Sample details: 5525e7e876350aeb7b209090577e7fb6 --

Hashes
MD5: 5525e7e876350aeb7b209090577e7fb6
SHA1: 3d79f4faf65f63ae6d882a0d5c36809a2cc5bc4d
SHA256: 7c26a023a10618f698f306a533a6944f24463c3446603ca3aa1895126fc31b01
SSDEEP: 24576:8Etl9mRda1lSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv0:PEs14W
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/borland_delphi | YRP/domain | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		/BYDUvX^W
")&6lMOG
Hw^(\QSU
W~L][WA}_vLZWDaM{PXBU
PPVPVW
G0SUyC
dpzygpi
ZbUQTvX^W
@|BX@IP~PrMVIQ0
@1ds"#12
:? qsp
W|F_[QGaTuLVIQeYgFKXGI\
VVUA>9DV
WVZAFAJGH@3R^*
'IgCJ@'xk`wcv
/bd[\T
LbW\TUFmJ`
@`TTcGVA
$#x|44'C
\UCICEW_
-<!VOWV
/bd[\T
LbW\TUFmJ`
0WVbGWAJ3
`7!ru25@M
Y\UCIBFWO
/4$* qDMUiZ
\y@ONGCyVv[XG
SwNd@N
v /.4kg
GbC>0n}
6%G^qJCU->
[`GZWG^mWtI@G_v
@$py-30$
X!' *&?;&,nso
MDXU	4
C_VDlf
D]_TGhuZ}fM@UC
\UXR^R
WZYWQUQ
XDcWoAGK
j__DNSAWey\MAZFMJVmaYZFCU
FZW^l6]]_
P@IAUZ
U XT]D
Ak6{!wb`
BlD^WWPcD0
[Q`AQB[[kNGUtAg
tr{uagk
JFYCnQ\
H+\XpSQ[VGihC
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
C^q]U_ZuA
javmvff
ZP]CC/v
$N@M047**=
VrIDQQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
Z~K@GCpE
_qPsM@UQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
Z~K@GCpE
_qPsM@UQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
Z~K@GCpE
_qPsM@UQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
Z~K@GCpE
_qPsM@UQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
Z~K@GCpE
_qPsM@UQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
Z~K@GCpE
_qPsM@UQYepWQU
\R	TPSS
\QUQEVX
VIOqya
7:'GjKNI
Dd:9&n{c+
%K@GCpE
HLyWvMDG~^MeBXMU
<1702?c@NMOg
dEN6x}s=cc
Z~E]@IP;
~pgJUwP\\
zV^IyP
]FqPF^G
T#^]\QSGZ
D@rC\AWAX
UCICDU]
/XGSTwP\\
`gzwp}`
PTD+U#H
5d{{#j0
[t[_VHZR
\PcDsJAWQxM4
^GEEQY
/]P[DT
alwvk`f
XrK@GI\	JRRUS
E]K2V4J
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
^GEEQY
/XGSTwP\\
`gzwp}`
PTD+U#H
5d{{#j0
[t[_VHZR
\PcDsJAWQxM4
^GEEQY
/]P[DT
alwvk`f
XrK@GI\	JRRUS
E]K2V4J
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
^GEEQY
/XGSTwP\\
`gzwp}`
PTD+U#H
5d{{#j0
[t[_VHZR
\PcDsJAWQxM4
^GEEQY
/]P[DT
alwvk`f
XrK@GI\	JRRUS
E]K2V4J
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
^GEEQY
/XGSTwP\\
`gzwp}`
PTD+U#H
5d{{#j0
[t[_VHZR
\PcDsJAWQxM4
^GBFWU
/]P[DT
alwvk`f
XrK@GI\	JRRUS
E]K2V4J
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
^GBFWU
/XGSTwP\\
`gzwp}`
PTD+U#H
Dbm{%|0kA
I\QO	UR
[G^mWqLFG_v	>
/]P[DT
alwvk`f
XrK@GI\	JRRUS
E]K2V4J
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
^GAB]O/&
`UP]vP\\
javmvff
A.W$HL]
JFqVTUD
Dwyq*l1}A
U~HVEWO]
KaoQKCE\]
eA[MQsG_P
qdusqq
FT@f]dA
SK@GBOC@GA
Dwyq*l1}A
LAGM^oQ^NpF
	CGTGpIC
". ~ma
/dlG]S\BvV{KGWJ`Z|VTQ
USZ	VX
EFS^@N
\dENTd
w%*)6 [_VU
]dEN	RjK?0
9IR\$J@SdXs
$_W3 c{dxwkbgLN
WUUP	^W
[^Z[ZQ	Q
VIOpIC6#
#K@Gqya
RWRPWW	
^_Z[[[ZP
NIuqya
\AtQNIl
TG"WB_
&v'`xpm`vr!Fok
D6PR\vY
F`4r%tkkD
._`UVT@a]pIC
DRTD@DMG`(
sC\QMU
abvaiqb
D[S	V?\
T>HAPfZq
et}p`ko}4,-!QtyVW]
nBPFVtPXP
fwoatec
S]J)_!A
f^d@[GVHZSV
PTQYGV^[FN
bc'p$b5
L	q.'omz|!#}o,'!)pli
YBqY@-
MBVPCN4
X]D7@DY_^CD=(
L][UK}Up@@P]gZgGMF
oC@WTvMe
5</&6* VIO
qN\tC@W
_TESDeKHG
/dlG]S\BvV{KGWJ`ZyA\AG
WiI[tKb
q3*/  *QXG]Z
~K@GJgG*x}
}`mamn7
(/-dpuZ
\@cDPsGU
AmWBdqhxT[STJluQW_R\jQGXWEifIDPC\@qIA
QRQ]PQ
WZ^W@J
G5D[BV$
]UCJ@2laogb`
bUWaDWJ[zC
*u^KVI
UDcO_EPlMOT
GVq^V	
V}ZP@RA
j0!uwe`@N
blszuja
o:Jicq`u:^BW
sRPWA@
[#'/rk,!i`sr&BM
&#,$kko}fa|fg
/xGUYBMB@
aW^{EK]~P[iZf
qya''ja@NGSK
Xys}?f/w y.m|rqzz} FNC[I6
TySJO\b_
KGpoXPG]QCD
5/*>JQyoO
zB\QMWu[UQb
fwoatec
JFYC~Y\
_r\m[M
^mIBQg['J
]cOAT@F
kg< 5 0+ <ch
aerzujc
`f&''2d
N\dX_P|CAGKW09]%#=5(~_P2
!2QEP61
'=&7q>< vH(/8
H@]P[P
VPUWSW
UXR[SP
TQSRPV
r^M4'&06
qe;subf
%!c_\S
P}Y]UK
UQDUvY\Qu/&
aerzujc
O[ 	o%+{uqw
uv} 6+"hk #r
DENTEIGVIOFN
kes%wbeF
W]FNCYw
DdfGAIBMUT
aWXPsG_R
qdusqq
FT@f]aV
DXZUG[_V
5gru!`2
JvCuCZAW
CQSYQyx[
IW]y\MpVd
jcxzefg
./pjg|
%s}i)r"y/
E\9/_QD\
WD=%-,
~hGSFR
TY]\C@CMW^
gKRTsK@G
gwoa!1j
}WqKFV@1
R@<:CTRP
\VP\QXPH
uyy|3`t
]p(};m}|qs
l(%!)~w @
O_jMJVFRGW~aK
jezs|a`
0m!qt`a
K\)rgu}}|vsnso'*$,=<QXG
kW?*dxu
:0PCQMJV4	%)G 4
Z{[^RPPcDsODQQxM6
XVO\SR
4W^CV'
MD$ pnypt
f@QVId
". ~moELKAW
`[](UBSU^E
QYeu@YE\
^	S^Q	TV
N[XEUSUvbIPWQE\
\R	TPSS
\QUQEVX
1 2'GjKNIuJjK?0n}u+c
_|MONG
zL*N9I\
VVUA>9DV
VpPQW@@HZ%$y|7+umdv#&
SG_UF[_VT[
`3'vvkc
VXUUJIJFV_
mARTVIdXZUc
77zq'16A
A XT](X
mp}|uz"J18d
I@RErV
tp|g~k%6> 2=QyoO
nBPD\tZ^\
`evaiqb
PYXG_[
\_@NG AV
PuQ\U1
7f"r#bk
l"),'pe
kW+ lip
 /:zly,u
^wG^P\FzHqIAG_v^dUUF
QRQ]PQ
BJAFV^GH@-XX
MD14zaiqb
UCICVION\d>
_xEY@IP+
RQ[PSR
_-BT]yWJv
j0!uwe`@N
DR-8<*+)"amn
B_C_VE8{ma
OPUCvV{IMW@fVfPOW
WFNCE\
EFDJ@N
\PUtP_@WgTuDEN6&:016>
cesst`0
	+LSUU
lxg@WB~_r@D\Ag]nF\ZV
WFNCD@
qya%,?6QUQD
JFbUQTdEN	RjK?0
on`oc<
\wAXLVBzDn[ESC`M~G
RZVQPV
C57"zg
iI[zL!? 
6 *amn
+_VDGQC
@hxmTrHMUJdVeA[MQ
^m\G_xPKgTuDEN6&:016>
QTvY\T
digu}$	*-)rsq;xy~u
^QPEhw
H@]P[P
VPUWSW
UXR[SP
TQSRPV
7KXGANeDV
U[ 4q]VENQKUeq_SJGP]
aPSFjK
EEQ'':aiq
GKmRIL##
Zcessub7
~E]RUCy^`UV
[)/hgi}{wqnRGcqxxwu
^CaLV~KJ
qCDEAQFGpo
`7!ru25@M
WYCDBHGO
6#:.VIQ
pwl{zamnn{qwjel!@
5l {&k1
wWA@TAzT`UV
RhdiWItAg
afqzqf}
{-!llt
s'~n{%p)x(t
>r|2/&C4(
TZ^\GL]GUX
fDY@GjK
@10 pv57
EULXTP
B\WPAG@@
aRRm\G_}UMgTuFN
a7!&&``DH
]p(};m}|qs
l(%!)~w @
O_jMJVFRGW~oN
b\Q]tZ^\
`evaiqb
F`4r%tkkD
*R@H\~ysj=.~s *=,xadk
@g	3GZLU
\zVKwKdGH@2bz&'ea
X!' *&?;&,nso
MDXU	4
C_VDlr+u
/dlG]S\BvV{KGWJ`Z|VQQ
USZ	VX
rGUgId
w%*)6 [_VU
ncac`}%
\@cES.
[^[Q	P
P	CJ@P
y/}{sn!
g_Dy}C@Umz\XCJW@nzxfgw
STQR\FNC
fA\FGjK
EEQ'':aiq
GKmRIL##
Zcessub6A
~E]RUC-V`UV
zL!? taz~wu|}@Kazy
	fMJVFWBQ~aK
`7!ru25@M
WYCDBHF
$vCp64'n{eb
!(JyUH
N\tPZEQlMO
`'%!!eV
QFNCS[\PTPSPQQWTTUZQ	D
acp!'bcCJ@C
ZVY\UCH
'*7 ~m
UBu[UQ{O^R
mayzfcu7>kW
EuVA[AV
us}'0xs>4' }
VP^VA@GAK^
~GPRv]NI
H@jg!! 0`
|D^PWA|
dWWWO\
XQ[C4(
_V_VFL
cK^VDW\uN@M
N@66pp#7f
QT@A{w
I@EHsK
K\)\N\oT
/BYEPrY\U
SQDY__1
]RUB~VrIVIQ2
\UXR^R
\VX]PU
	,N@M1 
FjK?0aog
XvK@GYV
J`B_SUBAqf
_}EY@IP<
^@p]TKUJA
JFS_y\\	QPB
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
~GPRv]NI
H@jg!! 0`
|D^PWA|
dWWWO\
URRC4(
TZ^\GL]GRX
cSQPdEN
17& v`5F
_}G_QV
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
~GPRv]NI
H@jg!! 0`
|D^PWA|
dWWWO\
URRC4(
TZ^\GL]GRX
cSQPdEN
17& v`5F
_}G_QV
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
~GPRv]NI
H@jg!! 0`
|D^PWA|
dWWWO\
URRC4(
TZ^\GL]GRX
cSQPdEN
17& v`5F
_}G_QV
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
~GPRv]NI
H@jg!! 0`
|D^PWA|
dWWWO\
S^ZC4(
TZ^\GL]GRX
cSQPdEN
17& v`5F
_}G_QV
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
SPZC4(
TZ^\GL]GRX
cSQPdEN
17& v`5F
_}G_QV
VP^VA@GAK^
{PXBUrK@GFN
a7!&&``DH
X []SI
F_PVA*
SPZC4(
TZ^\GL]GRX
fDY@GjK
@10 pv57
EULXTP
VP\\AJAMQX
vPICESv]NIuFN
a7!&&``DH
RZVQPV
WBJAFV^GH@3RX
N@be"%'2j
^~M]@hxmTrHMUJdV`VS]
	RSWQS
I@RW@Z
PAIk^pZ\V^M
K@G ,07 >q
me;succ
B_\s_T
Z^~ETRU
^p^{GUT\FfGIU
TWV@aZI
I\QO	UR
MG_pTG@@LIFKW\
NMR#0'n{c+
@}MX@IP~PrMVIQ0
@$py-30$
TM7_1AYA<
m')?q/&
@g	3GZLU
tX_WeZG
@$py-30$
)#AxJ`
Z\@~UGw[TGbC
+XS!_.,
RWRPWW	
^_Z[[[ZP
NIuqya
Y_E]S^M
UNt\CP@VVxWVK@C
sb}asp!#}
PPVPVW
DNCjwoat`f
bUQUtQNI
Bl&8!&7
5`UVG_v
^wETPV@vRwWGUFvCpTWT
\@48@PUR
qdpvwq
;BUQDUv
Bl&8!&7
d_gBYE
XDvKaolS]T
STQR\FNCSN!
eilta|q}~g'-Nhy[ADTT
qyarscg
Ae\`WRWHZTP
DXZUG[_V
bc'p$b5
eDENT@i
QXG	UhG$
aspgmfJKcNW
WxWA@TD
ef!!tc2DNC	Z
MC~5</&6
}EEVKKL
TGtUB[JGHc
qtzqbkNUu`ye|
V@IAWQ_VWQ]S
VQSVTRU[TRWTTR[@
DX_PA[_V
dEN&PIC'0
^oVFY_^CeZX\VFMQQAVlfVMPE
}QLY~4
GGM@l5]WBJ_
VpPQW@@HZ%$y|7+umdv#&
LA!'/|peandg{vi
kcNWCHJD\]
`\UQhZUS
J,^ KEVAf\a
XGAMCO
ce%qte7
$AGjK]V
VION\c3
b`wsucq
UCd_fBYDG
P]dF_VhiV
[_V68aog
6CHdK@GJjK?0n}u+c
]QxM<+
	O[D~RvIVhyv]bTXT
QXG>woa
!:VIdK@GJjK?0n}u+c
QQxM9<
HLyWvMDG~^MeBXMU
[_V68aog
6CHdK@GJjK?0n}u+c
]QxM<+
	O[D~RvIVhyv]bTXT
QXG>woa
!:VIdK@GJjK?0n}u+c
QQxM9<
HLyWvMDG~^MeBXMU
[_V68aog
6CHdK@GJjK?0n}u+c
]QxM<+
	O[Cx_u@Vhyv]bTXT
QXG>woa
!:VIdK@GJjK?0n}u+c
QQxM9<
HL~Q{NMG~^MeBXMU
QXG>woa
62FjKNI
Dd:9&n{c+
%K@GCpE
_qTtAVhyv]bTXT
QXG>woa
!:VIdK@GJjK?0n}u+c
QQxM9<
HL}Pz[yoQf_fKYMU
	G_[ !&.g
qpICFjK
#K@G~ks;ucc
*XSPWG~T`t~GAd^kUXT
cVR}RIL-
.QXG>woa
!:VIdY
,5:aqs9|o}qsy+zg
((D]D^G[VVQIm
U\^G_[
QXP+GMF
Z^~E]RT
fqwfO\G@CXV^
	P]PYR^S
JK]VFKQXG
=!^j^dB]VI
MLtLQvKao
xTU@tU
BCxRF^GBE
]_gKBV
VY\TQtyVW]
kUXVu[UQ
b`aogbe
K6]cVSV
PYXG_[
\_@NG'V_
PuQ\U1
7f"r#bk
tX_W|R^
tL1hcCkhC
_]YK@HFVIO
@IA`f%'p`k
 OFS@6
VXUUJIJFV_
c\OSdENTaY@J|P
51vp}ccD
&^>"xw#+q
ej1LTH
DNCURbGFu\^GbC
A[0C/7*#dee|687ddfG
jezs|a`
WZ@IA]}
L@LU]D
Ak7qrvaa
LCP6woa!$
G_KPIF)%
?u~ubyr=fgmfLC
OPUCvV{IMW@fVcGGGT
awoa#:?G_[QXG
dEN7H_T>Y\U
1aaog=
WA@G^m
^j_*UQT
!(L|E\[UK
_pJF\GaAaTTF
qya%,?6QUQD
". ~ma
Ae\e@ZG
PBjVJ_PIFpUSQQ_
Z%||'0, la#%q
ef!!tc2DNC
Y\UCIB
UBu[UQ{O^\
mUEWICM8
t *'3~z:0ssr
W\NIQHEDQO
`mss#ab
OhgM@I
oYKFFSUuYB\ZsZ
eewaiq7@
[*S^F~
DNCURmFUAPAQ
\U@ICDU]
ewoa#?
N@MAMV
Y[C,_bUQT
WVQRR]
SQXDNC
A_@IP#
-Bi1%',ibM
@48@PUR
wrppaq
AgTuLbW+#,>
[XGQxM:.
\IcLPxW@
zA\WVmQ
T]CJ@6KKXGwZYW
!0$*6'![
f[I=Hg
b7waiq=lYOR
\IcLPxW@
DNCkGMFwZYW
!0$*6'![
f[I=Hg
b0{aiq=lYOR
U@jGQy\M
puekh~J
UDNC]@
@adpqw``GH@C
HP}TMqHu/&
aerzujc
4WPR"Z
k3z }0k@
/LONGC|Sp[XG
fQWsxoPKfPUE\uAe
[1WCEW@
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
phmmBU_rU@uAe
5d{{#j0
[t[_VHZR
\PcDsJAWQxM 
phmmBU_rU@uAe
k3z }0k@
/LONGC|Sp[XG
RhdiWItAg
afqzqf}
]R`W@EV
WPC:3GP
QuQ\UD
e1p"t5b
#@VIQe\gWCH
LTPPDMPt(
bT^aLUKKeSUAPkKn
qdusqq
JFbAQDU []SF
Cb3r{}5jA
KmJ`HGPAvCu
phmmBU_rU@uAe
5d{{#j0
[t[_VHZR
\PcDsJAWQxM 
!(pWW~IUW{\KvJn
)\KO\U
[*S_W^WAk]R@l=
F`4r%tkkD
._`UVT@a]u^K
JWDEPt(
IUWyVK|Lb
pcenddu
aTADWA
D3GZLUv
2d%r}k5
@ZwZ^W
vDn[EVFfM{P
!(pWW~IUW{\KvJn
)\KO\U
>9GVRP
km%z&k0
T@IP~UwKVIQ&
jGjERW^z\I|Hn
javmvje
!~bzvnH
t\\\FVtPXPy
qyarscg
JFgV_aE
%y*t7`t
SSDNCURzC]FP|CAGKW-
|VF\vP^VeP@]~A^RPIQBa
w'!|a1@IA
T(PU]K
QZ\]nUZ	
N\lTDs[NIl
DM7H%AYA9
>VEE=:1&g^Y
s*axr8HQ
TPXP]JBAGA
`3'vvkc
^T}S_V
['X=TL
PEBMCV
gmfqXIawcb
u(`(u:J
VP^VA@GAK^
~GPRv]NI
H@jg!! 0`
|D^PWA|
dWWWO\
@\S\]GKO
cSW{RIL/
`3'vvkc
I@ZBeF
)TILX+
IPCAbVGDG^
TKaoQKCE\]
qAWX@PhZ]Pu
eewaiq7@
 fIQ:'&'
 +d}o*uqt
\IfX^FWwUXK
bJ^GPRYZEaM
PPVPVW
qdpvwq
 008MC~\
 *61)%
0&6,!bq
3InayueK	
17rs$51C
mcvdmk %
U\\UHm$]NHG
BP'PhkVsC
APUK_V
woau+c
WNi		~K&9
BZhqJ]T_F
JO~NZanf^UETU
U\PYST
SDNCKGKKBGGK
"7'GBi6,
'BKZG!
@1ds"#12
NCE 	m$,':EBMPI
tUCYBT
A3,!+pDI}ebxmu
	P]PYR^S
^GVZFFPU
+essucbA
-(gu}+
/uddF]GBesLBKW]FoQG]Z^[~iZAZ_FG^~1
__F"Z_\UB
0WV|BW]x
I@egup'1b
^J:2gu}
.#!GiZ;R
PETGpQ
HFl>_\TUBt
STQR\FNC
~GVpGWCXG9
\EUuHfGO
digu}+
7+hpd'ecub
DyVu[^UVGJlzGA@\ZAxVCFKCLmsHDNCP
cVU}CV
pr+.db$DNC
di7<8%<735}ac
,%1$2PI~oEA
KJl/Y^T_GB9 W^P	
\IvRFX
m	mqMOW\S^@Q
8_RVUD
@QSwSFR
[]TC:3GP
KK@NG1VT)
P]sUI#Jf
2d%r}k5
GH@	|\
z}v;=re34'/m}yqta
_GqCD&
<-'*$ ~oWB
U^DfUC
MB~8$	
'39=  <vR_qwb
U@jGQy\M
`^SV[CCSlyKOP
@m~]G]G5
CJW>ubuo4
AW^]FZFI
pTQaAG^[2
D"tzteb#
UGonbzqxWBA
c\Wv@\\xW@qMy
qyarscg
RRURUPDH
`UVzB\QMWxW@qMy
qyarscg
y}!j>r3cj}(m<m0}0
JMJVmd\\FCU
+&)?sdCNFIP
BCgTNYG
RZVQPV
tH6DNCjwoat`f
UVIi		
;WIl28&n{
|~kjnymoc}i}uadk*'
\U\EAop
\PpwBVG
_oEqBTXD\{\KvJn
geuaiqb
x-whi'f3c#
lg3j&jA
@^A`GPxV
M~{K_WZEQpa
d<9'&7 q/&
Z@bC@W
L4S]FWwKdGH@2bz&'ea
HP<8e81(o
$8+$/$;
YbfY^Fb}QnsDKB\^MdV@J]Z@otMR@MCSBhqDG
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
_^[YY]
C ;C$s
TFileFormat
TFileFormatsList
QQQQSV
TClipboardFormats
_^[YY]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
s(;~ t8
C(_^[Y]
TPatternManagerSV
_^[YY]
TObjectList
TOrderedList
TStack
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IHelpSelector$
:	HelpIntfs
IHelpSystem$
:	HelpIntfs
ICustomHelpViewer$
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
ISpecialWinHelpViewer
:	HelpIntfs
IHelpManager$
:	HelpIntfs
EHelpSystemException
THelpViewerNode
THelpManager
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TSynchroObject
TCriticalSection
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
TCommonDialog
TCommonDialog
Dialogs
HelpContext
OnClose
OnShowSV
TMessageForm
TMessageForm
Dialogs
_^[YY]
%s%s%s%s%s%s%s%s%s%s
Cancel
Ignore
NoToAll
YesToAll
Message
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TImage
TImagex
ExtCtrls
Alignd>C
Anchors
AutoSize
Center
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
IncrementalDisplay
ParentShowHintP
Picture
	PopupMenu
Proportional
ShowHint
Stretch
Transparent
Visible
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUpp
OnProgress
OnStartDock
OnStartDrag
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerU
Delphi Picture
Delphi Component
EIniFileException
TCustomIniFile
TIniFile
_^[YY]
ERegistryException
	TRegistryS
MAPI32.DLL
TConversion
TConversionFormat
comctl32.dll
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
 !"#$%
TTextLayout
tlCenter
tlBottom
StdCtrls
TCustomLabel
TCustomLabelx
StdCtrls
TLabel
TLabel
StdCtrls'
AligndKA
	Alignmentd>C
Anchors
AutoSize
BiDiMode
Caption
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
FocusControlP
ParentBiDiMode
ParentColor
ParentFont
ParentShowHint
	PopupMenu
ShowAccelChar
ShowHint
Transparent
Layout
Visible
WordWrap
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseEnter
OnMouseLeave
OnStartDock
OnStartDragP
TCustomEdit
TCustomEditP
StdCtrls
TabStop
TScrollStyle
ssNone
ssHorizontal
ssVertical
ssBoth
StdCtrls
TCustomMemo
TCustomMemo\
StdCtrls
StdCtrls8
AligndKA
	Alignmentd>C
Anchors
BevelEdges
BevelInner
	BevelKind
BevelOuter
BiDiMode<
BorderStyle
Constraints
Ctl3D$7C
DragCursor
DragKind8=C
DragMode
EnabledP
HideSelection<LC
ImeMode
ImeNamePVA
Lines<
	MaxLength
OEMConvert
ParentBiDiMode
ParentColor
ParentCtl3D
ParentFont
ParentShowHint
	PopupMenu
ReadOnly
ScrollBars
ShowHint
TabOrder
TabStop
Visible
WantReturns
WantTabs
WordWrap
OnChange
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDrag
TButtonActionLink
TButtonControl
TButtonControl
StdCtrls
TButton
TButton|
StdCtrls&
Actiond>C
Anchors
BiDiMode
Cancel
Caption
Constraints
Default$7C
DragCursor
DragKind8=C
DragMode
EnabledP
ModalResult
ParentBiDiMode
ParentFont
ParentShowHint
	PopupMenu
ShowHint
TabOrder
TabStop
Visible
WordWrap
OnClick
OnContextPopup
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDragL
TMemoStrings
TMemoStringsL
StdCtrls
GH+D$	
_^[YY]
_^[YY]
BUTTON
THintAction0)C
THintAction
StdActns
TWinHelpViewer
_^[YY]
_^[YY]
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
_^[YY]
MS_WINHELP
#32770
TModalResult
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObjecth:C
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls<=C
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
	TTabOrder
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints
Controls
	MaxHeightx>C
MaxWidthx>C
	MinHeightx>C
MinWidth
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TStartDragEvent
Sender
TObject	
DragObject
TDragObject
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls	
Width<
Height$7C
Cursor
HelpType
HelpKeyword
HelpContext
TWinControlActionLink
TImeMode
	imDisable
imClose
imOpen
imDontCare
imSAlpha
imAlpha
imHira
imSKata
imKata	imChinese
imSHanguel	imHanguel
Controls
TImeName
TBorderWidth
	TBevelCut
bvNone	bvLowered
bvRaised
bvSpace
Controls
TBevelEdge
beLeft
beRight
beBottom
Controls
TBevelEdges
TBevelKind
bkNone
bkTile
bkSoft
bkFlat
Controls
IDockManager$
Controls
TWinControl
TWinControl`NC
Controls
TGraphicControl
TGraphicControl<RC
Controls
TCustomControl
TCustomControl\SC
Controls
THintWindow
THintWindow
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
u$;~|u
tr;s@u
;CLtX3
_^[YY]
;s0t=;
Rj3Dxj
P|iw~I
\P4Dcu
]7n"pAE
ZxBJ^z
IC;sIl
VWU|w\
"vmCJi2t
+v(E:|
v(tF(.:h
y,tB(Yz
ZZZNXQ<
fYe>$f
"isSty
FF	Q.od
n	fsMDIF<$
5ZitZt3t
k&9",:au
ztyjxjj
yp<m8v
tV(kvR
P*mc_}
SVc:s"
B[-M72
*UK7=v
ty{H	P
_^FP-\
7;|O'cZ
2?j0&Et
Vdc\$;
cD`)^c<
q+VJdl
CTdH+U
+)hw'}
hxI 3W
7Onmpo-2
w)HHK]t
mntA75
?kBU=r
wX3l^;
Ffh \3
v{+9vu'
m?E1$c
Q\3{ W
v C$2[(
h$tCDj
lkDU1	
u8c][f
PDuRts`
@-H7}$
tw<a1t
{K1ocx>
CrXyN0
~'tH8x>
B".%+(-OJ
aU2E{e	
QDPbM.
0}sPC^
}HXtnMe
/Dntke
0Onnte
fV,tqF43&Q,lP2@
|cIKjT
zB_^[+
Q{[Lk'$
o_^[RV
(#:"tG(
yHXN?U
^VA$cY
6!aK~0
Y_^[Y]
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
CURRENT_USER
ThreadTimerT
ThreadLoopFile
FormCreate
	tmr1Timer
	TFrm_Main
	TFrm_Main
Un_Main
SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon
Explorer.exe  HelpMe.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
\Soft.lnk
Stone,I hate you!
:\AutoRun.exe
:\AUTORUN.INF
AutoRun.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
HelpMe.exe
\HelpMe.exe
QQQQQQQSVW3
:\HelpMe.exe
:\AUTORUN.INF
HelpMe.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
Your disk is removed!
_^[YY]
\HelpMe.exe
\notepad.exe
Internet Explorer\iexplore.exe
Outlook Express\msimn.exe
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
MS Sans Serif
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
33DDDDD3333
33333333333
333333?
333333
333333
3333f3333333?
3336Dc3333338
333>fC333333
c333333
3333333333338
3333Dc3333333
3336fC3333338
333>fC333333
333>fd333333
fC33333
3333>fd333338
fC333?3
33fd3>fC333
fDFfC338
33>ffffc338
fff3333
3333333333338
4DF334DC33
333*C33
c33*C333
33338?383
F*F333383
"$c33333
"dc3333833
CjC338
CjC338
D*C33383
C33333833?33
3333333
3334JC33333338?333
C3333333
C3333333
3333fc33333338
333333333333?
33333?
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
333DDD33333?
2C4"""D338
2$B""""C38
2""333:"C8
2""#33:DC8
333338
333333333333333
333333DDD3
:DC33:""$8
:"C333
$334B"$3
"DDB""$3
3:"""""
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33333333
HelpMe
'KillandHide
(ShlObj
System
SysInit
KWindows
UTypes
sActiveX
3Messages
CommCtrl
*ShellAPI
RegStr
?WinInet
UrlMon
FComObj
qComConst
CVariants
SysConst
$VarUtils
SysUtils
Dialogs
ExtCtrls
Consts
5Themes
nComCtrls
Printers
WWinSpool
^Classes
"RTLConsts
QTypInfo
+Graphics
FlatSB
StdActns
Clipbrd
YStrUtils
&Controls
MultiMon
vMenus
Contnrs
ImgList
EActnList
dStdCtrls
WinHelpViewer
RHelpIntfs
ComStrs
ExtActns
ExtDlgs
3CommDlg
Buttons
8Registry
IniFiles
CUxTheme
SyncObjs
RichEdit
ToolWin
ListActns
AAccCtrl
AclAPI
TlHelp32
Un_Main
TPF0	TFrm_Main
Frm_Main
AlphaBlend	
AlphaBlendValue
BorderIcons
BorderStyle
bsNone
ClientHeight
ClientWidth
	clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
	Font.Name
MS Sans Serif
Font.Style
OldCreateOrder
Position
poScreenCenter
OnCreate
FormCreate
PixelsPerInch
TextHeight
Height
TabOrder
TTimer
Interval
OnTimer
	tmr1Timer
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Times New Roman
"Arial
Apple LaserWriter II NTX
PSCRIPT
Apple LaserWriter II NTX
powerpnt.ppt
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 585 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/umask.al)"
sub umask {
    usage "umask(mask)" if @_ != 1;
    CORE::umask($_[0]);
# end of POSIX::umask
umask.al
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
Sub main
Plus()
Minus()
End Sub
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033510.616","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->27501"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->27501"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","CreateProcessInternalW","SUCCESS","1072","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Command=AutoRun.exe
shellexecute=AutoRun.exe
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190105033510.677","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->1072","szExeFile->HelpMe.exe"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->1072","szExeFile->HelpMe.exe"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoInternetIcon"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoCommonGroups"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoControlPanel"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoSetFolders"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ba","lpValueName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemSetupInProgress"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->seed"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DevicePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","CreateMutexW","SUCCESS","0x000000d8","lpName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->LogPath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e4","lpSubKey->AppLogLevels"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1\RpcThreadPoolThrottle"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65046"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpNewFileName->C:\AutoRun.exe"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->268"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->268"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WrY
g3z&u05
V^[LbW?
6,8u^K2$drccq
x~ujly~vozkycojx}q
O\cZUE@
]?|PSGWF
Z^n6X	
WP\\CKCAQZ
dUVFjK]Q
qcvr}ck
GTRGE@F[
aQSm\GVsV
ffrt 5kA
NN]*($<jvlf0p~f9b6!j
9aYP!0-7
6!QEMLpr
HMl=H@\_BTBA/&
\~DTR\B}VwMCPDzYgEKXG
dmk*<> QUQVIOJgG+H_T>Y\U
06aog?#tMNWIl	+
DUB^UExSMB
cDW_RTK
_rKDPGcZeKWT
ARSTWG
zGUgIt
jc/%976[_VGA
,5:nca
vdfq1gpo
HPBgQFCKbd~aXTU\r_X@RG\S\B_@M~mRA_]WCXKWV@?
WP\\CKCAQZ
dUVFjK]Q
qcvr}ck
GTRGE@F[
aQSm\GVsV
srx{04}A
zx!hl-.t"/=. &}|wq@
sVON	k_
EUMPTit_A^M
*?:AEGQpg
[zBXUKD
Q`UVTGlM{P_AT
AMGgP^{
Adms'tq
6/0p~g
VDGQBTm}KOP
YhSCG]_LQZM^YRPUBlpHC_ZCP\
QXSVZTWS
RQUPTR
ODR_U\EJC
`DKXG4
QXP*woa
64sYGPUt	*
vqy|db&
DUCd_g
RFgUXEGCkOW
w_r_X]\]rCZ[FG
XSJ@EGU
cTVRdEN
GKK !1:g
qpIEm\G
vqy|dcu
!(NBcD[{TI
`|sebodqhoEAC\G[DX~oQ]
>!EGATY
BP_[df
=*W_\W
KYTUCK1GU^
f*Pd~GtY]\
aevwrfd
DRAfZg
_rUL}M5
wsz(da$C
AANA	.PL
*~uk9{*'y
i.v{x-
YIeWNi
Vpu:;',2 
aYPPIL
DQ^$`_\YSXTC~iZ
PBl`KDTJdVbWQQ
VTRUUW
FcGKmAPW}GUg
>NIQ*&7&(q
OAqya+
<>7hpd'ecub
BXBmc]^Fb}QnsDKBT^AfVAFXZ@jd[NEAXVGhgTRTWA
VRZSYW
c7aogbb
bUWaDTB[zC
_EgTBCQzCAG
z[aCLLJ\
AO@UTT
jcps'q
bTW,RIL%+
*u^KVI
jFO{m|~zq}oxqp{|
>/YVA^D
L?fP^QWB
k'@C@V
JVDA:2
S^BSCNQXG\
{P_AT~YTW
JCg7{&v1j
PF)_'I
GbVnDZD
BT^YBDGI
cPIyDQLgGHvLc
kmp ta2@N
zx!hl"4e1&,7>0fpk
FC^GmxPUPCQ	
,):0KIQ~iZ
Zy@ZLSBxDn[EQKvCuD\E]
g\S3@U@
Fwcendg|
". ~mlCqU
v_\TUCC
^@wP\\~S]P
j`~ri~]GYP\A
pp~&b~qmgu%!BNE#$zpb*"l1e-m&
AQSK_VJA
-@P]zR
fmv!r7f
z-r<;{
w0d}c;cmcv
^G086$fpYvU(U@#
Z\V~X)
qw-j..6
pcY(/8
#J|P<21&6 
t/ 8#lzHI
XG{RYpY[GbC\Q
}j}%Ov#lG>h
zE\Z)PIw
`c t}c7
aog?#qY@{
cIBE]Opq	
NhDC_U
lsEA[e@Y
UC|G_KDPUyS[WK
%}+v0pq>krttA==
cg%t 7k
;C@W7+
	#DR6[_V68
&1&#kBrPCE
[y[[RRPcDsMLG_vYgTYT
AMGgP^{
Aqyy(dpi
A[;26-:!moc
{c,u}lsECC]LXa
9nQ-N..9
TF}UJY@UQuTVR]E
	eiltfqaspstu
qdvzsq
CICDU]F
}acadk&
K@GANc
"=#9"!6`t~GAd^kUXT
g\QsYG
0:n{c+
CNXssw|dzs=picu
C\WXCABJ
gKQ{DGBiTJqLu
kf rw21@
{/tj>-x ".<,$v}pz'
c=bviomf\BW\
kcNWCHJD\]
wEPVZSv^NIu
qyaupbk
\R|SXUI[!
9%4`zb6/
QRxZUVC
rdko}  &-Qyx[
kUVa@UAJcPY[SsLu
`awaiqk
TQ\F2TDZD:oF
JK]QK[_VSX
Q$Q	V5
Cjbvs&cd
 \hwlmyae,
gmfs)c
pea}{p!
]ExWZAGbC\V
m_nWYW
AO@UTT
`e!aiqb
 kCa<;71*?
Di		dP
>#?:>b}q4o}qsxy~u
_m:#6y{}$cUDE@
LDpESRRG
[~MDzG^
G^NPAGSF
WYCDBI
_oEcETKIgQYEVvMf
eaaogb`
RQNIQOFE]]
c6stwaf
HGRJUTQ
LXr^XYBoML
XRzCTMV-P_
O\cL@ER
EPD\W[@:n
VWUVVK
"|x3k 
BTU]QXP
cc'suck
y^rEVV
\*/}{sn!
cER{UI
lg]W\VOK~oW
^@wMCPD|SDBPBGU
A07 " ff
clsqufg
_fITXW]
MEZ\ _SW
_xYtWJD
bUWaEQD[zC
WJD6'n}u+c
XiI[CqE
rEVVUB7]XI
R@.Q\EU~Q
VxxLWT
[RcTTFTC\RSQ
IFkfu rkcF
c_VEEUPI~%"
*;6=2=
 !77LXt	
%9*HJ&
Dy}C@UmtYZB]CZRCi`GXTXU_~rAJPILBcTJCQ]V:$L
Kn,VB[D3_^\FF
8&2q92
C@fTT@
7dp"$d0ANACI
F]RzC]@\xCAG_[4
aerzujc
^	STUW
BPWZ@ACL
fGKsDVFMtMNM]v
M@1evptd6D
3TYLQ,T]WK	6
ZqCWCV\fCXJPhmKADC@
`UReBPEW`Q[WIgIc
qcvr}ck
AQSK_VJA
-@P]zR
fmv!r7f
z-r<;t|u"{g}%rjelt
YL*MJV%
1Vpu:;',2 
^DfUBB[WLpq
3Biwinzekbw~akbfr|
N\qDVsGU
f^^DOSJ
_@AnvE
@fVPXGCP~orrmaYNYO
GjcQFBH
bPWbFPCLxWZAGiZf
qya{}`0
]xTNHX
N_6PGO]
[[S3VLXF<(
BPS^FC\O
~GV{HGBiSLt@g
54w!}6`@
jUQ5CTEK`XZ
cdzstcf
]b\BCQV
fV^GPu
G74wvu02
]AaWNYG<
GcAGKuIn
fepppbf
[(TKL\*{pjn{*%y/ntqvp|,rF
^C7DQ*
BTKQ>xYQ
^Gj4^VT
FQpaDGKSLXt
NxGSDT
d`tmscd
l._B\Fe_
wgd0knwetd
@UVPCEBL
CRF[zC]FQqZ{
`6rq$11
[[S3VLXF<(
TPB^VR
sGZKRQqMoMXACW\
  }.m7v@
@-V ZZ
dYNYG+19`YD501
ED&ADJG
[^tICG_pT@MPBGR
@UB.ORG\
TW{PAp
af'rv22
+|}i;}moc}jtwadk* TEA	R
0oEA!:0,#'
uELFCU
UNyVs]^AFXYtARU
VK	TAS
UIyFD WJDTC
cesstcq
HnUNYG"
_[_VQDMBK
QXG.PIC7
>>NIuqya
n}^L^M`]Y[@zTYOQUE
UC|G_KDPUyS[WK
#l1a+{g5|d
G7mpu&dk
+CAGi[^
	%FabdV@_]
vsyyaep
DfTBQAI
p]"VYAB
sJGMV	=:
:"DJG!x}s=cc
\IrKDPGePC[D^RF
TGo8GVQ
A07 " ff
y~|o}`m.$!0?8adk
M5!4"76
C_WAhgY^FCU
;7DQ_ldWVYRQwOZWvXUU
zUYDzP
NAu\F^GEF
FI@T	%
@D@rC^CSAX
phmsGUC@fP\@UvKb
ebwaiqb
a`s' 1aGHC
@IP~WuOVIQ&
G@IgX\DUpHd
f{utqq
AoQYMP,V	P
6K^AU%Y[W
70!q 72
lYOSTEyDn[
lSVeAUPt\C^ET|Hf
ur|}`|s
D\~TUPO	(ZVbR
QSSZQ\
1UVVt\\
61"wpc0C
B[@IP=
qx|`bv
"AI|Z_y
SZRQQP
c6"p#d7
geaNOqa
XRjK]VzUOI
kv7db 2+
ARV[CI
03wu|je
WYCDBH
6#:.VIQ
yruhoy
prynxou
XDqY@s]JN
GTATk(
^J_SLi0G
fe'&'a6FM
ONGC~Qt[XG
RhdiWItAq
cfpvtf}
O\x~vhh)){"}f}t{}+y!
WUB?eHSF<(
V\XRFN]BUZ
cQYFjKZP
kg{%$g1
E+_!L@
CURY@GGH
eQEcRT]
Aws(.7bp
})r=j}}p%}l, t+*,&CI
VJU8|KOP^FVPVpu
S:11aYP%
7@DY_^Bl
\A5V`GY
PU@?oFS
Te\^[1
TVUMWU
UDKAAU	GN
7l vq5jG
wu}|w_O
}zpwi{{amnn~uwjel}
FXBPde
VXW@8|Z
=2\[][
H_\RQUQEQU
aGXLU~[T
@k0p!|a2
_t[YUI[RJUTQ
@SJmYdB
~sQFU\
\SGODNc
wP\PvT
c1&!w67C
^,WA@TCxP`UV
wBGl~GtY]\g
cfpvtf}
[:dMmiye}i
u#y 6qpi1rytDM
asu4 8 QtyVW]
nB[DPr^YR
dwoatgk
PvQ^]K_
~B_PPB+
JK]VGMQXGU
UsZ]R2D
Ablsv}f1
QQU[ANA
s\UQ,T]WK	&^d
OC`3t'|0f
TGuTKK^G
W\USQUQ
	dEN2PEV6
^~D]ZG^m
HMbZbA_Vh'
DENTF@EVIODEN2
ZXvY\U
^~E\S]PcD,7
HMbZgVWF 4
JK]PJOQXG
XvY\UO
^~E]SUJmJ`
&TJSFa\aPd~G
XNIQHFMSO
Z^~E]RTC
'TJSFa\dGln
JK]PJOQXG
XvY\UO
^~E]SUJmJ`
&TJSFa\aPd~G
DENTF@EVIODEN2
^~E]SUJmJ`
Y[EaZdDKyo
JK]PJOQXG
XvY\UO
^~E]SUJmJ`
&TJSFa\aPd~G
DENTF@EVIODEN2
hG?07&
\@wXXGbC
+XS!_.
6&0=z&
JK]TDOQXG
JdEN	]{H
CDY^Wv
+XS!_.
6&0=z&
_Flh}d[\TwQTU
ktbzybbl
OASRVS
qya%,?6QUQVIOJjK/
rIDUCe_oPEV	]x_YP}WOh'
JAtRQEPTPyAOGEF
w}|}4(w=j r&
a3t&!k`
FYdENT
YlYOSQJmJ`OATKdW`]
Dd0'{ve0
ZVY\UCHB@GA
'*7 ~m
^@s][PyO[U
V_TPP^
fIQXCRRcOA
HM>6: ?ko}
   ddfG
jerspc`
)^!HMUFlZ0R
WC:iAPSP\
QCWt\\
G74wvu02
VIOF[f2
ko}pic,ddfG
XyAONGC|Rv[XGKl\4C[
AO@RU]
A5auz|e`
lMO7H_'|5
:;*m +6
w'vg~k-
'(#!R3F
 >K@Gqya
`B_RTGQefCpD]UWPcD1
DJ-HRFxP
\AxT]BWCF
HUe\K]
_YfKEUI[RJUTQ
VX\PCJ@ATX
fGMFwZXQ
kmp ta2@N
'LA\G6ZbW
R^YR]OCCGA
jGMFp\]]
k3"w'k6
C7	fSX]
_Y]UFI@GP\
fFKXGwZXQ
kmp ta2@N
'LA\G6Zg@
S][PDWEDRO
cJKXGp\]]
k3"w'k6
C7	cDPMS
WP\TCLCGVX
eTUFjK]V
w{{v0b
PFm[0PQVK	SQ
S^BSCNQXG\
~GWQwQ\]
D2a!{ `1
OC](B	[
`Yk\WW
VXUUBIFDV^
mXAMdENTvLc
kmp ta2@N
BMY[_s
VRZSYW
1woa)#
G[dK@G&'
$qED_bD_
OPUCvV{IFUF`XbEGBU
ARSTWG
TdENTb
w%*)6 [_VU
bUPUrK@GN\d:9&
]UW@zV&
SFpG_KCVPuAOGKK
]vw/'0yvlcr$"
TANAPQ
6e %qej
ZVY\UCHBLGA
@yDY@IP~UvMVIQlWa
W[@OCS
ODgczzs`c@
_pK@GKW\
CICDU\
*1`UV6&
\Av\\V}T\P
~mwe|qlgo
&UFZCR
r'y!gxql6tr%C:iAPSP\
DRt[YUFI@a0'"qfcAM
DZTG^m
[WUr]\G/&
aerzubc
RPA~Q'
Bm_g]T
ZS[SSU
WGHCg`s $`5
LJSw]XUu/&
aerzubc
XDdEN]vR
kW+ lip
ZvWA@SG~^rAF]
g7vsw5dGH
TM7_1cyv
  :PIFcOA
A[j{~=bysobtq|
!(L|E\[UK
TrL@RFcAdTVF
USUWRST
RTTAMGS\UQ
VLU"XNIu
ewoa#:?G_[C
fBQVId
TGtTBQPIF/-
qtzqbkNUu`ye|
WX[SQUQ
	dEN&PIC'0
1.!u{u
]GuUFYAVQpVMRBG
et}qfko}j}r'
NA%'~paxt:1j*e|
TMTRVG
Y[WALC
IF6F\D
Afa%z c0D
TTGQAI
;PEV6x}utgg
Xu\FXSP
PCkCaWVG
D`b aiq=mYV`YD
\AvFTBYQCCPU
qya%,?6QUQVIOJjK/
rIDUCe]gPEV	]x[TTvSOh'
e}^E[Dc\\_AcV_UEIP
PUhGKQA
v12j*sldpk
WTWTOS
CNAFP]FI@`
Dd1z pg5
wcDFw`u
XwVCXVK
WG^qXO\
ZVY\UCIGBGA
+esw|kd
^~E_RG^m
\C|CTGBVADGH
R[R[S]ST
@qyartde
YSUy_r^VV^M
lYO101
*VIQvCu
WD|^vAYEFM@a^WQ
N\mDA{CDJG
rIDUCcTLW^L
GRGvCu
HL^WHRhn
^TVU\P
Q\VPPTSR
05*&6~
lu6doc7ub
fUBCY]^dgTR
e 4vltCN
DTUCjYCU
XH`UVSFc]DM@V
CVS]QXPA
U[xTN 
c`{v'd7
RQVAMG]~\MO
AqY@zP@
TLM\r\T}HaF
dguzs5.~
ii{nwmp~gxanmc}`
GV@Wi}
FEPVXou
R@MCTEjoCW
pY3WW2
SKK{Y	AThIfG
jlzzhkc
_CcPY[R
SS]RVTFM
ODfS^jSGf
NYGtI`
q'&$, 'PU
,*	HP{
gwoa)#
C@WU6Q]U
sSGGoN	8
 /&xlcgbv3%
Z_CW~@cA@_BVVElbY]WZFFrtDFPILEeQFQEMVdv
i!g'ig]_
\VCl=AQRRXU
ePW,@R\yPI!
IF2avs&2`D
dithhuw~p7+36&'7+
1V[C!0
,0!M_MV
lgY^T^EC~oW
CY_^ltJDNCP	
FCQ8uiqqn
0GKmATY}GUg
2EEQ'':aiq
BIfQ\DT}Z{
Di6,n}u+c
\iI[ANc
[vHW\KXYQ_XF;;
XNIQHFMSO
GKs&01:
2?WIgH/
cerquq
l}_D_LrCK
pmdcywegvf
}XWF`K
vqk`w>5dENGbC
!HH:+ ar
]Gx_v_]GG^YmXVQ
sWJDTG
KVG~ks;ucc
	@rIDG_p	
azmDUCUQA@PT
m\G_zROgTuFIT:6&aiq
y_s_^EC
gu}a`c;
 %61*bj
\@cESyU[
MaIMVU
XReLsFRRG^
/V!D_VPJf
S[@OC	EzL@ @VT
[vCVnW
@U^zU[iZ;Rn[2$:
0&0PBGF
]A.TIP
FsEBfUB
VIOpIE
?DRU6Q]U
mmO~aM
/nUvUBPBTTtSPVFB
vf`pe`dgqg
d\^yCU
iI[tI`
d%,:<1 
0B}'%1+0 moc
VDGQBTn}KOP
BCZ[Lpr
_y[rFUSTG}^HQ
T@&HVIQcPMCPBG
jQEcR	
6R\G7x}s=cc
	}|kontw~ptzl}yqsg
NVGU?}^Q@ZC
hfVU_PY
QpgIA[YPIPFh|KQU
uUCYPV|^vAYFFM@
gaaogkk
T@-_`YDWPK
vqy~ejg
cE@UBxXTFILN}H[FUBkUEEG^VW
TVUMWT
Afa%z c0D
HY!81+&ayp
-0217iI[)
WNi6,n}
<5V[CB
l}YSB^A_DX~?"
,-10<&
+&,<<+
c^_DFQGUo~\RGAD]RVpuX]P[U_~{MA
BFZ^Y9#@
]VBPJi/X
9EdyV@I
EQY~RWsI`
ba{aiqe
PIEX@@F[
\@VtO2D
Ablsv}f1
ZsC_GrYXEQ
@RgUTWIlWXT
G7mpu&dk
B_C_VEmgKBF
oPn}^L^E`ZY]GF
imgqhtCND^Q
LgGHtOa
4$.%&&7[
\@cESy][
l}YSB^A_DX~;
2SKADW
XHJe|A]T_D
PTV^EV^[PIE;
=	GBi7
")"G^[
+essucb
v{=iosebcwvvsw?5
C@W	>2
f[>HP6
GQGKQB^J__Dng\ZSZ@]jrBP^G_@nG^Q_Z_d`W^Q
ja!vua5
YIpK@G<
^J!1g`naWI5
	Pt\C^ET|Hn
su~yb|s
G	G+WA8>D
GMQXGU
.YWAPE
jev{p1dF
SS@OC	EsPX
@UR]DAEW
pIE~D]LgGOpIo
~'(x7j 
	zypi;)-q$(>yts+(}#
eV_BDQ
GpoXREYQCD
9~|M?< *  
{~tlqt~uq
gblf{mx
VTLUPR
W^AFGIFI@`
g3z&u05
JW;?7 }ow
 +gTuN\q3#
{qCDV[C
.94D]B
C_VDlf[
~]eN[SX\CeuJ@Y[EPE
QWU[ZWV
pTRvFGBi
$V^[qya
WIPI.Q\EUuIe
@cER{TH
:HNxolS]T
w_sSA]APsKEZCM\
~RILzP@sZ{
^G!(:8'+g
Di		~K*
=4195-0
yK]^mi_UYQYPGkfN]BTZ
6TEcRT[rS[iZ%GKK !1:g
U^{UItJo
ii{}ow:
KncGAltA@U_@UG
GKm6$'
c_%.hg
 #  jEF
=WoAGK
j__DEQGQkx^MD^DMJVmcQLHMAFm{EJ@]
Wn1V[\S
UDnwM@
Ac\WzHP
24t &10CI
Zyii{nvldpil&:2:6&PU
2~aK%3&?:41~{KLHM
89:XLB
^DfUBBX_Lpg
Vg\RdYPC
56=iI[u
vp{/w~gJgG[
xzwa}`m/1
&1dpmLYN
YqxhiWI
cVVFGTFRizGUCXQCDEhoKBFYBBdsM@J
V\=iXYY
YRAnpH
YFGCNGJ
1T^a@]G
MCd6 !&26
YI`C@W
YL*JIN>6
LFo[wHf
cgsvqdf
.*q;g&f0kw/mh`c&b
haPWR\G
~oWCCRXVzG
jerspc`
fT_DR+
ZS[SSU
AbRUc@U
 v-u6gqD
OD\}\@
lMO7HY
KKk~ec|
gu}}|wunsoy{{*
wCN@\E`DU.
]KOKTFesZ\N
jcxxmpi
*s j=u}"x{j}"s
PIN_`	Q
	GY_MjdY
FCUBmtCP^G
8PIPqXIawcb
jggagp6c`$,6o``teGJ
AjEWsP
D9'MAD
CQEM_iiYNEA
M^G GjERW^z\I|He
d`tmsbd
-x'`m"legu-dhgapbFI@^
[EV_Bog
LHMFBkuW^P
/Lc{|dku
R\qVL\
R PBYG
C:iAPSP\
UEKdT\
sq*-f4rF
!(dsy}lbt
jgghlx{amngur y{/'@
QZNG>vE@
^W^8aM@KR\\E~iZ
IU\{PMrM`
qcendf}
-zs-fzts+yyw
	RBen_]T
U_~rDEDGBV$
/Ywqstjc
js}j<rg30'~aldd 4
U@fMW)R
FZ_@>bY\
gG^QXZWjrCN
m}oLyUH|Hn
fatvr}e
*s j=zg3kr{d<edw`
[PMeaZ^
M[QmrBDPIL
tqxuecu
-^xSAQC
SR[SXU
WfGWGI2
A'r/{1k&
/Lc{|dku
|ii{npafpillgf0t`CN@\E`DU.
]KOKTFee[_V
EdyV@I
EQY~RWsI`
wuqnyps
-x'`m-vtt|<}vqz|~!GN
FYJVPGl5KBF^FDjaYP
'NCP#3kA_pw
}ermkncap
kycojqvvA
1EWxTNHXk
WMGTJP>z
W]j3XTY
XG_~tMIZM^G
GjcQFBH
bWWzDR[|KOtOu
gmaogef
]x|wkjs170w+0>afu1C
0	RBNXDVl/KOP^BXPVpu
.:W^P7
(8NEA:00
+#NCPU
}ermkaypcvz`}yq}j
ENQG]i/^
=&@GKQ
TQpgIEUYPIPPhmKADC@
`UReBPEW`P[WIgIc
dw|}mb}
AVRXFZEM
pTTeAG^[nY_
up~)3j&
AMGYEoU
}Y4RZf
KUUYF@EL
cREcRTZsGUgNb
kg{%$g1
w]OW]S
\UX_AJ
x^F@WMNp_X[AiZ
0dq"'1c
D*'O]PU
ZbUVgAUBItMN
e`vpsq
DQ^,I@U
]@fQNYG(
I[^Z=:
PTV^EV^[DEN7
RUQ	QS
QXG?GKs'
}LSE@M`Cyb
[zC? &
^~D\RG^m
Y[~VYF}ZVMYcR
V^[pIC6#
^~E]STBmJ`
y]PUkneLA
SPZG_[
QXP.PEV7#
^~E]STBmJ`
{PDzUVIxTpD_
DXY\E[_V
E}W6':
$?&GiZu
</&hmcZ
^6E]RUB~Wr[XG
gGo\KWG
W\USQUQ
Z^~E]RTC
[zC? &
^~D\RG^m
m^^CgERhxj[TU\^
DENTF@EVIOPIE>
dEN7GKs&01:
2?WIgZ{
Dd:9&n{c+
WsIVIQ8
cG}kPSDTiBVSWCF
B[_VTX
&G^[tMN
+essucb
rIDUCe^bGMFAN`PXAUllgG
V~\DqBTC[\YI
UZ[URUW
fGPBGjK
EEQ'':aiq
GKmRIL##
Zvqy|ect
_qV:IDUCd^eDKXGANeDV
U[ 4qZU]UuAl{SZZ
TYJZTE
pICUsPZG
P62*01!*
0ONGPcD*2
^j_*UQT
aztS\D\~X]W
pXVxL\TTV
FfPEVTsPZG
P62*01!*
0ONGPcD*2
^j_/BYDU
N}\C^ETwQTU
wFXBDK
_gNMAT
S[RTVW
RQUAO@RPR
qya1 4:QXP[
*][^3UIuHg
'(@IPmJ`
/fRaESrU@
[TQQSQ
nDKXG4
QXP*woa
64m\GLgG
c-ssucc
^~E]SU
9,-:nrwbgqc}_Emf
\IcGR~QN
	hY]SG^
6TCHdXY\
q'&$, 'PU
wuk`w<
WA@G^m
N}YWP{T@
&G^[tMN
>qy|ebt
rIDUCe]aPEV	]hUUC]vC`o
yBjXVBFS@@
&G^[tMN
+essucb
rIDUCe]aPEV	]hSZMGCkOW
x\NQKCf\XBrVB
SWRTPQ
uC\MSdEN
GKK !1:g
qpIEsYG
vpxtw~gLbWONG
d_gBYEW
TR[kNGU
~PBRGdFYFrZX
~RILzP@sZ{
^G!(:8'+g
Di		~K*
,'8(,3&
thxQ[__e`V\[S\QDirVF]XPIP
Ae]W+AGBiTL|Nu
P62*01!*
@U^zTAgTuJgG*x}
}owb*u~doebuj
Ou-2hg
,3&%$<1
:& M_M
V[oPAY^Wli_^YV]RFkkNA[M^GC
S[RTVW
RQUAO@RPR
TPUtPYLSgTuPIE/2=>,pi
wyk`w>5tMNWIl	&
CCYScYUTN
/fRdQ]LUwQ_U
bFRjSB\VCRxZQaMA^P
TPR^ZT	SS
+HVX(RAu
wtpzw~gDENG_[
2>KcnMECmzECBP^GePCFGW_hrCNXP]QQpg@H_
AUWRYU
QaPM^cB
E^GBB`
q'&$, 'PU
">>NIl28&n{
=:<1|KBKN}YWP{T@
cZVGDTCPruXWPCQ^U@huEL\WD
_e`ZT\
EAnhASU
Uq[^PgFI@a0'"qfcAM
jacl4, G -![
6Uieil
@RgRXAGbCU]
MUSTCI
AV^^WFI
_GHCfPQ
Afa%z c0D
BTWQQXP
{zmpH(
{~tlqt~wc`}|rw|kbg
PKUiu\
F^TG8fZ
GPW@4PBA
mgTR]ZKSP
/lK^UB@CMU_
tGROBTqK@Gf
wuvtkc
Y@%Y[W|T]
H\q_8Y
6 K^GT9SSUCC
gTUagbc|~eo`cva
BHbA@gGH
gMJVOYA
_F\WC91Q
UVGFdv
\PJh'M@^	E
PX[G_[B@]O
vC]QLW~
1lq"|df
FFuREK^G
%NxogJg
wq||fap
CN@\EeP[
C:iAPSP\
QCWt\\
G74wvu02
pa=+! 4Z! q
2FmA%$:?xl
gbgpea7
]IcDR~UJ
bZHLEUPI~|ZWFM_M^Lo4X\
g\BFQZ
k4Z][P
ELBLUU
Acbqqpc7GN
!(PWWXJDCI
aPVz^]\
w{{v0b
Z}zwj;rf33r-7=62 g
CGpoXVKYQCD
9~|M?< *  
||pnqz~tc`}|u{jels
XEPl.YT@]F_
VhEPJL4V
C'v*/71$G
]EoWNYG<
jezswcf
[zWJ!IdCM
06! $6f
tqxueku
ditmgncawynuq{zq($
	C1LP*\N
0_QFETB
=p)zWe'PV
PIEX@@F[
fT_DR 
c`{v'd7
dKUQ\X
!(PWWXJDKI
fRRx^S_|GUgIc
dw|}mb}
)rrlo/
ts~j}%&*{+!C
QjtPUA_
MJVmrx{
kUVa@UAJcPY[]vLu
`awaiqk
vZTD!Z\]
PIEXGLPU
c]WwB]
2ltvu0c
+~q?f)
 'xitxu{y,g
]GeWNi
JW ;4-ump
)*	=u/&
aerzubc
+X]UsQY
ZSPSTQ
"x*ya4|G
01  ='CKGvCa
U@gQYEV}T\P
w[LXrCV@@[|CLP
7ASK@`R\
dmk>05,QXP[
IfQ\ETvLu
UU}U]aTJAIL
=Lkev[@
V_TPP^
[zC? &
qe;subf
SUCCyu
]Iq]T@UFG
FAfXBU
YX\fL@
KUVYFDAJ
|]TeWIPHeUXWIg@o
a4!!uf`
uL^F<(
V\XRFN]BTZ
cQYFjKZP
kg{%$g1
E+_!L@
WYYU@JFEPC
fINTGQrK@Go
Abg"!'cf
q	8pf5.r;&!M#$a
D_YTKIKF]
Acbqqpc7GN
GHC\sY
XwL[QU
mJ`HEREvCu
^GEEQY
/GMDUwP\Tg\D[cG^R\]@Gu
`awaiqk
_%XUU{YX
nr1e|$9r M "5KPM\
"Q_S-VUUI
~p`mygtg%G.$'[~~G_
b\QVv\XR
egtaiqb
]UW@zV&
U]XG_[KLV
fmv!r7f
AIQ$_W3 
,>,asp
Lx@\ZUJ}^$
K1\5K[
TJIFLP
OA16"&pfj
^_aqubj
PPFV"X_
OA16"&pfj
AdENT{X[G
%S0$&-<&0#
^{AZWR\yTu[XGB`Wu^KBP
e6t{u7b
Vt_TG 4
[y[[PRPcDsMLG_vYgTYT
AMGvG\U
e6t{u7b
cmq{#2g@
TTRQGHCZ{E
/nUvUBPBTTtSPVFB
vzg~krlfqch
d\XRuY
bbuaiq5K@GQUQ
QDUvY]Uo
6.'6!mJ`I
UCd_bTPP
]DrYNhDC_U
lteg|gd{
UDpQQEP]\r
r7/{<c|qq
TVUMWW
UDKAAU	GN
Fj6vw#j6
gasaHYq
N\tYTF
QT@OCT
5l&s&5g
BUWXCLPU
1**2CH
mcrwqcq/&
_DbC@W]vR
ARV[CI
A5auz|e`
ApIE?;
'*7 ~m
_DtMNDVzUOI
TANAPQ
Dj0s #ge
@JjK]T
BUWYBDJ[
GMF~kurqgc
]CbUNYGvY^
QGRER5
VTLUSR
\RAKFD
0`w%|6cAJ
bawsg^Y
XRzCTMV-P_
O\~Z}TC&
TVUMWW
UDKAAU	GN
7l vq5jG
~pq~w_O
\YvIk,
yX^QTP
SVVTTR
']YUAM
5b'z&fgD
OD\pPUS
dLCngbt
TVUMWW
UDKAAU	GN
Fj6vw#j6
~cDFw`u
xW`YYV
SVVTTR
']YUAM
5b'z&fgD
OD\pPUS
~cDFw`u
O\sY@XSGk2A
OASWYG
ODgczzs`c@
jerspc`
]yy$;=syrbd 5g1~vd
G7@SyV
g^FZeB
04p%r7jA
#L_JM_]W$K@G
aH9$&=2;>
"W~gcZ=:
\C`@S~KA
CXGwX[Su
P62*01!*
WaEUBHfYNYG)
Y_^Q\m
3Mg|ucpsfbwqq
\@fQ]E]lMO
PIEXFMD[
;C@W&7
6VId/-,
w~gqyaaiq;iI[
RWZAMG
AT@vWFY
]&v(r6p jf#x!
FGKKBGFM
j]T,AW
ID~"xueg}
_)|&:=/.&tyfy#vx{(rGH
_F0BZ{
q^SMAC^G:$
2LXt6'0**=
YUCluICXM^G
RKcNW~PTU
iWBV\AYnVFHKE]WLMNj
VQDQUV	
PEPT"STWAF
Z"'| 6(wjb& wD:n
V(T@uMo
7`rqv7b
NHZpxs:h{e6cgbvn`jsp
iI[aQ2
KOP<&,%1
BBU^VzG
9$=A6)>
y(gu} ?
"%,c{w_G(
YRK_J_TDiwxx
QWU[ZWV
vKSCXG4
$V^[qya
WIPI.Q\EUuIfA
,?6lMOG
+q98xj
XhP&'" 6kNUpwqu
wp~va|rjyjz`g
F`KSCVD[m
AG>:1:g
;|rrw`a
`CVSTCFyw
_XtKQrK@G
H"U]BPKFO	TM
EKCLeLIS
UWYCEBI
cessugq/&
ditmgncawynuq{zq($
	C1LP*\N
0_QFETB
P]v\TP@
Ffdqp!b`CM
\@IP~S{OVIQ&
fUEBzG\{T@uAg
gbvtke`
\p.v;f~.zvyo.qtz{{uFI@^
[EV_Bos-o
VX\PCJ@ATX
cPEVTu]XG
kf rw21@
BPS^FC\O
~GV{HGBiSLt@g
54w!}6`@
I_|~u:>
)t%u<xu%q,~&D
UIeFR)GU
bXPV[C
!(pWQU
``rvkk`
\[UGwS N
PBf\6TR
L	URVWQG8?
GT_YKFJ
fe'&'a6FM
~r|ol|-amnn|vujel#K@G
~aK0',0*5'~omo
ZlYOSVF{Dn[L]@7^e
PT@OCT
KGHCfPW,
Gc6%wsjj
^J-&gu}
6!$adk
aog?#qY@iI[Ex:
Ul}YSB
EDpIE\Ce_gURW
@pIE~ARXiI[#
;G_[ !&.g
%#&lro5qsxy~t
^[EmwxckI(/8
@PiI[Cp=&'<-
]DgE@Fo[
bVVMGSBPhtYV]EVD
^G4<077*q
cerr&q
VsALG_v
Y[eushkx
qrqywu
XGfBL}VN
q^RLUMPSi|QSJ]K	
@>{*~Q
a3t&!k`
FYdENT
M~G21n}sbg
{|gu}}{{c`}{trpyvw
GV@Wi}
1b'vta`F
CmJ`HA\EvCu
phmmBU_rU@uJg
fbmuvdq
[{)|k>uxvq/ozsq}y* @
WDVJYUD>aco
WP\TCLCGVX
jVUFjK]V
w{{v0b
PFm[0PQVK	SU
GRI_@CPU
jGKmFP_sUAw@1C
@k0p!|a2
])x#n;u,vu*f(q .}x|
qY@zTN
Q_G$.*86
cdzstcf
TJdZoG
Cl=AQRRXU
ePW,@R\yPI!
IF2avs&2`D
dithhzmoc*6!$01:: O
M5!4"76
oEAPCQ
^}FXSP\wUv[XGBg[fGMF
AUWRYU
0UZL\sKg@
qdrtsq
ZgBYDUw
-.3HLC
_~@]QVG~SlAGQQxMfA]@G
VRZSYW
QpPUSd
wrrreq
UCICDT
	+CAG~k
^~E]RR\,
HZwRWQCQ 4ew~tkyzo`utp
QXG>woa
!6CXGdEN
K@G~ks;ucc
bUDW__MQkFVYEP_WQ^l
S^A^IX\EG
FAqTKYJW\'
\~w/|e|s<brsv
LD"'| 6(wjg1(g#
k`!t!fb
U]B+W`UVTFmYpIC	HS[KO
[cPFEPUqU\]SpL
ODXFx]RAU
VY\G_[
iD\AVpK@GD@c?9, $':MBv[\GExY
O[B7VrIDUCd[u
K@GBHDBGA
Z^~E]RTC{Dn[
oGBTG`_phkF
DX]RE[_V
dEN2PEV6
^jYfF]DG 4
V_TPP^
VId:9&aiq
qJjKNI
yQaC]@U
QXG:PEV24
dEN6woa
JdEN	]xY
[yoQf_c\Q]
[TQQSQ
>VId/-,nyp
qN\gZEQ
#DRU6Q]U
rXhcyv!
 #L,<	H'
QXG>woa
!6CXGdEN
K@G~ks;ucc
]GuUFYAVQpVM]FG
et}qfko}j}r'
R[R[S]ST
@qyartde
Dn[VIQ<)>
_wE\RPB|UwHAKKa[pICU
d\XRuY
bbuaiq5K@GQUQ
QDUvY]Uo
6.'6!mJ`I
UCd_bTP
]DrYNhDC_U
SWRTPQ
Zvgbgc|zipic"KaoQKCE\]
gG]CPqGZV
S]NIQH@@QO
G5m r|cf
F[fTFPDGHc
TM3 #g~k
cdzs|ca
\Da_1UVV
C2b  '02G
FmA0000hm
gbgpea7
?u~ubyr=cpev+lxg@WB~_r@DWCa[`G^ZS
OASRVS
ewoa#:?G_[C
bUQFjK
". ~mM@GCYV[tG
Zy@ZLSAxDn[EQKvCpSTU
AMGgP^{
Adms'tq
VY]VC[_V
%#&c`}
VDGQBT>yKOP
+q[yoQf_fKYMU
QWU[ZWV
pTRhCG^[0
&:hmcZ
R@.Q\EU~P]]
&[yoQf_c\Q]
[TQQSQ
cP^yRIL-
.QXG+cen
 ,VIdK@GJgG*x}
}`mamn7
(/-dpuZ
du]PWj(/8
mXWVzkPWl|PSC_F_UGirzc
ipGNWV
PT\VTQR\QP
KXGwX[S
!0$*6'![
f[I=Hg
b7waiq=lYOR
VrIEVCvCu
zgTUn}spuo|qvxz}p
TEgWNiTJ
qcdlor1tn,
MUVTCI
zKBF65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190902054757.647","148","65180828fa4b8e3b92a9750c072250deb2eda450casn7%l7zq>|&
!'`6996K1v","1176",
g`stry","RegQueryValuM
mWb,"FDILU
P"","9f
000(330
WulueName->m
{iEumFZ
bqntaseUoCrea`e?
r1!919s205
x3&fa4b
%2N92aY
@reza450
l#Ppw6
tualAllocgJ
clsqufg
uOWt\\
JWEAGJ
/vUR#lw|-bu
An:$1<<7xlb=~doecub
/fRaESrU@
cZRCBV\ShuM^NPZ\~`MUT]]C
c7aogbb
iI[+64ONG4
,& QxMpIC
|{gTUn}spuotqqx|zr
ZDdWNiTM
MPAFYB]nz	
UDKAAU	GN
Fj6vw#j6
xwxxabg/&
rlhmcfegbvnakg~
]HcMPs
\V\Vit
P\]]CAAL
Acbqqpc7GN
GHC\sY
XwL[QU
mJ`HEREvCp
~WS\pU\VSwH
fbmuqdq
[SUR[]UP
jcps'q
HL~VvAAREvCu
5	AQUP@]_LYsRW
R[r^MEQ[V
TP P	UAJ
elzuvc1
mJ`*!&0
`@_VQDF~j
KXiZSsXTU
WQQPPRQ
ZgBXAUvY\G
QDY_^d
^6E]RUC
RQ]\SVRR
W^ZG_[
NmN?: 
=Y[B`WpIC
W{NTr]\G 4
cesrucc
/dlG]S\BvVpIAQDa]yGPDG
	RVRPGHC
]U\pYp_
qya%,?6QUQVIOJhG$
cespqq
^vWA@	
!(L{^sLV_U@c\NR
ZE~MDzG^
2]OUN_
Dt@MS@b
VYP_TS
c-ssucc
!(JtY]\
BlDYZG^mPwHLUKfW1
5l&s&5g
fITXRR
ZVY\UCI@@GA
NoM70n}u+c
PdEN	]w^:EVVUB
zC^S]PcD,0
@@u@QHSF
@N\mGTEZC\R
gPd~GtY]\
aevwrfa
DRAfZg
U]FQQ]DM
c1&!w67C
@F[k^rXXV^M
bUQ\dEN	ReL
 %% !~
G\pZ]]
y^rEVWT
VrHDUQxM>
Y|CWRQB
YzBZtAQDIPb]BG
_YUUAIF@RX
nBKXGw]TG
fd{s}akDM
TPB^VR
sGZKRQqMoMXACW\
54w!}6`@
@-V ZZ
055G^qKVGExY
_qV:IDTA2
PyD@vEDkoPaYK\
@RsMLG_pSADJ^]V
T	T	S_
DENSFHKD]_
c6stwaf
']YUN_
zCT[SA
`UVTBcYu^K
fh|KQUxVsV^FBZX
^qTNY[W
yXq][D
vC__SA
qN\mWX`
/fRpIE\CkUFEGZRQ
YAwF]@T
']YUAM
5b'z&fgD
OD\pPUS
em{aHYq
XvUC]TP
QFq_{]V
VY\UBICVION\m'
+esrw50
^~D]RG^m
YDxCR\ZUGRIF
GHCR\\
c7aogbb
<UFYSUy
<'6QxMu^K
!HH[RT
SB~Au[YV^M]wWFI
p\#LQSU
]AxCVnW
D4A]VId
VnW53&1
7]4PEV	]qDSJNlzRWT
ODR_U\EJC
`DKXG 
QUQ'0.aiq
PICVId
c-ssucc
^~E]R]
zfdvq&
CKCAQZ
z_QF`KSFYPUc
ke{q}52
v|!"r2fJ}/y
W]TG_[EATU
P$Q	V@
2ltvu0c
QDv_tJD
QxMcTVR
D]EdyV@I
EQY~WWsHg
ba{aiqe
+{rkmy
'$.m(%"||~&C
0	RBNXDVl/KOP^BXPVpa)$_G~sQFU\
s@UT@Rs^BSc
@UB'P[P~
82+|!+6giC
WG&G_KCTSwAOG
JW41<<pea
NFcPTE]|Y
[[PTA==
Fj6vw#j6
r^U\nE@
$dEN6x}upbk
\R|SXUI[!~'' `d
NAu\F^GEF
FI@T	%
@D@rC^CSAX
phmmBU_rU@uJg
fgmuucq
[{)|k>uxvq/ozsq}y* @
S][PDWE@RO
f]CHd_YT
am%"q1kG
B\W[CAFN
dUWm\G_
cmq{#2g@
H\z.!8ky
9z%z+|z#
gC[rSJ
\qCDEFVDGpo
cVWvXUU
c`wtpd}
\EzV!ICWAa_3
GT_YKFJ
fe'&'a6FM
~r|ol|-amnn|vujel#K@G
Gpa?400  q/&
VlYOTPCwVzKL
0`w%|6cAJ
^iI[KW$.6 ,8*.c`}
MDXU	4
C_VDlswy
/dlG]S\BvVpIAQDaXyD]CG
	RVRPGHC
A4QQvIS]{
qya%,?6QUQD
ncac`}%
\@cERs
xsq{sn!
g[VVzkPWlrUQJCWCiw{f{j
]Z\JO@D
cRWFjK
EEQ'':aiq
GKmRIL##
ZcessuckA
~E]RUCy
[)/hgi}{wqnRGcqxxwu
\EgBWyKO
qCDECYPI~uYPKC]A
V^\VRZTU
`e!aiqb
:16 vCuB
xrukoy{tt~q{qsjelt
@Re@SsUA
VCnqz}WGo8GVQ
IF2avs&2`D
\ P	UNX
+][XzQMuZZ(
cdzs|ca
p{}kg*.w#t:~#zz(wr
A\GaGW{
QGZQD[_VTY
uD\E]vQ^]DM
1m&p'jaC
AXq[^P
QEmVaAY
/xGUYBMB@
gQPzBKX{U[iZf
wuvtkc
z~u=:.}&%-kxq )z(rF
PI~|XTDM_M
0&<4@Vhg
c\Q]v[\P
d{uwrq
UE}TwI
T	T	S_
PIE_FEJI
])\K$A`
Acbqqpc7GN
[x(#miuvur|=omayxys
HSqCD#
ZvWA@SG~^rAF]
0`w%|6cAJ
^iI[KW$.6 ,8*.c`}
_C_VDl{,o
cDW_RTK
_rKDPGcZeKWP
d\^gFU
[zC]DRsZ{
JK?00:6'6O
cesr|0q
Fbuwtrf]FQEM
lxg@WB~_r@DWCa[`G^ZS
VIdX]Ra
5</&6* VIO
bUQTwP
 "!bic$bUWYCDJ
VrIDUCcA1	
RFpQCK
oFsSR\CJ
wpzrg{mibuch
5PEVTw^ZG
D:9&0< 'GA
cessukg
UCd_gCP
EDpIE\Cm_`UTP
GOJMS^
~GPUq_NI
^G4<077*q
ces{&q
|hj~mNKnm}pzxp~w
[Ea[T{U[
b[^V[CDPmuY[@W
Dj0s #ge
@JjK]T
BUWYCLF[
PEV6x}w|bf
NAbYNYGxT\]
`}!%v4]
ODgczzs`c@
bgssubq
N@6Q]V
cXYOoC
GMpJKpZ\G
yQTRaG
]YWmOCUO
^{UIuHg
/Ywqstjc
	C1LP*\N
0_QFETB
@`\KEZ_
~iZA]XDG^~5
		G^QfhfGFUwP\\g
gbvqke`
TRjKZP
ABRU[FD
03wu|je
Y\UCIC
jezswcf
X@gTKB@QLKd_YTvQUW
/UXUN_p\k
D[_VTY
nYTUtYZ@Y
G`7zq$jd
GHCXEv
V(V	\N
XQZZ@W
tEPEAYNmNZZR}H
54w!}6`@
\jINA|R
GTGR^M
`B\SUCCyLXG
qD@c]\Y[CXK
Y_^~P]U
Q^T|Y^U
ncnCLGCPZ
UQ^RW[Z
SyI\XxU
ewoa5!<AIQCZ
0:n{c+
]FaAF 
Ou&Cqi
'CICFTY
qxU\@`U
UHHa=:
ODR_U\EJC
K_V!,aog
6EcRGBi
>qy|ebu
rIDUCeV7GMFANaCZihs
dC\QMqA
NIQHBCSO
GKm#0-
Zcessucj
+q9=b}e5uN
svx\],
u~OcLV
TNtWC\FRQvMUPDQ
vqvg~kujc}q|
DF&q,}7z!fe3pcp
Afa%z c0D
q`B_NUCCyt
~pgJUwP\\
xPXGxR
]DyFHPSFB
JNaCXBGOV_[W
fGjERW^z\I|He
d`qmsfc
KHZ(ZEB
DXX]QUQBP\
a4ztpc0
Fy_{OGU
vCpTPS
FQWK~~PK
b\WcEPFNcSBCRuZ{
~cencgt
DPPK_VCM
pSR~HUVy]
1lq"|df
ZIjCQ{
b^QBUMP
$;?<=+~xJGAG%*
J[BZ=:
\EgBWyKO
kBRC[[qIP@PC`
GHCFPW
bWULSvH5
wp~zw~gPIEK_V
@U^{UAqZ{
\Bc@V|PK
{_AMNbQJTIP
RRU\\PW
)DSWrSJu
bbuaiq!GKKC
b]Sm\G
cess$0q
N@+ER{UI
$	Y}_^
\ltUCZM
/fRaESrU@
y[DEZQ}SEFG^
G^[gP[CGiZ%GKK55;5w~gpIEsYG
AKU=Hg
cmwaiq?RzCNYG&*
]UrEDE
R[kNGU
ODGOJMS^
`MPU{_@^C
&K_V!,aog
;)GbCOI
U@jEP{PM
~@FBXAdC_PTG^
@Sk\[\D
vDPTPS
q'&$, 'PU
'qXC45
(1  Q_
 <&f[H
~GazoW
^GVXDBPU
#G~G+.=)
&:hmcZ
dEZTKEF~f
FK}H]tQ
tWO\OP
Asu/u0b&D
/Ywqstjc
~~taot}{'-k/y&{+wwC
Y@0EUyWL
PILEgRDQEM
_oE}@TW{\IwHb
d{usrq
v|0(w:LT	S
BUWYC@D
!(pWWb\DoQ^EPqOt
fbaogbg
Y@5Q[GW{Q	
R@MCTE
GTGRE/
IZ7GKs
AKWpZZ(
vpp|lbw
_xGEy'
Afa%z c0D
HY!81+&nca
+<gTuN\q&7
&<~mqcdd/qbul}XZ
?9.DPT
GClsEC
%9<UN/#!,6
:TFQ\RQTmk_\TU_lxYTI&^lce
SVUU_RTZ
PTV^EV^[PIE;
qqyaaiq;iI[
Di		{_\
\AiQDQ
N!tQDL
T	SPRQUSS
@PIEXBCD[
"7'GBi6,
ws;ucc
::xlb=~doectkG
\AMk~~eY_]_NCns@FEPYZ`PEQEM_h}Z\NYGTJlmA]
]RGCA==
5l&s&5g
V^[N\t3	
:'&)q^(
TRzCZ@TvQUW
03wu|je
s4cytlK
xfuiosx
bu~yoecub
c^_DNQ@Uiy^VEAEZQVpuXZ\M[QjvDJB]\L0
ldZWY\D#
vGP^(UNwJb
HG$s,(4fp
@N\qDS|S[
`UVjUMfS\@QrM`
dwoatgk
fV^GP~
ZI}WGQO
muXUWAG
7"7'soILE$`B_WBP
gow^Op
U@jEP{PM
dAPD@C^GmyQA^MEZWLlo[V
YX\npH
h%i&l5	XCT\
GNFCK[
`MPPtKNPWGHy
k3"w'k6
/UXUN_\
^GV]KV^[
Cjbvs&cd
_@1WNiTH
_JF_AG
TV*AHWr\@h@g
wv{zld#_p
xyulk{ztozjzcojxz}
ZEbMRsWAK_g
KW=t^VB
CXTFig
W_\JjvH
BT^YJD@I
gRIgERPUtPXMGiZa
cmq{#2g@
V(V	\N
EPPGEAE[
f]EcRS[z]I}JoDM
1m&p'jaC
+*v?h'l1gq(m:e0#f
W^P6;7
 ! KCLl(_\YSYT
EAgkoruqjcwcjfxzc
rGXNUdAP
^D[][CFhh
AbRUc@U
 v-u6gqD
OD\}\@
lMO7HY
aerzujc
ysuam{* g1}6l0v}5
cBPyPII[&@
ZEPVX@l
DNGS	V
_dLCngbt
~~r{sn~wynsowvyq~}
QEWnxY
G_VWjc_
KOKTBksZ\N
kU^aGUGMaT[[SuOu
gmaogef
CQ_K_VDL
fe sraa
.r i<%adk|xgo7qip
#~{K(%&;&
W^PGBV>.
63%,*$?
93$&< P
/fRaESrU@
cZRCBV\SlzKOP^GWDX~a\_\_OAd%
PX[l3_[[Q\U
FPBAl9D
\BWwMgFI@t$--aguAM
FQ(PMK
@RgP[CGbC
^_aqubj
j}phgsm`j#/`=m6v0
icrosoft\Windows\CurrentVersion\Policies\Explorer"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b0","lpValueName->AllowFileCLSIDJunctions"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Personal"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->0x000001b0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Generation"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001ac","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->268"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001ac","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Common Documents"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->Generation"
"20190902054757.657","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->49688"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->49688"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->268"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->268"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Desktop"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->0x000001b0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Generation"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Common Desktop"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000001ac","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Generation"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x00000128","lpSubKey->FileExts"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b0","lpSubKey->."
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b0","lpSubKey->."
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190902054757.667","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->49688"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->49688"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->71"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->71"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190902054757.697","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->(null)"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d0","lpValueName->UserEnvDebugLevel"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d0","lpValueName->ChkAccDebugLevel"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->ProductType"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Personal"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Local Settings"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->RsopDebugLevel"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->UserEnvDebugLevel"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->RsopLogging"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->UserEnvDebugLevel"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->49688"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->49688"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->12288"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->12288"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\dll\pvMtoK.dll","dwDesiredAccess->GENERIC_READ"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\pvMtoK.dll","dwDesiredAccess->GENERIC_READ"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->ProductType"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e0","lpValueName->SrvsvcDefaultShareInfo"
"20190902054757.737","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.747","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\pvMtoK.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.757","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->49688"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->49688"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->12288"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\pvMtoK.dll"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\pvMtoK.dll.exe","lpNewFileName->C:\cuckoo\dll\pvMtoK.dll"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\XOwllb.dll","dwDesiredAccess->GENERIC_READ"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.767","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\XOwllb.dll","dwDesiredAccess->GENERIC_READ"
"20190902054757.787","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\dll\XOwllb.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.787","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->0x00000080"
"20190902054757.787","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x000001e0","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->49688"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->49688"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->12288"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\XOwllb.dll"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\XOwllb.dll.exe","lpNewFileName->C:\cuckoo\dll\XOwllb.dll"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001de","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001fa","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fa","lpValueName->DriveMask"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f8","lpValueName->Start Menu"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001f8","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->0x000001f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Generation"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.797","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->49688"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->49688"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->71"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->71"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190902054757.807","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Common Start Menu"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.817","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Generation"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f8","lpValueName->Common AppData"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001f8","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->0x000001f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Generation"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->49688"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->49688"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->71"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->71"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->AppData"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.827","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Generation"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\cuckoo\logs\1068.csv","dwDesiredAccess->GENERIC_READ"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->268"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\1068.csv","dwDesiredAccess->GENERIC_READ"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\logs\1068.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->0x00000200","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Generation"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->0x00000204","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Generation"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->My Pictures"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x00000200","lpValueName->My Pictures","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents\My Pictures","cbData->124"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->0x00000200","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Generation"
"20190902054757.837","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->49688"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->49688"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->148","szExeFile->65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->55352"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->55352"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\logs\1068.csv"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\logs\1068.csv.exe","lpNewFileName->C:\cuckoo\logs\1068.csv"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\logs\148.csv","dwDesiredAccess->GENERIC_READ"
"20190902054757.847","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20190902054757.897","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","dwDesiredAccess->GENERIC_READ"
"20190902054757.897","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\148.csv","dwDesiredAccess->GENERIC_READ"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->CompareJunctionness"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\cuckoo\logs\148.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000200","lpValueName->ProgramFilesDir (x86)"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->ProgramFilesDir"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->0x00000200","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.917","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->Generation"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->CommonPictures"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","system","LoadLibraryA","SUCCESS","0x769c0000","lpFileName->USERENV.dll"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->ProfilesDirectory"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->AllUsersProfile"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegCreateKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x00000208","lpValueName->CommonPictures","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Pictures","cbData->116"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->0x00000208","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Generation"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1068","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->49688"
"20190902054757.927","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->49688"
148.csv
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
,=7M[Q~oW
Y_^l`^	]AEG
0[yoQf_fKYMU
ODFS^PEGB
cTPgWIP
XvY\TO
[|ii{1
*17QxM;
kWDy}C@UmtYZB]CZRCi`GVVXU_~rAJPILBcTJCQ]V:$L
Kn4JRG
F67q&!2g
@LbW\SRDmJ`
lRVsxoPKfPUE\uJg
fbm{wdq
6K^AU%Y[W
70!q 72
lYOSTEyDn[
oCFUz\I|He
d`tm}ad
-x'`m"legu-dhgapbFI@^
[EV_Bog
LHMFBkuW^P
,/!6!Q
_zMONGDzWzILWK2
UP[AAB
Dj0s #ge
A[rIP :-")q
9G_\SLVhnMWl|@
}_QEXQYAD
T@hCEU
wD\XBV{
qya1 4:QXPIZ
pild'ecub
$#-("'7
'7-: *4Vpu
89:XL!
McVgJ@]VB\Bn}ZAYAgAQ\CQ
~rd{~zMZ@\]
FOoXZFU'Z{
dcaog!6EEQV^[JgG+HY
U^{UIt
")&6lMOUU
!(JyUH
N\qDVsGU
S]WRHlAl9D
\VAU(UNwJb
HG1g&'$gf
{{'{sadceslx}'6";QXP
KOP<&,%1
KBFM[Q4
fUBCY^
 >>NIuqya
AK&t=.*cx
HZpAOG
i_3$c{
=&4)Gc~Q
jUFD\ZPFkDW[RVXGU[]~mRFYX[QL[W
c6"p#d7
;[XG!1
f[Ks@u/&
aerzujc
ysuam{33f'v1l7jw3
cBPyPII[1]
UGU?,Z
	CEezCAB
LXtTCD_MB~#
9 MYL7"
apt<96. q^(
BHt^NIlPY]
!(qgsr|cj
PNl@/&
TYYQDLDZ]_
aCQYVId_YTo
k3"w'k6
/UXUN_p\k'v-s}!
PIFpRTSQ_
L""'6&;:}~g
G@IgX\LUwHb
d{uvrq
WQ\]AA
c1&!w67C
XSwX[V
~r~ypkk
 fko}?
EAgkorlbku|djadpe
eZWLGY@]:,]
_F=n^[T
GDnq@B
dYPWB@
>a|amgXZWAGPhmKADC@
`URwEPVZ]xR[iZf
wuvtkc
z~u=:.}&%-kxq )z(rF
PI~|XTDM_M
8Lpg+%/,76!~yQU
cXU\]F%M@F
YG}CT|GU
ePW2ER@KcQ
c6"p#d7
aerzujc
Dd1z pg5
j-,5:?605)2oma
," VId
6"@gG*x}
*5'UMPGpo
12DP'U+
Phx~aXTU\
v]\QQEF
PPUS@I
#tMN&0
waog?#gTKQXK
aUEMYWWAltX[
b]]AD~hMRAUGBVE
ODgczzs`c@
*][-q9
<MC~?:$0
N[;8hg
^@bLRrUK
gXSCYYAR~aKRFWQCDBifQ^\]O
lrJBY_
DVe ew:o
QGZSD[_VTY
pSTU~YTW
JCg7{&v1j
PF)_'I
GbVkSRTO
C\WPCFBL
eK_|GGBiTM}Z{
bms{wk5C
_PU\^ACB
	9ddfGe
clsqufg
ZEwQ\]|Y
\PS\ST
V^[F[f7
]DnC@WS{PUU
Gc6%wsjj
UApUCYPIF5
d}nbsyf
/yXwHT
}Q[EzK
XHcHFDPBK
D]aEYVIA
oCFUwP\\g
gbvtkee
[X]nY_
PwZZS@CO
asp#((E
Y41+(pea
cdzs|ca
\Da_1UVV
ePW,@R\yPI!
IF2avs&2`D
dithhuw~p#'8:&*6&GA
?DR6MJV$41&
:A^MQCD
lsEBBT
hsrNVt]\DTU
JK]TDOQXG
dEN7GKm#0-
_qV:IDUCd]bUCH
RFbAV{Gt'
ODgczzs`c@
_pK@G_[W
ZFaC@WTzYOI
rTVUJSL
ODgczzs`c@
_pK@G_[W
771`UV6&
||pnqucepilekmqip
T@kGZ-
SE]AZV
^?#LFUVDVB>oCW_EgYKBV
[0&#:/"
cVWvXUU
c`wtpd}
\EzV!ICWAa_3
GT_YKFJ
fe'&'a6FM
kWL\#]]H
Gbxzz|j~
_t_USKClZ=:
^{AZWR\wUu[XGB`WpICR
XC\|Nd
wrrreq
gBYDWvYNI
DQ^Z=:
^{AZWR\wUu[XGB`Wu^KBP
[SUR[]UP
1woatbd
Y\UCIADUO
Ix!' {sa
_LS_@bUP~cM\ltA@U_@UGhbFR\
rWNHGDF
RRU\\PW
qdrtsq
aEUBIg
*'G_vM{P
U@dQYAR{VCS
a][VYPSF
RRU\\PW
wrrreq
WsBUQE
*'G_v_*UQT
q{|ims`fepyzicdg~
l`[\Q_
heQ\Z_
$M@FTCD
TY]\C@CFUX
`\QGRdENT
wuvtkc
D0V4G]
EPPGEBE[
GBcPTE]w@1C
@k0p!|a2
	HMHQXG
S0!MOW>0-76s2LH
UDDUT^
WVtCyk
SVUU_RTZ
DX]RE[_V
&6!6hl
X@qxhiWI
cVVFGTFRizGUDXQCDEhoKBFYBBdsM@J
V\=|OE\
BR@nx_
?"c%k2V
JK]QK[_VSX
@jg"zrfcA
{P{@BVC6M~GPU
FUEdyV@I
EQY~RWsN`
ba{aiqe
_]RAOJB
/]P[DT
gbvtkk`
TUPB,VuKFPC0
PSRXKDJK
KK7X[@U&H`
c1&!w67C
_@4C@WT
!(pWQU
gbvtkk`
TUPB,VuKFPC0
[P\WBA
agvs!61
dEN	RmF7'&06~m
WU`K_FUV@
w%*)6 [_VGA
qLbWONG
Y[C,_gBYDTK]
OPUCvV{IFUF`XgROR
w%*)6 [_VGA
b7waiq=lYO@IP' +
cDW_RTK
_rKDPGcZ`\_BR
w%*)6 [_VGA
YlYOSQJmJ`OATKdW`]
KGHCfPW 
A5auz|e`
,"1}yq
aog?#qY@iI[Ex:
Ul}YSC
BPjtLD\M
oPneB\B
sXB\QEQ
@pICUw^ZG
P62*01!*
D0woa+
&ONGPcD*2
^j_*UQT
aztS\D\~X]W
pRF\ZWD
QE@JBV]@
uCXCSdEN
GKK !1:g
qpIEa^G	2
cer }q
Y[eushkwep_Olfodjuk
YDd@Ue]M
MW@OC^GjxX[BWAW
NA=zBGB
^CdWGC
H_ZRQUQEQU
dPP\vQ^]DM
1m&p'jaC
AXq[^P
QEmVdVQ
!(PWWXJDKI
fRRdKLbVNYGtLo
e`r{uka
]AsWVM
KBE 	)"+6'VIFMI~,#
OPUCvV{IFUF`XbEGBS
d\^yCU
iI[tI`
q3*/  *QXG]Z
bUQU$YNI
Di6,n}
{saw~p-
=30~{bZ
8zWXU[CC~N
P@U_Mf\BAYZZkpO^T[EG^~|[MLXrY\_LC
n{6"h4W	F
Dj0s #ge
@JjK]T
$vCu!<7&hme
ZEbMRsWAK_O
W]TG_[EATU
P$Q	V@
2ltvu0c
QDv_tJD
QxMcTVR
CQSYQyx[
kU^aGUGMaT[[]qOu
gmaogef
DXX]QUQBP\
Q$Q	V@
2ltvu0c
QDv_tJD
QxMfC^BG
DTS]CV
c\WzBWQAQ|PNk@c
x(unm~zs%)=
$')}{uAM
@AXKSo}
A^MB^QB~{K
9gTR?:1&7
W~G]WQEzQlOBRQxMcQYF
M`XUCVu
bbuaiq5K@GQUQ
YDUvY]
$?&GbCOI
<UC[D_AA5(
SvNAR]bY`PEVT
RRU\\PW
%FSXMSxU
ewoa#:?G_[C
mocnso)
Z\@cERz
CZYFGhsW
xG\Dg\BJY]^iqOE[AJQE~
jMZQTJC
1woatbd
ZbUWcUE5YNYG+6"ONG!
<'6QxMu^K
\BfTXBPyOUQ
oM\YWL
fSFZL_H
Y@'QCS
~hGBZCYR
/XGSTwP\\
fatvr}e
rNFWFd
GT_YKFJ
fe'&'a6FM
~r|ols7p~g
ehcqipDEN	
	9oEA!:0,#'
uELFCU
fUBCY^
$@575nbbVZMUG/
UVZ]VQ[
RUQS]ZV
V^[tEP&
KYQV	H
@RwQUJUKA
bUWaAG
stS\D\uAg
gbvtkkg
c1&!w67C
^,WA@TCxP`UV
gVR}RhdiWItAg
c`wtpd}
XsWAK_
@dGP~U
WQ\]AA
a`s' 1aGHC
@IP~WuOVIQ&
aPUm}oLyUH|Hn
su~yb|}
']YUAM
5b'z&fgD
OD\pPUS
~cDFw`u
ZEbMRsWAK_
AQ P	UAJ
elzuvc1
Dn[2$:
z{t`oz|scfqdjeaw`
NAgM@gGO
dpx{cpi
0&5aHYq
\BuM]DA^@_r^NIlPY]
irw~~{
v^^W{Q	
&^=wz~%(tHd=jA8>D
^K@GELBLUU
WEWAFgFI@t$--aguAM
r_U\xR]
mTCAGM	5
dEN	'lIU
sBlSES[^
,wYZ]`
nSDZ[V_nQQP^A^AVU[~
EX@QEBMDP
w&~r`{vo6 #vGik
UVFWsY
IF2avs&2`D
00*767cOAG_QEx.)+hly;obuqt
_wETRWBzRuLCKK`XpICU
UQ^RW[Z
ODfSX]pZ\
qDENG_[
UQDUvX
Cd_bUP
TRKcNW~PTU
FS]xUPU
vtyspea9;)$7[~~G_
sKUSDPr^YRy
qyarqkq
 fIQ:'&'
Fwu~ubx opic(RKcNW~PTU
iWBV\AWeVFHKE]WLMNj
VQDQUV	
PEPT"STWAF
Z"'| 6(wjb& wD:n
P\]]CAAL
a`s' 1aGHC
sX~OWRZXY~@M
$4AIQ x}
peao*uqt
\Iv[\PzVXR
~OWR_WMpCRQXLYW\Y
Xp!w&g}%f7u""
~s}u0ko}fc~bg
/xGUYBMB@
gQPzGKXrR[iZf
z*|nj|,sv~mxq'-+| FM
h{PZD\C
DX~fXYRM[Q.&
$~iZ6-&>0 g/&
rlhmupdqiqnfwmx
]HcMPs
\_'P[Pq
CXQ[TD
A9JC9?
^|WKpH3GN
61"wpc0C
*ii{nrbdpil&:2:6&PU
 /'=6MJV~{K
>7+:-8
6!6:0<
UVZ]VQ[
RUQS]ZV
V^[tEP&
RAfWTWIl
G_QN}KFVBTJC
FFgQXI
S][PDWEMRO
wJGMVSsXTUo
D2a!{ `1
AIQ!H_#
')7ko}
e/seilg~k+
[zBXUKK~Q`UVTGlM~GWQ
[SUR[]UP
`e!aiqb
VY\UAICVIOJgG._W<.
03)moc
Fc_VDGP
CJ`TFGYMc(/8
jck`w:
^|E]@IP#
LZ}LYVFU]ddfGAtXK
QUQETZ
56=iI[gTuJjK?0n}u+c
\~EONG
>&7$aa{pw|ylH(
\AjE[{WI
dZQZAXEGpoXWJM_MPAmoYVVW
WF7\EFY
OC`3t'|0f
AKStLc
/Ywqstjc
^ET]%Y[WAqY
Go8GVQ
`@[AU"
WGHCg`s $`5
CuSHqLg
!(qgsr|cj
}z}igqm43q,l:f1|`C
Y@0EUyWL
GjzLDAU
VzGCB^YLpg
ZvWA@SG~^rAF]
Afa%z c0D
m."qu07
G\wD]TH
.mkH[FUBm_nB[DP
@pIE`DRD[zC
.QXG>woa
62FjKNI
Di6,n}u+c
PdEN	]hQ
EU~Q]TO]eIL
mkH[FUBm_kUST
S_JMDJ
~GVrESCXG-
.QXG>woa
!:VIdY
,5:aqs9|o}qsy*zg
((D]D^G[VVQ]K\T^NCesGBGQYAaKDJ^MB~tLHNCPSGmmC]@
\RAKFD
Fj6vw#j6
rqkA_pw
NFcPTE]|Y
V\1PTAE
OC`3t'|0f
edwwuq^(
^NIlPY]
wepc}~n
TP P	UAJ
elzuvc1
Dn['00
rlhbyzvnsopwpkbg
T@kGZ-
SE]AZV
	ZjiKYUY
VXUUJIADPY
yK[CGjK]Q
qcvr}ck
FRR^]BKN
cQ_sYGDLgY\MW}
6f!zw2j
ZyPII[RJUTQ
G_fXCRUVCP
KaoQKCE\]
bPUSs^B\
R	G=iD
PIEXGLPU
c]WwB]
2ltvu0c
+~q?f)
 'xitxu{y,g
]GeWNi
~{K=1,46s
vpaW^P
^l`B_W
:W`hG@
W{IMUAdZcE\CK
G^[gP[CGiZ1K@G ,07 >q
pGMF."	
+essuca
mkH[FUBm_kUST
S_JMDJ
~GVrESCXG-
.QXG>woa
!:VIdY
,5:aqs9|o}qsy*zg
((D]FVEW^VQ]K\T^NCesGBGQYAaKDJ^MB~tLHNCPSGmkX]^TF'[
Dj0s #ge
@JjK]T
M~G21n}rbq/&
XHtMNCP
GHCXEt
VXK_VDjc@NF<
AXW!00aiq0@hCVM
VwXZG 4
[y[TPRPcDsMLG_vYbCQD]
VY\WCAQXG
iI[zL!? 
6/0p~g
VDGQBT?yKOP
{[@EQMcVgJ@]VB\Bn}ZAYAgA_WCQ
~rd{~zMZ@\]
@qyartde
@U_(Q[iZ9lYO101
UGqY@zQA
KYQV	H
HG1g&'$gf
eUFS	MC~PUS_VEM
sxoPKfPUE\uJg
fbmu|dq
]Z^Al9D
g^FZeB
04p%r7jA
#L_JM_]W$K@G
VEE=:1&k6+G
@~TArY\UlMO
LZUYBQMBC
BL-GazoW
\EuSQEKEJ
S\"\[]QTD
kcNWCHJD\]
wEPVZ\t^NIu
qyaupbk
\R|SXUI[!
WG&G_KCTSwAOG
A[4<=17$asp
$%FKcNW
clsqufg
dX`WTTI[T
CkRTT%Y[W
70!q 72
lYOSTEyDn[
oPd~GtY]\
aevwrfd
DRAfZg
C]WQAL
W|PI&H`
c1&!w67C
UCP992
EdC=1/&7q^(
LbW[WTJ
g3z&u05
;C@W2<
W@NzwNIgac
M]ZWJ)
A2f%t!j0
	~ii{9%#&25,9$.jel
@gG*x}
*5'UMPGpo
BXD$gY^T_F
!H\CVxQFGa(/8
ZAgARihs
c^_DNQ@Uiy^VEAJ]QVpuXZ\M[Q
{edsM@J
V\=N^[\
A2f%t!j0
AKStLc
/Lc{|dku
RBU~PF
	@?oFS
AbRSVsY
G74wvu02
_yCONG
blszuac
xswa9-{!y)l/xq)pyp
[Ba@R/
gSMeu\^
PCNmaEYFYA
gCPD\v[\P
d{tsrq
UE}TwI
P	A8>D
JGKKEACA
agvs!61
JK	TAS
V	TTSD
fbmtudq
BxTpLD
^GQ\BLBA
dgqvu76@
]AdC@gG
9uEL7:40
&P^GLXt
@\_BUC:6QIPN
vb]P[DT
gTupIC7
ZXvY\U
G~^M`UP]
\PS\ST
Z\@fQ\D
-CAGCp9
EEQECN
qe;succ
x3uio|
r"t}ac-
<#'G^m
KJAPFQlodiP]C^_Deg[^Q[@F
`mntW^PTZLtIPE\^VlO[V
A5auz|e`
JApIE?;
^GtMNDQvCAG
cK_Hv]
Dj0s #ge
@JjK]T
$vCp64'n{gj
qyr{sn~wynsowvyq~}
QEWnxY
DDw7iw
bSKJ_\^>UEL]^PYL
/lK^UB@CMU_
`G^ZRv^NI
kwoasfb
","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->UserEnvDebugLevel"
"20190902054757.707","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00(r81R
ValueName->RsopLogging"
/2019090r054757.707","148","<518
50c(522?2de
yb54f9
",j1076",":eo
3uwx",
%f_pdn
"2019090
.407"("14
5180828&a4b8e3b92a9750c072250deb2eda450ca3f
ACXQPMOR
^XIgESS","0
nlogon"
"201909`w05x607
x","148",
31228R`4b
d3b92a
m50c 722e1deb2udq450aa3c7e9c54f<e1cf4699V00b&,"w
46!,bsegystby","BegAueryVa|ueExW","FAIP|PE
,"",2kK
x->0x000001c4","lpVaLve
mTsyrEnvDebugLevel"
"201909020u
55w.707","148",r75=:0828fa4b8e3b92a9750c072250J
ba3v7d9W44f=e0cf4699630b",
ry"|#Re
OpeVJeyExW","FAILU
FMV	Key
AL_SCCHINE","lpSub
]Poly`ieq\Mi
posoft\Windows
Nbi"2.
517","148","65q80z28fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190902054757.717","148","65180828fa4b8e3b92a9750c072250deb2eda450ca3f7d9c54f9e0cf4699630b","1176","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190902054757.717
vA@A450
50c0IU
pc5^cn
;0c2e1
@Ibce"
4I}#~u
A#K922
*>0x0Db
%0ro:"!o!62C4fy
be}"+%PunsbGnkb%+%TRDDBTT%+ %+%oAnkb*97
777776d?%+%iIrjebuHeE~sbtShPunsb*915337%
%576>7>75723020)060%+%63?%+%126?7?5?af3e?`4e>5f>027d705527cbe5bcf327df4a0c>d23a>b7da31>>147e%+%6601%+%ankbt~tsbj%+%UbfcAnkb%+%TRDDBTT%+%%+%oAnkb*97
777776d3%+%iIrjebuHaE
lFilex
tl"fq#
"2Z2Q,m1"e
%0coio
4X$d1!
q^`Pegc)e
hebXN3
1C-ZdX
}Fy=x"<"WQGGAWW#(&&(&lBmha):4|424445g0&(&jJqifavKbF}pawPkVae`):5
*9 5-5$
/7>c*72'>1$
)a)763`341163gfa1fgb763`b0e4g:`67e:f1af46
!@A^4`
fBy+;.
50c1C'
0de`Fb
~*,"6=>
750#D9
6g`cR07
c@)	5e
uA$13e\86
+*,"Ur
d2}w:,k<3zm
(Fumfe
z%bw]`!cffj
uj92!9C/
i&Read
-"nNL9F}
0010Em
*,"o;r
/arofB
w10912DN
140"X8
"113B:
o("Vip
-32pro
p0","S
4e`x62k
(Aj,"SW7k
28fa@sQ
f*fau)W@n
6?f>j?c<
1s!	,2Veu}ZNr_^iydLXT
;kr.dn
x6250fAc0
1Kje2K
'TrogpArq
?g]Q&&('
2,"147
8A-V/+
28fc@d1(7
a&1174
,leSys{
(edfil
(vOfB{
u4828d
(`a452
`:Cz\6
$kg%!xVGGNE
a&RegM
f%f1e_2350
,2mJgA^JriRNlevjxG)
"CUBAFW_. .')!kIiu!2<t<<<<<=i<. .`|Zm`yiBmai!2\~chyoxR
%>591<19><98;?;"<8>
BlsG,@
qWystg
;Wecup
4Gyjn9
ryValF
#o|j3$^+y
fBylesx
)gkU'T
c&0X00
deSs-J
q1	}7 
%HU$*!!4
<d3| <De=r628
 Aeb2fYa453
)3d9c7
$o|jfg5`/Qr`k
*gt->2
i?eda6
)mles{
M|@->0{
0001Eo
<}steo
b:0x02
7625G'
,^56f9j
S]CC1Fn"<""#
{f8E3b
7d9bA3
va0cf6
<peM",
m("HFi
g0522S
l2ys?.ine-
"fe2Of
x&,b14
-arOf@
750aD&
6wtem 
'BiLe-
6peSTo
z58p82
f468M'>0b".
Cw|uJ, hF
50c1C#?50dg
r)ebg]4557
x`9c56
	ml%",
,2h}u}
lQat-?4288<.
.><=5<54>598126&5?=. .=84. .:9=4<4>4jm8n4i?n5>m5;9<o<;>>9<hin>n
R7teW5$
,2V\lu
MsdRX"<
cryyPFywP"<
fUSCDQP&#--#"mFljj"1?w?????>l;-#-aAzbmj}@iMv{j|[`X}f{j*69>138+
"7?;3?6?=?>;89: 
U2u9Y4%^[a#
"v	Wec
m> Dq0 
Xr_u|yd
o7&5`,2kv82V`6%
fq4c:f7g?5i0=><n
;?sp!u#p
.!/)+~?2=
AZ_MZJ@GVG
|AZXHhF\V
le-I/w
Gg2 1;2;20274575,545". 36: ."44091939g`5c9d2c80c;572a250072fg`0gfc450cc1d5f;a76d;g2ad64;;412` . 3354 . ogomp{ . TkpvwcnCnnmaGz . QWAAGQQ . 2z22346222 . vj10RpmagqsIF/<324: . qxGzgDkng/<JgnrOg,gzg . nrCffpgqs/>0
Yritg"
^)* F5	l1K
/tf","\
B""Qy9 Fx2 
|82 k6%
q0("pfq
*8uu*9"7p7%0o<;>>9<ein>ihm87<om?j;h:o10b=a4gb02==274f. .==;:. .je`i
xia'*%_~exiJe`i. ._YOOI__. .. .dJe`i!2<t<<<<<=o8. .bByani~CjNuxi
Xc[~exi!2:=88<.
.><=5<5<><98;9;";:;. .=84. .:9=4<4>4jm8n4i?n5>m5;9<o<;>>9<hin;inj
"("h1F
00e4V!
2819D4
2 54B?
2~CeSSVj
a0cf@2
:.wgD.9
x3bq}o
}f92a;
'#,"lkfy
-D<ji|
^(;1"5Dw24
f0cfA"
c0!qg"<.?pVm?e^
vf1(xk2(224rP63r
ecE&et
dcq;37t
KY@SE'V
ea4bMY
t[u7Ezk
&^X`@$
loryV4
ad.}ne"F#
","uzq
Y8a[4g
"jile@
pQn1h`
v=1190e?
144oyS
yj2eXRA+
LT1(Ig2(
3rjRa)iU0s
;Gi62|
0205R8Z1H8Vy2J-^b
W7O?T7
VwT=Z^4
P$_lJ[6_jO
-C$5Z<D
< xD,f
yxesT\
28faRmGdUmFsq_8JqCV8Ms
^7]7>79]"
,dd#%z
T?",{o
xf97li
X;Z`hn
7>250W
g:ffS8`
7Xs0$g
u,"6_=
%P4,$m
76tQb@4v
CrJ8 re
EG./2S!Z+U_P2
7xGfit
SHI{`l0,
i4Gdf|
.2048"F*
\8S6Y0
`g(HlHH
&<e8cf
50<3$#
+?<a2Y'
 6"D&gil
"201`ofni
rOf(]-
fe"uu^
eFiPdV(
rZ]Cc$
`2D"!17
5}Fyle
c:."lp
innorV
?3s7Yri
(/2[5g
&'F8h&
ti!Me.N
,,58"/
 <#148
0"40de
d$7996
080P39fa
n`^%Whj
{*-"65
*:x4#]
*gg%mc
>FEN8B
X. !CU6Q/
mJeou,>0x
["$lr2
}m5b92
u?4250
i*0518
o=`datF#
"uU(iJ
g:}!Vcr;JHv
[(Kz~&x_
I}erEe
fluY!n
qD jdV- {FX:'l
erTo&l
@#11]5
bl",HT
0u\6/"n
e->^5540
ugFi:2
.2R U+
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
 !"#$%&
'()*+,-
./01234
56789:;
<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
31Z1c1w3
6.6?6P6a6r6
9$:E:T:
<(=D=\=`=d=h=l=
:D;H;L;P;T;X;\;`;
3.4Q4X4@5
3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
41585P5T5X5
70:4:8:<:@:D:H:L:P:T:X:\:`:
=%=j>t>
242;2C2H2L2P2y2
2*3034383<3
3'4Y4`4d4h4l4p4t4x4|4
7M7S7X7`7p7z7
7;8s8x8
9L9R9X9m9
9&:S:#;);5;l;
<Y=a=v=
>K?Z?u?
>!>g>m>w>o?{?
0o1t1}1
122a2g2v2
2/3;3B3N3T3`3f3o3u3~3
444t4z4
576G6M6Y6_6o6u6{6
7!7&7,70767;7A7F7U7k7q7y7~7
838<8H8
:3:>:X:c:k:{:
;#<h<o<
>(>M>X>g>
2"2'2H2M2q2
6*6S6[6
020D0J0d0s0
1$1.1T1
5)535F5j5
858N8j8s8y8
<C<I<O<_<j<~=
:B;b;g;
<[<s<}<
>1>?>E>h>o>
0?0E0M0
0_1h1n1
455H5`5
7!8L8m8v8
2*2<2N2`2r2
3 3'3.363>3F3R3[3`3f3p3y3
4&4+4<4D4J4T4Z4d4j4t4}4
7U8o8x8
020T0a0x0
2:2Z2z2
3:3Z3z3
5!5J5j5
606S6v6
6"7E7h7
878W8w8
9&9I9l9
:2:O:l:
;*;J;g;
<-<M<m<
=3=S=s=
?(?C?j?
*0J0j0
202P2k2
3#3@3[3
5(5/5=5D5R5Y5g5n5|5
6$6+696@6N6U6c6j6x6
7 7'757<7J7Q7_7f7t7{7
8#81888F8M8[8b8p8w8
8%9+999C9K9Q9X9f9l9s9
:#:):0:>:D:K:Y:_:f:t:z:
;#;1;7;>;L;R;Y;g;m;t;
<!<'<.<<<B<I<W<]<d<r<x<
=!=/=5=<=J=P=W=e=k=r=
>">(>/>=>C>J>X>^>e>s>y>
>(?.?3?[?m?
0%0+050L0
1%1+151L1
2&2J2P2V2`2w2
3&3,313;3\3b3g3q3
4#4)434P4V4[4e4{4
5A5G5L5V5w5}5
5%6I6O6U6_6
6%7I7O7U7_7
778q8w8|8
:H;N;T;^;
<8=>=D=N={=
0 0*0S0Y0^0h0~0#1]1c1h1r1
4$4.4O4U4Z4d4z4
4#5]5c5i5s5
8%8+858V8\8b8l8
;$;*;0;:;P;U;g;
<N<T<Z<d<
=%>+>1>;>Q>V>h>$?
0^1d1i1s1
1A2b2h2n2x2
4%424L4r4
4-5l5r5x5
93999>9K9d9
:P:V:\:f:
:M;r;x;};
<L<-=3=9=C=Z=
22282>2K2e2
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
5 6'6,6P6W6\6
7@7G7L7p7w7|7
80878<8`8g8l8
8 9'9,9P9W9\9
:@:G:L:p:w:|:
;0;7;<;`;g;l;
; <'<,<P<W<\<
=@=G=L=p=w=|=
>0>7><>`>g>l>
> ?'?,?P?W?\?
0@0G0L0p0w0|0
10171<1`1g1l1
1 2'2,2P2W2\2
3@3G3L3p3w3|3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3H3L3P3T3`3d3
6$6,646<6D6L6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6
5 585<5T5d5h5|5
6$6,6@6`6|6
707P7p7
808L8P8p8
:<:@:H:L:
:8;<;@;D;H;L;P;X;\;
<l<p<t<x<|<
=$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?0?4?<?@?l?p?x?|?
\0`0d0h0l0p0t0x0|0
1$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3,30383<3h3l3t3x3|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5l5p5\6`6d6h6l6p6t6x6|6
74787@7D7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:(;,;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(>,>0>4>8><>@>D>L>P>
?(?0?4?
4080<0@0D0H0L0P0X0\0x0
2 2$2(2,20242<2@2
3 3(3,3p3t3x3
3 4$4(40444x4|4
4(5,50585<5
5064686@6D6
687<7@7H7L7
7084888@8D8
889<9@9H9L9
9@:D:H:P:T:
;@<D<H<P<T<
=H=L=P=X=\=
>P>T>X>`>d>
?X?\?`?h?l?
0`0d0h0p0t0
1 1$1(10141x1|1
1(2,20282<2
2H3L3P3T3\3`3
3h4l4p4t4|4
4L5P5T5\5`54686<6@6D6H6L6P6X6\6
7T7X7`7d7
8 8$8(8,80848<8@8
8D9H9L9P9T9\9`9
90:4:8:<:D:H:
:0;4;<;@;
;4<8<<<D<H<
< =$=,=0=t=x=|=
>L>P>T>\>`>
> ?$?(?0?4?x?|?
0P1T1X1\1`1h1l1
2 2$2\2`2h2l2
3`3d3h3p3t3
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
?`?d?h?l?t?x?
0 0$0(0,0004080@0D0
1P1T1\1`1
2L2P2X2\2
3H3L3T3X3
4D4H4P4T4
4@5D5L5P5|5
6X6\6d6h6
7l7p7t7|7
8$8(8l8p8x8|8
9 9$9h9l9t9x9
:0:8:<:h:p:t:|;
<0<4<<<@<l<p<x<|<
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
5$6(60646l6p6x6|6
7D7H7P7T7
8 8(8,8d8h8p8t8
9<9@9H9L9
:0:8:<:h:p:t:
;<;@;H;L;
< <$<\<`<h<l<
<4=8=@=D=
=8><>@>H>L>x>
>,?0?8?<?h?p?t?
0H0P0T0
1`1d1h1p1t1
2 2$2h2l2p2x2|2
3 3(3,3p3t3x3
3 4$4(40444x4|4
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
8d9h9l9p9t9x9
;H<L<P<T<\<`<
=h=l=p=t=|=
=P>T>X>\>d>h>
? ?$?(?,?0?4?<?@?
0 0$0(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
fRhxYN.dll
"20190902055428.283","420","HelpMe.exe","1824","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190902055428.283","420","HelpMe.exe","1824","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190902055428.283","420","HelpMe.exe","1824","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190902055428.283","420","HelpMe.exe","1824","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->420","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190902055428.283","420","HelpMe.exe","1824","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->420","szExeFile->HelpMe.exe","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902055428.303","420","HelpMe.exe","1824","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->420","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190902055428.303","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.303","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.303","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.303","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.303","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.303","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.313","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190902055428.313","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190902055428.313","420","HelpMe.exe","1824","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20190902055428.313","420","HelpMe.exe","1824","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902055428.323","420","HelpMe.exe","1824","memory","VirtualAllocEx","SUCCESS","0x009a0000","th32ProcessID->420","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190902055428.323","420","HelpMe.exe","1824","memory","VirtualAllocEx","SUCCESS","0x009a0000","th32ProcessID->420","szExeFile->HelpMe.exe","lpAddress->0x009a0000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190902055428.343","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190902055428.343","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20190902055428.343","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20190902055428.343","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20190902055428.343","420","HelpMe.exe","1824","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190902055433.320","420","HelpMe.exe","1824","process","CreateRemoteThread","SUCCESS","0x0000009c","lpStartAddress->0x00404008","th32ProcessID->420","szExeFile->HelpMe.exe"
"20190902055433.320","420","HelpMe.exe","1824","process","CreateRemoteThread","SUCCESS","0x000000a0","lpStartAddress->0x00404008","th32ProcessID->420","szExeFile->HelpMe.exe"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegCreateKeyExW","SUCCESS","0x000000a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegSetValueExA","SUCCESS","","hKey->0x000000a8","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegCreateKeyExW","SUCCESS","0x000000ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegSetValueExA","SUCCESS","","hKey->0x000000ac","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegCreateKeyExW","SUCCESS","0x000000b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->Startup"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegCreateKeyExW","SUCCESS","0x000000b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190902055433.330","420","HelpMe.exe","1824","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoNetHood"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.330","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoPropertiesMyComputer"
"20190902055433.330","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190902055433.330","420","HelpMe.exe","1824","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->C:\WINDOWS\system32\HelpMe.exe","lpNewFileName->C:\AutoRun.exe"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoInternetIcon"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HelpMe.exe"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoCommonGroups"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoControlPanel"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoSetFolders"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExA","SUCCESS","0x000000a2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a2","lpValueName->(null)"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemSetupInProgress"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->seed"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DevicePath"
"20190902055433.340","420","HelpMe.exe","1824","synchronization","CreateMutexW","SUCCESS","0x000000b8","lpName->(null)"
"20190902055433.340","420","HelpMe.exe","1824","synchronization","CreateMutexW","SUCCESS","0x000000c4","lpName->(null)"
"20190902055433.340","420","HelpMe.exe","1824","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->LogPath"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000d0","lpSubKey->AppLogLevels"
"20190902055433.340","420","HelpMe.exe","1824","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExA","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20190902055433.340","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190902055433.340","420","HelpMe.exe","1824","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190902055433.340","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902055433.400","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190902055433.410","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190902055433.440","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190902055433.440","420","HelpMe.exe","1824","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157b10","nInBufferSize->0x00000046","lpOutBuffer->0x00156d10","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190902055433.440","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157b10","nInBufferSize->0x00000046","lpOutBuffer->0x00146030","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190902055433.440","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902055433.440","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902055433.440","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Data"
"20190902055433.440","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902055433.440","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902055433.440","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Generation"
"20190902055433.440","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190902055433.450","420","HelpMe.exe","1824","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00156eb0","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190902055433.450","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00158d40","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190902055433.450","420","HelpMe.exe","1824","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190902055433.450","420","HelpMe.exe","1824","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00156eb0","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190902055433.450","420","HelpMe.exe","1824","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00158d58","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegCreateKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Generation"
"20190902055433.450","420","HelpMe.exe","1824","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190902055433.450","420","HelpMe.exe","1824","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->CurVer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fa","hKey->0x000000fe","lpSubKey->(null)"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->DontShowSuperHidden"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->(null)"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ForceActiveDesktopOn"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoActiveDesktop"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoWebView"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.450","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ClassicShell"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoNetCrawling"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoSimpleStartMenu"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->Advanced"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->Hidden"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowCompColor"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->HideFileExt"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->DontPrettyPath"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowInfoTip"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->HideIcons"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->MapNetDrvBtn"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->WebView"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->Filter"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowSuperHidden"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190902055433.460","420","HelpMe.exe","1824","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->NoNetCrawling"
420.csv
wordpfct.wpd
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF