kwinfork.dll
Description:
Authors: Copyright©2025 Kingsoft Corporation. All rights reserved.
Version: 12.9.0.23939
Architecture: 32-bit
Operating System: Windows NT
SHA256: 2bb9b30d54bbb155aa15f9afdbe93b4b
File Size: 614.5 KB
Uploaded At: Dec. 4, 2025, 6:17 a.m.
Views: 16
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess
Exported Functions
- g_bForkProcess (Ordinal: 1, Address: 0x90e28)
- kwinfork (Ordinal: 2, Address: 0x31e0)
Imported DLLs & Functions
api-ms-win-crt-convert-l1-1-0.dll
- strtoul (Address: 0x10028334)
api-ms-win-crt-filesystem-l1-1-0.dll
- _lock_file (Address: 0x10028340)
- _unlock_file (Address: 0x1002833c)
api-ms-win-crt-heap-l1-1-0.dll
- _callnewh (Address: 0x10028350)
- free (Address: 0x1002834c)
- malloc (Address: 0x10028348)
api-ms-win-crt-runtime-l1-1-0.dll
- _beginthreadex (Address: 0x10028360)
- _cexit (Address: 0x10028368)
- _configure_narrow_argv (Address: 0x1002837c)
- _crt_atexit (Address: 0x10028390)
- _errno (Address: 0x10028364)
- _execute_onexit_table (Address: 0x1002838c)
- _initialize_narrow_environment (Address: 0x10028380)
- _initialize_onexit_table (Address: 0x10028384)
- _initterm (Address: 0x10028370)
- _initterm_e (Address: 0x1002836c)
- _invalid_parameter_noinfo (Address: 0x10028358)
- _invalid_parameter_noinfo_noreturn (Address: 0x10028374)
- _register_onexit_function (Address: 0x10028388)
- _seh_filter_dll (Address: 0x10028378)
- terminate (Address: 0x1002835c)
api-ms-win-crt-stdio-l1-1-0.dll
- __stdio_common_vsnprintf_s (Address: 0x100283a8)
- __stdio_common_vswprintf_s (Address: 0x100283a4)
- _fseeki64 (Address: 0x100283c0)
- _get_stream_buffer_pointers (Address: 0x100283a0)
- fclose (Address: 0x100283b8)
- fflush (Address: 0x10028398)
- fgetc (Address: 0x1002839c)
- fgetpos (Address: 0x100283cc)
- fputc (Address: 0x100283c8)
- fread (Address: 0x100283b0)
- fsetpos (Address: 0x100283c4)
- fwrite (Address: 0x100283bc)
- setvbuf (Address: 0x100283b4)
- ungetc (Address: 0x100283ac)
api-ms-win-crt-string-l1-1-0.dll
- _wcsicmp (Address: 0x100283d4)
- _wcsnicmp (Address: 0x100283d8)
- towlower (Address: 0x100283dc)
api-ms-win-crt-time-l1-1-0.dll
- _time64 (Address: 0x100283e4)
KERNEL32.dll
- CloseHandle (Address: 0x10028080)
- CreateEventW (Address: 0x10028024)
- CreateFileMappingW (Address: 0x100280bc)
- CreateFileW (Address: 0x10028094)
- CreateProcessW (Address: 0x10028110)
- CreateToolhelp32Snapshot (Address: 0x100280d4)
- DeleteCriticalSection (Address: 0x1002811c)
- DeleteFileW (Address: 0x1002810c)
- DisableThreadLibraryCalls (Address: 0x10028008)
- DuplicateHandle (Address: 0x10028098)
- EnterCriticalSection (Address: 0x10028050)
- ExpandEnvironmentStringsW (Address: 0x100280e0)
- FlushInstructionCache (Address: 0x100280a4)
- FreeLibrary (Address: 0x100280f0)
- GetCurrentProcess (Address: 0x1002805c)
- GetCurrentProcessId (Address: 0x10028060)
- GetCurrentThread (Address: 0x10028064)
- GetCurrentThreadId (Address: 0x10028130)
- GetEnvironmentVariableW (Address: 0x10028104)
- GetExitCodeProcess (Address: 0x100280a0)
- GetHandleInformation (Address: 0x10028040)
- GetLastError (Address: 0x10028048)
- GetLongPathNameW (Address: 0x100280e4)
- GetModuleFileNameW (Address: 0x100280c8)
- GetModuleHandleA (Address: 0x10028070)
- GetModuleHandleExA (Address: 0x100280cc)
- GetModuleHandleW (Address: 0x100280f4)
- GetProcAddress (Address: 0x10028074)
- GetProcessId (Address: 0x10028068)
- GetSystemDirectoryW (Address: 0x100280e8)
- GetSystemInfo (Address: 0x10028088)
- GetSystemTimeAsFileTime (Address: 0x1002800c)
- GetSystemWindowsDirectoryW (Address: 0x100280a8)
- GetSystemWow64DirectoryW (Address: 0x100280ec)
- GetThreadContext (Address: 0x1002813c)
- GetThreadId (Address: 0x1002806c)
- InitializeCriticalSection (Address: 0x1002804c)
- InitializeCriticalSectionAndSpinCount (Address: 0x10028118)
- InitializeSListHead (Address: 0x10028004)
- IsDebuggerPresent (Address: 0x10028014)
- IsProcessorFeaturePresent (Address: 0x10028018)
- IsWow64Process (Address: 0x100280c4)
- LeaveCriticalSection (Address: 0x10028054)
- LoadLibraryExA (Address: 0x100280d0)
- LoadLibraryW (Address: 0x100280f8)
- lstrlenW (Address: 0x100280fc)
- MapViewOfFile (Address: 0x100280c0)
- Module32FirstW (Address: 0x100280d8)
- Module32NextW (Address: 0x100280dc)
- MultiByteToWideChar (Address: 0x10028100)
- OpenProcess (Address: 0x10028084)
- OutputDebugStringW (Address: 0x10028000)
- Process32FirstW (Address: 0x10028124)
- Process32NextW (Address: 0x10028128)
- ProcessIdToSessionId (Address: 0x10028120)
- QueryPerformanceCounter (Address: 0x10028010)
- RaiseException (Address: 0x10028114)
- ResetEvent (Address: 0x1002802c)
- ResumeThread (Address: 0x10028138)
- SetEnvironmentVariableW (Address: 0x10028108)
- SetEvent (Address: 0x10028030)
- SetHandleInformation (Address: 0x1002807c)
- SetLastError (Address: 0x1002812c)
- SetThreadContext (Address: 0x1002803c)
- SetUnhandledExceptionFilter (Address: 0x10028044)
- SuspendThread (Address: 0x10028134)
- TerminateProcess (Address: 0x1002801c)
- TryEnterCriticalSection (Address: 0x10028058)
- UnhandledExceptionFilter (Address: 0x10028020)
- UnmapViewOfFile (Address: 0x10028090)
- VerifyVersionInfoW (Address: 0x10028078)
- VirtualAlloc (Address: 0x100280ac)
- VirtualFree (Address: 0x10028038)
- VirtualProtect (Address: 0x100280b0)
- VirtualProtectEx (Address: 0x100280b4)
- VirtualQuery (Address: 0x10028034)
- VirtualQueryEx (Address: 0x1002808c)
- WaitForSingleObject (Address: 0x1002809c)
- WaitForSingleObjectEx (Address: 0x10028028)
- WriteProcessMemory (Address: 0x100280b8)
krpt.dll
- _krpt_RuntimeProtect (Address: 0x100283ec)
- _krpt_SuspendRuntimeProtect (Address: 0x100283f0)
krt.dll
- ?setAppEnv@krt@@YA_NABVQString@kso_qt@@ABVQVariant@3@@Z (Address: 0x10028400)
- ?winBuildVersion@info@krt@@YAIXZ (Address: 0x100283fc)
- ?winMajorVersion@info@krt@@YAIXZ (Address: 0x10028404)
- ?winMinorVersion@info@krt@@YAIXZ (Address: 0x100283f8)
ksolite.dll
- ?getData@KFpccomb@@QAE?AV?$QSharedPointer@VKFpccombData@@@kso_qt@@_J@Z (Address: 0x10028410)
- ?getInstance@KFpccomb@@SAPAV1@XZ (Address: 0x10028414)
- ?writeInfo@KxLoggerLite@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z (Address: 0x1002840c)
MSVCP140.dll
- _Cnd_do_broadcast_at_thread_exit (Address: 0x10028164)
- _Mtx_destroy_in_situ (Address: 0x100281d0)
- _Mtx_init_in_situ (Address: 0x100281cc)
- _Mtx_lock (Address: 0x100281d4)
- _Mtx_unlock (Address: 0x100281d8)
- _Thrd_id (Address: 0x10028160)
- _Thrd_join (Address: 0x1002815c)
- ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z (Address: 0x10028270)
- ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z (Address: 0x10028210)
- ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ (Address: 0x100281fc)
- ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ (Address: 0x10028230)
- ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z (Address: 0x10028260)
- ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ (Address: 0x100281a0)
- ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ (Address: 0x10028290)
- ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ (Address: 0x1002818c)
- ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ (Address: 0x1002817c)
- ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ (Address: 0x1002822c)
- ?_Throw_C_error@std@@YAXH@Z (Address: 0x100281dc)
- ?_Throw_Cpp_error@std@@YAXH@Z (Address: 0x10028168)
- ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ (Address: 0x100281a4)
- ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ (Address: 0x10028294)
- ?_Xbad_function_call@std@@YAXXZ (Address: 0x100281f0)
- ?_Xinvalid_argument@std@@YAXPBD@Z (Address: 0x100281c4)
- ?_Xlength_error@std@@YAXPBD@Z (Address: 0x10028158)
- ?_Xout_of_range@std@@YAXPBD@Z (Address: 0x100281c8)
- ??0_Lockit@std@@QAE@H@Z (Address: 0x100281f4)
- ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ (Address: 0x10028188)
- ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x10028248)
- ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z (Address: 0x10028198)
- ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z (Address: 0x10028284)
- ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x10028258)
- ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z (Address: 0x100281e4)
- ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x1002824c)
- ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ (Address: 0x1002816c)
- ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x10028214)
- ??1_Lockit@std@@QAE@XZ (Address: 0x100281f8)
- ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10028180)
- ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x1002823c)
- ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x1002819c)
- ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10028288)
- ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x1002825c)
- ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x100281e8)
- ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10028250)
- ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ (Address: 0x10028170)
- ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x10028218)
- ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z (Address: 0x100281ec)
- ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z (Address: 0x10028190)
- ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z (Address: 0x10028280)
- ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z (Address: 0x1002827c)
- ??Bid@locale@std@@QAEIXZ (Address: 0x100281e0)
- ?always_noconv@codecvt_base@std@@QBE_NXZ (Address: 0x10028200)
- ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ (Address: 0x10028194)
- ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ (Address: 0x1002821c)
- ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A (Address: 0x10028278)
- ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z (Address: 0x100281a8)
- ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z (Address: 0x10028150)
- ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z (Address: 0x10028204)
- ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z (Address: 0x10028208)
- ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z (Address: 0x10028264)
- ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10028220)
- ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z (Address: 0x10028268)
- ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z (Address: 0x100281ac)
- ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z (Address: 0x1002814c)
- ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z (Address: 0x10028184)
- ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z (Address: 0x10028240)
- ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z (Address: 0x1002828c)
- ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10028224)
- ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ (Address: 0x100281b0)
- ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ (Address: 0x10028274)
- ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ (Address: 0x10028228)
- ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z (Address: 0x10028174)
- ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z (Address: 0x10028178)
- ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ (Address: 0x100281b4)
- ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x10028144)
- ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ (Address: 0x1002826c)
- ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ (Address: 0x100281b8)
- ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ (Address: 0x10028148)
- ?uncaught_exception@std@@YA_NXZ (Address: 0x10028154)
- ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z (Address: 0x1002820c)
- ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z (Address: 0x10028244)
- ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z (Address: 0x10028254)
- ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z (Address: 0x100281bc)
- ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z (Address: 0x10028234)
- ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z (Address: 0x100281c0)
- ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z (Address: 0x10028238)
ntdll.dll
- NtAllocateVirtualMemory (Address: 0x10028424)
- NtCreateUserProcess (Address: 0x10028438)
- NtFreeVirtualMemory (Address: 0x1002841c)
- NtProtectVirtualMemory (Address: 0x1002843c)
- NtQueryInformationProcess (Address: 0x10028430)
- NtQueryObject (Address: 0x10028434)
- NtQueryVirtualMemory (Address: 0x10028428)
- NtReadVirtualMemory (Address: 0x10028420)
- RtlExitUserThread (Address: 0x1002842c)
- VerSetConditionMask (Address: 0x10028440)
Qt5CoreKso.dll
- ??0QByteArray@kso_qt@@QAE@PBDH@Z (Address: 0x100282a4)
- ??0QString@kso_qt@@QAE@$$QAV01@@Z (Address: 0x100282e8)
- ??0QString@kso_qt@@QAE@ABV01@@Z (Address: 0x100282a0)
- ??0QVariant@kso_qt@@QAE@_N@Z (Address: 0x100282b4)
- ??1QByteArray@kso_qt@@QAE@XZ (Address: 0x1002829c)
- ??1QString@kso_qt@@QAE@XZ (Address: 0x100282ec)
- ??1QVariant@kso_qt@@QAE@XZ (Address: 0x100282b8)
- ??8QString@kso_qt@@QBE_NPBD@Z (Address: 0x100282e0)
- ??Mkso_qt@@YA_NABVQString@0@0@Z (Address: 0x100282e4)
- ?applicationName@QCoreApplication@kso_qt@@SA?AVQString@2@XZ (Address: 0x100282b0)
- ?begin@QListData@kso_qt@@QBEPAPAXXZ (Address: 0x100282d4)
- ?createData@QMapDataBase@kso_qt@@SAPAU12@XZ (Address: 0x100282c0)
- ?createNode@QMapDataBase@kso_qt@@QAEPAUQMapNodeBase@2@HHPAU32@_N@Z (Address: 0x100282c8)
- ?end@QListData@kso_qt@@QBEPAPAXXZ (Address: 0x100282d0)
- ?freeData@QMapDataBase@kso_qt@@SAXPAU12@@Z (Address: 0x100282bc)
- ?freeTree@QMapDataBase@kso_qt@@QAEXPAUQMapNodeBase@2@H@Z (Address: 0x100282c4)
- ?fromAscii_helper@QString@kso_qt@@CAPAU?$QTypedArrayData@G@2@PBDH@Z (Address: 0x100282d8)
- ?instance@QCoreApplication@kso_qt@@SAPAV12@XZ (Address: 0x100282ac)
- ?qputenv@kso_qt@@YA_NPBDABVQByteArray@1@@Z (Address: 0x100282a8)
- ?recalcMostLeftNode@QMapDataBase@kso_qt@@QAEXXZ (Address: 0x100282cc)
- ?toStdWString@QString@kso_qt@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ (Address: 0x100282dc)
VCRUNTIME140.dll
- __current_exception (Address: 0x10028304)
- __current_exception_context (Address: 0x10028300)
- __CxxFrameHandler3 (Address: 0x10028324)
- __std_exception_copy (Address: 0x10028314)
- __std_exception_destroy (Address: 0x10028318)
- __std_terminate (Address: 0x10028310)
- __std_type_info_destroy_list (Address: 0x100282f8)
- _CxxThrowException (Address: 0x10028320)
- _except_handler4_common (Address: 0x100282f4)
- memchr (Address: 0x10028308)
- memcpy (Address: 0x10028328)
- memmove (Address: 0x100282fc)
- memset (Address: 0x1002832c)
- strstr (Address: 0x1002831c)
- wcsstr (Address: 0x1002830c)