MalScore
100/100

PAETools.exe

Is DLL Packer Anti Debug Anti VM Signed XOR
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 183.00 KB (187392 bytes)
Compile time: 1992-06-20 00:22:17
MD5: b5e02296d01cd54f8b04de10a1ea2c9c
SHA1: 45d58ee22e6a05a869361239d6be1472cb0e56d1
SHA256: 1ee115c74ff59070e90b4cb4024c3fc1f065e3b7c02ea76bb82e78b79722d5c1
Import hash: 770d878cfa640b8e4fc0c55eeb78246e
Sections 10 CODE DATA BSS .idata .tls .rdata .reloc .rsrc .aspack .adata
Directories 4 import resource tls relocation
First submission: 2022-02-20 05:09:08
Last submission: 2022-02-20 05:09:08
Filename detected: - PAETools.exe (1)
URL file hosting
hXXp://soft.110route.com/PAETools.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 8 suspicious
Name VAddress VSize Size MD5 SHA1
CODE 0x1000 0x5c000 165888 685d548bd0ecb19eeba0208f98b5c884 9715f0b5fe7fcf9c4001526e58bb2a3925f08b9a
DATA 0x5d000 0x2000 3072 9110e6f8b04cd1eaad932710733243da dfde2281a3e00aae91da3fe88deb75cafc2c401a
BSS 0x5f000 0x1000 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.idata 0x60000 0x3000 3072 fd29f0403c2fdae031e9ac5e18531d6e bb41bfd94d57399ef2e1c3798f559371fd0aa40f
.tls 0x63000 0x1000 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rdata 0x64000 0x1000 512 79afbf937e3030efe11e98f64344bc34 560329a193c55a822ef21986d6cd46da47f739a6
.reloc 0x65000 0x6000 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rsrc 0x6b000 0x6000 8192 c0a1144baaa09979c9324f42b661bd82 8c636403d6231bb0218379162bd765b9ab847324
.aspack 0x71000 0x2000 5632 a811607ccfce26b7452c0680eeb5db4d 89029ee1ef98bd64aeaf508477ed4652c9b6e635
.adata 0x73000 0x1000 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
ASProtect V2.X DLL -> Alexey Solodovnikov
ASPack v2.12
ASPack v2.1
File found
FIle type: Library
USER32.dll
KERNEL32.dll
GDI32.dll
comctl32.dll
ole32.dll
ADVAPI32.dll
OLEAUT32.dll
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2022-02-20 04:59:35 2022-02-20 05:02:37 182

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2022-02-20 04:59:35 2022-02-20 05:02:37 182

6 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\PAETools.ITA
C:\Users\Seven01\AppData\Local\Temp\PAETools.ITA.DLL
C:\Users\Seven01\AppData\Local\Temp\PAETools.IT
C:\Users\Seven01\AppData\Local\Temp\PAETools.IT.DLL
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\it-IT\user32.dll.mui
C:\Users\Seven01\AppData\Local\Temp\PAETools.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
\Device\KsecDD
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Windows\SysWOW64\it-IT\MSCTF.dll.mui

Read Files

C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\it-IT\user32.dll.mui
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
\Device\KsecDD
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Windows\SysWOW64\it-IT\MSCTF.dll.mui

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\PAETools.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Local\MSCTF.Asm.MutexDefault1

Resolved APIs

kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.VirtualProtect
kernel32.dll.GetCurrentThreadId
kernel32.dll.DeleteCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.InitializeCriticalSection
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
kernel32.dll.InterlockedDecrement
kernel32.dll.InterlockedIncrement
kernel32.dll.VirtualQuery
kernel32.dll.WideCharToMultiByte
kernel32.dll.MultiByteToWideChar
kernel32.dll.lstrlenA
kernel32.dll.lstrcpynA
kernel32.dll.lstrcpyA
kernel32.dll.LoadLibraryExA
kernel32.dll.GetThreadLocale
kernel32.dll.GetStartupInfoA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetLastError
kernel32.dll.GetCommandLineA
kernel32.dll.FreeLibrary
kernel32.dll.FindFirstFileA
kernel32.dll.FindClose
kernel32.dll.ExitProcess
kernel32.dll.WriteFile
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetFilePointer
kernel32.dll.SetEndOfFile
kernel32.dll.RtlUnwind
kernel32.dll.ReadFile
kernel32.dll.RaiseException
kernel32.dll.GetStdHandle
kernel32.dll.GetFileSize
kernel32.dll.GetFileType
kernel32.dll.CreateFileA
kernel32.dll.CloseHandle
user32.dll.GetKeyboardType
user32.dll.LoadStringA
user32.dll.MessageBoxA
user32.dll.CharNextA
advapi32.dll.RegQueryValueExA
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegCloseKey
oleaut32.dll.VariantChangeTypeEx
oleaut32.dll.VariantCopyInd
oleaut32.dll.VariantClear
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
oleaut32.dll.SysReAllocStringLen
oleaut32.dll.SysAllocStringLen
kernel32.dll.TlsSetValue
kernel32.dll.TlsGetValue
advapi32.dll.OpenProcessToken
advapi32.dll.LookupPrivilegeValueA
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.WritePrivateProfileStringA
kernel32.dll.WaitForSingleObject
kernel32.dll.Sleep
kernel32.dll.SizeofResource
kernel32.dll.SetThreadLocale
kernel32.dll.SetFileAttributesA
kernel32.dll.SetEvent
kernel32.dll.SetErrorMode
kernel32.dll.MulDiv
kernel32.dll.LockResource
kernel32.dll.LoadResource
kernel32.dll.LoadLibraryA
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalHandle
kernel32.dll.GlobalLock
kernel32.dll.GlobalFree
kernel32.dll.GlobalDeleteAtom
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalAddAtomA
kernel32.dll.GetVersionExA
kernel32.dll.GetVersion
kernel32.dll.GetTickCount
kernel32.dll.GetSystemInfo
kernel32.dll.GetPrivateProfileStringA
kernel32.dll.GetLocalTime
kernel32.dll.GetDiskFreeSpaceA
kernel32.dll.GetDateFormatA
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCPInfo
kernel32.dll.FreeResource
kernel32.dll.FormatMessageA
kernel32.dll.FindResourceA
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.FileTimeToDosDateTime
kernel32.dll.EnumCalendarInfoA
kernel32.dll.CreateThread
kernel32.dll.CreateEventA
kernel32.dll.CompareStringA
gdi32.dll.UnrealizeObject
gdi32.dll.StretchBlt
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetWinMetaFileBits
gdi32.dll.SetViewportOrgEx
gdi32.dll.SetTextColor
gdi32.dll.SetStretchBltMode
gdi32.dll.SetROP2
gdi32.dll.SetPixel
gdi32.dll.SetEnhMetaFileBits
gdi32.dll.SetDIBColorTable
gdi32.dll.SetBrushOrgEx
gdi32.dll.SetBkMode
gdi32.dll.SetBkColor
gdi32.dll.SelectPalette
gdi32.dll.SelectObject
gdi32.dll.SaveDC
gdi32.dll.RestoreDC
gdi32.dll.RectVisible
gdi32.dll.RealizePalette
gdi32.dll.PlayEnhMetaFile
gdi32.dll.PatBlt
gdi32.dll.MoveToEx
gdi32.dll.MaskBlt
gdi32.dll.LineTo
gdi32.dll.IntersectClipRect
gdi32.dll.GetWindowOrgEx
gdi32.dll.GetWinMetaFileBits
gdi32.dll.GetTextMetricsA
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.GetStockObject
gdi32.dll.GetPixel
gdi32.dll.GetPaletteEntries
gdi32.dll.GetObjectA
gdi32.dll.GetEnhMetaFilePaletteEntries
gdi32.dll.GetEnhMetaFileHeader
gdi32.dll.GetEnhMetaFileBits
gdi32.dll.GetDeviceCaps
gdi32.dll.GetDIBits
gdi32.dll.GetDIBColorTable
gdi32.dll.GetDCOrgEx
gdi32.dll.GetCurrentPositionEx
gdi32.dll.GetClipBox
gdi32.dll.GetBrushOrgEx
gdi32.dll.GetBitmapBits
gdi32.dll.GdiFlush
gdi32.dll.ExcludeClipRect
gdi32.dll.DeleteObject
gdi32.dll.DeleteEnhMetaFile
gdi32.dll.DeleteDC
gdi32.dll.CreateSolidBrush
gdi32.dll.CreatePenIndirect
gdi32.dll.CreatePalette
gdi32.dll.CreateHalftonePalette
gdi32.dll.CreateFontIndirectA
gdi32.dll.CreateDIBitmap
gdi32.dll.CreateDIBSection
gdi32.dll.CreateCompatibleDC
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.CreateBrushIndirect
gdi32.dll.CreateBitmap
gdi32.dll.CopyEnhMetaFileA
gdi32.dll.BitBlt
user32.dll.WindowFromPoint
user32.dll.WinHelpA
user32.dll.WaitMessage
user32.dll.UpdateWindow
user32.dll.UnregisterClassA
user32.dll.UnhookWindowsHookEx
user32.dll.TranslateMessage
user32.dll.TranslateMDISysAccel
user32.dll.TrackPopupMenu
user32.dll.SystemParametersInfoA
user32.dll.ShowWindow
user32.dll.ShowScrollBar
user32.dll.ShowOwnedPopups
user32.dll.ShowCursor
user32.dll.SetWindowsHookExA
user32.dll.SetWindowPos
user32.dll.SetWindowPlacement
user32.dll.SetWindowLongA
user32.dll.SetTimer
user32.dll.SetScrollRange
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.SetRect
user32.dll.SetPropA
user32.dll.SetMenuItemInfoA
user32.dll.SetMenu
user32.dll.SetForegroundWindow
user32.dll.SetFocus
user32.dll.SetCursor
user32.dll.SetClassLongA
user32.dll.SetCapture
user32.dll.SetActiveWindow
user32.dll.SendMessageA
user32.dll.ScrollWindow
user32.dll.ScreenToClient
user32.dll.RemovePropA
user32.dll.RemoveMenu
user32.dll.ReleaseDC
user32.dll.ReleaseCapture
user32.dll.RegisterWindowMessageA
user32.dll.RegisterClipboardFormatA
user32.dll.RegisterClassA
user32.dll.PtInRect
user32.dll.PostQuitMessage
user32.dll.PostMessageA
user32.dll.PeekMessageA
user32.dll.OffsetRect
user32.dll.OemToCharA
user32.dll.MapWindowPoints
user32.dll.MapVirtualKeyA
user32.dll.LoadKeyboardLayoutA
user32.dll.LoadIconA
user32.dll.LoadCursorA
user32.dll.LoadBitmapA
user32.dll.KillTimer
user32.dll.IsZoomed
user32.dll.IsWindowVisible
user32.dll.IsWindowEnabled
user32.dll.IsWindow
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsDialogMessageA
user32.dll.IsChild
user32.dll.InvalidateRect
user32.dll.IntersectRect
user32.dll.InsertMenuItemA
user32.dll.InsertMenuA
user32.dll.InflateRect
user32.dll.GetWindowThreadProcessId
user32.dll.GetWindowTextA
user32.dll.GetWindowRect
user32.dll.GetWindowPlacement
user32.dll.GetWindowLongA
user32.dll.GetWindowDC
user32.dll.GetTopWindow
user32.dll.GetSystemMetrics
user32.dll.GetSystemMenu
user32.dll.GetSysColor
user32.dll.GetSubMenu
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.GetPropA
user32.dll.GetParent
user32.dll.GetWindow
user32.dll.GetMenuStringA
user32.dll.GetMenuState
user32.dll.GetMenuItemInfoA
user32.dll.GetMenuItemID
user32.dll.GetMenuItemCount
user32.dll.GetMenu
user32.dll.GetLastActivePopup
user32.dll.GetKeyboardState
user32.dll.GetKeyboardLayoutList
user32.dll.GetKeyboardLayout
user32.dll.GetKeyState
user32.dll.GetKeyNameTextA
user32.dll.GetIconInfo
user32.dll.GetForegroundWindow
user32.dll.GetFocus
user32.dll.GetDesktopWindow
user32.dll.GetDCEx
user32.dll.GetDC
user32.dll.GetCursorPos
user32.dll.GetCursor
user32.dll.GetClipboardData
user32.dll.GetClientRect
user32.dll.GetClassInfoA
user32.dll.GetCapture
user32.dll.GetActiveWindow
user32.dll.FrameRect
user32.dll.FindWindowA
user32.dll.FillRect
user32.dll.ExitWindowsEx
user32.dll.EqualRect
user32.dll.EnumWindows
user32.dll.EnumThreadWindows
user32.dll.EndPaint
user32.dll.EnableWindow
user32.dll.EnableScrollBar
user32.dll.EnableMenuItem
user32.dll.DrawTextA
user32.dll.DrawMenuBar
user32.dll.DrawIconEx
user32.dll.DrawIcon
user32.dll.DrawFrameControl
user32.dll.DrawEdge
user32.dll.DispatchMessageA
user32.dll.DestroyWindow
user32.dll.DestroyMenu
user32.dll.DestroyIcon
user32.dll.DestroyCursor
user32.dll.DeleteMenu
user32.dll.DefWindowProcA
user32.dll.DefMDIChildProcA
user32.dll.DefFrameProcA
user32.dll.CreateWindowExA
user32.dll.CreatePopupMenu
user32.dll.CreateMenu
user32.dll.CreateIcon
user32.dll.ClientToScreen
user32.dll.CheckMenuItem
user32.dll.CallWindowProcA
user32.dll.CallNextHookEx
user32.dll.BeginPaint
user32.dll.CharLowerBuffA
user32.dll.CharLowerA
user32.dll.AdjustWindowRectEx
user32.dll.ActivateKeyboardLayout
ole32.dll.CreateStreamOnHGlobal
ole32.dll.CoUninitialize
ole32.dll.CoInitialize
ole32.dll.IsEqualGUID
oleaut32.dll.GetErrorInfo
comctl32.dll.ImageList_SetIconSize
comctl32.dll.ImageList_GetIconSize
comctl32.dll.ImageList_Write
comctl32.dll.ImageList_Read
comctl32.dll.ImageList_GetDragImage
comctl32.dll.ImageList_DragShowNolock
comctl32.dll.ImageList_SetDragCursorImage
comctl32.dll.ImageList_DragMove
comctl32.dll.ImageList_DragLeave
comctl32.dll.ImageList_DragEnter
comctl32.dll.ImageList_EndDrag
comctl32.dll.ImageList_BeginDrag
comctl32.dll.ImageList_Remove
comctl32.dll.ImageList_DrawEx
comctl32.dll.ImageList_Draw
comctl32.dll.ImageList_GetBkColor
comctl32.dll.ImageList_SetBkColor
comctl32.dll.ImageList_ReplaceIcon
comctl32.dll.ImageList_Add
comctl32.dll.ImageList_GetImageCount
comctl32.dll.ImageList_Destroy
comctl32.dll.ImageList_Create
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetDiskFreeSpaceExA
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
dwmapi.dll.DwmIsCompositionEnabled
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
comctl32.dll.InitializeFlatSB
comctl32.dll.UninitializeFlatSB
comctl32.dll.FlatSB_GetScrollProp
comctl32.dll.FlatSB_SetScrollProp
comctl32.dll.FlatSB_EnableScrollBar
comctl32.dll.FlatSB_ShowScrollBar
comctl32.dll.FlatSB_GetScrollRange
comctl32.dll.FlatSB_GetScrollInfo
comctl32.dll.FlatSB_GetScrollPos
comctl32.dll.FlatSB_SetScrollPos
comctl32.dll.FlatSB_SetScrollInfo
comctl32.dll.FlatSB_SetScrollRange
kernel32.dll.IsWow64Process
gdiplus.dll.GdipAlloc
gdiplus.dll.GdipFree
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipCloneBrush
gdiplus.dll.GdipDeleteBrush
gdiplus.dll.GdipGetBrushType
gdiplus.dll.GdipCreateSolidFill
gdiplus.dll.GdipSetSolidFillColor
gdiplus.dll.GdipGetSolidFillColor
gdiplus.dll.GdipCreateLineBrushFromRectI
gdiplus.dll.GdipGetLineRectI
gdiplus.dll.GdipSetLineColors
gdiplus.dll.GdipGetLineColors
gdiplus.dll.GdipSetLineWrapMode
gdiplus.dll.GdipGetLineWrapMode
gdiplus.dll.GdipCreateHatchBrush
gdiplus.dll.GdipGetHatchStyle
gdiplus.dll.GdipGetHatchForegroundColor
gdiplus.dll.GdipGetHatchBackgroundColor
gdiplus.dll.GdipCreatePen1
gdiplus.dll.GdipCreatePen2
gdiplus.dll.GdipClonePen
gdiplus.dll.GdipDeletePen
gdiplus.dll.GdipGetPenFillType
gdiplus.dll.GdipSetPenBrushFill
gdiplus.dll.GdipGetPenBrushFill
gdiplus.dll.GdipSetPenColor
gdiplus.dll.GdipGetPenColor
gdiplus.dll.GdipSetPenMode
gdiplus.dll.GdipGetPenMode
gdiplus.dll.GdipSetPenWidth
gdiplus.dll.GdipGetPenWidth
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipGetDC
gdiplus.dll.GdipReleaseDC
gdiplus.dll.GdipGraphicsClear
gdiplus.dll.GdipDrawLineI
gdiplus.dll.GdipFillRectangleI
gdiplus.dll.GdipDrawArcI
gdiplus.dll.GdipDrawBezierI
gdiplus.dll.GdipDrawRectangleI
gdiplus.dll.GdipDrawEllipseI
gdiplus.dll.GdipDrawPieI
gdiplus.dll.GdipDrawPolygonI
gdiplus.dll.GdipDrawCurve2I
gdiplus.dll.GdipDrawClosedCurve2I
gdiplus.dll.GdipFillPolygonI
gdiplus.dll.GdipFillEllipseI
gdiplus.dll.GdipFillPieI
gdiplus.dll.GdipFillClosedCurveI
gdiplus.dll.GdipLoadImageFromStream
gdiplus.dll.GdipCreateBitmapFromFile
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipCreateBitmapFromStreamICM
gdiplus.dll.GdipCreateHBITMAPFromBitmap
gdiplus.dll.GdipLoadImageFromFile
gdiplus.dll.GdipGetImageDimension
gdiplus.dll.GdipDrawImageRectI
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdipSaveImageToStream
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipIsVisibleRect
gdiplus.dll.GdipIsVisibleRectI
gdiplus.dll.GdipGetEncoderParameterListSize
gdiplus.dll.GdipGetEncoderParameterList
gdiplus.dll.GdipCreateBitmapFromGdiDib
gdiplus.dll.GdipCreateBitmapFromScan0
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
gdiplus.dll.GdipDrawImageRectRectI
gdiplus.dll.GdipDrawImageRectRect
gdiplus.dll.GdipDrawImagePointRect
gdiplus.dll.GdipCloneImage
gdiplus.dll.GdipSetInterpolationMode
gdiplus.dll.GdipGetInterpolationMode
gdiplus.dll.GdipCreateCachedBitmap
gdiplus.dll.GdipDeleteCachedBitmap
gdiplus.dll.GdipDrawCachedBitmap
gdiplus.dll.GdipCreateBitmapFromGraphics
gdiplus.dll.GdipGetImageGraphicsContext
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipSetCompositingMode
gdiplus.dll.GdipGetCompositingMode
gdiplus.dll.GdipSetCompositingQuality
gdiplus.dll.GdipGetCompositingQuality
gdiplus.dll.GdipSetSmoothingMode
gdiplus.dll.GdipGetSmoothingMode
gdiplus.dll.GdipCloneBitmapAreaI
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.EnumDisplayDevicesA
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
gdi32.dll.ExtTextOutW
ole32.dll.CoCreateInstanceEx
ole32.dll.CoInitializeEx
ole32.dll.CoAddRefServerProcess
ole32.dll.CoReleaseServerProcess
ole32.dll.CoResumeClassObjects
ole32.dll.CoSuspendClassObjects
cryptbase.dll.SystemFunction036
gdi32.dll.GetTextExtentExPointWPri
lpk.dll.LpkEditControl
comctl32.dll.HIMAGELIST_QueryInterface
comctl32.dll.DrawShadowText
comctl32.dll.DrawSizeBox
comctl32.dll.DrawScrollBar
comctl32.dll.SizeBoxHwnd
comctl32.dll.ScrollBar_MouseMove
comctl32.dll.ScrollBar_Menu
comctl32.dll.HandleScrollCmd
comctl32.dll.DetachScrollBars
comctl32.dll.AttachScrollBars
comctl32.dll.CCSetScrollInfo
comctl32.dll.CCGetScrollInfo
comctl32.dll.CCEnableScrollBar
comctl32.dll.QuerySystemGestureStatus
uxtheme.dll.#49
uxtheme.dll.CloseThemeData
kernel32.dll.GetNativeSystemInfo
user32.dll.MonitorFromWindow
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2022-02-20 05:09:09