Sample details: afca47c8654552c92da7cbede40207a8 --

Hashes
MD5: afca47c8654552c92da7cbede40207a8
SHA1: cdcf1a00940b863cfd1c477954553dc407ae1532
SHA256: 8f0403fdcf9fa703fe72dea0a5c0d74f7c3d7c83a47aa7b26952da344ed3a481
SSDEEP: 24576:KEtl9mRda1bCSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJH:BEs1LMJbKx2nnG1y68r1g3
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/antisb_threatExpert | YRP/network_dropper | YRP/network_tcp_socket | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/android_meterpreter | YRP/Big_Numbers0 | YRP/Big_Numbers3 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | YRP/BASE64_table | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
Boolean
Integer
Cardinal
String
WideString
TObject
TObject
System
IInterface
System
TInterfacedObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
	TFileName
TSearchRecX
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide,x@
	EOverflow
EUnderflow
EInvalidPointer8y@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorp
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError8
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
tagEXCEPINFO 
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError8OA
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResourceshRA
EInvalidOperation
TThreadList
TPersistent
TPersistent
Classes
TInterfacedPersistent
TInterfacedPersistent
Classes
IStringsAdapter$
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStreamlXA
THandleStream
TFileStreamXYA
TCustomMemoryStream
TMemoryStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread
TComponentName0^A
IDesignerNotify$
Classes
TComponent
TComponentX_A
Classes
TBasicActionLink
TBasicAction
TBasicAction8aA
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
oav` c
oaZq5aL
Olx$co
n]h$XA
Eu<E4&
-&pGjd
8t=,#xh
XY]H]&
bAYm?D}
<7YG<X[C,
+K'lQDEuttBl
	{<t+(
(kttIn
ttLsO9 
>[P6tr
8c)||3
?]q0I*
=Wq:aOZ
Q_^[HPF$
lIq_^[C
j,->+;
3C\T0Ct
|,9@uY
<$d22GC0<C
;W2n	^s2
.rland\Delphi\Locales
_^[YY]
;IA@$Qgg
W$t?'s
odInactive	odNoAccel
4sFect
$ReF%rzP$1
Z$RqF%r~P$2^]$C
9Em=&b0.
TOwnerDrawState
t?wf,A
E$Y#Eu
4a~|,^
E|^w@3
+(1)HPM
Y]CzQ5$
rUtiBs
l2@F9_
Y/v=E1na|5cd
de0p4$
{v'cR)l@
Et:ROC
<m<!*h
$^u)Sh
uDM$v@
yYYYd	m
Xj98u`pvE
_^[YY]
vN1S]I
paLc)z4
	0tQX 
*v=@.a
0dOeeM&
;<P48R
c!+B&|
@drtzv
a@LPjUcr-;/
Yu8{P!
RhJ'R'
~/dYY]
LY^^[H
Fxu9+-
gJN3sD
tSk|ka
c$G)t-
a)Pt'@
C(Amu/
sS\_H%
J^^[{+7
Fbom,ade
)l_indow
ziantTypeG
EVariantUnexpectedEf
>	nvT,ihr2a`])cd
EVariantDis
5cdErr+
sClXdr
`goCil	
oal*isA
oss%Frdpg
ZOC s^
CVQt(p
/]V*\*
b-REfA
b-Ygn-o
t<T^[Y>
`l3DLight
i-`.w]
L^AHARSET
W^AHARSET
CQE	AGU
t9;wlt4
FLVhp/D
t$;C8u
QQQQSVW
t#;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
TContainedAction
TContainedAction
ActnList
Category
TCustomActionList$DD
TCustomActionList
ActnList
TShortCutList
TShortCutList
ActnList
TCustomAction
TCustomAction
ActnList
TActionLinkSV
u*;~8u
R0Z_^[
;Blu	3
$:Cjt_
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0]_^[
$Z]_^[
TChangeLinkDUD
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
MenusTnD
TMenuAutoFlag
TMenuActionLink
	TMenuItem8pD
	TMenuItem
Action
	AutoCheck
AutoHotkeys
AutoLineReduction8
Bitmap
Caption
Checked
SubMenuImages
Default
EnabledT
GroupIndex
HelpContext
Hint@UD
ImageIndex
	RadioItem
ShortCut
Visible
OnClick
OnDrawItem mD
OnAdvancedDrawItem
OnMeasureItem
TMenu,tD
	TMainMenu
	TMainMenu
AutoHotkeysPnD
AutoLineReduction
	AutoMerge
BiDiMode
Images
	OwnerDraw
ParentBiDiMode\lD
OnChange
TPopupAlignment
paLeft
paRight
paCenter
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenu
	AlignmentPnD
AutoHotkeysPnD
AutoLineReduction
	AutoPopup
BiDiMode
HelpContext
Images0wD
MenuAnimation
	OwnerDraw
ParentBiDiMode
TrackButton\lD
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
_^[YY]
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
_^[YY]
Ih;J4u
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
TControlScrollBar
TControlScrollBar
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControlH
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms@
TBorderStyle
IDesignerHook,^A
Forms	
IOleForm$
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms 
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
Formst
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomForm
TCustomForml
TFormp
FormsU
Action
ActiveControl<7C
AlphaBlendT
AlphaBlendValued>C
Anchors
AutoScroll
AutoSize
BiDiModeh
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManager
DefaultMonitor
DockSite
DragKind8=C
DragMode
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
_^[YY]
S,_^[]
$Z]_^[
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
$Z]_^[
~D_^[Y]
Y_^[Y]
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
CURRENT_USER
ThreadTimerT
ThreadLoopFile
FormCreate
	tmr1Timer
	TFrm_Main
	TFrm_Main
Un_Main
SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon
Explorer.exe  HelpMe.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
\Soft.lnk
Stone,I hate you!
:\AutoRun.exe
:\AUTORUN.INF
AutoRun.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
HelpMe.exe
\HelpMe.exe
QQQQQQQSVW3
:\HelpMe.exe
:\AUTORUN.INF
HelpMe.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
Your disk is removed!
_^[YY]
\HelpMe.exe
\notepad.exe
Internet Explorer\iexplore.exe
Outlook Express\msimn.exe
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
MS Sans Serif
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
lNariablms/Youpdo
#suffhc
`nt hsi
olegUr 
gnstYnl
#J all utess o6"t
instjlla
\<Jivilegds!to mkd
lKecurhty 
this fxl
!SeDqp
nnn'p 
j [JY 
bay(ke
{e Aju
`pe"dt
>]ctly-  [
>Kion: [4]
_OS0Vr
K]}%Ue
9Ke it!is 
+%Vdows. ! You 
gy need
update!your 
veratin
\?Astem fnr thi
&progra
\8W work borrectky.  [E
jSUPPORUTEXT]0|{Packa
lNersion; [3],
HS Prot
8]d vershon: [
Z, SFP 
>Wr: [5]|}An e2uor occ
>]d duriog thepnnstall
%Wn of arsembl
'compon
[2]. HSESULTJ'[3]. {
?Kembly hnterf
de: [4]
\*Mnction; [5],
fssembl
\"Yme: [6\}}War
nng [1]
, ]ase waht whi
b Windo
l[onfiguses [P
hductNa
atheriog req
nred in
>Uation./.An i
sernal 
>Wr has ncgqrr
c.  ([2
[3]   Z4]   [=]   [6
[7]   Z8]) [UZRORSUP
lTEXT]RdmovinG(older 
>Kions og this
ipplica
#V...Preqaring`|o remo
lWlder vdrsionpgf this
<Hlicatinn...S
|up can
get aturibut
{ for f
[3].  Werify
|hat th
\*Qle exirts in
qour sy
)U and tiat yo
(have s
*Qcient qermis
aons to
	<\ate it/Setup
kannot 
)Yte a tdmpora
q file 
l^older Z3].  
mrify t
the fomder e
asts in
#Mr systdm and }hat yo
\$Yve sufgiciend)permis
#Vs to uqdate I}.Setup
-Vnot fiod the
{equire
\*Qle IMAFEHLP.
EL in y
system/  Thi#)file i
\"]eded tn vali
hte the
%Te [2].! [ERR?[SUPPOR
(	`T]Setuq cann
} find 
file kdy '[2
. in ca
"]t '[3]&.  Ch
jk your
#Vnectioo to t
l netwo
or CD-SOI$dr
& rnr other pod
ht]`l solution7
uhis proble
&sQd [SETUPHEL
OLqEIR].Setup 
hn[u access a r
babinet.  C 
xour connecl
uo the netw
nr CD-ROM d
!   For oth
uential sol
r to this pN
l, see [SETY
QFILEDIR].O
!Setup enco
dd a proble
h the Offic
nce Engine,,p~s&em error: [R^) 
Rlease open
TPHELPFILED
od look for
hce Source 
d`izg" for info
on on how t
-ue_nlve this p
aelYn.The contrG~''
0]' on dialoq''
1]' cannot 
zdehp values lo
zbr4uhan [5] ch
ers.  The v
srel%[4]' excee
js limit, a
p been trun3Hse
,Setup cannGX'l
ad RichEd20
" [ERRORSUP
DXT]{[Produ
DIaye] }Setup c
]wlqted success
Eklm.{[ProductN
]b]4}Setup fail
T)Izfo [1].An inEbrzal error hag
hcwurred: ([2]
r'[']   [4]   [2]b b[w]b o[e]t %[z]k.a 
itkbf7l/:l}2A0t,oh 
c*e4s`A?p>i&api-nl1|M&cvo1o$toO-fnc' 
c1e6st2b0n Aa6a a*e
d6i+M?c;o6o1tgO*f0c5 
d%I:M$cto
n7b/e(E9c)l%A p-i a?i.ni1wM c<o5o)t)O2f/c7 
p9l'cit$o/E1c+lgB"c$u>Mncso[oft
Off)ce Dxbel Baciup FileExcel.Chart.8Mi
soft Office Excel ChartExcel.CSVMicrosoft Offi
l 4.0 Macr
d.12eicrOsof4 Ofgibe Exc
l Binary WopksheetExcel
eetMacroEnabled.12Microsoft Office Excel Macro'
nabled-
KMicros
ft Office G
ceipSLD
 Impor~
FormatExcel.Templ
orksXacemicr/sofu Nffice
Excel WorksraceExcel.XL
crosoft Office?
xce\ X
HTN0 D,cum
te2icr
icePExc
ML Temp
an,FAleMsGra0h.Ciast.8Mi
rosoft Grapj ChartMSPro
t.MPXMicrosoft Office Project Exchange Filg (MUX)M[
roz%ct
ctHicq
odt"Oe
cg Rrl
ct%DocH
enTmSPb/jek
.Pwojeat.9MSProject.T
~e@o\e SEcti/nOuulnok.Fi
e.msgOutlook ItemPowerP
t.Show.12Microsoft Office PowerPoint Pq
esentationPowerPoint.Show
int.{lidE.8M)crorogt Off
ce PowerPoint 97-2003 S
ePowerPoint.SlideMacroEnabled)
e WSwet
edcSli
w.1LMic
 Po7erPoint
opna\ePoWerP/int/Tdmplat
MacroEnabled.12Microsof
ffice PowerPoint Macro-Enabled Design TemplatePublisher.Documf
Mi{~osW`t cdfi%f P6cli2
gisIu.DBowivk.1?Uicq
soft O
11MMcroaoft!Obfice >hsio WorkspqceWord.Docume
|UUZPV
w\PF^V]Kd\AW
wocFTt
12~Prj\J~
12~ZZc~b~
|atRGVdW
^plRGV
wUUicV
gemC_R
MiPAVbwwl
RAdw\A
Z_VuZ[
]tw\A]{G^
ro@\UG
plRGVD\AWK^_UZ_V~Q
Aos\UG
w\PF^en\AccAssS{ortBupCreat
!databases qnd programs t
fZPQcrPPV@@
t`[\AtCFG
HZCrAGO~
\@\Ut pXKRc|ATR]QIV
z^C\rt
]W@ a\F
oCAV\@\^
P&YW@P
Ejo*PA\@
[orGpFGp
\raGZEV
MMVX@CRPVK
 s[RAV
CA\PGPG@
V^QVA@
MicVosott Ogfmce Gr
nve.IgxAppSxortCutIgxApp|
cRGZ\]
R]TFRTV`[\AGCuG
O~VPA\@\Ut |_w
R]XFRge
V|MZPA
_Z[RGio]~ZZc~
\UGleQ
pAeaGV
AV dZR^cy|k
yC\cKPR]
`ca]OtzPA
 D\PF^V]M9`PRV
^F_GZC_V
PumV]G@
AVP\T]ZIV tMxt Mn i
age!dkcumen
r by using ]icrosoft Offi
Z]XVi!3l(
[ fRK(./
Mos\U1
Qt z^,:f
KOfUw,
YfiPVm
Mos\U1
LtiP@m4j
Qd C\+6d4!AU\A
vSS[\AGpFG|z`O
|UficV
~^naTVAE
YilMs b] us{ng Ligrosof
!Office Picdure Manager.O
R]WFZ]U\A^RK
A\@\UG
UUZPe |]Vp	7V
UUZce`[\A
FG}VDw
}VD MZPA\@\UG
w\cu^V]G
~icA\@Y
|UUZP]
\PFme]G
,AX@[VV
V]GatZ\]
daGRQRM
J|@R|C]
UZce`[[1G
7|CVQw
*2 *]W
Vn R]GF+
AXK[Vet
prV@V]GRGZ\]
datsbasd.Kutloo
RhortCutSent and receive 
YG OUT
chk`hoAF
GRGZWQ@
fY.\D@
QJ u@Z]
A\@\^G
MWUVctc
JLo`rvrP	P
	C A\@WU
6]G@pA]RGZ
RPP\F]G
\UilV@
~Z[M\@\ft
&PGZ]T
~ZPro@\UGF,UUZPV
YVPt {ervAr.P`ojebtWhortC
uPlan, trac{, and manage 
cA\@\UG
|UUZPZ
A\YecG
KV`[\M
VttVJb5
R_u8dV
hoKlpF
t v~UQr|
, J}Vu5
~k^RMq\]
zntVKRw
ZTitR_
GZUZPR
U\A Vqr
cA\YVPG@g[Z@
CAogZam Greafes ` welf-s
fned digita| certificate 
.eZ@`wxp_Q`[\AGPFGeSDxp\WVO~ZPA\@
|UfiPV
`R^Cle@
MQARAJp\
`R^Cle@
nK!ARAJ
P\We @,KRTVG@
Z\Fs XCDEW"TV@n
w\PsSZM
A6Ge`|
O~ZcrUY\\V
`wK w\PFWGJGRGZ\]
G1V]PV@
arGZP_VItM@`wxcFZ
hS[\AGPF
wxcFQO
ro@\UG
|\D*PV
So_FGZ\]
VQ_Z@[Z]
cMQli@[
p\^C\]V]GeZ@`wxSaEpleWSho`tcuuVWDKSam
}Microsoft _ffice Visio S
gFRT!7
Z@`wxk
L`[orF AVtq
\soTPbmDDK V
wK fMMF
wiHCPW@
ypWNKAARH-&K
GwV@Z_
^RnaTV
BFR_ZGJ
ta]WRAW@i&%@
it_7cDZNJ
ExJP&@@Z
KAGw7VgA
V+)+XG
L S[[PGrMK
Z\]s DZG[
~ZPA\@\UG
|UUicM ShEreP}int!Dasigne
/WordShortCetCreate and e
AVC\AG@
Q\\klVG@
~ZPA\soUG
kw\cs`[-VGpFGwV@
R]W fZXN
U\rm@bVM
CLD,A^RL
[A\ugZM
IRGioT
PWbNVD
}_UkCV]
VnA@aVRW
L/J|CV]
|]_CFKPvWZG
OnV]\GVc
PrZ]GW\PRV._W\P^WW
doPK^_W\G
LG[G^_W\
doGKZPWZPNZPKZ]U\CYGhx^_^RGwV@ZT]
wV@ZT]PrMviegPre6vievmeu&Bro
semavmdbmdbhtmlmdimpdmpfm
lC\G^C\GKppappa^p
mK_^xlsxo@QKlshtmlxlsmxlsxxltxlthtmlxltmxltxxlwxsfxsnProgramMenuDevResourcesFolderMSDEVRES|2007 Microsoft Office System Developer Resources:MSDEVRESProgramMenuToolsFolderOFFTOOLS|Microsoft Office Tools:OFFTOOLSreg0005F9DFB11EE5635A031DA038FF9A9EProofreg005D9574E2D206D307893F81DC06F0E7XLSTARTreg007403245A6C2E1B47D99463BADEE414&Edit,0,2reg011805B5691E5D3A57178868B4475ADDreg03CD7777AA2DAED32797C8B568F9C1D8ODBC Databases ()reg03DBDA1638A26F85DE631FDFD910A3E2reg052959FD7BA37014ECB8CF441EEF4CEDreg053021A21AC3B51B76AE8DB4EEC85A10reg059EA896AF64E4B3C2BDEB978FEF45B2reg05C9ECA53A18DE59D4E90A206F1E8D63reg065FF1D29B341AE1C0BF30CC8CD1B659reg069934FBC337B13F2344D653E403B6C4reg074F12DDC24D6F5D82D9EF4ADF52164Areg0781CEDF1554451FAE08B0CED280FD9A&Open,0,2reg083407F478A29DA646EB5117D3A9E635&Edit,0,0reg08BEA2DCAE078C258741E0D7108BD07Creg092828397513E52292017A31A83641B0Microsoft Office Groove Tool Archivereg099E4C7BEC45A3E2CD2B60411969B808reg09F441C44F2F58849BB7167D2B60891Areg0AD85CE2F6DCD301614EFF655A29A5F1reg0BA730632E4155B0DA2C19FF22F8EF84reg0D1CB378DF8DDEBD9895CF074BB6DBA3reg0D432EA6E2D260FE3F7CE05C19DA7C3Creg0D4FF606B6C0E18C9927C7F58DAA9EA2reg0D50E43B439F38F7B6EC7B670E547363reg0E8181654F86BF43E0210A09B07166FCreg0F4108C4DF2AEB55CE34479C6EABCC72Exchange Unified Messaging support for voice-mail and fax integration.reg0FABA33AA368F6A79434E8295ADC3B94reg0FEF2F81B1EB050C47DF4685639C3C16reg11F6C813D8AD39AA636B556C26735889PERT Analysisreg1220626D7618A26DB7F1C9EAA21CA016reg12A7CEE4CD6BE6F2381D17357DDADE26HTML Documents (*.html;*.htm)reg1411C2D32DB44311EE597468B3CC9BFAreg14491C5CA73AD97D3AF85015763FE988Adds Send to OneNote and Notes about this Item buttons to the command barreg1497460DE8A54C48A970D2D5ADD74FA3reg1525240504C166D47CB0781930C854A9reg15BEA710FD8A9D51AA6E86128103A3E3reg15DA56F824CD70C86C574A63FD856E03reg168E77160EC30C1660E372B1462A4115reg16EB6FBEB4FED73DC18392B8F105E908reg171EC7CD6ADC2A055672DE0AC43A2899reg1770F2FFE4526FA0E43D6275ED9EE4A7&Save As...,0,2reg178474FDE68D0991784D00DD923B41EAreg18FD1ACF1B96F1D2A846CA4BA8D8CB44reg19B311FCB7F3AB5C6BB6DDCACC605410Word 2007 Macro-enabled Documentreg1A2A1A3AE3DB93E280CCAD552874DC31reg1B3C88E27294452C44403127B9D62AD8Excel Binary Workbook (*.xlsb)reg1B455DB5F69002EE80B8A8A99B24FF91reg1D17C7235462E360F6FA28EBDB8C4E7Freg1D9171B8712375DBE78F5B50F2997932reg1E4199476049D9525A24283F5299439Dreg1E82372B07C9A01A9111B50FE89C3FE9dBASE IV (*.dbf)reg1E9D39EB5F210ACB12559632C2E69CF2&Open in Microsoft Office Excelreg1EA99958A8AC0CC562386CDCC4725B56Exchange()reg1FBC13F269CE1ECDCB7506EDB8D328E5AddInsreg1FD567A744988A3442A6F6AA9E6A60F3reg21AE301008F9A0BA5403E2831BA46E70&Edit with Microsoft Expression Webreg21E41606A7192A7958C9845C7FA6BA82reg227AD8C87F11A8BB0D27F38D3921287Dreg2287B1A993A3863AC36CBE9014371B50reg24D1EC6BD2320EBDA2C41E9CB6DFE748reg25E4A23BD7B5145373EB6A58A01B336Dreg267BB383ED7581CEB396359EBA7C7050Microsoft &Access Data Pagereg2759B5FDC51A2730F82DFC6259E4EAD6Microsoft Office Visio Add-Onreg2762F2E6F78D87B79F49C654F090A41Areg27B840370F12B098BF71A062D809C627reg27E96DFC7E93DECD717DB4D1F7358633&Edit with Microsoft Office SharePoint Designerreg2809C64505F28DB09379F4D3E2605995reg28B0C76451F36B37BE0E6F61F6F33EA6Microsoft Office Groove Proxy for Outlook Add-inreg28B9C489B20D8668EDD41AE5DAD4205Ereg28C2BC4052B2BDB70109E369347CDC3Freg28EA185236D5950D5AC3F6EC2B11D56AMicrosoft Office Groove Space Archivereg294CC655E304CBA4996C0012176C40A4&Edit with Notepadreg29A81CA3A0B3CBFBB498CCA1DD60539Areg2A14692C0B1D2B72D9C372A2A4DE06C8Paradox 4 (*.db)reg2A88946DC951AC035EC98F0967AD065Areg2ADC0D99F3C11EB901212CA22B9369C7Microsoft Office PowerPoint previewerreg2B773B288DFE5F0DFF83894F6479EFA3reg2BC91F563F20C0181C7F7B102A6C669Areg2BF04053C402D67F12BFA1F4FFA8FB86reg2DC60DF677D0A211FE14C80A9D27DC4F&Open, 0, 2reg2DC7FF94DCA902A47DE7FCDA8B68B2FAreg2E94A9D08D524436EF3D59A425C01DEEreg2EBF0742222D9182D35E8C82CD4203F0reg304BA8C9C754F4A535D3B24F66FB8872reg304EC0DB0EBCF82E95A0476C4819E289Application Datareg30A6325726864B96D39C39F2C26F1421The Add-in allows Microsoft Access to integrate with and enable automated scenarios around Data Collection and Publishing around user created Access solutionsreg3107FFB925A9F4D4139028A2835E9BEDreg310CF7D3401BD33AE3C8B8C018C1FBC9reg3173645541362161D141D8BE752EB7F9reg3191C79205C9ED2BB7F7629257A00D05reg334AD94322A0D76EB40962AA3C74746FAdjusts project start dates and all constraints within a projectreg3393D922107AD4EB0A78F594C5C2D03Freg33A0949A0360B3B3B9B61977F0E6EA71reg33DD9261B98CF9670F86303C6DA747C7reg340CB4EF259171F5C656D4E14977A5BFreg3448208657DAC09AB3AE301C48303526reg34BD00F1A73302335A6B7BCAF40D9795&Open with Microsoft Office SharePoint Designerreg35314B2CE20A4A3A050E61DEE1223ADDreg35A4C07CDC82E830968204054457428Ereg35B2E4A5D715C2204D1DB7D281D59A8DMicrosoft Access Outlook Add-in for Data Collection and Publishingreg36052154150318D8ABD05CB84B5E38D4Microsoft Office Word previewerreg36C00FA4126418B44123B994C0554359reg3729B46C8DBEE209D53B1CC4A22EC32Areg379E2A47C1AA5DC01B982EE188A9C80A&Researchreg3823CF0FD84BF07134B214C922FE99E2reg3A0E418BDAA31FE015B9233CD04E6DA4Microsoft Office Groove Filereg3A3012489D1E7E69307667CFEA22C862reg3ADBDA109826C6868014E31F0781E925reg3B125046785390EFAD732C472328AAC3reg3B364E4B829A5BACDC414FC8A6021551Microsoft Office Groove Remote Filereg3BB3CA95607C1D8CA9523D466E6B013Freg3C5A7128277C316A50C7A72E0444E038reg3D0CF844BC6A7C3A771C45F47E86DF9Freg3D84238A977243F751F76B43B3FDD625S&how,0,2reg3D93AC9182D64E51AA9E877E3FF233DEAccess default location: Wizard Databasesreg3E0C50AFC2A6BFA79BC8789F5ADA3AB7reg3ECB58C4E4A9F1247C3D8245E63C0A99reg3EEC0F402B1ECE922F6773BBB15ED202Presentationreg3FFC766B9248A4CB1CC63D573F458977reg414F11BC67CD643236734DA034728180reg41F3A4F6DA5BAB49C6C2D7CBF8E0D8F0reg41FF364DB5E121334E5D73D150BCA91Creg4233D9578D83AA196740A80799FA2DD0reg43280322FF5C47AF2949CC3A025CBC9Freg43DFAF5B8CD9157E6F37F474D3EBFED8&Save Asreg442B5C8952B10996B6268E321EC8A792Microsoft Office Groove VCardreg44571913616D8CA2027CBF19EDE7E4E7reg451F21F211EBD9E00277BF27EEF2EEAB&Open in Excelreg456E37CAD9DC0CBFF333A379C17A430Creg4690371FF2B771F3F3FC75BED8B6915AMicrosoft &Excel Worksheetreg4741849934C79B9236B137551305284Breg47B58DC63A4F839F02702405C85E2BD3This wizard helps you to resolve replication conflicts in Access and SQL Server.reg4918390413F5EDF84F70EDAE5BAA8822reg498B8862E916C3CD4B9EB577F114A044reg4A9CAC887DD0369C475697A5D71AC1DDreg4B5FEDCB6E7D93C0E28AE0890B8901CFreg4C6AB154FC13A5A9BA7153C1909DE249reg4D992677B645D33E9E5358DDF3C58953reg4DB12F40BC5DDA8371AF9D3B2A6C3690reg4DCCE517D3AF59417F40BF6F889F4987Desktopreg4E2215E2C9B8B501F318C78D3BA2C715reg4E7CED7DAE0A20190D6756403558E732reg4F07B3B4D814A6F75C8A0EBEA3619FD3Visioreg4FA1496AD7D17777549A749E01CE35BBreg502AE1A142BE6373DC4DB8E493FBFF46dBASE III (*.dbf)reg513C4ED015E3B70DBE1A9E4D7BCAD2C4reg5161203B39E75ADF825E1012C86AA589Send to OneNotereg51763D059D0CE7E09739E09FE8072702reg518401DA3D281178D610BC636C709E2AWeb Sitesreg52F950B879162EA45930A8794E69E3C5reg536EC9546430FA166D2A825F5A93C372reg543DCB92FBF2E3C676CE027D9EE48162dBASE 5 (*.dbf)reg54851144F8B8731E45E868D86A6E9265Stationeryreg54BCA6E759EB27FDAA92C64FC0E680B5reg5508E4E14E6A8E47542531AF19AAE559reg5524404F5CB515FCF3C116C7E24E5285Projectreg552FB8256C57B318F4BADE5812182AF5Lotus 1-2-3/DOS (*.wj*)reg567A61CBCE74D1647F2FFCF3E796619BWord 2007 Documentreg5703174B35377F327156886CE6045231reg573C928E3B1657rE6
3DB98B355B
E{0reg580I1{3f5
C#AX00Bd4kAP5K9+A"17reg587
F595D285
B2BCE0DJB
E	iCr+s
 $fFi0eHS
 OrRp,iC 
ltr2g\9[A!B.3EEaDq9QAP1/DT9BF-9@8/AWE\r8p
r#gG9TD)7W5N4gDQCYA\4,CF9e1
CPBI350he)5.0c3Y0S5/1CD
C^7R1M8DEZ00BR9dAJr
gPA%B(C"B-6\F%9
EKByAyBw8
5RDBAE6
5b0d8oA
5&2D1]2]E"B
B\B+1LAa179D0AFI3)FAC2A'8P3
eG5"DM3E2\E[EPD1AP9]9(E
8_C#5_0U8Rr
Db2X4FE(FS8X1DA
FUFYCRFJ2
eG566WCQ1T9FA\8_3UE#EbAPBYC
3UAD9MA
g\DYA/D
E-0#7^A]ETE2B
9XA2EE2 1
B^9\CBC_8^A"8@9
3U8+DbD-B-DMBIn
rEgXE]AJ7#C
3M1XCQ8]6
523U8K6
5#5M6\CG7KDD24A842E59804A89CF82EMicrosoft Okf+c
 F0D7OA
cEs  ,a
eWEeg+n
rigvF#A13@DPE*D+6d1gAV6JCG543
5*EEF;B~4B2Q8M2
De1]CIDGD'3|A+4PM
fIc' &r
g80zB*0_BX5[1]D_6-760d4`8'0;71C>6
6U3f6sC.3D3V6PB42 3{B(A%6[5@AQ93M
tPV6AIf
rNO`t%o
ArAUFB0M8,9*F(3
Bm4!3:3BB>0xD
g91|5&3V1B9
FPC E.4PD3C^B31Y9P1{e*6T2,9C3a1`8QCIF6417{B[C,4\EL3k1Vr
gY1T4-9eFz3Y3@6A8311E6333FB978D2Ereg626F42EB841=2
D\A,6]F16i0!5TB[5\P
red-xL(_.
b.r#gC2ZE^3CCYE'F39xDA1C3X0A1
EY1Z4C2(ihr"s
hAn eRU
6FE$CFA
4JF'7$7.1<1	A 4 3_AG2ZC
e~r$gU4D6[536UEdD
FZ50ETD#2ED77
0W7AC*O; $dD-*nAf
rTM: ?r
jpc5 A2^0
6WD'504-D]7(1
DaA.441S5KCA5W8T0Wrogt5RD D(AVFDB+E7A[2'AI4
D04D9ED_2
eG6s5V9[F!7T6
64BB3CD_D*2
FxB]8$1^R	c
gB56917FEC46918FE3924EA632EC4FC92PrypEr
gU6*1aFNA-2+5P8
AWE,AM7
D_8^E@9(E
EoEa4}5_9Q6SBd6L8XCX1S6fC*7RA5rEgX8^0cAZC+F(4G344,8-6
9\6T9 D]9
eG6L3\1d6W0\5,6SA
7g4UFS8_DTC
gP8aAr4YAV0ADTC+818C4$C~4ZA
FU8_271+C 6
FS4+317
4z9.rEgU9\6_9D0SD:8CC
CG2 3]6J7,C53Q3F5
eG6Q7UA_5C1
F\F(3F0F7$9/9Y9#CUDfD
9M5ZCA1_2V5
DQBR178U9\D
5_9&5\13Om 2d
rMMs 9r
t`sbaLP
oon9,AW
rNVls.oRd
 Go7yRP
EV6P82242FEE93A1E7B9F487C32BAreg6A45C74	1-7TA 67FzE$8SD575A
22B0r7g_B"4P3F85FwA_06DW61D
E*35DB9|0W0
2+D,BRCD8mCG5
CCFC1.0h21Dx9-8FrNg
Ds9T9^A@0$B*0P5B1!6c6TC\3W627cE>a
oX F ]*^d
606d3|AS0+4\5FD"8
C#F]EZE,4E3f5.P
7N8L(C.
gWD07&9-5
B#39407dE$4:0&FU7]0]F52mi
e	61Dc2
9c17DbD
2%0TEA9'B"3PO
e	6*1C1-DQEB1
2#0[94D[0]1
AZ8%4[5\r
E"8,3Z416BF\0)Cc3]E72CDB9
7X2VE3x
eL ,aCr
g@E*8\0%Ed5Z3+6WB7CE2,4)0
3"DB5)D iCr
ve Embedded Inkreg6F6E60EAB49B13306
1RF]4%A\9_5=4
r-gSF[0D91D
FuB$C_8A1711B`2e7RAA9K4
e`6`Cx6R2_1YEE9RD37
7tFTD]DHE~D
rIs$ <r
6fED2,F
2dFs9*5]CFAq5_Cb1@D00
3DBV615}D\9L8]9AE@9jED3%F[DV4ve77W7
BB5@EfET8
0+6@2|CZE\F9EEB1F4reg70D2778E7BF614725A3216E4
8e9 DMED9=4AFw5 7WEBD@65Egr$g[2YBW8
CW9*0]7]02A
2SAGAV7SC
FS1myFP
ezr(gR2B3$8^EXE.0&D75"2|9,AXFPCWA[6!2
7&77B'0'6^8X4 CE704}6Z2-6Z3BE6r'g^2L7^1 0@DJE7DeCPBB1+D*D,1%FG1|E
7\2A3<8
A,E_4.BA9.3S5C7\4WB-DE0wr
gY3R9/9J3Z63B
5m1U3D6:0
3x6^DGEw49eg74E9148142176A08E955CD1D84C35FB-r&gV4(8V0+803
A+6[BV5 6b0'D,E
3;eG7v7^3\3T0'A
At2*BJA/A
Ar6$2+1X4_F
e	7RAT8
3n1^61AY1VF\6&EeDQ6(D
3|4Vr6g_5,268
9+C|2P2RDS9
g^551[7T3^6\De0EAPD^0]B[CG3d1]5,37l
d	rrgz5#C+2E7d6,6_1&E#DLD
6,87FL2
eG7D0T3]3V9&4 3
8U1\E@D
A/9X924'36r
274N6X3U8'4%7g1C4 7
3_D 3]B
eG7_CFCb2]9]056aAX9\5
6\9 DYCB0+1{r
gC6f4$6\BZ0@7PE+0f0@9YBUB&6FEK9
l	sA(H.
0"4TAV9+3]26AfE&1&0a4^3 229G8
8x1Z7dE
4b6#5VE1C\8B5
eG7ZDG50E12$AV1@0U6NEeBXDQFEE\B@5SrOgvA
ESEX8*AAC00[E\8
3S2%0Z9+6\2EARe
7 22D'2
F_FMC6AP8^1V6
A23'AFD!7-C1423v5
B$0VAS2T7
ec7gDl7UC70G6dF
8{8PB-8A941
r&g[BX2KD$FEDC8A25BFD6A782DEC241D86Microsoft Vf$i
7b8-BG2f4/6^4A8c22EW1(4ZC]ET6
gYBf9/2U8$3%8U2
A]3XEE8
 U-'-~ M*Zw
9_201d7[6.FGD
A4F$8T7[6V5
7-6V5[E2C
F 4)9%BVF!7R6bAB6*5SB
g^CLD'E
F[8TAfE#1\7d0-C!CV4^8)FeE?u
gXD3678 BP4
7'5_B_8A0W0VBS109UE
76E,4%8@5$6
803C5eF^4WC
F7FJD56@r
gZDeD32#911YED4E8RF E1B^9s9"4,EF2GE
lRe	7*22C
4UF-4)5*7O4
4W1B6Q431(F^F&rwg~EV1FF'C*E]1'AaF-3TE"2SES4
7TB{2\A01PF)4Q7UDe9yEUC 4RD!C
E,B2F CZ8[BW5
5pD_4P9R8&7
5:T2R Upr,gV0%3V098
F"5Y6XD$9%5
A}E/2V9TDQ5yD/CE3G9cAQ4TAF9'&pr
,_,_rEgK1@CG8UERFYE
CX5Z8YFV9\FdC67^4Re
8@D\4CDP0b4
2^ARBVC\7x3X2B8B1
gL3U1a1CD_6
C53CCGCS9"4XC
DrBKEC9
6W319#8TCB1(BV8"3cE2CQ5,8Q1.B2rEg\3&AE6^ERE#2
B&6V1[9D7PC>4MC#B
BR5DD$1YAMF_A_7V9a855Z9Y9Ur
gO5eA&8*9TEB8EE
6%3\9,2]A14
8C0D4b7"B
8TC+503S9ZA(A!0RCd7W10rEgQ6VCB0,3J2^5T5)BS3
ENAZ6Y1!6XF55la r
 8eMpKaQe
6\5'EE6
D55%BJ8S2+FD9
gV7"2.2E9B7911A27CD98E0D05692D91Areg8824C
0-4C6D3dCR1S6F6U7 BY003=rEgW8C019eEWB_Cd1W5+6EF]BS00F
D+D0301
FVB+C6DV301eCWCE8DB
8P5)C4B[5'DB5
3&Al6^0
g]9<CdA,DLBA0d4_9"6a1S2-BF0YCT7D1ReO8d4WB
71B@CbC+D^3eE/D C)8_57r
A@5,C/DXDU8
0&D>6I2S3_BU4^8+F&3Re
8'3X0Z2K5J1f8@2LEA7Q6U9,D^CvFE61W
8&7(F_CV9
E`F51cB7CgEB6y6f9
FD4PO!g
ofo6tRO	f
8c212W6Y2'0k1-9,3)8JC*6uAXA(FU4Ur
DE3T402
A&7 FLEPC
9_1[C3DRe@8`A24
3W5kET87D+1L3@6SD]7b1f9C7
E 0*3L7YERE$C`AC2k0b8R6&BX5Re	9_FCD
FQ8/4A6[8'5_5&CX611S6RC
g\1A9XCD1/5+7(3
8+C-0AEe4'2(A.8XE6d
9]2KBG1Q0TF
5*9_0JBD1
FR6aAQ7TC 1B3EF
8@0 0SA[3
9A0WBE8]F+D*F
DPF00*CE661,Cb0B4)r
g\3F564HF
20BaFP0]6P618d7XF\009Re
9M2X315DB 4j55DD9V9'6+E
2FCFA+B0r
5]07315.A3B*2b4QDFFV1R9'6b9W6A5
9B2ZF_7WC
5!1KFK2*A7C~9
9`1G6T0gr
gK6!FRFWE
Eu503@9WBBE
6C43D104DBCAEA4EE8C542A74DD397reg#7
9Y5X7/3W610d6S7@778X6V5Y5
3#EexFe
x>r'gP8E82E
7/D(7W2\9L1
F[5BD1Df2Z5 1Re
9Y5[1QET0
FD8d3G8J2(B7F&rEgM8W7
4D2R9#2 8
9*5\C-7:0
9V8150FT5\5
0BBL3JCT2'D)Bw6
 j7T2^0P ,o
4QDW5Z2UE#E!2
9 A0D,4]7
g\AS2]6
6DA\1-1%5-2
4_2URUn<e(9
6dDD9-ESEf5.9T9ZA^7d3G1\81A!9Pr
g+AzB_0X8DFB9
1ZA*DAA
e	9%F&5xA
7PA]DUF03B1
8^C%7T7'4S6
3YC)6B5 0X8P4<D
6\3;C*8EFL8@0jf*i
kO2U0D ca
9.EZA+ADFe0\047F6]C\C!0Y7A0\2GDarMg
Eq6b6UA)1U2DE\3*6R5-9
eG9-3 3.AQAT6
218bA#BX1FATBP8S0OrEg\CO8]7226266g8c5B4CDP5(3QA
9c8T8WC'527
B]F\315
3U2U5X1X2OBar
gLCI0/CY1[0"0A7V0CB]8
0%8*3_A_8DARe
966WDP659S7c6_F,9U6Q3f4
D51X4z6 8/CY2[A5E
A]B@5\5,C
Ac3a20D#8aCYBV0'0Tr
FEC-2f9FDDAYEB2#Ce4B6_C
Ed618WD
 X7L-IE
cElS2D0A 2o
oOkF(E.
D^77Fc8\5.7B8
0TrEg70"9-4(3W4c6!F-0,56F^C^3#9[902
A]E#3%B{8X0@7W2_F(7'3aF50C4X132Pr
832P2F8X2S0z6(AF3QE*C-7S0
AS2[713'71689F1D84611E954A3328BCSoftware\Mikr+s
e91@.3\
rNSft9i
opo5t=I
t8EGx	outtt
 Lx4e	r
g/2$CFE\6 9I491a4YB6818GFWDXE:E?B4e
AZ8%BXE84;8
6TCC33C36!CU68F#5
iOnT pt
FQE^4DA,9"23B9D68EB347220F6My DocumentsregA0Du267PFAF`1$EEDFDwD"FG24FxA)95rfg
3 FPC4E
0WE(9L2"263M7?9
A&9UC60
AGCM1@B
DSE78U3]C64sB5163(AX431~M
owo,tUO
 -ekp-a
AE4D3=4
9 DIC62 0]FS8SADC2F
g#6SD13:6~7,A0C!0)3S1$0J50B10BF15regA8BC0B07641F7AD5BA0C60DW0
0@110$r
g/8%3]0
3]7N7 3'1H272/3-BW9
7gC<8be&AJ5CB$C7EFC+6X2+6
4Q0"4\7]E B%C%P(r
xE3R(L.
ga9[E^47A
E28@7F1FB*B0502 1'1^CtF
A'4CCCBY9V0^D
A6CP7%9W7&FTr	g-C
CT5VEG0]9ZC%C"Ed554
8C0n9Re
A*EZ5$7eD
5JDr4W6K120F2 BW7ErEg
DE2F2,FF8z9xC[E&5#F7AE1aDEA/A,7)i
lIeKtPoR 
lEcLiBnQ 
 PPpe2s
OUtLo,kOa
tee*d@f
ustamAi
 of)i0e
A,7[B\E
C 4 9*7-ESF'909r6X5-A03
g#EB6}0 0EBB5w6C0BEB0	1Y7A15F
1B1.15D07644B9803E1B1CC9EE702DChartregAdC`6SEFC^2 2/82A
D/6W05EP2.A]5
g F)E[619
6*E)5F0f9@6C25620)8D024
B44`4R6$2V6=9g542XB06P3f8uD@766.r
gb1&870W6RD1A+6X0^0bE09YB3D_E$B_8
eGB]8B9cA18 4T5'C
D$C@A45"0JC
g+2X3]ECF
7AC'1WE 7
6U6K5BA
C]7VF%6\597d8ZA74E2b0-0"2
g,2 60C^5
F'1EB(FT7/6AAa1+ECA
DSDC767Y0J4
F*0+4W1[1'r
g]3{E^5B9TC(1[B C
7F5TD4D*3 0^DDDRe
BJ254#5e5VE]8_53F!9C7G2+7.5W5[7
g44$EU4[0U4a659U6CAQ1S9*8LD
F_53A(i
eI |.^/O5AW
oK ^*Ox
g,42Fa4VFH1!FK1X4@2Z9+7\8aB
2gFGDWeIB
D:0m7L5`418
CtA*371]2Q2b0]3]30rEg!6^9XB37V8GCL8
E4E#2G6(1UD/062
7G1H5H8Q2f1
Bf2*5(FE4^5
g;73CS1
27ET1A4S2]F)C
eGBOA[1Z1*F]E
BWD\7_72CTF6C70+6Y9SMIc
l	oK F0I7Pp
oViLeV 
nEtO @eIpSyFu0b3t
a	eTyOu
,4a'dNr
om :r	a
on you need. With Office Outlook 20 7e 
aTi&nNw
kI2^0C Ma
nWtpeft
gb9E0V4"EQ0EDW9[6^2@B_D{D/A49"2[0
1I7-F+6,1D0&1A0
A-7DFREG2 CF3(r
g,9U9y1/7@E'FZ5Z0V8f7&2)3%DED0D
B#3G9]3\1XF
FU7%9!0D6$C27JrEggB18lBa0
0'C&4 EA4T251
eGBfFHA"2p6V1S0&12174
CBE^DV1-0T3Dr
g-D*2:CcFG1'E 3[8dB-AB6$3@1#6[B^4
B,7\8DCJ6_9/7
8[AZCF7.0
g4F(EY3Q6S9R0T6eE_C(BAAM4JA@7[5A7
3LCP6!710A0,DZAXFa5
gc0[AXFVCBAU3]1
AXCL0f1
7GB\ejC;3
269`C615C2A 6pA16CA(DPC[2R7@r
2KAJEY66C
1q1ZF75X2PB66
EUeBCBCb5
1Y1_8BCT0UE[AR4
8_542eEP4(r
g,1)CD1%ADB+6T9[9R7
B6B_5F5P3
CG4Z5V8-E05"4
D\Db9U6B7_34EU0$8Zr
gc2RE,B41
F^1_CK2)ERFB2
3BDf3regC264B82C23C56981C999D40967534CFcrBgf2JE
3eBY376
A+8.4BEc7'4
15D%1YA
B/A_F@7!3R6!DK3
83EQ8\DBDVAlFeLJt
2D3SWk3N(E.
eGCDEY1T9(4V9c8SD*5Y0UA1FQ8W9U1bDFr
g*3]AEF
5G0"A_F65$A 9
eGC]4XEM8
50F#5_5(CW7
CU8$8FBUr}gd3
1-6\B7Af4S6d7@7%0
CW9f825^0X8$F
0e5P5A0bCVM
g%3f4]1V4X8Z433M5J7{0
0QD6BF5
0gA%3J2
6(C*3U5a8,A\A1B
E"8^17r
g'5UE|4,ENBQ4^1YE A
2'CQD_5]9Z6 1=r
vzd1sOi
eGCR5P8_3\1!CWARA
6S3$CV0
7&FREJ7Zr
BRB/7QE
4^2Y4/A\9<BsF*B
8$1@FTA\6TC~1]0G3#1X1[3%6c1\17r
g&77A-8UF
8\0[7@FC8L7&6
1ZAB6X4J9
CV3bEQ2JBbBNCR5G1^1 C
6XBX9#7 Bc&'i
gcA D0615Z0@FB301F27B2E2A3E60702FregCAF3EDC22
8DBr$gCB23
]/2|#2'
z,]_%WT|^\!6-
@0DU)26
cI0xX\518z
P*P[B75%gfL
CS0r[LQ@\n3(
y&1DXSTK8+%
]Y/wL@UryM
dTQe513Z
r[Uy Z9UIv\(
[,2M6(qg'F\RWC0ru
,,JG4(
`"EaD^\K3%7
D_T1E&
"))S59&
04_JD'
Z,E@C7Vv`ZVY
gT^uW[tC3-JFS
3[ZFW4AE]f
]Y`4X_TWy0'
3QC+YQ152
t\7[GF%$
s/Q0!'gT
0Vu!5X78$
(ZA[EUB)
dCBaB].AEbC$+\EB,]FB%
Y/5U4~![A50)
X#|Z1@5%
RF]}\25AY
}/+A !
$0A/K1%
g[^y\-@`ZVA&FAR
z#)Ip,G^Dru
\)g070FQMq@GuW7Y03Ur
r\\^u_$4Xq
LFA+(KA&
X/]5A)
*\/SF =`L-T
/KBp'L+>i
uUQY;r@_
~%,W@zPQ1q
fGa.H:A93
X!_"JN
XCQ#z.U[Q
F5Ir_E" 3
!\-0OBMr^KSQ3kB<($C7U2<
$_$_75cN
]/$YDf,\0)4*6w
61KZ_{F*w%Q#<p*-M
r^Y3DQ0>J
tZ-WAD>Z/oQ(\^CmRL5y#
P__+B0
zXTRBHua
"=q^^1h
5AY!HF9{UU
CRY6\}D!S0:>h
0^-]EM4\bZD &-
QW@&G:~_wE$ DU7K
KP#A&8
+IR.JeSF
,S*2&H
]:Ap'-%+ jhm`'?
+DuRZ)p@
P^D0xBd,G3DGdQR5+7
F\9bY${B]PF5E93Cf
,^WF4BT1t:y+5W
$C}ZbZ]$3D?L[1
b_,PB852E46E83Re'DBB87
D3F@1DA:A60
FE8DApC64161rggECc4uA30B9
@B43CB20C62
A1933r9recDCDC40E
2C44F510690bEv9@rdgpE011702:1G9
81EDA0A8EC5regDD10EED7CC53DC62AA7AD3256FE6F311regDDD62D74194B06933590D2D879DC8794regDF2B73ADC0AA3A3351C4AF92D876B8D8regDF92398A5E4C65784FD0553C30AC473EregE1A26961142A18F0623992D84123AFD0regE2B9AEB1B31BE8A1D4E68304B7493C37
c+JFCP^v/)Z!Dn/C60UXq@W&5
ewE4P1.97[5
B<K012)EXrugEd/2
K9D924reg
;9F^C7.
84D"0!.
MB23P)
|@AregED
lde&L8
E39'FM
>DYDA0D
5B13eh
m40Eah
uFolor Variation
V-T7q:XBd7Y'S6J24G 1
mR.-r(
ZIq3EDE6-WC^
HKX'QWB3!cR+0K:
3*(^Gba5
&+A) R
TW%'E& 
UKXW^^Q
.\[ZR	
$DRA@d
*0WQ]'U
gDeR\6UWe-W0O
Z(bB\!
TO[PY-S
/-WF#F=
rr?uoft Expression WebregF6E21A807BB1958A34B612944(328
fro9Enabjed
tregF6F09C4D2A64A01254D07FD1B10106BATemplatesregF7656B9AFFC431F2324A2C4CF2009037regF7BC54C1CB3DA3C3B5ADDDD63D08B25AregF8D5B680BDD4E0F126820586D19718FCregF8F7EAA0654F712EB1D8CDFACD33B4ADregF99CF3C23286FA67A4B013
K:jleq
bapik`$Ig~g
x|us^]b
29747EC89752CF;GF4qfcBG5=F41E7C6@23;@GBA54C?7DLI=8>=MyikKN:H6LTSU 'S%$WRUT''T%"&&*'*%'
.rebFD6A
6AwGEEE
0-C1D?rnm
q5cF-8
3"1AC3C8w
GKtQrqc@dwrds
dtl+H`n%ldA*
a{vcpy33.~lm
Bldazt22
dml	aev@ph3?.elH
wecshoJ.el
fdN33.
[sdr<2/dyl
oae`uX33.ulm
Nlf3!.el~
nlDatt 2/dNl
c~mbtL33.tlm
hdl~33.Lln
pdwa@i120dml6
GjtJeQbmandUy\e
RdgOugrvV`l]eDxL
FyrF~edShrhnw
NefSntWawudEvA
dVdrZudrYV`l(e@
e`lgzdO
]rda\eVi~dnwux@
Raje@rhaxParNfFnee8
AldUDioi
i`lgzd
EsrerHnBo
fIlaleMiWt^S7tHc`nRi&e
SIGAtRp
chayFnlBesL
c`tfoo
rhtnIofY
LCorporation
NOffice.
^0-0000-000000000
X0!U0-
"memory","VirtualAT
eb75da","lpAddress->0x00000000","dwSize->6144","flAllocationT
0181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020"
000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb
","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29
2eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->
75473b7eac672eb75da","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProte
"8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx"
,"szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x000000
000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d
rtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac
ess->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"201810271
ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75d
","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14
y0b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29
->0x700
2018202
114563.
42",!13
0",";b1
510c:a2
b06319c
0a6c79a
11dffdc
943d:70
075443b
eac642e
75da!,"
020"+"m
75473b7eac672eb75da","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x0000
20181027114553.4
:66","8b14510c8a29c06329c00q6c69ac31df
943d970b
("dw\oCoktrocCodc->0
00310001","fpInIuffir->=x77k463!8",5nInSuffwrSiie->$x00&001
fer7>0x+012zc34?,"nQutBjffeRSizD->0Z000
","IpByResRBturFed-
12fH2c"
"lpbverBappJd->
329\00avc49 c11&fed c94wd97ub07s473%7ea+672,b75.a",i202|",")evi-e",mDev9ceI>Con&rolq,"S
S",t","?Dev1ce-g0x0j000k34"p"dw
oCo0tro3Cod
003[000[","
pIn'uff
r->Wx77
463X8",HnIn)uff	rSi
_001@0",SlpO
ferY>0xE012
0=0^1Ff
","lpOverlapped->0x00000000"
"2018102711455384<2
$910c9a
9b0632
c00a6c49ac11
50d970F075473"
}da","2020","device","DeviceIoControl","SUCCESS","","fDgwlce-<0x0
034","dwIoControlCode->0x00390008","lpInNuffer->p0+u
-BufferSize->0x00000100","lpOutBuffer->0x0012fc340, nDutB
e->0x00000100","lpBytesReturned->0x0112fo2c","lp
!->0x00000000"
"20181027114553.492","1360","8b14510c9a>9`12329b00a
ac11dfedcc943d970b075473b7eac672eb75fa",
2020","
!DevmceIjCon
%,"S]CCEZS",
ece-30x0>000?34"<"dwXoCo|tro
Codq->0m003/000/","tpIn[uff
r->+x77y463,8",<nIn]uffErSi[e->
lpOStBuAfer
012Lc34	,"ncutBXffe\SizJ->0H000
","_pBy@esRPturXed-	0x0
"lptverPappXd->
000p0"
K"20s810q711p553k492d,"1t60"d"8bx451zc9ay9b0z329.00axc49.c114fed
ad97cb07a47377ea56722b75<a",{202j","?evi?e",
Dev7ceI0Con
rolC,"S7CCE0S",F","
ce-Y0x0X000Y34"F"dw"oCo
003I000I","
pIn1uff
r->Ex77
463F8",ZnIn;uff
e->Lx00M001N0",
3fc34","nOutBufferSize->0x00000100","lpBytesReturned-> w0 12vr2q","lpOverlapped->0x00000000"
"20181027114553.492","1s68#%#|b;5>0<bya?8l1v3=8s1ta'b&8rbu1pgpeub}4$e!6)cp7/5,2&7y`~7)3!b(4D`
# eShEd
-bDMw@b!IEBDoXs+l
#[E!v]bP,
nSu6oRBPe%,z091r2z1t0|#i#*q
t.g,si>zy|6)5r3|9l-mo	n
h)dm>dye1p0f0g1","lpOutBuffer->0x0012fc34","nOutBefDaQWM~
0 "	&Ote}
ecRMpVvIa
r|aZtC`
qac11dfedcc943d970b075473b7eac672eb75da","2020","device",(DgwnceIfCon
","SUCCESS","","hDevice->0x00000034"*"dw
oContro,
iVuOw0390008","lpInBuffer->0x77e46318","nInBufferSize->0x00<020
ffer->0x0012fc34","nOutBufferSize->0r000
0100",",8Y;^&
P3urned->0x0012fc2c","lpOverlapped->0x00000000"
"201810>731
360","8b14510c9a29b06329c00a6c49ac11ofed;h943d97p*/u@u73b7eac672eb75da","2020","filesystem","CreateFileW","SUCCE[S -
,"lpFileName->C:\8b14510c9a29b06329c	0a6
19ac11d
ibeRE@gRw
-.G}JfVxG
RUA}&.
5!0]=B6
49ac11ddeeca963g930`025671b1efc47:e`77dh"&"0090.,#ddlksystem","ReadFile2,
557#.5;0 <"21j12,&:g3$57298q2>`
1q6j6e`s1;f
dtch;81t9:2l2'5;5ic'eqaj6"es5'fq"? n1"06.7oumyp
ueatCun
c_z9.2SIA
DCS?.<2h0.2m5 0
3@7 "	 UxUxBD
fsgtcS;
5"eW5'fq"
 6qQdSp
 _uCiFgq?&5
1j#<"Xn~n|o#c5k
{*d=>szS1 0u2u22,dd0Qbo3g+v=>yzl1 0z2Q52
A S1!8}2
5!1z7i2>4v0C-21c4C#<"i`c6%1camc"972l2"952
`&cc;9a!1=d9escc6
e)7k`55%4k1
6ua>4,0ubi78`2,}0P0 "M 
uumF.GPua
mu"K ;WSC,Q
#<"H.IjVi
gL? x]2Q1 0
2~-2n!w
/d7!4G2V
"G2m9!0D5k0$5B1V6)2[.
0#6J W (bM6
0 cDcL;r0I1h8s0
1&30:`3 a2`h8qc42beudd`X5#d143a 7<7=0r7nb?7'2iak4ta//,1 2?!p#vi|f/xcttn
-2RwbwEylq!
#CUV@SPC";!~-2h^j
d=>){N2 0*3=12,9m
+!S1!8
`<c"9K3W2"9I3qc&c
:M`!1IeKgsc
0>6uaQ5k3ub
!<h|eDz
VbiMf'h|e
/~RECxF
,.0F3j1 0
bt!<"/M)lre0L:Cit&p
nGr-w ..6w7
M!z3!8x3
6!1~6i2>4r1~-21
5}!<"vak5%1
`X`"923-1"923C`&cf:
6ua45o1ubn6>`2,x1G3 "w!:h|e/z.wam|/}Qua
mu"M!1VSC&P7!<"G/0jVi
fL? xW3X3 0
3~-2n$v
cur$eAzde
W3Sua	.P1 4W!Q
0 2F2#6%5A-1;""_!E0&0W/b;r1B6
1Aa 6J1eb 0
:k1r0I6h6#bHf;b&7
qugiwUpi"-&
dwQwa.xFaoq`GhW&('WECEA
R2,%&$&xKl}': x;4<4 0ogW-2l~R
mqeAe2f=>Seqju"
06 1+5$6'1$0N7#.#6
#<"&7322,:<>0$5(4?8q2#f+2#2%gl1q6~0
`s1/`:dtc|="0t9
4C475473b7eac672eb75da","2020","system","Loid
h;s;sqAz-yR	BKE
-|1p7he
1Q18"s#5q
dN?id)`+ho3&d3m
T#:0n9U1Q691Q4n2r4:2D-B0R78"J#ack5=1Vb[`Q8j0P2i8?18aPbi8?b91
b14TeY6Qc87R5n286ma
`y-~382W#q#.sgc
r*H4umr
VA-*S<B
R*,K0Q7[#$"
u0n4Oim
tdlB#w#0qKo
l<o:Man
,ZBY]_I"E
lP3TH	m+L9/mx	#P
|381T0T3T094X4h/i3:"B#j2j1*,M990h490
3Xc86C3bbl1i6
1?5B6hc@dicN6@d
#w#E1:0[-{q(nke
ry-~Van?y>b~-*S.B
R*,Y#H#
M2o9,6CF]3H-EGW.](x/ummM3
\3T0[082H0h5o4;.J3i#p#93I1F-A9j1
4j1?8i2
cT7P31c
1:7?51a
8m2>8?0
1l4h6;b
6le;#$"
1i1~-*f
h7d~-*S
#u#2Gal
,e1$180
1T`S#$"
C"u9r\o
d8ew?:6
0T3T094
#h2l1*,
990h490
5b`?09d
d?b?8<3
8n181?5
#u#h1:0
s<`.dNi
M1S&#$"
-{m*Gal
O:l9,6C
] N TEE
b<r),6G
0X0Q3?1
5l4i/=4
#w#m2>0
188=31b
7S3Xb80
7:5c`k1
2?8k1j0
4P6Pc?e
bo6hdj7
e:#p#:0
1F-Almm
u,`6@dl
B'D0R*,
1i#v#|h
H ,]0=6
G2m9,6H
s<r),60
1k1l180
#w#:mIl
1k1n180
1i1j184
Q#n198
1V6R0<5
0j7j#$"
cS5V08c
`i8>1>3
88bk0lf
e8be5;d
6kcl6=4
2;6?`k6
3<cm4la
-y3l38"
#0d3nzy
1U6S180
-yu42:P
n:d)rAD
?j4j9*,
r'D&dNi
dI?+ddp
dwd"d*,
m+@8eze
rp?ny80
6T1S1*,
e.R3{m-
3n6~-*f
@5m5bit
n7U#qm-
1!1j181
1B#_#nl
s4u9b|-
"20181027114553.582","1360","8b14510c9a2;b0
 V+943d970b075473b7eac672eb75da","2020","registry","RegOpenAe{E
","0x000000a8","hKey->0x000000c4","l!Sub/ny->Con4:6)
/el\Desktop"
"20181027114553.582","1360","8b14510c9a29b0<308k00a0c49
dfedcc943d970b075473b7eac672eb75da",]202t#,"regi3<k?
)ueExW","FAILURE","","hKey->0x000000a8","lpValuqNcl
nText"
"20181027114553.582","1360",
510c9a2y*
	DwU'Z
sG|9ac11dfedcc943d970b075473b7eac672eb75da","2020","sisvd
aryA","SUCCESS","0x5ad70000","lpFileVameF
uxthem
81027114558.499","1360","8b14=1
>FoNduIgof#
*240=0821065558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970j0$5 7&b!eic%7%ew7-di"?"+0'08,*r~gusirg"$"IexOPeOKeyExW","FAILUR
,"'. hKey->HKEY_LOCAL_LACH
coft?creQMicsoso
t\Wkndo
s\Cvrre
tVevsio
\Poiici
s\E~plofdr"
"2H0819271
5554.49- ,"q{	
xc9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac67"e`7
"registry","RegOpenKeyExW","SUCCESS"B"0x0!0000e4',qh>e
-SH*E+_:U
R+N2_:S7RO,Cl
->Software\Microsoft\Window[\Au
\Policies\Explorer"
"20181027114558
499Z."1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da",
stry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20181027114558.499"
4510c9a29b06329c00a6c49ac11dfedcc943d970b075473br73,ddg52xg05gtvmbwdcen-!"/2!>-}|g
m~vviz<
S^VEQQC
|]VGW][_M
|P^WCSV
^QZFZR
S]^VMA
E7: XR
fidq-|do`
c0up~m:
XVW_@ZPE]Z[
USv`k,bc4f3{k57ti097!7"pxl |qq7|cjde| { ,<fxa1'eg+3qyrb
`dviz&:5,'5;5}hg
geDf1;#7> O
PGF\KZUWZG
RED667OCJQV+wgB
^CPFyR
G47 /0
A_<"*7
82&,i(*P
CZs=#$6( 6|,
QAD.DkcAW
uQPW\XBE]VF
otZZAV
:uCP"p{
^%7Z1ZKLe
-CPW@Aq
G0EH^0
TB@+],ob_
7ZnoNsTUq_owBC^`ZZTkAKV
oWCAS^AU
CM\VD\BB
AINsTVyLsj&(+ 
cpk=!&1+6'
2rcWY.*
-976-yu//
TN6UFT,P/I|
N|w2\9*
b\KKJ[
R\]UC\
R\]CDX
D:fMVWm
:INIOD
UvX:LP^
	SUd~J
TYJKU]@
IZX@BC
CBR^UCQ^
YQSQEV
/LCVf */0!6
&3%94a7 (:eVDGL
YHF:<2'w(<e%"
67(YX^Q
Dt*VZQE
YMW\JQ
LJh?-<
1.(*.5
Y\DEPXYTLG[W
cBME[SB
+X4NEA8ud
YCD^MX
JVh/,*4c&"3&+t+:s,<QXC
\T,S/K|m/
NIS37X
NkLQU]
OC_]YD
#KMNf2&  &,MBQ
	CicLU
`OCVIO
IPPCPH
:>&%8l+% 7h0!0
Z!8BP7]/KR
[oP[VH
GTKBGE
BRV@XA
|N640&e!6LMOUX_B
DR-k$7;c6>;&%tx
9c.@/E
\ERraoCAU
KT\WTE
U[ZLFQK
@FUAEDQ
UM33i?,!1GA
XQFUDCWJD
RU[[WZ
!sH3,{
V;<0c5!<@@G]T
k7wvyr 
1.!:MX
E[c*<% 9	
fefHA(#8
W:ZCGC
RR\F-~JSD
FMHRPZKILE
FUPAKK
@@XS]QX
geffxg`r~+}qqxb>
5Z\BCFVQP
UM	CXBD
?cRAAG
y@8IIS"
G+<076s:L
LJh2*,
$.5$l,8'%!*' LX
@^JEY]Y
_VNHGC
CM\VDJNC
K=u%,)76P
CT[DB[CH
s\MnMQEvDBM^
y`8IoP>+
ripoeq;
*7pm-?0)
/.-/#+m.3-'n1JI
rcU)77<;
<;$" >
0>1 "%
SPV__F
UTXPA]
YEG@@C[U
j!47+10ldc+kcd'hcjdra/~62*yyo6
AAML\_F
*dduhdo5}pak;
.1,/l,"/"09a1-(*eVDGL
M(?5a.5	9Qyx[
npj|{kjw|r~abdgtvg2tfxxc0p.|d1UBFB
yip *5:&$"6pxv
GXW#u "+=<V
ctb`xcbaeew|`m|zx}avd}k
) 5;<&!,r|m
BMDXY^SBUQ
LW$*'5:l=&&%,93:h:>$AI
Q5y5& (|!
CQD@Q\Q]
B[[JCQ@
]RTBkc\YRnX
ATMNGU
wR^M4'&06}s
XZAIQBZXW
B`ZVSJ
CZU]DLDUBD_T@
AAYP@U\D
yw_G!ud
DCCX@BUFY_
D_<.!y>"o*/?+,-/h/!7
P-}K^\
K_@BQN@
@\BD^VK
Q]DXBD
!CEN27/&e #COG
RU@CPXZ
dCYCAT
UIBD_P
yF8KI:
YSQDY_
P\@RPUM
\V]@XUNIF
FBGZGV
ACOBQFY@@G\*
YFEQ9E
kHTe.8NYO6ocd
AEYBUTEKRMA
-9"( >/-&h:>$AI
pVZGL	
E_CZ	WZ	
U[DZ_WX
6X9GXU<'(c)<0CXKMB
3y8WyVUXV_\\_G
S]W_@R
R[[AQ@APWE
[UDt^S
':c01<#
~^WYQR
cGXWHBPSTX^M3ktV
[\@\CY^
Cbgv0lgx'|gs}{v&~7<CCYV
AMV[^U
 7c*5sOIO_
YV-9e8/<#*"-+$.-;i, DCP	P!
S]ECTWA
V^RAER
A]^FYLYG\EG>
-6sACLDEE
DQ^XSXQ^WU
OMF	P"
N-sMGB
[^]BBETF
CVEDC^V]
\VA]X]BQ
P^G\D^I
OJ2;$&6s>CHG
CDQ\\Q
HVeeQW
RPP^URB
EJKBPVW_
X]EDC@NY
D`XEB]BF@
9VEL&0mce
UMEXGQ^D
BM-k&1>"(&2s
(568i-$LBM
PLh~U]BZ
l`'c01+s{b#+{p (pq
{^ADC@N
!X$WOA6&0%0??[
kL_V	'	
X]'_R-[>E}LC0p<:
hcVZUC
CUAC^CQ
ZMARDGSB
X[\B\VAQE
8PAC'<,-e'<
HK~*CDQXTPR^R
R@\^^CM
C[KA u
AQCNGD[_L_
YR^M0	
J .e?6 *0a>:<4*:,*eVC
cUAC^CUA\W@
iup~m 629#; -viz
1X%GAM%0c7-6sM@FG^
DQ^X_V
]^ZRPJ
F\JRCLUZXW
xJ]BAUAY
QBFVY]S
wMBGs4-'e0?KOI
KT\WTETP
CWBAT\
P\B[CP
TY]TXB
8U_Gs1*")<4
MLTXCU\USDEY
HP<k3639"&o
7(a%'%* P
T_]\TB
P\JVELPG__L
AVIP_Y\QVIFR
PIN+K44
1X%GMFs3*/ s
A\BULXKY
D80|`f4qr|2v~yqsz0jK2
API@]_F
66'sPI@_
BzAeoFG\XVV
@RS^[A
W^QKXVEM_	
\@VDVGU
GKKADWB
H)]3GZA=
GQykN^
BWGPXF
br^MUFUDlMO] PGPl
Am&fk.1bd46*677|lg;ie
 |rxidV
GKKADWB
H)]3GZA/,=<m~q
GXW#u "+=<V
OMEv{z<:>?|r]Epfdt`emqXD]P
K\EEQEVD
DCLLBj
\ZGDIRB
YDF]X]
XJ:&c%*='
$1!/7eVDC
Q#IMG\U
RCQTA]
gQVPXADG
BgQGXV
JCCBQYQ
t6'*%<s'JMV
LCniGAC
VY@ZVM
^GVZEDG^
@@BVYA
\UAmQi
ACjt64*606id|6mcu:djfQCF
D[\GR	
R"d<BUE
vizvqq
QM\KZG
T_TCM	SMBIYF
CQXGHW
a&"u  @CMV
DXIXDXQD
WXWLCV
AS]MZG
WKB]W]S^
8qk3,cb165+17mqk0ddU
VB[FG^
;>: ePIOMZK
,E6i|sXTBYFUB\Cy
]:vE-V1]
-\G@YWA
_WWU_SKILLBAF\GY
,p{"CUC
CCTX[Z
PE.'tt
Z?\AR/$PED*u7+$'sVDG
LJs<; p"1'
R[[SQIAKPLK
l^F>W>M
G^T/",lr	w
LW$.!y+#o05--9och
+7KJ[L
~sQFU\
BU@AXRQF
kKFOPAI
QUGD@XEBXVCQ
K@GUUA
3TEA6ud
CLCVH)
YI[$.1<;boc
)-$':h=&$V
BIACT\
FPJX]Z\Q
qTA@YAI
PQIBD_T@
wQIP0(*)&|
]Z)? y:"9*3#1 $-<i8$PEC
ution Options\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da\RpcThreadPoolThrottle"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->52248"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpNewFileName->C:\AutoRun.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0130f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->3096"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->3096"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0008","lpInBuffer->0x00499aa8","nInBufferSize->0x00000046","lpOutBuffer->0x004986b0","nOutBufferSize->0x00000020","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0008","lpInBuffer->0x00499aa8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0130f374","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Data"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Generation"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ad48","nOutBufferSize->0x00000008","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x00499dc8","nOutBufferSize->0x00000010","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181027114558.509","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","FAILURE","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ad48","nOutBufferSize->0x00000008","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->3096"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->3096"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->145"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->145"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x0000012c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c9c0","nInBufferSize->0x00000208","lpOutBuffer->0x00499de0","nOutBufferSize->0x00000010","lpBytesReturned->0x0130f884","lpOverlapped->0x00000000"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.519","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Generation"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->CurVer"
"20181027114558.529","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000012e","hKey->0x0000013a","lpSubKey->(null)"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->DontShowSuperHidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000138","lpSubKey->(null)"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShellState"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ForceActiveDesktopOn"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoActiveDesktop"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoWebView"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ClassicShell"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->SeparateProcess"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->NoNetCrawling"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->NoSimpleStartMenu"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000138","lpSubKey->Advanced"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Hidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowCompColor"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->HideFileExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->DontPrettyPath"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowInfoTip"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->HideIcons"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->MapNetDrvBtn"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->WebView"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Filter"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->ShowSuperHidden"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->SeparateProcess"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->NoNetCrawling"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->61440"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->3096"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->3096"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->211"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->211"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToWrite->268"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->ShellEx\IconHandler"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->DocObject"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->BrowseInPlace"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012e","lpSubKey->Clsid"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000146","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000146","lpSubKey->Clsid"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->IsShortcut"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012e","lpValueName->AlwaysShowExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012e","lpValueName->NeverShowExt"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.539","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->UseDesktopIniCache"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->Com+Enabled"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181027114558.569","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->268"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000144","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.579","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000144","nNumberOfBytesToRead->3096"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->3096"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.589","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->REGDBVersion"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->22512"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->REGDBVersion"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x001f0000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x001f0000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x001f0000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x0000012e","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->TreatAs"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x0000012e","lpSubKey->(null)"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocServerX86"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocHandler32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->InprocHandlerX86"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->LocalServer"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->AppID"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001b6","lpSubKey->InprocServer32"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->ThreadingModel"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20181027114558.599","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b6","lpSubKey->TreatAs"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->3096"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->71"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->DriveMask"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->AllowFileCLSIDJunctions"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.609","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20181027114558.629","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20181027114558.629","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->268"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->3096"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.639","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\NvAXQX.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\NvAXQX.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Documents"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\NvAXQX.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.709","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20181027114558.659","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->12288"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\NvAXQX.dll"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\NvAXQX.dll.exe","lpNewFileName->C:\cuckoo\dll\NvAXQX.dll"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\UTIRDA.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.720","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\UTIRDA.dll","dwDesiredAccess->GENERIC_READ"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.740","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\UTIRDA.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.760","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->3096"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\UTIRDA.dll"
"20181027114558.770","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\UTIRDA.dll.exe","lpNewFileName->C:\cuckoo\dll\UTIRDA.dll"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x000001ec","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Generation"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x00000138","lpSubKey->FileExts"
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c8","lpSubKey->."
"20181027114558.780","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c8","lpSubKey->."
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->71"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.790","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20181027114558.800","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20181027114558.830","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x0000020a","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20181027114558.830","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000020a","lpValueName->(null)"
"20181027114558.890","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.890","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->ChkAccDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->ProductType"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->0x000001fc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Personal"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Local Settings"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->RsopDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->RsopLogging"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000001fc","lpValueName->UserEnvDebugLevel"
"20181027114558.900","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20181027114558.820","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.930","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->3096"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->3096"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->71"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->71"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\1360.csv","dwDesiredAccess->GENERIC_READ"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\1360.csv","dwDesiredAccess->GENERIC_READ"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\1360.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.940","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000214","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000214","lpValueName->ProductType"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x00000214","lpValueName->SrvsvcDefaultShareInfo"
"20181027114558.960","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000210","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000214","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->3096"
"20181027114558.990","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->3096"
1360.csv
# Ignore everything in this directory
# Except this file
!.gitignore
.gitignore
"20181031035458.140","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.140","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181031035458.160","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->8494"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->8494"
"20181031035458.170","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","CreateProcessInternalW","SUCCESS","1360","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\# Ignore everything in this directory
# Except this file
!.gitignore
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20181031035458.180","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1572","szExeFile->500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20181031035458.210","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1360","szExeFile->HelpMe.exe"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->1360","szExeFile->HelpMe.exe"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20181031035503.177","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->Startup"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegSetValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoNetHood"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoPropertiesMyComputer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoInternetIcon"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoCommonGroups"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoControlPanel"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoSetFolders"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExA","SUCCESS","0x000000e6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e6","lpValueName->(null)"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->50061"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->65536"
"20181031035503.187","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","lpNewFileName->C:\AutoRun.exe"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","dwDesiredAccess->GENERIC_READ"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->268"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemSetupInProgress"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->seed"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->OsLoaderPath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->OsLoaderPath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemPartition"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemPartition"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackSourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackSourcePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DriverCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DriverCachePath"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"201810310355
d`&v&0c
/C@W7+
/Ywqstkb
2YLXD;o
yRHvL3
5fptp6fAO
j8<7<+>.=:?2+; !v
PET6	0+ ??GT~v
\TUBuH
GKKBADM
1 2'GaWD
b1"aiq;iI[
Fx{uios*uq
tCQGUoBXVYYUKrwV[FIPtMCWL_KZ^ChHT
FI^W[@
d6qtt`gF
@UVQBDAH
D\E[zC]@RwZ{
capq'c5
D_{\OL]R@
\WSQQXPH
pIEz@UZxW
f3ts|e2AN
xx#jl{z&t/<}s%*+zw
 Qpa33;);&
G^QKCL4
XNjFO{m|~{p|l|qp}|~v
qZVDCR@
FVF	QDea
@DX\Z8c__
PZRF9p
BVI[GLPU
eWE}WPBIbR^
5bszs20@
JTWZBDAL
|T^xRILzPNwZ{
capq'c5
)}r:mtdaf!}dl3`ve
V[CCPjyKOP
8Lpr<9* ,6 ~iZR@M
\CxSXMGbC\P
nCEyUFQ_
XGQuN2
xw~gPIEK_V
aEUBIg
'tMN3$
mNNCU."	
nrc1tzE^SEY_L_
aztS\D]
yZWcOF\
GpIErGSUVIi
$V^[qya
F%cen=
lu6doecuc
2HG~Q'
QblVngXVU_DBlp@GBV@EoRP_K^[kwZ\NZBUFog
`bv&p00
 fIQ:'&'
 +d}o*uqt
]@eP\FP{Q^K
gG^Q^[V^
U_DN@fWUTp
eaaog!6EEQV^[JjK>
QDU{UHuHu
Cd_bUP
xz}hopdbap{dl{b|e
]EdG@gGL
Z_]:vKGY
^X\VBI@AP]
wJGMVTs^^G{
capq'c5
F#[	U/WZ
e0aog7$fIQK^G
wu~uc- }~g-4tlfWW~PUT
aUAFZ^RB
F[vHER
eq	TETS
GUW	VozLEq
kcNWCHKEU^
vGURZWrQNIu
awoapcc
$QTU(W
k"gc~vl!p
eAccess-
FENERIC
1d1Z3S0K5\0].X9C"Z"\5
2N,M5W0432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","memor;KBFVirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1360","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181031035503.197","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5#d0
Ffsyst
Bu,R}2a
i>le","
CFSS","p-*
ljle->
[F SReaz->61440"
572","
U05-2b0
Y2485g6
t"2"fi
On","W
l~0x0000010
 ,"L|E\ZT@~^sHASAeAcA]VI
EoNB}T
ZGAMCL
zKGDEU_s
Ddezu$01
`A	PVDF,qN]
VION\c6
cessucc
V\p\\MOC
UCd_cUQT
WXdBMyoAF
6woatfe
Y\\BICDUO
Qef~krpveq
Cd_gBYDU
UCgYXh'
W\rYY_POEPXLx[AP
XiG	CUZBL]R@
-G@R|P
JK]TDOQXG
,7yQcVRR
BNqHGKcNW
pT\C|U
UGcHFCPDA
]B5^J\
SCX\Z0J@VK
VY\UCMQyoO
oC[E]wXYS
gfwaiqb
vcDFw`u
fz|n}owcgr|vswfub
\LK	cVP
QV]VGF>:
K_V!,aog
6EcRGBi
>qy|ebt
azqGRz]H
b_UABQAKm{XP@C_Qk~MOCYUC
AzR]Cy
]A@BOG
pTRyDGBi
2[_V#,k`w
7KXGdEN
ayppil<
Z\@cERzUA
Dbz^WU\G~(/8
xQ_B/UH\
CO@U]]	D
f0v &caDN@
aVWFjK
R@9TTBUCB
^~E]RUBmJ`
kfc^\^[PDZ^^gLEU
S\`F\F
aBWAIQ
1@\TA|P`UV
~TXD}G#oZW
]@rUTAPFC
QGc]IWO
WQ]WBABEP[
fQUFjK]V
Z]U]_BH
eB\MTJDkh
CJqKW$Y
GD@c]YYWCXK	
gCYDUdEN
N|P<!& 1~m
Xv]\G 4
[YVQPcDsJGSQxM
UUEXSV
wKGPTGeMrZYFPCN
gfq!u5jF
WC-\s\
GAXY&Z
YF}LnW
aTYFjK
,LnW53&1
EErEDJG
GQQxM<*
oK_WUCqdpG
]Iu[XGBgRFW^LPT
fE_VId
KOGqya
 %:AIkMoM
+essucb
UCd_gBZ@G
]Fy^abdV@_]{^TV
YG{LnWSVUF
>KVGzLY
*VIQpIV
dGY@}Q
D`ftv f0A
DN@\vQF_
VZXG_[
Zcepzucc
\AwDDqDVUPG
LzEDvFT
QDN@XB{FS
NMRAPR
ZBUWYCDBI
!(pWW~HT\z]HtMa
ru}nypt
 .		`[f.=<}`mrp{ioma,,8,AI
Gpo:61,6<5VppRO~8%
WFy\vZ^G\^UtMHG
Y*\uDUR
\F*WX`DSPQP
KVG~ks;ucc
\@sILG_p
C[,f{i'|
"adk"5mZG
+_VDGQBUlodiP]C^^EncHR
y\[RaG
0gtrvg7
@VW{UI}Z{
Z\@cERzUI
DQ^$y]QWU
UE)AUKZ
	vDP^ECZG
/nGDYR]
uUE\VUzArVYV^M]
qyavucg
CR@*]t^]@
\\p	WV
kB`DSPQP
xq1|ebu
>#?:>b}q4o}pq.*}q
l`_\YRYUQpo
~,lbAQDn8A
ETB_TE@VJ
AIk^vYZV^M
[_V68aog
<CHnKNP	6
!KOG~ks;ucc
GSGy_sMBV
F@NN}CLpEW^TB
_|YpWJDPBc]IWO
JAa6aog?#mZGB
\@vY\UllgG
naqatiZAP\DV
FFwVEK^G,$
]HF"gbgcxtipic"I
E4<=17$asu
;1$VhLK^Uf
`dsppfc
v\kgpx%,5kdC
"gbgc|ukpic"KaoQKCE]\
uTYSFTh]YQu
`fuaiq
a\5-0'66, .
Glnd[\T
`dsppfc
L]C2Y7W
}SXRaGH
QUQETZ
|HYCDYLKd
b/!0#)v!/B`L^
TBp[]KzVYG
r	owwxm
=)3c'o1Zh(
BVR\CG\K
~GVzGWLgGLuHc
@c3z'qjfD
GX*SNN
lzt&}*-u
bLE@GA~%
XGrK@G
cd{ru`b
:"'	:1PMP[{
Dd:9&n{c+
^~WA@	
1Bl+5)llfw
Gf6 sw51@
.QXG>fq
UDtG_K
UOuWBQCTQwQRKGD
UG^UD[_VTX
oMEIv]_W'H1
t/{eksCO@
Xp	kb,{',ga:
W~dG]E{Q
kW/_~{k
 [_VGA
!		]sUVUHU
_|DUSTGyTsW@RGvCpTRW
pGazoW
TY[G_[BAR_
vBUUGW$Y
5bszs20@
?4y|"-5gnGIE
i~QN\o
]Ep[]KzVYG
@+\JQAPD
06sq#11
TG UQEP	
~~sQFU\
l]^DVETT
FFqRAK^GQqSWVA
X~!z|g/toks '@52
]0=2GA
U[eil!%
&,;7$ cniGAC
vu}tbzvjbvov
pe{asugydq
zKCACUNmN
[_V68aog
!GMVU>Y\\n
cwoa1;`
7{+V,lj
UTxZWUCC
;3&rlstq
%/043==*LYsRW
V[r^MEPTF
V_	G_[BASY
1 2'GjKNIuJjK?0n}u+c
_|AONG
bfxdqlN~kPBS
VF|TB\DWUoW[QQ_
tvxg~k
X"gbgcxtiu~k2,Nhy[ADTU
fBZAPvZBW
wrvraq
FRBg[3AYG
SA=8DPR
OIO^AJ
ewoa#:?G_[C
bUQFjK
r!: &6 
TFkXHT
RNmN]\PWVEM&1
ZgBYDUvYXG/&
aer{tc`
FvS$ND\E5
dG]E{Q
K@GBHDBGA
Z^~E]RUK,Dn[
oGBTG`_phkF
ANBGQ	
1AZCP#\
D17wqqceG
^rK@GKW\
CICDU]F
mJ`*!&0
X|DCV]FmJ`HGVEvCu:
VZ]U@LFDVC
pICUs^^G
cewpw1cD
qYUSL]R@
W\ZWBWGLQO
aVWFjK$
N\o6{&; q
dBKXG('
:16 vCpGMFEx_]Q
]{@]QK@
Q`UVTFc]u^KAU
V_	G_[BASY
1,'6dENG
</&hmcZ
VIQ:!'
_qPsM@UQYeu@YE]
{K^@zG
Gc4ut&ad
lYOSPD{Dn[
cQUTddfG
kdqr}bb
xU]C}G
+WA@TCxP`UV
fUCiLK^U
cfrsvff
VIOqya
7:'GjKNI
Dd:9&n{c+
Z%K@GCpE
_qPsM@UQYeu@YE]
AT^]VG
aasu q
<'6QxMpIC
@[PT\{^v[XGBg\dGMFe[ZAyQ
U\YU@WADRO
bE[VId\\U
1e%z!gj
^X^TKHBAS_
oFKXGwZ_S
\UCICEW
*Dn['00
Yr]\G 4
^}[_RRPcDsLCWQxMgUQP
_CzPKP
K@GBLE@GA
XvY\UI
^~E]SVBmJ`
Y[Ga_gSCi'
dG]EzW
FY\X	EI
bfw'vc`D
Wr^MRPEGkh
XX_VE[_V
Hx!		RaG}0;&g
qN\cFHP
O[DzSqOVIQ2
LJ_^Z`IRh'
UBbBXVIAE
C}VHVKR
DN@R[XUE
[_V68aog
6CHdK@GJjK?0n}u+c
VrHGUQxM<+
	O[D~RvIVhyv]bTYU
xVBB}R
6e"ur0a
X+WA@TGyR`UV
cFYVhLK^U
ad{rtfe
xU\@|WMGTGLbW\SRDmJ`
dTUPvKao
bmrsvbc
@^(L	V\G)Qr@B
dG]E{Q
K@GBHDBGA
~E]RUB+^`UV
+K|@EUBvb]P[DT
\WDN@ggwss6q
M{PKXGEx[Z]
X|DCV]FmJ`HGVEvCu:
UX\VFLCGK_
{PXARtK@G
gfq!u5jF
WXYSAH]AUY
cVRRdEN-G@R
0m&=6q
%mJ`*!&0
XEddfG|Q\]
ld|{t|yalD[_VTX
~BMAU@UW
V_	G_[BASY
vY\U~P_
]@}PBvZBW~VOI
L]@UD;o
J@*Q^D}SKGTG
RBeM@Fo[
bWWDDPBVixYP\]CXDX~f\YVM[QisEFAW
CPQ]QXP
jP\@yV
@VCJuF
`3pprf6
NAs_XGbC
GWCF@NfhfGFUwQ]Wf
sw{}{gw
_FdEN-+
&B9cyv~cbx
el4GjcQFBH
aTW|EP^xKKuOu
sv{nypp
}-rifz. #tg}'u-{+uC
G]RDj2KBF^BEhaYP
wsxtdcp
YRiZX@G_LKd!		>,
pcdexdwb
{ewihaypcpyf}yqpb
Bk4[YU\C
AVYA3P
>2[^]S_
QpgIEZ[PIPDdfGAIBLT_
rGSSEKs[YG{
6N\oUVUHU
G_K4$-
70nab=qt
\CgQ_@P~RCW
	lClTA
EcRT[}Q[iZ1K@G58:80?g
pGMF."	
c`}oma 
cER{UH
BIAj{W
xG\Dg]CCZ^^oeZ\ZM[UD~iZAYX@G^
EcRT[}Q[iZ1K@G ,07 >q
QDUvY\\4
ii{o;ebbu~em6qipN\d
}i3SDGUAW>}
A^^]h4\\Z
ZVDi M
UOuTF_@TJtQVG_Q
APRY@Z@I
pTRfGG^[cQ\AVw
Frx|*bb|
VEGBxOwMAR
QtyVW]
qC]PEPp[]Kb
wrpveq
]GpK@G<
^J1C~NM=
2<2QEP#%
{RFmqq}g|qpyy}p
BBcB@gGH
	aMJVBQBQo
[_A:`YWR
S[YG_[BGV[
bbuaiq!GKKC
cVWm\G
HZ	(&<,0xl
84=#$PhVo[SCWB_UEld\[T\YAltW^PT[CdG^Q\_^hc]
^U@-S_^
^@xVsGW^TC
0VnWDJG
v{=io|
ss|goma$9
c7veeq4vkyKOP
BBU^DfUBQdeLncY]]\p^]CTAYQG^YC[pcAE[[AMV\_^Goz
CPQ]QXP
qJgGIU
xzpmo|
amn+%rq
;!&G_Q%4~KSxSI
Y__id_\YAEG
WTp^]WRPA_]_zLBP
BUWYC@Pt(
bT_~@V_{VLpHd
kwoatfd
~*&;g{e4d |1o4er1
_D7FRx
>/]QF_E
DX~f\XPM[Q:*
;3)<!G^
F^TG^m.'
oE[CEJH
bVRdEV\KgYNYGtM`
dty|aaw@
^BT}U	V
TXBPALQXG\
IZ6woatbd
@T]{GUg
+1G_vM{P
qi}AEas|nups{x~v
_^aDZiI[
d}dxutbuh~[
RMi1^^]Y
^WWDE9Y
U()$^HCB\@c
fjHQ\vY^'
QxMcTVR
CQSYQyx[
jTW|AU]~PIvVe
jcxyb`g
zw-</y{x/x 
DREP9x
M[QmvCFPIL
9=M@K4
	M^G!wNIgac
'[XGBeXaPEV
HY_B@FI
!(pWW~HT^xTIvMb
ad{aiqb
\LK	xrs8<!mjb#x1m0c$d
~{K_QYCQpa
Qpg+%/,76!
]}CONG:*
BGjcQFBH
aTWb@PBJxS]MGiZf
dmkyebq
WyP^QI
~\%\]CG
H\^PQUQEV^
wrrreq
@U^zVIgTuLbW+#,>
[XGQxM?9
v}tmk|mNKnm}p{yy}t
Y@`[Pz][
bZQFUMPPl}]P@
S_NE= 
YY?bX]ZW
VCo#KC[Z
A=8DPR
DENT@JEVIOjIN"(
bbuaiq!GKKQXP
dEN7HY
U^{UItJ4
6.'6!mJ`I
UCd_bUX
3Biwin{dbat~gj`cv|
N\qDW|W[
f_V@DS
XC5WEBZ[
P[]KFKFVIO
aPEV-#
G+0aogbb
bUWaDVB[zC
*u^KVI
_EcQ_[W
{XaGXdZ\TQAA@=l
C}VHVKR
DN@FWSYE
cessuj6
kW$.hgo;|qccubm1mcvLbW
v_pk[`B[Pa
D{V[E(PM
^GV\E@PU
2dEN6woa
JiI[ExY
	Zvb]P[DT
fW]HoI
d6qtt`gF
~.gu}}zuunso'*$,=<QXG
]}CONG:*
BGjcQFBH
aTWb@PBJxS]MGiZf
qyavucg
WyP^QI
S@QCEG/&
^X]PEKBZP^
uCZGSdEN-G@R
0m&=6q
cVWm\G
%mJ`?5,?
EAgko}wrq
n}rv}y}k
N\qDW|W[
QWA%X^MD
1]Ll%Y
QXP*woa
64m\GLgG
c-ssucc
.$=rrvrq}}@Kazy
]@`@W{VW
k[_VTXkerm~e^`
AzR]Cy
]A@BOG
pTRgAG^[0
1,'6dENG
0:n{c+
rK@GANf
\EU~Q\V
*W`hG@
WzHFTKe^bD[EK
pT\C|U
EWEEQABI
NuAaCO@kms%s6aG
D[xRLH
+(uk9.-wsxo{$adk
^J64qxg
aer{tab
G^mWsNBG_v
_oEcETJHfR]EVpMg
bmaogbf
CGTGu^KETq_NI
^G4<077*q
`eaog=
WA@G^m
aztS\D]
zF|\OVTJrMVY
J@0QU{@S
iI[tMa
q3*/  *QXG]Z
rK@GJgG*x}
}`mamn7
(/-dpuZ
\@cDQ{GU
QYeu@YE]
zTTRaG
bfw'vc`D
/Ywqstkb
mJ`HEREvCu
/XGUaD]CIeP\FPpHd
kwoatfd
	0KDEVY4RBG
GZX[G8iA
WZ_SQUQ<
VIdX]Ra
!0$*6'![
@U_xU[iZ;RjK?0
$}_E^D`
]LXo	%
HLjgg=(
*0(>:)
^eDFGPJTl~XSAZF_UZnfQLHMFFkqW^PP^DbV@
Y	W8g\A
4<CQR	
GSSK_V
TEA7GKs1
#PCNqya
]CfC@W
\s[SUPP
@)WTRaG@,
'WJDTCd_XI
caz!}ac
K[B+YJU
\@dQNYG"
YF}GKG_TR\GU
xU\@}U
GPWZ]FCA
cPP}RIL~UIqKe@
Dj1wzp5d
)pr{j(t +y|#@N
&7 :MB~qIV
4G{cAW
WBkCa^]GDM@a'
	]sUVUHSF
RDIPANf
\EQvW\U
]HsHASAcKAFGLIF
mZGC]VFRIF_[W
bGj[WWBHnP\FTuKb
A=8DPR
PIEX@GD[
qya1 4:QXPIZ
bUW~CULgG
pild'ecub
$#-(-=&
6.3,;&(1~{K
@+\JQAPD
A`RVbA
a3!!qag
UWYCDB
G!#*  
XU`QDY
NA`FTiI[e[
GCH^PJM_A
FdTPcC\D
+=NxogJg
cfrsvff
~GV`BSPUt
#6LgG[iZ?iI[~ks;ucc
XWIl	&
z)?${RFmqq}g|qpyy}p
BBbM@gGH
	aMJVBQBQo
[_A:`YWR
WGTGpIE~ARXiI[7
0K_V!,aog
IfQ\ETvLu
gu}ayp:
+-rkc=b
\@6A@gG
QQIW@BTVEdTJBXZXntVE_ZPIPm~\CLXr'
>Wr&(&~zM]DZS
!(PWWXKEBJ
gPWb[WCAtMNDPrJu
cewpw1cD
dV]FQ*R]VK
CPQ[BZGJ
pTT|FGBi-
G+0aogbb
ZBUWYCEAI
6][^3UIuHg
&@gGIU
y.ttfuvzlto{%uy~|s
,qxhiWI
b_UEGRGPl~GQCWQCDEi`[LHMBClwF@
DDIWU	
f0v &caDN@
/IPWQE]w[]]f
admvqfq
xT_@oI
%GHc06&06~mcxvb1reduc
_\DN@w@QQB
oYVTMa
q1&5,06
FYSUy_%[LXP
lMO#lwd;')N
ZtTNXQT
&DJGB+YJU
6'*:?l}x1~u
C_VDlgYVFCU
]B~NTCYWBAKQ
C]EEQEGN
pPWaAV@
e4 !}kcD
)MKnTCSX
!(FWFX[T
uTC_QTgZvZLXP^_
DfTG^UG
WYCDBH
c-sss7c
AUGnC@W
]EyGEl@SSG^
VnWWWRDqEX
cUE}W	
"PBG"lw|-bt
B\Q@@U
Z\@fQ\EU~C`o
|^_aQGY
[DEAMF
tuyz0pi
TAw\ZW
o~YWBV
AIQ?B_%
=0;#'-
/Ywqstkb
]Eq[NIlT]U
a'd3i%dp
KOGpIE
0*;8LXP)-k`w
.30<)b}q4o}qsxx}u
LLU$}YU
_C\RVpp
_q_s@PTT\f_OG
zUTRaGB
VnWWWRD
me;succ
HZeuu!o}}s'tgycoj%>
Fc_VDGQBU~@cA@_BWWDoc@P
vw,nypt
.-<;!)
C_VDlfZ^FCU
rK@GL51
Y_ZJ?qRTRaG@,
\dXB_FDTG
/fR}EEzDTW]C
;[XG!7
v'qtapi
	][,f{i'|
sq|o}qaEClw
]@`DRxPL
}]WLUMPTig]NEA\UCh~[
RMi1^^]Y
Bvll4F
CRQK_V
QXG?GKa>
$4:nk "&< k{7)>
!(NBcDZzWH
bZPFFOGSioEAC\@YDX~
P^G_EaSP_K	
e~WCae 'sja
ZTyS[\
QZkbumTBQAAS
TDjWBQPIFpVTWQ_
wuzv`+s9k!u}
w|x$1+{gg4
xS	RaG
CTP_QXP
#GjK?0
qJgGIU
^WCGHc
<,$,asp&#
wpDI}ebxlt
UASCO@		
ZSV/\pX[
D17wqqceG
cWWm\G
K[:f{i'sebbu~dow
DGQBUl}YA^M
g\JQEM
nshapt
G~XGFECVTT
]ExDG^NT@@QW
V^[a^G3
l}_D]DrCK
EP@H\$WRHBBH
lmmkpomds7
jINAxR
Q[U/Y&]
wr}(fbvD
\EU}Z{
^y^sFRDIP?
AKU6Q]U
wQXG^C
LcWEwBTDIPfYJQ
~sQFU\
}WPUy_PCODHt
qjIN@5RM\
 :%PWg
bepru`f
PfITXVR
FPN|	t_WB
Lx[tADJG
Z|_QT|YVDC^[-RcW'
TArJEU@gPDF\\T\
xS	RaG
CTP_QXP
qqyas=cc
Dy}C@UmuXSA^C\SAldG\UWU_~r@E@GBVcUBGZ]
9s1uk5][D^QF>:
cTPyRIL9
5GBiGUg
me;succ
{[BZ=:
\Cf@RxKK
xS	RaG
CTP_QXP
2PUt296&
c-ssucc
7LSMCK(
f0v &caDN@
HY!81+&ayp
7[iZ;R
MJVUMP
NL'8*?+
*/(0:2
<<7GBV:
PhdVdUCKX]_da^Y_QXKEmpZ\N^AVD
!(jW\AuT
^GV\DFPU
e4 !}kcD
~]\Wr\T}HaF
dguzs5.~
}ii{npfdpil
W^P6;7
 ! KCL~|M
HMl=H@\_BT@
^@gY]EV
tK\TJCXK^[
-W	@,S
VIdXYSc
!0$*6'![
*UWaEUCKfC@W	5>>NIl',,ak
BKVTTV
MA&]NY
r%z|f4v
*][^3UIs
,41rkc=b
\BcM@gG
B_BZSL:gKBF
luH@\_B]P
/fRpIE]BbVEEA[PT
\Cx^q@SVV\
-AFvEP
G^qXOS
ZBUWYCDCI
Zcerq#e2
bPT]YeFPZS
xVYE}V
SY\Q@K
6g&s$edA
po^@X@rCK
@RgR_CGbC%
U]GYPT
qUEGQTqMoM_AE]N
SFz['\^G
NA|XvWJD
g]_m\G
1G^q/;,akb=
9)%$>rsq;xy
B_C_VDloKBF
DQ^$`_][
NlzRWT
wrvsgq
[W7@U^{UHwHu
*='PCNs
63477cjo-cuc
THqY@%,
B_C_VFloKBF
Y__igXUQAEG
^Az[XGBgRFW^LPT
pTVfCG^[$
'7$VIiGUg
me;succ
\@fP^EGbC
.HGkQ:( 
+'4!<5
/fRaESsTI
c\SAGR\WmuKOP^FXTVpu\^T[DA>s
QWA0RBJ_
CRU_JB
A]_yTAtIb
hw{yw~g
]s-e !:ncap}h{coj;+"K_V
oEA!:0,#'
uELFCU
DfUBCX]^~|M
QhINSCB
WFdJEP
N\fPAV
4<CQR	
GSSK_V
woau+c
WNi		~K1$
@91rNVt]\DUT
UASCO@		
D17wqqceG
WaEUBHdQNYG)
WNi#8dr.3w
FgV^C\x
3DMsSEQGWu]BZAYB
d6qtt`gF
@RgTZAGbC
	m}oLyUH}Ie
&{7* lx}dbrd
.4(A^M :%7
BU^DtIP
5?GWCFaf
d`&v&0c
_GM@GaWI+
	LFo[wHf
wyx}`dw
$b:5$adk
_GqCD&
<-'*$ ~oWB
U^DfUCA_MB~8$	
'3 .!67qRXm}d
\CbEQ~PI
vXJGOV^GN
{RMWOT
GBiTLsLu
P#& ?! <
f[I=Hg
bguaiq?R
sD@5G^
pzwhgrdgdw
zicfg~
C^Gm|^UPCQ
:/*&:6QpgH
]EdG@gGL
gTupIE
$NYGgTuJgG?lw
}`mamn7
$:ew~=
9 KcnMECm{DBAT^GcPB@G]_drCNXV^WQpgM@\[AW
vqx~api
WNi		~K1$
RaePWB
}R^RaG
^BTvL3
 rz{`7pAO
jgghlpcp~g
 |GTGN\qDS|S[
 11 ='tIPC
_^l`_][WKIQ4
	AQ:.7{RIw`btveofbua
_^aDZiI[
d]DXUTBUh~[
RMi1^^]Y
E}WTCN`C@W
>QXP?cen
7"m\GLgG
+essucb
Z\@fQ\DWvCAGEu&
ScXU\]
\AkDRxTI
MA*]T@+SKW
qya1 4:QXP[
{UIuHf
3)WIlCAGEu6
18+)mNKnm}p{y{
ZBb[T}P[
b\UBUMP-9!
VpuX_SYU_~1
'NCP6'aNOqa
@RcQ\AV|
z(gu}$
QQOZB\^JT@
jINAxR
bfw'vc`D
jzpokayp  )=,!!<p
 /'=6MJV~{K
BBU^DgW
VhZP]STKB
dG]EzW
DDKOCO@j]W7C
Fuqz*far
G_I2.9
}}whqzyvc`}|rp~kbgjIN
b^QBUMP
$;?<=+~|MNEA
%hF8'*+:>mNKnm}p{yy}t
Y@`[Pz][
bZQFUMPPl}]P@
S_NE= 
YY?bX]ZW
VCo#KC[Z
A=8DPR
PIEX@GD[
qya1 4:QXPIZ
pild'ecub
$#-("'7
'7-: *4Vpu
89:XL!
oLFfTJBY\_lcZYYPGWBdgTR]ZEWP
sYGCL`UNYG7
0K_V48k`w
 E}WG^[>*	
vqx~mpi
F~_qSDXD
NxolS]T
|^vTEvDSFB_XR
{T\CxP
^GRYC@AK@
 w,~0b$
.xvnj&`11u|2=7gwf
GN\qDW}Q[
4;>0<1tIPQEM
AW+" *
605)2oLIj{~t
]HbDW}WH
eZDXUPAVjoEA:
FCUBmtCP^G
8PIPdLCngbt
zz}{sn~vv~}acvxyzv
\G@:pFEG
AEGBisLR@M
cWVwAT[}WHkNa
qdppsq
L-,,*+1,p~g
# <iI[)
WNi6,n}
<5V[CB
l}YSB^AWDX~?"
,-10<&
+&,<<+
UlxGn}X[C_@^VGibY]J]FK~oWCGR\VzGGCY[]n2_
]\F:rHIZ
yP[BoI
^*SN&J`
uo:ncapyiycoj;+"K_V
2~aK0',0*5'~{K^
_GClsD@
DQ^$`_\YSXVG~iZ
sTGY_QT\
y]N\oT
Aabrpq7`
DN@\yQI
[jgghjuap~g<18< 1 [
%Gpo:61,6<5VpuKBF
U^DfUCA
dGY@}Q
s$|/6bwDN@
CW_K_V
JIN?wNIgac
qY^@uMAR1
CT^xPLuKy
dmk}`ew
Xq/q`j*xsxz>.#{py(sG
RARi(\
U_~r@DFGBV$
cd{rwbk
N\o	^3
	WIlP\R
A]_{VHuKb
{|o> 7jju(b:g6u3
A^GbFV/VI
[A[VB9uELUZAG~oW
QEM<97>
8PIPqXIawcb
u^YBr^G
`UViDUAHfRY@UvVe
jcxyb`g
T@0W	G
RDV6A\TP
^GVZ@BPU
tMNDTrNu
P62*01!*
f[I=Hg
ws*nyp)RzCNYG&*
%/oLIj{~t
_AcFW~UJ
bWDXUPGRnoEAG_C[UF>g
[NF:tEKD
ASEEQ<
4WIPHgVZWIg
2EEQ'':aiq
GKmRIL#.
cessta0
d]'%6{RIw`btveofbua
_^aDZiI[
d]DXUTBUh~[
RMi1^^]Y
ovOE	Z
BPEEQEAJ
	WIgIf
w1&": V^[
fQ\EUtJ4
-9' lMOG
TAfR]EV{T]V
WlIVrGVENELR
GpIE~ESZiI[7
0K_V48k`w
 E}WG^[>*	
cojkbgJgG
P@U_LgUABY\[i`\B[RQG_~tMG^M^GG
GpIE~ESZiI[7
0K_V!,aog
IfQ\ETw@u
gu}ayp:
+-rkc=b
DyVu[^UWFCorEAGP^GxWCKKCLmeX^KOKPClqKB
_CzPKP
GKKBADM
")"G^[
Z\@fQ\DW-CAGAN
Rhxj[TU]_
dG]EzW
DDKOCO@j]W)F
`a'pu`5
CWSK_V
bmrqtkb
sxoPKfPTDUvIg
cfmqtkq
yPZDoI
0sYG!,
")&6gTu
&:hmcZ
CYqeeUq_\Hr__^B
6woatfe
AWViI[)
{jEFGjK
YFaDL|WL
qYV_ZgT~
BVVY@AGI
c]E}WTGNdC@WPuHc
@c3z'qjfD
CWVQBEGO
eWRsYGCJeWNYG
;RaGh$1)w~g
bTTcWIP
!(JyUH
N\tPYBWlMOP
`PED::
PTR_GV^[PIE;
.tMN&0
jck`w:
\@gR^WIl
BP1Pb}QWy_h]SR]
y]N\oT
`a'pu`5
(UKK\RL
wyx~djt
yV^RaGB
GjcQFBH
aTWb@PBJxS]MGiZf
qyavucg
WyP^QI
eZRBG8iA
CVT_QXP1G@R
LgGHtOa
!0$*6'![
*UWaEUCJ7C@W
cER{UH
uX\GPG
AWqHaG
qdvuqq
@U^zWAgTuN\t'-<)
TAaDZzTL
{T\CxP
^GRYC@AK@
Ga0s"sd0
sxoPKfPTDWt@f
tpg{fgg
JgG1HR@5U
tlfWWuIo
bepvpc`
GKm#0-
@fQ\ET|SOI
NHr~{S^VyQ]U\VG
A@RVZG
jcxycfg
*UWaEUCKdC@W	5.6NYG
MOm@FG
]^aRYWIlP^V
ATWZFABJ
jGKsDPEKtMN@UuLd
 x-xlg#
PN]r@	
CWVQBEGO
eVRm\G_xVOgTujIN6
^iI[_[/"6--5moc
 [iZ;R
MJVUMP
_VDlgX\VM[Q03&
~]eN[SX]Bnt@A]ZDWC
}P\CcW
6e"ur0a
O\|yqii&nmqbpekpcm&GKK
@gG+HY	
kdqr}bb
.k<'&w~pt
@gG+HY
KOP)2&*!
KBFM[Q4
fUBCY^\9rCN
cBTAM2R\F
%"y~30'
BUWXAFPU
8PXA35kA_pw
yQTuREIXM
/XGUaD]CIeP\FPpHd
kwoatfd
	"^@PJG7[_D#KG
U_NIQ1
NIVTw^ZG{
^G4<077*q
~$.&8{;+K
NAcV^WIlT]U
K7\VB#OD
	#>NIu:!+
7<4PIQC/
cerq&q
@RdEN	>$
6>9^G0N9
N[0Iq\(*:k;'*}_Ocv
RDV Z_RbG
A0eq%'1g
wdEN6&
+'6PBGDXuH@\_CVJ~EG
*=/;"J
:0G_QII
 =, ,'
1&$7Q 4ew~tjxqnjtpq
{K^BuG
Ceb qrb`
$]^Q~W
R@M!01
,6+R@MPI
TGtUBZJGHc
usvg_Camgcqeu
,QUE+R
D17wqqceG
GW=PCA&
(0HxX_Va
0U\@}U
DP	s	\
ZG<UCYBUTqWAhyQ
wcqrngssu
}P\CcW
DeUXR'
De0q&u2e
\"Z\VK
G^mWwO@G_v	;	
NxGSDT~X^To
egrmref
yV\RaGB
NIlP\R
:*#+504Z64q
FmA0000hm
gbgpea7
[~FCPWJmJ`HARAvCuGYDQ
_CzPKP
K@GBLE@GA
</&hmcZ
_='bppxs
c{^$GJU
VF|TB\DWUoTUPQ_
tvxg~k
X"gbgcxtiu~k2,Nhy[ADTU
fBZAPvZBW
wrvraq
FRBg[3AYG
SA=8DPR
OIO^AJ
ewoa#:?G_[C
bUQFjK
r!: &6 
TFkXHT
SNmN]\PWVEM&1
ZgBYDUvYXG/&
aer{tc`
FvS$ND\E5
dG]E{Q
K@GBHDBGA
Z^~E]RT@,Dn[
oGBTG`_phkF
ANBGQ	
1AZCP#\
D17wqqceG
^rK@GKW\
CICDU\
mJ`*!&0
X|DCUSGmJ`HGVEvCu:
VZ]U@LFDVC
pICUs^^G
cewpw1cD
qYUSL]R@
W\ZWBWDBPO
aVWFjK$
N\o6{&; q
dJKXG('
:16 vCpGMFEx_]Q
]{@]QK@}^`UVTFc]u^KAU
V_	G_[BASY
1,'6dENG
</&hmcZ
WvMVIQ:!'
_qPsM@UQYeu@YE]
{K^BuG
Gc4ut&ad
lYOSPD{Dn[
cQUTddfG
kdqr}bb
xU]CuG
+WA@TCxP`UV
fUCiLK^U
cfrsvff
VIOqya
7:'GjKNI
Dd:9&n{c+
\rK@GCpE
VsJDG_v
_qPsM@UQYeu@YE]
AT^]VG
aasu q
<'6QxMpIC
@[PT\xPw[XGBg\dGMFe[ZAyQ
U\YU@WAF]O
bE[VId\\U
1e%z!gj
^X^TKHBAS_
`GKXGwZ_S
,#:[XG 
`AZVU@]{v
_XpHUrZ^
UASCO@THq
P	c@N^VW@KCL2
bUQFjK
	r^M'0 7hmcZ
Xv]Nh'
_`M]WG^mWqJBG_v'7	
WY_TCJFAU^
jGMFw\[W
feswva1
Y-GZSVF+UrJ
V@cZ7P
S_^T]ACAGA
6-&aiqb
gC]@GjK
+WA@6'
*'G_vM{P
E^WPB|HpKLG_v^bE[VI
C}VHVKR
DN@R[XUE
[_V68aog
6CHdK@GJjK?0n}u+c
VrHG]QxM<+
	O[A~QvMVhyv]bTYU
6e"ur0a
X+WA@TGyR`UV
`F]VhLK^U
ad{rtfe
xU\@|Q
GTGLbW\SRDmJ`
aC]@UddfG
kdsptc`
jTYFyG
NIQHBCSO
^6E]RUB~Ur[XG
bX{HDTQYeu@YE]
EdEN6&
+'6PBGV
UH@\_CQ
OPUCwWpHLTBaYeAG@T
xTTA}V
W\[WQUQAU]
\"]UP1^DQf
Gc4ut&ad
prCZQFCA
PBG#R,
PpK6-3/*!6
#K@GAN~
guzN]BTJmYVI@_ZGU
MA*]T@+SKW
fcwaiq5K@GC
gPEV	6/
	GbC>0n}
uelfcu;
lxU\AyQ
Y[j{|sjkNUpwqu
a3!!qag
aW!H="
.E^C>u
*)6 ~cWD
uH@BG_Q0
uaxslgpqw
wrvsgq
1*4!CA
D@XMCIH
4,%"-o)'(o&0,li
  -=6."T c
}g_Camgcqeu
,QUE+R
D17wqqceG
,6ThP_FSgTuQVg+0
Z\@qTTCQGQ
fQULQ~Q]G
V]y]\\RQG\Z^gWBW
U^2B	M
J@*Q^D}SKGTG
VIOfIN7
ljk)`&41G
EDpIE]Bd\cURQ
CO@p]\
qDENG_[
FUvY\Te
Dn['00
]DqHK~~K\WwQ]W
q	rwxydee
IZ-G@R!
a\5/*=?:3K>{
_oCVvXTT
cfvvu`}
[(B][S
.QXG>woa
!:VIdY
qN\dK@G&'
$SES[_^n
ZzSB]FUFLiAWCB
utvtc|umakus
yU_ExU
D\\UGJA
ke%u a6
,A_VUD*Dn[EPE`M~G
A[EHG@UO/&
`UP\w[]]
egpmqdd
^dEN-HR@5U
Y[t_TG/&
aer{tc`
FvS$ND\E5
dG]E{Q
GKKBEEO
gTupIC"
|'}qsxy
NLYB[RD~NEo
lu]SGV
pG@R|P
DD\[CO@oJY
S#[	UC
0gtrvg7
_{CY@IP=
wyx~djt
yxvo}`m
$m-1+g
]GeWNi
@ZPG^mSrI@VA6_4\
RFbAV{Gt'
wlfsc}m|\U@\][QC~cnt
y]]@~T
S^^G_[FDUY
e4 !}kcD
QxMcPWP
CQSYQyx[
jTU`MTCL`S_[QrOu
W]XG_[
6O|GPOG
UQDU`C]
OPUCwWrJEU@aZgAGFV
{RMWOT
w1&": V^[
HLI.Q\EUuId
980 PcD`UV
^@gY]GTvP\P
~GZ^ZWAdCVV{GAr-
1MoPTPCSmNH
G~sQFU\
dCYGPsY_K
qyarpda
JK]V@OQXG%G@R
w%*)6 [_VU
bUPPrK@GN\d:9&
Xv]_WO
P@sG_KCVWwAOG;
 ` *,asptps
TY]]BI@EU^
d\[G]dENT
qyavucg
GU@2\dE\
TZBQDNQXG\
	6$	K2ZI
wrrreq
 008MC~Q
TYMP[^Q\~
G_Q-3i[BZASFmA
Hx.)+hl
]HpTWCU@F
HUfYJQ
W[]]BHFBW^
tPICEVu_NIujIN#
W\\G_[
Ix*V9AYA8:,
$77KXKMBC
wuoftwf-v
}c{rgfc|bw
Ga0s"sd0
ONGCzPv[XG
rYQP}_@
ad{rtfe
a}stwv}
"% G~sQFU\
dCYGPsY_K
qyarpda
CVT_QXP1G@R
LgGHtOa
5</&6* VIO
gBYDTs
Di6,n}
{snmoc$
$-&ew~=
iI[Cp&
'W[TGQ"Z\V1
f0v &caDN@
\F#K@G
'PIQ 	.0,>=
[RzC]FVxCAGe[/
^X\VBI@AP]
~WTIdXYReKXJeB_SAW
j`%tujeCO@
C^[-RbG$
BUc	:331"]
a3!!qag
@T\{GUg
Ul}YSCZ
*>=&/8	(30!& 
^eDFGPJTnrTPBFSA
q"{{daqF
@RgTZAGbC
	(RhdiWIt@f
bdvuw`}
WHF-ii{n}xuc`}?$$!::7[
#UMP6	
*&!<QCDD$s
YGaWNiPI
	LW@D;o
J@*Q^D}SKGTG
V^[pIE
<.6NYG
cene*u
PiI[EuU
x{uhm/moc /
o~q\PKBWB
pG@R|P
d6qtt`gF
@N@JIO
s`EL6egOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->p
|uo/,;AE
INE","lpSubKey->S
wlre\Microsoft\COM3"
"2038109103
"50(632h2f9
pg6e2e
O03.3275e5c+0:
"c1340
b-2146w","
7yr,"RqDXp
8Va,"S
(K&y->
1Y`_I.
l~SOEcw
-!sses\CLSI
1;1035035
38","15w2","500432b0f9d495f7096acb880f6e2e0
IB}oJKeyExW"
.238","1572","50`q32.1c9
zf7096acb
82G=d8e0U77c
6134d3
if33'5e53b02fbr4"406g",'1464","wefistry"L!RecOp#UHezE8V",2SUSCESS2," x00000!a8","hKey->TbGY
LOCA\\M
BHINE","lpSubKey->SoFww
:brssoft\COM3"
"20181031035503n
18b,"1572","500d22n2f9d495f7096acb880f6e2e0a67MFRIG4d3
g33'5e5Wb02bbb42406e","156
"Re7Npe
Key}yW","SUCCESS",b0xp
TQDPb8"
hKe9/>H
EY_RMCAL_MACHINE",blp
gtwabf\Mkcro
mft\COM3"
"20q81p
CU_ZV030
700432b0f9d495&70{6acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181031035503.238","1572","500432b0f9d495f7096acb880f6e2e0a67c27134d303f3375e5cc02fbb42406e","1564","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOC
je,,":
aJKeyE
rJ%#-VW
;i2;pe
m02545
MdjNaV
Gmrs-o
]7acYL
Zmlo5/xw
8#50bc`
/7Ysaf
WDFRe2
6Mx5,)
2fu&5 
+"500@a
"cp}Hf9
lu	:"CiUCU
E"<|4,2
&0 07627%+%oIrjebuHaE~sbtShUunsb*916337%
%576?6746742274)50?%+%6205%+%277375e7a>c3>2a07>1fde??7a1b5b7f10d50643c474a4402b2df75aee35371b%+%6213%+%ankbt~tsbj%+%UbfcAnkb%+%TRDDBTT%+%%+%oAnkb*97
77777633%+%iIrjebuHaE~sbtShUbfc*916337%
%576?6746742274)54?$
M6e25g
Vmte->c
v9d^:]zc1)c
$24oh8
!R7X?e1#
2Z6F6g92y
D`8%4b
siS^T0Fz
EvY1_514s4
@<zE#V
2cS D4
m ,"S	l
u{es>2
:e"F	f
)0 a,4$"(&jJqifdvKbF}pawPkVae`)<=545&	
&645<5475471147*67<&(&514
k,k/0 S)2r
|9t3$5v
*9&5xb(3,f&
.e%c`31eaa71735f!/!2657!/!ejofpzpwfn#."Wr
503qln
2fbc@'
6e".V6
'>7c2?>
fbbtF:
,"2,Vd
#2ge[3;
k60x20Di
w83143A
 >e2E0
#=ccp2
o5%Q;u*
x24b,"
(Ja-e-
#krE.e
3kkon\
$piOna
"20C2W
67c6C)
p@'8Gw
~35e5a
$tefil
a&SuCC
!	*SNT
6w|j7 V=t
6k*(y$
OBs1Bf
qG+02f`
c371G;
b`42@=
iXr&|qy
P~p:sck!
5u,Hc 
m5564 
m("nNwIcg
+095f5
 	.6144?
03f1F4<(1
1Bc+a&
f9d6M3oz4
|164".
 sySteb
)BiLe"
!a->0z
}032b2
zg2711
a$e`7Xf;d4
o("502
v t]_J2218
d e|g\8#,"
L8(WK6u-K0qn
2vfM4"'
"!576!(.je``vzpvia. .[~exiJe`i. ._YOOI__. .. .dJe`i!26~<<7776h5*$.fGyani~EjNr
:MTgW3
a648".
"(b-2qP>6
&heSys
xFildX7
6","@[
{72b0d
>5F70M
6=. nu
8fb*2v_my
A|UMe.fEe",!
+`resq
x496aa
8oa}4$D%wR628
ufDm4d497
zgc02d
,"17B2+[&
!Etcile!
"SUB7I
;asToP
	mle".
:iberM
,&50GwG
f609Bt^b:80i
pNycteb
)FyTes
w4f6e0
,42Fbb
<peM",
m5552"J
=mt%->
z24", 
3C :C`
;moNTy
|6bpf9
4241Bt/,"17
?Ienex
~cTypg
w&ar{Jrggi
>G 1[U
6qcc:;<j:i>i<m:;o>;5?1h?64g;1>?i9oo<>jnn8>8<:i. .=9:8. .~ike
x~u. .^ikC|ib@
0EQb"<
gurFPy=%vLC
q\k01215;?>"0505+????"L???"??????????;9r-
-=?>7>?<>?<2=?<+5<1-+"4:=8-#-:?;;<>o>
1#TS3 ^Q3#r
T0";Zb$\
"bx]ic:Hy2
qei%CW2
0!/_"<
> Xp0 
Oos@[rf
2,	1(t	3!*
c,27r0$ipb 
6qcc:;4c0b:l:j::P
;j%rq#&rQw
".-87>o{xIRVQ]
aVOxFVAJ|R_FNvK{
000G/>
t8!}v1 37721,068 . 3750". 722612`1g8e584g6187`bc9:2d4g0g2c45a05316f123f3357g7aa20d``60624g . 3746 . pgekqvp{ . PgeMrglIg{GzU . DCKNWPG .  . jIg{/<2z222223f0 . nrQw`Iey/<KlrpmaQgptgpZ:4 
 023:3213217721,06: . 1772
"203L"
:2404j
tz3f9d;
IGC2Fb
RU2d"2
jh[#1-.f10 0<<=h>. #`|_ynGi{!2@com`Pivrav76&	
&645<54?=<?99<?">84. .=9;>.)$28<8?>n<j5h859j;<5:mon44<j:i>i<m:;o>;=?8h?<?j??;9i9oo<>jnn8>8<:i. .=9:8. .~ike
x~u. .^ikC|ibGiuIt[. .JME@Y^I. .. .dGiu!2<t<<<<<=h>. .`|_ynBis&
3g33C8X5ac0GV
lOy*,"&hZO`en>o
:0x0D4
X4 9&#xc
l10041
gC.di?
74"q},
r980;i;i
	Abv#s
Tytr {
4.2%7F1{t
bcb8M$
a=t@c:ndwa\S
#00".1b$fg0&
/"lp&Q
q1%3f"<
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
desktop.ini
p&:aR2a^
@Io"G.
HHtXHBt
s^TS18
?If90t
BADDW<]V"
dV fY)
q"KN4T_,O
t_0fY)+
"K^]b6Kov`f
g@0I2.
">LE35
V B<S$>L5
bMADD5Z=3W</
5Z=saU_;A`f
y;VF$S
LE$P1Q
uTVWhC
QCj@j ^V
i_H1CSu
ST\P"EQ
Pou6Wx	u
< tK<	tG
^VhUNMP
A]8N\TP
C>UEQ2
VGALFP
HHtYHHq
vLIV'Z
Get>emue
w?rtMP
"$~U=P#Q
jmh4(k
\]0tt8{ud
j&hH(3
Z(!JIH
U.*?>=u
 L_43N
].#GFE
(LV<;F
ccd Cl
t,qrd	l
[%<hsp
VD>s0R
(ctrUc
9>4?'#r|
d",VwJ
n`Name
WSBESS
BddA54
08xH,Hd
6OeJ(#%s
es",HK
t	WFpG
e`X$M7P <
X{",&l
_-s"+"P~J$
**,"QU6Y-
>KG&DJ
}*%w",W?
zvIce;{
.mrv)c
X{",&%
	[erVi
Mp%08|W6JtRQu
iJp3Qd
Q*","`&
Xl","e
C8x-08
1]RE#,W8D
_$"Ckn
zvikeX$XD 2(
}XJD%%
Q*GAVL H-
&&0,du8MC
_*/"wS
Q*A4S$APG2
)ZK7B<
_$#EbM
>KG&IJ
/MbY8J
8FA'S+7eZU
M0x#,"
_-s",#P~J
>zeaue>
Q*lpQu
X{",&%
P6%s"<W{
W;J2VK\
_dpSuB>r
/ML!E+
_[V6T-
X{#Y5M
/ML!E=_
_[]6T-G
>Il*Z)
**,"FQ<V=
%>%wSW
/?2Eq%
/d Eq%
/|rSu6
!B<qT0
~b|#55
jY#ub(
h	(V2}
F-),.t
(pr-2!
]v?bu"
3!!#<s
.MT	-2
h$i^d=
y}}?5!
Z!#O^T
vy#r2~
|H5,.w
7)4#<p
x+Oid=
vI#r2~
|d4,.w
!V%f#<
zr(,.w
7b|#|"
bCr-2>
Q%"ds&
%0u1(*
8*uvcp
ti5uu 
+a'r2~
.+2E`d
tM`'y2
@ <J	W <J!e",
iG?Ms*,"
m`+oema
B/#D"*,"
#<Jnmtw
C$U!N]E
$cJ,*%d
iG?Ms*
TB$Dgwn
2F#Md*,"
#V)IDUR
r=V%{"
{ eide
$cJ,*%d
2&n	dDib
#<JFIIL
ME:E*,"
#<JlxBa
#<JRmad
TS+E[S"
e=V0p%0
vcJ,*dw
,.Xx-08
-2Md*,"
#x.ide-
#D"Lel
#<J%l",
2F#;UKCE
e2D"-s"
TB-"$""
R2D"*,"
B5I)RLWA
MQ/_AGN
UY&G[YS
F5N<HMR
SUh"-s"
luE>-ws
DC;"$""
18DJ,*",
)e->OcH
;"$""F"
*D"nil
$X8p",
9hJ,*lp
vff3%G?Xx-08
^C<AZT
HS-_MNU
DV!NMD_
^B-DARE
O^-C\IO
^]'U[E
R+_t{V
Hqms)dlre
mtP$8	d
fqu afdl
6'0ml[
Plx	nlle
t_5h0p55
w4rh0p6c
f]X z'^
5_P>ztP
/ !H=N%
2Xy+;|
12Y*_6
l\\16]
ll2\)q
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%System
lqy]Dgm-
^sdUnl
O1fe+Zvo
Z1`QP6u.
EzE(HJZ
oMbV`O/
%M(V*Ei
XMTVUP
XMTV\E
XMTVWE
eula text not found
Eula node not found
mapping node is missing value attribute
Mapping node not found
ConvertToEdition node is missing value attribute
brand default node is missing value attribute
ProductNameNonQualified node is missing value attribute
brand node is missing value attribute
brand data is missing
SKU node is missing branding attribute
SKU node is missing Skured mapping attribute
SKU node not found, channelId=%d, groupId=%d
d:\office\source\util\ocfx\oxmldocument.cpp
CoCreateInstance failed
QueryInterface failed
The XML version specified is not valid.
>`get_documentElement failed
XML document load failed for file: %S
Failed to set MSXML3 document object to XPath mode.
>`d:\office\source\util\ocfx\ofile.cpp
failed to open file '%S'
write to file failed
trying to read from a file that's not open
Cannot set file %S attbutes to %u
failed to delete file %S
d:\office\source\util\ocfx\oblob.cpp
Failed hashing data
Failed creating data hash
Invalid recursionCount
HeapAlloc failure
Cannot allocate heap memory. Over flow detected
Empty allocation requested
HeapReAlloc failure
Cannot reallocate heap memory. Over flow detected
Cannot reallocate memory. Memory address index is out of bound
SHCreateDirectoryEx failed for directory: %S
d:\office\source\otools\inc\util\ocfx\ostacktrace.h
TlsAlloc failure
d:\office\source\otools\inc\util\ocfx\othreadlocal.h
tlsIndex out of indexes
cannot load kernel32.dll
Cannot load sysem string for error %08x in language %i
error calling IsWow64Process()
IsWow64Process
d:\office\source\util\ocfx\oxmlnode.cpp
get_attributes failed
AppendChild called for OXmlNode with null interface
get_childNodes failed
GetInnerText called for OXmlNode with null interface
get_text failed
GetLocalName called for OXmlNode with null interface
get_baseName failed
NodeType get property called for OXmlNode with null interface
get_nodeType failed
GetOuterXml called for OXmlNode with null interface
get_xml failed
SelectSingleNode called for OXmlNode with null interface
selectSingleNode failed
GetAttribute called for OXmlNode with null interface
getAttribute failed
Invalid OXmlNode class
d:\office\source\util\ocfx\oxmlelement.cpp
d:\office\source\util\ocfx\oxmlnodelist.cpp
Count get property called for OXmlNodeList with null interface
get_length failed for OXmlNodeList
GetItem called for OXmlNodeList with null interface
GetItem called for OXmlNodeList with invalid index
get_item failed for OXmlNodeList
d:\office\source\util\ocfx\oxmlnamednodemap.cpp
GAIsProcessorFeaturePresent
KERNEL32
1#QNAN
1#SNAN
t:\msishared\x86\ship\0\CustomActions\ocfxca.pdb
uCh`!@
u2h\!@
SWVQPhx
SWVQPj
WVSQPj
Ntj-ht&@
8X5t3^[
t+h`+@
uZh0+@
VPh(*@
j"hL1@
u)hL?@
VPhX@@
0WWWWW
0WWWWW
QQSVWd
YYuTVWh/
t$hhE@
F\=p#C
YYu-9D$
j(j ^V
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
G;=lWC
t!h<F@
0SSSSS
HHt@HHt
2If90t
s[S;7|G;w
tR99u2
t!hDL@
Wto=@1C
t^9(uZ
tD9(u@
0A@@Ju
uL9=LEC
URPQQh\hA
^SSSSS
j"^SSSSS
v	N+D$
;t$,v-
UQPXY]Y[
0SSSSS
0SSSSS
v$;5d1C
PPPPPPPP
PPPPPPPP
t+WWVPV
tb9} u
u5hl^@
VPhl_@
u0hH_@
s+hda@
jThxa@
SPhxb@
j(hxa@
u4hXc@
Wu8jCY
u)h`+@
u,h`+@
u)h`+@
t@It=It6h
u6h`d@
t5hxd@
t5h8e@
v4h\e@
~/hxe@
t4h,f@
u4h@k@
VVVVVVV
QVVVVVVP
Wu4h8m@
Wu4hHo@
9^0Wu:
u9hpp@
u0h(p@
PSVSSS
t	hpr@
t#h`+@
9^0u4hps@
9^0u4h0t@
u4hlx@
s+hda@
u4ht{@
u0h${@
9x<u+h
Ht]Ht/H
jihL1@
HVWt>Ht4h
Khj(hX~@
jxhL1@
?RSA1t
HtPHt3
HtPHt3
 Bime@
!.iDr)S
Eu-:x 3$
b-LH"u
[en.Fom0
Z{(!u/)
Fy^`	`
7BcCDci
.+MigB
D!u}.u
ET7}	Q
-Gv	N_f{
,nrp	O[t
2iotFz
n9Cs]f
k-?)N5v
.^e\4O
!h9R-Gq
Ft CF'
|z~Pe{i#4
D:4(B3={?
6?gx`z
F}_j#Y
N(~=W0
2jsjhQ
"<btU<)th<Itk<`usB
(wfjKY+
CtMH)t
):GuVjK
tH<`tW:
H<$~c<
tjDXnE
#w*8\5
v_ <K9qw
j5YoMq~q
tadaono
lae* o
,ki,e:
datEre
GXr,Ms
UTlmHa
rY Esi&mX
hWCfaf
dget'h
n'(_"iI
i.g(7cV
tclile
Eh@7HV
[/LKI:
1S/DCA4
:tzHO7
dlu5hq}
>=Yu/j
4rD< t
< uK<	uG
5,4cCt
`!A	/G
_^]YYY
OTVVVp
fdr2#$
uPr832
NdtLa3O
komoch
Q$rxPer
M"kBoun
o.ntgtE
ekWhrt
+Wdt%l
R"al&w	
I^[+DVV
qW*x-%
2If90t
4H$!  
Z]_^[Y
gg*Th`n@
t!@Io@
8BW91)2\
dP8ZhM
aIs+TI
Z,},NT
7z>QXd
u:Ke0a(
#55<Hk
;n;~;y9]
t;P818
-=D[vx
M\;hI1
S$y(MmR
isR2(7
5Z=]#R5
(H!pkzl.KjD*[
42<60<
aHEut6
1u9l9pNn
HF2YBk
4h5teg@
D2L6/%
~<H6oS
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
^SSSSS
j"^SSSSS
t+WWVPV
u,hl8@
;t$,v-
UQPXY]Y[
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
FindClose
FindFirstFileW
lstrcmpW
SetLastError
lstrlenA
GetLastError
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
GetTickCount
KERNEL32.dll
msi.dll
WideCharToMultiByte
MultiByteToWideChar
HeapSize
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
DIAGNOSECA.dll
EarlyDiagnose
LateDiagnose
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
94:Q:u:
;.;I;S;7<B<x<
>$>?>Z>
1$262G2
323D3K3t3
424Q4[4
<'<,<6<;<E<O<_<i<s<
>->A>d>
?#?)?/?;?G?V?\?
0 1.161
6&7-777
809N9T9Z9`9f9l9r9x9~9
:0:F:X:]:c:i:
;H;N;i;
>(>/>7><>@>D>m>
?$?(?,?0?
0M0T0X0\0`0d0h0l0p0
0;1C1X1c1
3-3S3q3x3|3
3V4a4|4
5 5$5(5,505z5
6,7d7l7x7
8%8-858A8N8w8|8
8/9<9E9K9V9b9w9}9
:":,:9:?:E:Q:_:e:q:w:
;9;F;L;R;u;{;
;?<b<l<
=-=3=G=U=\=b=x=}=
>%>0>5>@>E>P>U>b>p>v>
>B?H?Y?
0*0B0V0w0}0
1:1D1l1
3 3m3x3
3I5\5d5j5o5w5
6)656<6s6
7/747S7X7
8.888A8J8\8e8q8z8
9A9G9`9f91:N:
<-<P<]<i<q<y<
969I9z9
:+:0:@:E:K:Q:g:n:
>N>[>e>s>|>
?%?\?v?
0A1M1`1r1
2<2e2v2
5%5a576
1(1L1U1\1e1
2,2E2W2|2
3/3A3G3P3c3
4:4H4S4
728;8A8
959;9D9K9V9b9
:+:0:q<
=;=A=L=Q=Y=_=i=p=
4@5J5k5
7@8F8j8
<"<A<Y<
112X2k2
5"5.5C5_5q5
8T9W:`:
;!;0;@;L;V;^;i;
?'?.?8?@?M?T?
6!7>7h7
8^9u9{9
:":/:Q:
>,>A>a>
0 050<0B0X0s0
3 5&5+515;5J5
:>:H:h:
=8=T=X=x=
>4>8>X>t>x>
?4?8?X?x?
788H8X8h8x8
9$9,949<9D9L9T9\9d9l9t9|9
:P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>H>
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
031204000000Z
081203235959Z0W1
VeriSign, Inc.1/0-
&VeriSign Time Stamping Services Signer0
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA2048-1-540
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
970110070000Z
201231070000Z0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
060404174414Z
120426070000Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
#;q@4G
X1AU8~
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
^KIP9&: 
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
060404194346Z
071004195346Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
:http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0O
3http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA
http://office.microsoft.com 0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
061026210652Z0
Invalid argument passed to OcaUnmarshalProperties
Invalid argument passed to OcaLookupProperty.
Invalid argument passed to OcaReleaseUnmarshalledProperties
Failed to allocate memory for CustomActionData string
Failed to get property value for custom action data string: Action=%S, Property=%S
Failed to add property value string to custom action data string: Action=%S, Property=%S
Failed to add property name string to custom action data string: Action=%S, Property=%S
Failed to get string from record, a row of he Property table.
Failed to add string to custom action data string: Action=%S
Failed to execute view on Property table
Cannot create msi record
Failed to open view on Property table
Failed to set property: %s
Failed to marshal properties from action '%S' to CustomActionData string for action '%s'.
LOGVERBOSE
%s:  %s
Error 0x%x: %s
failed to open view on database
failed to execute view
failed to fetch record from view
failed
ERROR: OcaSetProperty(%ws): property name should be no longer than 20 chars
Failed to get data for property '%S'
Failed to allocate string
integer overflow detected
Failed to allocate string for Property '%S'
Failed to get string from record
Failed to allocate memory for record string
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
 !"#$%&'()*+,-./0123U456U789:;<=>?@ABCDEFGHIJKLMNOPQRSTUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
CorExitProcess
mscoree.dll
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialiMZ
!This program cannot be run in DOS mode.
`.data
.reloc
MarshalPatchProperties_PublishPatchARPUser
MarshalPatchProperties_PublishPatchARPMachine
Filed to delete the patch arp entry registy key %s.  Error code = %d.
Filed to query the DisplayName value in the SKU ARP entry.  Error code = %d.
Filed to query the value of the ProductCodes field.  Error code = %d.
Failed to create ARP registry key for patch.
OcaAllocString failed.
StringCchPrintfW failed.
StringCchCopyW failed.
Patch %S was not a minor upgrade.
Patch %S was a minor upgrade (%S = %S).
OcaLookupProperty failed.
Failed to read the ProductCode
Failed to unmarshal properties. HResult: 0x%x.
Failed to open ARP registry key for patch. ErrorCode: %d(0x%x).
Failed to create ARP entries for patches. HResult: 0x%x.
Failed to retrieve SKU containing ProductId. HResult: 0x%x.
Failed to remove the patch ARP entries.
Opening %s\%s...
PublishPatchARP
Failed to open ARP registry key for patch.
UnpublishPatchARP
?456789:;<=
 !"#$%&'()*+,-./0123
failed to allocate memory for string
Invalid argument passed to OcaAllocateUnmarshaledProperties
Failed to allocate memory for unmarshalled properties, but OcaAllocStream indicated success.
Failed to allocate memory for unmarshalled properties
Failed to read string data from CustomAction data for Property value: Property=%S
Failed to read string data from CustomAction data for Property name
Unmarshalled property from custom action data: %S
OcaUnmarshalProperties: Failed to get CustomActionData property.
OcaAllocateUnmarshalledProperties failed
OcaUnmarshalPropertiesFromData failed
zation
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
InitializeCriticalSectionAndSpinCount
kernel32.dll
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
`h`hhh
xppwpp
RSDSz0
t:\msishared\x86\ship\0\CustomActions\patchca.pdb
@@f98u
YYuTVWh
tehKl@
YYu-9D$
j(j ^V
F9=p:A
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
G;=H:A
t!hh:A
0A@@Ju
t^9(uZ
tD9(u@
HHt@HHt
2If90t
uL9=l)A
0SSSSS
URPQQh
v	N+D$
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
^SSSSS
j"^SSSSS
t+WWVPV
u,hT4@
tm95h)A
;t$,v-
UQPXY]Y[
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
ADVAPI32.dll
lstrcmpW
CloseHandle
lstrlenW
SetLastError
lstrlenA
GetLastError
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
GetTickCount
KERNEL32.dll
msi.dll
WideCharToMultiByte
MultiByteToWideChar
HeapSize
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
patchca.dll
MarshalPatchProperties_PublishPatchARPMachine
MarshalPatchProperties_PublishPatchARPUser
PublishPatchARPMachine
PublishPatchARPUser
UnpublishPatchARPMachine
UnpublishPatchARPUser
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
6+6L6R6y6~6
1!2@2s2
4"515k5
656V6x6
9@:W:c:
182F2N2
636f6m6w6
9 9&9,92989>9D9J9P9V9\9b9h9n9t9
:#:O:T:^:
;#;T;p;
?(?/?7?<?@?D?m?
0$0(0,000
1M1T1X1\1`1d1h1l1p1
1;2C2X2c2
4-4S4q4x4|4
4V5a5|5
6 6$6(6,606z6
818;8B8\8f8|8
:,:2:=:I:^:d:m:t:
;+;2;?;`;j;
> >(>/>4><>E>Q>V>[>a>e>k>p>v>~>
?$?@?\?n?
0E0N0Z0
0#1s1{1
3=3K3Z3
5\6b6u6
7]8d8v8
=)=1=D=J=P=V=\=b=i=p=w=~=
>1>8>>?E?
7+9/93979;9?9C9G9P9d9
:0:7:V:~:
!0)030L0V0i0
333O3X3^3g3l3{3
1%2*2R2t2
3&303Z3f3l3
6(737=7B7G7L7W7
7&8+82878>8C8
8G9Q9[9f9s9
:::A:j:p:w:
=$=3=<=I=T=f=y=
>&>+>4>A>G>a>r>x>
2#3h3;5F5N5c5u5
5#616u6
6,727>7
9A9G9S9
;!;-<U<
0L0f1	2
4-5<5B5\5m5x5
6 6<6_6i6r6
3.3@3]3o3
:':-:<:B:O:v:
;.<4<k<y<
<9=C=\=
=E>_>h>
>1?E?|?
+060B0P0X0e0
1!1-1T1a1f1t1C2f2q2
2)404i5o5t5z5
=0=P=\=x=
>8>T>X>t>x>
?8?X?t?x?
0 0@0`0
8(888H8l8x8|8
9$9,949<9D9L9T9x:|:
: =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
031204000000Z
081203235959Z0W1
VeriSign, Inc.1/0-
&VeriSign Time Stamping Services Signer0
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA2048-1-540
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
970110070000Z
201231070000Z0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
060404174414Z
120426070000Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
#;q@4G
X1AU8~
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
^KIP9&: 
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
060404194346Z
071004195346Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
:http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0O
3http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA
http://office.microsoft.com 0
Jg$kz5
N9IAF8
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
061026210654Z0
sBQ{4F]
{90120000-002A-0409-1000-0000000FF1CE}1
Microsoft Office Shared 64-bit MUI (English) 2007
Office64MUI.msi
{21DCA6B1-642F-4BBD-A9AC-FEF57250BDDC}
Microsoft Office Shared 64-bit MUI (English) 2007
Rollback
Rolling back action:
RollbackCleanup
Removing backup files	
File: [1]
PublishProduct
Publishing product information
{21DCA6B1-642F-4BBD-A9AC-FEF57250BDDC}b
{00120000-002A-0000-1000-0000000FF1CE}		
Microsoft Office Shared 64-bit MUI 2007
OFFICE12
C:\Temp\759A0120\
Root Agency0
010913050326Z
391231235959Z0
Office Build Lab0
Root Agency
Root Agency
http://office.microsoft.com/0
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
031204000000Z
081203235959Z0W1
VeriSign, Inc.1/0-
&VeriSign Time Stamping Services Signer0
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA2048-1-540
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
970110070000Z
201231070000Z0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
060404174414Z
120426070000Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
#;q@4G
X1AU8~
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
^KIP9&: 
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
060404194346Z
071004195346Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
:http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0O
3http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA
http://office.microsoft.com 0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
061028000746Z0
|:ds	o
Office64MUI.msi
Client UrlCache MMF Ver 5.2
index.dat