Sample details: 097062f7bd246454516861069e1413c2 --

Hashes
MD5: 097062f7bd246454516861069e1413c2
SHA1: 69e0bc694181bf92ccbea6bb8d7cac045f173eb9
SHA256: 40d2ee1915b96ba27dbb30ab577c0b96f05909fec69a37970343a71dcc5ab930
SSDEEP: 24576:KEtl9mRda1bCSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJV:BEs1L/
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/network_tcp_socket | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
Boolean
Integer
Cardinal
String
WideString
TObject
TObject
System
IInterface
System
TInterfacedObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
	TFileName
TSearchRecX
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide,x@
	EOverflow
EUnderflow
EInvalidPointer8y@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorp
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError8
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
tagEXCEPINFO 
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError8OA
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResourceshRA
EInvalidOperation
TThreadList
TPersistent
TPersistent
Classes
TInterfacedPersistent
TInterfacedPersistent
Classes
IStringsAdapter$
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStreamlXA
THandleStream
TFileStreamXYA
TCustomMemoryStream
TMemoryStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread
TComponentName0^A
IDesignerNotify$
Classes
TComponent
TComponentX_A
Classes
TBasicActionLink
TBasicAction
TBasicAction8aA
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
_^[YY]
C ;C$s
TFileFormat
TFileFormatsList
QQQQSV
TClipboardFormats
_^[YY]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
s(;~ t8
C(_^[Y]
TPatternManagerSV
_^[YY]
TObjectList
TOrderedList
TStack
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IHelpSelector$
:	HelpIntfs
IHelpSystem$
:	HelpIntfs
ICustomHelpViewer$
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
ISpecialWinHelpViewer
:	HelpIntfs
IHelpManager$
:	HelpIntfs
EHelpSystemException
THelpViewerNode
THelpManager
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TSynchroObject
TCriticalSection
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
TCommonDialog
TCommonDialog
Dialogs
HelpContext
OnClose
OnShowSV
TMessageForm
TMessageForm
Dialogs
_^[YY]
%s%s%s%s%s%s%s%s%s%s
Cancel
Ignore
NoToAll
YesToAll
Message
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TImage
TImagex
ExtCtrls
Alignd>C
Anchors
AutoSize
Center
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
IncrementalDisplay
ParentShowHintP
Picture
	PopupMenu
Proportional
ShowHint
Stretch
Transparent
Visible
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUpp
OnProgress
OnStartDock
OnStartDrag
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerU
Delphi Picture
Delphi Component
EIniFileException
TCustomIniFile
TIniFile
_^[YY]
ERegistryException
	TRegistryS
MAPI32.DLL
TConversion
TConversionFormat
comctl32.dll
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
 !"#$%
TTextLayout
tlCenter
tlBottom
StdCtrls
TCustomLabel
TCustomLabelx
StdCtrls
TLabel
TLabel
StdCtrls'
AligndKA
	Alignmentd>C
Anchors
AutoSize
BiDiMode
Caption
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
FocusControlP
ParentBiDiMode
ParentColor
ParentFont
ParentShowHint
	PopupMenu
ShowAccelChar
ShowHint
Transparent
Layout
Visible
WordWrap
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseEnter
OnMouseLeave
OnStartDock
OnStartDragP
TCustomEdit
TCustomEditP
StdCtrls
TabStop
TScrollStyle
ssNone
ssHorizontal
ssVertical
ssBoth
StdCtrls
TCustomMemo
TCustomMemo\
StdCtrls
StdCtrls8
AligndKA
	Alignmentd>C
Anchors
BevelEdges
BevelInner
	BevelKind
BevelOuter
BiDiMode<
BorderStyle
Constraints
Ctl3D$7C
DragCursor
DragKind8=C
DragMode
EnabledP
HideSelection<LC
ImeMode
ImeNamePVA
Lines<
	MaxLength
OEMConvert
ParentBiDiMode
ParentColor
ParentCtl3D
ParentFont
ParentShowHint
	PopupMenu
ReadOnly
ScrollBars
ShowHint
TabOrder
TabStop
Visible
WantReturns
WantTabs
WordWrap
OnChange
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDrag
TButtonActionLink
TButtonControl
TButtonControl
StdCtrls
TButton
TButton|
StdCtrls&
Actiond>C
Anchors
BiDiMode
Cancel
Caption
Constraints
Default$7C
DragCursor
DragKind8=C
DragMode
EnabledP
ModalResult
ParentBiDiMode
ParentFont
ParentShowHint
	PopupMenu
ShowHint
TabOrder
TabStop
Visible
WordWrap
OnClick
OnContextPopup
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDragL
TMemoStrings
TMemoStringsL
StdCtrls
GH+D$	
_^[YY]
_^[YY]
BUTTON
THintAction0)C
THintAction
StdActns
TWinHelpViewer
_^[YY]
_^[YY]
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
_^[YY]
MS_WINHELP
#32770
TModalResult
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObjecth:C
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls<=C
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
	TTabOrder
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints
Controls
	MaxHeightx>C
MaxWidthx>C
	MinHeightx>C
MinWidth
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TStartDragEvent
Sender
TObject	
DragObject
TDragObject
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls	
Width<
Height$7C
Cursor
HelpType
HelpKeyword
HelpContext
TWinControlActionLink
TImeMode
	imDisable
imClose
imOpen
imDontCare
imSAlpha
imAlpha
imHira
imSKata
imKata	imChinese
imSHanguel	imHanguel
Controls
TImeName
TBorderWidth
	TBevelCut
bvNone	bvLowered
bvRaised
bvSpace
Controls
TBevelEdge
beLeft
beRight
beBottom
Controls
TBevelEdges
TBevelKind
bkNone
bkTile
bkSoft
bkFlat
Controls
IDockManager$
Controls
TWinControl
TWinControl`NC
Controls
TGraphicControl
TGraphicControl<RC
Controls
TCustomControl
TCustomControl\SC
Controls
THintWindow
THintWindow
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
u$;~|u
tr;s@u
;CLtX3
_^[YY]
;s0t=;
IsControl
_^[YY]
_^[YY]
+WH+W@
:GauOFKu
DesignSize
_^[YY]
_^[YY]
_^[YY]
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
S8_^[]
t9;wlt4
FLVhp/D
t$;C8u
QQQQSVW
t#;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
TContainedAction
TContainedAction
ActnList
Category
TCustomActionList$DD
TCustomActionList
ActnList
TShortCutList
TShortCutList
ActnList
TCustomAction
TCustomAction
ActnList
TActionLinkSV
u*;~8u
R0Z_^[
;Blu	3
$:Cjt_
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0]_^[
$Z]_^[
TChangeLinkDUD
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
MenusTnD
TMenuAutoFlag
TMenuActionLink
	TMenuItem8pD
	TMenuItem
Action
	AutoCheck
AutoHotkeys
AutoLineReduction8
Bitmap
Caption
Checked
SubMenuImages
Default
EnabledT
GroupIndex
HelpContext
Hint@UD
ImageIndex
	RadioItem
ShortCut
Visible
OnClick
OnDrawItem mD
OnAdvancedDrawItem
OnMeasureItem
TMenu,tD
	TMainMenu
	TMainMenu
AutoHotkeysPnD
AutoLineReduction
	AutoMerge
BiDiMode
Images
	OwnerDraw
ParentBiDiMode\lD
OnChange
TPopupAlignment
paLeft
paRight
paCenter
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenu
	AlignmentPnD
AutoHotkeysPnD
AutoLineReduction
	AutoPopup
BiDiMode
HelpContext
Images0wD
MenuAnimation
	OwnerDraw
ParentBiDiMode
TrackButton\lD
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
_^[YY]
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
_^[YY]
Ih;J4u
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
TControlScrollBar
TControlScrollBar
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControlH
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms@
TBorderStyle
IDesignerHook,^A
Forms	
IOleForm$
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms 
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
Formst
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomForm
TCustomForml
TFormp
FormsU
Action
ActiveControl<7C
AlphaBlendT
AlphaBlendValued>C
Anchors
AutoScroll
AutoSize
BiDiModeh
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManager
DefaultMonitor
DockSite
DragKind8=C
DragMode
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
_^[YY]
S,_^[]
$Z]_^[
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
$Z]_^[
~D_^[Y]
Y_^[Y]
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
CURRENT_USER
ThreadTimerT
ThreadLoopFile
FormCreate
	tmr1Timer
	TFrm_Main
	TFrm_Main
Un_Main
SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon
Explorer.exe  HelpMe.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
\Soft.lnk
Stone,I hate you!
:\AutoRun.exe
:\AUTORUN.INF
AutoRun.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
HelpMe.exe
\HelpMe.exe
QQQQQQQSVW3
:\HelpMe.exe
:\AUTORUN.INF
HelpMe.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
Your disk is removed!
_^[YY]
\HelpMe.exe
\notepad.exe
Internet Explorer\iexplore.exe
Outlook Express\msimn.exe
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
MS Sans Serif
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
33DDDDD3333
33333333333
333333?
333333
333333
3333f3333333?
3336Dc3333338
333>fC333333
c333333
3333333333338
3333Dc3333333
3336fC3333338
333>fC333333
333>fd333333
fC33333
3333>fd333338
fC333?3
33fd3>fC333
fDFfC338
33>ffffc338
fff3333
3333333333338
4DF334DC33
333*C33
c33*C333
33338?383
F*F333383
"$c33333
"dc3333833
CjC338
CjC338
D*C33383
C33333833?33
3333333
3334JC33333338?333
C3333333
C3333333
3333fc33333338
333333333333?
33333?
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
333DDD33333?
2C4"""D338
2$B""""C38
2""333:"C8
2""#33:DC8
333338
333333333333333
333333DDD3
:DC33:""$8
:"C333
$334B"$3
"DDB""$3
3:"""""
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33333333
HelpMe
'KillandHide
(ShlObj
System
SysInit
KWindows
UTypes
sActiveX
3Messages
CommCtrl
*ShellAPI
RegStr
?WinInet
UrlMon
FComObj
qComConst
CVariants
SysConst
$VarUtils
SysUtils
Dialogs
ExtCtrls
Consts
5Themes
nComCtrls
Printers
WWinSpool
^Classes
"RTLConsts
QTypInfo
+Graphics
FlatSB
StdActns
Clipbrd
YStrUtils
&Controls
MultiMon
vMenus
Contnrs
ImgList
EActnList
dStdCtrls
WinHelpViewer
RHelpIntfs
ComStrs
ExtActns
ExtDlgs
3CommDlg
Buttons
8Registry
IniFiles
CUxTheme
SyncObjs
RichEdit
ToolWin
ListActns
AAccCtrl
AclAPI
TlHelp32
Un_Main
TPF0	TFrm_Main
Frm_Main
AlphaBlend	
AlphaBlendValue
BorderIcons
BorderStyle
bsNone
ClientHeight
ClientWidth
	clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
	Font.Name
MS Sans Serif
Font.Style
OldCreateOrder
Position
poScreenCenter
OnCreate
FormCreate
PixelsPerInch
TextHeight
Height
TabOrder
TTimer
Interval
OnTimer
	tmr1Timer
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
@H??wElDj;
@H??wElDj>
ERRORSUPPORTTEXT_RETAIL_DEFAULT_PERMISSION_POST.ERRORSUPPORTTEXT_RETAIL_DEFAULT_PERMISSION_PREVerify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seeERRORSUPPORTTEXT_RETAIL_DEFAULT_POSTERRORSUPPORTTEXT_RETAIL_DEFAULT_PREContact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seeERRORSUPPORTTEXT_RETAIL_DEFAULT_PROBLEM_POSTERRORSUPPORTTEXT_RETAIL_DEFAULT_PROBLEM_PREIf problem persists, contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seeONPrinterNameSend To OneNote 2007ShellUILanguage1033InjectorServiceSaves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.OfficeDiagnosticsServiceRun portions of Microsoft Office Diagnostics.{CC29EC69-7BC2-11D1-A921-00A0C91E2AA2}MEWord12WordMetroCnv_Converter12ProxyWord 2007 Macro-enabled Document\docmWord12Word 2007 Document\docxWord97Word 97-2003 Document\doc{EA7FE5B5-89ED-4872-B2B7-0DC103B2B320}eurotool.xlamExcelAddIn_EuroToolEuro Currency Tools\Conversion and formatting for the euro currencyhtml.xlamExcelAddIn_HTMLInternet Assistant VBA\Internet Assistant VBA{{Fatal error: }}Error [1].Message type:  [1], Argument:  [2]Error reading from file: [2].  {{ System error [3].}}  Verify that the file exists and that you can access it.=== Logging started: [Date]  [Time] ====== Logging stopped: [Date]  [Time] ===Cannot create the file '[3]'.  A directory with this name already exists.  Cancel the install and try installing to a different location.Please insert the disk: [2]Setup cannot access the folder [2].  Verify that the folder exists in your system and that you have sufficient permissions to update it.Error writing to file: [2].  Verify that you have access to that directory.Setup cannot read file [2].  Check your network connection or, if you are installing from CD-ROM, be sure that the [ProductNameQualified] CD-ROM is in the drive.  Click Retry to continue or Cancel to stop the installation.Another application has exclusive access to the file '[2]'.  Please shut down all other applications, then click 'Retry'.There is not enough disk space to install this file: [2].  Free some disk space and click 'Retry', or click 'Cancel' to exit.Setup cannot find the required file [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Error reading from file: [3].  {{ System error [2].}}  Verify that the file exists and that you can access it.Error writing to file: [3].  {{ System error [2].}}  Verify that you have access to that directory.Source file not found{{(cabinet)}}: [2].  Verify that the file exists and that you can access it.Cannot create the directory '[2]'.  A file with this name already exists.  Please rename or remove the file and click 'Retry', or click 'Cancel' to exit.The volume [2] is currently unavailable.  Please select another.The specified path '[2]' is unavailable.Setup cannot write to the folder [2].  Verify that the folder exists in your system and that you have sufficient permissions to update it.Setup cannot read from file [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Setup cannot create the folder [2].  Verify that the path exists in your system and that you have sufficient permissions to update it.Setup cannot open the source file cabinet [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].The specified path is too long: [2]Setup cannot modify the file [2].  Verify that the file exists in your system and that you have sufficient permissions to update it.A portion of the folder path '[2]' exceeds the length allowed by the system.The folder path '[2]' contains words that are not valid in folder paths.'[2]' is not a valid short file name.Error getting file security: [3] GetLastError: [2]Invalid Drive: [2]Action start [Time]: [1].Setup cannot create the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot open the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot delete the value [2] from the registry key [3].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot delete the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot read the value [2] from the registry key [3].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot write the value [2] to the registry key [3].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot get the value names for the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot read the security information for the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Could not increase the available registry space.  [2] KB of free registry space is required for the installation of this application.Action ended [Time]: [1]. Return value [2].Another installation is in progress.  You must complete that installation before continuing this one.Error accessing secured data.  Please make certain the Windows Installer is configured properly and try the install again.User '[2]' has previously initiated an install for product '[3]'.  That user will need to run that install again before they can use that product.  Your current install will now continue.User '[2]' has previously initiated an install for product '[3]'.  That user will need to run that install again before they can use that product.Out of disk space -- Volume: '[2]'; required space: [3] KB; available space: [4] KB.  Free some disk space and click 'Retry'.Are you certain you want to cancel?The file [2][3] is being held in use{ by the following process: Name: [4], Id: [5], Window Title: '[6]'}.  Close that application and click 'Retry'.The product '[2]' is already installed, preventing the installation of this product.  The two products are incompatible.Out of disk space -- Volume: '[2]'; required space: [3] KB; available space: [4] KB.  If rollback is disabled, enough space is available.  Click 'Abort' to quit, 'Retry' to check available disk space again, or 'Ignore' to continue without rollback.Could not access network location [2].The following applications should be closed before continuing the install:Setup could not locate a version of Microsoft Office 97, 2000 or XP on the selected drive. Click OK to stop the installation. If you have a version of Microsoft Office on CD-ROM, run Setup again.
For more information, see [SETUPHELPFILEDIR] under "Locating a Previous Version of Office".Out of memory.  Shut down other applications before retrying.The key [2] is not valid.  Verify that you entered the correct key and try again.You must restart your computer before configuration of [2] can continue.  Would you like to restart now?The configuration changes made to [2] will not take effect until your computer has been restarted.  Would you like to restart now?An installation for [2] is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?Setup cannot find the required files.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Installation operation completed successfully.Installation operation failed.Product: [2] -- [3]You may either restore your computer to its previous state or continue the install later.  Would you like to restore?Setup cannot write information to your hard disk.  Check to make certain enough disk space is available, and check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].One or more of the files required to restore your computer to its previous state could not be found.  Restoration will not be possible.Setup cannot install one of the required products for [2].  [ERRORSUPPORTTEXT]Setup cannot remove the older version of [2].  [ERRORSUPPORTTEXT]Windows Installer is no longer responding.The path [2] is not valid.   Please specify a valid path.There is no disk in drive [2].  Please insert one and click 'Retry', or click 'Cancel' to go back to the previously selected volume.There is no disk in drive [2].  Please insert one and click 'Retry', or click 'Cancel' to return to the browse dialog and select a different volume.The folder [2] does not exist.  Please enter a path to an existing folder.A valid destination folder for the install could not be determined.Windows Installer terminated prematurely.Setup cannot read file [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Scheduling reboot operation: Renaming file [2] to [3].  Must reboot to complete operation.Scheduling reboot operation: Deleting file [2].  Must reboot to complete operation.Setup cannot register module [2].  If you click 'Cancel' or 'Ignore', run Setup again and reinstall or repair your [ProductNameBase] installation.  [ERRORSUPPORTTEXT_PROBLEM]Setup cannot unregister module [2].  [ERRORSUPPORTTEXT]Setup cannot cache package [2].  [ERRORSUPPORTTEXT]Could not register font [2].  Verify that you have sufficient permissions to install fonts, and that the system supports this font.Could not unregister font [2].  Verify that you that you have sufficient permissions to remove fonts.Could not create Shortcut [2].  Verify that the destination folder exists and that you can access it.Could not remove Shortcut [2].  Verify that the shortcut file exists and that you can access it.Setup cannot register type library for file [2].  [ERRORSUPPORTTEXT]Setup cannot unregister type library for file [2].  [ERRORSUPPORTTEXT]Setup cannot update file [2][3].  Verify that the file exists in your system and that you have sufficient permissions to update it.Could not schedule file [2] to replace file [3] on reboot.  Verify that you have write permissions to file [3].Setup cannot remove ODBC driver manager.  [ERRORSUPPORTTEXT]Setup cannot install ODBC driver manager.  [ERRORSUPPORTTEXT]Error removing ODBC driver: [4], ODBC error [2]: [3].  Verify that you have sufficient privileges to remove ODBC drivers.Error installing ODBC driver: [4], ODBC error [2]: [3].  Verify that the file [4] exists and that you can access it.Error configuring ODBC data source: [4], ODBC error [2]: [3].  Verify that the file [4] exists and that you can access it.Service '[2]' ([3]) failed to start.  Verify that you have sufficient privileges to start system services.Service '[2]' ([3]) could not be stopped.  Verify that you have sufficient privileges to stop system services.Service '[2]' ([3]) could not be deleted.  Verify that you have sufficient privileges to remove system services.Service '[2]' ([3]) could not be installed.  Verify that you have sufficient privileges to install system services.Could not update environment variable '[2]'.  Verify that you have sufficient privileges to modify environment variables.You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.Could not set file security for file '[3]'. Error: [2].  Verify that you have sufficient privileges to modify the security permissions for this file.Setup cannot update file [2] because it is protected by Windows.   You may need to update your operating system for this program to work correctly.  [ERRORSUPPORTTEXT] {{Package version: [3], OS Protected version: [4]}}Setup cannot update file [2] because it is protected by Windows.   You may need to update your operating system for this program to work correctly.  [ERRORSUPPORTTEXT] {{Package version: [3], OS Protected version: [4], SFP Error: [5]}}An error occurred during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}Warning [1].Please wait while Windows configures [ProductName]Gathering required information...An internal error has occurred.  ([2]   [3]   [4]   [5]   [6]   [7]   [8]) [ERRORSUPPORTTEXT]Removing older versions of this application...Preparing to remove older version of this application...Setup cannot get attributes for file [3].  Verify that the file exists in your system and that you have sufficient permissions to update it.Setup cannot create a temporary file in folder [3].  Verify that the folder exists in your system and that you have sufficient permissions to update it.Setup cannot find the required file IMAGEHLP.DLL in your system.  This file is needed to validate the file [2].  [ERRORSUPPORTTEXT]Setup cannot find the file key '[2]' in cabinet '[3]'.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Setup cannot access a file cabinet.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Office Setup encountered a problem with the Office Source Engine, system error: [2].  Please open [SETUPHELPFILEDIR] and look for "Office Source Engine" for information on how to resolve this problem.The control '[3]' on dialog '[2]' cannot accept values longer than [5] characters.  The value '[4]' exceeds this limit, and has been truncated.Setup cannot load RichEd20.dll.  [ERRORSUPPORTTEXT]{[ProductName] }Setup completed successfully.{[ProductName] }Setup failed.Info [1].An internal error has occurred: ([2]   [3]   [4]   [5]   [6]   [7]   [8]).  [ERRORSUPPORTTEXT]{{Disk full: }}Action [Time]: [1]. [2]Access.Application.12Microsoft Office Access 2007 DatabaseExcel.AddinMicrosoft Office Excel Add-InExcel.AddInMacroEnabledExcel.Application.12Microsoft Office Excel ApplicationExcel.BackupMicrosoft Office Excel Backup FileExcel.Chart.8Microsoft Office Excel ChartExcel.CSVMicrosoft Office Excel Comma Separated Values FileExcel.MacrosheetMicrosoft Office Excel 4.0 MacroExcel.Sheet.12Microsoft Office Excel WorksheetExcel.Sheet.8Microsoft Office Excel 97-2003 WorksheetExcel.SheetBinaryMacroEnabled.12Microsoft Office Excel Binary WorksheetExcel.SheetMacroEnabled.12Microsoft Office Excel Macro-Enabled WorksheetExcel.SLKMicrosoft Office Excel SLK Data Import FormatExcel.TemplateMicrosoft Office Excel TemplateExcel.Template.8Excel.TemplateMacroEnabledMicrosoft Office Excel Macro-Enabled TemplateExcel.WorkspaceMicrosoft Office Excel WorkspaceExcel.XLLMicrosoft Office Excel XLL Add-InExcelhtmlfileMicrosoft Office Excel HTML DocumentExcelhtmltemplateMicrosoft Office Excel HTML TemplateInfoPath.Solution.2Microsoft Office InfoPath Form TemplateInfoPath.SolutionManifest.2Microsoft Office InfoPath Form Definition FileMSGraph.Chart.8Microsoft Graph ChartMSProject.MPXMicrosoft Office Project Exchange File (MPX)MSProject.ProjectMicrosoft Office Project DocumentMSProject.Project.9MSProject.TemplateMicrosoft Office Project TemplateMSProject.WorkspaceMicrosoft Office Project WorkspaceOneNote.Section.1Microsoft Office OneNote SectionOutlook.File.msgOutlook ItemPowerPoint.Show.12Microsoft Office PowerPoint PresentationPowerPoint.Show.8Microsoft Office PowerPoint 97-2003 PresentationPowerPoint.ShowMacroEnabled.12Microsoft Office PowerPoint Macro-Enabled PresentationPowerPoint.Slide.12Microsoft Office PowerPoint SlidePowerPoint.Slide.8Microsoft Office PowerPoint 97-2003 SlidePowerPoint.SlideMacroEnabled.12Microsoft Office PowerPoint Macro-Enabled SlidePowerPoint.SlideShow.12Microsoft Office PowerPoint Slide ShowPowerPoint.Template.12Microsoft Office PowerPoint TemplatePowerPoint.Template.8Microsoft Office PowerPoint 97-2003 TemplatePowerPoint.TemplateMacroEnabled.12Microsoft Office PowerPoint Macro-Enabled Design TemplatePublisher.Document.12Microsoft Office Publisher DocumentVisio.Drawing.11Microsoft Office Visio DrawingVisio.Stencil.11Microsoft Office Visio StencilVisio.Template.11Microsoft Office Visio TemplateVisio.Workspace.11Microsoft Office Visio WorkspaceWord.Document.12Microsoft Office Word DocumentWord.Document.8Microsoft Office Word 97 - 2003 DocumentWord.DocumentMacroEnabled.12Microsoft Office Word Macro-Enabled DocumentWord.Template.12Microsoft Office Word TemplateWord.Template.8Microsoft Office Word 97 - 2003 TemplateWord.Wizard.8Microsoft Word WizardwordhtmlfileMicrosoft Word HTML DocumentwordhtmltemplateMicrosoft Word HTML TemplatewordxmlfileMicrosoft Word XML DocumentAccessShortCutCreate databases and programs to track and manage your information by using Microsoft Office Access.CAGShortCutClipArt|Microsoft Clip OrganizerImport and organize photos, clip art, sounds and motion files using Microsoft Clip Organizer.ExcelShortCutPerform calculations, analyze information, and visualize data in spreadsheets by using Microsoft Office Excel.GrooveShortCutCreate collaborative workspaces to share files and work on projects with your team members using Microsoft Office Groove.IgxAppShortCutIgxApp|Microsoft Office IGXAppIGX Test ApplicationIGX Test ApplicationLanguageShortCutLngSet12|Microsoft Office 2007 Language SettingsChange the language settings for Office applications.LimeShortCutLime|Microsoft Office LimeLime Test ApplicationMicrosoft_VisioCreate, edit and share diagrams by using Microsoft Office Visio.MSPaperScanExeDocScan|Microsoft Office Document ScanningScan multiple page documents and recognize text in image documents by using Microsoft Office Document Scanning.MSPaperViewExeImgView|Microsoft Office Document ImagingView, manage, read and recognize text in image documents and faxes by using Microsoft Office Document Imaging.ODShortCutOffDiag|Microsoft Office DiagnosticsMicrosoft Office Diagnostics identifies and corrects common causes of instability and poor performanceOISShortCutOIS|Microsoft Office Picture ManagerOrganize, edit, and share picture files by using Microsoft Office Picture Manager.OneNoteShortCutGather, organize, find, and share your notes and information using Microsoft Office OneNote.OsaNewOfficeShortcutNewDoc|New Microsoft Office DocumentCreate a new Microsoft Office document, worksheet, e-mail message, presentation, Web page, or database.OsaOpenOfficeShortcutOpenDoc|Open Microsoft Office DocumentFind and open any Microsoft Office document, worksheet, e-mail message, presentation, Web page, or database.OutlookShortCutSend and receive e-mail; manage your schedule, contacts, and tasks; and record your activities by using Microsoft Office Outlook.PPTShortCutCreate and edit presentations for slide shows, meetings, and Web pages by using Microsoft Office PowerPoint.ProjectProfilesShortCutPSrvAcct|Microsoft Office Project Server 2007 AccountsCreate and edit account profiles used by Microsoft Office Project when connecting to Microsoft Office Project Server.ProjectShortCutPlan, track, and manage your projects, and communicate with your team by using Microsoft Office Project.PubExeShortcutCreate and edit newsletters, brochures, flyers, and Web sites by using Microsoft Office Publisher.RMSShortCutIC12|Microsoft Office InterConnect 2007Create, manage, send, and receive bizcards and contact information by using Microsoft Office InterConnect.SelfcertShortcutSelfcert|Digital Certificate for VBA ProjectsThis program creates a self-signed digital certificate that can be used for personal macros on this machine only.VisSDKClbShortcutVSDKCode|Microsoft Office Visio Code Samples LibraryCode Samples Library with code snippets in various languagesVisSDKDocsShortcutVSDKDocs|Microsoft Office Visio SDK DocumentationSDK Documentation covering references and articlesVisSDKPublishShortcutVSDKPub|Microsoft Office Visio Solution Publishing ToolLaunch Visio Publish ComponentVisSDKSamplesShortcutVSDKSamp|Microsoft Office Visio SDK SamplesSDK Sample Applications supporting multiple languagesVisSDKToolsShortcutVSDKTool|Microsoft Office Visio SDK ToolsSDK Tools including ShapeStudio, wizards, tools and typelibrariesWAC_EWDShortCutDesign and manage high-quality, standards-based Web sites with Microsoft Expression Web.WAC_SPDShortCutCreate and customize Microsoft SharePoint Web sites and build workflow-enabled applications with Microsoft Office SharePoint Designer.WordShortCutCreate and edit professional-looking documents such as letters, papers, reports, and booklets by using Microsoft Office Word.XDocsShortCutDesign and fill out dynamic forms to gather and reuse information throughout the organization using Microsoft Office InfoPath.accdbNew&NewOpen&OpenOpenAsReadOnlyOpen as Read-OnlydocEdit&EditOnenotePrintto&PrintPrintdochtmldocmdocxdocxmldotdothtmldotmdotxicdicticxinfopathxmlmatDesign&DesignPreviewPre&viewmau&Browsemavmdbmdbhtmlmdimpdmpfmppmptmpwmpxoftolsoneonepkgonetoconetoc2potShowS&howpothtmlpotmpotxppappamppsppsmppsxpptppthtmlpptmpptxpptxmlpubpwzrtfthmxvdxPrintToPrint &TovsdvssvstvswvsxvtxwbkwizwizhtmlxlamxlmxlsxlsbxlshtmlxlsmxlsxxltxlthtmlxltmxltxxlwxsfxsnProgramMenuDevResourcesFolderMSDEVRES|2007 Microsoft Office System Developer Resources:MSDEVRESProgramMenuToolsFolderOFFTOOLS|Microsoft Office Tools:OFFTOOLSreg0005F9DFB11EE5635A031DA038FF9A9EProofreg005D9574E2D206D307893F81DC06F0E7XLSTARTreg007403245A6C2E1B47D99463BADEE414&Edit,0,2reg011805B5691E5D3A57178868B4475ADDreg03CD7777AA2DAED32797C8B568F9C1D8ODBC Databases ()reg03DBDA1638A26F85DE631FDFD910A3E2reg052959FD7BA37014ECB8CF441EEF4CEDreg053021A21AC3B51B76AE8DB4EEC85A10reg059EA896AF64E4B3C2BDEB978FEF45B2reg05C9ECA53A18DE59D4E90A206F1E8D63reg065FF1D29B341AE1C0BF30CC8CD1B659reg069934FBC337B13F2344D653E403B6C4reg074F12DDC24D6F5D82D9EF4ADF52164Areg0781CEDF1554451FAE08B0CED280FD9A&Open,0,2reg083407F478A29DA646EB5117D3A9E635&Edit,0,0reg08BEA2DCAE078C258741E0D7108BD07Creg092828397513E52292017A31A83641B0Microsoft Office Groove Tool Archivereg099E4C7BEC45A3E2CD2B60411969B808reg09F441C44F2F58849BB7167D2B60891Areg0AD85CE2F6DCD301614EFF655A29A5F1reg0BA730632E4155B0DA2C19FF22F8EF84reg0D1CB378DF8DDEBD9895CF074BB6DBA3reg0D432EA6E2D260FE3F7CE05C19DA7C3Creg0D4FF606B6C0E18C9927C7F58DAA9EA2reg0D50E43B439F38F7B6EC7B670E547363reg0E8181654F86BF43E0210A09B07166FCreg0F4108C4DF2AEB55CE34479C6EABCC72Exchange Unified Messaging support for voice-mail and fax integration.reg0FABA33AA368F6A79434E8295ADC3B94reg0FEF2F81B1EB050C47DF4685639C3C16reg11F6C813D8AD39AA636B556C26735889PERT Analysisreg1220626D7618A26DB7F1C9EAA21CA016reg12A7CEE4CD6BE6F2381D17357DDADE26HTML Documents (*.html;*.htm)reg1411C2D32DB44311EE597468B3CC9BFAreg14491C5CA73AD97D3AF85015763FE988Adds Send to OneNote and Notes about this Item buttons to the command barreg1497460DE8A54C48A970D2D5ADD74FA3reg1525240504C166D47CB0781930C854A9reg15BEA710FD8A9D51AA6E86128103A3E3reg15DA56F824CD70C86C574A63FD856E03reg168E77160EC30C1660E372B1462A4115reg16EB6FBEB4FED73DC18392B8F105E908reg171EC7CD6ADC2A055672DE0AC43A2899reg1770F2FFE4526FA0E43D6275ED9EE4A7&Save As...,0,2reg178474FDE68D0991784D00DD923B41EAreg18FD1ACF1B96F1D2A846CA4BA8D8CB44reg19B311FCB7F3AB5C6BB6DDCACC605410Word 2007 Macro-enabled Documentreg1A2A1A3AE3DB93E280CCAD552874DC31reg1B3C88E27294452C44403127B9D62AD8Excel Binary Workbook (*.xlsb)reg1B455DB5F69002EE80B8A8A99B24FF91reg1D17C7235462E360F6FA28EBDB8C4E7Freg1D9171B8712375DBE78F5B50F2997932reg1E4199476049D9525A24283F5299439Dreg1E82372B07C9A01A9111B50FE89C3FE9dBASE IV (*.dbf)reg1E9D39EB5F210ACB12559632C2E69CF2&Open in Microsoft Office Excelreg1EA99958A8AC0CC562386CDCC4725B56Exchange()reg1FBC13F269CE1ECDCB7506EDB8D328E5AddInsreg1FD567A744988A3442A6F6AA9E6A60F3reg21AE301008F9A0BA5403E2831BA46E70&Edit with Microsoft Expression Webreg21E41606A7192A7958C9845C7FA6BA82reg227AD8C87F11A8BB0D27F38D3921287Dreg2287B1A993A3863AC36CBE9014371B50reg24D1EC6BD2320EBDA2C41E9CB6DFE748reg25E4A23BD7B5145373EB6A58A01B336Dreg267BB383ED7581CEB396359EBA7C7050Microsoft &Access Data Pagereg2759B5FDC51A2730F82DFC6259E4EAD6Microsoft Office Visio Add-Onreg2762F2E6F78D87B79F49C654F090A41Areg27B840370F12B098BF71A062D809C627reg27E96DFC7E93DECD717DB4D1F7358633&Edit with Microsoft Office SharePoint Designerreg2809C64505F28DB09379F4D3E2605995reg28B0C76451F36B37BE0E6F61F6F33EA6Microsoft Office Groove Proxy for Outlook Add-inreg28B9C489B20D8668EDD41AE5DAD4205Ereg28C2BC4052B2BDB70109E369347CDC3Freg28EA185236D5950D5AC3F6EC2B11D56AMicrosoft Office Groove Space Archivereg294CC655E304CBA4996C0012176C40A4&Edit with Notepadreg29A81CA3A0B3CBFBB498CCA1DD60539Areg2A14692C0B1D2B72D9C372A2A4DE06C8Paradox 4 (*.db)reg2A88946DC951AC035EC98F0967AD065Areg2ADC0D99F3C11EB901212CA22B9369C7Microsoft Office PowerPoint previewerreg2B773B288DFE5F0DFF83894F6479EFA3reg2BC91F563F20C0181C7F7B102A6C669Areg2BF04053C402D67F12BFA1F4FFA8FB86reg2DC60DF677D0A211FE14C80A9D27DC4F&Open, 0, 2reg2DC7FF94DCA902A47DE7FCDA8B68B2FAreg2E94A9D08D524436EF3D59A425C01DEEreg2EBF0742222D9182D35E8C82CD4203F0reg304BA8C9C754F4A535D3B24F66FB8872reg304EC0DB0EBCF82E95A0476C4819E289Application Datareg30A6325726864B96D39C39F2C26F1421The Add-in allows Microsoft Access to integrate with and enable automated scenarios around Data Collection and Publishing around user created Access solutionsreg3107FFB925A9F4D4139028A2835E9BEDreg310CF7D3401BD33AE3C8B8C018C1FBC9reg3173645541362161D141D8BE752EB7F9reg3191C79205C9ED2BB7F7629257A00D05reg334AD94322A0D76EB40962AA3C74746FAdjusts project start dates and all constraints within a projectreg3393D922107AD4EB0A78F594C5C2D03Freg33A0949A0360B3B3B9B61977F0E6EA71reg33DD9261B98CF9670F86303C6DA747C7reg340CB4EF259171F5C656D4E14977A5BFreg3448208657DAC09AB3AE301C48303526reg34BD00F1A73302335A6B7BCAF40D9795&Open with Microsoft Office SharePoint Designerreg35314B2CE20A4A3A050E61DEE1223ADDreg35A4C07CDC82E830968204054457428Ereg35B2E4A5D715C2204D1DB7D281D59A8DMicrosoft Access Outlook Add-in for Data Collection and Publishingreg36052154150318D8ABD05CB84B5E38D4Microsoft Office Word previewerreg36C00FA4126418B44123B994C0554359reg3729B46C8DBEE209D53B1CC4A22EC32Areg379E2A47C1AA5DC01B982EE188A9C80A&Researchreg3823CF0FD84BF07134B214C922FE99E2reg3A0E418BDAA31FE015B9233CD04E6DA4Microsoft Office Groove Filereg3A3012489D1E7E69307667CFEA22C862reg3ADBDA109826C6868014E31F0781E925reg3B125046785390EFAD732C472328AAC3reg3B364E4B829A5BACDC414FC8A6021551Microsoft Office Groove Remote Filereg3BB3CA95607C1D8CA9523D466E6B013Freg3C5A7128277C316A50C7A72E0444E038reg3D0CF844BC6A7C3A771C45F47E86DF9Freg3D84238A977243F751F76B43B3FDD625S&how,0,2reg3D93AC9182D64E51AA9E877E3FF233DEAccess default location: Wizard Databasesreg3E0C50AFC2A6BFA79BC8789F5ADA3AB7reg3ECB58C4E4A9F1247C3D8245E63C0A99reg3EEC0F402B1ECE922F6773BBB15ED202Presentationreg3FFC766B9248A4CB1CC63D573F458977reg414F11BC67CD643236734DA034728180reg41F3A4F6DA5BAB49C6C2D7CBF8E0D8F0reg41FF364DB5E121334E5D73D150BCA91Creg4233D9578D83AA196740A80799FA2DD0reg43280322FF5C47AF2949CC3A025CBC9Freg43DFAF5B8CD9157E6F37F474D3EBFED8&Save Asreg442B5C8952B10996B6268E321EC8A792Microsoft Office Groove VCardreg44571913616D8CA2027CBF19EDE7E4E7reg451F21F211EBD9E00277BF27EEF2EEAB&Open in Excelreg456E37CAD9DC0CBFF333A379C17A430Creg4690371FF2B771F3F3FC75BED8B6915AMicrosoft &Excel Worksheetreg4741849934C79B9236B137551305284Breg47B58DC63A4F839F02702405C85E2BD3This wizard helps you to resolve replication conflicts in Access and SQL Server.reg4918390413F5EDF84F70EDAE5BAA8822reg498B8862E916C3CD4B9EB577F114A044reg4A9CAC887DD0369C475697A5D71AC1DDreg4B5FEDCB6E7D93C0E28AE0890B8901CFreg4C6AB154FC13A5A9BA7153C1909DE249reg4D992677B645D33E9E5358DDF3C58953reg4DB12F40BC5DDA8371AF9D3B2A6C3690reg4DCCE517D3AF59417F40BF6F889F4987Desktopreg4E2215E2C9B8B501F318C78D3BA2C715reg4E7CED7DAE0A20190D6756403558E732reg4F07B3B4D814A6F75C8A0EBEA3619FD3Visioreg4FA1496AD7D17777549A749E01CE35BBreg502AE1A142BE6373DC4DB8E493FBFF46dBASE III (*.dbf)reg513C4ED015E3B70DBE1A9E4D7BCAD2C4reg5161203B39E75ADF825E1012C86AA589Send to OneNotereg51763D059D0CE7E09739E09FE8072702reg518401DA3D281178D610BC636C709E2AWeb Sitesreg52F950B879162EA45930A8794E69E3C5reg536EC9546430FA166D2A825F5A93C372reg543DCB92FBF2E3C676CE027D9EE48162dBASE 5 (*.dbf)reg54851144F8B8731E45E868D86A6E9265Stationeryreg54BCA6E759EB27FDAA92C64FC0E680B5reg5508E4E14E6A8E47542531AF19AAE559reg5524404F5CB515FCF3C116C7E24E5285Projectreg552FB8256C57B318F4BADE5812182AF5Lotus 1-2-3/DOS (*.wj*)reg567A61CBCE74D1647F2FFCF3E796619BWord 2007 Documentreg5703174B35377F327156886CE6045231reg573C928E3B16576A6E3DB99B355B4D70reg580A163559ADCBA60CBD48A5599BAD17reg585BF595D285E94C30398B2BCE0DDB8EMicrosoft Office SmartArt Graphic Quick Stylereg595AEBA32EAD390A31DD390FB958AA3EProper&ties,0,2reg595DD725E40D8C7A84CC19E1BC5B13A0reg5A0C31065C13D4C5771483E50BB69DA9reg5AFBACDBD69FA93EEB6A5B28557D0A76reg5B0A8AA9246B7E5C201522EFB8E8A181reg5B2BD18AA1D9101F93FF3CFAB84342DEreg5CD83123E6E1DEA9929FE780CA550081reg5D42944EAF28610A9F1F6C7F929DBDC0reg5D62C71194A98136EFEBA1B7C534A199Actorsreg5D6AAD7EB0A74A8E7EFB43F91AAE52A1reg5D83B399C6C781AF8395318DDBDCBBD9Binary Worksheetreg5E2A87FC73910C083617CE7C45B34896reg5F5969C578DD24A842E59804A89CF82EMicrosoft Office 2007 Access Database Engine Conflict Resolverreg5FBAA34D9EEDE6D13A362C3533B1AD53reg5FE1F2B940208428D118C1D3D334AB47Microsoft Office Groove Shortcutreg602BC08B05714D86E7B0D448B0C7EC16Data&sheetreg603F61CA363265BF2032BFAD6854A89EMicrosoft VBA for Outlook Addinreg60E5A1A4F2098E9EFF30B94D3B36B101Displays a list of previously opened Web Sitesreg6115C381799FDF1CCEE47DAC1BF17941reg612B963A1484C1FB4575B4CB49EF3815reg6184A9EF838326A8311E6333FB978D2Ereg626F42EB84192BD5AA68F7600D58B753Paradox (*.db)reg629E630C0EFF799D016390D1FE113472Microsoft Exchange Unified Messagingreg63EACCAF48FB7E7C171DAE4D36A227C2Signaturesreg640625E60EDDAF55BE0DF27D97A0475CCOM Add-in for MS Project 12.0reg64DF5D4DD27F14D6AA4F1858C1568702reg653DCDCA1F6BDEBA52CAB4DDE4091D02reg655798FD7D6D6AB637D0DD23F0B48C16Recentreg656917FEC46918FE3924EA632EC4FC92Proper&tiesreg66A1AF4AB2E5582A9ECA978D981E59FEreg66EBEA49509268BD6687C6166FCB73AFreg6810CA9CDFF433F4C8A649D92659BD19reg68331D61055B67A32E337344F183D1C8reg68AA146A805D1CE8E8040C045A09ABF7reg68F3802B1ECD60F54D3C716D3CD4449Areg693619006DB87C6C42E33697ECA38305reg6970A35312F5FF35027E9C959FC1DBDEreg69955C1162551D3B31D8098D6579C501COM Add-in for MS Project that creates a Powerpoint, Word or Visio document and pastes an image created using Project's Copy Picture feature.reg69DE36482242FEE93A1E7B9F487C32BAreg6A45C34A1B79AE63F6EA85DA77AF2BB5reg6BE483281F3A00AD962D6ED3FDA98020reg6C2CDEB4C08FCB5BC7F11B0C25D99A82reg6D09897A00FBE01501E6C60C3326A7CEParadox 5 (*.db)reg6D6D35A00D4255D78FCBF3E4EC413F5AParadox 7-8 (*.db)reg6DB7B975EBF3A4D7DEA4B0EF07809FF2Microsoft Office Excel previewerreg6DDC289F1DDED7642B452D08E39BBC34OneNote Notes about Outlook Itemsreg6E171ED4E0162E049FD60B1FA58F4059reg6EA8C344E60F30ECC30EB20D6947027EExcel Macro-Enabled Workbook (*.xlsm)reg6EC820BED593D69BCC72C4E023DD05FDMicrosoft Office Groove Embedded Inkreg6F6E60EAB49B13366D13F34FA9935842reg6F70497D5F4BFC0831C17BF2777A5994reg6FC1652116E797D77475F8D1DBE0D8E9Enterprise Projectsreg6FE02CF42BF29F51CBA354C110D30E26reg6FE37B56458D2988893EE99E43DF8D34reg707FB25DE6E38F0E6C29C4E8F9EEB1F4reg70D2778E7BF614725A3216B47BE151EDreg717881879ED9E69D4DF65B78E0D461EAreg725BE8BC69D03720FA027A5A774C0F21My Picturesreg7263E88E1EB0CDD50299BA0F1C9A86D2reg727C7CBF0A67844EC67544692B6431E1reg728731A00D9E0D2C1B01EDCDB1BFB19Ereg7323378FABE94AB39C32577548BCDB04reg7349F983767B854103769013661DEE84reg74E9148142176A08E955CD1D84C35FB0reg74F880D8D36AC62B25E6B0FDBE2DE7F3reg757635380CA4A22EB8ABA2A16E2E1640Favoritesreg75A18038176BA014F06CEED86FD63348reg75C2A86C34498209EC42926D693AE679Microsoft Excel (*.xls)reg75F12763269DE02A9D009B4C03D105C3Slidereg75FCE207D6E611BEFD4D96C8BF82292Ereg760533319C433B8012E5D8AF969A4B3Dreg761152C4961368B4274164B7232DE33Breg76C5CB23920A6AA19255619ED7C70015reg76F4A62B50577EC0F0490B8BC64E892AText Files (*.txt;*.csv;*.tab;*.asc)reg770A45A89E322BAFED1C0A423E2A9480The Add-in allows Microsoft Office SharePoint Server to import colleague suggestions based on your Outlook contentreg786157DEC781C4B6E59ECC181534B810reg79D25BEC2AA8140967EEB9D2F1E5B656reg7A1E0E78DA5CB04E088302D049E6321Areg7A2DDB28F6F9CEA5821064178F63A964reg7AB3FA4DD7CCE40395FF66BBE08A0217reg7AD570CD0D6BF18B71F98385BA819216reg7B728DAFEDC8A25BFD6A782DEC241D86Microsoft Office Visio previewerreg7B8DB42F4A61458C2DE61D43C9EC6ED5reg7BF9F288E3B802195DF97A337E181C0ALotus 1-2-3 (*.wk*)reg7C1F1962C1D756AF3D8ABFE887262524reg7C6854EFC5FC4A9DB8FF776BA66B56B1reg7C6DBE6F482AFEB127D0DCBC94085F0EQueriesreg7DA6C8EB4427D53B6810509B21B91E5Ereg7DEA4D8453608E375EF141C4FDF3DF64reg7DEDA2F9B16E14781FEEBBC909C4BE02&Edit in Excelreg7E2FC544FA4E5E78484310604D1AF0FAreg7E810FFCFE41CAAFD39EC24E64581FF8reg7EB222AF11FE4871DE90E8CA45DDCAE9reg7F4CFEBBDFAC682B35959D241958C7C5STARTUPreg80A330A804DFC5064DA9A58E66F7343Ereg80D8A4EB2793D455DFC6339CA545A29F&Print,0,2reg814C580E3F4E87FC95385F398FDCB714reg82D547D50B4D23A3B1C9743121861103reg8341A17D069CF37C5C69C45C9D7B9E19reg83643C9F85C61AB88E3CEEC85B851ABEreg83CA367E1EF23BE69159075CF49C8BB8reg85C177B156DA18A9F6A1719A8B539791reg85EAE8F95E186E7EE6D329B22AE483D0reg86074B7CB780CB5C3298ADAD06CD781Breg868C40E3927565EB638E9A3671E67FB5Macro-Enabled Templatereg87645FE664760910DE5DB8862EF09136reg87F2A229B7911A27CD98E0D05692D91Areg8824C97C0D40603DC11266647CB00D3Dreg8860E9EE8B9CD155D60F3B70CF0C100Areg886DDBDC3D16F5BDCCD83D1EC8C080B9reg892825FCAB55CD15895873BAE6C0A65EOutlook()reg89DCDACD9B50D409D6A112BB307C0771reg8A43B8ABBB7DB4CBCDD83EEBDECD805Ereg8A75DCFD4D0860CDF692231B1478EFA3reg8B350529531F8328E374649ADFC3F76CWorksheetreg8B7AF1C190EEFF1FBDCBE16C6F93F74AOrganization Chart Add-in for Microsoft Office programsreg8C2C22682C0F1B9B3E83C163A9AAF940reg8E4A8A0D6314D23AB7AF8E1C59914CADreg8EAA433B59E18DDD193260D87B1C9073reg900F0EF0E3977E6E3CEA02E01876CB35reg90F7D4F88B41678B525CC66E1666C5BDreg91399C01F5D7F308ECB05EE4F2DAB87EAdjust Datesreg9229B31400F05F9609B0192E7D58A85Creg92593E4F36AA278CA1136F7820E04A23reg9306B184FDDDF6D7FB0EC06F16C2004Freg9345B41F2F82CBAF402656B8D76F30D9reg95213B50B2495AD6939F6FE521C4ABBDreg9580E3C5AAAB32649D4F3139C6B94635reg9623F079C65D19F92EAECD949E146A03reg96DF3F3E7E05B3298B0E25F003416364reg976C43D104DBCAEA4EE8C542A74DD397reg97E98567A386E0D62737D816157573BEExcel Workbook (*.xlsx)reg9818AE17FDF73299415F457DEDF255F1reg985516E106DF8A7858F08D30882ABCFCreg9887596D346279B2D899E52CA7C03012reg998D5BF7595701B838C12FDDB26CEB27Word 97-2003 Documentreg9A1042D65629EFEE279FABDC4073AA02reg9A2296428EEB1194663A41D1F5E23462&Runreg9A6DD09EE6EF5C9593A07D33148CAD91reg9A9B30987F193DFD5F114AED5A3BA9CFreg9AF959A573A1D4FC311980CD797B4762reg9B938CE605E09844ED9693CCC86F8830Office Outlook 2007 Calendarreg9BE6ADA3FE080A7661C5CB08750924DAreg9C366692633E06B66AF1824E33D675C9reg9C3A3CA4A065232B8BABB414A1B18706reg9C7847A2B2E6B805641D95F36A4E5771reg9C8088CB5A76B3F33E523429541728BAreg9C90CC0180C057300BF8E0D8D31A080Areg9D62D16A967C69FE99643F48F802CB94reg9DF1A496A8AC724AAE7A2B0595BC2A43reg9EE104968C5BA1AC3D2CD684C7B70E08reg9F1CB2F91D6A0E62FCE4660C0EA6B8BDExcel 97 - Excel 2003 Workbook (*.xls)regA06150F47D46A026D77DFC825A768805regA0C9A4A334C6BFB0A5FF1C03F959D205regA0EF30B286067623FA7C3AFE01471C25regA12A58C2122802E036FA030EFCD7701BS&end to OneNoteregA2277D3B71689F1D84611E954A3328BCSoftware\Microsoft\Office\12.0\User Settings\Excel_Core\Create\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft ExcelregA2AC5E86A90411541BC8C84F3D9ECE9BregA38AB9EA438A65C73FCA6EC46AF85D82Compare Project Versions UtilityregA39A1F7E141AB9F23B9D68EB347220F6My DocumentsregA3D42C77FBF31AE5DED8DAF327F6AF9CregA3EF3C3EA06EF992C2D34779DAC97CD0regA5C41EBFD2EE8635C342BE1D3AA44013Microsoft Office Chart TemplateregA640344B9ED9CB2E00F186A6C5F09165regA66DC32607CAFCD0D311A0850B10BF15regA8BC0B07641F7AD5BA0C60DB0A081E0AregA8D310938767C3B182C2F3BB9967BCD8regA950BACEE2CB672E68470C4571EEBAC2Paradox 3 (*.db)regA95E14CA0EA857616BEBB5D2E1C1BC1FregAB43C7B09900D498EB50AEC17C927EF5regAC1C953E30595CAC2EA5F496148800B9regACE45A7ED0D6215DD345681F042AB471regAD7242CF48E99C8EE5FFDA61AD3AFAC7Either there is no default mail client or the current mail client cannot fulfill the messaging request.  Please run Microsoft Office Outlook and set it as the default mail client.*Microsoft Office OutlookregAE74B2E5CF4A9C7AE6FC9398695CA33AregAEA600A07BA566300EA0D187816FF2D6regAF171B15D07644B9803E1B1CC9EE702DChartregAFC662E4C72A2A8FA1DB620AE82AA958regAFEE76B926DEF520F93662E6B0F860F4regB042476E2268905F21BD653B80D27D6AregB1E8E0263DEAB66090BEF98BAD6EEB18regB2809CAB8A425BC8DEC2AF5C03C82469regB2933E7F2DB28F772CF11EE78646950AregB2C478FA695A7D85AB412B0B0D228279regB2D6CCA5AFF17BAF57A65AA1DE1A59B0regB315D2D17D780341640A06FF0D44101BregB32E05495CD12BDC27055DFDC3A00D0DregB32E4F5E55E2815EFD91742B7A595B7FregB4EE942014A6C9461A8129D88D3F05CAMicrosoft Excel 5.0/95 Workbook (*.xls)regB4FFA49F81DF91944239D728AB52BF4DregB5DB0D7F5E4B85C7AE3B11252B03323DregB6196BE7385C884EBEB256A14DA0B235regB6731158842F116DD138BF2C5FF14151regB7CC61348BCB2F7E6602AE1134521FFCregB8A3131FF8E7B4D3717DC1FDCC0B6794Microsoft Office Outlook 2007 provides an integrated solution to help you better manage your time and information, connect across boundaries, and remain safer and in control. This comprehensive information and time manager helps you organize and instantly search for the information you need. With Office Outlook 2007, you can securely share information with coworkers, friends, and family, no matter where they are located. Office Outlook 2007 makes it easier for you to prioritize and control your time, so you can focus on the things that matter most.regB90084FE407D1976127BFD2DAAB9C270regB9197BFB6B100C1304AB74F7E52AC23AregB9C901A76EFF653028F7E2E3DD6DCD3E&Add to Personal Address Book...,0,2regBB33943316F2BD8172F47A9E066ACA79regBBA8BBA05C980220F140FCB4DE3412F1regBCF8A22165100C1A1D45C4E7D91A0530regBDD24C0F31FEC308DBBA46A321E67B14regBEBC7280C8609C712E3483A3C2780D59regBFAE5346497006EE6CFB2A948A578557regBFCEAB34C36D7A050ED5A6FA532D168EregC06A7F2C7A9381023B3D1A9C80F1977BregC1362E9ECE18C8A161AA63ADD9C82374regC14865B29A8E66DC11715FE5521BB65EregC1CE58101184C509E2A648805F2EE94FregC1DC41DA0BB66979772BAB6525835E80regC247538CED594DD3DB9460783AE80A84regC24ECBF16F810C92DE3F62384A131DA3regC264B82C23C56981C999D40967534CFBregC29E73EB03D67AE8A46EC7F401CDD15AregC2BFA1F47D356DD9398EE080D7D3ADFBLotus 1-2-3 WK3 (*.wk3)regC2E8189A429C85DF5604AEF889921BD6regC33A1F0510CA3FC5AA8941E9C1676F35regC347E982AEF55FFB535AC377C18E82B0regC375867872B3B941C63BCAF426D767D0regC39F8F57058AF738509F760E59520BC8Microsoft Office SharePoint Server Colleague Import Add-inregC3F401345854A345F7205236204DDB45regC40BAA3D2D6ACF305A8BA3AEB3ED811BregC5EE54BE8B04210EDA32AC8D358946A1Provides information through devices enabled with Windows SideShowregC65581351DC3AEAA663EC2097DF7E375regC70B7BA75E1A2359148204CA995B7FCBregC78B15F8A06AC713013B14123A6C121BregC7EAD86F7850570F688766C13A461499regC83BE323BBB4C7551111CC69B69D7EBC&DiscussregCAEDB6C5502FB301F27B2E2A3E60702FregCAF3EDC2283755ACAB5B0BF3FCCC58DBregCB33B8CB1F2711E13D90478D61797134regCB9C00D26900C165A141A9D445D55225regCCC38886963454CB79418871B24B4829regCD20CEAA38E6166AC3F2EF1CDCF06C6DregCDCA1486B09E853EA4BA96821F45397CregCE8ECB934856C740708355CFDF068BE6regCEF4F967EFBBDF39D79E5B6407FC4234regD068677AA9FC1FA2422F2EA1A473D708Windows SharePoint Services ()regD1CA03C02B52223E64F5228DA5235C0DregD1ED24BA6D841BD31971B9A770464B2EregD210C15B545EDA4B6A5EB3D54F097E39regD2E4E5D03B455CB12315AAAE94BFA0EBregD3C815102019A06336C4ABF2FE99B387regD3D4DECFAA48344C7C3EBB17DBCAFD68regD44131313C4D8AEFC0E6C925DF8A671FregD456BCC2DF1C8FA9CB4FB9B6F0835C7EregD50F9B5ED4611422AEC8A7EC3F861D8EMicrosoft Office Groove Embedded FileregD544BDB7ED1BCB84873422D3DE9D657EregD5A89C89B1E11C4D1FCAC439B8B055FBregD5B007FEA6B3CCDBF01974A86EDAD17AregD5D837497A6C7C7CED1FA701E8DA6E34regD6B9392D1D2F06EC97168A74D9EC191EregD6D640DE87DC375A83C29C88F814974AregD6FC568C621A7AEF24997DE825355C31regD7710EFCA85DCF7491F178B926E6B268regD7B3BCD3196ECCB494C521147AA000ABregD95B5C5BB17B95646B0B0FBD8B58BDBCThemesregDA877FAD358020A0C71DB386AC55506EregDB168F409547E93E2AE324069CE20EA2regDC37D24630AAC686C066A50852E44E93regDCB972E3FA1DA8A7006BFD8EADB64361regDCC45A20C92AB40CB22C7281EA0923F8regDCDA41E66B5CA3503C41F512680BE69AregDD01770281F953CFD7BC191ECA0A8EC5regDD10EED7CC53DC62AA7AD3256FE6F311regDDD62D74194B06933590D2D879DC8794regDF2B73ADC0AA3A3351C4AF92D876B8D8regDF92398A5E4C65784FD0553C30AC473EregE1A26961142A18F0623992D84123AFD0regE2B9AEB1B31BE8A1D4E68304B7493C37regE2C31DE2D77B66B8FBED58C1B208B21CregE397AA832BAE7A375D2738A19D504E10regE3F77889EFDDD93F2DB484896584E441regE43485B826127CE5BD8F1BE44722C562regE455CCA81AA57C8799F61B017F848CF3regE481697159E58924BD21DCCF9E112CA0regE4E2237082280178FE538B3985448CB0Open as Notebook in OneNoteregE4E6D7B9CC31027603A349866C1C53D4&Send Options...,0,2regE78D9B0AEE2E321289E5A6F0DDC9D924regE917E57D0891419719AC51E2801EF51BregE9E3B17824F4505F363F0D362329B9C1regEA202EFD5FD101C2B184EDDB57E55BEBregEB7203972630158AAE797F352E6DA127Lotus 1-2-3 WK1 (*.wk1)regEB98F7EDDCB3D37CA855CD49F8B31BCAregEC74DD1510114A32ABB22D6B217B3EE3regECC565D28E4E96B16C0B697C12E6B19AMicrosoft &Word DocumentregED84E5336FE8492ED6273CB7E3EB75EAregEDD11B71325AA9EC0DE58ED3AE96F87DregEE0BA374B05A0559695FD9D6E5A55BB2regEE1E2A84470328029A5EC48BC546EC4ECalendar Gadget for Windows SideShowregEE60633F011A36F7FA4BDCFEE3A490CDregEE9BDB70173098D6218403F03CE5B02AregEF4B108A2B9FD1738994EC7239D28380regEFF39F3E2B317B2D1DA0D62696F0A4FAregF094360D874E4492800D0ACFCC9407BCregF13487211B5A08E25768664AC300E08AMicrosoft Office SmartArt Graphic Color VariationregF22F752A874B164E6D6E92A4EC61C6BAregF3FF9A5103275DD978C2AD3A03EFC794regF5897D437ADC7ED9C0CEA03BDF2ED4EDregF604188FF1CD4919935412663729B551regF6339D87EE880EB383F96B1E13C93EC8DocumentregF63FB64D006514D02483C5CD54B4D4B8regF663B95F47A47C74281BFBA0E2FB61FB&Open with Microsoft Expression WebregF6E21A807BB1958A34B612944832851DMacro-Enabled WorksheetregF6F09C4D2A64A01254D07FD1B10106BATemplatesregF7656B9AFFC431F2324A2C4CF2009037regF7BC54C1CB3DA3C3B5ADDDD63D08B25AregF8D5B680BDD4E0F126820586D19718FCregF8F7EAA0654F712EB1D8CDFACD33B4ADregF99CF3C23286FA67A4B013A829D83644Microsoft Outlook Mobile ServiceregFA675AB5A1D668A6742159FA1326A62EMicrosoft Office SmartArt Graphic LayoutregFAB647A1F1E4D829747EC88643AD9EE7regFC18C14E7C6A319CDFE01E90CDA4147FregFC4F9CDCD16B45FCDE66E404485875DDregFCACB123CA8FF08926334B6981B173F0regFD5FF91D29F7BD094F539CCCDF858982regFD91F1A1A29B8C6F661453628D2A40B4Using Microsoft &Outlook...regFE6A4E0C86DA67FB0B5762A72C995239regFE8CDE0ADAD4B69A3F746FF24458FFEEregFE90DC5BA76CF7277965BCD020CEE266regFEEE347AC1FC34D072DC04F88EF8B147regFF9B7CDF553441E64D8D4F0C8C6247C7Copy Picture to Office{00020803-0000-0000-C000-000000000046}LocalServer32Global_Graph_Core{00020820-0000-0000-C000-000000000046}LocalServerGlobal_Excel_Core{00020821-0000-0000-C000-000000000046}{00020830-0000-0000-C000-000000000046}{00020832-0000-0000-C000-000000000046}{00020833-0000-0000-C000-000000000046}{00020906-0000-0000-C000-000000000046}Global_Word_Core{00021A14-0000-0000-C000-000000000046}Global_Visio_visioexe{048EB43E-2059-422F-95E0-557DA96038AF}Global_PowerPoint_Core{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}{64818D10-4F9B-11CF-86EA-00AA00B929E8}{64818D11-4F9B-11CF-86EA-00AA00B929E8}{74B78F3A-C8C8-11D1-BE11-00C04FB6FAF1}Global_Project_ClientCore{75D01070-1234-44E9-82F6-DB5B39A47C13}{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}Microsoft Office Word Macro-Enabled Template{912ABC52-36E2-4714-8E62-A8B73CA5E390}{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}{F4754C9B-64F5-4B40-8AF4-679732AC0607}
Installation Transform
Localization Transform for Microsoft Office
Microsoft Corporation
Installer,MSI,Database,Release
This Installer database contains the logic and data required to install Microsoft Office.
{00000000-0000-0000-0000-000000000000}1.0.0.0;{00000000-0000-0000-0000-000000000000}1.0.0.0;{00000000-0000-0000-0000-000000000000}
Lumiere
ShellUI.MST
"20181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.462","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->2048"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->2048"
"20181027114553.502","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20181027114553.512","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114553.512","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateProcessInternalW","SUCCESS","1568","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114553.542","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00170000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20181027114553.542","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00170000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00170000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1568","szExeFile->HelpMe.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->1568","szExeFile->HelpMe.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetHood"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoInternetIcon"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoCommonGroups"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoControlPanel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoSetFolders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","SUCCESS","0x000000d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d2","lpValueName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da\RpcThreadPoolThrottle"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->52248"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpNewFileName->C:\AutoRun.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0130f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->3096"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->3096"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0008","lpInBuffer->0x00499aa8","nInBufferSize->0x00000046","lpOutBuffer->0x004986b0","nOutBufferSize->0x00000020","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0008","lpInBuffer->0x00499aa8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Data"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Generation"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ad48","nOutBufferSize->0x00000008","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x00499dc8","nOutBufferSize->0x00000010","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ad48","nOutBufferSize->0x00000008","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->3096"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->3096"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->145"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->145"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x00499de0","nOutBufferSize->0x00000010","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Generation"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->CurVer"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012e","hKey->0x0000013a","lpSubKey->(null)"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->DontShowSuperHidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000138","lpSubKey->(null)"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ForceActiveDesktopOn"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoActiveDesktop"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoWebView"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ClassicShell"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->SeparateProcess"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->NoNetCrawling"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->NoSimpleStartMenu"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000138","lpSubKey->Advanced"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Hidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowCompColor"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->HideFileExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->DontPrettyPath"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowInfoTip"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->HideIcons"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->MapNetDrvBtn"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->WebView"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Filter"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowSuperHidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->SeparateProcess"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->NoNetCrawling"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->3096"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->3096"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->211"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->211"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->ShellEx\IconHandler"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->DocObject"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->BrowseInPlace"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->Clsid"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000146","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000146","lpSubKey->Clsid"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->IsShortcut"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012e","lpValueName->AlwaysShowExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->NeverShowExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->UseDesktopIniCache"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->Com+Enabled"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->268"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->3096"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->3096"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->REGDBVersion"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->22512"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->REGDBVersion"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x001f0000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x001f0000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x001f0000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x0000012e","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->TreatAs"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x0000012e","lpSubKey->(null)"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocServerX86"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocHandler32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocHandlerX86"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->AppID"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->ThreadingModel"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->TreatAs"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->3096"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->71"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->DriveMask"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->AllowFileCLSIDJunctions"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20181027114558.629","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20181027114558.629","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->268"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->3096"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\NvAXQX.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\NvAXQX.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Documents"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\NvAXQX.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->12288"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\NvAXQX.dll"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\NvAXQX.dll.exe","lpNewFileName->C:\cuckoo\dll\NvAXQX.dll"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\UTIRDA.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\UTIRDA.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\UTIRDA.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->3096"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\UTIRDA.dll"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\UTIRDA.dll.exe","lpNewFileName->C:\cuckoo\dll\UTIRDA.dll"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x000001ec","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Generation"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x00000138","lpSubKey->FileExts"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c8","lpSubKey->."
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c8","lpSubKey->."
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->71"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20181027114558.830","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000020a","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20181027114558.830","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000020a","lpValueName->(null)"
"20181027114558.890","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.890","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->ChkAccDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->ProductType"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->0x000001fc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Personal"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Local Settings"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->RsopDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->RsopLogging"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20181027114558.820","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->3096"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->71"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\1360.csv","dwDesiredAccess->GENERIC_READ"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\1360.csv","dwDesiredAccess->GENERIC_READ"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\1360.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000214","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000214","lpValueName->ProductType"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000214","lpValueName->SrvsvcDefaultShareInfo"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000210","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000214","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
1360.csv
# Ignore everything in this directory
# Except this file
!.gitignore
.gitignore
"20181031035458.140","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.140","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->8494"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->8494"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","CreateProcessInternalW","SUCCESS","1360","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\# Ignore everything in this directory
# Except this file
!.gitignore
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1360","szExeFile->HelpMe.exe"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->1360","szExeFile->HelpMe.exe"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->Startup"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoNetHood"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoPropertiesMyComputer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoInternetIcon"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoCommonGroups"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoControlPanel"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoSetFolders"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","SUCCESS","0x000000e6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e6","lpValueName->(null)"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->50061"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpNewFileName->C:\AutoRun.exe"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->268"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemSetupInProgress"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->seed"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->OsLoaderPath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->OsLoaderPath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemPartition"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemPartition"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackSourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackSourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DriverCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DriverCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DevicePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","synchronization","CreateMutexW","SUCCESS","0x000000f4","lpName->(null)"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","synchronization","CreateMutexW","SUCCESS","0x000000fc","lpName->(null)"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->LogLevel"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->LogLevel"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->LogPath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000100","lpSubKey->AppLogLevels"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000100","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->268"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000100","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToRead->9101"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->9101"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->268"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->268"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","SUCCESS","0x00000108","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e\RpcThreadPoolThrottle"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->9101"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->9101"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->145"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->145"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->268"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x0000013c","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20181031035503.207","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->9101"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->9101"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->211"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->211"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","FAILURE","","hDevice->0x00000130","dwIoControlCode->0x006d0008","lpInBuffer->0x0049ba28","nInBufferSize->0x00000046","lpOutBuffer->0x0049b820","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x006d0008","lpInBuffer->0x0049ba28","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000130","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Data"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x00000134","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Generation"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","FAILURE","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c978","nInBufferSize->0x00000208","lpOutBuffer->0x0049a0f8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c978","nInBufferSize->0x00000208","lpOutBuffer->0x0049cb98","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","FAILURE","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c978","nInBufferSize->0x00000208","lpOutBuffer->0x0049a0f8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c978","nInBufferSize->0x00000208","lpOutBuffer->0x0049cbb0","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExW","SUCCESS","","hKey->0x00000130","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000130","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Generation"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000136","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000136","lpSubKey->CurVer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000132","hKey->0x00000136","lpSubKey->(null)"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->DontShowSuperHidden"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000134","lpSubKey->(null)"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShellState"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShellState"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->ForceActiveDesktopOn"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->NoActiveDesktop"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->NoWebView"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->ClassicShell"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->SeparateProcess"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->NoNetCrawling"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->NoSimpleStartMenu"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000134","lpSubKey->Advanced"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Hidden"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShowCompColor"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->HideFileExt"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->DontPrettyPath"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShowInfoTip"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->HideIcons"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->MapNetDrvBtn"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->WebView"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Filter"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShowSuperHidden"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->SeparateProcess"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->NoNetCrawling"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->ShellEx\IconHandler"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->DocObject"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->BrowseInPlace"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->Clsid"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000013a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->Clsid"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->IsShortcut"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000132","lpValueName->AlwaysShowExt"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->NeverShowExt"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->UseDesktopIniCache"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->268"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->9101"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->9101"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->Com+Enabled"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181031035503.228","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->268"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000150","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000015c","lpValueName->Com+Enabled"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000168","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000198","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->REGDBVersion"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->9101"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->9101"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->71"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->71"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->268"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->268"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000150","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->268"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000150","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->22512"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->REGDBVersion"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->9101"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->9101"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->12288"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->12288"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x00000162","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->TreatAs"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000152","hKey->0x00000162","lpSubKey->(null)"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x00000152","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->0x000001d2","lpSubKey->InprocServer32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000001da","lpValueName->InprocServer32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->InprocServerX86"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->LocalServer32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->0x000001d2","lpSubKey->InprocServer32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001da","lpValueName->(null)"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->InprocHandler32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->InprocHandlerX86"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->LocalServer32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->LocalServer"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->0x00000152","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000001da","lpValueName->AppID"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x00000152","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x00000152","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->0x000001d2","lpSubKey->InprocServer32"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001da","lpValueName->ThreadingModel"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d2","lpSubKey->TreatAs"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->0x000001d8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Generation"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001de","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001da","lpValueName->DriveMask"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000001dc","lpValueName->AllowFileCLSIDJunctions"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000001dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Personal"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000001dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20181031035503.248","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fb
$I1NILK1.log
"20181218115621.434","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.434","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.434","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.434","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181218115621.434","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181218115621.434","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181218115621.434","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181218115621.434","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00990000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.444","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x008f0000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181218115621.444","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.444","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.444","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.444","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.444","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.444","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.454","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181218115621.454","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000009c","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.454","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->268"
"20181218115621.454","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x7c900000","lpFileName->ntdll.dll"
"20181218115621.474","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LDAP"
"20181218115621.474","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a0","lpValueName->LdapClientIntegrity"
"20181218115621.474","1336","HelpMe.exe","1176","system","LoadLibraryW","SUCCESS","0x77690000","lpFileName->NTMARTA.DLL"
"20181218115621.474","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000009c","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.474","1336","HelpMe.exe","1176","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->C:\WINDOWS\system32\HelpMe.exe","lpNewFileName->C:\WINDOWS\system32\HelpMe.exe"
"20181218115621.474","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000009c","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.474","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\WINDOWS\system32\notepad.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.474","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x000000d8","lpFileName->C:\WINDOWS\system32\notepad.exe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115621.484","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000009c","nNumberOfBytesToRead->45056"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->45056"
"20181218115621.484","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->61440"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->7680"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->7680"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->268"
"20181218115621.484","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000d8","nNumberOfBytesToWrite->268"
"20181218115621.504","1336","HelpMe.exe","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\WINDOWS\system32\notepad.exe"
"20181218115621.525","1336","HelpMe.exe","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\WINDOWS\system32\notepad.exe.exe","lpNewFileName->C:\WINDOWS\system32\notepad.exe"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ProgramFilesDir"
"20181218115621.525","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000009c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000009c","lpValueName->NoNetHood"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000009c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000009c","lpValueName->NoPropertiesMyComputer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000009c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000009c","lpValueName->NoInternetIcon"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HelpMe.exe"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000009c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000009c","lpValueName->NoCommonGroups"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000009c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000009c","lpValueName->NoControlPanel"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000009c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000009c","lpValueName->NoSetFolders"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","SUCCESS","0x0000009e","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181218115621.525","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000009e","lpValueName->(null)"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SystemSetupInProgress"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->seed"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->OsLoaderPath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->OsLoaderPath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SystemPartition"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SystemPartition"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SourcePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SourcePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackSourcePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackSourcePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackCachePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackCachePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->DriverCachePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->DriverCachePath"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181218115621.535","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->DevicePath"
"20181218115621.535","1336","HelpMe.exe","1176","synchronization","CreateMutexW","SUCCESS","0x0000009c","lpName->(null)"
"20181218115621.545","1336","HelpMe.exe","1176","synchronization","CreateMutexW","SUCCESS","0x000000ec","lpName->(null)"
"20181218115621.545","1336","HelpMe.exe","1176","synchronization","CreateMutexW","SUCCESS","0x000000f4","lpName->(null)"
"20181218115621.555","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181218115621.555","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->LogLevel"
"20181218115621.555","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->LogLevel"
"20181218115621.555","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->LogPath"
"20181218115621.555","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f8","lpSubKey->AppLogLevels"
"20181218115621.555","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181218115621.565","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20181218115621.565","1336","HelpMe.exe","1176","registry","RegOpenKeyExA","SUCCESS","0x000000f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20181218115621.565","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20181218115621.565","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181218115621.565","1336","HelpMe.exe","1176","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181218115621.565","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115621.575","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115621.605","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0012f198","nOutBufferSize->0x00000208","lpBytesReturned->0x0012f190","lpOverlapped->0x00000000"
"20181218115621.605","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181218115621.615","1336","HelpMe.exe","1176","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0008","lpInBuffer->0x00156568","nInBufferSize->0x00000046","lpOutBuffer->0x00154b20","nOutBufferSize->0x00000020","lpBytesReturned->0x0012f190","lpOverlapped->0x00000000"
"20181218115621.615","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0008","lpInBuffer->0x00156568","nInBufferSize->0x00000046","lpOutBuffer->0x00146030","nOutBufferSize->0x000000ee","lpBytesReturned->0x0012f190","lpOverlapped->0x00000000"
"20181218115621.615","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181218115621.615","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181218115621.615","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Data"
"20181218115621.615","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181218115621.615","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181218115621.615","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Generation"
"20181218115621.615","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181218115621.615","1336","HelpMe.exe","1176","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x00157588","nInBufferSize->0x00000208","lpOutBuffer->0x001558f0","nOutBufferSize->0x00000008","lpBytesReturned->0x0012f6a0","lpOverlapped->0x00000000"
"20181218115621.615","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x00157588","nInBufferSize->0x00000208","lpOutBuffer->0x00155900","nOutBufferSize->0x00000010","lpBytesReturned->0x0012f6a0","lpOverlapped->0x00000000"
"20181218115621.615","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181218115621.615","1336","HelpMe.exe","1176","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x00157588","nInBufferSize->0x00000208","lpOutBuffer->0x001558f0","nOutBufferSize->0x00000008","lpBytesReturned->0x0012f6a0","lpOverlapped->0x00000000"
"20181218115621.615","1336","HelpMe.exe","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x00157588","nInBufferSize->0x00000208","lpOutBuffer->0x00157798","nOutBufferSize->0x00000010","lpBytesReturned->0x0012f6a0","lpOverlapped->0x00000000"
"20181218115621.625","1336","HelpMe.exe","1176","registry","RegCreateKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181218115621.625","1336","HelpMe.exe","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x00000120","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20181218115621.625","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181218115621.635","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181218115621.635","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Generation"
"20181218115621.635","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20181218115621.655","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181218115621.655","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->CurVer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000122","hKey->0x00000126","lpSubKey->(null)"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->DontShowSuperHidden"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000124","lpSubKey->(null)"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ForceActiveDesktopOn"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoActiveDesktop"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoWebView"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ClassicShell"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->SeparateProcess"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoNetCrawling"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoSimpleStartMenu"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000124","lpSubKey->Advanced"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Hidden"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowCompColor"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->HideFileExt"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->DontPrettyPath"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowInfoTip"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->HideIcons"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->MapNetDrvBtn"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->WebView"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Filter"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowSuperHidden"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->SeparateProcess"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->NoNetCrawling"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->ShellEx\IconHandler"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->DocObject"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->BrowseInPlace"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->Clsid"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000012e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->Clsid"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->IsShortcut"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000122","lpValueName->AlwaysShowExt"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->NeverShowExt"
"20181218115621.745","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.745","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\Program Files\Internet Explorer\iexplore.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\Program Files\Internet Explorer\iexplore.exe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115621.765","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->45056"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->45056"
"20181218115621.775","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->31744"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->31744"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20181218115623.407","1336","HelpMe.exe","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\Program Files\Internet Explorer\iexplore.exe"
"20181218115623.417","1336","HelpMe.exe","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\Program Files\Internet Explorer\iexplore.exe.exe","lpNewFileName->C:\Program Files\Internet Explorer\iexplore.exe"
"20181218115623.427","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115623.437","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\Program Files\Outlook Express\msimn.exe","dwDesiredAccess->GENERIC_READ"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\Program Files\Outlook Express\msimn.exe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115623.477","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->45056"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->45056"
"20181218115623.477","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->60416"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->60416"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181218115623.497","1336","HelpMe.exe","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\Program Files\Outlook Express\msimn.exe"
"20181218115623.497","1336","HelpMe.exe","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\Program Files\Outlook Express\msimn.exe.exe","lpNewFileName->C:\Program Files\Outlook Express\msimn.exe"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000120","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->Compositing"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000120","lpSubKey->Control Panel\Desktop"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->LameButtonText"
"20181218115623.507","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
1336.csv
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[product]
product_affid=739
AVScanner.ini
<?xml version="1.0" encoding="utf-8"?>
<!--_SIG=X/QsV+hhuF8Bj/XNMHCJJ2DoYXD2+ln8Qz29Z7VQ+9Tuc1zQfIJLOVF49NlUuWZSVoEBFxiKIM6iUxI+0cDd9II/9oT8q11RvIbYCtKjJlhKgd1bQHQPHsLFjMLX0vlPMi/ryWplBXwdKQaPl16tYOkOm2krUhnoQG9ZNW/kqHw=-->
<Package Id="InfoPathMUI.en-us" Type="MSI" Path="InfoPathMUI.MSI" Version="1.0" ProductCode="{90120000-0044-0409-0000-0000000FF1CE}" MSIVersion="12.0.4518.1014" Platform="x86">
	<Feature Id="XDocsSolutionAbsenceRequestIntl_1033" Cost="25052">
		<OptionRef Id="XDocsSolutionAbsenceRequest"/>
	</Feature>
	<Feature Id="XDocsSolutionSalesReportIntl_1033" Cost="22059">
		<OptionRef Id="XDocsSolutionSalesReport"/>
	</Feature>
	<Feature Id="VSTAIDEFilesIntl_1033" Cost="65003981">
		<OptionRef Id="VSTAIDEFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionExpenseReportDomIntl_1033" Cost="23364">
		<OptionRef Id="XDocsSolutionExpenseReportDom"/>
	</Feature>
	<Feature Id="XDocsSolutionTimeCardDetailedIntl_1033" Cost="27932">
		<OptionRef Id="XDocsSolutionTimeCardDetailed"/>
	</Feature>
	<Feature Id="XDocsSolutionTravelRequestIntl_1033" Cost="24253">
		<OptionRef Id="XDocsSolutionTravelRequest"/>
	</Feature>
	<Feature Id="XDocsSolutionTravelItineraryIntl_1033" Cost="23813">
		<OptionRef Id="XDocsSolutionTravelItinerary"/>
	</Feature>
	<Feature Id="XDocsSolnInvoiceMultiTaxRatesIntl_1033" Cost="24238">
		<OptionRef Id="XDocsSolutionInvoiceMultiTaxRates"/>
	</Feature>
	<Feature Id="XDocsSolutionPurchaseOrderIntl_1033" Cost="26669">
		<OptionRef Id="XDocsSolutionPurchaseOrder"/>
	</Feature>
	<Feature Id="XDocsSolnInvoiceSingleTaxRateIntl_1033" Cost="24264">
		<OptionRef Id="XDocsSolutionInvoiceSingleTaxRate"/>
	</Feature>
	<Feature Id="XDocsSolnPerformanceReviewIntl_1033" Cost="27732">
		<OptionRef Id="XDocsSolutionPerformanceReview"/>
	</Feature>
	<Feature Id="XDOCSProgrammabilityFilesIntl_1033" Cost="267046">
		<OptionRef Id="XDocsProgrammabilityFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionInvoiceRequestIntl_1033" Cost="22814">
		<OptionRef Id="XDocsSolutionInvoiceRequest"/>
	</Feature>
	<Feature Id="XDocsSampleSolutionsIntl_1033" Cost="92820">
		<OptionRef Id="XDocsSolutionSamples"/>
	</Feature>
	<Feature Id="XDocsSolutionAssetTrackingIntl_1033" Cost="28187">
		<OptionRef Id="XDocsSolutionAssetTracking"/>
	</Feature>
	<Feature Id="XDocsSolutionExpenseReportIntl_1033" Cost="23381">
		<OptionRef Id="XDocsSolutionExpenseReport"/>
	</Feature>
	<Feature Id="SetupControllerFiles" Cost="9736">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocsSolnVendorInformationIntl_1033" Cost="27452">
		<OptionRef Id="XDocsSolutionVendorInformation"/>
	</Feature>
	<Feature Id="XDocsSolutionResumeIntl_1033" Cost="26022">
		<OptionRef Id="XDocsSolutionResume"/>
	</Feature>
	<Feature Id="XDOCSFilesIntl_1033" Cost="1326808">
		<OptionRef Id="XDOCSFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionServiceRequestIntl_1033" Cost="23539">
		<OptionRef Id="XDocsSolutionServiceRequest"/>
	</Feature>
	<Feature Id="Gimme_OnDemandData" Cost="0">
		<OptionRef Id="Gimme_OnDemandData"/>
	</Feature>
	<Feature Id="XDocsSolutionChangeOrderIntl_1033" Cost="26411">
		<OptionRef Id="XDocsSolutionChangeOrder"/>
	</Feature>
	<Feature Id="MsoInstalledPackagesScopedIntl_1033" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocsSolutionProjectPlanIntl_1033" Cost="33077">
		<OptionRef Id="XDocsSolutionProjectPlan"/>
	</Feature>
	<Feature Id="XDocsSolutionApplicantRatingIntl_1033" Cost="26579">
		<OptionRef Id="XDocsSolutionApplicantRating"/>
	</Feature>
	<Feature Id="XDocsSolutionIssueTrackingDtlIntl_1033" Cost="22144">
		<OptionRef Id="XDocsSolutionIssueTrackingDtl"/>
	</Feature>
	<Feature Id="XDocsSolutionMeetingAgendaIntl_1033" Cost="37798">
		<OptionRef Id="XDocsSolutionMeetingAgenda"/>
	</Feature>
	<Feature Id="SetupXmlFiles" Cost="9736">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocsSolnIssueTrackingSimpleIntl_1033" Cost="22171">
		<OptionRef Id="XDocsSolutionIssueTrackingSimple"/>
	</Feature>
	<Feature Id="XDocsSolutionPurchaseRequestIntl_1033" Cost="26316">
		<OptionRef Id="XDocsSolutionPurchaseRequest"/>
	</Feature>
	<Feature Id="XDOCSHelpFilesIntl_1033" Cost="6881922">
		<OptionRef Id="XDOCSHelpFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionStatusReportIntl_1033" Cost="23592">
		<OptionRef Id="XDocsSolutionStatusReport"/>
	</Feature>
	<Feature Id="XDocsSolutionTimeCardSimpleIntl_1033" Cost="25731">
		<OptionRef Id="XDocsSolutionTimeCardSimple"/>
	</Feature>
</Package>
InfoPathMUI.xml
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF