Sample details: a5dd248c83603368086fc868853f3a4f --

Hashes
MD5: a5dd248c83603368086fc868853f3a4f
SHA1: 965887989436cc0d80c031ae36450a429b9891b4
SHA256: 2e3fba04ac7b3e6416c5a81902538f8c3f56e7d73f91043bf38164d5dcf510a5
SSDEEP: 24576:FEtl9mRda1bCSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJG:+Es1LY
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/network_tcp_socket | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
Boolean
Integer
Cardinal
String
WideString
TObject
TObject
System
IInterface
System
TInterfacedObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
	TFileName
TSearchRecX
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide,x@
	EOverflow
EUnderflow
EInvalidPointer8y@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorp
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError8
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
tagEXCEPINFO 
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError8OA
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResourceshRA
EInvalidOperation
TThreadList
TPersistent
TPersistent
Classes
TInterfacedPersistent
TInterfacedPersistent
Classes
IStringsAdapter$
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStreamlXA
THandleStream
TFileStreamXYA
TCustomMemoryStream
TMemoryStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread
TComponentName0^A
IDesignerNotify$
Classes
TComponent
TComponentX_A
Classes
TBasicActionLink
TBasicAction
TBasicAction8aA
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
bWf\4eN\,er
ab,,gm@
DLqfc","nNumberOfBytesToWrite->6EHt0.
"vCq90
b7]S%5
Wu0h&+
Esfd8e241bdbdff0fa6988c089f9f36
%5"89"hQq20
b,.S)luF9s`P-"$
%->0x000001e0","nNumberOfBytes|
emd->rBt40
xJ!dte
!"d*dff
v!61kA
RH$e$1
$b,jfil
#,"SqCCE
.b,"","hFile->0x000001fc","nNum
2O"Byt
oWG)ti
t068J":
n0!fvDPQSTnCAV]"
CBESSp
e0","nN
"e>1&BytesToRead->61440"
!e=P%5t<#b
3vJ$en
"7UoX[ 
?8e	d)>6
ubdZ5J,&fi
ytempz
%=fzsd
#QftOu
!gifHI
ebilEU}
{p:/|'%
\l`" R
$i(sd/-"
S]7n#GK"),MEXn#EM
TXF4BPS0%
[K,)@KY)/F
3#XDT4~ 
^#2DZT
b^E\YoNA\L3GRDZ4
qulo^6
`ondUol
tt" 2_c=F
Tsrce#
XNt0\ 
(FI&4O!5
-;7d{.
)r/une kate valdde.","Plea}e entey m%uanod emenl adl{ess.!LQ
cr$)F$mcar%
>u,/5?.":"
$4(lleza2 iSir  
fter,ccha'
/*eSSW
J< ".=
od606 =
gH;.,cy
!   E   
7Tgn1T
z.(  F
kshl(>t<
-li>Zm  s
mR!cla
mJoer"
J H !  
(rJ pJ H 
)Kf9:>
qqqqqqsvw
r="c^nta<
o[XXXZj3
#levTl0 	
/comJind
ZuEp?mo
s`anKQ
ess="leXel1
-Wa#V-
oobiacer~?9
3;-<5p
%vkey1
xan>Lobi
y%r$extS
_#.-)u
,ikxz&
&php.mob
|)ev-ex'
yEsCdv-
ner~>	
he')|e
{i="Hs
451'wy
rt c3l1"mj3<
%v6:fu
<Gstan
-.-eqt
,G)g+Un
6phj><
$ jlas
1elMen
k6|7<.di
			Yc"
1150', 'block2150');" onmouseout="%
a#?.hil
wef=c%$9P://
RP/a><h
M4)-;+
ocument.UR
    fu
J =   $
e    nq
1h_pope
,dthblc
e     (
e   if,
-block1
,dthbl
O     
+ew_wi
5up = 
)ock2;
#(widt
t && w
*ck2){
e     
!thblo
ewidth
e     
,dth_p
ewidth
e   if
'lock1
1hbloc
e     
e  new
1hbloc
e     
e     
e     
!th_po
+ew_wi
e$jq(t
,nd('.%
;UCP =I'
),=9 2]'
xikn(]|
=&maYe
	xei/b
$mee		<d?
sZ4ro;
s<y	@sICdi _xM`
		_hN-
>RFca"
ts"hk{QfR  vh{JMP  _h{i
fRfdZTR    vA{[=fROMsTR <ulv
"PQgZ}{    vARbffefROMsTR 	_h{bSTRfROMcY  <:
\O|efe	u
2oeuct-image">
img sr%
(t|p://www
%r.com/media/catalog/produ3
ocmche
!osmT,lS\-awPo1!
o94Tw8	S"3
t/IS g
H l7Znp
Q-dEOnsy\-lM=.
3e'`;6
VOBh]]
_d}]pPE4
` $1`   (vARU	\T
2oduct-name"><a href="http://w
ncaobi|
%r.V/m#\.duMnp|Eoc`T)s5
F-l4e"
)se rouge</a></h2>
			        d
` ,   
` 5e_h{IANTtYPEcASTeRROx
`            
    <div class="
)ci-bohY~
` 5evARIANToVERFLOWeRROR
` <span class="regular-price" e
}"|rode
4-pG)ci
` 7evARIANTiNVALIDaRGeRRORL
0an class="price">25,00
!n2   0[`  
osg$8_xIANTbADvARtYPEeRROR
        </div>
			       
` ,   0G$iv
#lmF3=2T#t}Z.s*
J	Y;` L
` 5evARIANTbhm@gmlqL{N
3s="add-to-links">
											1
rI		<I	
<I	,Y)>(T`hzP&=rZ4t
E7.{(9
3t/index/add/product/196/form_
9/[B5V~
5Xd$cFO
`cxT3s5
,i>Ymw
																											
rI		<I	
5lR8I	
` 4evARIANTnOTiMPLe{{fR
`         </div>
			          L
` , 		
` 0	ol}
` 8evARUN
}FFmEMORYeRNN_
		        		        <script 
0e1"teh
ojaC!soG)pd
~dqV/riA%G5\%r
geven','first','last'])</scripL
r|/d\6>
`efQ`e([3tLB2o
G#t5h{_x`]A
MP]UNEe
(   J J iU
yt-Ldie
s; @jre
<p>nnp|rf
cnm/Dg-
XN<E4MS
_e;.^wMXZb
_^[YY]
oav` c
oaZq5aL
Olx$co
n]h$XA
Eu<E4&
-&pGjd
8t=,#xh
XY]H]&
bAYm?D}
<7YG<X[C,
+K'lQDEuttBl
	{<t+(
(kttIn
ttLsO9 
>[P6tr
8c)||3
?]q0I*
=Wq:aOZ
Q_^[HPF$
lIq_^[C
j,->+;
3C\T0Ct
|,9@uY
<$d22GC0<C
;W2n	^s2
.rland\Delphi\Locales
_^[YY]
;IA@$Qgg
W$t?'s
odInactive	odNoAccel
4sFect
$ReF%rzP$1
Z$RqF%r~P$2^]$C
9Em=&b0.
TOwnerDrawState
t?wf,A
E$Y#Eu
4a~|,^
E|^w@3
+(1)HPM
Y]CzQ5$
YZ]_^[
u$;~|u
tr;s@u
;CLtX3
_^[YY]
;s0t=;
IsControl
_^[YY]
_^[YY]
+WH+W@
:GauOFKu
DesignSize
_^[YY]
_^[YY]
_^[YY]
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
S8_^[]
t9;wlt4
FLVhp/D
t$;C8u
QQQQSVW
t#;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
TContainedAction
TContainedAction
ActnList
Category
TCustomActionList$DD
TCustomActionList
ActnList
TShortCutList
TShortCutList
ActnList
TCustomAction
TCustomAction
ActnList
TActionLinkSV
u*;~8u
R0Z_^[
;Blu	3
$:Cjt_
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0]_^[
$Z]_^[
TChangeLinkDUD
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
MenusTnD
TMenuAutoFlag
TMenuActionLink
	TMenuItem8pD
	TMenuItem
Action
	AutoCheck
AutoHotkeys
AutoLineReduction8
Bitmap
Caption
Checked
SubMenuImages
Default
EnabledT
GroupIndex
HelpContext
Hint@UD
ImageIndex
	RadioItem
ShortCut
Visible
OnClick
OnDrawItem mD
OnAdvancedDrawItem
OnMeasureItem
TMenu,tD
	TMainMenu
	TMainMenu
AutoHotkeysPnD
AutoLineReduction
	AutoMerge
BiDiMode
Images
	OwnerDraw
ParentBiDiMode\lD
OnChange
TPopupAlignment
paLeft
paRight
paCenter
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenu
	AlignmentPnD
AutoHotkeysPnD
AutoLineReduction
	AutoPopup
BiDiMode
HelpContext
Images0wD
MenuAnimation
	OwnerDraw
ParentBiDiMode
TrackButton\lD
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
_^[YY]
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
_^[YY]
Ih;J4u
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
TControlScrollBar
TControlScrollBar
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControlH
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms@
TBorderStyle
IDesignerHook,^A
Forms	
IOleForm$
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms 
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
Formst
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomForm
TCustomForml
TFormp
FormsU
Action
ActiveControl<7C
AlphaBlendT
AlphaBlendValued>C
Anchors
AutoScroll
AutoSize
BiDiModeh
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManager
DefaultMonitor
DockSite
DragKind8=C
DragMode
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
_^[YY]
S,_^[]
$Z]_^[
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
!Vexu=p
	$|vD@
[qHuN4
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
eption
endClassObjects
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
URREMT_
t't,^/!
t't,^/!
KThr$adT+mer
VThr<adL5opF2le
EzxyHD
FormCreate
	tmr1Timer
	TFra_Main
rm_Main
Un_Main
Mic?oso(t\W&ndo's N
 ren'Ver'ion	Win:ogo9
xpl4rerrexe} He2pMeqexe`
4OFT?ARE5Mic
ed\0old
\SH5WAL7
\Soft.lnk
Stone,I hate you!
:\AUTORUN.INF
Kutobun.exe
autorun
shell\1
Command
Browser
shelg\2\X
)ell\2\Command
shellexecute
.J?m`M
PAQsRCSCVt0
AuaR2V
@H??uElDj>
)orQ!b
(sx#/c	\` 
a'ovb s
.tU!5 
 ma!%nH
+e"-5e
& Setup updates and Watson error reports.OfficeDiagnosticsServiceRun portions of Microsoft Office Diagnostics.{CC29EC69-7BC2-11D1-A921-00A0C91E2AA2}MEWord12WordMetroCnv_Converter12ProxyWord 2007 Macro-eRidl
e&Document\docm
3Qord 2007 DocuunhtLficxWord97Word a<+2
25 Document\doc
NG7vG3B5-89ED-4872-
9D7i2BC103B2B320}eu,cro
n(xlamExcelAddI
lRoolEuro Curre
lils\Conversion`vhd
birmatting for 
rto currencyhtm
jCxcelAddIn_HTM
uhet Assistant 
irernet AssistaNW&V
F}{Fatal error:8X{ERzir [1].MessagezQ
pI2& [1], Argument:  [2]E8zirBzca
mk o{toP)]3g'{}j)Pe
``yV}na
&csd&aGicsA*otj7;=pFig9chgLyra
gc] ===
ipped:
PBaNn[ jPRime] [6;C
+ereate
V!.  A 
bteoxirY,qiDd&tVeu >mke alr	mbyXi~i
xty.dhsTljl[ca <b&atiof
?[Sczsp6mgn@ar +mee)}&t
|&erfuto/on
viuN/uy!{cmFnhdV{na
/ve|}osmyin]0robevd9dc 
utijh&tJpr C~s  ppezpec
phnkf&rysb J{je
I4]d2&C>wekHkiur ne
|cction
}s aac 
jiTt&f<|k 
W+R+^* 
w[ KP+RUY&i_4on
`nebpti:q( vWji	
x&te5utqe&tDp&i"fra
fovu6gcCsus
bi 4~c 2
jeH1]2%1( 
6itzrt Cgvl_tgtions`7rh;y&c
~ek\0Te
bah"|osq8upI{c Lw&i$kra4t&t
yhd*zjiur&'x|rrM>* %k&c:pekB>Ea
wu{hcd
|ol-:]2
4& )rcc
:ir,XB-LTK Tiov[5& t;@o
hce.GUEJIVHuPVFwPCD
N[.-nto
<Uy{icm6xtrKo&[
@(};=&V3oof
|h i}eeSm&i@0Cr0qt #lot
>&Vomofa?rhKk&yYj&h%ic 1|ee
{}{ Cgb}Nct
&V=Rof
Ah iBeeiR&i^
EaROitnBte=Uc 
G file
Voth th
R&nsOc INte_F
Q( Rrje
Qc rena
Dole and
ely@m 'Ret\Z!,fLt =Ooc
F&vkHsm
osdGsr*Aht
AjegQ&anothAW(T*@&speci
LcdZUgt
![2]' 
I/[>OLs3
 tha1N
Nin y&
O52]. g&
EEDiN%
I se(U7',
,( ].S	
>I9@<\Ye.$rifyg
Shaveg
,issi(
O5he s(
(netf)W8bIB1	
/ to 2
6B1*>Sdri3
GTtHR#
=9$-7LPFI
Nis t(
/[N?^8Se
1Y+W]. l9
$nt p7
	 fol7
;TU2\:' e+
ath s7A
 me.E 
-e se1
qE"2]I<
uU1BSetu
5 cre6
*T)[3Ia [ER
9#7TTE
=7.ISS
 keyv2@)[AL
)>=,RSUP
$%6SIO
Ethe %
R>S9l	
R[3].sE/
'!"9-' 16
%,!:]Set&
y ke+E(G0KtH) 36ORSU
3=:+PERM
62-	'16etupm
luem.^
HfI7 RRO
*!;!7;1_PER
&02%	<86etu<O
T2\3.  [
<;;;299**
&=117><
7.=:<'ON]
istr>L
]>E  [E
"*7TTEX
:2>$tupg
$gist5
S2]3kXa[ER
0"#&=:TEXT
&: )Coul#E
	Etheg
H3egis3
gNF42] 
afor 3
5ioni$
S[Tim"8Np)X+OT75
N<s].An(
(on i4E
`AM<.u mu4
/tinu.
 se m&
E$(ndow4E=+
' ha4E
duc3ES
IHO Th&
T405r wi*
Tinst'
Ef[2]'f
Z3CmLO'
O1rod0
e --d3
YT2\3 KBxR
Dspac&HE:@8f".Ka Fr&
* spa 
-ickcH?
G8ou c&
v:^(>r] isg
?X1, I1TR>T1EZ2&
K	.  C?
oU<w%' iss
3#<Stio=E
FmE 	#I
pac6EYoK
me:sB/p6dTL
VE/G8 KBhE
Tspac6[V>p
 KB.rE:
(/bac9E
ble6IC
XbK&etryjO
ace (	
t>J)k,
p co2	
Lloca3
E>icr(
(ce 9pITw^X}E
p th"E
%O>*M, r2
gainio~
;-PHEL
T#rev,
	- atio-
Etha7R
/.Yo6R
 you1R
Plikec
Pchan$
f2^8awillb
L	.u li<
S"urre;
E9,('Y
.  D<Y
P6 pre%
%e bys
CEN0o yo&E
. tho 
Sfile KTs 
P/etwo!
E-0-RO
gTEMi(	
aothe!E
%:6#"FIL
full*K=/
	$d.Pr<
Vw2\9OZ- [3
d0tat7E
Ethe ;
ayou >
 nnotr
 tionr
ck t?O
	Eeno%
 ce i#E
m ando
Tthe !
MR.r CD`!(
cULTI6
p4:+ &PHE
%70<31e*
$ or !
2tor)O
AME6esto;
W.]AG>
8&>0TEX
N.{)KMa[ER
dingi1
t>J)ais n(
YrEC$lea4
 pat/K ?
adiskg
2].gE$8
ID!etry`IT<
NRCan$
Hto t/
olum"K ;
Ediskg
	p4A].  
-ick `7
BBTor $	
nce+BT9
G5o th"E
'fere)
K9!! fo+
cEN%lea4
KA va+
X=/sta+	
W.ETO3?
d7he )
\   g#
AE2ee 
	ing 5
Tfil#I5V
O,r]. f$
 Xope7
p:[3Z  Mu6
iste7M
P9]<\D If =
0AUIgn+
+XSetu4R
Nand 6
oduc0'
 llat-
;<+=$UPP
7' 77-
5<:BLE	8 
L>F8cEN.ERRO
 ckag!E=t/OME
 fon7R>S)KiC9
sion0H
	Mfon7
 thi1E
(ste1H
erif:H
4 tha7H
'fici&
2sion2D
6VCoul%C
T[26KRN3	A[H
N?2]. s7
	e [}1KiN21;3#;)0PPO
7=5)6,
leO7W<[T
ik6>#RSUP
9BL Ver 
Eyou !
 .5SUP
"331	1')
Wremo?
1UL4F], O
\1AR Ver 
T=+;C d;
oR*%6& e
s^L73].sh
T2[3 exi <4E
/ a"'32#iZF
>>or c<
*$, da'
Ii5u>@aODBCg
U)[)Ci5U2.  Verify that the file [4] exists and that you can access it.Service '[2]' ([3]) failed to start.
fVuB/f
1hq4fyou have sufficient privileges to start system services.Service '[2]' ([3]) could not be stopped.  Verify that you have sufficient privileges to stop system services.Service '[2]' ([3]) could not be deleted.  Verify that you have sufficient privileges to remove system services.Service '[2]' ([3]) could not be installed.  Verify that you have sufficient privileges to install system services.Could not update environment variable '[2]'.  Verify that you have sufficient privileges to modify environme
lNariablms/Youpdo
#suffhc
`nt hsi
olegUr 
gnstYnl
#J all utess o6"t
instjlla
\<Jivilegds!to mkd
lKecurhty 
this fxl
!SeDqp
nnn'p 
j [JY 
bay(ke
{e Aju
`pe"dt
>]ctly-  [
>Kion: [4]
_OS0Vr
K]}%Ue
9Ke it!is 
+%Vdows. ! You 
gy need
update!your 
veratin
\?Astem fnr thi
&progra
\8W work borrectky.  [E
jSUPPORUTEXT]0|{Packa
lNersion; [3],
HS Prot
8]d vershon: [
Z, SFP 
>Wr: [5]|}An e2uor occ
>]d duriog thepnnstall
%Wn of arsembl
'compon
[2]. HSESULTJ'[3]. {
?Kembly hnterf
de: [4]
\*Mnction; [5],
fssembl
\"Yme: [6\}}War
nng [1]
, ]ase waht whi
b Windo
l[onfiguses [P
hductNa
atheriog req
nred in
>Uation./.An i
sernal 
>Wr has ncgqrr
c.  ([2
[3]   Z4]   [=]   [6
[7]   Z8]) [UZRORSUP
lTEXT]RdmovinG(older 
>Kions og this
ipplica
#V...Preqaring`|o remo
lWlder vdrsionpgf this
<Hlicatinn...S
|up can
get aturibut
{ for f
[3].  Werify
|hat th
\*Qle exirts in
qour sy
)U and tiat yo
(have s
*Qcient qermis
aons to
	<\ate it/Setup
kannot 
)Yte a tdmpora
q file 
l^older Z3].  
mrify t
the fomder e
asts in
#Mr systdm and }hat yo
\$Yve sufgiciend)permis
#Vs to uqdate I}.Setup
-Vnot fiod the
{equire
\*Qle IMAFEHLP.
EL in y
system/  Thi#)file i
\"]eded tn vali
hte the
%Te [2].! [ERR?[SUPPOR
(	`T]Setuq cann
} find 
file kdy '[2
. in ca
"]t '[3]&.  Ch
jk your
#Vnectioo to t
l netwo
or CD-SOI$dr
& rnr other pod
ht]`l solution7
uhis proble
&sQd [SETUPHEL
OLqEIR].Setup 
hn[u access a r
babinet.  C 
xour connecl
uo the netw
nr CD-ROM d
!   For oth
uential sol
r to this pN
l, see [SETY
QFILEDIR].O
!Setup enco
dd a proble
h the Offic
nce Engine,,p~s&em error: [R^) 
Rlease open
TPHELPFILED
od look for
hce Source 
d`izg" for info
on on how t
-ue_nlve this p
aelYn.The contrG~''
0]' on dialoq''
1]' cannot 
zdehp values lo
zbr4uhan [5] ch
ers.  The v
srel%[4]' excee
js limit, a
p been trun3Hse
,Setup cannGX'l
ad RichEd20
" [ERRORSUP
DXT]{[Produ
DIaye] }Setup c
]wlqted success
Eklm.{[ProductN
]b]4}Setup fail
T)Izfo [1].An inEbrzal error hag
hcwurred: ([2]
r'[']   [4]   [2]b b[w]b o[e]t %[z]k.a 
itkbf7l/:l}2A0t,oh 
c*e4s`A?p>i&api-nl1|M&cvo1o$toO-fnc' 
c1e6st2b0n Aa6a a*e
d6i+M?c;o6o1tgO*f0c5 
d%I:M$cto
n7b/e(E9c)l%A p-i a?i.ni1wM c<o5o)t)O2f/c7 
p9l'cit$o/E1c+lgB"c$u>Mncso[oft
Off)ce Dxbel Baciup FileExcel.Chart.8Mi
soft Office Excel ChartExcel.CSVMicrosoft Offi
l 4.0 Macr
d.12eicrOsof4 Ofgibe Exc
l Binary WopksheetExcel
eetMacroEnabled.12Microsoft Office Excel Macro'
nabled-
KMicros
ft Office G
ceipSLD
 Impor~
FormatExcel.Templ
orksXacemicr/sofu Nffice
Excel WorksraceExcel.XL
crosoft Office?
xce\ X
HTN0 D,cum
te2icr
icePExc
ML Temp
an,FAleMsGra0h.Ciast.8Mi
rosoft Grapj ChartMSPro
t.MPXMicrosoft Office Project Exchange Filg (MUX)M[
roz%ct
ctHicq
odt"Oe
cg Rrl
ct%DocH
enTmSPb/jek
.Pwojeat.9MSProject.T
~e@o\e SEcti/nOuulnok.Fi
e.msgOutlook ItemPowerP
t.Show.12Microsoft Office PowerPoint Pq
esentationPowerPoint.Show
int.{lidE.8M)crorogt Off
ce PowerPoint 97-2003 S
ePowerPoint.SlideMacroEnabled)
e WSwet
edcSli
w.1LMic
 Po7erPoint
opna\ePoWerP/int/Tdmplat
MacroEnabled.12Microsof
ffice PowerPoint Macro-Enabled Design TemplatePublisher.Documf
Mi{~osW`t cdfi%f P6cli2
gisIu.DBowivk.1?Uicq
soft O
11MMcroaoft!Obfice >hsio WorkspqceWord.Docume
|UUZPV
w\PF^V]Kd\AW
wocFTt
12~Prj\J~
12~ZZc~b~
|atRGVdW
^plRGV
wUUicV
gemC_R
MiPAVbwwl
RAdw\A
Z_VuZ[
]tw\A]{G^
ro@\UG
plRGVD\AWK^_UZ_V~Q
Aos\UG
w\PF^en\AccAssS{ortBupCreat
!databases qnd programs t
fZPQcrPPV@@
t`[\AtCFG
HZCrAGO~
\@\Ut pXKRc|ATR]QIV
z^C\rt
]W@ a\F
oCAV\@\^
P&YW@P
Ejo*PA\@
[orGpFGp
\raGZEV
MMVX@CRPVK
 s[RAV
CA\PGPG@
V^QVA@
MicVosott Ogfmce Gr
nve.IgxAppSxortCutIgxApp|
cRGZ\]
R]TFRTV`[\AGCuG
O~VPA\@\Ut |_w
R]XFRge
V|MZPA
_Z[RGio]~ZZc~
\UGleQ
pAeaGV
AV dZR^cy|k
yC\cKPR]
`ca]OtzPA
 D\PF^V]M9`PRV
^F_GZC_V
PumV]G@
AVP\T]ZIV tMxt Mn i
age!dkcumen
r by using ]icrosoft Offi
Z]XVi!3l(
[ fRK(./
Mos\U1
Qt z^,:f
KOfUw,
YfiPVm
Mos\U1
LtiP@m4j
Qd C\+6d4!AU\A
vSS[\AGpFG|z`O
|UficV
~^naTVAE
YilMs b] us{ng Ligrosof
!Office Picdure Manager.O
R]WFZ]U\A^RK
A\@\UG
UUZPe |]Vp	7V
UUZce`[\A
FG}VDw
}VD MZPA\@\UG
w\cu^V]G
~icA\@Y
|UUZP]
\PFme]G
,AX@[VV
V]GatZ\]
daGRQRM
J|@R|C]
UZce`[[1G
7|CVQw
*2 *]W
Vn R]GF+
AXK[Vet
prV@V]GRGZ\]
datsbasd.Kutloo
RhortCutSent and receive 
YG OUT
chk`hoAF
GRGZWQ@
fY.\D@
QJ u@Z]
A\@\^G
MWUVctc
JLo`rvrP	P
	C A\@WU
6]G@pA]RGZ
RPP\F]G
\UilV@
~Z[M\@\ft
&PGZ]T
~ZPro@\UGF,UUZPV
YVPt {ervAr.P`ojebtWhortC
uPlan, trac{, and manage 
cA\@\UG
|UUZPZ
A\YecG
KV`[\M
VttVJb5
R_u8dV
hoKlpF
t v~UQr|
, J}Vu5
~k^RMq\]
zntVKRw
ZTitR_
GZUZPR
U\A Vqr
cA\YVPG@g[Z@
CAogZam Greafes ` welf-s
fned digita| certificate 
.eZ@`wxp_Q`[\AGPFGeSDxp\WVO~ZPA\@
|UfiPV
`R^Cle@
MQARAJp\
`R^Cle@
nK!ARAJ
P\We @,KRTVG@
Z\Fs XCDEW"TV@n
w\PsSZM
A6Ge`|
O~ZcrUY\\V
`wK w\PFWGJGRGZ\]
G1V]PV@
arGZP_VItM@`wxcFZ
hS[\AGPF
wxcFQO
ro@\UG
|\D*PV
So_FGZ\]
VQ_Z@[Z]
cMQli@[
p\^C\]V]GeZ@`wxSaEpleWSho`tcuuVWDKSam
}Microsoft _ffice Visio S
gFRT!7
Z@`wxk
L`[orF AVtq
\soTPbmDDK V
wK fMMF
wiHCPW@
ypWNKAARH-&K
GwV@Z_
^RnaTV
BFR_ZGJ
ta]WRAW@i&%@
it_7cDZNJ
ExJP&@@Z
KAGw7VgA
V+)+XG
L S[[PGrMK
Z\]s DZG[
~ZPA\@\UG
|UUicM ShEreP}int!Dasigne
/WordShortCetCreate and e
AVC\AG@
Q\\klVG@
~ZPA\soUG
kw\cs`[-VGpFGwV@
R]W fZXN
U\rm@bVM
CLD,A^RL
[A\ugZM
IRGioT
PWbNVD
}_UkCV]
VnA@aVRW
L/J|CV]
|]_CFKPvWZG
OnV]\GVc
PrZ]GW\PRV._W\P^WW
doPK^_W\G
LG[G^_W\
doGKZPWZPNZPKZ]U\CYGhx^_^RGwV@ZT]
wV@ZT]PrMviegPre6vievmeu&Bro
semavmdbmdbhtmlmdimpdmpfm
lC\G^C\GKppappa^p
mK_^xlsxo@QKlshtmlxlsmxlsxxltxlthtmlxltmxltxxlwxsfxsnProgramMenuDevResourcesFolderMSDEVRES|2007 Microsoft Office System Developer Resources:MSDEVRESProgramMenuToolsFolderOFFTOOLS|Microsoft Office Tools:OFFTOOLSreg0005F9DFB11EE5635A031DA038FF9A9EProofreg005D9574E2D206D307893F81DC06F0E7XLSTARTreg007403245A6C2E1B47D99463BADEE414&Edit,0,2reg011805B5691E5D3A57178868B4475ADDreg03CD7777AA2DAED32797C8B568F9C1D8ODBC Databases ()reg03DBDA1638A26F85DE631FDFD910A3E2reg052959FD7BA37014ECB8CF441EEF4CEDreg053021A21AC3B51B76AE8DB4EEC85A10reg059EA896AF64E4B3C2BDEB978FEF45B2reg05C9ECA53A18DE59D4E90A206F1E8D63reg065FF1D29B341AE1C0BF30CC8CD1B659reg069934FBC337B13F2344D653E403B6C4reg074F12DDC24D6F5D82D9EF4ADF52164Areg0781CEDF1554451FAE08B0CED280FD9A&Open,0,2reg083407F478A29DA646EB5117D3A9E635&Edit,0,0reg08BEA2DCAE078C258741E0D7108BD07Creg092828397513E52292017A31A83641B0Microsoft Office Groove Tool Archivereg099E4C7BEC45A3E2CD2B60411969B808reg09F441C44F2F58849BB7167D2B60891Areg0AD85CE2F6DCD301614EFF655A29A5F1reg0BA730632E4155B0DA2C19FF22F8EF84reg0D1CB378DF8DDEBD9895CF074BB6DBA3reg0D432EA6E2D260FE3F7CE05C19DA7C3Creg0D4FF606B6C0E18C9927C7F58DAA9EA2reg0D50E43B439F38F7B6EC7B670E547363reg0E8181654F86BF43E0210A09B07166FCreg0F4108C4DF2AEB55CE34479C6EABCC72Exchange Unified Messaging support for voice-mail and fax integration.reg0FABA33AA368F6A79434E8295ADC3B94reg0FEF2F81B1EB050C47DF4685639C3C16reg11F6C813D8AD39AA636B556C26735889PERT Analysisreg1220626D7618A26DB7F1C9EAA21CA016reg12A7CEE4CD6BE6F2381D17357DDADE26HTML Documents (*.html;*.htm)reg1411C2D32DB44311EE597468B3CC9BFAreg14491C5CA73AD97D3AF85015763FE988Adds Send to OneNote and Notes about this Item buttons to the command barreg1497460DE8A54C48A970D2D5ADD74FA3reg1525240504C166D47CB0781930C854A9reg15BEA710FD8A9D51AA6E86128103A3E3reg15DA56F824CD70C86C574A63FD856E03reg168E77160EC30C1660E372B1462A4115reg16EB6FBEB4FED73DC18392B8F105E908reg171EC7CD6ADC2A055672DE0AC43A2899reg1770F2FFE4526FA0E43D6275ED9EE4A7&Save As...,0,2reg178474FDE68D0991784D00DD923B41EAreg18FD1ACF1B96F1D2A846CA4BA8D8CB44reg19B311FCB7F3AB5C6BB6DDCACC605410Word 2007 Macro-enabled Documentreg1A2A1A3AE3DB93E280CCAD552874DC31reg1B3C88E27294452C44403127B9D62AD8Excel Binary Workbook (*.xlsb)reg1B455DB5F69002EE80B8A8A99B24FF91reg1D17C7235462E360F6FA28EBDB8C4E7Freg1D9171B8712375DBE78F5B50F2997932reg1E4199476049D9525A24283F5299439Dreg1E82372B07C9A01A9111B50FE89C3FE9dBASE IV (*.dbf)reg1E9D39EB5F210ACB12559632C2E69CF2&Open in Microsoft Office Excelreg1EA99958A8AC0CC562386CDCC4725B56Exchange()reg1FBC13F269CE1ECDCB7506EDB8D328E5AddInsreg1FD567A744988A3442A6F6AA9E6A60F3reg21AE301008F9A0BA5403E2831BA46E70&Edit with Microsoft Expression Webreg21E41606A7192A7958C9845C7FA6BA82reg227AD8C87F11A8BB0D27F38D3921287Dreg2287B1A993A3863AC36CBE9014371B50reg24D1EC6BD2320EBDA2C41E9CB6DFE748reg25E4A23BD7B5145373EB6A58A01B336Dreg267BB383ED7581CEB396359EBA7C7050Microsoft &Access Data Pagereg2759B5FDC51A2730F82DFC6259E4EAD6Microsoft Office Visio Add-Onreg2762F2E6F78D87B79F49C654F090A41Areg27B840370F12B098BF71A062D809C627reg27E96DFC7E93DECD717DB4D1F7358633&Edit with Microsoft Office SharePoint Designerreg2809C64505F28DB09379F4D3E2605995reg28B0C76451F36B37BE0E6F61F6F33EA6Microsoft Office Groove Proxy for Outlook Add-inreg28B9C489B20D8668EDD41AE5DAD4205Ereg28C2BC4052B2BDB70109E369347CDC3Freg28EA185236D5950D5AC3F6EC2B11D56AMicrosoft Office Groove Space Archivereg294CC655E304CBA4996C0012176C40A4&Edit with Notepadreg29A81CA3A0B3CBFBB498CCA1DD60539Areg2A14692C0B1D2B72D9C372A2A4DE06C8Paradox 4 (*.db)reg2A88946DC951AC035EC98F0967AD065Areg2ADC0D99F3C11EB901212CA22B9369C7Microsoft Office PowerPoint previewerreg2B773B288DFE5F0DFF83894F6479EFA3reg2BC91F563F20C0181C7F7B102A6C669Areg2BF04053C402D67F12BFA1F4FFA8FB86reg2DC60DF677D0A211FE14C80A9D27DC4F&Open, 0, 2reg2DC7FF94DCA902A47DE7FCDA8B68B2FAreg2E94A9D08D524436EF3D59A425C01DEEreg2EBF0742222D9182D35E8C82CD4203F0reg304BA8C9C754F4A535D3B24F66FB8872reg304EC0DB0EBCF82E95A0476C4819E289Application Datareg30A6325726864B96D39C39F2C26F1421The Add-in allows Microsoft Access to integrate with and enable automated scenarios around Data Collection and Publishing around user created Access solutionsreg3107FFB925A9F4D4139028A2835E9BEDreg310CF7D3401BD33AE3C8B8C018C1FBC9reg3173645541362161D141D8BE752EB7F9reg3191C79205C9ED2BB7F7629257A00D05reg334AD94322A0D76EB40962AA3C74746FAdjusts project start dates and all constraints within a projectreg3393D922107AD4EB0A78F594C5C2D03Freg33A0949A0360B3B3B9B61977F0E6EA71reg33DD9261B98CF9670F86303C6DA747C7reg340CB4EF259171F5C656D4E14977A5BFreg3448208657DAC09AB3AE301C48303526reg34BD00F1A73302335A6B7BCAF40D9795&Open with Microsoft Office SharePoint Designerreg35314B2CE20A4A3A050E61DEE1223ADDreg35A4C07CDC82E830968204054457428Ereg35B2E4A5D715C2204D1DB7D281D59A8DMicrosoft Access Outlook Add-in for Data Collection and Publishingreg36052154150318D8ABD05CB84B5E38D4Microsoft Office Word previewerreg36C00FA4126418B44123B994C0554359reg3729B46C8DBEE209D53B1CC4A22EC32Areg379E2A47C1AA5DC01B982EE188A9C80A&Researchreg3823CF0FD84BF07134B214C922FE99E2reg3A0E418BDAA31FE015B9233CD04E6DA4Microsoft Office Groove Filereg3A3012489D1E7E69307667CFEA22C862reg3ADBDA109826C6868014E31F0781E925reg3B125046785390EFAD732C472328AAC3reg3B364E4B829A5BACDC414FC8A6021551Microsoft Office Groove Remote Filereg3BB3CA95607C1D8CA9523D466E6B013Freg3C5A7128277C316A50C7A72E0444E038reg3D0CF844BC6A7C3A771C45F47E86DF9Freg3D84238A977243F751F76B43B3FDD625S&how,0,2reg3D93AC9182D64E51AA9E877E3FF233DEAccess default location: Wizard Databasesreg3E0C50AFC2A6BFA79BC8789F5ADA3AB7reg3ECB58C4E4A9F1247C3D8245E63C0A99reg3EEC0F402B1ECE922F6773BBB15ED202Presentationreg3FFC766B9248A4CB1CC63D573F458977reg414F11BC67CD643236734DA034728180reg41F3A4F6DA5BAB49C6C2D7CBF8E0D8F0reg41FF364DB5E121334E5D73D150BCA91Creg4233D9578D83AA196740A80799FA2DD0reg43280322FF5C47AF2949CC3A025CBC9Freg43DFAF5B8CD9157E6F37F474D3EBFED8&Save Asreg442B5C8952B10996B6268E321EC8A792Microsoft Office Groove VCardreg44571913616D8CA2027CBF19EDE7E4E7reg451F21F211EBD9E00277BF27EEF2EEAB&Open in Excelreg456E37CAD9DC0CBFF333A379C17A430Creg4690371FF2B771F3F3FC75BED8B6915AMicrosoft &Excel Worksheetreg4741849934C79B9236B137551305284Breg47B58DC63A4F839F02702405C85E2BD3This wizard helps you to resolve replication conflicts in Access and SQL Server.reg4918390413F5EDF84F70EDAE5BAA8822reg498B8862E916C3CD4B9EB577F114A044reg4A9CAC887DD0369C475697A5D71AC1DDreg4B5FEDCB6E7D93C0E28AE0890B8901CFreg4C6AB154FC13A5A9BA7153C1909DE249reg4D992677B645D33E9E5358DDF3C58953reg4DB12F40BC5DDA8371AF9D3B2A6C3690reg4DCCE517D3AF59417F40BF6F889F4987Desktopreg4E2215E2C9B8B501F318C78D3BA2C715reg4E7CED7DAE0A20190D6756403558E732reg4F07B3B4D814A6F75C8A0EBEA3619FD3Visioreg4FA1496AD7D17777549A749E01CE35BBreg502AE1A142BE6373DC4DB8E493FBFF46dBASE III (*.dbf)reg513C4ED015E3B70DBE1A9E4D7BCAD2C4reg5161203B39E75ADF825E1012C86AA589Send to OneNotereg51763D059D0CE7E09739E09FE8072702reg518401DA3D281178D610BC636C709E2AWeb Sitesreg52F950B879162EA45930A8794E69E3C5reg536EC9546430FA166D2A825F5A93C372reg543DCB92FBF2E3C676CE027D9EE48162dBASE 5 (*.dbf)reg54851144F8B8731E45E868D86A6E9265Stationeryreg54BCA6E759EB27FDAA92C64FC0E680B5reg5508E4E14E6A8E47542531AF19AAE559reg5524404F5CB515FCF3C116C7E24E5285Projectreg552FB8256C57B318F4BADE5812182AF5Lotus 1-2-3/DOS (*.wj*)reg567A61CBCE74D1647F2FFCF3E796619BWord 2007 Documentreg5703174B35377F327156886CE6045231reg573C928E3B1657rE6
3DB98B355B
E{0reg580I1{3f5
C#AX00Bd4kAP5K9+A"17reg587
F595D285
B2BCE0DJB
E	iCr+s
 $fFi0eHS
 OrRp,iC 
ltr2g\9[A!B.3EEaDq9QAP1/DT9BF-9@8/AWE\r8p
r#gG9TD)7W5N4gDQCYA\4,CF9e1
CPBI350he)5.0c3Y0S5/1CD
C^7R1M8DEZ00BR9dAJr
gPA%B(C"B-6\F%9
EKByAyBw8
5RDBAE6
5b0d8oA
5&2D1]2]E"B
B\B+1LAa179D0AFI3)FAC2A'8P3
eG5"DM3E2\E[EPD1AP9]9(E
8_C#5_0U8Rr
Db2X4FE(FS8X1DA
FUFYCRFJ2
eG566WCQ1T9FA\8_3UE#EbAPBYC
3UAD9MA
g\DYA/D
E-0#7^A]ETE2B
9XA2EE2 1
B^9\CBC_8^A"8@9
3U8+DbD-B-DMBIn
rEgXE]AJ7#C
3M1XCQ8]6
523U8K6
5#5M6\CG7KDD24A842E59804A89CF82EMicrosoft Okf+c
 F0D7OA
cEs  ,a
eWEeg+n
rigvF#A13@DPE*D+6d1gAV6JCG543
5*EEF;B~4B2Q8M2
De1]CIDGD'3|A+4PM
fIc' &r
g80zB*0_BX5[1]D_6-760d4`8'0;71C>6
6U3f6sC.3D3V6PB42 3{B(A%6[5@AQ93M
tPV6AIf
rNO`t%o
ArAUFB0M8,9*F(3
Bm4!3:3BB>0xD
g91|5&3V1B9
FPC E.4PD3C^B31Y9P1{e*6T2,9C3a1`8QCIF6417{B[C,4\EL3k1Vr
gY1T4-9eFz3Y3@6A8311E6333FB978D2Ereg626F42EB841=2
D\A,6]F16i0!5TB[5\P
red-xL(_.
b.r#gC2ZE^3CCYE'F39xDA1C3X0A1
EY1Z4C2(ihr"s
hAn eRU
6FE$CFA
4JF'7$7.1<1	A 4 3_AG2ZC
e~r$gU4D6[536UEdD
FZ50ETD#2ED77
0W7AC*O; $dD-*nAf
rTM: ?r
jpc5 A2^0
6WD'504-D]7(1
DaA.441S5KCA5W8T0Wrogt5RD D(AVFDB+E7A[2'AI4
D04D9ED_2
eG6s5V9[F!7T6
64BB3CD_D*2
FxB]8$1^R	c
gB56917FEC46918FE3924EA632EC4FC92PrypEr
gU6*1aFNA-2+5P8
AWE,AM7
D_8^E@9(E
EoEa4}5_9Q6SBd6L8XCX1S6fC*7RA5rEgX8^0cAZC+F(4G344,8-6
9\6T9 D]9
eG6L3\1d6W0\5,6SA
7g4UFS8_DTC
gP8aAr4YAV0ADTC+818C4$C~4ZA
FU8_271+C 6
FS4+317
4z9.rEgU9\6_9D0SD:8CC
CG2 3]6J7,C53Q3F5
eG6Q7UA_5C1
F\F(3F0F7$9/9Y9#CUDfD
9M5ZCA1_2V5
DQBR178U9\D
5_9&5\13Om 2d
rMMs 9r
t`sbaLP
oon9,AW
rNVls.oRd
 Go7yRP
EV6P82242FEE93A1E7B9F487C32BAreg6A45C74	1-7TA 67FzE$8SD575A
22B0r7g_B"4P3F85FwA_06DW61D
E*35DB9|0W0
2+D,BRCD8mCG5
CCFC1.0h21Dx9-8FrNg
Ds9T9^A@0$B*0P5B1!6c6TC\3W627cE>a
oX F ]*^d
606d3|AS0+4\5FD"8
C#F]EZE,4E3f5.P
7N8L(C.
gWD07&9-5
B#39407dE$4:0&FU7]0]F52mi
e	61Dc2
9c17DbD
2%0TEA9'B"3PO
e	6*1C1-DQEB1
2#0[94D[0]1
AZ8%4[5\r
E"8,3Z416BF\0)Cc3]E72CDB9
7X2VE3x
eL ,aCr
g@E*8\0%Ed5Z3+6WB7CE2,4)0
3"DB5)D iCr
ve Embedded Inkreg6F6E60EAB49B13306
1RF]4%A\9_5=4
r-gSF[0D91D
FuB$C_8A1711B`2e7RAA9K4
e`6`Cx6R2_1YEE9RD37
7tFTD]DHE~D
rIs$ <r
6fED2,F
2dFs9*5]CFAq5_Cb1@D00
3DBV615}D\9L8]9AE@9jED3%F[DV4ve77W7
BB5@EfET8
0+6@2|CZE\F9EEB1F4reg70D2778E7BF614725A3216E4
8e9 DMED9=4AFw5 7WEBD@65Egr$g[2YBW8
CW9*0]7]02A
2SAGAV7SC
FS1myFP
ezr(gR2B3$8^EXE.0&D75"2|9,AXFPCWA[6!2
7&77B'0'6^8X4 CE704}6Z2-6Z3BE6r'g^2L7^1 0@DJE7DeCPBB1+D*D,1%FG1|E
7\2A3<8
A,E_4.BA9.3S5C7\4WB-DE0wr
gY3R9/9J3Z63B
5m1U3D6:0
3x6^DGEw49eg74E9148142176A08E955CD1D84C35FB-r&gV4(8V0+803
A+6[BV5 6b0'D,E
3;eG7v7^3\3T0'A
At2*BJA/A
Ar6$2+1X4_F
e	7RAT8
3n1^61AY1VF\6&EeDQ6(D
3|4Vr6g_5,268
9+C|2P2RDS9
g^551[7T3^6\De0EAPD^0]B[CG3d1]5,37l
d	rrgz5#C+2E7d6,6_1&E#DLD
6,87FL2
eG7D0T3]3V9&4 3
8U1\E@D
A/9X924'36r
274N6X3U8'4%7g1C4 7
3_D 3]B
eG7_CFCb2]9]056aAX9\5
6\9 DYCB0+1{r
gC6f4$6\BZ0@7PE+0f0@9YBUB&6FEK9
l	sA(H.
0"4TAV9+3]26AfE&1&0a4^3 229G8
8x1Z7dE
4b6#5VE1C\8B5
eG7ZDG50E12$AV1@0U6NEeBXDQFEE\B@5SrOgvA
ESEX8*AAC00[E\8
3S2%0Z9+6\2EARe
7 22D'2
F_FMC6AP8^1V6
A23'AFD!7-C1423v5
B$0VAS2T7
ec7gDl7UC70G6dF
8{8PB-8A941
r&g[BX2KD$FEDC8A25BFD6A782DEC241D86Microsoft Vf$i
7b8-BG2f4/6^4A8c22EW1(4ZC]ET6
gYBf9/2U8$3%8U2
A]3XEE8
 U-'-~ M*Zw
9_201d7[6.FGD
A4F$8T7[6V5
7-6V5[E2C
F 4)9%BVF!7R6bAB6*5SB
g^CLD'E
F[8TAfE#1\7d0-C!CV4^8)FeE?u
gXD3678 BP4
7'5_B_8A0W0VBS109UE
76E,4%8@5$6
803C5eF^4WC
F7FJD56@r
gZDeD32#911YED4E8RF E1B^9s9"4,EF2GE
lRe	7*22C
4UF-4)5*7O4
4W1B6Q431(F^F&rwg~EV1FF'C*E]1'AaF-3TE"2SES4
7TB{2\A01PF)4Q7UDe9yEUC 4RD!C
E,B2F CZ8[BW5
5pD_4P9R8&7
5:T2R Upr,gV0%3V098
F"5Y6XD$9%5
A}E/2V9TDQ5yD/CE3G9cAQ4TAF9'&pr
,_,_rEgK1@CG8UERFYE
CX5Z8YFV9\FdC67^4Re
8@D\4CDP0b4
2^ARBVC\7x3X2B8B1
gL3U1a1CD_6
C53CCGCS9"4XC
DrBKEC9
6W319#8TCB1(BV8"3cE2CQ5,8Q1.B2rEg\3&AE6^ERE#2
B&6V1[9D7PC>4MC#B
BR5DD$1YAMF_A_7V9a855Z9Y9Ur
gO5eA&8*9TEB8EE
6%3\9,2]A14
8C0D4b7"B
8TC+503S9ZA(A!0RCd7W10rEgQ6VCB0,3J2^5T5)BS3
ENAZ6Y1!6XF55la r
 8eMpKaQe
6\5'EE6
D55%BJ8S2+FD9
gV7"2.2E9B7911A27CD98E0D05692D91Areg8824C
0-4C6D3dCR1S6F6U7 BY003=rEgW8C019eEWB_Cd1W5+6EF]BS00F
D+D0301
FVB+C6DV301eCWCE8DB
8P5)C4B[5'DB5
3&Al6^0
g]9<CdA,DLBA0d4_9"6a1S2-BF0YCT7D1ReO8d4WB
71B@CbC+D^3eE/D C)8_57r
A@5,C/DXDU8
0&D>6I2S3_BU4^8+F&3Re
8'3X0Z2K5J1f8@2LEA7Q6U9,D^CvFE61W
8&7(F_CV9
E`F51cB7CgEB6y6f9
FD4PO!g
ofo6tRO	f
8c212W6Y2'0k1-9,3)8JC*6uAXA(FU4Ur
DE3T402
A&7 FLEPC
9_1[C3DRe@8`A24
3W5kET87D+1L3@6SD]7b1f9C7
E 0*3L7YERE$C`AC2k0b8R6&BX5Re	9_FCD
FQ8/4A6[8'5_5&CX611S6RC
g\1A9XCD1/5+7(3
8+C-0AEe4'2(A.8XE6d
9]2KBG1Q0TF
5*9_0JBD1
FR6aAQ7TC 1B3EF
8@0 0SA[3
9A0WBE8]F+D*F
DPF00*CE661,Cb0B4)r
g\3F564HF
20BaFP0]6P618d7XF\009Re
9M2X315DB 4j55DD9V9'6+E
2FCFA+B0r
5]07315.A3B*2b4QDFFV1R9'6b9W6A5
9B2ZF_7WC
5!1KFK2*A7C~9
9`1G6T0gr
gK6!FRFWE
Eu503@9WBBE
6C43D104DBCAEA4EE8C542A74DD397reg#7
9Y5X7/3W610d6S7@778X6V5Y5
3#EexFe
x>r'gP8E82E
7/D(7W2\9L1
F[5BD1Df2Z5 1Re
9Y5[1QET0
FD8d3G8J2(B7F&rEgM8W7
4D2R9#2 8
9*5\C-7:0
9V8150FT5\5
0BBL3JCT2'D)Bw6
 j7T2^0P ,o
4QDW5Z2UE#E!2
9 A0D,4]7
g\AS2]6
6DA\1-1%5-2
4_2URUn<e(9
6dDD9-ESEf5.9T9ZA^7d3G1\81A!9Pr
g+AzB_0X8DFB9
1ZA*DAA
e	9%F&5xA
7PA]DUF03B1
8^C%7T7'4S6
3YC)6B5 0X8P4<D
6\3;C*8EFL8@0jf*i
kO2U0D ca
9.EZA+ADFe0\047F6]C\C!0Y7A0\2GDarMg
Eq6b6UA)1U2DE\3*6R5-9
eG9-3 3.AQAT6
218bA#BX1FATBP8S0OrEg\CO8]7226266g8c5B4CDP5(3QA
9c8T8WC'527
B]F\315
3U2U5X1X2OBar
gLCI0/CY1[0"0A7V0CB]8
0%8*3_A_8DARe
966WDP659S7c6_F,9U6Q3f4
D51X4z6 8/CY2[A5E
A]B@5\5,C
Ac3a20D#8aCYBV0'0Tr
FEC-2f9FDDAYEB2#Ce4B6_C
Ed618WD
 X7L-IE
cElS2D0A 2o
oOkF(E.
D^77Fc8\5.7B8
0TrEg70"9-4(3W4c6!F-0,56F^C^3#9[902
A]E#3%B{8X0@7W2_F(7'3aF50C4X132Pr
832P2F8X2S0z6(AF3QE*C-7S0
AS2[713'71689F1D84611E954A3328BCSoftware\Mikr+s
e91@.3\
rNSft9i
opo5t=I
t8EGx	outtt
 Lx4e	r
g/2$CFE\6 9I491a4YB6818GFWDXE:E?B4e
AZ8%BXE84;8
6TCC33C36!CU68F#5
iOnT pt
FQE^4DA,9"23B9D68EB347220F6My DocumentsregA0Du267PFAF`1$EEDFDwD"FG24FxA)95rfg
3 FPC4E
0WE(9L2"263M7?9
A&9UC60
AGCM1@B
DSE78U3]C64sB5163(AX431~M
owo,tUO
 -ekp-a
AE4D3=4
9 DIC62 0]FS8SADC2F
g#6SD13:6~7,A0C!0)3S1$0J50B10BF15regA8BC0B07641F7AD5BA0C60DW0
0@110$r
g/8%3]0
3]7N7 3'1H272/3-BW9
7gC<8be&AJ5CB$C7EFC+6X2+6
4Q0"4\7]E B%C%P(r
xE3R(L.
ga9[E^47A
E28@7F1FB*B0502 1'1^CtF
A'4CCCBY9V0^D
A6CP7%9W7&FTr	g-C
CT5VEG0]9ZC%C"Ed554
8C0n9Re
A*EZ5$7eD
5JDr4W6K120F2 BW7ErEg
DE2F2,FF8z9xC[E&5#F7AE1aDEA/A,7)i
lIeKtPoR 
lEcLiBnQ 
 PPpe2s
OUtLo,kOa
tee*d@f
ustamAi
 of)i0e
A,7[B\E
C 4 9*7-ESF'909r6X5-A03
g#EB6}0 0EBB5w6C0BEB0	1Y7A15F
1B1.15D07644B9803E1B1CC9EE702DChartregAdC`6SEFC^2 2/82A
D/6W05EP2.A]5
g F)E[619
6*E)5F0f9@6C25620)8D024
B44`4R6$2V6=9g542XB06P3f8uD@766.r
gb1&870W6RD1A+6X0^0bE09YB3D_E$B_8
eGB]8B9cA18 4T5'C
D$C@A45"0JC
g+2X3]ECF
7AC'1WE 7
6U6K5BA
C]7VF%6\597d8ZA74E2b0-0"2
g,2 60C^5
F'1EB(FT7/6AAa1+ECA
DSDC767Y0J4
F*0+4W1[1'r
g]3{E^5B9TC(1[B C
7F5TD4D*3 0^DDDRe
BJ254#5e5VE]8_53F!9C7G2+7.5W5[7
g44$EU4[0U4a659U6CAQ1S9*8LD
F_53A(i
eI |.^/O5AW
oK ^*Ox
g,42Fa4VFH1!FK1X4@2Z9+7\8aB
2gFGDWeIB
D:0m7L5`418
CtA*371]2Q2b0]3]30rEg!6^9XB37V8GCL8
E4E#2G6(1UD/062
7G1H5H8Q2f1
Bf2*5(FE4^5
g;73CS1
27ET1A4S2]F)C
eGBOA[1Z1*F]E
BWD\7_72CTF6C70+6Y9SMIc
l	oK F0I7Pp
oViLeV 
nEtO @eIpSyFu0b3t
a	eTyOu
,4a'dNr
om :r	a
on you need. With Office Outlook 20 7e 
aTi&nNw
kI2^0C Ma
nWtpeft
gb9E0V4"EQ0EDW9[6^2@B_D{D/A49"2[0
1I7-F+6,1D0&1A0
A-7DFREG2 CF3(r
g,9U9y1/7@E'FZ5Z0V8f7&2)3%DED0D
B#3G9]3\1XF
FU7%9!0D6$C27JrEggB18lBa0
0'C&4 EA4T251
eGBfFHA"2p6V1S0&12174
CBE^DV1-0T3Dr
g-D*2:CcFG1'E 3[8dB-AB6$3@1#6[B^4
B,7\8DCJ6_9/7
8[AZCF7.0
g4F(EY3Q6S9R0T6eE_C(BAAM4JA@7[5A7
3LCP6!710A0,DZAXFa5
gc0[AXFVCBAU3]1
AXCL0f1
7GB\ejC;3
269`C615C2A 6pA16CA(DPC[2R7@r
2KAJEY66C
1q1ZF75X2PB66
EUeBCBCb5
1Y1_8BCT0UE[AR4
8_542eEP4(r
g,1)CD1%ADB+6T9[9R7
B6B_5F5P3
CG4Z5V8-E05"4
D\Db9U6B7_34EU0$8Zr
gc2RE,B41
F^1_CK2)ERFB2
3BDf3regC264B82C23C56981C999D40967534CFcrBgf2JE
3eBY376
A+8.4BEc7'4
15D%1YA
B/A_F@7!3R6!DK3
83EQ8\DBDVAlFeLJt
2D3SWk3N(E.
eGCDEY1T9(4V9c8SD*5Y0UA1FQ8W9U1bDFr
g*3]AEF
5G0"A_F65$A 9
eGC]4XEM8
50F#5_5(CW7
CU8$8FBUr}gd3
1-6\B7Af4S6d7@7%0
CW9f825^0X8$F
0e5P5A0bCVM
g%3f4]1V4X8Z433M5J7{0
0QD6BF5
0gA%3J2
6(C*3U5a8,A\A1B
E"8^17r
g'5UE|4,ENBQ4^1YE A
2'CQD_5]9Z6 1=r
vzd1sOi
eGCR5P8_3\1!CWARA
6S3$CV0
7&FREJ7Zr
BRB/7QE
4^2Y4/A\9<BsF*B
8$1@FTA\6TC~1]0G3#1X1[3%6c1\17r
g&77A-8UF
8\0[7@FC8L7&6
1ZAB6X4J9
CV3bEQ2JBbBNCR5G1^1 C
6XBX9#7 Bc&'i
gcA D0615Z0@FB301F27B2E2A3E60702FregCAF3EDC22
8DBr$gCB23
]/2|#2'
z,]_%WT|^\!6-
@0DU)26
cI0xX\518z
P*P[B75%gfL
CS0r[LQ@\n3(
y&1DXSTK8+%
]Y/wL@UryM
dTQe513Z
r[Uy Z9UIv\(
[,2M6(qg'F\RWC0ru
,,JG4(
`"EaD^\K3%7
D_T1E&
"))S59&
04_JD'
Z,E@C7Vv`ZVY
gT^uW[tC3-JFS
3[ZFW4AE]f
]Y`4X_TWy0'
3QC+YQ152
t\7[GF%$
s/Q0!'gT
0Vu!5X78$
(ZA[EUB)
dCBaB].AEbC$+\EB,]FB%
Y/5U4~![A50)
X#|Z1@5%
RF]}\25AY
}/+A !
$0A/K1%
g[^y\-@`ZVA&FAR
z#)Ip,G^Dru
\)g070FQMq@GuW7Y03Ur
r\\^u_$4Xq
LFA+(KA&
X/]5A)
*\/SF =`L-T
/KBp'L+>i
uUQY;r@_
~%,W@zPQ1q
fGa.H:A93
X!_"JN
XCQ#z.U[Q
F5Ir_E" 3
!\-0OBMr^KSQ3kB<($C7U2<
$_$_75cN
]/$YDf,\0)4*6w
61KZ_{F*w%Q#<p*-M
r^Y3DQ0>J
tZ-WAD>Z/oQ(\^CmRL5y#
P__+B0
zXTRBHua
"=q^^1h
5AY!HF9{UU
CRY6\}D!S0:>h
0^-]EM4\bZD &-
94C521147AA000ABregD95B5C5BB17B95646B0B0FBD8B58BDBCThemesregDA877FAD358020A0C71DB386AC55506EregDB168F409547E93E2AE324069CE20EA2regDC37D24630AAC686C066A50852E44E93regDCB972E3FA1DA8A7006BFD8EADB64361regDCC45A20C92AB40CB22C7281EA0923F8regDCDA41E66B5CA3503C41F512680BE69AregDD01770281F953CFD7BC191ECA0A8EC5regDD10EED7CC53DC62AA7AD3256FE6F311regDDD62D74194B06933590D2D879DC8794regDF2B73ADC0AA3A3351C4AF92D876B8D8regDF92398A5E4C65784FD0553C30AC473EregE1A26961142A18F0623992D84123AFD0regE2B9AEB1B31BE8A1D4E68304B7493C37regE2C31DE2D77B66B8FBED58C1B208B21CregE397AA832BAE7A375D2738A19D504E10regE3F77889EFDDD93F2DB484896584E441regE43485B826127CE5BD8F1BE44722C562regE455CCA81AA57C8799F61B017F848CF3regE481697159E58924BD21DCCF9E112CA0regE4E2237082280178FE538B3985448CB0Open as Notebook in OneNoteregE4E6D7B9CC31027603A349866C1C53D4&Send Options...,0,2regE78D9B0AEE2E321289E5A6F0DDC9D924regE917E57D0891419719AC51E2801EF51BregE9E3B17824F4505F363F0D362329B9C1regEA202EFD5FD101C2B184EDDB57E55BEBregEB7203972630158AAE797F352E6DA127Lotus 1-2-3 WK1 (*.wk1)regEB98F7EDDCB3D37CA855CD49F8B31BCAregEC74DD1510114A32ABB22D6B217B3EE3regECC565D28E4E96B16C0B697C12E6B19AMicrosoft &Word DocumentregED84E5336FE8492ED6273CB7E3EB75EAregEDD11B71325AA9EC0DE58ED3AE96F87DregEE0BA374B05A0559695FD9D6E5A55BB2regEE1E2A84470328029A5EC48BC546EC4ECalendar Gadget for Windows SideShowregEE60633F011A36F7FA4BDCFEE3A490CDregEE9BDB70173098D6218403F03CE5B02AregEF4B108A2B9FD1738994EC7239D28380regEFF39F3E2B317B2D1DA0D62696F0A4FAregF094360D874E4492800D0ACFCC9407BCregF13487211B5A08E25768664AC300E08AMicrosoft Office SmartArt Graphic Color VariationregF22F752A874B164E6D6E92A4EC61C6BAregF3FF9A5103275DD978C2AD3A03EFC794regF5897D437ADC7ED9C0CEA03BDF2ED4EDregF604188FF1CD4919935412663729B551regF6339D87EE880EB383F96B1E13C93EC8DocumentregF63FB64D006514D02483C5CD54B4D4B8regF663B95F47A47C74281BFBA0E2FB61FB&Open with Microsoft Expression WebregF6E21A807BB1958A34B612944832851DMacro-Enabled WorksheetregF6F09C4D2A64A01254D07FD1B10106BATemplatesregF7656B9AFFC431F2324A2C4CF2009037regF7BC54C1CB3DA3C3B5ADDDD63D08B25AregF8D5B680BDD4E0F126820586D19718FCregF8F7EAA0654F712EB1D8CDFACD33B4ADregF99CF3C23286FA67A4B013A829D83644Microsoft Outlook Mobile ServiceregFA675AB5A1D668A6742159FA1326A62EMicrosoft Office SmartArt Graphic LayoutregFAB647A1F1E4D829747EC88643AD9EE7regFC18C14E7C6A319CDFE01E90CDA4147FregFC4F9CDCD16B45FCDE66E404485875DDregFCACB123CA8FF08926334B6981B173F0regFD5FF91D29F7BD094F539CCCDF858982regFD91F1A1A29B8C6F661453628D2A40B4Using Microsoft &Outlook...regFE6A4E0C86DA67FB0B5762A72C995239regFE8CDE0ADAD4B69A3F746FF24458FFEEregFE90DC5BA76CF7277965BCD020CEE266regFEEE347AC1FC34D072DC04F88EF8B147regFF9B7CDF553441E64D8D4F0C8C6247C7Copy Picture to Office{00020803-0000-0000-C000-000000000046}LocalServer32Global_Graph_Core{00020820-0000-0000-C000-000000000046}LocalServerGlobal_Excel_Core{00020821-0000-0000-C000-000000000046}{00020830-0000-0000-C000-000000000046}{00020832-0000-0000-C000-000000000046}{00020833-0000-0000-C000-000000000046}{00020906-0000-0000-C000-000000000046}Global_Word_Core{00021A14-0000-0000-C000-000000000046}Global_Visio_visioexe{048EB43E-2059-422F-95E0-557DA96038AF}Global_PowerPoint_Core{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}{64818D10-4F9B-11CF-86EA-00AA00B929E8}{64818D11-4F9B-11CF-86EA-00AA00B929E8}{74B78F3A-C8C8-11D1-BE11-00C04FB6FAF1}Global_Project_ClientCore{75D01070-1234-44E9-82F6-DB5B39A47C13}{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}Microsoft Office Word Macro-Enabled Template{912ABC52-36E2-4714-8E62-A8B73CA5E390}{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}{F4754C9B-64F5-4B40-8AF4-679732AC0607}
Installation Transform
Localization Transform for Microsoft Office
Microsoft Corporation
Installer,MSI,Database,Release
This Installer database contains the logic and data required to install Microsoft Office.
{00000000-0000-0000-0000-000000000000}1.0.0.0;{00000000-0000-0000-0000-000000000000}1.0.0.0;{00000000-0000-0000-0000-000000000000}
Lumiere
ShellUI.MST
"20181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.462","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->2048"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->2048"
"20181027114553.502","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20181027114553.512","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114553.512","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateProcessInternalW","SUCCESS","1568","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114553.542","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00170000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20181027114553.542","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00170000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00170000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1568","szExeFile->HelpMe.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->1568","szExeFile->HelpMe.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetHood"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoInternetIcon"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoCommonGroups"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoControlPanel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoSetFolders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","SUCCESS","0x000000d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d2","lpValueName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da\RpcThreadPoolThrottle"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->52248"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpNewFileName->C:\AutoRun.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0130f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->3096"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->3096"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0008","lpInBuffer->0x00499aa8","nInBufferSize->0x00000046","lpOutBuffer->0x004986b0","nOutBufferSize->0x00000020","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0008","lpInBuffer->0x00499aa8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Data"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Generation"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ad48","nOutBufferSize->0x00000008","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x00499dc8","nOutBufferSize->0x00000010","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ad48","nOutBufferSize->0x00000008","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->3096"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->3096"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->145"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->145"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x00499de0","nOutBufferSize->0x00000010","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Generation"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->CurVer"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012e","hKey->0x0000013a","lpSubKey->(null)"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->DontShowSuperHidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000138","lpSubKey->(null)"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ForceActiveDesktopOn"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoActiveDesktop"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoWebView"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ClassicShell"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->SeparateProcess"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->NoNetCrawling"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->NoSimpleStartMenu"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000138","lpSubKey->Advanced"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Hidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowCompColor"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->HideFileExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->DontPrettyPath"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowInfoTip"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->HideIcons"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->MapNetDrvBtn"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->WebView"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Filter"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowSuperHidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->SeparateProcess"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->NoNetCrawling"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->3096"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->3096"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->211"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->211"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->ShellEx\IconHandler"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->DocObject"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->BrowseInPlace"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->Clsid"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000146","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000146","lpSubKey->Clsid"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->IsShortcut"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012e","lpValueName->AlwaysShowExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->NeverShowExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->UseDesktopIniCache"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->Com+Enabled"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->268"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->3096"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->3096"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->REGDBVersion"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->22512"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->REGDBVersion"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x001f0000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x001f0000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x001f0000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x0000012e","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->TreatAs"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x0000012e","lpSubKey->(null)"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocServerX86"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocHandler32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocHandlerX86"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->AppID"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->ThreadingModel"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->TreatAs"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->3096"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->71"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->DriveMask"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->AllowFileCLSIDJunctions"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20181027114558.629","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20181027114558.629","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->268"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->3096"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\NvAXQX.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\NvAXQX.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Documents"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\NvAXQX.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->12288"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\NvAXQX.dll"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\NvAXQX.dll.exe","lpNewFileName->C:\cuckoo\dll\NvAXQX.dll"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\UTIRDA.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\UTIRDA.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\UTIRDA.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->3096"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\UTIRDA.dll"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\UTIRDA.dll.exe","lpNewFileName->C:\cuckoo\dll\UTIRDA.dll"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x000001ec","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Generation"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x00000138","lpSubKey->FileExts"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c8","lpSubKey->."
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c8","lpSubKey->."
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->71"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20181027114558.830","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000020a","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20181027114558.830","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000020a","lpValueName->(null)"
"20181027114558.890","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.890","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->ChkAccDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->ProductType"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->0x000001fc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Personal"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Local Settings"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->RsopDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->RsopLogging"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20181027114558.820","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->3096"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfGQSS
Qt]\SG
qdvuqq
Bl3,+)'
#`UVG_v
Y[euvifzmNKnm}p{yy|r
b\PDUMP]>|]VC_
Fe5YXW]N
PRC>uOEXXA
DENTFNAVIO
5bszs20@
@WGdY7GMF
!(PWWXKEBK
fPRw^\Z{GUgId
w{!tgf
_+zt=9&111|zg;ldu0
Gpo[S@_QCD
:/*&:6QpgZ\N
^}[_S]PcDsLCWQxMbBY@V
V\TQZR
@bRReBV
F'cengbw
dEN	RzC? &
[~FCPTJmJ`HARAvCuGYDQ
V\TQZR
@bRR{GV
I@qt--w~g
HM181<2nca
SB_C_W
(5BR[UQG~VgJ@]WCU@
VSVQPP
K@GBLE@GA
dEN72EcR6;
:?GbC]
^bf,,-6$;=  lYUwauc
^GbDV~PA
g_DXUPASloEAJ
B[SEl4P
\Go!AG\
Q[NIQLCDQ^
RgPB	3
Ceb qrb`
Q|U]SH
mVCWICM.	
3C@W	562UjK*$
LCP	R[kNGU
	r]UFFQMj\UN@
&PICEPp]NIuPIE:&71<q
~GW7@U^{UH&
rrzoc"0>kbgF[f	
KJ0$< 
*< *2+DyVu[^UWFCntDCFP[Lx\FCKCLmcY\KOK]
VW]FOA
ANBGQ	
57!wwgc
OApIE!>
pe|moaypcvxd}yq}0
BEPZCe
QpgJ@^_PIPDdfGAIBLT]
pGPQGKtXTG{
dgaogfc
GiZ3UhG5(;)1
ws'buqt
TAfS[DTzTX]
gURMPPGS`PCA]
STGHAV	
r[XUaG
qdvuqq
/ 1.MC~NCE
f(6/}`m'6
:>(1--
YRJ^C]QEmc\[\ANGlaYPCVXDtIPK
	UVVUSP
d`&v&0c
}605k6+G
GtUCYCW
 [ 4q]VEOPBWk|XWGZKA_@luELU\AC~oWJ
]W>`Y_[Z
TCFkoFQS
MA.WYT*_
ddpw!`c
^Dv_	GbC\P
nel9,)/<Z
/XGUaD]CIdV]DQpMo
vcendas
wQG'KVG
Q[NIQLCDQ^
UMP ^\\aCO@kms%s6aG
D_Cq\	P-
]WK\>h
5gpQCCEBA
gbgpea7
70y{jFO{m|~{p|mzpr||{}
ECTCU?t
CYUFe4Y^
YT\QDo'O
DR@Go=
BVI[BLPU
eWEcRP^{QJw
Fglv%rcj
|tt)j."sz/,'
\F6WNiTL
;8LXP<9
7<7WOV
	yzqlj{{kdulx}d`sb
DAR@\?}Y
fRGG^\
BT_XCGCI
bVIcD]PUtPYBWgTu
gfq!u5jF
A^GgRX
GP_GJBB[
aSWsYGJ
gUYDU&A6
@vwz~l1u
	(THIXU
NIqFQ@DoIL
GjcQFBH
aTW|EP^xKKt@u
fbqaiqf
p{#o:~*s zh.styzz!
C`BW.P
PILEvYZV^M
0%"0?'qIAE
Z@qY@s
WHWU[A
tuyz0pi
`TSsYG
GJCW@V;#
^GgPX@PvOTS
dKUWS^
U_DN@w@QQB
w1&": V^[
bUWaGTB[zC
2lMO6x}
rergpN
ZTGtUCX@
*"* kNUu`ye}
PWW[CV^[DEN7
Hp=1Kqn
/nUvUBQCUWpSPPFC
utvg~krjewch
wq}w0y%f3fpa#
BNcU[F
a0!tp72
XiI[@[]
 6CAG~k
aB\VPC@gv
QVgMUv]_WO
DtPHRH\
VZ$N@MRTB]MBv
cUWaWIP
+essucc
@RgRZEGbCU
QVVJQR
6VQW Z_R
06sq#11
GJjK]P
GMF~kurqgc
]C`QNYGv
QVVJQR
A0eq%'1g
ZBUWYCE
6,8u^K'0n}sbg
@RgRZEGbCU
QSUWMQ
Gf6 sw51@
1**2CH
mcrwqcq/&
_FfC@W],PYP
TUKVR[
OAcg%!'ga
UWYCDC
M{P:!&n{eb
!(JyUH
N\tP_CUlMO]O
\DIFRV
U[SQXVP
J@1aqwue6
*#:.VIQ
UIfC@WT}W]G
QVVJQR
A0eq%'1g
ZBUWYCE
6,8u^K'0n}sbg
@RgRZEGbCU
F\2BYPWJ
UVVQVS
eTRP"Z\VD
d`&v&0c
gasaHYq
_|V,UBp@X
QA93CQ
\WUWRS
5fptp6fAO
wu}|w_O
P]W+Q^
TW]USP
WS%[[T
F`ep%v`d
2LRFU|Nu/&
tqxtdbw
VVT\RS
BR%[[T
F`ep%v`d
AKVuAa
('(URE","","hKey->0x00000132","lpValueName->BrowseInPlace"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->Clsid"
"20181031035503.218","1-
W@Db0f9d495f7096acb880f6e2e3a67c2&0#4d303f3375e5cc02fbb>240
try:."RoeOp
^," Kdy->HK
ND"-"/pSu
c0s355
~3a8",B
"0%9d4
qrfbb42406e
>PIA2.;5_xO
EWCXVY\U:
CZClsid"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->IsShortcut"
"20181031035503.218","1572","500432b0f9d495f7096acb880f6e2e0a
V375e5cc02fbb42406e","1564"T#
egistry","RegQueryVal
hKea/>0r200Pc
%Oame-6
"2018y0;
p20403
q92,#1v72"
v220f9
#c{80f
rd`a67
uevcc0
2xCmbR
-5eExW","FA
N\tT\EQ}S
`bv&p00
gRUm\G
xty|aaw@
~*&;gt
%w)m(q"~~-w
`EQ-VJ
>y[WBY
MJV0'(
U^DfUBCYMB~4
HMjtLDNCP
cafMQQEQ^^gH@V
D@rG_DQPFO
A`RV|D
06sq#11
61!'3)
VDEWBUl}KOP
>7q}DGEWLXt
AWVYUGow
SCO@THq
NmN]ZUUVEM
bUVaEUPUt
xq1|ebu
\RzC]@R|CAG
CO@U]]	D
f0v &caDN@
qR^GXG5
2dEN6x}vucg
}_FUv]Nh]KFXaJ^WATC@b
NEuH]@F
"Y>ZW_
]^_G/&
\U^ZGI
dQPXWPYv^NCApH
a7s%|7g
QRB@} 
7fsp#``
bs7~vyw
_[]xZ[G_QKR
)"*1(76=+
UBb@WVIAE
fYBDDRTc@N
:16 vCpU
`A^SVFFyw
DHgTGsY\Q
sBUQDUvK@G3U
K)0n}wee
ZV\q\\^PYVEM
Xq | b(uh1wvu
s]I#N$
'w~/get
[}(&im%70fwzdi0qip
UMP&.'
MOC?00aHYq
Z@dENT{V_G
lw||$y!
p&|rczw;aur"
PIE\CDFJ
{-vjhy*v"/o
'!*}|q
GN\qDW}Q[
9/M^N"
!(qgsr}bc
YGtK@G{Q]Q
t#}ve|&j1&qvF
Bswzud,asuc|bq
!(PWWXKEBJ
gPW|^W\sGUgIt
jc||efv
q}$:={mb4s+f:e2seA
F^U^R9fINA]_hnCA
fXJEER]q_Y[V}V
qyarpda
AAMtKQ"Z\VK
\PY_BI
ZYZPsZ
//*02VEM^,I@T
CJuHUrKao
GF[qXOS
RQYRE[_V
1[\G~ks;ucc
^~DOooP}VsAEU@e_aPUQ
C@c]YYWgT
JK?00:6'6O
/BYEPvY\U
!<AIQQefExXYR
ZCJuHUw]XG
[~EYQW
@\F2XgK_
ZfM@SH
gwNIgac
[~EYQW
@\F2Xb\W
F`ep%v`d
eD[AIQ
 (HMHFCWO
capq'c5
A\yD^V
U$JGRF1Z4
^@p\UBVBC
V_6A\CP
WY_PGLKZTZ
pTTStK@G
gfq!u5jF
UUE\VU
v]TEAT|XqMBVG_\
1e%z!gj
FWGz	p\YA
2F_GT~K@GLeL
\@~A@`YD
Y|CWRQBqdpG
^Bz[XGBgRFW^LPT
5c&q c2
DN@Z|A]T
PcDsLBQQxM6
pUTdiG{_rW_DA^\
cfmqwkq
JhGCYSQ
>KVGzLY
&VnWDJG
ZmYV,;
d_gBYEU
XDr[yoQ`UEMC^VU
[BmZGG\QDCW
eTRP"Z\VD
d`&v&0c
UVNKOGLbW)
mcrwqcq/&
PuUEXSV
F[kZs_ZG@
	B,^#CQ
WY\G_[
qLcWVnW
\AwGUA]QCEPT
U_DN@fWUTp
eaaog76TEAG
s_^DB^_
6(16PcD`UV
\Fy\r_]AG__m]V]
DN@XB{EB'WJDTG
JGVIOLcW#0
me;succ
Y[C*UDEB^TP
W\ZQQUQ
KOGpIC #
:-77<?
XtUFXP]
~E]RUB|R`UV
_QUr_UG 4
\Cg\pMDJGC
DW-Z{@
mYVs@PRG^q
gBKXG*
0767=6F
FTFXC\R
VrIDUCvb]P[DT
ZXvY\U
TGy^w[LXP
_qV:IDVJd_gJKXGAN{XzWklG@
\qLnWWSR@qEXP
%6P@CR\G
E^SUAzRwAZTDdM{PXAR
VTU	WR
SP^ZRR
fcwaiq [_VGA
`aaog7$kCa_
CE^^s_TU
@vZUU~QUG
]|[rFHTWJqEXT
{LA$BV_S
A\xDGv
GN\`HASGpIV
57!G^N2%3&!~m
xxpmjtarv|}acr}~|g
\@gFP)U
@QKS=.
MA!J]Q
S#[	U6
Aabrpq7`
DN@XBrYZ
TMU#N2
2ct wdb
L\+ *g_Cambtyu
JK]PEMQXG
dEN72CHd:9&aiq
qN\dK@G&'
~vywOc{
cDW_RTJ~VqHDVFa_aKSV
GjK]Pa]VDr
1 2'GjKNIuN\g+<07,=4dENU6Q]U
s[hacl*9
+3	>?9=
!(FEtTKXBVUqPVPC@
u}lipxvh`gmf
sv|'b/z;ck|2r
4<CQR	
OAcg%!'ga
~MF7<7**=2Np
DYV[[BU
rr|g~k0%
GF[qXOS
SZZG_[
c-ssucb
Zlxg@WB~^sIGTCgZfPYJ
7GMFw\ZQ
!0$*6'![
f[I=Hg
v ynyp+lYO@IP'-'
znyusjDDg
TAcFS{VL
kAWCGC^Gmx^QPCQZVDhp}/
VLRD::
OAcg%!'ga
UWYCDB
ystil}
ptxjuor
[BqY@~UI
F\i+^SKY
Lds){Vn!U
MA0]YT _	WG
Ceb qrb`
BlDXTQPcD0
[Q~DQ^ihsgJg
cfrsvfg
*{#`;xvv'{otw"++v}
	b|r0dqa#o~^V
VF:-.q
SY_KAJKVIO
ePEVPvYXV
5l'w|f5
BT_XCGCI
g]I`BUPUtPYBWgTu
rr{.e4|F
A^GgRX
POG_AWSGxM%
G_QphkFtY]]
bepvpc`
q"{{daqF
@RgTZAGbC
GBV22&
!GMVGc@
^}[_Q]PcDsLCWQxMbBY@V
	VR[WR
KDEVYF
VRCP#\
J@1aqwue6
W]XG_[
gfq!u5jF
VGu]BYATTrVWPK]
	wgbgc|tmpicq
VTU	WR
SP^ZRR
Qt]\SG
qdvuqq
;BUQDUv
Bl&8!&7
d_gBYEQ
XDvKaolS]T
s	mSFV_ZWrPSTKXK^[V^~
E\DYS]]
[u ~$d~ metrpF>:
DeUXR'
De0q&u2e
\"Z\VK
G^mWwO@G_v	;	
NxGSDT~X\Vf
g`{mtdc
M[[	Y9S
]\EPKP
FmARPEG
e#')7::,& ,f
^w5,: 
 /:u~k
L{E]VV@-V$@
QJa	`BPB
g1psv5`
UMTUVVVRR
dENT{WYG
%%.&2-"Z!!n
/XGSTwQ]U
``vsv}a
Ga0s"sd0
(UKK\*
wmoz*amnnxwwjel#K@G
~aK0',0*5'~omo
VlYOSPE}Dn[AUC`\e
VBJ0R_BP M4A
57!wwgc
\UCICEP
	+CAG~k
LM@NIFJKcNW
]vWA@TGxT`UVPCd[aW
A0eq%'1g
^_aqubk
^*SN&J`
7fsp#``
gu}?6-"$-"/*2(:,MB
Y[+8DXU2'&
?2Q_GCZ=:
TDqPCZ\WWyAOGBF
bfw'vc`D
jzpoknca3)8$27:0li
MJV$41&
@Rb@UyGU
e)]ZG	D__B=4
Br]XTS
BVVY@AFL
jUEcRT[|W[iZb
`g!s#j7
{'r|l+rp
[qCDEBWFGpa
bT_`EVCIeTYEVkJd
qdvtwq
GUW]@F
Ff\R)GUW}
6g&s$edA
X*)qkk|y&c`}|tu|kbgQUQ
$~aK0',0*5'~om}K
]@u\YU}O_V
MFGTG[
)QKqHaG
qdvuqq
7+)=-  
qN\qDQ}U[
Ybk!8_N$(
\A{^]^P^Wy\^V
qxeqpQLCDQ^
DtPHRH\
A`RV|D
06sq#11
HM;ii{
9)<oma
qN\qWNi		nS7#
;(=7*$
?*:0G`9
nxTTA}V
Zcessub2
?DR-f{i'|
sq|o,qadk 
LLWj{NlyQWC
S_XG_[
QXP:PIC&
#)>hE0JP<
FdxGQD^JH:
pMSV^F
vf-poa#rw
IEr&-u`/!=c`}dsG/&
CUT\GAJW
pIE~ER\iI[pHg
1e%z!gj
]z|tjk(|sr*l~vv-|-&
q^SBCC^G1(
QCD"51;8RNLfN]St@
bepvpc`
]zR]Cy
>MBv*%&n{c+
x3uio|
sqx}@Kazy
]@`@V~]W
cMJVFTEW~aKVB_G\T
	VR[WR
D17wqqceG
,*f[HpOe
~*&;gt
%w)m(q"~~-w
`EQ-VJ
>w^UCE
WOqEXT
]V[2N@\
CUEEQEGN
Ddezu$01
.xvnj)z "|m+#!|{zu
!(qgsr}bc
W\@F9v
4Q@GYY
~xJTXSyCBC
cUT`EVGMcYBGTuZ{
dgaogfc
CR-SZT
6vww$eVEF
A=8DPR
PIEXFC@[
XLP#Og
C%#qte4sG
Q|U]SH
oM\EYGKXK
Nhy[ADTU
rBVT@P~G^Tg
y'}`bof
gmfqXIawcb
VLB	ZEb
Zk'WDZG[
6g&s$edA
QAGyrH
3PIQ5lw|-bu
D_^dTHD
T\aJ^DVRD
U_DN@x]UTz
@^CCLw
q3*/  *QXG]Z
C6RQTvYNI
	KIR\Z=:
^}@XRV\~Qu[XGBaX`GMF
V[TUQV
ABE^PQ
6\@QQRG
qdvuqq
CICDU]A
cHF!000hmcZ
`B_STFCkh
F[RG^m
PRV_]P
VPSWWUQW
VIv;'&"!q
bB^[TC@xt
QVgIPq[NI
ANBGQ	
1AZCP#\
D17wqqceG
^rK@G_[W
6#:.VIQ
wamnnxvqjelp
\S^DGD}do%FAEP
^X\VBI@AP]
eRCHdXYR
q`ssq`a@
GUTGAGJ[
gRUqIVcQ\AVw
Fglv%rcj
GF[vHES
HSgTR;
_~FXWUAaWzNVIQeZ`@KXG
V[TUQV
A@RVZG
Gqyarpeg
\UCICD
kW$.gu}
cojkbgJjK
~KR3UI
c~r`ump+
8nKDCQZDthxQ[__dtHC]_APGlrJDRVAIFmsX^FIPixYPWW
l5q+cxy*
A0eq%'1g
ZBUWYCEGI
2vCu!<7&hme
TRzC]@R|CAG
s\VQ	U
DXYRA[_VP]
clu"&1k
vK@UE1M~GPQ
FUEdyV@I
bVVsAPTDVeWJ}Z{
dgaogfc
x-s<m&e3dr-fhd`q6
C`BW.P
CSFUj(KOP^FYRVpu
9gTR?:1&7
^}D]QPG
UlHLRQxMfG^FG
XGQuN2
qDENG_[
*UQTvY\
$?&GbCOI
YK@Z=:
^}@XRV\~^u[XGBaX`GMF
V[TUQV
A@RVZG
Gqyarpeg
\UCICD
Hx!' {sa
c_VEBQPI~#'
_[XEbQBQdeLnuIH]_ATBof]U_B
uWNHGCF
qya1 4:QXP[
\EUuHf
0>1G^mDn[
^@gY]EV
`ZSALW\
SEvURP
F^_TG8YQ]
ByWZEj5PCECT[G~
fMV6_WEVvKao
bmrsvbc
@^(L	V\G)Qr@B
Ceb qrb`
$]^Q~W
Nhy[ADTU
cURQsY_K
qyarpda
EWEEQABI
NuAaCO@~yy*c7wG
Z{{v?l
xv$y<.qq.+,q
qY@zPO
 11 ='tIPQEM
CluH@]ZBG^
cDW_RTJ~VqHDVFa_d\XLR
GBiTLsLu
D:9&0< 'GA
ZgBYDUv
gu}ayp:
'8:xmu*
\@b@RiI[Cp&
9zW\RWU~VaGBC]_DeTB@\Z^o~]_QAEGBirJR@MGUB
Gqyarpeg
*UWaEUCLfC@W
:@IP	'
5!76vCuPEV
_EcQ_[W}YOI
{X|GXjZ_T
r[XUaG
qdvuqq
*][-q9
<MC~'%-%!;*LMN~
CQ:.gTUn}sptn}rrxz{p
^CkWNiTL
qCDAGQFVn/Y
HXTRQUQEPZ
oZFUrZ^
EUJE6AN
ke%u a6
X!XhQAS]
MpCUQ_@KCL
562UjK?0
ES[__l
Abf,,-6$;=  lYUwauc
_AcFW~UJ
`WDXUPGRnoEAG_C[UF>g
[NF:tEKD
Q[NIQLCDQ^
UMP ^\\aCO@kms%s6aG
D_Cq\	P-
MC~UYZhAAM
TRzC]@R|CAG
]\F+NsV[
cf%pvdfG
KKk~ec}
{sgu}}ztsnsotsx}}w@
gLW-RI
[\h`Y	KOKTFjqZ\N	
QtyVW]
sATQGPsY_Kf
wrvraq
S}DUX.GUg
 fIQ:'&'
Fwu~uby&opic,ihs
xz}hopdbap{dl{avj
]EdG@gGL
Z_]:c\[\
VZYPCJ]E]Z
rGRSVId\\Uc
@c3z'qjfD
WyP^QI
s	:PFT^
AIQ!HY
tqxtdbv
Aabrpq7`
[xAONG
bNW\~TKguK
wyx|fcu
y~rk}`mvq|k~s!x/w!
c)p1e$b$jz
LpqYPZXaCO
gfq!u5jF
_~|&kh}|w%
o~'p{~{ 
6Mk~USBTd|YPC_@ZSDom~u
WPUVXR
oPTTBQdEN
2EEQ'':aiq
BIfQ\E
_dr$vugVF
Z_]D>9
HUuPD[PIFtSSQ@AO
!|*qk|%hb|w%Ao2
CO@^Q\
AqETR@
6`  ua5@N
AAM((=#'|!N@
GTGJgG
Zz-8,+:(
 "),>l}
*4=4>%7
eQ]VEdfY]U_DFisF\@QVVzGCF^]LprZ\YWZW
4<CQR	
Ad^CGA
A0eq%'1g
AIQ!,#bNT]}U[iZ$XiZ6
*/ ~mjIN@5U
^Meuu!osdgfu~d}yq!%qEX	]mCW~VO
^T_GBlsEP^G
YSYUCluLRaePWB
S_XG_[
QXP+GMF
Z^~E]RU
z[sM`gM\wCWD@@
K@GBLE@GA
?K@GpIE
PEV	]mCS
3Ymtdfycuo|YPGZC\HFhoKBF^BDnaYPGU^@eW
QCBoOV
G~sQFU\
aTQWs\\V
dwoatfd
CO@VvE
@*V#OC
CPP[QXPL
C%#qte4sG
|/vil*|pvy:x" x{('@
QCD#.>
~oW!'&-1
6P_KMB~8)
D[C$uH@\_C
!(L|E\ZTB|WrJAPCgAfJ^VI
-DWZ{S
gwoa#:?G_[C
w~pgbv7
@cER{TL
IQABhwEP
oLFfTJBY\_lcZYYPGWGdgTR]ZEWP
J@5F[@Up
eaaog!6EEQV^[JjK>
BIfQ\D
Bl3,+)'
#`UVG_v
]HgQ_DU}TXU
|[{MBVCZ[bCBGY
VTU	WR
SP^ZRR
wrvsgq
@U^zPIgTuLbW+#,>
[XGQxM:.
~zqmonBIc~o|yrxz
\C}GVsGU
fXTV[CGUlyZQ
ZU@:vKGY
QK@GBLDFGA
5bszs20@
@WGdY2PEVT
BGjcQFBH
aTW|EP^xKKq@u
fbqaiqf
p{#o:q0b3sy7mbbvfF
A^MBZP@~{K
9rCN:6*&6
Z\NM^G
_vBONGCzQp[XGFd_fVS
AJaT	@
&HeDN@rs}|c7g
GbC>0n}
GXdM@F
]`DUUG^mWwNFG_vZgB]GWO
D17wqqceG
qN\qWNi
?DR&amy<lK
0,OTBy_o8F!Ky_jUQVo
t_QCLbB^[bUAGUA
DN@R[XUE
&G^[tMN
+essucbF
rIDUCd
aPEV	]hW]AQ~C`o
K@GBLE@GA
Z^~E]RU
oGMTCeM_oCV
NIQHFBQO
~E]RUB*^`UV
oGMTCeMZxKFU
+esrpgc
_FcinPWCB
F[qXOR
VZBWGAQXG\
u^KAUv]_W@
Dj1wzp5d
CO@P~Y
^QRG*S!
c@]DSH
TY]]BI@EU^
aKP\qK@G
awoapcc
DQ"]UPK	
VCg	aVVQH
H[X]QUQEPZ
pPQTrZ^
7azv#dc
](F^UP
6[`QQRH
TY]]BI@EU^
d\XLRdENT
qyavucg
GU@2\dE\
VZBWGAQXG\
u^KAUv]_W@
Dj1wzp5d
CO@P~Y
^QRG*S!
c@]DSH
TY]]BI@EU^
aKP\qK@G
awoapcc
DQ"]UPK	
VCg	aVVQH
H[X]QUQEPZ
pPQTrZ^
7azv#dc
](F^UP
6[`QQRH
TY]]BI@EU^
d\XLRdENT
qyavucg
GU@2\dE\
VZBWGAQXG\
u^KAUv]_W@
Dj1wzp5d
CO@P~Y
^QRG*S!
c@]DSH
TY]]BI@EU^
aKP\qK@G
awoapcc
DQ"]UPK	
VCg	aVVQH
H[X]QUQEPZ
pPQTrZ^
7azv#dc
](F^UP
6[`QQRH
TY]]BI@EU^
d\XLRdENT
qyavucg
GU@2\dE\
VZBWGAQXG\
u^KAUv]_W@
Dj1wzp5d
CO@P~Y
^QRG*S!
c@]DSH
TY]]BI@EU^
aKP\qK@G
awoapcc
DQ"]UPK	
VCg	aVVQH
H[X]QUQEPZ
pPQTrZ^
7azv#dc
](F^UP
6[`QQRH
TY]]BI@EU^
d\XLRdENT
qyavucg
GU@2\dE\
VZBWGAQXG\
u^KAUv]_W@
Dj1wzp5d
CO@P~Y
^QRG*S!
c@]DSH
TY]]BI@EU^
d\XLRdENT
qyavucg
GU@2\dE\
H[X]QUQEPZ
pPQTrZ^
7azv#dc
](F^UP
6[`QQRH
TY]]BI@EU^
d\XLRdENT
qyavucg
GU@2\dE\
H[_]QUQEPZ
aZ@IrZ^
f3ts|e2AN
UqX_Q*R]VK
5[EEFU
r\_	PvO
06sq#11
\@~UUjK
1YQc@Y
GTGQwOZWvXTT
CAK\RL
A[ELFGSO
9vUR6x}s=cc
V\5BMXG
FN]ww('0}qkbs$f
]V\_AL
xXKCWMNpY[]AiZ
gfq!u5jF
zQ\F(G
aUQTvYNI
<9&hmg
Y_^dI@
Z^~E]SUB
CPQ]QXP
qqyas=cc
<&aqs9|o}qsy
lcUFDD
3AWFI`
NYGtMa
q'&$, 'PU
,*	HP{
G%cen9"
C@WGbC
.HG~GC
U]cUDD
fBTYEq@
GKKBADM
2GUg*2EcR#/
diu!o|
cER{UH
[MaYGFlrW_DA^\ox\^Z`f
TTUT\TU
~GVzFQLgG
>QXP*woa
64m\G^3UIuHg
7o}qqy}~t
\@~ER{UTn
cI^DU]lg`ql`^d
X{UHI_
3CLBB^[bUAGUA
DN@FWSYE
06![zC\
G%cen=
|'}qsxy
c_><~j
GSSK_V
.gTuqya
QZTY[R^
UTSUSS
V^[pIE
7LS)B].
cSVe(/8
Fx{uio}+qc`}!1
_H6+`fg@VqWDDH
PTR_GV^[PIE;
.tMN&0
3Y[ADTUaQAEYG\Z^
gSSm\G
' PUtC@W
+essucbF
$R^WhDC_U
bI@EU^eTBGGF]WL
EcRT[}Q[iZ%GKK55;5w~gpIEm\G
cesr!aq
N@+ER{UI
gzmNKnm}p{yy}t
bZQFUMPPl}]P@
S_NE= 
YY?aREFDF>:
#q(zb1w
\F6WNiTL
_oEcETJHfR]EVpMg
gmaogbf
PPWYGG@
Dp${)e3s
DN@XBgET.GU
yYWC@q
c]VaFTBJcT\FKwLo
ASV6RG_
GRUK_VGI
MA1m{s#e6
a>6.-/
fUVb@U^{HIuHg
censucc
{~pilb}wynsopv
?/Q[B	E
GUTGBME[
gRUsYGGIfU_G
s'~|ld$AN
D_CaT	@
O\uBDyrG/&
CUT\FDAW
pIE`@R@[zCYEUqKe@
Dj1wzp5d
CO@PsU
MDGUQrMV
GjcQFBH
aTW|EP^xKH|Ou
fbqaiqf
p{f,q?
BUJYCDBI
stS\D]tHd
f`spkag
UR3STZ`[
ASV6RG_
GRUK_VGI
MA1m{s#e6
a>6.-/
fUVb@U^{HIuHg
censucc
{~pilb}wynsopv
?/Q[B	E
GUTGBME[
gRUm\G[{UMvJ5
7azv#dc
R^MRfSFTIPAWEdyV@I
bVVaFPGIeO^A]gTu
awoapcc
APRY@ZC@
pTRfGG^[cQ\AVw
Fglv%rcj
EaMUPZ
@UVQBDAH
GQJ[zC]@RwZ{
capq'c5
D_{\OL]R@
	wSWXS5CXJ
JTWZBDAL
|T^xRILzPNwZ{
capq'c5
)}r:mt}rg7vcl4||c
sz6kh~J
BTJYCDBT
@UC{UIuHg
cau>g^Y
y~rk}`mvq|k~s!x/w!
LpqTACD
!(PWWXKEBJ
gPW|^TW|GUgIb
jc||efv
EWEEQABI
QKL0V\LS$
5c&q c2
)CXJphmmBU_sTIvIg
cfmr|dq
}-rifu410}vd9c6w7
`	UG@T
LHMFFjwW^P
1(8KBV g
tCNWAGJFo[
^DnC@WT{V_G
qBYBV@!Q
a3!!qag
0:n{(2
esuo;z~tszf{'>
]HbEQzUJ
c\HFCYPI~|\T@M_MSDlcZ\
QW^D;o
d`&v&0c
/C@W7+
/Ywqstkb
2YLXD;o
yRHvL3
5fptp6fAO
j8<7<+>.=:?2+; !v
PET6	0+ ??GT~v
\TUBuH
GKKBADM
1 2'GaWD
b1"aiq;iI[
Fx{uios*uq
tCQGUoBXVYYUKrwV[FIPtMCWL_KZ^ChHT
FI^W[@
d6qtt`gF
@UVQBDAH
D\E[zC]@RwZ{
capq'c5
D_{\OL]R@
\WSQQXPH
pIEz@UZxW
f3ts|e2AN
xx#jl{z&t/<}s%*+zw
 Qpa33;);&
G^QKCL4
XNjFO{m|~{p|l|qp}|~v
qZVDCR@
FVF	QDea
@DX\Z8c__
PZRF9p
BVI[GLPU
eWE}WPBIbR^
5bszs20@
JTWZBDAL
|T^xRILzPNwZ{
capq'c5
)}r:mtdaf!}dl3`ve
V[CCPjyKOP
8Lpr<9* ,6 ~iZR@M
\CxSXMGbC\P
nCEyUFQ_
XGQuN2
xw~gPIEK_V
aEUBIg
'tMN3$
mNNCU."	
nrc1tzE^SEY_L_
aztS\D]
yZWcOF\
GpIErGSUVIi
$V^[qya
F%cen=
lu6doecuc
2HG~Q'
QblVngXVU_DBlp@GBV@EoRP_K^[kwZ\NZBUFog
`bv&p00
 fIQ:'&'
 +d}o*uqt
]@eP\FP{Q^K
gG^Q^[V^
U_DN@fWUTp
eaaog!6EEQV^[JjK>
QDU{UHuHu
Cd_bUP
xz}hopdbap{dl{b|e
]EdG@gGL
Z_]:vKGY
^X\VBI@AP]
wJGMVTs^^G{
capq'c5
F#[	U/WZ
e0aog7$fIQK^G
wu~uc- }~g-4tlfWW~PUT
aUAFZ^RB
F[vHER
eq	TETS
GUW	VozLEq
kcNWCHKEU^
vGURZWrQNIu
awoapcc
$QTU(W
k"gc~vl!p
eAccess-
FENERIC
1d1Z3S0K5\0].X9C"Z"\5
2N,M5W0432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memor;KBFVirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5#d0
Ffsyst
Bu,R}2a
i>le","
CFSS","p-*
ljle->
[F SReaz->61440"
572","
U05-2b0
Y2485g6
t"2"fi
On","W
l~0x0000010
 ,"L|E\ZT@~^sHASAeAcA]VI
EoNB}T
ZGAMCL
zKGDEU_s
Ddezu$01
`A	PVDF,qN]
VION\c6
cessucc
V\p\\MOC
UCd_cUQT
WXdBMyoAF
6woatfe
Y\\BICDUO
Qef~krpveq
Cd_gBYDU
UCgYXh'
W\rYY_POEPXLx[AP
XiG	CUZBL]R@
-G@R|P
JK]TDOQXG
,7yQcVRR
BNqHGKcNW
pT\C|U
UGcHFCPDA
]B5^J\
SCX\Z0J@VK
VY\UCMQyoO
oC[E]wXYS
gfwaiqb
vcDFw`u
fz|n}owcgr|vswfub
\LK	cVP
QV]VGF>:
K_V!,aog
6EcRGBi
>qy|ebt
azqGRz]H
b_UABQAKm{XP@C_Qk~MOCYUC
AzR]Cy
]A@BOG
pTRyDGBi
2[_V#,k`w
7KXGdEN
ayppil<
Z\@cERzUA
Dbz^WU\G~(/8
xQ_B/UH\
CO@U]]	D
f0v &caDN@
aVWFjK
R@9TTBUCB
^~E]RUBmJ`
kfc^\^[PDZ^^gLEU
S\`F\F
aBWAIQ
1@\TA|P`UV
~TXD}G#oZW
]@rUTAPFC
QGc]IWO
WQ]WBABEP[
fQUFjK]V
Z]U]_BH
eB\MTJDkh
CJqKW$Y
GD@c]YYWCXK	
gCYDUdEN
N|P<!& 1~m
Xv]\G 4
[YVQPcDsJGSQxM
UUEXSV
wKGPTGeMrZYFPCN
gfq!u5jF
WC-\s\
GAXY&Z
YF}LnW
aTYFjK
,LnW53&1
EErEDJG
GQQxM<*
oK_WUCqdpG
]Iu[XGBgRFW^LPT
fE_VId
KOGqya
 %:AIkMoM
+essucb
UCd_gBZ@G
]Fy^abdV@_]{^TV
YG{LnWSVUF
>KVGzLY
*VIQpIV
dGY@}Q
D`ftv f0A
DN@\vQF_
VZXG_[
Zcepzucc
\AwDDqDVUPG
LzEDvFT
QDN@XB{FS
NMRAPR
ZBUWYCDBI
!(pWW~HT\z]HtMa
ru}nypt
 .		`[f.=<}`mrp{ioma,,8,AI
Gpo:61,6<5VppRO~8%
WFy\vZ^G\^UtMHG
Y*\uDUR
\F*WX`DSPQP
KVG~ks;ucc
\@sILG_p
C[,f{i'|
"adk"5mZG
+_VDGQBUlodiP]C^^EncHR
y\[RaG
0gtrvg7
@VW{UI}Z{
Z\@cERzUI
DQ^$y]QWU
UE)AUKZ
	vDP^ECZG
/nGDYR]
uUE\VUzArVYV^M]
qyavucg
CR@*]t^]@
\\p	WV
kB`DSPQP
xq1|ebu
>#?:>b}q4o}pq.*}q
l`_\YRYUQpo
~,lbAQDn8A
ETB_TE@VJ
AIk^vYZV^M
[_V68aog
<CHnKNP	6
!KOG~ks;ucc
GSGy_sMBV
F@NN}CLpEW^TB
_|YpWJDPBc]IWO
JAa6aog?#mZGB
\@vY\UllgG
naqatiZAP\DV
FFwVEK^G,$
]HF"gbgcxtipic"I
E4<=17$asu
;1$VhLK^Uf
`dsppfc
v\kgpx%,5kdC
"gbgc|ukpic"KaoQKCE]\
uTYSFTh]YQu
`fuaiq
a\5-0'66, .
Glnd[\T
`dsppfc
L]C2Y7W
}SXRaGH
QUQETZ
|HYCDYLKd
b/!0#)v!/B`L^
TBp[]KzVYG
r	owwxm
=)3c'o1Zh(
BVR\CG\K
~GVzGWLgGLuHc
@c3z'qjfD
GX*SNN
lzt&}*-u
bLE@GA~%
XGrK@G
cd{ru`b
:"'	:1PMP[{
Dd:9&n{c+
^~WA@	
1Bl+5)llfw
Gf6 sw51@
.QXG>fq
UDtG_K
UOuWBQCTQwQRKGD
UG^UD[_VTX
oMEIv]_W'H1
t/{eksCO@
Xp	kb,{',ga:
W~dG]E{Q
kW/_~{k
 [_VGA
!		]sUVUHU
_|DUSTGyTsW@RGvCpTRW
pGazoW
TY[G_[BAR_
vBUUGW$Y
5bszs20@
?4y|"-5gnGIE
i~QN\o
]Ep[]KzVYG
@+\JQAPD
06sq#11
TG UQEP	
~~sQFU\
l]^DVETT
FFqRAK^GQqSWVA
X~!z|g/toks '@52
]0=2GA
U[eil!%
&,;7$ cniGAC
vu}tbzvjbvov
pe{asugydq
zKCACUNmN
[_V68aog
!GMVU>Y\\n
cwoa1;`
7{+V,lj
UTxZWUCC
;3&rlstq
%/043==*LYsRW
V[r^MEPTF
V_	G_[BASY
1 2'GjKNIuJjK?0n}u+c
_|AONG
bfxdqlN~kPBS
VF|TB\DWUoW[QQ_
tvxg~k
X"gbgcxtiu~k2,Nhy[ADTU
fBZAPvZBW
wrvraq
FRBg[3AYG
SA=8DPR
OIO^AJ
ewoa#:?G_[C
bUQFjK
r!: &6 
TFkXHT
RNmN]\PWVEM&1
ZgBYDUvYXG/&
aer{tc`
FvS$ND\E5
dG]E{Q
K@GBHDBGA
Z^~E]RUK,Dn[
oGBTG`_phkF
ANBGQ	
1AZCP#\
D17wqqceG
^rK@GKW\
CICDU]F
mJ`*!&0
X|DCV]FmJ`HGVEvCu:
VZ]U@LFDVC
pICUs^^G
cewpw1cD
qYUSL]R@
W\ZWBWGLQO
aVWFjK$
N\o6{&; q
dBKXG('
:16 vCpGMFEx_]Q
]{@]QK@
Q`UVTFc]u^KAU
V_	G_[BASY
1,'6dENG
</&hmcZ
VIQ:!'
_qPsM@UQYeu@YE]
{K^@zG
Gc4ut&ad
lYOSPD{Dn[
cQUTddfG
kdqr}bb
xU]C}G
+WA@TCxP`UV
fUCiLK^U
cfrsvff
VIOqya
7:'GjKNI
Dd:9&n{c+
Z%K@GCpE
_qPsM@UQYeu@YE]
AT^]VG
aasu q
<'6QxMpIC
@[PT\{^v[XGBg\dGMFe[ZAyQ
U\YU@WADRO
bE[VId\\U
1e%z!gj
^X^TKHBAS_
oFKXGwZ_S
\UCICEW
*Dn['00
Yr]\G 4
^}[_RRPcDsLCWQxMgUQP
_CzPKP
K@GBLE@GA
XvY\UI
^~E]SVBmJ`
Y[Ga_gSCi'
dG]EzW
FY\X	EI
bfw'vc`D
Wr^MRPEGkh
XX_VE[_V
Hx!		RaG}0;&g
qN\cFHP
O[DzSqOVIQ2
LJ_^Z`IRh'
UBbBXVIAE
C}VHVKR
DN@R[XUE
[_V68aog
6CHdK@GJjK?0n}u+c
VrHGUQxM<+
	O[D~RvIVhyv]bTYU
xVBB}R
6e"ur0a
X+WA@TGyR`UV
cFYVhLK^U
ad{rtfe
xU\@|WMGTGLbW\SRDmJ`
dTUPvKao
bmrsvbc
@^(L	V\G)Qr@B
dG]E{Q
K@GBHDBGA
~E]RUB+^`UV
+K|@EUBvb]P[DT
\WDN@ggwss6q
M{PKXGEx[Z]
X|DCV]FmJ`HGVEvCu:
UX\VFLCGK_
{PXARtK@G
gfq!u5jF
WXYSAH]AUY
cVRRdEN-G@R
0m&=6q
%mJ`*!&0
XEddfG|Q\]
ld|{t|yalD[_VTX
~BMAU@UW
V_	G_[BASY
vY\U~P_
]@}PBvZBW~VOI
L]@UD;o
J@*Q^D}SKGTG
RBeM@Fo[
bWWDDPBVixYP\]CXDX~f\YVM[QisEFAW
CPQ]QXP
jP\@yV
@VCJuF
`3pprf6
NAs_XGbC
GWCF@NfhfGFUwQ]Wf
sw{}{gw
_FdEN-+
&B9cyv~cbx
el4GjcQFBH
aTW|EP^xKKuOu
sv{nypp
}-rifz. #tg}'u-{+uC
G]RDj2KBF^BEhaYP
wsxtdcp
YRiZX@G_LKd!		>,
pcdexdwb
{ewihaypcpyf}yqpb
Bk4[YU\C
AVYA3P
>2[^]S_
QpgIEZ[PIPDdfGAIBLT_
rGSSEKs[YG{
6N\oUVUHU
G_K4$-
70nab=qt
\CgQ_@P~RCW
	lClTA
EcRT[}Q[iZ1K@G58:80?g
pGMF."	
c`}oma 
cER{UH
BIAj{W
xG\Dg]CCZ^^oeZ\ZM[UD~iZAYX@G^
EcRT[}Q[iZ1K@G ,07 >q
QDUvY\\4
ii{o;ebbu~em6qipN\d
}i3SDGUAW>}
A^^]h4\\Z
ZVDi M
UOuTF_@TJtQVG_Q
APRY@Z@I
pTRfGG^[cQ\AVw
Frx|*bb|
VEGBxOwMAR
QtyVW]
qC]PEPp[]Kb
wrpveq
]GpK@G<
^J1C~NM=
2<2QEP#%
{RFmqq}g|qpyy}p
BBcB@gGH
	aMJVBQBQo
[_A:`YWR
S[YG_[BGV[
bbuaiq!GKKC
cVWm\G
HZ	(&<,0xl
84=#$PhVo[SCWB_UEld\[T\YAltW^PT[CdG^Q\_^hc]
^U@-S_^
^@xVsGW^TC
0VnWDJG
v{=io|
ss|goma$9
c7veeq4vkyKOP
BBU^DfUBQdeLncY]]\p^]CTAYQG^YC[pcAE[[AMV\_^Goz
CPQ]QXP
qJgGIU
xzpmo|
amn+%rq
;!&G_Q%4~KSxSI
Y__id_\YAEG
WTp^]WRPA_]_zLBP
BUWYC@Pt(
bT_~@V_{VLpHd
kwoatfd
~*&;g{e4d |1o4er1
_D7FRx
>/]QF_E
DX~f\XPM[Q:*
;3)<!G^
F^TG^m.'
oE[CEJH
bVRdEV\KgYNYGtM`
dty|aaw@
^BT}U	V
TXBPALQXG\
IZ6woatbd
@T]{GUg
+1G_vM{P
qi}AEas|nups{x~v
_^aDZiI[
d}dxutbuh~[
RMi1^^]Y
^WWDE9Y
U()$^HCB\@c
fjHQ\vY^'
QxMcTVR
CQSYQyx[
jTW|AU]~PIvVe
jcxyb`g
zw-</y{x/x 
DREP9x
M[QmvCFPIL
9=M@K4
	M^G!wNIgac
'[XGBeXaPEV
HY_B@FI
!(pWW~HT^xTIvMb
ad{aiqb
\LK	xrs8<!mjb#x1m0c$d
~{K_QYCQpa
Qpg+%/,76!
]}CONG:*
BGjcQFBH
aTWb@PBJxS]MGiZf
dmkyebq
WyP^QI
~\%\]CG
H\^PQUQEV^
wrrreq
@U^zVIgTuLbW+#,>
[XGQxM?9
v}tmk|mNKnm}p{yy}t
Y@`[Pz][
bZQFUMPPl}]P@
S_NE= 
YY?bX]ZW
VCo#KC[Z
A=8DPR
DENT@JEVIOjIN"(
bbuaiq!GKKQXP
dEN7HY
U^{UItJ4
6.'6!mJ`I
UCd_bUX
3Biwin{dbat~gj`cv|
N\qDW|W[
f_V@DS
XC5WEBZ[
P[]KFKFVIO
aPEV-#
G+0aogbb
bUWaDVB[zC
*u^KVI
_EcQ_[W
{XaGXdZ\TQAA@=l
C}VHVKR
DN@FWSYE
cessuj6
kW$.hgo;|qccubm1mcvLbW
v_pk[`B[Pa
D{V[E(PM
^GV\E@PU
2dEN6woa
JiI[ExY
	Zvb]P[DT
fW]HoI
d6qtt`gF
~.gu}}zuunso'*$,=<QXG
]}CONG:*
BGjcQFBH
aTWb@PBJxS]MGiZf
qyavucg
WyP^QI
S@QCEG/&
^X]PEKBZP^
uCZGSdEN-G@R
0m&=6q
cVWm\G
%mJ`?5,?
EAgko}wrq
n}rv}y}k
N\qDW|W[
QWA%X^MD
1]Ll%Y
QXP*woa
64m\GLgG
c-ssucc
.$=rrvrq}}@Kazy
]@`@W{VW
k[_VTXkerm~e^`
AzR]Cy
]A@BOG
pTRgAG^[0
1,'6dENG
0:n{c+
rK@GANf
\EU~Q\V
*W`hG@
WzHFTKe^bD[EK
pT\C|U
EWEEQABI
NuAaCO@kms%s6aG
D[xRLH
+(uk9.-wsxo{$adk
^J64qxg
aer{tab
G^mWsNBG_v
_oEcETJHfR]EVpMg
bmaogbf
CGTGu^KETq_NI
^G4<077*q
`eaog=
WA@G^m
aztS\D]
zF|\OVTJrMVY
J@0QU{@S
iI[tMa
q3*/  *QXG]Z
rK@GJgG*x}
}`mamn7
(/-dpuZ
\@cDQ{GU
QYeu@YE]
zTTRaG
bfw'vc`D
/Ywqstkb
mJ`HEREvCu
/XGUaD]CIeP\FPpHd
kwoatfd
	0KDEVY4RBG
GZX[G8iA
WZ_SQUQ<
VIdX]Ra
!0$*6'![
@U_xU[iZ;RjK?0
$}_E^D`
]LXo	%
HLjgg=(
*0(>:)
^eDFGPJTl~XSAZF_UZnfQLHMFFkqW^PP^DbV@
Y	W8g\A
4<CQR	
GSSK_V
TEA7GKs1
#PCNqya
]CfC@W
\s[SUPP
@)WTRaG@,
'WJDTCd_XI
caz!}ac
K[B+YJU
\@dQNYG"
YF}GKG_TR\GU
xU\@}U
GPWZ]FCA
cPP}RIL~UIqKe@
Dj1wzp5d
)pr{j(t +y|#@N
&7 :MB~qIV
4G{cAW
WBkCa^]GDM@a'
	]sUVUHSF
RDIPANf
\EQvW\U
]HsHASAcKAFGLIF
mZGC]VFRIF_[W
bGj[WWBHnP\FTuKb
A=8DPR
PIEX@GD[
qya1 4:QXPIZ
bUW~CULgG
pild'ecub
$#-(-=&
6.3,;&(1~{K
@+\JQAPD
A`RVbA
a3!!qag
UWYCDB
G!#*  
XU`QDY
NA`FTiI[e[
GCH^PJM_A
FdTPcC\D
+=NxogJg
cfrsvff
~GV`BSPUt
#6LgG[iZ?iI[~ks;ucc
XWIl	&
z)?${RFmqq}g|qpyy}p
BBbM@gGH
	aMJVBQBQo
[_A:`YWR
WGTGpIE~ARXiI[7
0K_V!,aog
IfQ\ETvLu
gu}ayp:
+-rkc=b
\@6A@gG
QQIW@BTVEdTJBXZXntVE_ZPIPm~\CLXr'
>Wr&(&~zM]DZS
!(PWWXKEBJ
gPWb[WCAtMNDPrJu
cewpw1cD
dV]FQ*R]VK
CPQ[BZGJ
pTT|FGBi-
G+0aogbb
ZBUWYCEAI
6][^3UIuHg
&@gGIU
y.ttfuvzlto{%uy~|s
,qxhiWI
b_UEGRGPl~GQCWQCDEi`[LHMBClwF@
DDIWU	
f0v &caDN@
/IPWQE]w[]]f
admvqfq
xT_@oI
%GHc06&06~mcxvb1reduc
_\DN@w@QQB
oYVTMa
q1&5,06
FYSUy_%[LXP
lMO#lwd;')N
ZtTNXQT
&DJGB+YJU
6'*:?l}x1~u
C_VDlgYVFCU
]B~NTCYWBAKQ
C]EEQEGN
pPWaAV@
e4 !}kcD
)MKnTCSX
!(FWFX[T
uTC_QTgZvZLXP^_
DfTG^UG
WYCDBH
c-sss7c
AUGnC@W
]EyGEl@SSG^
VnWWWRDqEX
cUE}W	
"PBG"lw|-bt
B\Q@@U
Z\@fQ\EU~C`o
|^_aQGY
[DEAMF
tuyz0pi
TAw\ZW
o~YWBV
AIQ?B_%
=0;#'-
/Ywqstkb
]Eq[NIlT]U
a'd3i%dp
KOGpIE
0*;8LXP)-k`w
.30<)b}q4o}qsxx}u
LLU$}YU
_C\RVpp
_q_s@PTT\f_OG
zUTRaGB
VnWWWRD
me;succ
HZeuu!o}}s'tgycoj%>
Fc_VDGQBU~@cA@_BWWDoc@P
vw,nypt
.-<;!)
C_VDlfZ^FCU
rK@GL51
Y_ZJ?qRTRaG@,
\dXB_FDTG
/fR}EEzDTW]C
;[XG!7
v'qtapi
	][,f{i'|
sq|o}qaEClw
]@`DRxPL
}]WLUMPTig]NEA\UCh~[
RMi1^^]Y
Bvll4F
CRQK_V
QXG?GKa>
$4:nk "&< k{7)>
!(NBcDZzWH
bZPFFOGSioEAC\@YDX~
P^G_EaSP_K	
e~WCae 'sja
ZTyS[\
QZkbumTBQAAS
TDjWBQPIFpVTWQ_
wuzv`+s9k!u}
w|x$1+{gg4
xS	RaG
CTP_QXP
#GjK?0
qJgGIU
^WCGHc
<,$,asp&#
wpDI}ebxlt
UASCO@		
ZSV/\pX[
D17wqqceG
cWWm\G
K[:f{i'sebbu~dow
DGQBUl}YA^M
g\JQEM
nshapt
G~XGFECVTT
]ExDG^NT@@QW
V^[a^G3
l}_D]DrCK
EP@H\$WRHBBH
lmmkpomds7
jINAxR
Q[U/Y&]
wr}(fbvD
\EU}Z{
^y^sFRDIP?
AKU6Q]U
wQXG^C
LcWEwBTDIPfYJQ
~sQFU\
}WPUy_PCODHt
qjIN@5RM\
 :%PWg
bepru`f
PfITXVR
FPN|	t_WB
Lx[tADJG
Z|_QT|YVDC^[-RcW'
TArJEU@gPDF\\T\
xS	RaG
CTP_QXP
qqyas=cc
Dy}C@UmuXSA^C\SAldG\UWU_~r@E@GBVcUBGZ]
9s1uk5][D^QF>:
cTPyRIL9
5GBiGUg
me;succ
{[BZ=:
\Cf@RxKK
xS	RaG
CTP_QXP
2PUt296&
c-ssucc
7LSMCK(
f0v &caDN@
HY!81+&ayp
7[iZ;R
MJVUMP
NL'8*?+
*/(0:2
<<7GBV:
PhdVdUCKX]_da^Y_QXKEmpZ\N^AVD
!(jW\AuT
^GV\DFPU
e4 !}kcD
~]\Wr\T}HaF
dguzs5.~
}ii{npfdpil
W^P6;7
 ! KCL~|M
HMl=H@\_BT@
^@gY]EV
tK\TJCXK^[
-W	@,S
VIdXYSc
!0$*6'![
*UWaEUCKfC@W	5>>NIl',,ak
BKVTTV
MA&]NY
r%z|f4v
*][^3UIs
,41rkc=b
\BcM@gG
B_BZSL:gKBF
luH@\_B]P
/fRpIE]BbVEEA[PT
\Cx^q@SVV\
-AFvEP
G^qXOS
ZBUWYCDCI
Zcerq#e2
bPT]YeFPZS
xVYE}V
SY\Q@K
6g&s$edA
po^@X@rCK
@RgR_CGbC%
U]GYPT
qUEGQTqMoM_AE]N
SFz['\^G
NA|XvWJD
g]_m\G
1G^q/;,akb=
9)%$>rsq;xy
B_C_VDloKBF
DQ^$`_][
NlzRWT
wrvsgq
[W7@U^{UHwHu
*='PCNs
63477cjo-cuc
THqY@%,
B_C_VFloKBF
Y__igXUQAEG
^Az[XGBgRFW^LPT
pTVfCG^[$
'7$VIiGUg
me;succ
\@fP^EGbC
.HGkQ:( 
+'4!<5
/fRaESsTI
c\SAGR\WmuKOP^FXTVpu\^T[DA>s
QWA0RBJ_
CRU_JB
A]_yTAtIb
hw{yw~g
]s-e !:ncap}h{coj;+"K_V
oEA!:0,#'
uELFCU
DfUBCX]^~|M
QhINSCB
WFdJEP
N\fPAV
4<CQR	
GSSK_V
woau+c
WNi		~K1$
@91rNVt]\DUT
UASCO@		
D17wqqceG
WaEUBHdQNYG)
WNi#8dr.3w
FgV^C\x
3DMsSEQGWu]BZAYB
d6qtt`gF
@RgTZAGbC
	m}oLyUH}Ie
&{7* lx}dbrd
.4(A^M :%7
BU^DtIP
5?GWCFaf
6","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181218115621.655","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->CurVer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000122","hKey->0x00000126","lpSubKey->(null)"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->DontShowSuperHidden"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000124","lpSubKey->(null)"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ForceActiveDesktopOn"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoActiveDesktop"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoWebView"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.665","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ClassicShell"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->SeparateProcess"
"20181218115621.675","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoNetCrawling"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181218115621.705","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoSimpleStartMenu"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000124","lpSubKey->Advanced"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Hidden"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowCompColor"
"20181218115621.715","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->HideFileExt"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->DontPrettyPath"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowInfoTip"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->HideIcons"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->MapNetDrvBtn"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->WebView"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Filter"
"20181218115621.725","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowSuperHidden"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->SeparateProcess"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->NoNetCrawling"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->ShellEx\IconHandler"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->DocObject"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->BrowseInPlace"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->Clsid"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000012e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->Clsid"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->IsShortcut"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000122","lpValueName->AlwaysShowExt"
"20181218115621.735","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->NeverShowExt"
"20181218115621.745","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.745","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\Program Files\Internet Explorer\iexplore.exe","dwDesiredAccess->GENERIC_READ"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\Program Files\Internet Explorer\iexplore.exe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115621.765","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->45056"
"20181218115621.765","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->45056"
"20181218115621.775","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->31744"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->31744"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20181218115621.805","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20181218115623.407","1336","HelpMe.exe","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\Program Files\Internet Explorer\iexplore.exe"
"20181218115623.417","1336","HelpMe.exe","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\Program Files\Internet Explorer\iexplore.exe.exe","lpNewFileName->C:\Program Files\Internet Explorer\iexplore.exe"
"20181218115623.427","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20181218115623.437","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\Program Files\Outlook Express\msimn.exe","dwDesiredAccess->GENERIC_READ"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\Program Files\Outlook Express\msimn.exe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181218115623.477","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->45056"
"20181218115623.477","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->45056"
"20181218115623.477","1336","HelpMe.exe","1176","memory","VirtualAllocEx","SUCCESS","0x00994000","th32ProcessID->1336","szExeFile->HelpMe.exe","lpAddress->0x00994000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->60416"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->60416"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181218115623.487","1336","HelpMe.exe","1176","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181218115623.497","1336","HelpMe.exe","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\Program Files\Outlook Express\msimn.exe"
"20181218115623.497","1336","HelpMe.exe","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\Program Files\Outlook Express\msimn.exe.exe","lpNewFileName->C:\Program Files\Outlook Express\msimn.exe"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000120","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->Compositing"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000120","lpSubKey->Control Panel\Desktop"
"20181218115623.507","1336","HelpMe.exe","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->LameButtonText"
"20181218115623.507","1336","HelpMe.exe","1176","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
1336.csv
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor
 	e<E#
Iu{Y/9n
yZEx-31)
y54181
58D&]731.
1cvx"P?
pSuc>n
'Yar(I+
hr|r< 
|raagfr|
$T5U9F8"F"
ws\7qA
R3X1R1
.2RegO
ey-TL!E3^+URR
vg`re\
strr39
"e &20
-Aa4&b
7\r0#c
8121R5[5
L91C(Y
_9=B,J0>pu
_$'&O+
5CL,E+
E93D"Y]
M8=E*Y
_$(W;J
"60D"Y
WW6J[vAS
%>HIE,E+
O81822D/Y
0m.e}eW;J
(z(>IOwu
M92M8D
N;4W;Jtqn`
/M#Y5J
zrenT#
O81<12D"Yu$4"
pe2,"D+_~
CU'H->u]E
!Xol)c
L&'E/J
_$"rag
4DURe"Y8J
mNamaX$&wlgd
H>21&7E/J
_$"peg
/M","*Y8
cEnqmv
Q*Hmlp8rF
Cey,>&u
M981"1M+Y
m",&1D-^
MxW*,W\)uIWB
E*/"sp#{
Q*kKzyX$XH
5e&30 
L;06=,W_
	z{W;J
8[RW;Jn! x
K:2[-Y
_$%&O+WGQC
_:9D"Y
edX) aEgV
	zF"#"'
K:5[-Z
j>qLwu
0=1M+Y
012M8D
_:pD"Y
_9326"Y8 
_`Kex-K*
^ieu"x
Q*Hehp8
Yuezy#{
C8x00 E'Y
/mgQuE
_$"D$[j
Q*W T+
M81E&Z
_$2D$[
_$"lpC
.[","p
O81M&ZM
t~|#B4
hi$dV8
`3b]X4
<~g5%s
#I(d2}
h>5yus
<ta0%g
`Y=nb(
9$`12}
35c2&s
34*1 h
b&EFcu
<J- #"
p`5#<p
ga$dV;
yy}? *
l@5rD=
XA~dh7
_=cADC
Se<d=l
sz)uu!
$ba9!c
ea5/u*
:J<:gy
 J3BBS
"_6&#<
=Y'$#<
iJL2RE
#"}#X7
$sc72~
sY<dc+
7dro^'
7r9mu!
&tr-2<
j*iodc
+2c5$b
~'&bxd
=Pa-0(
.[2[6*,"
72D"nil
=R0Z1011
-2 edpM
3!P1956
!D9X5*,"
72D"@el
BU;S*,"
rcE>OEN
1 X0812
#D"^ir
,.Xx800
#<J1;36
`#Z0981
1 X0813
#<JHmlp
1!Zc*,"
6H-JhNil
0'^"$"f
q%e&ex
72D"nil
S/R;"$""
d=V0p00
/$_7*,"
0(Y1=62
R2D"8x0
LuFepe"
#Y7J,*He
l2D"_ri
db'fJyt
!XbJ,*nN
2F#Y3;6"
yuJ,*lp
luE>Kom
yuJ,*11
<H0[3>",
t~Hif D
#D|[aa
_^J2|;
i}|7|M
Tt\t.-
R#M|^uZ
f#k&+r
e]n^ip
+Gh33O
eEM	~_nNK
T`Is%Lp
833%b233G
)q$	,V
Hy733O5
U033O4
bkNf8Q
Dw433G
QwQUCg
%P433:
QwQU_g
:33O4T
49Qzki
QwQU_g
|$iO!H
@Ww@t,
 CD%e3
p&:aR2a^
@Io"G.