kwinfork.dll
Description:
Authors: Copyright©2025 Kingsoft Corporation. All rights reserved.
Version: 12.1.0.23542
Architecture: 32-bit
Operating System: Windows NT
SHA256: e5e74c3bf9ba05ed3c42262004db3e3d
File Size: 611.5 KB
Uploaded At: Dec. 4, 2025, 6:13 a.m.
Views: 7
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess
Exported Functions
- g_bForkProcess (Ordinal: 1, Address: 0x8fe28)
- kwinfork (Ordinal: 2, Address: 0x31a0)
Imported DLLs & Functions
api-ms-win-crt-convert-l1-1-0.dll
- strtoul (Address: 0x10027330)
api-ms-win-crt-filesystem-l1-1-0.dll
- _lock_file (Address: 0x1002733c)
- _unlock_file (Address: 0x10027338)
api-ms-win-crt-heap-l1-1-0.dll
- _callnewh (Address: 0x1002734c)
- free (Address: 0x10027348)
- malloc (Address: 0x10027344)
api-ms-win-crt-runtime-l1-1-0.dll
- _beginthreadex (Address: 0x10027358)
- _cexit (Address: 0x1002736c)
- _configure_narrow_argv (Address: 0x10027374)
- _crt_atexit (Address: 0x10027388)
- _errno (Address: 0x10027360)
- _execute_onexit_table (Address: 0x10027384)
- _initialize_narrow_environment (Address: 0x10027378)
- _initialize_onexit_table (Address: 0x1002737c)
- _initterm (Address: 0x10027368)
- _initterm_e (Address: 0x10027364)
- _invalid_parameter_noinfo (Address: 0x10027354)
- _invalid_parameter_noinfo_noreturn (Address: 0x1002738c)
- _register_onexit_function (Address: 0x10027380)
- _seh_filter_dll (Address: 0x10027370)
- terminate (Address: 0x1002735c)
api-ms-win-crt-stdio-l1-1-0.dll
- __stdio_common_vsnprintf_s (Address: 0x100273a8)
- __stdio_common_vswprintf_s (Address: 0x10027398)
- _fseeki64 (Address: 0x100273c0)
- _get_stream_buffer_pointers (Address: 0x100273c8)
- fclose (Address: 0x100273a4)
- fflush (Address: 0x1002739c)
- fgetc (Address: 0x10027394)
- fgetpos (Address: 0x100273a0)
- fputc (Address: 0x100273ac)
- fread (Address: 0x100273b0)
- fsetpos (Address: 0x100273c4)
- fwrite (Address: 0x100273bc)
- setvbuf (Address: 0x100273b8)
- ungetc (Address: 0x100273b4)
api-ms-win-crt-string-l1-1-0.dll
- _wcsicmp (Address: 0x100273d0)
- _wcsnicmp (Address: 0x100273d4)
- towlower (Address: 0x100273d8)
api-ms-win-crt-time-l1-1-0.dll
- _time64 (Address: 0x100273e0)
KERNEL32.dll
- CloseHandle (Address: 0x10027078)
- CreateEventW (Address: 0x10027024)
- CreateFileMappingW (Address: 0x100270b4)
- CreateFileW (Address: 0x1002708c)
- CreateProcessW (Address: 0x10027108)
- CreateToolhelp32Snapshot (Address: 0x100270cc)
- DeleteCriticalSection (Address: 0x10027114)
- DeleteFileW (Address: 0x10027104)
- DisableThreadLibraryCalls (Address: 0x10027008)
- DuplicateHandle (Address: 0x10027090)
- EnterCriticalSection (Address: 0x1002704c)
- ExpandEnvironmentStringsW (Address: 0x100270d8)
- FlushInstructionCache (Address: 0x1002709c)
- FreeLibrary (Address: 0x100270e8)
- GetCurrentProcess (Address: 0x10027054)
- GetCurrentProcessId (Address: 0x10027058)
- GetCurrentThread (Address: 0x1002705c)
- GetCurrentThreadId (Address: 0x10027128)
- GetEnvironmentVariableW (Address: 0x100270fc)
- GetExitCodeProcess (Address: 0x10027098)
- GetHandleInformation (Address: 0x10027040)
- GetLastError (Address: 0x10027048)
- GetLongPathNameW (Address: 0x100270dc)
- GetModuleFileNameW (Address: 0x100270c0)
- GetModuleHandleA (Address: 0x10027068)
- GetModuleHandleExA (Address: 0x100270c4)
- GetModuleHandleW (Address: 0x100270ec)
- GetProcAddress (Address: 0x1002706c)
- GetProcessId (Address: 0x10027060)
- GetSystemDirectoryW (Address: 0x100270e0)
- GetSystemInfo (Address: 0x10027080)
- GetSystemTimeAsFileTime (Address: 0x1002700c)
- GetSystemWindowsDirectoryW (Address: 0x100270a0)
- GetSystemWow64DirectoryW (Address: 0x100270e4)
- GetThreadContext (Address: 0x10027134)
- GetThreadId (Address: 0x10027064)
- InitializeCriticalSectionAndSpinCount (Address: 0x10027110)
- InitializeSListHead (Address: 0x10027004)
- IsDebuggerPresent (Address: 0x10027014)
- IsProcessorFeaturePresent (Address: 0x10027018)
- IsWow64Process (Address: 0x100270bc)
- LeaveCriticalSection (Address: 0x10027050)
- LoadLibraryExA (Address: 0x100270c8)
- LoadLibraryW (Address: 0x100270f0)
- lstrlenW (Address: 0x100270f4)
- MapViewOfFile (Address: 0x100270b8)
- Module32FirstW (Address: 0x100270d0)
- Module32NextW (Address: 0x100270d4)
- MultiByteToWideChar (Address: 0x100270f8)
- OpenProcess (Address: 0x1002707c)
- OutputDebugStringW (Address: 0x10027000)
- Process32FirstW (Address: 0x1002711c)
- Process32NextW (Address: 0x10027120)
- ProcessIdToSessionId (Address: 0x10027118)
- QueryPerformanceCounter (Address: 0x10027010)
- RaiseException (Address: 0x1002710c)
- ResetEvent (Address: 0x1002702c)
- ResumeThread (Address: 0x10027130)
- SetEnvironmentVariableW (Address: 0x10027100)
- SetEvent (Address: 0x10027030)
- SetHandleInformation (Address: 0x10027074)
- SetLastError (Address: 0x10027124)
- SetThreadContext (Address: 0x1002703c)
- SetUnhandledExceptionFilter (Address: 0x10027044)
- SuspendThread (Address: 0x1002712c)
- TerminateProcess (Address: 0x1002701c)
- UnhandledExceptionFilter (Address: 0x10027020)
- UnmapViewOfFile (Address: 0x10027088)
- VerifyVersionInfoW (Address: 0x10027070)
- VirtualAlloc (Address: 0x100270a4)
- VirtualFree (Address: 0x10027038)
- VirtualProtect (Address: 0x100270a8)
- VirtualProtectEx (Address: 0x100270ac)
- VirtualQuery (Address: 0x10027034)
- VirtualQueryEx (Address: 0x10027084)
- WaitForSingleObject (Address: 0x10027094)
- WaitForSingleObjectEx (Address: 0x10027028)
- WriteProcessMemory (Address: 0x100270b0)
krpt.dll
- _krpt_RuntimeProtect (Address: 0x100273e8)
- _krpt_SuspendRuntimeProtect (Address: 0x100273ec)
krt.dll
- ?setAppEnv@krt@@YA_NABVQString@kso_qt@@ABVQVariant@3@@Z (Address: 0x100273f4)
- ?winBuildVersion@info@krt@@YAIXZ (Address: 0x10027400)
- ?winMajorVersion@info@krt@@YAIXZ (Address: 0x100273f8)
- ?winMinorVersion@info@krt@@YAIXZ (Address: 0x100273fc)
ksolite.dll
- ?getData@KFpccomb@@QAE?AV?$QSharedPointer@VKFpccombData@@@kso_qt@@_J@Z (Address: 0x1002740c)
- ?getInstance@KFpccomb@@SAPAV1@XZ (Address: 0x10027410)
- ?writeInfo@KxLoggerLite@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z (Address: 0x10027408)
MSVCP140.dll
- _Cnd_do_broadcast_at_thread_exit (Address: 0x1002715c)
- _Mtx_destroy_in_situ (Address: 0x100271c8)
- _Mtx_init_in_situ (Address: 0x100271c4)
- _Mtx_lock (Address: 0x100271cc)
- _Mtx_unlock (Address: 0x100271d0)
- _Thrd_id (Address: 0x10027158)
- _Thrd_join (Address: 0x10027154)
- ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z (Address: 0x10027268)
- ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z (Address: 0x10027208)
- ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ (Address: 0x100271f4)
- ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ (Address: 0x10027228)
- ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z (Address: 0x10027258)
- ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ (Address: 0x10027198)
- ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ (Address: 0x10027288)
- ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ (Address: 0x10027184)
- ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ (Address: 0x10027174)
- ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ (Address: 0x10027224)
- ?_Throw_C_error@std@@YAXH@Z (Address: 0x100271d4)
- ?_Throw_Cpp_error@std@@YAXH@Z (Address: 0x10027160)
- ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ (Address: 0x1002719c)
- ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ (Address: 0x1002728c)
- ?_Xbad_function_call@std@@YAXXZ (Address: 0x100271e8)
- ?_Xinvalid_argument@std@@YAXPBD@Z (Address: 0x100271bc)
- ?_Xlength_error@std@@YAXPBD@Z (Address: 0x10027150)
- ?_Xout_of_range@std@@YAXPBD@Z (Address: 0x100271c0)
- ??0_Lockit@std@@QAE@H@Z (Address: 0x100271ec)
- ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ (Address: 0x10027180)
- ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x10027240)
- ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z (Address: 0x10027190)
- ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z (Address: 0x1002727c)
- ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x10027250)
- ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z (Address: 0x100271dc)
- ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x10027244)
- ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ (Address: 0x10027164)
- ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x1002720c)
- ??1_Lockit@std@@QAE@XZ (Address: 0x100271f0)
- ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10027178)
- ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10027234)
- ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10027194)
- ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10027280)
- ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10027254)
- ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x100271e0)
- ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10027248)
- ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10027168)
- ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10027210)
- ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z (Address: 0x100271e4)
- ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z (Address: 0x10027188)
- ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z (Address: 0x10027278)
- ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z (Address: 0x10027274)
- ??Bid@locale@std@@QAEIXZ (Address: 0x100271d8)
- ?always_noconv@codecvt_base@std@@QBE_NXZ (Address: 0x100271f8)
- ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ (Address: 0x1002718c)
- ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ (Address: 0x10027214)
- ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A (Address: 0x10027270)
- ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z (Address: 0x100271a0)
- ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z (Address: 0x10027148)
- ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z (Address: 0x100271fc)
- ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z (Address: 0x10027200)
- ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z (Address: 0x1002725c)
- ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10027218)
- ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z (Address: 0x10027260)
- ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z (Address: 0x100271a4)
- ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z (Address: 0x10027144)
- ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z (Address: 0x1002717c)
- ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z (Address: 0x10027238)
- ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z (Address: 0x10027284)
- ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x1002721c)
- ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ (Address: 0x100271a8)
- ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ (Address: 0x1002726c)
- ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10027220)
- ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z (Address: 0x1002716c)
- ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z (Address: 0x10027170)
- ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ (Address: 0x100271ac)
- ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x1002713c)
- ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ (Address: 0x10027264)
- ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ (Address: 0x100271b0)
- ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x10027140)
- ?uncaught_exception@std@@YA_NXZ (Address: 0x1002714c)
- ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z (Address: 0x10027204)
- ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z (Address: 0x1002723c)
- ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z (Address: 0x1002724c)
- ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z (Address: 0x100271b4)
- ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z (Address: 0x1002722c)
- ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z (Address: 0x100271b8)
- ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z (Address: 0x10027230)
ntdll.dll
- NtAllocateVirtualMemory (Address: 0x10027418)
- NtCreateUserProcess (Address: 0x1002742c)
- NtFreeVirtualMemory (Address: 0x10027434)
- NtProtectVirtualMemory (Address: 0x1002741c)
- NtQueryInformationProcess (Address: 0x10027424)
- NtQueryObject (Address: 0x10027428)
- NtQueryVirtualMemory (Address: 0x10027420)
- NtReadVirtualMemory (Address: 0x10027430)
- VerSetConditionMask (Address: 0x10027438)
Qt5CoreKso.dll
- ??0QByteArray@kso_qt@@QAE@PBDH@Z (Address: 0x1002729c)
- ??0QString@kso_qt@@QAE@$$QAV01@@Z (Address: 0x100272e4)
- ??0QString@kso_qt@@QAE@ABV01@@Z (Address: 0x10027298)
- ??0QVariant@kso_qt@@QAE@_N@Z (Address: 0x100272ac)
- ??1QByteArray@kso_qt@@QAE@XZ (Address: 0x10027294)
- ??1QString@kso_qt@@QAE@XZ (Address: 0x100272e8)
- ??1QVariant@kso_qt@@QAE@XZ (Address: 0x100272b0)
- ??8QString@kso_qt@@QBE_NPBD@Z (Address: 0x100272dc)
- ??9QString@kso_qt@@QBE_NPBD@Z (Address: 0x100272d8)
- ??Mkso_qt@@YA_NABVQString@0@0@Z (Address: 0x100272e0)
- ?applicationName@QCoreApplication@kso_qt@@SA?AVQString@2@XZ (Address: 0x100272a8)
- ?begin@QListData@kso_qt@@QBEPAPAXXZ (Address: 0x100272cc)
- ?createData@QMapDataBase@kso_qt@@SAPAU12@XZ (Address: 0x100272b8)
- ?createNode@QMapDataBase@kso_qt@@QAEPAUQMapNodeBase@2@HHPAU32@_N@Z (Address: 0x100272c0)
- ?end@QListData@kso_qt@@QBEPAPAXXZ (Address: 0x100272c8)
- ?freeData@QMapDataBase@kso_qt@@SAXPAU12@@Z (Address: 0x100272b4)
- ?freeTree@QMapDataBase@kso_qt@@QAEXPAUQMapNodeBase@2@H@Z (Address: 0x100272bc)
- ?fromAscii_helper@QString@kso_qt@@CAPAU?$QTypedArrayData@G@2@PBDH@Z (Address: 0x100272d0)
- ?instance@QCoreApplication@kso_qt@@SAPAV12@XZ (Address: 0x100272a4)
- ?qputenv@kso_qt@@YA_NPBDABVQByteArray@1@@Z (Address: 0x100272a0)
- ?recalcMostLeftNode@QMapDataBase@kso_qt@@QAEXXZ (Address: 0x100272c4)
- ?toStdWString@QString@kso_qt@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ (Address: 0x100272d4)
VCRUNTIME140.dll
- __current_exception (Address: 0x10027300)
- __current_exception_context (Address: 0x100272fc)
- __CxxFrameHandler3 (Address: 0x1002731c)
- __std_exception_copy (Address: 0x1002730c)
- __std_exception_destroy (Address: 0x10027310)
- __std_terminate (Address: 0x10027308)
- __std_type_info_destroy_list (Address: 0x100272f0)
- _CxxThrowException (Address: 0x10027318)
- _except_handler4_common (Address: 0x100272f8)
- memchr (Address: 0x10027304)
- memcpy (Address: 0x10027320)
- memmove (Address: 0x100272f4)
- memset (Address: 0x10027328)
- strstr (Address: 0x10027324)
- wcsstr (Address: 0x10027314)