:e4:03:5e:ba

  Signer

  Actual PE Digest

  a1:1f:af:de:e3:96:53:43:12:1d:b3:69:f3:c4:14:7a:af:b0:e0:69:63:ab:74:f0:17:b1:9c:67:e4:03:5e:ba

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  /_/artifacts/obj/System.Management/net6.0-windows-Release/System.Management.pdb

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 272KB - Virtual size: 271KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ