Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 00:04:35 | 2025-06-11 00:35:24 | 1849 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,225 [root] INFO: Date set to: 20250610T19:57:05, timeout set to: 1800 2025-06-10 20:57:05,043 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-10 20:57:05,043 [root] DEBUG: Storing results at: C:\wRQhaNwUv 2025-06-10 20:57:05,043 [root] DEBUG: Pipe server name: \\.\PIPE\uCXdXx 2025-06-10 20:57:05,043 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-10 20:57:05,043 [root] INFO: analysis running as an admin 2025-06-10 20:57:05,043 [root] INFO: analysis package specified: "exe" 2025-06-10 20:57:05,043 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-10 20:57:06,199 [root] DEBUG: imported analysis package "exe" 2025-06-10 20:57:06,199 [root] DEBUG: initializing analysis package "exe"... 2025-06-10 20:57:06,199 [lib.common.common] INFO: wrapping 2025-06-10 20:57:06,199 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-10 20:57:06,199 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\dccw.exe 2025-06-10 20:57:06,215 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-10 20:57:06,215 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-10 20:57:06,215 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-10 20:57:06,215 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-10 20:57:06,402 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-10 20:57:06,434 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-10 20:57:06,558 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-10 20:57:06,574 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-10 20:57:06,590 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-10 20:57:06,590 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-10 20:57:06,590 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-10 20:57:06,621 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-10 20:57:06,621 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-10 20:57:06,621 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-10 20:57:06,637 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-10 20:57:06,637 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-10 20:57:06,637 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-10 20:57:06,637 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-10 20:57:06,637 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-10 20:57:06,637 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-10 20:57:06,637 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-10 20:57:06,637 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-10 20:57:06,793 [modules.auxiliary.digisig] DEBUG: File is not signed 2025-06-10 20:57:06,793 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-10 20:57:07,230 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-10 20:57:07,230 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-10 20:57:07,230 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-10 20:57:07,230 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-10 20:57:07,230 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-10 20:57:07,230 [modules.auxiliary.disguise] INFO: Disguising GUID to b3124c33-8696-4805-8a42-f6e841a2b993 2025-06-10 20:57:07,230 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-10 20:57:07,230 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-10 20:57:07,230 [root] DEBUG: attempting to configure 'Human' from data 2025-06-10 20:57:07,230 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-10 20:57:07,230 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-10 20:57:07,230 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-10 20:57:07,230 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-10 20:57:07,230 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-10 20:57:07,230 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-10 20:57:07,230 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-10 20:57:07,230 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-10 20:57:07,230 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-10 20:57:07,230 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-10 20:57:07,230 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-10 20:57:07,230 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-10 20:57:07,230 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-10 20:57:07,230 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-10 20:57:07,246 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-10 20:57:07,246 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-10 20:57:07,246 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-10 20:57:07,246 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-10 20:57:07,246 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-10 20:57:07,246 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-10 20:57:07,246 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-10 20:57:07,261 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\KuolGmJ.dll, loader C:\tmp_gell1p8\bin\SGtTThPa.exe 2025-06-10 20:57:07,308 [root] DEBUG: Loader: IAT patching disabled. 2025-06-10 20:57:07,324 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\KuolGmJ.dll. 2025-06-10 20:57:07,340 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-10 20:57:07,340 [root] INFO: Disabling sleep skipping. 2025-06-10 20:57:07,340 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-10 20:57:07,340 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-10 20:57:07,340 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-10 20:57:07,340 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-10 20:57:07,340 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-10 20:57:07,355 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-10 20:57:07,355 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-10 20:57:07,355 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-10 20:57:07,355 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF824E50000, thread 796, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-10 20:57:07,355 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-10 20:57:07,371 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-10 20:57:07,371 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-10 20:57:07,371 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\KuolGmJ.dll. 2025-06-10 20:57:07,386 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-10 20:57:07,386 [root] DEBUG <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 00:04:35 | 2025-06-11 00:35:03 | none |
File Details
| File Name |
dccw.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 641024 bytes |
| MD5 | aa76eb7d3bb05e726748802e555a2173 |
| SHA1 | b389eab83667e32c3dd33b553abde3aa0a7fb72b |
| SHA256 | 94c5c38ad8252b9481330d500185d57b0a8a40c319a4df5f35912bbb2b791cda [VT] [MWDB] [Bazaar] |
| SHA3-384 | 1666ddd2af780cbfb48f794d28631d05ace015a2744f9afde72b96c534bb85d0ad2e896173ddb79ca5625b7573a5b049 |
| CRC32 | 32156989 |
| TLSH | T161D4BE117A95F842E0EA12316CB7E729A32F9E74A70312C7785C692B3F707C11C75A6E |
| Ssdeep | 12288:iulfTVcBGOhS/IzJqrraq/t2qXy6xdRhMA:iulfZTGS/EEn/tkI |
| PE | File Strings BinGraph Vba2Graph |
Full Results
| Engine | Result | Engine | Result | Engine | Result |
|---|
J)qF(
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
@_z|c
groupIDlong
rpm=L
H(qT9C
SelectObject
7R;Tzu
I%:=7
>W=&b
J)p}(
T*Go-
3J9``
<xap:ModifyDate>2007-10-11T09:38:21-08:00</xap:ModifyDate>
2(282H2N2Y2_2k2{2
</x:xmpmeta>
9<RXZTI
grQR6
<xap:CreateDate>2007-11-13T15:11:53-08:00</xap:CreateDate>
%=)){Ph
Dn+*P
Qom=<
ReleaseMutex
GetStartupInfoW
RU:om
?4M%-U<
<;<m<
8~bff
APPID
-1I#4
*'LHE\
%t</cdm:RGBVirtualDevice>
sUnl
<xapMM:DocumentID>adobe:docid:photoshop:6f03c380-7819-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
1W5-H
Jm;}R
3[P$Qo
x=jZe
;4SsK@
CalibratedDisplayProfile-%d.icc
%t%t<cdm:ColorSpace>CIEXYZ</cdm:ColorSpace>
QQSVW
5;6T6r6
&634cu
LSM)4
<?xpacket end='w'?>
55}M\
Leftlong
-r6GA
!3C4Tq
DISPLAY_COLOR_CALIBRATION
;3;C;[;q;
xNhh5@
E$\!z
ib/K!
iY_E_
2(ku#
B|y]F+
> >`>
mqVX2
G>]Mb
xI_xo
|7==33c -,
y1ZH7
9 9D9t9
|Y5dg
VXGk~
PZ\<}+
SetCursor
RegSetValueExW
topOutsetlong
SendMessage(STM_SETIMAGE, 0x%08x) returned 0x%08x
MccsGrayBalanceAdjustmentEvent
dccw.exe
f|avu
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
2tSg5
6U7_7
</security>
[c#,"&
j{Xf9
{P1Q}
qj'Xf9
T4^eEr
u+99,j
%txmlns:wcs="http://schemas.microsoft.com/windows/2005/02/color/WcsCommonProfileTypes"
dT,0j
<177w0
`.data
))sFi
YLOoj
^Aeaq
zO7,t"
7qI,eG
M0S>U
CUIO[
QQQWV
<tiff:YResolution>96/1</tiff:YResolution>
Microsoft Corporation
LoadLibraryExW
r.MZQ
P1NQR;
&rmeA
OutputDebugStringA
Brightness
slicesVlLs
_XcptFilter
_lock
sbl<y
AtlThunk_DataToCode
qJqFh
6tb>xK$Xo
JTe)LB
GammaRamp
DccwGetDisplayProfileAssociationList
!08l71F
&sGzZ
-`,G~l
SECURITY
horzAlignenum
DLN^`
1-242U2\2
-A-v-
(F1J8U,
bLvO$
AppID
202Q2i2
&(4Pi
_initterm
s4X`}[
oCV)X
a=j"i
08=u:t+
type="win32"
.idata$5
U55eZ
ADFGTVV
vSEEU-tQ
%t<cdm:MinColorant>0.0</cdm:MinColorant>
;+<0<:<@<}<-=P=`=y=
qx g'
)|.C<
R`zQE
^Exif
WcsSetCalibrationManagementState
CreateSolidBrush
/}!O1
qE&ii
PO)8}h
swscanf_s
7~6KAn=
B3R,\P
2='Sq{
L?Q0]
Microsoft
JjE#q
<|]G9
;\Ld~I
ht#B8
%%%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&"""
GdipDeleteGraphics
nO=^3Xde;
IA<Q@
K?9cDV0
d=E]Y
N5#_e
,+gp'
j4nF{
/>
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
-3P88
hqq/{
E&rhc x
\SsiVd?
S?QOMz
'''K#
xdT L
mb5t+
!\+EQHL,,
-Ru;>Wf
aFi+coY
ESliceVertAlign
:E:S:
5a0b#
N\LBf%
KXRQ=>qn
Y3E?@
-) ~T
:VPVSj
towlower
VQNCj
K4K<u8&1
_exit
<xap:CreateDate>2007-11-13T15:10:45-08:00</xap:CreateDate>
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
kIk[[H
^&MB!kr
/qcnz
T)Zc-
y'C}Oa
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
j(j#j
R7-RtZh
y5<(E*.N
Y4JsY
publicKeyToken="6595b64144ccf1df"
FG5b:
gg{lo
L*LrL
6BCe5n
fPO{+`9
uwwwXttt*ttt
J)1G4
~55Eo
uu6#_
2*2c2
iuVn}M
%t<cdm:Description>
636Z6q6
XT@2w
JJJ#h
2/3I3
MaxRedGain
SP%n`
/>[@+^
HKEY_PERFORMANCE_DATA
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
Ty3UR
vertAlignenum
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
(-43215
=!>)>/>I>j>o>}>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
AKHaE
374f4
S>68V?
///hhh
%t<cdm:RGBVirtualDevice>
6G6K6O6S6W6[6_6c6
BlL1d
3 3;3[3r3
%&&&)&)&&P
CoCreateInstance
MaxBrightness
?d?n?
DestroyPropertySheetPage
ELDtPD
6/6>6F6[6d6i6
q(9>u
[;i=Q
j0Zf9
575\5t5
tij\Z
Unk$)
<xapMM:DocumentID>adobe:docid:photoshop:c8e53c52-923d-11dc-bf0f-889ae1191ecf</xapMM:DocumentID>
{A7mB
Wb-lV
|99{=
3-4U4m4
MaxBlueGain
$7S}=~
Brightness Too Light Small
xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
?xS[=h
<'<e<
.CRT$XIA
WcsDisassociateColorProfileFromDevice
GdipDisposeImage
rightOutsetlong
Ph`6@
%t%t<wcs:Text xml:lang="%1">%2</wcs:Text>
j2Xjd
Bbu0m
R%.6Q
= =(=.=;=C=I=a=f=l=q=v={=
GMl:DL
lwtpt
4,:s|
EOOaa
)I5JL
Z)(=(
)GJJ^
W_Jc"
3&383O3v3
,}unc(o
F(+F
?4dS3HO4
t!WVP
type="win32"
+&^?c
Ru1}M)
\;8WS
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
FileDescription
"GrayBalanceAdjustmentWithLutsEvent
GVRTC#
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
|W:z:
tPhotoshop 3.0
q\piqH
MG!ej
C'@GzV
Z@/aM
%t<cdm:ProfileName>
oksUy
-A?tH&
CalibrationCanceledEvent
QSVWQ
>"*drX
;-;T;
WN,okn
dc4f(
Phcsed
J1OQ@
ntdll.dll
QIKLv
a5X4%el
10.0.17763.1
:-;H;W;r;~;
2007:11:13 15:10:45
win:Informational
InitializeCriticalSection
~AK6'
#RTmB(
_D=\W
HKEY_DYN_DATA
tOQ,^
Y[<b|bbd
$V,Z
eUS"K
()*6789:FGHIJVWXYZefghijtuvwxyz
xTp%4
SetWindowLongW
MEh~QW
BIDATx^
PcR~Z
u2)!K%
7P@v,
SSh|"@
0O5.(
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
oAM `
w [v
IT)Pl
CLSID
%t%t%t<cdm:BluePrimary X="18.05" Y="7.22" Z="95.05"/>
t*pk"
.\X[[
JkV>Q
U#w]4
dxva2.dll
EnumChildWindows
mHAg`/
M=jJC@
^2f+U
ef_CH
=R=m=~=
BT0dP
hPhotoshop 3.0
j`Rb@
UGL+2
i=q1P
5#Oo4REZ+
>\36bX
}i`Ch
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
Phxxx
URx#5r
X{'_XK
45@9`
`\,@>
k6[c+k
4V5`5
Xj]d&
<JPRT
.i{SI
<xap:ModifyDate>2007-11-13T15:11:18-08:00</xap:ModifyDate>
)12?|E
]3 x~
TerminateProcess
ulEC"
2Hd<UY
RG9H03t
Fj'Xf
RKrc*
MinBrightness
l;GEH
4)4/4:4?4O4T4d4i4y4~4
MY@9 )C
StretchBlt
i*$MX
1QCI9
GammaAdjustmentWithLutsEvent
',1RI
HE)4f
manifestVersion="1.0">
<xap:MetadataDate>2007-10-11T09:50:49-08:00</xap:MetadataDate>
<TOLLk
+KQ<10
9nh[}
J,:UN
y21YJ
9%909Y9{9
-D,Po<p
q4I,D2
OpenIcon
u9vvE
Adobe Photoshop CS
g-*-/
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
Gz)3@
r0rsPb
QQQQQQQPQQQ
uI._P
\io`U
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
$`*LN
*=uA\QO
-N na
CreateMutexW
SCYAU
H\m<zWEop&A
KillTimer
NJL)8gr"P
<xapMM:DocumentID>adobe:docid:photoshop:9ec20a52-923d-11dc-bf0f-889ae1191ecf</xapMM:DocumentID>
]jH|w
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
<xap:ModifyDate>2007-10-11T09:35:58-08:00</xap:ModifyDate>
OldValue
R$LqR
hC;[[[
.xdata$x
ni"!!-
HLPS?hgi8;;
k1xak
GetModuleHandleW
Y21S#
:;:M:
`i)i(
M?I,j
u-;/=
.a:YZZ
V7)i2
.giats
&f!QE
=-=U=}=
Ws\e~
j=Xf9
c4Jl`X
MccsAdjustmentEvent
Dw||l|||x
GetMonitorBrightness
7$7`7
E!J`0
n*u5B
2=)zF
OriginalFilename
Saturation
`,.,t
=*[4P
Mpi>1)}
6i!c*
/jAJ(
&H$I4E
48]42
K!m$|
HM%-
WOo7^
BPhotoshop 3.0
Ly1Ue
j3Rkq
c)^H\
^5}g.
Brightness Correct Small
EnumDisplayMonitors
z&}~@
Y[)T*
5MRfI
E%.1A
/$/Z/
TEMP\
u&''8x
lqQS@
CHii
.o1#}a
CreateCompatibleBitmap
GetColorProfileFromHandle
5&)]a
MaxSaturation
hVWj`3
0@IJ<|
WcsGetUsePerUserProfiles
y>*d'3
<1!2%
Y__^[
Microsoft-Windows-DisplayColorCalibration/Debug
cSM_{
sL-I7n
CLLL05u
@&isF(
PropertySheetW
0{k&$t$
CreatePropertySheetPageW
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
/zCGj
Microsoft-Windows-DisplayColorCalibration
CloseHandle
{}|eB)U)
<xapMM:DocumentID>adobe:docid:photoshop:880b6201-923d-11dc-bf0f-889ae1191ecf</xapMM:DocumentID>
QL-sa
@.reloc
02<248
*mlQp&
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
\(S%vx
%txmlns:cal="http://schemas.microsoft.com/windows/2007/11/color/Calibration"
EUgYp~
3VSSC
$5QS7
:9a6X0
_9^Xt
>R>m>~>
LoadResource
_purecall
Ry5.h
0*050
099YD
&hq?,
9p$}i
GetSystemTimeAsFileTime
i)qI@
__p__fmode
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
AtlThunk_InitData
lN)&Odt
E hxxx
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
@RK*e
k;D>n
050l0
DccwErrorEvent
PRVAh
q_a|#
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
K~|q`
QIFqL
<dependency>
JJSI@
</rdf:RDF>
@2}*`
A l
RegisterWindowMessageW
</cal:ParameterizedCurves>
)1Na@
Yz{DU
CharNextW
$Photoshop 3.0
SetUnhandledExceptionFilter
%p[5^&;
}{.--
w8BIM
OldBlueGain
)i?e@D
WuBXN
%Lv[:5
Jk;$J[
FETT[
.text
u4QQh
S'nMC
Y0\v!
cZhE^7YXe2B%6
5m*6E&u
'mbMo%
Jz:d'
*Z]KL
!<t1R
DccwSetDisplayProfileAssociationList
.rdata$brc
SetWindowPos
2.1b0
[P;kj4
uK8>~
3<4{4
%t</cdm:MeasurementConditions>
cQ?J`A)
JnisM4
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
>E?.E}I
wpvy)
5H~98
>k-F9
@%#F*P
@%4g&
Zd1$1$Q(TQ
/Fo(O
huti4KOO
:y]h*
gggYZZ*
?=u/W
Tbs*:
.idata$4
<assemblyIdentity
(P;UkT
8JE6I
q,-&?
E?<sG\P2=
`;}\u
2I2`2
<xap:CreatorTool>Adobe Photoshop CS Windows</xap:CreatorTool>
bgColorTypeenum
I%=uO
__dllonexit
Component Categories
Y!+"6
`*n'8
%t%t%t<cdm:MaxColorantUsed>1.0</cdm:MaxColorantUsed>
W^ye#\>b
jua)*
RegEnumKeyExW
dCfCpy
G;~\|
808E8
MaxContrast
>.>5>D>K>Q>l>}>
]?IVc,
?X?{?
p',*'
Copyright (c) 1998 Hewlett-Packard Company
api-ms-win-core-com-l1-1-0.dll
qHdR9^
^_cX:
}g=`>
mu6vm
gMTc2
COMCTL32.dll
FK?\x
GrayBars
`zQ:mN5
(h!I!
0.1F1x1
%t%t%t<cdm:MinColorantUsed>0.0</cdm:MinColorantUsed>
U)_uj
Typeenum
@s@X]
j32[nV
mI#ejga
G8u{,d
zld`f`
O%}M !
<autoElevate>true</autoElevate>
26:UfNy
WinSqmAddToStream
MoveWindow
j\*JC
njI*"}
dVYZZr
>>>_>h>n>x>
D65.camp
L4xw%K
</cal:AdapterGammaConfiguration>
%s\%s
ESliceType
LoadLibraryExA
NrFiE
3A4Q@
3C3M3r3
3cRdQ
DeleteObject
p=sd
869M9p9
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
1F)sFh
J`YZ^
iLJIq:;
nZM8k
.rsrc$01
qhttp://ns.adobe.com/xap/1.0/
pj"0i
j./NJ
F>PE&4<
?$?M?o?
(+CP!
1%2/2R2X2o2
qEOL*
09w\t&
MonitorFromRect
>C?Q?
RegDeleteValueW
.idata
OgpxSD
Ygu+o
P4TV[
<xap:CreateDate>2007-11-13T15:13:17-08:00</xap:CreateDate>
?w6b0
d|-1\
\R7MC
)E&ii
^l&E8+
X{s_.
-.\@[;
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Y)jUI)"
CoTaskMemRealloc
UYpxx
NewGreenGain
GdipCreateBitmapFromStream
VirtualAlloc
jyy9~
^_H)E
([o.Lc
676r6
GetWindowRect
9+RJ.
3#>9X
LV?|n
0P}(#
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
8yU=u
Z)kD-n
-%.)(
>}zeeE[
InstallColorProfileW
LeaveCriticalSection
Fd]L$L
w)QI@T
E/z1@
+6+i+
WS3OT
kKvW"
RedGain
G=`C >
bURTN
<tiff:XResolution>96/1</tiff:XResolution>
ijxyz
!dmnn~
Tei$$!0=8
F9[uh
Microsoft Corporation. All rights reserved.
bSJJe)J
?M-fI
Z-6M>
5&DTdEU'
Photoshop 3.0
S$Q<d
B4+4X
Wi[_C
_controlfp
.text$yd
eoCQ.I
KF1E0
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
#%%%%%%&&$P
DP2Dnje<Ue
xER>9
T$sV1Q:
!%1x
jYMB((U
qHM&h
c,b,F
E_S}T
wK[y$
3W5v+e!
G7 q~U
@Xx\(
l.n>t)
Wadvapi32.dll
Cm53s
AllowSetForegroundWindow
EN~>%
p_%33
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
E>'^m)"
UseSimulator
OPCO0
@.rsrc
mshelp://windows/?id=27a2764a-ad05-4a52-96f4-eac32ae3c9e1
%t<cdm:Calibration>
osq~8
r8r:T
Kfreq
v}MY)
SRAzsO
;GUU=
SVWjH3
Rh0r^
xxrB=[
<exif:PixelXDimension>300</exif:PixelXDimension>
qsGjBAAi
/>
/033S
<?xpacket begin='
lSum>
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
GetMonitorContrast
910F\
j.8eF
<xap:ModifyDate>2007-10-11T09:40:50-08:00</xap:ModifyDate>
LegalCopyright
6s;=[6n
Fi3Fh
{(r34
SendMessageTimeoutW
CallWindowProcW
6^cp?
%t%t<cdm:MeasurementData TimeStamp="%5">
F[EDS
ATL$__a
0_~$"
X<UE(I
zzz888
GetSystemTime
<tiff:XResolution>72/1</tiff:XResolution>
pHB&)_@4
fI=*D
E%,xO[e
P{Tf>
hCMF(
o;T~|
MonitorFromWindow
q\qvR
BbM=|
jFjAj<j7h
<dependentAssembly>
m=EXcT\
7{hrrb
c[4LJ:
8:9m9
tp)p9Q
sJW'"
=}*9t
04080D0
J:I1u4
ZJSI@
>Xoc!
GdipDeleteBrush
<xap:CreateDate>2007-10-11T09:20:43-08:00</xap:CreateDate>
QQPQVQh
FlushInstructionCache
OJabh
W~2Jl$
QRcmM
L@[d)
!<SBl
.rdata$zzzdbg
- wn$
t;H_g4
LoadStringW
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
@p*YM
%t%t<wcs:Text xml:lang="%1">%4</wcs:Text>
AtlThunk_FreeData
.rdata
realloc
J:sHx
JkV?F
>+?1?:?A?M?S?\?c?|?
7Ed.0S
BlueLuts
processorArchitecture="x86"
l9zb)
[hFF85
^]^^6p,-
I8563
N4$bT
RegDeleteKeyW
VZ}gz
<xapMM:DocumentID>adobe:docid:photoshop:b58a55d1-7817-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
888E8
GdipCreateLineBrushI
i$vl.
<xap:ModifyDate>2007-10-11T09:20:43-08:00</xap:ModifyDate>
<xap:CreateDate>2007-10-11T09:49:40-08:00</xap:CreateDate>
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</asmv3:application>
<xap:CreateDate>2007-11-13T15:13:54-08:00</xap:CreateDate>
A)AjA
"$#+./,,7E}h
Q0G5f
wcsstr
sA<q@
hdg'U
mscms.dll
dj _W@w
d`T&?'P
<xap:MetadataDate>2007-10-11T09:45:54-08:00</xap:MetadataDate>
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
8`qP7
="=a=
C~$CW
GdiplusStartup
5)515k5q5|5
DestroyPhysicalMonitors
Oe<.bI$S
l;O%W*
GO^x=)
656B6x6
)3Rf\
7N8X8
WaitForSingleObject
Q*`sH
0chyJ
889B9u9
lstrlenW
j'Xf;
version="5.1.0.0"
9=i@8
2007:11:13 15:10:06
level="requireAdministrator"
/NEMc
NPxkT
jj@@H;
f-o`?
#1!At
3 pO%%?
/jozZ@-
JO8F.
MessageBoxW
XR$;x
FindResourceExW
NNNL9
4@4[4
<xapMM:DocumentID>adobe:docid:photoshop:0bbddd82-7818-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
&kJ3M
C4riG
D1^BZ(
memcpy
$OLF"
SetForegroundWindow
.idata$3
DDl|V
7=5F@+'
(?(q(
1(!Wz
_ftol2
lSfuc
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
ShowCursor
F2+Zj
?O5MPuW
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
<<TO,q
*b,H6
1E.)(
x1 3`x
<xap:MetadataDate>2007-11-13T15:13:17-08:00</xap:MetadataDate>
!smllGny
>,>_>m>x>
<wcs:GreenTRC Gamma="%f" Gain="%f" Offset1="0.0"/>
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
7K7]7
*QG<4
)b8&T
n))FGQR
8 8'8J8X8e8k8q8
5QU5f
<Q"[jY
lEnNi
GHK[[
HS^|3
<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:dc="http://purl.org/dc/elements/1.1/"><dc:rights><rdf:Alt xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li xml:lang="x-default">Copyright
CqseS
?),pi
'^k\V
<M[.TCs0E$
Bx'p&#
V6M$Be
;<-0X
$h5co
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\DCCW\Simulator
aT}WD
Z))s@
LEVL@
o<ksNX
__setusermatherr
DccwGetGamutSize
xbEI;
HeapFree
_except_handler4_common
~vnU*
n>6Sf
jSmi\!
Microsoft.Windows.ICM.DCCW.Activate
GetTickCount
a{ic_m
]']x]
9!:L:]:y:
191T1[1
acspMSFT
R1R|R
IEC http://www.iec.ch
<exif:ColorSpace>4294967295</exif:ColorSpace>
%txmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
l)a7K
J_E95
.CRT$XIY
7W P9
4DV^z
<cdm:ColorDeviceModel
E#F\s
"'"U"
PostMessageW
&'-#|[
]I$s6
Pizri
%9L`2
GdiplusShutdown
QGZBqH
/>
Phttp://schemas.microsoft.com/windows/2007/11/color/DisplayColorCalibrationEvents
SM5B5
?~%kl
5q"GM
8|q@KGK
bK[mBh[M
Adobe_CM
WEVT_TEMPLATE
$HzJc
8/8S8s8
v)$d0#
`{=!4f
&MUFM
e:TR0
G;}k~
MultiByteToWideChar
GetDisplayConfigBufferSizes
d*@>"
'YE?V
COLOR_MANAGEMENT_CALIBRATE_DISPLAY
uuu666
- RHX
zSYsL
J)sGZ`%
;J;_;
se]I<
SetVCPFeature
GdipCloneImage
+qbny
)QwPyb
DccwReleaseDisplayProfileAssociationList
"=M&}
KL%=<jd
H:S1N
BEZqU
^;)AB
4%0|n
Ifsl9
;QGj(
tS.=>-
6NjKD
?%SC>
6*S*3X^
,mB3#
SHELL32.dll
CloseColorProfile
CalibratedDisplayProfile-%d-Temp.icc
W?O5^
Qw=e3
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
>\G'#j
<xap:ModifyDate>2007-11-13T15:13:17-08:00</xap:ModifyDate>
cellTextIsHTMLbool
</dependency>
TEMPl
<xap:ModifyDate>2007-11-13T15:11:53-08:00</xap:ModifyDate>
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
U)/%|
[J.5-
.rdata$sxdata
hJa2mM
lt?_=^
3A4})
]S%2b)
x7WWWWj
rxm-oP
f.}nc`
@#@d@
-)x0zG?!D./
TXjhjh
2007:11:13 15:11:18
ry*;h
B63XB
,,,ppp
j.}!P
q> |y
bSJ)d
u&i)h
Wf9aP]
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
3'373@3R3X3
Device
uiAccess="false"
ShellExecuteW
4/#4w
<SSk[
im.E
JpDp:0
6B:!G
!-P*~
SaOe;
'!wY{
*&kc677y
G)}<=
Q?LXB
#X|yzn
SetDeviceGammaRamp
.CRT$XCAA
F/FUU
FleshToneEnhancementMode
,^ZZ\b
iGJP(
We@V
,Txuu
XqB[A
pM&sL
ADVAPI32.dll
CalibrationStartedEvent
O7O$E,%e
a4r'>[U#u=
*`fe$7
urlTEXT
c;/</SMk
xURUL
(ILa<)BQ:$
ZO(Qp
SetBkMode
.00cfg
0sIFq@
Brightness Too Dark Small
;W/ db
FreeLibrary
W'VbI
GetWindowTextW
K]46$
9Z:u:
718U8
~?G7^
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
x_j|F
n Sy=h
DQ5'f]
<?>QH&
D$8PP
KKK#!
LE,=1
BlueGain
sV&N%
g_o(W
>W^4E
<xap:MetadataDate>2007-11-13T15:10:06-08:00</xap:MetadataDate>
CompanyName
pkq+++
jAEUL
m"M70i%
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
strgW
GetCurrentThreadId
*!IE1
1brO&
1eB}e
N X@P
B0BrB
D{{Ud
{NK7>
W57"-
Q=[2U
tP){G'
*nR?;
mntrRGB XYZ
cld1h
WX|NH
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
</cdm:ColorDeviceModel>
'1bpEJ
U(UuU
GetProcessHeap
8<8K8y8
Sleep
ZJQI@
boundsObjc
HKEY_CLASSES_ROOT
WQ2fg
L*00z
fAOIB
.TorN
GetTextExtentPoint32W
YFFzWQ
GlobalFree
<xapMM:DocumentID>adobe:docid:photoshop:cf09c8e2-7814-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
=http://ns.adobe.com/xap/1.0/
-&3A4
070c0
atlthunk.dll
TG%RF
(I:JZ
2{06%J!
ZZos@h
\|<yRb
RegOpenKeyExW
]@OA[SG
(lyy=
W1UJ@
wcsncpy_s
Ji3K@
SetBkColor
d#*!a
%t%t%t<cdm:GreenPrimary X="35.76" Y="71.52" Z="11.92"/>
818`85i
MpCt"
pj_QQ
P TxKE'
LockResource
l*JB(
GetObjectW
ColorTemperature
GreenLuts
3RSN;4T8
CComM
default
87;':
%t%t%t<cdm:WhitePrimary X="95.05" Y="100.00" Z="108.90"/>
SetColorProfileElementSize
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
@NkrL
qL?Z@'Q
%t%t<cdm:WhitePointName>D65</cdm:WhitePointName>
*#_j_
})\cq
7a7n7
}?O4k
Contrast
ColorPreset
.)UsN*{
Qhrtnm
: xEb{
<xap:ModifyDate>2007-10-11T09:36:35-08:00</xap:ModifyDate>
g0m0|0
q.Jhe
"nic^
c$^59
_ftol2_sse
@E*<|5H
Us5OX
Z)3Fh
>0>6>=>B>O>^>f>n>
585h5
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
/>C1>D
iPjic
DB7j[
zWQ/J
k%8p)
\IYY\
<cal:ParameterizedCurves>
3)^sL3
2qh{[~Eu
J\?F(9D
#######$#$#P
6E,vU
Fvb"6 {G
HFih&
w\g5A
#NHyt
Ufff6
GdipCreateHBITMAPFromBitmap
N%NnN
|>Jy$Y`
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
:Qqvg
[B{Xx
%t<cdm:SelfLuminous>true</cdm:SelfLuminous>
!H!u!
v;4.B
0)}>qp
.IEC 61966-2.1 Default RGB colour space - sRGB
2I{ka
_callnewh
AE-%
:";6;J;
__set_app_type
a097W
&+,N#dc
PDaRN
oaa!x
</trustInfo>
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
94989
`--74f
VR/E-
x\PE
-(Sm_
XPQSh
IDATx
;@;S;a;
4bQCv
I1JI%_1
040904B0
<xap:ModifyDate>2007-11-13T15:13:54-08:00</xap:ModifyDate>
}e]f\
CRT curv
<dpiAware>true</dpiAware>
%txmlns:cdm="http://schemas.microsoft.com/windows/2005/02/color/ColorDeviceModel"
SizeofResource
\F#g]^
+IY3yj{
3#3;3
(ui)1Fa
/[<*Z
D$(PQ
</cdm:Calibration>
lstrcmpiW
ReleaseDC
__`dddffhhkkl
Y]]-fN=
~=&}`
<xap:MetadataDate>2007-10-11T09:36:35-08:00</xap:MetadataDate>
CreateDCW
l^c8Z
MinSaturation
Adobe Photoshop CS Windows
sz_1<
JILY\
V|\ivR7
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
=Dg<K
YhQ^g
~\_^]
9;9E9i9u9
F}i3K
5=6b{
<requestedPrivileges>
~ .nz
0=0l0
Adobe Photoshop
X=!Hg
T|]]b
</rdf:Description>
MdFCnW
Cg!Km
0r3HD
GjJ`.i(
J$SOH
ForceRemove
6I"8q3
MaxGamma
WideCharToMultiByte
RegQueryValueExW
=ih<RP
VarFileInfo
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
fHZh$
o/I)?
0E(u@&
o` 'F
P3!dP
WBpO5
<exif:ColorSpace>1</exif:ColorSpace>
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
wwwwwwx
L/`"F
CreateStreamOnHGlobal
2007:11:13 15:11:53
?K.B6
E~b1M9
AIKI@
2007:10:11 09:38:21
;-;k;
lW^iB+
_vsnwprintf
]~0JI#
MsgeTEXT
htE'l-
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
EnumDisplayDevicesW
'=E#0
.;;Xk
Microsoft-Windows-DisplayColorCalibration/Operational
CreateFileW
GlobalAlloc
R\/PC
%4d-%02d-%02dT%02d:%02d:%02d
m_/Bo
NewValue
<xap:MetadataDate>2007-11-13T15:13:54-08:00</xap:MetadataDate>
CopyFileW
;qon;v
WcsSetDefaultColorProfile
7#7(767`7
=qW#9
x*sJF
FormatMessageW
<xap:ModifyDate>2007-11-13T15:10:06-08:00</xap:ModifyDate>
<wcs:RedTRC Gamma="%f" Gain="%f" Offset1="0.0"/>
<security>
1TKK(
<!-- Copyright (c) Microsoft Corporation -->
<tiff:Orientation>1</tiff:Orientation>
x]+i#
kb|ye6
5bj}9QuV
(<PsLD$
}KTEE%
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
10.0.17763.1 (WinBuild.160101.0800)
/Y*pNV
Contrast Correct Small
NoRemove
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
KL%=<jc
originenum
fjw6vIj
DeleteCriticalSection
RaiseException
GetWindowLongW
I<&AH
}hG<E\
;%<M<u<
D$ strg
dccwu
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
win:Info
Z8CI!
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4-4A4U4
"NsM)
P'PqP
X%fc'
}yP+U
v[]\\
O4SsFi
%t<cdm:MeasurementConditions>
NW}D9
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
p1Wu+
E899a99:ZnnnZ
)<SE
001f1
N*d<T$S
OSAtU
GetWindow
~'^mub
Fi1Jz
<xap:CreateDate>2007-10-11T09:35:58-08:00</xap:CreateDate>
ESliceOrigin
leftOutsetlong
Xiu#B9
bu`n5#
smG~V
)%@W<
l.,dR9
GetDeviceCaps
GetWindowThreadProcessId
0(1t1
)GJC@
F"FgF
%t<cdm:Author>
O,ZJ(
</xapMM:DerivedFrom>
ElR,_
<xap:ModifyDate>2007-10-11T09:50:49-08:00</xap:ModifyDate>
name="Microsoft.Windows.Common-Controls" version="6.0.0.0"
4I:<R
m+TIx
HKEY_LOCAL_MACHINE
VVGWV
FqFGM
i3Hi)
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
N0P?R
/QUVT
y%v;B
1epm.
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
]EkGd
RSDS*S
WriteFile
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<?xml version="1.0" encoding="utf-16"?>
1Nxn"1
sUXm~(
X!`c]
!?apq
VirtualFree
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
x17TS{k
`(ZA$,
cellTextTEXT
<tiff:YResolution>72/1</tiff:YResolution>
DestroyWindow
U6eJLg*
bU8vb
.TOhfd
'&MO4
Z8djJ
NZ50m
I?K8F
: :d:h:p:x:
QQj2X3
R=Lk4&
InterlockedPopEntrySList
eI+ {
>uaap
SetWindowTextW
;4RP(
1*101E1S1Z1b1k1u1
~xr*--
@eru%
<xapMM:DocumentID>adobe:docid:photoshop:70e47553-7818-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
*Kyj#
DeleteDC
A(sI1
XICC_PROFILE
Fham.E
GdipAlloc
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
'z)qF(
02070G0N0\0m0u0
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
__wgetmainargs
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:iX="http://ns.adobe.com/iX/1.0/">
LoadCursorW
2R/<3}
nnkf____``
Phrtnm
2???8}
aI>>9
Display Color Calibration
uunnlkhhhfddd_z
m*=4Cq
1LfJa
1GJRi(
ek4R!
QueryPerformanceCounter
2;WC4Y
5*5/5H5N5U5j5s5y5
1YP3v9P
BHqUX
RzsW-t
m!2)O
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
zz}wwwwd
MiLAZ
CTTune.exe
msvcrt.dll
384w4
StringFileInfo
2007:11:13 15:13:17
1"272i2t2
6sA3:
GVbU8
sZEF*&
Software
gdiplus.dll
L#5ar=
%N0+H
8+lly
7ncwakt
4SLGm
G: f\m
l41fL
1]1c1m1w1
:O(:\k4
j1G~|
<xap:MetadataDate>2007-10-11T09:20:43-08:00</xap:MetadataDate>
,s%RD
1"1p1
QE *QI
5C@vO
HX:sY
K(aPp
86G]@Po
FGqHE0
.text$mn
diMXu
5N%]W*G
Setting
t$09t$
SHE&LqR
(Rx4o pH
`S(Ia/
HuCsG
&'&W&
GlobalUnlock
hcsed
8J<^:*
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
SetMonitorBrightness
j%Yf;
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
`1,BZ
9RLSjDm
<SdcI
Interface
<exif:PixelYDimension>224</exif:PixelYDimension>
/&Apk
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP toolkit 3.0-28, framework 1.6">
=g=s=
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
autoGenerated
rrr)))
Gamma
D$ SV
DecodePointer
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
rE"'4
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
x@;~\};
.jZe 4
:%:4:F:X:s:
ow*[_
<requestedExecutionLevel
_YY)*
TR_8nl"zu
J))s@
Top long
*SQ;{P2
M1NZg
1fP~S
<xap:CreateDate>2007-10-11T09:40:50-08:00</xap:CreateDate>
</asmv3:windowsSettings>
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
Uzfffp=
<xap:MetadataDate>2007-11-13T15:11:18-08:00</xap:MetadataDate>
((((((((((((((((((((((((((((((((((((((((((((((((((
*5*h*
jA<V"
Z@%.r8
<xap:MetadataDate>2007-10-11T09:35:58-08:00</xap:MetadataDate>
GetPhysicalMonitorsFromHMONITOR
VVVVV
HiqHh
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
XLq^q
f'-Sp
v{W){
$lumi
7O8wP
&SAwI
http://ns.adobe.com/xap/1.0/
]**w:>
2007:10:11 09:40:50
Gg'P~
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
?_O2M
{NzS@#
GdipFillRectangleI
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
&,svn
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
%t%t</cdm:MeasurementData>
#Q4]M
)~nG_
<exif:PixelXDimension>272</exif:PixelXDimension>
Module_Raw
U4F Q+
_wcmdln
<Vz`m
DisplayConfigGetDeviceInfo
<tiff:ResolutionUnit>2</tiff:ResolutionUnit>
GetModuleFileNameW
IEjf-.i(
^Oqu4
Contrast Too High Small
&'zu74
SetTimer
_wcsupr
@W@\m
Q2#7p
New rect (%d, %d, %d, %d) is on display 0x%08x
UQ;iWO
<xap:ModifyDate>2007-11-13T15:10:45-08:00</xap:ModifyDate>
b#n*2}
J?'JdjA
.CRT$XCA
:&Q}c
Vr\i~`U
J35s2
=8cX}
KERNEL32.dll
<xap:MetadataDate>2007-11-13T15:10:45-08:00</xap:MetadataDate>
aZ>85
p*lyhXb
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
5NO,G2
2:3x3
~w?TQ
%t</cdm:Description>
Z#Ral?
n0>n3_CF
UnhandledExceptionFilter
nullTEXT
|}bbb
$M$|$
E>1A>b
FindResourceW
DefWindowProcW
EventUnregister
0`1i1t1{1
~D9~Xt
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
x2ji^
J}yyyZ
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
/anij
rbSJIg
"GU=EgkZ
bbbbKI`3
RyG6U
#Z= x
NW,0G4
GetSystemDirectoryW
8 2F)3Q/08
k+$aE
VS_VERSION_INFO
VX0-3
C-tFd4y2
(#\L4
i3E&h
-'Z3@
152?2
]U|N.
A-D`"\
OzJwlRb
+SQ&I
npY][[]]
.CRT$XCZ
+f#Ln
GrayBarsMagenta
^ta<1
PPVWj
F$+~ +
E+-)W
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
M$NUb
x$!@x
SFqH:
vk^<X(
sliceIDlong
<exif:PixelYDimension>217</exif:PixelYDimension>
SendMessageW
$tech
-"#T#
5:Fdh
SetColorProfileElement
lQKIP@
Te5bv
chhc+
OldGreenGain
false
.data
iHZxc^
;0;c;
:":0:>:M:
,9,n,
04PM
2007:10:11 09:45:54
eb,1ZLi
8C9P9l9,:H:
H7#hi
VhP6@
SIFi(
cn0j*
697Z7f7
l2==]
f,E5~
030R0
r*Ky7
Zam^X
0ME%3w
memset
@IILWW\\
OS1"0
|uKK0
GetActiveWindow
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<xap:CreateDate>2007-10-11T09:45:54-08:00</xap:CreateDate>
<*=:=C=H=V=
Contrast Too Low Small
`;+yr
AJzRS
8#838c8u8
1*2i2
><iFj
sQP*D}h
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
7Exif
J^1H9
GetProcAddress
y6=i1
m'zu%
GtO<A=
</dc:rights></rdf:Description>
2%2>2V2g2
ProductName
z|)Wir=
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
Y**{IM+
GetNumberOfPhysicalMonitorsFromHMONITOR
"t~<IS
CreateCompatibleDC
<wcs:BlueTRC Gamma="%f" Gain="%f" Offset1="0.0"/>
3(303A3W3
./..q
yc%dJ
AQaq"
LWbB|o
<Exif
+ajQ~
C(+C
3IGzZ`
E;]YX
.idata$6
"R7!Q
K4OU7q?
XTEoLP}
ZD^*U
:1:@:I:a:k:
f;D$,u
4 5F5
&xa;A
G5G{G
M+0J\Nzz
Ac]2\
MlSs^
/:;y7=
Invalid parameter passed to C runtime function.
GetParent
PSShh
GdipFree
_=N1U$
nNl[\
PnXMmb
Ph44@
MinGamma
1>u[u
wpPv+
MinGreenGain
5(|cm
@.3M|
#m-YT{
7P7q7
GdipCreateSolidFill
GetWindowTextLengthW
language="*"
bottomOutsetlong
R\n8F&\/`
))OZJ
>??]?
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
n*@>Q@
FileVersion
%8%h%
RRP1sFi(
onz+eD
2%2,2k2
Rih\c}^
X/X}X
egiZH
C:C}C
1<$Bg
ITQ4+
Vy\%#
<exif:PixelYDimension>155</exif:PixelYDimension>
sRGB IEC61966-2.1
#m7?V
>9?U?
k ?Oz
UahgGo
6@6r6
;E1<2i5
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
h@C<2
.="U?
MHj3@
xmlns="urn:schemas-microsoft-com:asm.v1"
_CIpow
memcpy_s
QueryDisplayConfig
IIWWZZRR
Delete
P!sIE
</dependentAssembly>
8'HSG
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
WcsGetCalibrationManagementState
DccwCreateDisplayProfileAssociationList
|B_/P
CalibrationFinishedEvent
%t%t<wcs:Text xml:lang="%1">%3</wcs:Text>
zHFk,E
EFFQS1//.tt/111
-0-(0%()(
Jl9d8
tl60>
jORx~!
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
, #&')*)
526<6
processorArchitecture="x86"
X&Tr@)gT
YU/E.
`zP:R
7>jn5
' id='W5M0MpCehiHzreSzNTczkc9d'?>
<dc:rights><rdf:Alt xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:li xml:lang="x-default">Copyright
-UMMYV
MinBlueGain
<assemblyIdentity
4a<N=BA
name="Microsoft.Windows.ICM.DCCW"
dl/Zs
E-7u8
1KGjC
;);4;:;Q;g;y;
pF#Rv
CoTaskMemAlloc
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
dU^vE
PPPPP
B~#}C
M ?5I
GdipCreateFromHDC
cHRM
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
EventRegister
Untitled-2
IOT%"
p40S
GlobalLock
*{UIb
)E%f@
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
{4D36E96E-E325-11CE-BFC1-08002BE10318}
w[</&E-
&6QOt
i*LqM"
*!aou
> ?@?e?
ESliceHorzAlign
vXh\4@
GDI32.dll
]_.3 #s
zRQK@
[=zk[
InvalidateRect
4a%gt
v!MPI
GetStockObject
HeapAlloc
pPhotoshop 3.0
<R<m<~<
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9h9p9x9
>AFoyrOM%6wf
Vx\qvRl1
2007:10:11 09:36:35
C5ZrMA
t;J)i4
:=SYxULI
u%%.h
\22<4lV
zfsn
J7J}J
0q3%C&2:
3J)0iqL
/CwnU
%t</cdm:ProfileName>
GdipCloneBrush
'K*{Y
0$DS:0
.data$brc
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
^?G)eg}}
C~C^m
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
InternalName
oelV%
1NS}s
cNO!N
SO<Bx
malloc
HKEY_CURRENT_CONFIG
i3KI@
Q>UdL
3desc
B3yME
<p`]H\W
gY==B
<xapMM:DocumentID>adobe:docid:photoshop:70e47559-7818-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
?%?G?Y?i?
%t<cdm:MaxColorant>1.0</cdm:MaxColorant>
<B<Q<_<k<
IsProcessorFeaturePresent
dEU6te
:X;z;
.rsrc$02
#ezk}
2007:10:11 09:20:43
OldRedGain
_unlock
GYGvH
c<F<F
<description>Display Color Calibration</description>
GetDC
?!???c?
SetTextColor
8BIM'
i^())))))&Q
[PnAu
.s_gw1
,Reference Viewing Condition in IEC61966-2.1
.JBT[gL3
xmlns
en-US
khu?Q
<xap:CreateDate>2007-11-13T15:10:06-08:00</xap:CreateDate>
bYc%W
4'bxn1
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
OLEAUT32.dll
LK"3m
;8;s;
WcsCreateIccProfile
iyI0xT
Adobe
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
.text$di
BTIa/
RFC(*
^XBRo(-+
REGISTRY
a<QE-v
xvpBH
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
"k\?J
43Za+
altTagTEXT
%eYQVU
^Photoshop 3.0
pQJ))
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
RPhotoshop 3.0
UnregisterClassA
CIIWLZ\
zvVwQc
%3J4Jz
GetCurrentProcessId
1i3IE
2-292P2^2
*-11111S
RegCreateKeyExW
ir}i(
vE'zCFi
]>69L!
SJJRI
uVVW9
<xapMM:DocumentID>adobe:docid:photoshop:df90b7ae-923d-11dc-bf0f-889ae1191ecf</xapMM:DocumentID>
py2A]
StringFromCLSID
Hardware
NewRedGain
vq]pA
,-Uiy
GzQGj
EJ%1)
\sdt2T=
2007:10:11 09:50:49
MapWindowPoints
G.Mw?
718S8
zsHDmQ
Z3.ER
j{Xf;
u(j}Xf9
:6:t:
GetSystemMetrics
ESliceBGColorType
a~y1b~
PiL!$>A
Module
s_*F)
%t%t%t<cdm:GammaOffsetGainLinearGain Gamma="2.4" Offset="0.055" Gain="0.947867" LinearGain="12.92" TransitionPoint="0.04045"/>
GetVCPFeatureAndVCPFeatureReply
Message
SetMonitorContrast
'7GWgw
7(8>8G8M8u8
ui`m"c
j<sLb
=jX'b
Btomlong
rhiq8
_<~,Gd
5.5>5E5N5c5l5
c-E$k
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
}i('4T0
;`T25s
CoTaskMemFree
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
GetDlgItem
<stRef:documentID>adobe:docid:photoshop:cf09c8e2-7814-11dc-b3b7-80a45141ec24</stRef:documentID>
%#$Tn
%%.i(
E5!$[
.CRT$XIZ
Y~$X}
%t%t%t<cdm:RedPrimary X="41.24" Y="21.26" Z="1.93" />
5}>Iy
3+3<3
spET(
)6V=Bb`)X
InterlockedPushEntrySList
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:dc="http://purl.org/dc/elements/1.1/">
'I'z'
s~cP&3
QFi3@
EncodePointer
yNjLU$v
!This program cannot be run in DOS mode.
L).9l
zzSen)
Michael Bourgoin
`&1Hi
5$15b&
0U4Q
WcsGetDefaultColorProfile
lR)_Kh_
sj.j)
l7 ^7
> 1q<
<stRef:instanceID>uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24</stRef:instanceID>
uuu000
6%636>6p6
i[*6;
(X-D(!
`qVPR
oo<DSb
8Asf
QE9@4
IEC sRGB
A@3DTR
Lbp 04
qUZhe
RKWMN
?Zq=*7'
]UO>TuO
"1z46
*Qvl$
~>")Y
<xap:ModifyDate>2007-10-11T09:45:54-08:00</xap:ModifyDate>
829<9
RD\2;
%n4ir6
2007:10:11 09:35:58
USER32.dll
iswupper
v/SIM
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
W\BI*
IDATx^
+clFc&
ZS SHu+
Rg4r(
GetDeviceGammaRamp
MaxGreenGain
o^H`'
=]:T@
wExS6
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
g/dk"
yJm;hMP,
kiw>?
]/8au
OR?Y_
lA`Va@
Lx7Uz
V .{k
<xap:CreateDate>2007-11-13T15:11:18-08:00</xap:CreateDate>
mvnfz
M++,K0001
NT=LR';
5nA)0
>/?5???E?N?S?
BMhSh
HeapSetInformation
EnterCriticalSection
.CRT$XCU
21+@-
RegDeleteKeyExW
_errno
QZ`HR
,[Nc]
$2A+E(!
AutoColorSetupMode
:,0.j
4K5p5
S{M&>R:\
ZQnxC
A_ |z
tnj'[f;
M 3oT2
dccw.pdb
Local\DCCW Startup Mutex
<xapMM:DocumentID>adobe:docid:photoshop:0466c2c7-923e-11dc-bf0f-889ae1191ecf</xapMM:DocumentID>
nKn86R
DsO&!
x8BIM
8(8X8b8
IDD = %d: m_bIsRtl = %s
q"*3J/
HKEY_CURRENT_USER
</requestedPrivileges>
%t%t%t<cdm:BlackPrimary X="0" Y="0" Z="0"/>
GetCurrentProcess
<assembly
.]&:")k
jdj_jZjUh
MinRedGain
i4ioS
IWU!p\
v;7E*5
:p&x)
I)I%)$
<xap:MetadataDate>2007-11-13T15:11:53-08:00</xap:MetadataDate>
)8)k)
DDGtlG
LocalFree
RedLuts
*TM9Y
slice
LW~hP5
`{{{-
;$<h<
</assembly>
141V1u1
> >}>
BHEGJV[
UninstallColorProfileW
lD'="
?/QU#X
=.=3=H=O=\=m=w=}=
Translation
<xap:CreateDate>2007-10-11T09:33:33-08:00</xap:CreateDate>
yv*--
strg3
ATL$__z
FindWindowW
F@"A$
publicKeyToken="6595b64144ccf1df"
")8a&y
IDATG
//1<?
MapDialogRect
<photoshop:History></photoshop:History>
SVWQQ
SetStretchBltMode
rmQ8=y
3J)qGj
xf<1H
TTa];J
<cal:AdapterGammaConfiguration>
FileType
NewBlueGain
VaYwi
$8|S"A
<asmv3:application>
ProductVersion
p}<A.
__p__commode
X[e@YD
3L3e3>4W4
969@9
#8#f#
QmO-x-
&wLj@&
`(nj9X
7wwwwxx
ShowWindow
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
]%]JH
x4A*e
_onexit
G75]&
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
JSITf.h4b
%[+L)@
`3M2Z<G[
.CRT$XIAA
j9NGj
DrDa(
} i(4
`bi,c
Q%"TIAK
h4$*D%
;I;p;
Tje=E!^W
ManualAdjustmentEvent
(EJ`IT<
GreenGain
Windows
4+4e4
9>u"S
<xap:CreateDate>2007-10-11T09:38:21-08:00</xap:CreateDate>
'dqA^F
MinContrast
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
~uryvLCTV
YKQ*a
=L9o<
yx$|8W
?tsW#
0M0^0c0m0
.idata$2
-HP
C`f $P
%t</cdm:Author>
.CRT$XCL
A<yRV
z\Q@?
?!M9|r
2007:11:13 15:13:54
6%6+6?6_6i6
TEMPh
(4RQ@
@BA8<$
SYSTEM
<0<;<Y<t<
+`Wk'
HKEY_USERS
2=2D2k2
AtlThunk_AllocateData
NPj$6
UNVOPkT
E'z3@
: 2;;=3
<xap:MetadataDate>2007-10-11T09:40:50-08:00</xap:MetadataDate>
TASK`
)0zzZ8**
|G(P"
UBcM@ta
.gfids
HLino
>E>m>
'A*L~
W9f95
8!5:E
h]\\z
a4;O^
2008 Microsoft Corp.</rdf:li></rdf:Alt>
CIWY\
%tmc:Ignorable="cal"
Operating System
d}*2s
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
-HGtS
NativeHWNDHost
TypeLib
>:j<9
0$00060>0E0K0Q0W0l0w0}0
AHJJJVV
4<2$P6
qC-HS
Current display is 0x%08x
N(VhU
_cexit
mfMs=
6GW<k
lj`QP)QQQQ)
3F)1@
WcsOpenColorProfileW
?!?a?
..;;?
ceWq
0;;;B
/nnMz
k|O6D
GetMonitorInfoW
GHVe*9:IJWXYZftu
<dc:format>image/jpeg</dc:format>
`Dm(c
&sPWf_
7GWgw
`FX;r
4:4D4p4z4
^}gW7
374B4
GetLastError
SSSG?
@^iph
y]"kJN
pdmdd
Rghtlong
EventWrite
9);pw
U6MZb
_amsg_exit
GrayBarsRedish
$o%RjdB
?terminate@@YAXXZ
@HJLWZZ\
Ri3Jh
m2E?(
$k$`$
<,<R<f<
aQJ75
I?f*/
ch5M[b
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
Profile
+&2a#D
6n7z7
Microsoft.Windows.WindowsColorSystem.Dccw.GetDialogId
Capabilities
IDATO
XVYPEMr
)?-F8
<xapMM:DocumentID>adobe:docid:photoshop:b58a55da-7817-11dc-b3b7-80a45141ec24</xapMM:DocumentID>
FHx;8*"
n'Q<kU
qIKGz
ILCE@"
WXf9Y
<xapMM:DocumentID>adobe:docid:photoshop:b1be9613-923d-11dc-bf0f-889ae1191ecf</xapMM:DocumentID>
Pr[q'
"oFn</
<G01(
5 +=+
<xap:MetadataDate>2007-10-11T09:38:21-08:00</xap:MetadataDate>
#@ %!<
7>7V7n7
}vvvy
NG?^i$OC6Mv
B*RIBH)
*MbJX
O^iE!
V{ic<
0(vsD
iE%8P
r*v4
GetColorDirectoryW
&!]*2
<xapMM:DerivedFrom rdf:parseType="Resource">
X4u&]
q[,)\*
~Z~(^
RegQueryInfoKeyW
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
233?3F3W3`3f3x3~3
RegCloseKey
;b;x;
#(-27;@EJOTY^chmrw|
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
T|O)W
tPF^+
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
^-k[[
[N*oL
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
RW@.M
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x00010000 | 0x000a1220 | 0x000a1220 | 10.0 | dccw.pdb | 2071-06-04 03:26:13 | 2b7f19b45958484cf7f3cf5ed96c7c95 |  |
4039f96ce68791185b4bd6c6836791ac | 46c9ffce31efb2fde6fe4765a632df03 | e4a2b2acbb95dbea |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | Display Color Calibration |
| FileVersion | 10.0.17763.1 (WinBuild.160101.0800) |
| InternalName | dccw |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | dccw.exe |
| ProductName | Microsoftรยฎ Windowsรยฎ Operating System |
| ProductVersion | 10.0.17763.1 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x0000f944 | 0x0000fa00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.28 |
| .data | 0x0000fe00 | 0x00011000 | 0x000008d4 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.51 |
| .idata | 0x00010400 | 0x00012000 | 0x00001a82 | 0x00001c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.42 |
| .rsrc | 0x00012000 | 0x00014000 | 0x00089480 | 0x00089600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.35 |
| .reloc | 0x0009b600 | 0x0009e000 | 0x00001150 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.58 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| MUI | 0x0009d378 | 0x00000108 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | None |
| WEVT_TEMPLATE | 0x000150e0 | 0x00001902 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.91 | None |
| RT_ICON | 0x000169e8 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.99 | None |
| RT_ICON | 0x00017050 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.27 | None |
| RT_ICON | 0x00017338 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.87 | None |
| RT_ICON | 0x00017520 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.35 | None |
| RT_ICON | 0x00017648 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.84 | None |
| RT_ICON | 0x000184f0 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.28 | None |
| RT_ICON | 0x00018d98 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.32 | None |
| RT_ICON | 0x00019460 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.57 | None |
| RT_ICON | 0x000199c8 | 0x0000b424 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.99 | None |
| RT_ICON | 0x00024df0 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.72 | None |
| RT_ICON | 0x00027398 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.94 | None |
| RT_ICON | 0x00028440 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.03 | None |
| RT_ICON | 0x00028dc8 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.83 | None |
| RT_GROUP_ICON | 0x00029230 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_VERSION | 0x00014d50 | 0x00000390 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_MANIFEST | 0x00014800 | 0x0000054b | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.97 | None |
| None | 0x000292f0 | 0x00005992 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.88 | None |
| None | 0x0002ec88 | 0x000079aa | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.37 | None |
| None | 0x00036638 | 0x000075b5 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.33 | None |
| None | 0x0003dbf0 | 0x0000d01d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.17 | None |
| None | 0x0004ac10 | 0x00007e8d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.41 | None |
| None | 0x00052aa0 | 0x000088dd | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.46 | None |
| None | 0x0005b380 | 0x00008f73 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.42 | None |
| None | 0x000642f8 | 0x0000faef | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.46 | None |
| None | 0x00073de8 | 0x00001c7e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.95 | None |
| None | 0x00075a68 | 0x00001d41 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.95 | None |
| None | 0x000777b0 | 0x00001cc4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.95 | None |
| None | 0x00079478 | 0x00009f7a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| None | 0x000833f8 | 0x00003af6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.96 | None |
| None | 0x00086ef0 | 0x00003b36 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.00 | None |
| None | 0x0008aa28 | 0x00003b82 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.00 | None |
| None | 0x0008e5b0 | 0x00003b48 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.93 | None |
| None | 0x000920f8 | 0x00003aa6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.94 | None |
| None | 0x00095ba0 | 0x00003b92 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.00 | None |
| None | 0x00099738 | 0x00003838 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.77 | None |
| None | 0x0009cf70 | 0x00000402 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.81 | None |
Imports
| Name | Address |
|---|---|
| RegCloseKey | 0x412000 |
| RegQueryInfoKeyW | 0x412004 |
| RegEnumKeyExW | 0x412008 |
| RegOpenKeyExW | 0x41200c |
| RegSetValueExW | 0x412010 |
| RegCreateKeyExW | 0x412014 |
| RegDeleteValueW | 0x412018 |
| EventRegister | 0x41201c |
| EventUnregister | 0x412020 |
| EventWrite | 0x412024 |
| RegQueryValueExW | 0x412028 |
| Name | Address |
|---|---|
| StretchBlt | 0x412044 |
| CreateCompatibleBitmap | 0x412048 |
| SetStretchBltMode | 0x41204c |
| SelectObject | 0x412050 |
| CreateCompatibleDC | 0x412054 |
| GetObjectW | 0x412058 |
| GetTextExtentPoint32W | 0x41205c |
| SetDeviceGammaRamp | 0x412060 |
| GetDeviceGammaRamp | 0x412064 |
| GetStockObject | 0x412068 |
| SetBkMode | 0x41206c |
| SetBkColor | 0x412070 |
| SetTextColor | 0x412074 |
| CreateSolidBrush | 0x412078 |
| GetDeviceCaps | 0x41207c |
| CreateDCW | 0x412080 |
| DeleteDC | 0x412084 |
| DeleteObject | 0x412088 |
| Name | Address |
|---|---|
| _ftol2 | 0x41233c |
| memcpy | 0x412340 |
| _controlfp | 0x412344 |
| ?terminate@@YAXXZ | 0x412348 |
| realloc | 0x41234c |
| _errno | 0x412350 |
| _onexit | 0x412354 |
| __dllonexit | 0x412358 |
| _unlock | 0x41235c |
| _lock | 0x412360 |
| _except_handler4_common | 0x412364 |
| _wcmdln | 0x412368 |
| _initterm | 0x41236c |
| __setusermatherr | 0x412370 |
| __p__fmode | 0x412374 |
| _cexit | 0x412378 |
| _exit | 0x41237c |
| exit | 0x412380 |
| __set_app_type | 0x412384 |
| __wgetmainargs | 0x412388 |
| _amsg_exit | 0x41238c |
| __p__commode | 0x412390 |
| _XcptFilter | 0x412394 |
| _callnewh | 0x412398 |
| swscanf_s | 0x41239c |
| wcsstr | 0x4123a0 |
| _wcsupr | 0x4123a4 |
| _purecall | 0x4123a8 |
| memcpy_s | 0x4123ac |
| malloc | 0x4123b0 |
| wcsncpy_s | 0x4123b4 |
| free | 0x4123b8 |
| _ftol2_sse | 0x4123bc |
| _vsnwprintf | 0x4123c0 |
| towlower | 0x4123c4 |
| iswupper | 0x4123c8 |
| _CIpow | 0x4123cc |
| memset | 0x4123d0 |
| Name | Address |
|---|---|
| WinSqmAddToStream | 0x4123d8 |
| Name | Address |
|---|---|
| SetVCPFeature | 0x412280 |
| GetNumberOfPhysicalMonitorsFromHMONITOR | 0x412284 |
| GetPhysicalMonitorsFromHMONITOR | 0x412288 |
| DestroyPhysicalMonitors | 0x41228c |
| GetMonitorBrightness | 0x412290 |
| SetMonitorBrightness | 0x412294 |
| GetMonitorContrast | 0x412298 |
| SetMonitorContrast | 0x41229c |
| GetVCPFeatureAndVCPFeatureReply | 0x4122a0 |
| Name | Address |
|---|---|
| WcsSetDefaultColorProfile | 0x4122e8 |
| SetColorProfileElement | 0x4122ec |
| SetColorProfileElementSize | 0x4122f0 |
| DccwReleaseDisplayProfileAssociationList | 0x4122f4 |
| WcsDisassociateColorProfileFromDevice | 0x4122f8 |
| UninstallColorProfileW | 0x4122fc |
| GetColorDirectoryW | 0x412300 |
| DccwGetDisplayProfileAssociationList | 0x412304 |
| DccwCreateDisplayProfileAssociationList | 0x412308 |
| DccwGetGamutSize | 0x41230c |
| WcsOpenColorProfileW | 0x412310 |
| WcsGetDefaultColorProfile | 0x412314 |
| WcsGetUsePerUserProfiles | 0x412318 |
| WcsGetCalibrationManagementState | 0x41231c |
| WcsSetCalibrationManagementState | 0x412320 |
| DccwSetDisplayProfileAssociationList | 0x412324 |
| CloseColorProfile | 0x412328 |
| InstallColorProfileW | 0x41232c |
| GetColorProfileFromHandle | 0x412330 |
| WcsCreateIccProfile | 0x412334 |
| Name | Address |
|---|---|
| ShellExecuteW | 0x412194 |
| Name | Address |
|---|---|
| GdipDisposeImage | 0x4122a8 |
| GdipCloneImage | 0x4122ac |
| GdipCreateHBITMAPFromBitmap | 0x4122b0 |
| GdipDeleteBrush | 0x4122b4 |
| GdipCreateBitmapFromStream | 0x4122b8 |
| GdiplusStartup | 0x4122bc |
| GdiplusShutdown | 0x4122c0 |
| GdipCreateFromHDC | 0x4122c4 |
| GdipDeleteGraphics | 0x4122c8 |
| GdipCreateSolidFill | 0x4122cc |
| GdipCreateLineBrushI | 0x4122d0 |
| GdipAlloc | 0x4122d4 |
| GdipCloneBrush | 0x4122d8 |
| GdipFillRectangleI | 0x4122dc |
| GdipFree | 0x4122e0 |
| Name | Address |
|---|---|
| DestroyPropertySheetPage | 0x412034 |
| CreatePropertySheetPageW | 0x412038 |
| PropertySheetW | 0x41203c |
| Name | Address |
|---|---|
| VarUI4FromStr | 0x412184 |
| SysFreeString | 0x412188 |
| SysAllocString | 0x41218c |
| Name | Address |
|---|---|
| StringFromCLSID | 0x412264 |
| CoTaskMemRealloc | 0x412268 |
| CreateStreamOnHGlobal | 0x41226c |
| CoTaskMemFree | 0x412270 |
| CoCreateInstance | 0x412274 |
| CoTaskMemAlloc | 0x412278 |
Usage
Processing ( 31.26 seconds )
- 30.45 ProcessMemory
- 0.742 CAPE
- 0.056 BehaviorAnalysis
- 0.008 AnalysisInfo
- 0.001 Debug
Signatures ( 0.06 seconds )
- 0.008 ransomware_files
- 0.006 antiav_detectreg
- 0.005 antianalysis_detectfile
- 0.005 ransomware_extensions
- 0.003 infostealer_ftp
- 0.003 territorial_disputes_sigs
- 0.003 ursnif_behavior
- 0.002 antiav_detectfile
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.01 seconds )
- 0.009 CAPASummary
- 0.002 JsonDump
Signatures
Queries the keyboard layout
The PE file contains a PDB path
pdbpath: dccw.pdb
SetUnhandledExceptionFilter detected (possible anti-debug)
The binary likely contains encrypted or compressed data
section: {'name': '.rsrc', 'raw_address': '0x00012000', 'virtual_address': '0x00014000', 'virtual_size': '0x00089480', 'size_of_data': '0x00089600', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.35'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 6364 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Binary compilation timestomping detected
anomaly: Compilation timestamp is in the future
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Users\Packager\AppData\Local\Temp\dccw.exe
C:\Windows\WinSxS\SystemResources\gdiplus.dll.mun
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\DUser.dll
C:\Windows\System32\duser.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\AppData\Local\Temp\*
C:\Users\Packager\AppData\Local\SystemResources\dccw.exe.mun
C:\Windows\WinSxS\SystemResources\gdiplus.dll.mun
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\DUser.dll
C:\Windows\System32\duser.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\AppData\Local\Temp\*
C:\Users\Packager\AppData\Local\SystemResources\dccw.exe.mun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\DCCW\Simulator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration\CalibrationManagementEnabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI\DynamicScaling
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ActivityVisualCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Low
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\msdt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\DCCW\Simulator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration\CalibrationManagementEnabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI\DynamicScaling
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ActivityVisualCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Low
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\msdt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration\CalibrationManagementEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ActivityVisualCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Low
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\msdt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration\CalibrationManagementEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ActivityVisualCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Low
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\msdt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\Calibration\CalibrationManagementEnabled
Local\DCCW Startup Mutex
Local\SM0:6364:168:WilStaging_02
Local\SM0:6364:168:WilStaging_02
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.