MalScore
100/100

pvU4at.png

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 14/68 Related 2245
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 284.50 KB (291328 bytes)
Compile time: 2018-11-05 10:46:07
MD5: 221949c69aa5e93d492d59c009a73121
SHA1: ca91d28b58ffbd445093c48b7ed9d569e6f24583
SHA256: 204b13630f104bf2905d388daf99454ddff0bf3a31a33c61859722920a55d7c3
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-11-05 21:18:03
Last submission: 2018-11-05 21:18:03
Filename detected: - pvU4at.png (1)
URL file hosting
hXXps://e.coka.la/pvU4at.pngVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-11-05 17:10:01 [14/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x43ca4 278016 9f2d06beeef3e7228e0f4ea7f2b2f89c 1b104be5189f5e3cb4f0dc56e14a73e72735edf1
.rsrc 0x46000 0x3000 12288 6cee5e8308cffa303535ebbc8f68e351 6dd63d5b24dcd6e79eee452d830f6e24b88a734a
.reloc 0x4a000 0xc 512 561614f9a75842c4ce384f44fc9b0d6a 89e9777d8010e4bd9198c5b4954b5fe9dd82b89b
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
wNjpmOWdBIjKXEUwvwiSx.dll
inLGdYAATUszXBKWLpstzXUMZ.dll
UpbmWZJwOXTDiFAdNZdEvwk.dll
CJSUoyjaeejPhtPNFzhFPjsPg.dll
kyuMWJnekZxCSPSerrQjC.dll
RPjWwhnbumZUjWOHKsksZTHgZ.dll
rKqFxeAWBeOFoiEZKwzuL.dll
uFHTrFaxOnbilOhMVmhUHytRs.dll
HuZLzZkKmdOcJtHszlCDLsITc.dll
WgztFwWlXorjTOwnUDxzduseC.dll
bnGRGeNpBWbDvbUGBeTFL.dll
EktXyAJUzeNIKykGcvpjd.dll
jKjtRcRPKwgkVOSYEvDZYLlZI.dll
jRugSxfylvcvMtxUgBoVXRSST.dll
afQnIkNRVbKWKxPDIUEXq.dll
xpYCjymnvmyWXWGspXFcS.dll
PihlFCBELqGtGhLqlicwPGU.dll
FsCdtRFZGNwhCAGcAWFLtME.dll
pfegieMzBkCFzhQnTbTyKqfIk.dll
qfxRAPeKhGJMjzdkSMvFvBufz.dll
MDqGYyxkRypNhshkYQhzI.dll
eAmaFbYYheYlCYDolLpyA.dll
nswOxgJPYmKyyLkwsEJFlji.dll
cLPtCkFWHVHFJCkSvfjQDadxE.dll
eCfFxBfMQNHJBVGFwdWce.dll
yPwZaYvklRSGJYVXbXQFS.dll
xYfmgiHbALXTQapvYpLGI.dll
VCHHytUSYIWrFTjzyJRMCwGqn.dll
apzwkqoWlVNOBWtXdFLfiaJqs.dll
DMsNwbvSbGNVzikeezVOI.dll
eVgtNVkDDgOwJLYmLOaze.dll
tBdHLaJbXayJGisGYNiSiRx.dll
hvOiqpFstiYXfXHhXGztT.dll
BXzNbWDbRxTARfVRxgYtP.dll
unMMFrOceayYhmcFmLnofTovw.dll
PkeFMYPsmeSAXRdktwYrm.dll
mYcQGgLyiMwMmUBQncUDf.dll
poaTvvgORKCUmoxridZTEgYBd.dll
GnOJOneArdWxfMkHoiUcf.dll
GANzNlepruSpDKxHYfZuZSj.dll
ZckoETmSpSnYcLIrkNduscUkb.dll
OwLrvXHnZxQiWppDOonZm.dll
ljRfATVmEbdHUTKOOuDMx.dll
qzoFRBwBoLHOQyFvHvhTP.dll
IoSYbnnzocVwUMqDxPSjgyR.dll
oEmQeGGHTyirgRetiKRik.dll
vmbPtJPPoyHlujATIRXfIjF.dll
JEBxgoUrytedofHpNpNLt.dll
SlmEHSScvhsrDTJSyhXGNqC.dll
aLlbXAFRausTbPMwxMVULTGCL.dll
KEXxNEkEYJaRydwgKEYySeFVw.dll
eBWNaxZzbBVItECUqgpmk.dll
yWRNTDkvwwHsYFbeZuzkV.dll
zjyghFbnZIIQxSuBAFJKuvZ.dll
uaRNDCtXlVzTRVYjZadBtrBYA.dll
snVdfjWMmnAwuByfGuwOU.dll
lpirldNLIWsMNDcItXpuq.dll
XaKCYAgNZQHKNRTtXLYQqURFF.dll
PRCERTkAAjuTCivPJshRU.dll
TubbnuPyYqxfLDGdKcklGhkdw.dll
KfVtNcjIkNrPMhoSajEJilcBq.dll
SgKBSZYiuRgVEaWEVPXja.dll
iUFVquGrlOFtKAblzYnNzmq.dll
NBiTUillBrylxnJWeIGEu.dll
yPVRVeKWFSrgzlCVfrlVzgg.dll
HLhxDnoNoDlUyYGLysOpOwhqF.dll
WypqSwLshgXgocIXinMekDMjp.dll
xixAWbObXkcHrzoryxAxFoD.dll
UEsKkYmgdmYBUAtMagwCoRsZi.dll
lCwswLVZcilUhwCgKGmVy.dll
RAoysbiicCQIprSKVBsrdxc.dll
FZLIHtUjZVJowICNabfGYuW.dll
RnOIgWXYBeTDajxIAAXJe.dll
qKDhQADKEQpFJdcvcTxtMVS.dll
hSupiPftQTLHJXFAeidkw.dll
YVSQMptnGtDYAniYxtJOF.dll
GnPwqNxbNDjhMUNRehfomKx.dll
tnfNaKwiSajEGXhdYjBxW.dll
DuHIzmFBjZnbLndLyCIYaiD.dll
mkVXDmJRCySGkBWkNAxdi.dll
xeQekKBiOZDkUKoiKZmxk.dll
fLFOewALkoUhJNpyFWfIwuH.dll
ZmQiNMpjEkhPHzvuDgPlj.dll
vjkaZGbqtQNMXsLQadkYy.dll
INckQcfKXOaAOOeelvsun.dll
rVAbvaCZDpLPuvrAMqhvWvl.dll
zkyJtocByrErYJqqlYOXM.dll
taRZphnLBpxAobfMeIGAiCP.dll
BLvvIgxeYyYNvEiAsbwMHUqwU.dll
moNTutPJJEAAYhUxGzsQy.dll
FUOweOXfhKuoMWUSXKCykvM.dll
RGCObzHpyBISiImwVjBeZ.dll
NpLDkzWsACVKTihfKSnXrBQms.dll
DeRQUYlctZgFCtQUnLchsvo.dll
WYEpABfCGikMsCpZAOjuz.dll
PJpomJnwuvdiObIDzYgNHXg.dll
PFJqYbsTRxvvyNsjzuhkiAo.dll
eseSNIIPImMQHQXGzIATo.dll
uFBqYetiFhyKPdkDtHxYFVGoI.dll
DOKFEgxEJsnjfaKqOnuxR.dll
OJQgBpDekzCRSnDXPiLAd.dll
qmioLnyMpjiVuBlEeMKHX.dll
QFLgQYUkFjDufMdBdYNjJ.dll
IXCdLnYoVjLoBCYRGePlRAwrf.dll
ZVSHCqIyebJaldytPUjNKGV.dll
mscoree.dll
HBohQpAftmTHDKDPVXKZBUiQk.dll
AnYDipuYuYNtEGqcdHUBi.dll
ZRjmKkpLBWRbHemMCQXXu.dll
ZakuZwndvcZuxdMCuzwuk.dll
TfsEzhwndmhiimkPqTDga.dll
IP Found
No IP detected
URL(s)
http://bit.ly/
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-05 21:10:11 2018-11-05 21:10:11

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-05 21:10:11 2018-11-05 21:10:11

6 Summary items with data

Files

\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\z.exe.cfg
C:\Windows\sysnative\C_932.NLS
C:\Windows\sysnative\C_949.NLS
C:\Windows\sysnative\C_950.NLS
C:\Windows\sysnative\C_936.NLS
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\it-IT\MSCTF.dll.mui
C:\Users\Seven01\AppData\Local\Temp\usnerd32.DLL
C:\Windows\System32\usnerd32.DLL
C:\Windows\system\usnerd32.DLL
C:\Windows\usnerd32.DLL
C:\ProgramData\Oracle\Java\javapath\usnerd32.DLL
C:\Windows\System32\wbem\usnerd32.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\usnerd32.DLL
C:\Users\Seven01\AppData\Local\Temp\kerneld32.DLL
C:\Windows\System32\kerneld32.DLL
C:\Windows\system\kerneld32.DLL
C:\Windows\kerneld32.DLL
C:\ProgramData\Oracle\Java\javapath\kerneld32.DLL
C:\Windows\System32\wbem\kerneld32.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\kerneld32.DLL
C:\Users\Seven01\AppData\Local\Temp\IPHlpApi.DLL
C:\Windows\System32\IPHLPAPI.DLL
C:\Users\Seven01\AppData\Local\Temp\WINNSI.DLL
C:\Windows\System32\winnsi.dll
C:\Users\Seven01\AppData\Local\Temp
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp\z.exe

Read Files

\Device\KsecDD
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\it-IT\MSCTF.dll.mui
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\z.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\z.exe

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Local\MSCTF.Asm.MutexDefault1

Resolved APIs

cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
oleaut32.dll.OleLoadPictureEx
oleaut32.dll.DispCallFunc
oleaut32.dll.LoadTypeLibEx
oleaut32.dll.UnRegisterTypeLib
oleaut32.dll.CreateTypeLib2
oleaut32.dll.VarDateFromUdate
oleaut32.dll.VarUdateFromDate
oleaut32.dll.GetAltMonthNames
oleaut32.dll.VarNumFromParseNum
oleaut32.dll.VarParseNumFromStr
oleaut32.dll.VarDecFromR4
oleaut32.dll.VarDecFromR8
oleaut32.dll.VarDecFromDate
oleaut32.dll.VarDecFromI4
oleaut32.dll.VarDecFromCy
oleaut32.dll.VarR4FromDec
oleaut32.dll.GetRecordInfoFromTypeInfo
oleaut32.dll.GetRecordInfoFromGuids
oleaut32.dll.SafeArrayGetRecordInfo
oleaut32.dll.SafeArraySetRecordInfo
oleaut32.dll.SafeArrayGetIID
oleaut32.dll.SafeArraySetIID
oleaut32.dll.SafeArrayCopyData
oleaut32.dll.SafeArrayAllocDescriptorEx
oleaut32.dll.SafeArrayCreateEx
oleaut32.dll.VarFormat
oleaut32.dll.VarFormatDateTime
oleaut32.dll.VarFormatNumber
oleaut32.dll.VarFormatPercent
oleaut32.dll.VarFormatCurrency
oleaut32.dll.VarWeekdayName
oleaut32.dll.VarMonthName
oleaut32.dll.VarAdd
oleaut32.dll.VarAnd
oleaut32.dll.VarCat
oleaut32.dll.VarDiv
oleaut32.dll.VarEqv
oleaut32.dll.VarIdiv
oleaut32.dll.VarImp
oleaut32.dll.VarMod
oleaut32.dll.VarMul
oleaut32.dll.VarOr
oleaut32.dll.VarPow
oleaut32.dll.VarSub
oleaut32.dll.VarXor
oleaut32.dll.VarAbs
oleaut32.dll.VarFix
oleaut32.dll.VarInt
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarRound
oleaut32.dll.VarCmp
oleaut32.dll.VarDecAdd
oleaut32.dll.VarDecCmp
oleaut32.dll.VarBstrCat
oleaut32.dll.VarCyMulI4
oleaut32.dll.VarBstrCmp
ole32.dll.CoCreateInstanceEx
ole32.dll.CLSIDFromProgIDEx
sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.GetMonitorInfoA
dwmapi.dll.DwmIsCompositionEnabled
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
gdi32.dll.GetTextExtentExPointWPri
ntdll.dll.NtSetInformationProcess
kernel32.dll.WriteProfileStringW
kernel32.dll.LocalAlloc
kernel32.dll.CreateThread
kernel32.dll.GetCurrentThread
kernel32.dll.TerminateThread
kernel32.dll.Sleep
kernel32.dll.HeapAlloc
kernel32.dll.SetLastError
kernel32.dll.SetErrorMode
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.CreateFileA
kernel32.dll.WriteFile
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.GetFileSize
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualProtectEx
kernel32.dll.GetLongPathNameA
kernel32.dll.TerminateProcess
iphlpapi.dll.GetAdaptersInfo
kernel32.dll.VirtualAllocEx
shell32.dll.ShellExecuteA

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-11-05 21:18:19