Sample details: afcabb2dc4c4661e7272f1c3d76176a2 --

Hashes
MD5: afcabb2dc4c4661e7272f1c3d76176a2
SHA1: e64e11992dd8cbdd290c0c62bb885e2bb6bd3846
SHA256: 0649d4a8107e9885204ea3af703e12d549a9bfbc015b5a9c6c643fa76a7588d3
SSDEEP: 12288:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlk:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrWv
Details
File Type: PE32
Yara Hits
YRP/ASPack_v212_additional | YRP/ASPack_v21_additional | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov | YRP/ASPack_v212 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v211d | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional | YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey | YRP/ASPack_v212_Alexey_Solodovnikov | YRP/Borland | YRP/ASPackv212AlexeySolodovnikov | YRP/ASProtectV2XDLLAlexeySolodovnikov | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
4O=?rNNN
dZO]ynT
;3=MKj4
1,ze9s
<eo1E*
.6>9bUA
bW3TV^
b)EVjT
y#>I~'
3Ts_#K_Qp
\&l;My$Y
dx%_g/5O
PIvE%d5Oa
3,H-T,
b|La#u
x`K7Krx
C{M5m(
M$L8fo
!gMEwn
bCW$y',
#e}"+e
8%A(	0&
qfZhZ:
=O rxKsE
MA&A(A*@
E-Z}@0
"LZY]\b
lU~<W\
%ZZ_b]\
uD\!Gy
KWs`VW
F	;*5iB
&NLk;(
^dRi!C$}?
=`A"}m
\+q2J5
""|;7H
b9c|[m\sG
=!{.|Fo7
	"=KxW
'U&B|~
KI^J`2K
nch;?"CF
Ys+4RC
g8cTST`
Pc3.Ln6'
ln'/+<
f$%$WR
fbIC.C-`
s=6xUP
s{"kt'
Es!W2O
yhN~/?
m;S)&C
5o`%gN
1Jl.ys
a 0y'N
AG# `<
F:,5tW
d3QZX-dF
zRXblY
6PD-<O
ywQ_;6
YI ~a^
smey:|
kELc%b
~-efhy
HGC;]l 
9w(>:l
Sk68R#
d="-8]
RP7%B5
_1mnP7
Rw/8pR<Q
xnLl }?
r4&gXAe#D
=!2d;)
pI$.>8n
1r{<<[
}yj#8z
M=B}@}
%y6D5T
c`;X=+
s[z;cb
OD5J})
bux/:>
93'hm@
{pVS<"Xia1
VBl=!Tr
U@`1z0
j`>$y%
PhrEGTb
Ow4}nR
';G]l+
Rv8SNEh
@O9;;HQk
kx+Tl(
%YTe(%
H-9jK+
6pM6._
RY,%?b
kG"C]m
BLMH^!q
4+1 .}
#Y#GV`
zbqC(;H}
.1QGkdj:
;c9@za
[@"zm(#)
D/>b]?
zv^983YcH7
pQWtfE
?L#MIS
y%QRdno
`Z 8[<<
k(  ei
1sP"#}N
o]'Fi>z
_Q}Cw[
lq[5Eh
cr;G/cho8"2'
3N'=c3
d7U.Gb5t
,RVmbr
_U#x=}
@NQ.+Cu
37WY)Z-)8
oopeTP
<Gya*k
#s]0\	wn
#;6)t3B$
NOr*s7
zrZ8|&n
" gYS~
=tFu/ 
wu-w~%i:
`y	d-U
?=(dTa)V
D9V@m5
c!	res
~$'c#r^
9T\Zo)
9pW!`t
l1KBx{
>Ol)DZd
w(u"N_ivH@
APyF']^
V+>lbb
@HXu@y
Rt#vxcA
5,S>e@V(,
~]6{dQ
u#m-9*
dR:KXRZ
03}k'@g
p%RZ,*
pYdL{"
Bu(39{
4.SBF6yI,a
.mydGuM
revzW~1a
3h8{!@
@viy>B
2k\iyhzshw
A#rSm<
BebIgu
JI,Y;S
83=vHL
kT3*{1
aZDz)3%
V9PW/[
5%e3~(e*G
>-ls:pF
I5]<V1
[|v; S
v;UZQ=
pvAY8U?'g
e<r/'iz?
A+X*e+*
"no~\'R
6E%2Fj
Y`gEx	
ghe?NJ
S|+Q).
h6DWDY
)Wk>[0`
kXk56Y
E84eel
SH!60C
o/*d4enBQZ
uAfp;T1
Ci01kE)
u99 )2^]
:\K}ii
9E>^b2
K{G#O]*#
!6+,d6
,-1[hN
-'Qt]Za
7t^3?9
?x?(pQ
:la\63
(3g7e_
LboI2|
xA}&	HG
y0B=/_b
m3	j0:d
HUet++
_w@Klx
Av}Yu:
VT}}2h*2L
?`*9V5
%a>Ou&
}riO.H
s;T^yG
j=P+ubcJ
{oixJ]dA
B5^S3,
5}d8S_
#w0+($
>}q>1QZKcg=
389k.+`X
$m%0(;z)H
b$H+D[j
Ex5]>-5o
sMqkSIsQle@)
Microsoft at Work~.feed-ms
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 642 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/execv.al)"
sub execv {
    unimpl "execv() is C-specific, stopped";
# end of POSIX::execv
execv.al
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
<33333t
<33333333333t
<333333333333t
k=t=<t
<333333333
t"SS9] u
6tsjGh 
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
<33333333
<33333333333333
<3333333
<33333333333333
<33333333333333
<33333333333
<333333333333333
<333333333333333
<3333333333
<333333333333
33333333333
33333333333333
3333333333
333333
q|H"mxe
t~Hif D
#D|[aa
_^J2|;
i}|7|M
Tt\t.-
R#M|^uZ
f#k&+r
e]n^ip
+Gh33O
eEM	~_nNK
T`Is%Lp
833%b233G
)q$	,V
Hy733O5
U033O4
bkNf8Q
Dw433G
QwQUCg
%P433:
QwQU_g
:33O4T
49Qzki
QwQU_g
|$iO!H
@Ww@t,
 CD%e3
p&:aR2a^
@Io"G.
HHtXHBt
s^TS18
?If90t
BADDW<]V"
dV fY)
q"KN4T_,O
t_0fY)+
"K^]b6Kov`f
g@0I2.
">LE35
V B<S$>L5
bMADD5Z=3W</
5Z=saU_;A`f
y;VF$S
LE$P1Q
uTVWhC
QCj@j ^V
i_H1CSu
ST\P"EQ
Pou6Wx	u
< tK<	tG
^VhUNMP
A]8N\TP
C>UEQ2
VGALFP
HHtYHHq
vLIV'Z
Get>emue
"9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x00499e40","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x0049cc88","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x00000124","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Generation"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013e","lpSubKey->CurVer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->0x0000013e","lpSubKey->(null)"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->DontShowSuperHidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x0000013c","lpSubKey->(null)"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShellState"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShellState"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ForceActiveDesktopOn"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoActiveDesktop"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoWebView"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ClassicShell"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->SeparateProcess"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoNetCrawling"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoSimpleStartMenu"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x0000013c","lpSubKey->Advanced"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Hidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShowCompColor"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->HideFileExt"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->DontPrettyPath"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShowInfoTip"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->HideIcons"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->MapNetDrvBtn"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->WebView"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Filter"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShowSuperHidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->SeparateProcess"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->NoNetCrawling"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->ShellEx\IconHandler"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->DocObject"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->BrowseInPlace"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->Clsid"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000146","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000146","lpSubKey->Clsid"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->IsShortcut"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000126","lpValueName->AlwaysShowExt"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->NeverShowExt"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->UseDesktopIniCache"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->44918"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->44918"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->145"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->145"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->268"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->268"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->Com+Enabled"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Com+Enabled"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000154","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->REGDBVersion"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ac","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->22512"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->REGDBVersion"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x00000132","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->TreatAs"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x00000132","lpSubKey->(null)"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ae","lpSubKey->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001be","lpValueName->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->InprocServerX86"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->LocalServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ae","lpSubKey->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->(null)"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->InprocHandler32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->InprocHandlerX86"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->LocalServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->LocalServer"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001be","lpValueName->AppID"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ae","lpSubKey->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->ThreadingModel"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->TreatAs"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->DriveMask"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->AllowFileCLSIDJunctions"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Personal"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Documents"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Desktop"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Desktop"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x0000013c","lpSubKey->FileExts"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d0","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d0","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d6","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d6","lpValueName->(null)"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->UserEnvDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->ChkAccDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->ProductType"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->0x000001cc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Personal"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Local Settings"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->RsopDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->UserEnvDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->RsopLogging"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->UserEnvDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->44918"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->44918"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->211"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->211"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->44918"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->44918"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->ProductType"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e0","lpValueName->SrvsvcDefaultShareInfo"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->44918"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->44918"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->71"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\BWHtbd.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\BWHtbd.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\BWHtbd.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->44918"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->44918"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->12288"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\BWHtbd.dll"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\BWHtbd.dll.exe","lpNewFileName->C:\cuckoo\dll\BWHtbd.dll"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->44918"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->44918"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->12288"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.469","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\KKzUXw.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\KKzUXw.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->0x00000080"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x000001e0","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\KKzUXw.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.479","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->44918"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->44918"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->12288"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\KKzUXw.dll"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\KKzUXw.dll.exe","lpNewFileName->C:\cuckoo\dll\KKzUXw.dll"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->268"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->44918"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->44918"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->71"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.489","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000212","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000212","lpValueName->DriveMask"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Start Menu"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Start Menu"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.499","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Common AppData"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->AppData"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->44918"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->44918"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->71"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\1400.csv","dwDesiredAccess->GENERIC_READ"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->268"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\1400.csv","dwDesiredAccess->GENERIC_READ"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\1400.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000214","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->0x00000214","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->My Pictures"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x00000210","lpValueName->My Pictures","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents\My Pictures","cbData->124"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000214","lpValueName->Generation"
"20190111212126.509","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->44918"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->44918"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ec","lpValueName->CompareJunctionness"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ec","lpValueName->ProgramFilesDir (x86)"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->ProgramFilesDir"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->0x000001ec","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Generation"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d8","lpValueName->CommonPictures"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x769c0000","lpFileName->USERENV.dll"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->ProfilesDirectory"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->AllUsersProfile"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->CommonPictures","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Pictures","cbData->116"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x000001d8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","SUCCESS","0x000001ee","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\InProcServer32"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ee","lpValueName->(null)"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ec","lpValueName->NoSharedDocuments"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x5b860000","lpFileName->netapi32"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->\\.\PIPE\wkssvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\logs\1400.csv"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\logs\1400.csv.exe","lpNewFileName->C:\cuckoo\logs\1400.csv"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000208","lpFileName->C:\cuckoo\logs\1748.csv","dwDesiredAccess->GENERIC_READ"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->268"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000208","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000210","lpFileName->C:\cuckoo\logs\1748.csv","dwDesiredAccess->GENERIC_READ"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000218","lpFileName->C:\cuckoo\logs\1748.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d8","lpValueName->CommonMusic"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->ProfilesDirectory"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->AllUsersProfile"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->CommonMusic","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Music","cbData->110"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x000001d8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.519","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->61440"
"20190111212126.539","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000208","nNumberOfBytesToRead->44918"
"20190111212126.549","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000218","nNumberOfBytesToWrite->44918"
1748.csv
# Ignore everything in this directory
# Except this file
!.gitignore
.gitignore
REM Dummy file for NTVDMBind
autoexec.bat
"20190115161802.230","1640","HelpMe.exe","1548","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190115161802.230","1640","HelpMe.exe","1548","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190115161802.230","1640","HelpMe.exe","1548","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190115161802.230","1640","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x01080000","th32ProcessID->1640","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190115161802.230","1640","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x01080000","th32ProcessID->1640","szExeFile->HelpMe.exe","lpAddress->0x01080000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190115161802.240","1640","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x008f0000","th32ProcessID->1640","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190115161802.240","1640","HelpMe.exe","1548","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190115161802.240","1640","HelpMe.exe","1548","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20190115161802.240","1640","HelpMe.exe","1548","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190115161802.250","1640","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1640","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190115161802.250","1640","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1640","szExeFile->HelpMe.exe","lpAddress->0x00910000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190115161802.270","1640","HelpMe.exe","1548","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190115161802.270","1640","HelpMe.exe","1548","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20190115161802.270","1640","HelpMe.exe","1548","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20190115161802.270","1640","HelpMe.exe","1548","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20190115161802.270","1640","HelpMe.exe","1548","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190115161807.247","1640","HelpMe.exe","1548","pr
PZG1PhkVWbTT_ETaYDTYT
`baogbe
ZxU\@}U
@RbAUJVmF
-Ker^M0000
f[1HR@5U
]IcDS~TO
s{}{pkY
xU\@`U
@B_SUGE_
/IPWQE\bT\ZESePBROW
wruqcq
YDkVMP
*UWeEQBInC@W
-Ker^M%$:?
hFU>Y\U
NxolS]T
fV_GoI
}QTRaG\
GKm#0-
Zcessuc2
y* {sn'
$5rsq;xy~u
SB_A^RDmzY^T_ZC
EBBH^DfUBCY_^lc_
|UN\o-K	
1.6NYG
woau+c
iI[EuU
m+)?%fpYTGdKAQ
\]tQDQ
}uH@A_BUB
RWuWEY
yS]H}R
~GVzD]LgG
>QXP*woa
64a^GQ
U{UIuI4C
$>)(3pzkCO
]IcDS~TO
cxhgdvpi~|_WBM_M.
~oWCGQVVzG
*'!6=~
[^dU[WIlP[Q
BTV\BBCA
aVPqIVgWXEGiZ	G@R
0m&=6q
+ 08GHtQ
1[\GEuQ[
cqiq<0
r}fxrmC
xUA3}U
GjcQFBH
cPVuC]QCKxVNgTu
DM<9<{sa
MDXU	9
_C_VDm6
~HrR^_C\BmdFTD
qM@FTDG
zU]I}T
PTQ]CV^[jIN"(
iI[tMc
q'&$, 'PU
ZbUWaET
gbv}yq-
R@+ER{UI
U~VaGBC\^EgPCEXW^kkJD[M^GCjy_WBV
9;5apt^YAUG
/lK^UB@CETX
{BROGVqK@Gf
$$[_V68pq
6N\oUVUHU
wt-}pea3"
BTV\BBCA
aVPa^GPBQ{GUg02N\o6{&; q
KV^[JgG+HY
Ul}YSC
MJV0'?
~HrR^_C\Bmb]TZ]
vXBWVEQ
yTYA{T
][iZ%GKK !1:g
DfQ\ET&
gu}a`c;
\@1M@gG
/fRvQEX
mr^[EZK]FD
gUVXK&
GHMTigLC^VM(
g\]WRQ_ku
}QTRaG]
WYaD^LUTZ
EoNB}T
EGKKBBFI
~cen3;)G_[QXG
03)moc
Fc_VDGP@
HPBgQFCKbd~b_]PSXTFmsIH\X\VA
}TZAuU
uC\@]dEN
GKK !1:g
qpIEm\G
cesst10
^6E]RUB
._W<.hgirafbgC^}gctk
YAeDZ{RW
dMJVFWFU~aK+
LHMFFh{W^P
0 Z\N<'&1g^Y
QxMcPU\
CQSYQyx[
kUV`@TDHnQ[[VvOu
puynyp
+GXj<:'aHYq
G_v^bFQVI
LSV]GDPt(
AT[zSH}H`
qcenddq
[0.gu}}zwynso'*$,=<QXG
DXU2'&
:0PCQMJV4
BIC$sEBBU_F5G^Q
~Q\RaGf
GQ_K_V
2dEN6woa
x{t;<ayp<
mYW@CQPhVo[SCVC^WAmaXVTXY@otW^PTX@fG^Q!
G_~tMDTM^G
KaoQKCE\]
cSP\v^BW
wruqcq
jG@R%#G	
vcDFw`u
l^eFWRIP
WXG%Pd~GtY]\
fdur}cd
0U\@}U
@YZG^m
[WUr]\G/&
aerzubb
G^mWwMLG_v	;	
_oCVvXUU
bcr{ud}
_{AU@IP)
?GMFzL_EQrYNh(
cdzstbf
\RaG@+
@IP~SvAVIQ2
aPd~GtY]\
fdur}cd
0U\@}U
@YZG^m
qx}`cs
(o&0,li
XHqY@-
<-'*$ ~oWP^G
l`_\YR[
mkH[FUBm_cTTU
yS]H}R
~GVzD]LgG
2QUQ'0.aiq
PEVU>Y\U
16aog;
lu6doecuc@O
BMYW@hgKcnMECmzECCP_Bg]BDG\]krCNXU]UQpg0
PXTUDWAARO
dQQFjK$
N\o6{&; q
bTU2WIP
771`UV#2
[^eR[WIlP[Q
VX]PBOBLUZ
`PEVTp]\G
NApIE!>
z{t`o}~vpznuqtfz}r
]FgE@gG1HR#
#z297gpoXVFWQCD
MARCXK
@\YSQE[
'[yoQf_c\QU
pU[^~V
gQ_m\G
$VIOdmk
';1GjKNI
Di6,n}
{snmoc$
$-&ew~=
iI[Cp&
9zWXU[CC~N
P@U_MfTCFXY_d`XBZP^G_~tND\M^G:GazoW
T\[G_[BBQ]
wrvqkq
gTuLbW>7&1
[XGC,_bUQT
xz|inr`cdtvdh{`ve
]FgE@gG1HR#"
GpoXVFWQCD
:/*&:6QpgZ\N
^y[_WRPcDsO@UQxM
BTV\BBCA
aVPsYGCObQNYG
;RaGh$1)w~g
". ~mlCaMAO
XNCZ=:
_xDURR\}Su[XGBb[bGMFe[^G{]
DT_YDZAJ
pTQ{@GBi-
G>$k`wcp
TM<.({sn
(/-kbgqya/5
;	/82llu$}YSB_B
qmZRZTtM`zCFYSP\XELmySRUTZ@oL
	 -]|U
`^U^_K=_
/\K@DDX\p]Y^Ut@
a`taiqb
yUUD}U
eFWAIQ
 (HMHE@UO
oGBPFgYpIC
ZYZPWVdeLfIA\
JNaD[DGOVe[\
VX]PBOBLUZ
`PEVTp]\G
UCICDU
mJ`*!&0
V~BCPPEmJ`HBQCvCp-
W\]SBACCK^
~GPRrYNI
\~K@GKW\
CICDU]@
mJ`*!&0
]sZZG 4
^y[_WRPcDsO@UQxM
VX]PBOBLUZ
`PEVTp]\G
UCICDU
mJ`*!&0
V~BCPPEmJ`HBQCvCp-
W\]SBACCK^
~GPRrYNI
\~K@GKW\
CICDU]@
mJ`*!&0
]sZZG 4
^y[_WRPcDsO@UQxM
VX]PBOBLUZ
`PEVTp]\G
UCICDU
mJ`*!&0
V~BCPPEmJ`HBQCvCp-
W\]SBACCK^
~GPRrYNI
\~K@GKW\
CICDU]@
mJ`*!&0
]sZZG 4
^y[_WRPcDsO@UQxM
VX]PBOBLUZ
`PEVTp]\G
UCICDU
mJ`*!&0
V~BCPPEmJ`HBQCvCp-
W\]SBACCK^
~GPRrYNI
\~K@GKW\
CICDU]@
mJ`*!&0
]sZZG 4
^y[_WRPcDsO@UQxM
VX]PBOBLUZ
`PEVTp]\G
UCICDU
*Dn['00
]sZZG 4
^y[_WRPcDsO@UQxM
W\]SBACCK^
~GPRrYNI
\~K@GKW\
CICDU]@
mJ`*!&0
]sZZG 4
^y[_WRPcDsO@UQxM
W\]SBACCK^
{PXBQvK@GjIN#
Dn['00
YEu_NhDC_U
mVDUZW_kJ^YkOEjvOS
F@NjhfR
U^NIQHE@UO
qdvw}q
5_FUvY\
cKXJ><
<1`UV6&
_FgucQFY_^vX]P
iTWOI^YhTN@~%
/bd[\T
LbW\TQBmJ`1
/lK^UB@CETX
{BROFPqK@Gf
~HN?	,"#"
UTqSSU
=Vhyv]bTXT
xRBBxR
1,'6dENUZ
cesr'2q
JiI[Ex!' tas4qccuco1
ARPNosVNioPwHE\^BXZ_EmCVUKP
|WAH}QKHLU
KaoQKCE\]
cSP\v^BV
wruqcq
jG@R%#G	
ewNIgac
fC\B]oMQ
KaoQKCE\]
rYAAv^BVvOu
easaiq
 ZEQE\Z_dEN
qxhiWI
c^WAFWC]lzGQGXQCDEjcYLHM?
tIPB\[V~|M
Gl~GtY]\g
bcr{ud}
2`ut|g5G
}`fsw~p!9
:&:77FmA
Ou"<c{
&%+%$3!~@cA@_BVVEmbXXUWGDrq@EPILE`QBQEM&9<
~iZAY[JG^
kcNWCHJDT\
c]QShZ_R
qjINRaGF#
~cDFw`u
c]Y[OdEN
* 6:=9
Gl~GtY]\g
bcr{ud}
~mw&*"167\;cx
aspu9t
x|kkjtw~ptx`ow
f[^V[C
9aYP!0-7
6!QEMLpg
HLl-CUB
PBl`KDTJd^cPPR
~TT@zK
pTReMG^[0
1 2'GjKNIuJgG*x}s=cc
\@4UNYG"
BP"V~ZClv
fjlBHFES\
kfV_GoI
gbg ,$6!13=
!(pWWrKUPEPzSH}H`
dwoateg
0U\@}U
di#03&&+!1+9}yq
 GMV	6:
,%1$2PI~}
SB_C_V
_.2<;!
=3B-31Ppq
wtwucxvndtyt
gQ_qIV0
1 2'GjKNIuJgG*x}s=cc
\@5UNYG"
BP"V~mw08
Zz&I56
7=76<"2
N"1: 6&&
*AxgG\DB
RWuWEY
}TZAuU
PXWPYuTNCA7
EEQ'':aiq
^zUAqHg
Hx!' ta
+z:-6g~
+_WDOUBUloEA
qi_[Q\AQpa
UBl}^E^DrCK
#@375 ({Q\
~Q\RaGf
GQ_K_V
K@Gqya
zU]I}T
DXZQC[_V-
qya1 4:QXP[
fQ\EUu
6.'6!mJ`[XG
^@gX\DT{P[T
pK\PECXK^X
xTU@|T
W_XUQUQ<
qya%,?6QUQVIOJjK>
c7waiq=lYO@IP' +
OPUCvVsHATEeWbROV
qU]AxT
RYNIQ1
KXGw\X]
5</&6* VIO
c6waiq=lYOR
A[xPYQ
fbiBOBLUZ
FmARPGK
e#')7::,& ,f
/XGSTwP\T
ed{sr}`
[zMONG
pIC'_[WEQrYNh]
blsrtfb
N\d!		>,
pADV_WMpF
83CF@Nu^K
6 &6 ~
kglip!
M]UKA|Q`UVTE`_u^K<
SXZTKIDZWX
aCSUDGjK$
;RaG}0;&g
~0  (*<
F@N~CC
7%:KIR\VUHU
eHDg`yrfgcxat
{V[RaG
yPXHoI
	G_[BAQU
?K@GtEP' "/
??MOgZ
</&hmcZ
GJguod[\T
yTYA{T
N\cURFUQ_
QCkKVGKWZPFJEVIOD@c>	
Lx[#0n}u+c
^~E]VG
EDpIE\Ce^gTWU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
xT]E|S
IZ2PEVTs]TG
D:9&0< 'GA
cesst00
UCd_gB
EDpIE\Ce^gTWU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
xT]E|S
IZ2PEVTs]TG
D:9&0< 'GA
cesst00
UCd_gB
EDpIE\Ce^gTWU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
xT]E|S
IZ2PEVTs]TG
D:9&0< 'GA
cesst00
UCd_gB
EDpIE\Ce^gTWU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
xT]E|S
IZ2PEVTs]TG
D:9&0< 'GA
cesst00
UCd_gB
EDpIE\Ce^gTWU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
xT]E|S
IZ2PEVTs]TG
D:9&0< 'GA
cesst00
UCd_gB
EDpIE\Ce^gTWU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
xT]E|S
IZ2PEVTs]TG
D:9&0< 'GA
	#DRUZ
cesr&0q
Cd_gBY
_zA]@hxmTrHMUBeZfDXLU
yP]F|]
~GPQrQNI
JK?00:6'6O
cesst10
UCd_bU
_zA]@hxmTrHMUBeZfDXLU
yP]F|]
{PXAQ~K@GPIE:&71<q
vqy}61g
6K|1? *
!(NBcD[{TH
e^^D@OAVkoEACYG_DX~
P^G_Ab]P_K	
aerzubb
G^mWwMLG_v
bGjERW^z\ItIb
ketmv`d
jzpmgayp4,"1,, 17O
A[qCD'""1 
KOPM_M
ClsEBC
|UN\o-K	
<WIP+3
Y[=;,=
BRfPZQ\
0{uio|~ "nso/
=$, PcD.	'
KJAPFQlodiP]C^_Dmf\_R^OCkmFAEGBVgSFCKCL
9gTR]ZF]P
/lK^UB@CETX
jUVJt\[G
easaiq
GMF~kqtskd
	jgghiwep~g
 |GTGN\qDW
9 KOP8
67!6LXtG^Q
YUCluI
lxg@WB~_rHEPBb^oB^ZW
xTU@|T
CSSYQXP1G@R
PUtPYA]gTuOIO)30nyp
K^VWMN)'	
cess'0q
N@.Q]E\zQ]U
FKsI]v^BW
	jINA{Q
GTGjIN
FUWYQXP
JqFP[xS[iZ'NmN?: "1:<Lx[@
XiI[KR
9*-: 8lmc=cob
azqGRz\I
v}ex|lL
yUZI`$
blsrtfb
ONGCzRz[XG
fQWsxoPKfPUETtMf
cbmpqdq
JgG1HR@5U
Y[ELYN;[Kyod[\T
b`rutkc
ZxU\@}TM
BlDXV]PcD0
.PEV7HYyAQZ{GtOZe
cdrvteb
]s-e !:ncapykucoj/')G_[
@gG+H_7?
Opq6!63g^Y
QxMcPU\
CQSYQyx[
kUV`@TDHnQ[[VqOu
easaiq
=r^ME^G
@|CZ@IP~PvIVIQ
C\WXBACO
eKT{GGBiTOqHu
.")<,5<7$!}ac
K@GN\q&7
&<~mquqvio4
HPD;_^DB_]1]Vpa
:1QYepWQU
fVXGoI
}QTRaG\
Zcessuc0
?DR-f{i'|
sq|n."adk 
qifphd^r/
qqyaaiq;dENG
^-MONG
y(&{sn!
aakvHG~aUEL@
dG]FyU
IZ-G@R|P
JK]PGAQXG
E}W6':
$?&GiZu
</&hmcZ
^6E]RUB
m~FMSTTK`PE]
~RN\oT
jTYDuG
NIQHF@]O
C@WGiZ?dEN6x}s=cc
	X[|WUG 4mA|^XTTCePBY
sBlSES[_
dF@N4$
e!53nBIc~o|xsyx{t
\G}FV|GU
emcvio
WQ\R]KECGA
y_TId!		'$
E^GBFc
q'&$, 'PU
0&AGMMpF
+LS6TM7_13
NQeCTA}o
|RN\oT
jTYDuG
EEQEGM
WIg;%GMV6
QFrTKYEKVwTAIQB
 o!Zh(
CSVQCC\J
~GVyDULgG1 
6-&aiqb
KVIOJgG+H_,
,5:nca
_[\BnG
yK]^mjUEDE
~RN\oT
jTYDuG
NIQHF@]O
GKs&01:
2?WIgH/
cer &q
lgy~t,oqpQ
fhyK@UUxSRTFB
t}~gpr
xTU@|T
CSSYQXP1G@R
PUtPYA]gTuDEN6&:016>
ces }q
\EU~Q\
mZERZZ^jUT\kVJl~td
gbg ,$6!13=
!(pWW~IU_zPHsIo
`ataiqb
GTGJgGH
pii{-)(*28-4coj
M5!4"76
C_VDlf
:><*."
$7=9lH(
\AjESzPH
k_QZEWEGpoXUF_QCD<9;
9aYPCPZLtIP
	e>8NHG!&aNOqa
GCC][G|C
rMV:Gj[WWBHoQ]DPtNf
]sUVUHU
!(qgsr|cb
CyoiWItAg
bcr{ud}
WHF-ii{ny{{c`}?$$!::7[
#UMP6	
*&!<QCDD$gY^T_G
{[:8,61
;1 0?$1
[ 4q]VENQCTi|_RJ_DAU@kuELUYCC~oW:
MB~bP@MR
/xGUYBMBH
dT_cRZdW[WIgIa
: 6(6=V_
P~Vf]SDTU_EF
[RsOFW
qU]AxT
FUEEQ<
4WIPHcUTWIg
2EEQ'':aiq
GKmRIL#.
cessu0k
5+=qHX
]IcDS~TO
cXHFAVPI~|_WBM_M.
~oWCGQVVzG
<NYOUZ=:
	fxqn}`mrwxooma
6WNiTL
aYP!0-7
6!QEM^$cUDE@
]FgE@gG1HR
TJPJMKT
6SVfGSKO0
0WhOZe
cdrvteb
tMNDPzYOI
:COJ75
stS\D\uIf
bmstkae
YDnC@W
YL>GBG 
Pt\C^ET|Hf
ed{sr}`
]EbYNYG(
blsrtfb
N\d!		>,
pADV_WMpF
2<2QEP61
w=~ubyso1}ch
nRGcqxxwu
]FbMR|KJ
	qCDEAUBGpo!
$2KBF^BGdaYP
C^q]U_RtM
ketmwed
xU\RaGZ
KWr^MRPGKkh
LTQ]CV^[QVg*
( V2ZI
77PIQQ
kKVGAN`TYFSlMO
H^fEMXGRB
xU\@}U
EHVS_\\Z^XMVXYZ
fa{aiq5K@GC
@fGMF*
m}-6)?z
XzEONG:*
C[ciJ@__PJPE\^X
t\VUCGaWESLg
LCyoiWItAg
bcr{ud}
WHF-ii{nvajpil'&;0- MBK
95>A^M :%7
lsEBBU
s^ZU]BD
y]\GcV
cPSwRIL9
\EUuHgG
digu}$
&8aa}9sxy~u
M~eDFlfP^U^BBjrMBEK]@aG^QXYZlqIV=
\WQ^QXPH
gmaog!6EEQD
GC^G0=?
oLFfTKCX^[msIH\X\WDkqDG]Z
EKT]DV^[
gmaog!6EEQV^[JgG+HYc
DfQ\EU Hu
[[\Z=:
]FgY\BK|WZG
uSG[VCRjIN
HY*I(6
0QpH'/,8!7!MI~fIQ
/fRdQ]LU
t_P~R@_
yP]F|]
IZ7GKmAPZsGUg
2EEQ'':aiq
^{UIuI5A
{jgg{sa=
7<cjo-cub
	@qY@'
VQ]K\T^NCmr@CDTVDaK@E^MB~tND\M^G:9!
iwhapt
~_P]|XSGPDHy
`ataiqb
GTGN\dXYQvCAG_[4,'!"8re
m}oLyUH|Hf
ed{sr}a
GxG@R%.K
/S@wUoG
mNKnm}pzxx
bYRDUMP-9!
VppAVhhCKG
!(pWW`LUCHcPZD]uOy
qyarsgc
/Ywqstjc
*m$4:omay|z}
% aHYq
(o&0,li
XHqY@9
uEL".>?	
0P^GLXt
=)3#=&3
[ 4q]VENQCTi|_RJ_DAU@kuELUYCC
P_K^[hqOME
R<ZIA'
02N\o6{&; 
ROvJ^G	/5
B_DD\TG=(
\AoQ]DP
	m][ZMB
uSG[VCRjhfR
FREEQEDM
ryk`w  EEQV^[JgG+HY
AW+" *
& 3#,"'7
3YMTDFXBTmxXUCWCXHFj`KBF^AGlaYP:
LpgIEXWPIP/*
?KoxC@If
b`rutkc
bTVfTBgY\BKwN`
qjINRaGF.
hG >7,5q
'DR&t=)
NK19@(#i1+8L 
LKQ86(	S<
YQ7gbg1+
JOlwbxzofc|es
fWZGoI
}QTRaG\
cesr cq
x{tioayp>5
C^G8:-
0 ;&1&
="%,-2 
*Wc~r]Y_MC
mvaumn_[[_S
}TZAuU
fTYQLGjK
0K_V!,aog
6EcRGBi		
;GbC>0n}
rp6A/&
@RbCV{GU
KPU\JTKDS	
0GZcVZ`CVWCTFBa
d{pwrq
NIlPXQ
.$2=<1*<a
2>>NIl28&n{
i~mwvcg0
]FgY\BK|WZG
vSZUPMV!
QG_QD[_VT[
qdvw}q
0'<pYL
wu~&fko}>5
wP\TtMEE
fVXGoI
}QTRaGH
QUQEPY
#6LgG[iZ?dEN#lw|-bu
|UN\o-K	
V^[a^G3
R@>Y\U~Q\
i}fWCXKUUpVRSBK
	ivzrpeandqqf
/BG^@|\
PIEXE@B[
qya%,?6QUQD
Z\@cER{
OooP}Vs@DTBa^dTYT
yP]F|]
{PXAQ~K@GDEN6&:016>
cesr!kq
V!MVIQ8
fjlBHFES\
kfVXGoI
gbg4 /:!<20G`(
bTXTwXYT
cbmqsdq
Y[pXXQg
!(qgsr|cb
ZDvK@G
`[m_$$wxmc`z
kbdDEN
kW+ lip
XzEONG:*
RYNhy[ADTT
vCSPLUqG_Q`
qjIN@5U
^J&W~mw
G+0aog7$fIQK^G
Fwu~ubx <pic*n	M% <
jINA{Q
GTGjINAxQ
GTGFITXVQ
V^M;PEV6
Cd[3BYD]
]D}^`xlDWB
YkB`DPRUP
055G^qKVGExY
X@m{oP^QAIUU
yP]F|]
{PXAQ~K@GDEN6&:016>
cesr!kq
WsAVIQ8
QGMG^Ei_X_A|W_YWR\
F[fTE]BGHc+
$,1pe`daqk
!(D[\TJIBEP\
bROVp^NI
pIC"lwzdfq
Xu\FXRP
PGkCa'
DJU>Y\T
Cjmaog=
LnWDJG
Y[C,_gC_C
WyHWTVTKcXKP
X@`UV-
cessuq^(
vCpTTP
PQFKno
u\FXRPxYrW^C\\X
qduwuq
VX]]QUQ
+esu!cc
^@~LDsDSWSC
/[XG!7
c-srwd5
^~E]@hxmTrHMUBeZcSP\
yTYA{T
][iZ1K@G ,07 >q
DUvY\T
digu}+
;> cjo-cub
HqY@%+
KJjf]ZTMzy~qECKU_EcTDBQ_YrvLGNCPTDh}MYL<5
]W$&ro~gZXMOI
kcNWCHJDT\
c]QSh[ZR
qjINRaGF#
-**2CH
mcrwqcq/&
OFPP^HK
zKPM\kQ\SF
dguzs5.~
_xA]@IP
BGjcQFBH
cPVgD]BNxRXBGiZf
GTGJgGH
hC'4aNOqa
VIQeZf]CH
LSV]GDPt(
AT[zSH}H`
dwoateg
0U\@}U
di#03&&+!1+9}yq
@gG*x}
*5'UMPGpo
BXD$gY^T_F
9`QC_@d_Kc~Q
lrismgZ]C\]
xRBB{R
V^[qya
RILiI[->>NI
me;succ
^~E\S]PcD*2
^j_*UQT
azqGRz\I
q\U]uU
/lK^UB@CETX
oB^ZWp^NI
KV^[LbW?
mgtu}dq/&
ZDfC@W-+
G^CE\[V
!(PWWXJDCH
c]Wf[WDNtMNDSqHu
\UCICE
= //lq^(
BCr^NIlP[Q
LXoP[U_G^
 }:**mx
XHqY@&
VxkNs\]VStI
bmstk`g
FVJ5PCATFGqf
\SY_PU
G+0aog?#cHFB
]@qTF^G
TGc]Xh'
WZpT\XMSB^MBvHFQ
ZxU\@|U
JNaG[LGOVKW\
CICDU]
_oCVvXUU
bcr{ud}
_{AU@IP)
[WUr]\G/&
aerzubb
G^mWwMLG_v	;	
ZxKFUwP\T
ed{sr}`
[zMONG
DJSw]XU
!(qgsr|cb
FpG@R#+[
PcDsL@]QxM1
_oCVvXUU
bcr{ud}
_{AU@IP)
[WUr]\G/&
aerzubb
G^mWwMLG_v	;	
ZxKFUwP\T
ed{sr}`
[zMONG
DJSw]XU
!(qgsr|cb
FpG@R#+[
PcDsL@]QxM1
_oCVvXUU
bcr{ud}
_{AU@IP)
[WUr]\G/&
aerzubb
G^mWwMLG_v	;	
ZxKFUwP\T
ed{sr}`
[zMONG
DJSw]XU
!(qgsr|cb
FpG@R#+[
PcDsL@]QxM1
_oCVvXUU
bcr{ud}
_{AU@IP)
[WUr]\G/&
aerzubb
G^mWwMLG_v	;	
ZxKFUwP\T
ed{sr}`
[zMONG
DJSw]XU
!(qgsr|cb
FpG@R#+[
PcDsL@]QxM1
_oCVvXUU
bcr{ud}
_{AU@IP)
?GMFzL_EQrYNh(
cdzstbf
TRaG@+
@IP~SvAVIQ2
ZxKFUwP\T
ed{sr}`
[zMONG
DJSw]XU
!(qgsr|cb
FpG@R#+[
PcDsL@]QxM1
!(pWQU
bmstk`g
\vK@Ge[\
A[BTr]\GZ(
vpp|dcp
BBp^NIlP[Q
	NpZIo}nj
Nhy[ADTT
bC_E]v^BV
wruqcq
jG@R%#G	
}LYVFQCQZ(
vpp|dcp
BBsOK_VXXSvK@G
WOI^Zh\N@~
IZ7GMF*
9IR\$HHjyfxMPN@
cDW_RTK
WsLESBl_eKRP
zU]I}T
DXZQC[_V-
GjK]Pc
q3*/  *QXG]Z
~K@GN\d:9&
WXEYEBM
qfyaRXgst
~Q\RaGf
S]TG_[
CHd:9&aiq
qJjKNI
_*MONG
yQdTUP
QXG:PEV&4
_q%x%#,=
RF|UDG@SScOATEG
W\]SBACCK^
~GPRrYNI
\~K@GKW\
CICDU]A
*1`UV6&
\Aw\]S
~OWR][_~JK$
 /:pic
wNIgac
'[XGBa[oPEV
DRSBMGDG`(
sC\QETsXZTo
actaiqb
MGTGN\dXYQvCAGKW/_/
VEE=:1&k6+G
$qlip'
*?'$6o
:66djw
 >K@Gqya
`B_RTCQefCpD[VUPcD1
DJ-HRBzS
\AxTUCPBE
WYuTNCA
ZbUQTwY\U
1*'6AX
ZXvY\U
_xDURR\|Su[XGBb[bGMFe[]DxG#oZW
^Y[KAODVIO
6-&aiqb
+WA@6'
*'G_vM~G	"DRS
C\ZUEaUwNVIQeYcBKXGe[]DxG#oZW
JUPGABE[
dQWm\G&.		
yGTGdmk}`f}
'K@GN\q&7
&<~maYPtIPJKcNW
[yWA@TD{V`UV-
C\WXBACO
eKUyGGBiTOqHu
gBYDT#
LW@NAddfG
]{BONGCyRr[XG;1
KUVXFEDH
|WQxRILzSMuZ{
UCICDT
HiqDG*-
&MBjCBF
4KaolS]T
ipcewbb`
yTYA{T
][iZ1K@G58:80?g
oMZG."	
+0$>$  
D_7S3/&
YAxTOv^BV{VOI
79>c,`#Zh(
CSVQCC\K
~GVyDULgG1 
#9,nypt
^G;? 4}on
DU]vY]TqQ_M
UNtTB\CSUySTK@F
sfyasp
EKU_DV^[
ryk`w4,NIQ[_V
IGqya/5
2NYGlMO
DXSSCwVuWGPDvCpTWP
pGazoW
@SPK_VCO
dmk*<> QUQVIOJgG:_[Q
UvY\UfGI
2?WIlQ
rB^FCGeL<
	GCkOW
r~ock]JFCGA
j|UN\o-K	
fIQXGQ\cOA
DM377g~k
1!LFo[wHf
wtxzdju
KGTGN\qDW
sCTTESwQ\Ry
qyarsgc
]ErQNIl
DM7H%@CM&K
eu6ubysoc  f
xztlnu}ycdkaiemcv
W*.		`[
PXTUDW@ARO
uFUCXG
G+0aogbf
ZBUWYCD
p@).=b<<,
UTqSST
I#gCOp{snnbxep
~RN\oT
jTYDuG
EEQEGM
6NmN*.*	-pi
wBe\_PXA
guod[\T
yTYA{T
N\cURFUQ_
QCkKVG_[Q\FGD[
Zvqy|dbu
N}\C^ETwQ\T
w]OQN]a^XUiZE
y\\A|P
P]\G_[;
w1&": V^[
HLI.Q\EUuIf
980 PcD`UV
^@gX\DT{P[T
yKDSEqDMFsLD
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
/dlG]S\B~WwHBTKdX|WWS
!(jW\AtU
JK]SGIQXG%G@R
kwoa#:?G_[QXG
dEN2_WD
Agwoa+
&ONGPcD*?
cDW_RTK
WsLESBl_`\[BR
!(jW\AtU
JK]SGIQXG%G@R
gmaog5:NIQ[_V
&ONGPcD*?
\~DTRTCzWtHLUDz]dRCH
zU]I}T
DXZQC[_V-
qya%,?6QUQVIOJjK;
DJU>Y\U
0aaog=
WA@G^m
^j_/BYDU
/dlG]S\B~WwHBTKdXy@_CG
xTU@|T
W_XUQUQ<
w%*)6 [_VGA
c6waiq=lYO@IP' +
cDW_RTK
WsLESBl_`\[BR
xTU@|T
W_XUQUQ<
w%*)6 [_VGA
c6waiq=lYO@IP' +
cDW_RTK
WsLESBl_`\[CR
xTU@|T
USBYAI
aCLEG[T
 (%)&+6VIO
cerr}q
[_\hDEN	
BLUZ=:
_zEQHVDdKVG
xU^@uG
mYVs@R^G^
ce{aiq?Rn[VIQ>
DYW^_BU
]I~TFsXZTvQZK
pADU__MpD!		
TTOYRT
u]F^MV
XaCLED[\
YqQNKOGKW\
CICDU\
%M@a<1&n{c+
TGvUKK^G
KX"7c{b1socpv'A5(
^~LDsDSWSCkYMK
7GXWC[Q\
RIF~ks;ucc
YlYOSSF
WP\TBLBBTU
pJRCXGw_XUu
bN92e94*
9V|M:;7
$=2EIP
9ddbyrebwq
/fRaESrUH
SEO_EEnd_C^K_Q|QLHN-
JVO^AI
pUTEA-,
wt}tw~gPIEK_V
BIfQ\DT}Z{
,+'!M@aMHGEuU
G	ReL.
/dk\rD_VTCfXLT
HCJGKK
f[I=Hg
ce{aiq?Rn[D
CbUDEC
	.s}m}`m/1
)(3/)9> F
cER{UI
qblVEQC\l|XVCYBWVCre^YFCUB
zd~oW:
MB~F\ZTMKM
tTG\RSxWsX@@@XN
easaiq
BUWXBLPU
p%y|ffg
NReL*>
FtUREU|]TINN}EWFrD_VTC
X{EVnW.
f[I=Hf
Dkmwaiq?RcTU
\Q@@UUH]
xiHS}~
rx|n|tr~xvu
[GqY@zSM
PCQ^S@duEL
S:&%aYP 
9NCE<;aNOqa
+z:-6g~
XHqY@9
9'  LXtG^Q
_BUBl|
_UNZuQYl[
pTODV)T[\U
gQ_m\G
6'tMNE
66aog;
:5b}q4o}qsxx
7LS6TM6
	~[E~oM
~Q\RaGf
GQ_K_V
.gTuqya
!*6WOV8	#
bVVEFTCSmuYT\[AXDX~f_ZTM[Q
P_K^[h}Z\N
.8NYO6wNIgac
 Qpa&'1&+'
^luH@\
FG^~=8
v_]U]P_
azqGRz\I
q\U]uU
/xGUYBMBH
dT_aBK@NaC@WTsLg
UWYCDC
H{(2P_M=4/aHYq
U[eILTGULKCLPhmKADC@
gTQ`MUEWdV[WIgIa
n<6"/e
]Ew_]]~VCQ
	qdg}z
HN$GazoW
@RPK_VCO
fa{aiq [_VU
/KNP	9
c`}}9t
QblVngXWT^FF
xedsB\@RYVzGCE]_LpU!
DT_YDZFK
pTQ{@GBi-
G+0aogbf
ZBUWYCD
w~gN\qWNi
2HGiWB
]IfP]@TxPUU
`DXRhGSCS|GZG$GazoW
FWPK_VCO
suqnyp7GKKQXP
[W7@U^{UI&Nu
ysunq~xtc`}|wwxkbgjIN
bZRLUMP
W^P6;7
 ! KCLl
Y^\_W^_C/&
@RbCV{GU
DT_YDZ@N
pTQeEG^[
( V2ZI
jcxyajg
[iZ;RzC*4,
wQIP-%
=H\=,	<))#aLF}
q^P@GC^G
~{K_Q[OQpa
;M^G4cDFw`u
pBZDtMKE
bTVzAS_sUNkLe
qduwuq
L-,,*+1,p~g
# <iI[)
WNi#8dr
=#V[CPI~%"
%!'.;,
6:;++VzG
AdoQn}XZB^BZWBmoYYJ]@D~
!(jW\AtU
^GV_GDPU
tMNDPq@u
P#& ?! <
f[I=Hg
c6waiq?RzC\
]'MBV;#
6(+&/nRGcqxxwu
]FbMR|KK
	qCDEAUBGpo!
$2KBF^BG
aerzubb
:m0*7gbvn`g}p
('(:%6~oWP^G
^luH@]
aztS\D\~P\P
dKUEk\AsGNWVzQFG@
EoNB}T
EGKKBBFI
kwoa764K_VB
Zvqy|eb&
2HGeum7* #jcAUossyp~t
ZAkEUeWN
MWBCQPI~
$(KOP^F[^Vpu
.*[_V7
G@IgX\DTpIa
d{wvrq
aerzubb
X@dEN-+
oE[CEKI
cSViER\McVNYGtNc
ZCICDU\
ZA~Y[K|VZG
_BGXPYKf
oh$GJU
BRI]DCPU
fUEcR-
4 V2ZI
jcxyajg
9zW-^3 :
oFsSR\CB
}b~mmerch
xT]E|S
m\G_~QAgTuDEN6&:016>
UQDUvX\
gu}s-bbu~dn1kg~
/#BR.&' !
'").6G
R@>Y\U~Q\UN
8*G~cPWTpZSTBF
v}~r|{thpicu
CPV_BLBN
eGKmASZ{GUg02N\o#o,40pi
@Q:2gu}
&159>!
DFQKQl}YA^M
nKCDQ^VzG
azcVTC\CB
UAgYXI
vSYE~S
NmN]ZWYVEM
)(%MXG0!n}u+c
p{rwk{bp~g
bkeqipjIN
bZRLUMP
0&W^P6;7
 ! KCL~|M
@\_BUCAn(
L]STG~PsADR]fXeGMF
JREEQEDM
	WIgIb
jc/%976[_VGA
DJU>Y\U
c6aog?#tMNWIl	+
DYFUtT
SVCRLC
OPUCvVsHATEeWgEGFR
zU]I}T
PTQ]CV^[jIN"(
iI[tMc
d'  0!<QXGO
Ix!' {sa
_LS_@bUP~cM\laV\XR\TEmkIDZQU
}TZAuU
uC\@]dEN
GKK !1:g
qpIEm\G
vqy|d7}
3%+(l}~xzq
/fRaESrUH
bYWLGV\QdzKOP^E[VVpu!
PILEcQJQEM
cdzstbf
@IP~SvAVIQ&
fUEBzG\{T@uIf
bmstkgk
ditlk{w~p#'8:&*6&GA
?DR6MJV$41&
:A^MQCD
lsEBBT
~Q\RaGf
GQ_K_V
~Q\RaGf
GQ_K_V
2dEN#cen
JiI[Ex!' ta|7sq|o}p&pkbgLbW
Y[ ;	#
qs_RF[CMk~~eY_]_FBirCCJUYZb]EQEM_jd_NEA!
VX]PBOBLUZ
eGMFw_XU
WYCDBHAO
6#:.VIQ
x|kmftw~ptx`ow
f[^V[C
0&W^P6;7
 ! KCL~|M
@\_BUCG5(
L]STG~PsADR]fX`PEVT
xGazoW
F\PK_VCO
dmk*<> QUQVIOJgG+H_T>Y\U
c6aog?#tMNWIl	+
CYScXT
!(L|E\[UC~SsOE]CcA`RVF
/BG^@|\
PIEXE@B[
dmk*<> QUQVIOJgG._W<.
03)moc
Fc_VDGP
CJ`TFGYMcVr]\XZYTBitNAT_EKF
yS]H}R
cPU\dEN
GKK !1:g
qpIEm\G
cesst00
^6E]RUB~V![XG
+H_,f{onwabpHDvmeb|b
]FbMR|KM
	qCDEAUBGpo!
$2KBF^BGdaYP
0 Z\N<'&1g^Y
QxMfG]LG
DTS]CV
c\W`DPCOgY\BKqA`
ww}|w~gjINRaGF.
1*06Q_
CYRG^m.'
oE[CEKI
cSVw@R@
|sgu}*&/$?&>5&%kbgu^K
,%1$2PI~oEA
^T_GCm&MP^G
]RYCQF
VIOpIE
~KTzQM
^eDFGPKUm|\RD^K_QZhn^LHMFEhsW^P-
~|M]\WQG_~#
gCPDTw\]S
d{qtrq
Dd!		]sUVUHU
;[XG!1
{_ZDQqHu/&
tqxuect
!(pWQU
bmstkad
\vK@Ge[\
+][\|SArZZ(
vpp|dcp
jzsmonca	)3=
]EgM@gG
9uEL7:40
&P^GLXt
\YSYUB9}Z\N
@hxmTrHMUBeZfDXLU
xT]E|S
m\G_~QAgTuDEN6&:016>
QTvY\T
digu}+
;> cjo-cub
HqY@%+
BXCmuddF]GBesDCGTXEnUE]]VY~|M]_WYG_~
W_]]CN]FRZ
fD]DGjK$
N\o6{&; q
771`UV#2
XIaC@WTxU]G
C^V|PZM
!(D[\TJIBEP\
gEGFRqK@G
M{P:!&n{ae
cUCUVAIFDdfGAIBMU\
aCQDRh[[R
qjINRaGF#
emaNOqa
dKUQQV
!(QKCE\]
}YP\|^L@VE[m
6N\oUVRN\
cdrvteb
xU]@.G
tMNDPzYOI
.M@M1PhkVWvXUUf
ed{sr}a
FpG@R!
~",7,/
QZApIE5
aspgmfH7E>hpu*ysogbxd&
!(NBfPUET
QNIgIB
xTU@|T
W_XUQUQ<
VIdXYQo
!0$*6'![
H{;m~OW0>,,
BLUZ=:
]FgY\BKxPUG
uYZDr^G<
DT_YDZ@N
pTQ{@GBi-
G+0aogbf
ZBUWYCE
@RqY@#.
DU]lsDB
AyERFY^WC
dG]FyU
IZ-G@R|P
^GV\GLPU
%[zC? &
eFGSEmIAT
pG@R|S
dG]Ey]
GKKBAFA
"7'GBi6,
azqGRz\I
fHEE]]kmGEEGBVrYZDPCN
G_~}TZUCBq
NxogJg
bdvrsbk
IZ	RzC]@QvCAG_[0
/XGUaD\BHgT]CT}H`
qcenddq
lMO7HY
#qDC!0
-#<q/&
ZDfC@W-+
_Y]TFHEE]]
tEGMVTp]\G{
4X[.%x=<<5
$;QMP#6aog7$fIQK^G
wu~ucy }~g-4v
W}oPzYU]U_
jINA{Q
GTGjINAxQ
GTGDENTFMKVIOPIE$
2gTuqya
DPW>Y\U~Q\UN
/fR|UF
Y]T{P[T
nTBAGM^jX_E_~f
CPV_BLBN
jGKsDSFItMN=
G+0aogbf
MbGD;BQG\Y_
^@wP\T
rQBTICMmZ[WQp
XGTGF[fTF]JGHc
YL>gbg
vpxyddt
xU]A,G
qY@zPM
jerrpbe
+WA@TG{^`UV
G@IgX\DTpIa
cdrvteb
mb}vfcu!9
G_K4$-
70nab=qt
]AcPZD]~VCS
`^MFEQyL|N)
QG^RD[_VT[
qdvw}q
/ 1.MC~NCE
UF%G_K
}+6'!pDI}`up}
jTZD}G
PTR]KV^[DEN7
ws;ucc
TFuPB_C]TvMQRDQ
vszupea
7)1	ERE? lipxvkopev7GjcQFBH
cPVyA]^|KOt@u
puynyp
WX^G_[
@gG:_["
blsrtfb
N\d!		>,
~a|d}~_P
&&zly,u
]EgW]MUyO[T
eQb^[BVOW<GazoW
_RZM^[
mduwuq
_XgTG."	
Fq]GXMCcXM[g
WTq[B]TVVEM_bM@G
WYdJMXG
bUSsxoPKfPUETtMf
vvgzdjg
JgG1HR@5U
Y[#GZG 6	
!(qgsr|cb
GxG@R#+[
PcDsL@]QxM4
^GEEQY
/NG^UE\vX]Pf
cbmuwkq
N\d!		>,
KBKDdfGAIBMU\
aCQDRh[[R
qjINRaGF#
-*/%KXGk
y}tao{aust}acr~}~g
MWACYPI~+
&16:<LprM@K
QxMcPU\
W]XUQtyVW]
rCPPBT~Y[Ka
wruqcq
YD~K@G(
^G0N9.mbd
K@GF[f6&*1 7
ws'buqt
W~D\WTD~^rNZWKcM{PXBQ
|Q\R@o
QGZWK[_VT[
IZ6woatfg
bUQUwYNI
Bl&8!&7
5`UVG_v
_{D[S]BxHpACG_v^dQQF
~TXD}G#oZW
^Y[KEKKVIO
yGTGqyarpgk
\UCICET]
m{q~_[
'Bi5,: 
wunfqqf/
vK@G /
RFpQCK
oFsSR\CB
}b~mi`}ch
xT]E|S
IZ2PEVTs]TG
P62*01!*
VrHEQQxM?9
v}tmksw_Xg|dnlctc
]HcBL}WA
q^P@GC^G
~{K_Q[OQpa
Qpg+%/,76!
XzEONG:*
BGjcQFBH
cPVgD]BNxW^MGiZf
GTGJgGH
VY\TBMQXG
00(1<#kBKaMA
@|MZ@IP~PvIVIQ
WP\TBLBBTU
u@]CXGw_XUu
lMO7H_'|5/*ljk
_[T9SSUCC
[wgbg<
F>Y3 =
jIN8(	^(
]Q_k*cK\TQBmJ`
Y[e[ZAyQ
]IqUUGTEB
SXyN@M
*UQTvX\U
7<'GOV
C\ZUEaTzNVIQeYfUCH
vS]DyU
WQ\R]OALGA
fUCHd!		RaG}0;&g
fCYVId
<'6QxMpIC
_xDURR\}^u[XGBb[gPEV-HRF|Q
W_]]CN]BWU
fD]DGjK$
N\o6{&; q
<'6QxMu^K
C\ZUEaTzNVIQeYfUCH
vS]DyU
WQ\R]OALGA
fUCHd!		RaG}0;&g
fCYVId
<'6QxMpIC
_xDURR\}^u[XGBb[gPEV-HRF|Q
W_]]CN]BWU
fD]DGjK$
N\o6{&; q
<'6QxMu^K
C\ZUEaTzNVIQeYfUCH
vS]DyU
WQ\R]OALGA
fUCHd!		RaG}0;&g
fCYVId
<'6QxMpIC
_xDURR\}^u[XGBb[gPEV-HRF|Q
W_]]CN]BWU
fD]DGjK$
N\o6{&; q
<'6QxMu^K
C\ZUEaTzNVIQeYfUCH
vW[FuR
WQ\R]OALGA
fUCHd!		RaG}0;&g
fCYVId
<'6QxMpIC
_xDURR\}^u[XGBb[gPEV-HRBzS
W_]]CN]BWU
fD]DGjK$
N\o6{&; q
fYBEDUNmN
iB^RPBEx|
BLqHGjK$
kQQTvK@GF[q:/&n{ef
Y_^dIAT
Z^~E]SUB
|UN\o-K	
dEN6woa
jIN8(	^(
VIOpIC34
dEN6woa
|UN\o-K	
dEN6woa
	#K@Gqya
jIN8(	^(
VIOu^K#
	#K@Gqya
NIuqya
jINA{Q
GTGjINAxQ
GTGDENTFMKVIODEN(
Q_uqya
DY^WvX]UlMO
]I~TFsXZTvQZK
pADU__MpN'
VX]PBOBLUZ
oPEVTp]\G
UCICDT\
\Aw\]S
~OWR][_~@M/
QC|G_K
^_aqubj
*Dn[EPGlM~G
A[ANELRO/&
`UP]vX]P
ketmwkd
XdEN-HR@5U
Y[t_TG/&
aerzubb
G^mWwMLG_v	>
oCFUwP\Tf
bmstkak
.]N\o	^#
	GbC\P
~1 "!<. (
QXG:A[(-#
G+0aog7$fIQK^G
Fwu~ubxrkpic*lxg@WB~_rHEPBb^oB^ZS
qU]AxT
RYNIQ1
GMVTs]TG{
JK?00:6'6O
/BYDUvX
FQ_$\_WCl
ywx}pDI}`up}
jTZD}G
DXYQK[_V
waog?#dENU6Q]U
r_lacl*9
eSDR^^YmT_P]n
GTGjIN
GHcRVQKQ
!," !00+7(ch
bdvrsbk
N\gI_GDKBE
~rzz~kk
VION\l&
]FwQ\R`STR
jcylhm
pjTYDuG
ces{uq^(
BFtQNIlP[Q
FEVXZZYNp
M^GfIT
ko}pic,fh|KQU
SUeMrYZDPCN
ZbUQTvY\U
055G^qKVGExY
^@mYV,;
_qV:IEWD1
P}CL`xlDWBbPJT
]FvIVIQ
]AHADEN	
qXIawcb
@Rw_XUlMO-HR3w9y,6!m{qmFMKVIOU[0-
CGTGa^G
2FmA0000hm
gbgb1sobuquG5(
Y]T{P[T
nn~lhmfehC[_V-
fIQXGQ\cOA
HM8' 7$`yv
!Gl~GtY]\g
bcr{ud}
76K^GFmA
D]"hpu*ysobup!
VGxVs^_ACY]{_SK
VY\UQUQ
cessuq
DrEVVTC
WYDKKL
FL]eil)"
5: ) 4P
Dj{~=bysogbydg/
VIOtEP7
ztm{q/	<
_Wqv-	
TGqdpG
WTq[BYQYVEM_bM@G
WYdJMXG
fGlnd[\T
b`rutkc
ZxU\@}TJ]ZI
BlDXV]PcD$
dQCiLK^U
bdvrsbk
xU\@|W
GTGLbW\WQJmJ`
cQUTddfG
jerrpbe
+WA@TG{^`UV
ZxKFUwP\T
ed{sr}e
[zMONG
LZpXXQ
/Ywqstjc
mJ`HAQKvCp
HMMQyoO
kUPUsXZT
geaNOqa
VIQeZf]CH
X]Nhy[ADTT
bC_E]v^BS
wruqcq
jG@R%#G	
edwwuq^(
BCv^NIlP[Q
GHM792
EoIL&	
1*4!CAQ~
 3-nadtup
^-Mg|ucpsnfgxbt
t:'76$?
N@MAiZJjK?0n}u+c
^~EONG
QwOZWvXUU
}TZAuU
NAwPTPIQ;HR@5U
A[ELFGSO
,3&hmcZ
X\(B_DUSE
^~E]RUFmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eBKXGCpC\VQBmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eBKXGCpC\VQBmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eBKXGCpC\VQBmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eBKXGCpC\VQBmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eBKXGCpC\VQBmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eBKXGCpC\VQBmkH[FUBm_cTTU
yS]H}R
cPU\dEN
K@G ,07 >q
+essucbD
_qV:IDUCd^cQCH
PxDYVUPBl`KDTJd^fGXBT
yP]F|]
{PXAQ~K@GDEN6&:016>
+essucbG
_qV:IDUCd^eJKXGCpC\VQBmkH[FUBm_cTTU
pU[^~U
QUQ'0.aiq
PEVGjK
#K@G~ks;ucc
VrIDTB`M~G
*XSTTF{V`t~GAd^nBXEP
xRBC}R
QXG>woa
!:VIdK@GJjK?0n}u+c
VrHEQQxM9<
HLyWvMDG~^MeBXMU
fV\GoI
}QTRaGH
QUQEPY
VIOqya
7:'GjKNI
Dd:9&n{c+
~K@GCpE
VsH@G_v
HLyWvMDG~^MeBXMU
fV\GoI
}QTRaGH
QUQEPY
&)6'GjKNIuJjK?0n}u+c
DJ_^ZU\~#mKFYVW_CT
dG]Ey]
K@GBLGLGA
:?G{KVDr
cesr#kq
kAxiI]_mXTUXAXY_Y\k
Q[LKKL^DQ
GTGjIN
NIlPXQ
VEE=:1&g^Y
QxMfG]LG
T^Z]D[~~'
LH"CreateFileW","SUCCESS","0x00000114","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190115161807.317","1640","HelpMe.exe","1548","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190115161807	
WCT,"HelpMe.exe","1548","fihesystem#,"CreateFileW","SUCFESS
^PpFitgNagg->
3dm32\
P"dcDdsiredUck
4r(?GE
u11901
!hresy
cl"lpFileNa
,2?$/ 
TIP<<BPU[Bo
nP^AGUP!(;
OAC_Q	yWXM4
Q$"VCp&;m&=6^(nK^
0000012c","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190115161807.317","1640","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x01084000","th32ProcessID->1640","szExeFile->HelpMe.exe","lpAddress->0
#flAll
DoH^{pe->0x0000
7.3/7","
40","HeOp
59"+"{ilesystem
wNld","HU
CJSS"4
~6/440
80115q
$b,"1548","
VCp&;m&=6^(_JG@N4wT#
HP=rCXU\\m
h	rPb}QWB<3CYTY]j
dsXC^PYF
cDB[bWB
	GTGR@@]
adFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190115161807.317","1640","HelpMe.exe","1548","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20190115161807.317","1640","HelpMe.exe","1548","f]
os8& *?wb
+'dFile","SA
LH#%1Y'
^nNum_a
"2(390;3516180w
0","He(eM
^15 8#,"filqs	
eh#,"w
tuFhl&","
uo@%ro
i{e->6
%.dxe","15
hgREL5EPVqG\K
sx-ctc^(BGV
;Y2_/>
N0~?:RX\]
jRPQYIVn^R
@PB9:REL/E]BzK
EQ:I(5
w4STJI[ZT@Q=(
meCYVJQZjREV~aKRD[CMJV
$6VMPE
y]LY~6
9>VMP&
. }1CX
BTDzHsOAKBbZ|TWQ
rKcn"20190115161807.317","1640","HelpMe.exe","1548","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20190115161807.317","1640","HelpMe.exe","1548","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesTo
kd	l|zm
as#hCF0
d05.33
,"HelpMe.exf","15h9
kes/ste
Wz"",2P
ile->0Ol000l1zkC,
esToWri<m-?6144
n[Me.]xe"@
c.NumberOfB
d->7;650"
 2119011516180uG]U7","1640","HelpMe.exe","1548","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20190115161807.317","1640","HelpMe.exe","1548","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
;1B^DUHVTZ
FGF,"1640",
^,"WrTp
Xile5<0x:200012c
fBytek
"201-0e
130803
1'"-"r640
5My.ex
eq","2G!d
$!d,>61440"
VIOtEP#
$&HL}Vr[XG
yQX@oh$GJU
]AtURC]CD
cwoa#?
PCVGOVExY
^zD\SSC{WtWEUDvCpWQT
STGoh$GJU
BRIZBCPU
fUEcR-
4 V$ZI
jcxyajg
,"1}yq
aog?#qY@iI[Ex:
Ulr_B]S
PBl`KDTJd[fCXBT
yTYA{T
][iZ2[_V#,k`w
*CHnKNP	9
c`}}9t
0nbiC^UB
zU\RaGf
^QYM^[PIE?
qdmk|-bt
76<&&!
cjncgup
UNc]KT
D@c^\_AMV!
\q\\_SuL
!(qgsr|cb
>,jHFW
GBgTG4
3PIQ x}s=cc
TFb]XI
}gu}*#
- 0. 7!& 
[\GANc
`C^WG_Q%4{_^EUlMO
]EpRUJUD]
vUR7H_T>Y\U
ceaog5?r^MVIA
W~A\STD~RsOZTCcM~GST
|Q\R@o
ZK^^E[
`]BVYC$$
wrvqkq
0U\@}U
d_gBYDU
PCcKwo
WZpT\XMRE^MBvHFQ
ZxU\@|U
JNaG[LGOVKW\
CICDU]
_oCVvXUU
bcrwte}
]zAONG
HwYr[ZDPbf
blsrtfb
[uRTEAT
xU\@~Q
UeMrZZLPCN%
gBQVId
,LnW53&1hmcZ
rEVVUCa
WrIVIQ8
_yDLrBHUTEqEXT
xU\A}U
IZ	Rn[EPGjGXW
mZG!9"3567
_zD[LTCxDn[FUCvCp-
UPG_R]
wTAKOGxYw_LXP'	N\o6{&; q
gBZ@GjK
kCa<;71*?
\@x\!WJD
vOGTKvCu
'XXPTFgYXh'
[^|DC`YDWSF
ZxU]B+
BmDAvMDJG
bTQTdEN	Rn['00
 '&PBGF
\A}FG^N
rIDUCd_bGln
dG]CyQ
PCNu^K'0
UCgVgBYLG
]B{VzWklG@
_~LnWWPQBqEX-HR@5U
VrK@GLcW'
6%#6!qEXG
^FwThxNS@A\T
yTZAyT
fA]@GjK
TEA6woa
6%KOGkCa
ZcessubaA
Cd_gBYGQ
ROkbIM\DCV\r^QT
qEX!HRU
UvY\Uf
&'`YDDIPANv
]IrHEPBdTLEE@VV
NMRAPP
ZBUWYCDBI
!(pWW~IUZzTHsIc
wp~nypw
-3 {sn~pux}ac'-?'&G
< 1* <DX~aco[
\G~Ap]YV^M]u[TG
]E}V`YD
dVVwRIL%,
(3)xluZ
:%')-`
JA_DqY@%*
_C_VDms
G~XGFECWUU
]F{FG^N)
!(PWWXJDFH
cQVy^T_|GUgJg
0#51'%li
1!(1 qsY
B_C_VDo{ni
i}k]s^WDC^YrYU]
\EUuHf
'1`YDDIPEuU
5Y^Y]E\vBGIo	
G\B]PEASU
xTU@yT
@UWK_V:
G^[gRXAGiZ3GZK%$k`w
 TEAGeM+$
cesrtgq
^Y]E]vAQGaG	',
\Ap^sDSWSC
BICVION\m9
a3 pqq
UBcYXI
R@>Y\U~Q\U
)VxxLWT
[RcTTDXQR\G,HR@5U
KUSXBEDH
|TVxRILyUIgTujIN#
WXXG_[
c__DUMP	,
dkCNmecmJIBEP\
rqvg~k1:5,20Pt(
bT^aATCH`PXDSkIf
qjINRaGF.
	iL27/&!q^(
vCpTTP
K[~~G_
|[PU}_SFPDWp
TM7)/amv
\!-8GKcNWg
wp|}cc}
N\dXZQ~CAGe[/J
2g+<*u
~BLGLGA
IZ7GKm
3cOA6&0n{
lipy;obuqt
}AEas|ntqwyx
Z^bDUiI[
]T\ZCO
aGAFBC@c]Z[SgT
,*f[KuHu
IL-86ta|7sq|o}qsxkbgF[q
6X\}PL
S]fCWDRMG
AREEQFBI
gwoa(6>M^[
fYBDDTXc@N
c`}}9sxp
xW)_Q0
>%_[ns\C_Q
	guod[\T
yTYA{T
N\cURFUQ_
QCkKVG_[U\DV^[D@c>	
+essubc
ZV\`B_ESWV
x{um}AEas|ntqwyx
Z^bAUiI[
QCDEow{o
oE[CEKI
cSVw@R@xWNgTu
bU_wRIL'
,%1$2PI~}
SB_C_WB?uEL
q}=97<18
&3?6"/
!+(GaC
c^_DCPCTj|]RDAB[QVpa}}
!(jW\AtU
^GV_GDPU
tMNDPq@u
P#& ?! <
f[I=Hg
c4saiq?RzC\
DP/iHS}~
rx|k|pr~xzt
XGqY@yUI
K9;	C_QT@hwn
k6GjcQFBH
cPVyA]^|KJwOu
easaiq
j]EcR	
a<;71*?srMLU
ltUC[EX
!(JyUH
|zthi}{rwbnyvadk|u
WHF6MJVFRFQ~oN
c\W`DPCOgY\BKvJ`
ww}|w~gjINRaGF.
/C@W7+
 :"VXM=
&;1q^(
jyui}`m
$m-1+g
_DgWNi
^GdENTxU]G
FTVXEEFK
`QEcRW^{GUg02N\o6{&; q
@B^ZQQ_
$-( 'jel
c_VDOYPI~!
c@XAIQB
c\W{AT_}TMwIy
qyaqucq
89*::?<amn
 OCV	$;
:%722!GpoY
B_C_VD=wma
N}YVSBExTUCPBE
.GtOZe
carrteb
 .		`[f.=<}`mrrxkoma:,),QXP
a@C &&0
{yr{sn~uu|}ac
qY@zPM
.4KOP=
6176=VzGB
Y_^lgX
xz|ik}~rw}k
pmy}zg
C^Gm~]WPCQ
!(pWWb\DgPYDSt@q
abaogbe
lwrfO\G@CXV^
jINA{Q
GTGjINA~Q
GTGPIEXF@J[
ws;ucc
^J!.2=8/
l}YSB_C_VDl`G
/hF7)!77;
63 *Ahn~t_]]UCm}XRU]^k}{}`c`n
qUXA|T
IZ7GMFwZXQ
!0$*6'![
26aog=
WA@G^m
N}\C^ETwQ\T
uY]S\KWdVNYG
MGTGJgGH
|ii{-)(*28-4coj
M5!4"76
C_VDls-u
xztlnudjbr`gmbqip
W*.		`[}
UMPTiyQA^M
FCU!9$$
9~iZ#9,1 !
U@bP]DS
fqeh`dUBQEM&GazoW
AWPK_VCO
qya. ><PU
cDQBVYRVe9
bB^ZUGBxu
QVgJUvK@Ge[$
bUWsBGMV
ffuaiq5NmN\
SQDY_^6ARI
xyuioayp4)
&0!6&&
@cER{UI
^eDFGPKUm|\RD^K_QZoe^LHMFEhsW^P-
~iZAY[JG^~>
Wlfc^\^ZuL
edwqt}b
FVJ5PCAT@G}f
CSSYQXP
yGTGqya/5
7F^GQ_
OqEX	]hU\LSlMO
\@tCXCKR
cQVycLUCmSQ_TAESUWUk}GSEV
oTXAlr^M/
JWBGB[/&
`UVv@Q_zTOtLe
gaaogac
0U\@}U
ZCICDU\
/@vYAU~Q]U
PCE4$:?
4&05%1*
ySX@oI
CPSQQXP
6VId:9&
qqyas=cc
0<77'7	772-McVr]\XZYTBitNAT_EKA
aQUFjK
EEQ'':aiq
GKsWIP
vqx~6pi
Cd_bUQ
TR[kNGU
yTZAyW
rAQUVId
>QXP*woa
64m\G^3UIuHg
Admk %
,NIlCAGEu&Cqi
08?+(,pz
 N\o	^6
 -;=22
axxPW^EoUCB\^Xmh_[GP[RQpgIFX_PIPjhfR
R]NIQKCDGA
gwoa764K_VB
bUV-HGBi		
;GbC>0n}
_lT\\l
&&;  *
Mk~USBTe}XRG^E^^DkyZ\SM[QmuABPIL<3	
$5M@KR\QK~iZ
zBQPETpXXWf
gwoawcc
]Cr]NIl
DM7H%AYA9
#9,nyp!UhGQEP
wu~u0*asp)1
~KWC|@s^\EDBTJ
zTBAyQ
;)4& dENG{
Di6,n}u+c
0WNi		kW8
fbiBOBLUZ
FmARPGK
e7+";:7-+gmfphmmBU_rUMtIf
admrqgq
VX^WQUQ
	)Qu/&
tqxuect
[^vK^QXK_QrYNIl)
9/,lhmffhK[_V
!(JyUH
N\qGR{GU
BHWYCD_:
@U^{UIuLa_
/Lc{|dku
ii{nz{sc`}
+kGTGN\qDW
 11 ='tIPC
_^l`_]
|ZR^MQcUPZG:V^R@o
EKTZDV^[
qdvw}q
Fc_VDGP
AAKbd~b_]PSXTFmsIH\X\VA
yTZAyW
~GV|DQLgG
>QXP?cen
7"sYGPUt	'
vqy}47g
@B_ScU
BG^zTFtlfWW~PTU
_LUE@VG~ACL
qUXA|T
m\G_xQMgTuPIE/2=>,pi
vqx-0pi
@RqY@#.
)=5$>l
cNBk|u
]AfDTz]I
`|qv{ccsh}KOP'
M[QmvAJPIL
33):0CXK_
ClxU\A.
BAeA@gGK
CTRXEEJI
aREcRTX
$g)-7g
HY!81+&nca
WNi6,n}
<5V[CPI~%"
DlgY^U
JKhy~wHAU_CTG
~QN\oW
dG]Ey]
GKKBGFM
2GUg*2EcR#/
$ 030!v`
!(NBcD[{TH
e^^D@OAVkoEACYG_DX~
P^G_Ab]P_K
q}}dcs
qY@zVM
]QsxoPKfPUETtMf
JgG1HR@5U
tqxueft
N\o	^6
x[AMN!
!(pWW~IU_zPHsIy
ur~nypt
 .		`[f.=<}`mrtxgoma:,),QXP
gpo/";#&=#VpuKBF
U^DfUC
bility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->NoControlPanel"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->NoSetFolders"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExA","SUCCESS","0x000000a6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a6","lpValueName->(null)"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->SystemSetupInProgress"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->seed"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->OsLoaderPath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->OsLoaderPath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->SystemPartition"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->SystemPartition"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->SourcePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->SourcePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->ServicePackSourcePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->ServicePackSourcePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->ServicePackCachePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->ServicePackCachePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->DriverCachePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->DriverCachePath"
"20190411161421.164","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c0","lpValueName->DevicePath"
"20190411161421.174","200","HelpMe.exe","1344","synchronization","CreateMutexW","SUCCESS","0x000000bc","lpName->(null)"
"20190411161421.174","200","HelpMe.exe","1344","synchronization","CreateMutexW","SUCCESS","0x000000c8","lpName->(null)"
"20190411161421.174","200","HelpMe.exe","1344","synchronization","CreateMutexW","SUCCESS","0x000000d0","lpName->(null)"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->LogLevel"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->LogLevel"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d4","lpValueName->LogPath"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000d4","lpSubKey->AppLogLevels"
"20190411161421.174","200","HelpMe.exe","1344","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegOpenKeyExA","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20190411161421.174","200","HelpMe.exe","1344","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190411161421.174","200","HelpMe.exe","1344","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190411161421.174","200","HelpMe.exe","1344","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190411161421.204","200","HelpMe.exe","1344","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
200.csv
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
desktop.ini
<?xml version="1.0" encoding="utf-8"?>
<!--_SIG=YJkM9Bd8oY1BBG2OInCRi6YILQfcNhqTRs0lIFEfR8Q2VK/d8knukavVXYBEVLobnAQXnSlg+vv7vgy67US9dVYtCM+wN3pLzWPouynhZJvQ5DbEqV4vDbGFevmeyCHx8zAQUw3K4lpDQmbAwTOMuQBKxOfy4vt8KPrmAS/CKzg=-->
<Package Id="PublisherMUI.en-us" Type="MSI" Path="PublisherMUI.MSI" Version="1.0" ProductCode="{90140000-0019-0409-0000-0000000FF1CE}" MSIVersion="14.0.4763.1000" Platform="x86">
	<Feature Id="Gimme_OnDemandData" Cost="0">
		<OptionRef Id="Gimme_OnDemandData"/>
	</Feature>
	<Feature Id="PubPrimaryIntl_1033" Cost="7338088">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="PubPaperDirectLetterIntl_1033" Cost="1264160">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="PubPaperDirectA4Intl_1033" Cost="1257590">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="PublisherFontSchemesIntl_1033" Cost="6953277">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="MsoInstalledPackagesScopedIntl_1033" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="PubCoreWizardFilesIntl_1033" Cost="843464">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="PublisherHelpFilesIntl_1033" Cost="6639440">
		<OptionRef Id="PublisherHelpFiles"/>
	</Feature>
	<Feature Id="SetupControllerFiles" Cost="468">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="SetupXmlFiles" Cost="468">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
</Package>
PublisherMUI.xml
"20190426024137.908","1996","HelpMe.exe","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190426024137.908","1996","HelpMe.exe","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190426024137.908","1996","HelpMe.exe","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190426024137.908","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190426024137.908","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190426024137.908","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x01310000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190426024137.908","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190426024137.908","1996","HelpMe.exe","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20190426024137.908","1996","HelpMe.exe","600","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190426024137.908","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190426024137.908","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x00990000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190426024137.918","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190426024137.918","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20190426024137.918","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20190426024137.918","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20190426024137.918","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190426024142.915","1996","HelpMe.exe","600","process","CreateRemoteThread","SUCCESS","0x0000009c","lpStartAddress->0x00404008","th32ProcessID->1996","szExeFile->HelpMe.exe"
"20190426024142.915","1996","HelpMe.exe","600","process","CreateRemoteThread","SUCCESS","0x000000a0","lpStartAddress->0x00404008","th32ProcessID->1996","szExeFile->HelpMe.exe"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x000000a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000a8","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x000000ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000ac","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x000000b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->Startup"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x000000b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190426024142.925","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoNetHood"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoPropertiesMyComputer"
"20190426024142.925","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190426024142.925","1996","HelpMe.exe","600","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->C:\WINDOWS\system32\HelpMe.exe","lpNewFileName->C:\AutoRun.exe"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoInternetIcon"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HelpMe.exe"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoCommonGroups"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoControlPanel"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoSetFolders"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegOpenKeyExA","SUCCESS","0x000000a2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190426024142.925","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a2","lpValueName->(null)"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemSetupInProgress"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->seed"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DevicePath"
"20190426024142.955","1996","HelpMe.exe","600","synchronization","CreateMutexW","SUCCESS","0x000000b8","lpName->(null)"
"20190426024142.955","1996","HelpMe.exe","600","synchronization","CreateMutexW","SUCCESS","0x000000c4","lpName->(null)"
"20190426024142.955","1996","HelpMe.exe","600","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->LogPath"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000d0","lpSubKey->AppLogLevels"
"20190426024142.955","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExA","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20190426024142.955","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190426024142.955","1996","HelpMe.exe","600","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190426024142.955","1996","HelpMe.exe","600","filesystem","CreateFileW","FAILURE","","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190426024142.955","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190426024142.975","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190426024142.985","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190426024142.985","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190426024142.985","1996","HelpMe.exe","600","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157568","nInBufferSize->0x00000046","lpOutBuffer->0x00157658","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190426024143.015","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157568","nInBufferSize->0x00000046","lpOutBuffer->0x00146030","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Data"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Generation"
"20190426024143.015","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190426024143.015","1996","HelpMe.exe","600","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d38","nInBufferSize->0x00000208","lpOutBuffer->0x001575f8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190426024143.015","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d38","nInBufferSize->0x00000208","lpOutBuffer->0x00157608","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190426024143.015","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190426024143.015","1996","HelpMe.exe","600","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d38","nInBufferSize->0x00000208","lpOutBuffer->0x001575f8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190426024143.015","1996","HelpMe.exe","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d38","nInBufferSize->0x00000208","lpOutBuffer->0x00158f48","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Generation"
"20190426024143.015","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190426024143.015","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->CurVer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fa","hKey->0x000000fe","lpSubKey->(null)"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->DontShowSuperHidden"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->(null)"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ForceActiveDesktopOn"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoActiveDesktop"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoWebView"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ClassicShell"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoNetCrawling"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoSimpleStartMenu"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->Advanced"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->Hidden"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowCompColor"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->HideFileExt"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->DontPrettyPath"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowInfoTip"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->HideIcons"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->MapNetDrvBtn"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->WebView"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->Filter"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowSuperHidden"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->NoNetCrawling"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fa","lpSubKey->ShellEx\IconHandler"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->DocObject"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->BrowseInPlace"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fa","lpSubKey->Clsid"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000106","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000106","lpSubKey->Clsid"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->IsShortcut"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fa","lpValueName->AlwaysShowExt"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->NeverShowExt"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.015","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->UseDesktopIniCache"
"20190426024143.045","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000104","lpValueName->Com+Enabled"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190426024143.045","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000104","lpValueName->Com+Enabled"
"20190426024143.045","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000010c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000174","lpValueName->REGDBVersion"
"20190426024143.045","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x00000174","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190426024143.045","1996","HelpMe.exe","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000174","nNumberOfBytesToRead->22512"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000174","lpValueName->REGDBVersion"
"20190426024143.045","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x00a10000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190426024143.045","1996","HelpMe.exe","600","memory","VirtualAllocEx","SUCCESS","0x00a10000","th32ProcessID->1996","szExeFile->HelpMe.exe","lpAddress->0x00a10000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000176","hKey->0x000000fa","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->TreatAs"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000182","hKey->0x000000fa","lpSubKey->(null)"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000176","hKey->0x00000182","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000186","hKey->0x00000176","lpSubKey->InprocServer32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000186","lpValueName->InprocServer32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->InprocServerX86"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->LocalServer32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000186","hKey->0x00000176","lpSubKey->InprocServer32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000186","lpValueName->(null)"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->InprocHandler32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->InprocHandlerX86"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->LocalServer32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->LocalServer"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000186","hKey->0x00000182","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000186","lpValueName->AppID"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000176","hKey->0x00000182","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000176","hKey->0x00000182","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000186","hKey->0x00000176","lpSubKey->InprocServer32"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000186","lpValueName->ThreadingModel"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000176","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000176","lpSubKey->TreatAs"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->0x00000184","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Generation"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000018a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000186","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000186","lpValueName->DriveMask"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000188","lpValueName->AllowFileCLSIDJunctions"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Personal"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->0x00000188","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.045","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Generation"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Common Documents"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->0x00000184","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Generation"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Desktop"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->0x00000188","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Generation"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Common Desktop"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegCreateKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->0x00000184","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000188","lpValueName->Generation"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->0x000000fc","lpSubKey->FileExts"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000188","lpSubKey->.exe"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000188","lpSubKey->.exe"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000186","hKey->HKEY_CLASSES_ROOT","lpSubKey->.exe"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000186","lpValueName->(null)"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000018e","hKey->HKEY_CLASSES_ROOT","lpSubKey->exefile"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000018e","lpSubKey->CurVer"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000192","hKey->0x0000018e","lpSubKey->(null)"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000192","lpSubKey->ShellEx\IconHandler"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\.exe"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\application"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000192","lpValueName->DocObject"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000192","lpValueName->BrowseInPlace"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000192","lpSubKey->Clsid"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000018e","hKey->HKEY_CLASSES_ROOT","lpSubKey->*"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000018e","lpSubKey->Clsid"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000192","lpValueName->IsShortcut"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000192","lpValueName->AlwaysShowExt"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000192","lpValueName->NeverShowExt"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000192","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000192","lpValueName->(null)"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000190","lpValueName->UserEnvDebugLevel"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000190","lpValueName->ChkAccDebugLevel"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000190","lpValueName->ProductType"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->0x0000018c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Personal"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000184","lpValueName->Local Settings"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000018c","lpValueName->RsopDebugLevel"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000018c","lpValueName->UserEnvDebugLevel"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000018c","lpValueName->RsopLogging"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000018c","lpValueName->UserEnvDebugLevel"
"20190426024143.066","1996","HelpMe.exe","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190426024143.076","1996","HelpMe.exe","600","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190426024143.076","1996","HelpMe.exe","600","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190426024143.076","1996","HelpMe.exe","600","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190426024143.076","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x00000194","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190426024143.076","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190426024143.076","1996","HelpMe.exe","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000194","lpValueName->ProductType"
"20190426024143.076","1996","HelpMe.exe","600","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190426024143.076","1996","HelpMe.exe","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000194","lpValueName->SrvsvcDefaultShareInfo"
"20190426024143.076","1996","HelpMe.exe","600","filesystem","CreateFileW","SUCCESS","0x0000018c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
1996.csv
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
desktop.ini
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
wordpfct.wpd