Sample details: bf28e1035e8946bcbb1be8b6e7471f59 --

Hashes
MD5: bf28e1035e8946bcbb1be8b6e7471f59
SHA1: 0cfef80b8f59377f49d4e61b1f280c03e847ca50
SHA256: c59dd93d22e72d47adefa9222a6b86378016c192bf103e062b33e3e411e38290
SSDEEP: 12288:Zp4pNfz3ymJnJ8QCFkxCaQTOl2BU8664SDyo1tjj:TEtl9mRda1cSYDyo1tjj
Details
File Type: PE32
Added: 2019-09-11 05:39:16
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/SEH__vba | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/suspicious_packer_section |
Strings
		This program must be run under Win32
[AspackDie!]
.idata
.rdata
.reloc
.aspack
.adata
Boolean
Integer
Cardinal
String
WideString
TObject
TObject
System
IInterface
System
TInterfacedObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
	TFileName
TSearchRecX
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide,x@
	EOverflow
EUnderflow
EInvalidPointer8y@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorp
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError8
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
tagEXCEPINFO 
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError8OA
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResourceshRA
EInvalidOperation
TThreadList
TPersistent
TPersistent
Classes
TInterfacedPersistent
TInterfacedPersistent
Classes
IStringsAdapter$
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStreamlXA
THandleStream
TFileStreamXYA
TCustomMemoryStream
TMemoryStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread
TComponentName0^A
IDesignerNotify$
Classes
TComponent
TComponentX_A
Classes
TBasicActionLink
TBasicAction
TBasicAction8aA
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
_^[YY]
C ;C$s
TFileFormat
TFileFormatsList
QQQQSV
TClipboardFormats
_^[YY]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
s(;~ t8
C(_^[Y]
TPatternManagerSV
_^[YY]
TObjectList
TOrderedList
TStack
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IHelpSelector$
:	HelpIntfs
IHelpSystem$
:	HelpIntfs
ICustomHelpViewer$
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
ISpecialWinHelpViewer
:	HelpIntfs
IHelpManager$
:	HelpIntfs
EHelpSystemException
THelpViewerNode
THelpManager
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TSynchroObject
TCriticalSection
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
TCommonDialog
TCommonDialog
Dialogs
HelpContext
OnClose
OnShowSV
TMessageForm
TMessageForm
Dialogs
_^[YY]
%s%s%s%s%s%s%s%s%s%s
Cancel
Ignore
NoToAll
YesToAll
Message
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TImage
TImagex
ExtCtrls
Alignd>C
Anchors
AutoSize
Center
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
IncrementalDisplay
ParentShowHintP
Picture
	PopupMenu
Proportional
ShowHint
Stretch
Transparent
Visible
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUpp
OnProgress
OnStartDock
OnStartDrag
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerU
Delphi Picture
Delphi Component
EIniFileException
TCustomIniFile
TIniFile
_^[YY]
ERegistryException
	TRegistryS
MAPI32.DLL
TConversion
TConversionFormat
comctl32.dll
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
 !"#$%
TTextLayout
tlCenter
tlBottom
StdCtrls
TCustomLabel
TCustomLabelx
StdCtrls
TLabel
TLabel
StdCtrls'
AligndKA
	Alignmentd>C
Anchors
AutoSize
BiDiMode
Caption
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
FocusControlP
ParentBiDiMode
ParentColor
ParentFont
ParentShowHint
	PopupMenu
ShowAccelChar
ShowHint
Transparent
Layout
Visible
WordWrap
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseEnter
OnMouseLeave
OnStartDock
OnStartDragP
TCustomEdit
TCustomEditP
StdCtrls
TabStop
TScrollStyle
ssNone
ssHorizontal
ssVertical
ssBoth
StdCtrls
TCustomMemo
TCustomMemo\
StdCtrls
StdCtrls8
AligndKA
	Alignmentd>C
Anchors
BevelEdges
BevelInner
	BevelKind
BevelOuter
BiDiMode<
BorderStyle
Constraints
Ctl3D$7C
DragCursor
DragKind8=C
DragMode
EnabledP
HideSelection<LC
ImeMode
ImeNamePVA
Lines<
	MaxLength
OEMConvert
ParentBiDiMode
ParentColor
ParentCtl3D
ParentFont
ParentShowHint
	PopupMenu
ReadOnly
ScrollBars
ShowHint
TabOrder
TabStop
Visible
WantReturns
WantTabs
WordWrap
OnChange
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDrag
TButtonActionLink
TButtonControl
TButtonControl
StdCtrls
TButton
TButton|
StdCtrls&
Actiond>C
Anchors
BiDiMode
Cancel
Caption
Constraints
Default$7C
DragCursor
DragKind8=C
DragMode
EnabledP
ModalResult
ParentBiDiMode
ParentFont
ParentShowHint
	PopupMenu
ShowHint
TabOrder
TabStop
Visible
WordWrap
OnClick
OnContextPopup
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDragL
TMemoStrings
TMemoStringsL
StdCtrls
GH+D$	
_^[YY]
_^[YY]
BUTTON
THintAction0)C
THintAction
StdActns
TWinHelpViewer
_^[YY]
_^[YY]
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
_^[YY]
MS_WINHELP
#32770
TModalResult
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObjecth:C
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls<=C
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
	TTabOrder
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints
Controls
	MaxHeightx>C
MaxWidthx>C
	MinHeightx>C
MinWidth
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TStartDragEvent
Sender
TObject	
DragObject
TDragObject
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls	
Width<
Height$7C
Cursor
HelpType
HelpKeyword
HelpContext
TWinControlActionLink
TImeMode
	imDisable
imClose
imOpen
imDontCare
imSAlpha
imAlpha
imHira
imSKata
imKata	imChinese
imSHanguel	imHanguel
Controls
TImeName
TBorderWidth
	TBevelCut
bvNone	bvLowered
bvRaised
bvSpace
Controls
TBevelEdge
beLeft
beRight
beBottom
Controls
TBevelEdges
TBevelKind
bkNone
bkTile
bkSoft
bkFlat
Controls
IDockManager$
Controls
TWinControl
TWinControl`NC
Controls
TGraphicControl
TGraphicControl<RC
Controls
TCustomControl
TCustomControl\SC
Controls
THintWindow
THintWindow
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
u$;~|u
tr;s@u
;CLtX3
_^[YY]
;s0t=;
IsControl
_^[YY]
_^[YY]
+WH+W@
:GauOFKu
DesignSize
_^[YY]
_^[YY]
_^[YY]
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
S8_^[]
t9;wlt4
FLVhp/D
t$;C8u
QQQQSVW
t#;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
TContainedAction
TContainedAction
ActnList
Category
TCustomActionList$DD
TCustomActionList
ActnList
TShortCutList
TShortCutList
ActnList
TCustomAction
TCustomAction
ActnList
TActionLinkSV
u*;~8u
R0Z_^[
;Blu	3
$:Cjt_
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0]_^[
$Z]_^[
TChangeLinkDUD
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
MenusTnD
TMenuAutoFlag
TMenuActionLink
	TMenuItem8pD
	TMenuItem
Action
	AutoCheck
AutoHotkeys
AutoLineReduction8
Bitmap
Caption
Checked
SubMenuImages
Default
EnabledT
GroupIndex
HelpContext
Hint@UD
ImageIndex
	RadioItem
ShortCut
Visible
OnClick
OnDrawItem mD
OnAdvancedDrawItem
OnMeasureItem
TMenu,tD
	TMainMenu
	TMainMenu
AutoHotkeysPnD
AutoLineReduction
	AutoMerge
BiDiMode
Images
	OwnerDraw
ParentBiDiMode\lD
OnChange
TPopupAlignment
paLeft
paRight
paCenter
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenu
	AlignmentPnD
AutoHotkeysPnD
AutoLineReduction
	AutoPopup
BiDiMode
HelpContext
Images0wD
MenuAnimation
	OwnerDraw
ParentBiDiMode
TrackButton\lD
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
_^[YY]
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
_^[YY]
Ih;J4u
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
TControlScrollBar
TControlScrollBar
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControlH
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms@
TBorderStyle
IDesignerHook,^A
Forms	
IOleForm$
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms 
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
Formst
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomForm
TCustomForml
TFormp
FormsU
Action
ActiveControl<7C
AlphaBlendT
AlphaBlendValued>C
Anchors
AutoScroll
AutoSize
BiDiModeh
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManager
DefaultMonitor
DockSite
DragKind8=C
DragMode
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
_^[YY]
S,_^[]
$Z]_^[
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
$Z]_^[
~D_^[Y]
Y_^[Y]
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
CURRENT_USER
ThreadTimerT
ThreadLoopFile
FormCreate
	tmr1Timer
	TFrm_Main
	TFrm_Main
Un_Main
SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon
Explorer.exe  HelpMe.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
\Soft.lnk
Stone,I hate you!
:\AutoRun.exe
:\AUTORUN.INF
AutoRun.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
HelpMe.exe
\HelpMe.exe
QQQQQQQSVW3
:\HelpMe.exe
:\AUTORUN.INF
HelpMe.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
Your disk is removed!
_^[YY]
\HelpMe.exe
\notepad.exe
Internet Explorer\iexplore.exe
Outlook Express\msimn.exe
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
MS Sans Serif
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
33DDDDD3333
33333333333
333333?
333333
333333
3333f3333333?
3336Dc3333338
333>fC333333
c333333
3333333333338
3333Dc3333333
3336fC3333338
333>fC333333
333>fd333333
fC33333
3333>fd333338
fC333?3
33fd3>fC333
fDFfC338
33>ffffc338
fff3333
3333333333338
4DF334DC33
333*C33
c33*C333
33338?383
F*F333383
"$c33333
"dc3333833
CjC338
CjC338
D*C33383
C33333833?33
3333333
3334JC33333338?333
C3333333
C3333333
3333fc33333338
333333333333?
33333?
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
333DDD33333?
2C4"""D338
2$B""""C38
2""333:"C8
2""#33:DC8
333338
333333333333333
333333DDD3
:DC33:""$8
:"C333
$334B"$3
"DDB""$3
3:"""""
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33333333
HelpMe
'KillandHide
(ShlObj
System
SysInit
KWindows
UTypes
sActiveX
3Messages
CommCtrl
*ShellAPI
RegStr
?WinInet
UrlMon
FComObj
qComConst
CVariants
SysConst
$VarUtils
SysUtils
Dialogs
ExtCtrls
Consts
5Themes
nComCtrls
Printers
WWinSpool
^Classes
"RTLConsts
QTypInfo
+Graphics
FlatSB
StdActns
Clipbrd
YStrUtils
&Controls
MultiMon
vMenus
Contnrs
ImgList
EActnList
dStdCtrls
WinHelpViewer
RHelpIntfs
ComStrs
ExtActns
ExtDlgs
3CommDlg
Buttons
8Registry
IniFiles
CUxTheme
SyncObjs
RichEdit
ToolWin
ListActns
AAccCtrl
AclAPI
TlHelp32
Un_Main
TPF0	TFrm_Main
Frm_Main
AlphaBlend	
AlphaBlendValue
BorderIcons
BorderStyle
bsNone
ClientHeight
ClientWidth
	clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
	Font.Name
MS Sans Serif
Font.Style
OldCreateOrder
Position
poScreenCenter
OnCreate
FormCreate
PixelsPerInch
TextHeight
Height
TabOrder
TTimer
Interval
OnTimer
	tmr1Timer
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
Microsoft at Work~.feed-ms
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 642 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/execv.al)"
sub execv {
    unimpl "execv() is C-specific, stopped";
# end of POSIX::execv
execv.al
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROAD<?xml version="1.0" encoding="utf-8"?>
<!--_SIG=X/QsV+hhuF8Bj/XNMHCJJ2DoYXD2+ln8Qz29Z7VQ+9Tuc1zQfIJLOVF49NlUuWZSVoEBFxiKIM6iUxI+0cDd9II/9oT8q11RvIbYCtKjJlhKgd1bQHQPHsLFjMLX0vlPMi/ryWplBXwdKQaPl16tYOkOm2krUhnoQG9ZNW/kqHw=-->
<Package Id="InfoPathMUI.en-us" Type="MSI" Path="InfoPathMUI.MSI" Version="1.0" ProductCode="{90120000-0044-0409-0000-0000000FF1CE}" MSIVersion="12.0.4518.1014" Platform="x86">
	<Feature Id="XDocsSolutionAbsenceRequestIntl_1033" Cost="25052">
		<OptionRef Id="XDocsSolutionAbsenceRequest"/>
	</Feature>
	<Feature Id="XDocsSolutionSalesReportIntl_1033" Cost="22059">
		<OptionRef Id="XDocsSolutionSalesReport"/>
	</Feature>
	<Feature Id="VSTAIDEFilesIntl_1033" Cost="65003981">
		<OptionRef Id="VSTAIDEFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionExpenseReportDomIntl_1033" Cost="23364">
		<OptionRef Id="XDocsSolutionExpenseReportDom"/>
	</Feature>
	<Feature Id="XDocsSolutionTimeCardDetailedIntl_1033" Cost="27932">
		<OptionRef Id="XDocsSolutionTimeCardDetailed"/>
	</Feature>
	<Feature Id="XDocsSolutionTravelRequestIntl_1033" Cost="24253">
		<OptionRef Id="XDocsSolutionTravelRequest"/>
	</Feature>
	<Feature Id="XDocsSolutionTravelItineraryIntl_1033" Cost="23813">
		<OptionRef Id="XDocsSolutionTravelItinerary"/>
	</Feature>
	<Feature Id="XDocsSolnInvoiceMultiTaxRatesIntl_1033" Cost="24238">
		<OptionRef Id="XDocsSolutionInvoiceMultiTaxRates"/>
	</Feature>
	<Feature Id="XDocsSolutionPurchaseOrderIntl_1033" Cost="26669">
		<OptionRef Id="XDocsSolutionPurchaseOrder"/>
	</Feature>
	<Feature Id="XDocsSolnInvoiceSingleTaxRateIntl_1033" Cost="24264">
		<OptionRef Id="XDocsSolutionInvoiceSingleTaxRate"/>
	</Feature>
	<Feature Id="XDocsSolnPerformanceReviewIntl_1033" Cost="27732">
		<OptionRef Id="XDocsSolutionPerformanceReview"/>
	</Feature>
	<Feature Id="XDOCSProgrammabilityFilesIntl_1033" Cost="267046">
		<OptionRef Id="XDocsProgrammabilityFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionInvoiceRequestIntl_1033" Cost="22814">
		<OptionRef Id="XDocsSolutionInvoiceRequest"/>
	</Feature>
	<Feature Id="XDocsSampleSolutionsIntl_1033" Cost="92820">
		<OptionRef Id="XDocsSolutionSamples"/>
	</Feature>
	<Feature Id="XDocsSolutionAssetTrackingIntl_1033" Cost="28187">
		<OptionRef Id="XDocsSolutionAssetTracking"/>
	</Feature>
	<Feature Id="XDocsSolutionExpenseReportIntl_1033" Cost="23381">
		<OptionRef Id="XDocsSolutionExpenseReport"/>
	</Feature>
	<Feature Id="SetupControllerFiles" Cost="9736">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocsSolnVendorInformationIntl_1033" Cost="27452">
		<OptionRef Id="XDocsSolutionVendorInformation"/>
	</Feature>
	<Feature Id="XDocsSolutionResumeIntl_1033" Cost="26022">
		<OptionRef Id="XDocsSolutionResume"/>
	</Feature>
	<Feature Id="XDOCSFilesIntl_1033" Cost="1326808">
		<OptionRef Id="XDOCSFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionServiceRequestIntl_1033" Cost="23539">
		<OptionRef Id="XDocsSolutionServiceRequest"/>
	</Feature>
	<Feature Id="Gimme_OnDemandData" Cost="0">
		<OptionRef Id="Gimme_OnDemandData"/>
	</Feature>
	<Feature Id="XDocsSolutionChangeOrderIntl_1033" Cost="26411">
		<OptionRef Id="XDocsSolutionChangeOrder"/>
	</Feature>
	<Feature Id="MsoInstalledPackagesScopedIntl_1033" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocsSolutionProjectPlanIntl_1033" Cost="33077">
		<OptionRef Id="XDocsSolutionProjectPlan"/>
	</Feature>
	<Feature Id="XDocsSolutionApplicantRatingIntl_1033" Cost="26579">
		<OptionRef Id="XDocsSolutionApplicantRating"/>
	</Feature>
	<Feature Id="XDocsSolutionIssueTrackingDtlIntl_1033" Cost="22144">
		<OptionRef Id="XDocsSolutionIssueTrackingDtl"/>
	</Feature>
	<Feature Id="XDocsSolutionMeetingAgendaIntl_1033" Cost="37798">
		<OptionRef Id="XDocsSolutionMeetingAgenda"/>
	</Feature>
	<Feature Id="SetupXmlFiles" Cost="9736">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocsSolnIssueTrackingSimpleIntl_1033" Cost="22171">
		<OptionRef Id="XDocsSolutionIssueTrackingSimple"/>
	</Feature>
	<Feature Id="XDocsSolutionPurchaseRequestIntl_1033" Cost="26316">
		<OptionRef Id="XDocsSolutionPurchaseRequest"/>
	</Feature>
	<Feature Id="XDOCSHelpFilesIntl_1033" Cost="6881922">
		<OptionRef Id="XDOCSHelpFiles"/>
	</Feature>
	<Feature Id="XDocsSolutionStatusReportIntl_1033" Cost="23592">
		<OptionRef Id="XDocsSolutionStatusReport"/>
	</Feature>
	<Feature Id="XDocsSolutionTimeCardSimpleIntl_1033" Cost="25731">
		<OptionRef Id="XDocsSolutionTimeCardSimple"/>
	</Feature>
</Package>
InfoPathMUI.xml
"20190815045704.590","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190815045704.590","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190815045704.590","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190815045704.590","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190815045704.590","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->53248"
"20190815045704.620","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->53248"
"20190815045704.670","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190815045704.670","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045704.680","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190815045704.680","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190815045704.680","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","process","CreateProcessInternalW","SUCCESS","612","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190815045704.680","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190815045704.680","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190815045704.680","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190815045704.690","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045704.700","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190815045704.700","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190815045704.700","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190815045704.700","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190815045704.700","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->612","szExeFile->HelpMe.exe"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->612","szExeFile->HelpMe.exe"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoNetHood"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoPropertiesMyComputer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoInternetIcon"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoCommonGroups"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoControlPanel"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoSetFolders"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ba","lpValueName->(null)"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->SystemSetupInProgress"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->seed"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->OsLoaderPath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->OsLoaderPath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->SystemPartition"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->SystemPartition"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->SourcePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->SourcePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->ServicePackSourcePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->ServicePackSourcePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->ServicePackCachePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->ServicePackCachePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->DriverCachePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->DriverCachePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->DevicePath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","synchronization","CreateMutexW","SUCCESS","0x000000d4","lpName->(null)"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","synchronization","CreateMutexW","SUCCESS","0x000000dc","lpName->(null)"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->LogLevel"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->LogLevel"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e8","lpValueName->LogPath"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e8","lpSubKey->AppLogLevels"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000000e8","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExA","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649\RpcThreadPoolThrottle"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.627","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000114","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000114","dwIoControlCode->0x006d0008","lpInBuffer->0x0049aac8","nInBufferSize->0x00000046","lpOutBuffer->0x00499038","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000114","dwIoControlCode->0x006d0008","lpInBuffer->0x0049aac8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->21505"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpNewFileName->C:\AutoRun.exe"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->0x00000114","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->Data"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->0x000000e8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000114","lpValueName->Generation"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000114","dwIoControlCode->0x006d0034","lpInBuffer->0x00498410","nInBufferSize->0x00000208","lpOutBuffer->0x00499e28","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000114","dwIoControlCode->0x006d0034","lpInBuffer->0x00498410","nInBufferSize->0x00000208","lpOutBuffer->0x00499e38","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000114","dwIoControlCode->0x006d0034","lpInBuffer->0x00498410","nInBufferSize->0x00000208","lpOutBuffer->0x00499e28","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000114","dwIoControlCode->0x006d0034","lpInBuffer->0x00498410","nInBufferSize->0x00000208","lpOutBuffer->0x0049bfd8","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x00000114","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000114","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->0x00000114","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->Generation"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000000ea","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000ea","lpSubKey->CurVer"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000116","hKey->0x000000ea","lpSubKey->(null)"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->268"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->268"
"20190815045709.637","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->DontShowSuperHidden"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000130","lpSubKey->(null)"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShellState"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShellState"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->ForceActiveDesktopOn"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->NoActiveDesktop"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->NoWebView"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->ClassicShell"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->58369"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->58369"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000120","lpValueName->SeparateProcess"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000120","lpValueName->NoNetCrawling"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000120","lpValueName->NoSimpleStartMenu"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->0x00000130","lpSubKey->Advanced"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Hidden"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->ShowCompColor"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->HideFileExt"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->DontPrettyPath"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->ShowInfoTip"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->HideIcons"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->MapNetDrvBtn"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->WebView"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Filter"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->ShowSuperHidden"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->SeparateProcess"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->NoNetCrawling"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000116","lpSubKey->ShellEx\IconHandler"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000116","lpValueName->DocObject"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000116","lpValueName->BrowseInPlace"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000116","lpSubKey->Clsid"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000011e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000011e","lpSubKey->Clsid"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000116","lpValueName->IsShortcut"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000116","lpValueName->AlwaysShowExt"
"20190815045709.647","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000116","lpValueName->NeverShowExt"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->UseDesktopIniCache"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->268"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->268"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.657","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->58369"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->58369"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->145"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->145"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.667","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->58369"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->58369"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->211"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->211"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Com+Enabled"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->268"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->58369"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->58369"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000114","lpValueName->Com+Enabled"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001a4","lpValueName->REGDBVersion"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001a4","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->268"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001a4","nNumberOfBytesToRead->22512"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001a4","lpValueName->REGDBVersion"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a6","hKey->0x0000011e","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->TreatAs"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x0000011e","lpSubKey->(null)"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a6","hKey->0x000001c2","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x000001a6","lpSubKey->InprocServer32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c6","lpValueName->InprocServer32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->InprocServerX86"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->LocalServer32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x000001a6","lpSubKey->InprocServer32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c6","lpValueName->(null)"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->InprocHandler32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->InprocHandlerX86"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->LocalServer32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->LocalServer"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x000001c2","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c6","lpValueName->AppID"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a6","hKey->0x000001c2","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a6","hKey->0x000001c2","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x000001a6","lpSubKey->InprocServer32"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c6","lpValueName->ThreadingModel"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001a6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001a6","lpSubKey->TreatAs"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Generation"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190815045709.677","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c6","lpValueName->DriveMask"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->58369"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->58369"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->71"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->71"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b4","lpValueName->AllowFileCLSIDJunctions"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Personal"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000001b4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Generation"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->58369"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->58369"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Common Documents"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001c8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->12288"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->12288"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->268"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->268"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Desktop"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001b0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.687","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Desktop"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Generation"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x00000130","lpSubKey->FileExts"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b0","lpSubKey->."
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b0","lpSubKey->."
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\cuckoo\dll\NWtqdI.dll","dwDesiredAccess->GENERIC_READ"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->268"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b4","lpValueName->UserEnvDebugLevel"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b4","lpValueName->ChkAccDebugLevel"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->ProductType"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001c8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Personal"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Local Settings"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->RsopDebugLevel"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->UserEnvDebugLevel"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->RsopLogging"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->UserEnvDebugLevel"
"20190815045709.697","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\NWtqdI.dll","dwDesiredAccess->GENERIC_READ"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\dll\NWtqdI.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.707","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->58369"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->58369"
"20190815045709.717","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->12288"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->268"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->268"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\NWtqdI.dll"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\NWtqdI.dll.exe","lpNewFileName->C:\cuckoo\dll\NWtqdI.dll"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\dll\ZYgoyO.dll","dwDesiredAccess->GENERIC_READ"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e8","lpValueName->ProductType"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e8","lpValueName->SrvsvcDefaultShareInfo"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->268"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\ZYgoyO.dll","dwDesiredAccess->GENERIC_READ"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\ZYgoyO.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.727","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->58369"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->58369"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->0x00000080"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000001e8","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->12288"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\ZYgoyO.dll"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001da","lpValueName->DriveMask"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Start Menu"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001d8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\ZYgoyO.dll.exe","lpNewFileName->C:\cuckoo\dll\ZYgoyO.dll"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.737","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->58369"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->58369"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->71"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->71"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190815045709.748","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Common Start Menu"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->268"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common AppData"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->0x000001ec","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Generation"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->58369"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->58369"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->71"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->71"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->268"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToWrite->268"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->268"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->C:\137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","dwDesiredAccess->GENERIC_READ"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\420.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->AppData"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegCreateKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000204","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->0x00000204","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->Generation"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->61440"
"20190815045709.758","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190815045709.768","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001f4","nNumberOfBytesToRead->58369"
"20190815045709.768","420","137189b5a67e98e11b3fe33d11f6075e4f059c26c331639567c37d2ae3f77649","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->58369"
420.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
[QsrKPs
RsaTQs
TQs\BDs
QssADs
QsmYOs
KDs0XQsaUQs
UPstEDs
UQsPOQs
Qs"DDs
Left  Project1
 =   12
xCAT - Anti-Shutdown v1.00
Command1
Label5
Shutdowns stopped this session
Label4
Label3
Shutdowns stopped by xCAT- Anti-Shutdown
Label2
Label1
mnu_home
mnu_allow
Allow Shutdown
mnu_sep1
mnu_shutter
Shutdown
mnu_logoff
Normal LogOff
mnu_forcelogoff
Force LogOff
mnu_eferferfer
mnu_reboot
Normal Reboot
mnu_forcereboot
Force Reboot
mnu_nullzzzz
mnu_manual
Normal Shutdown
mnu_force
Force Shutdown
mnu_null1
mnu_about
mnu_exit
antishutdown
Project1
Project1
Project1
mdlStopShutdown
Module1
Module2
mnu_reboot
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
mnu_shutter
mnu_eferferfer
mnu_force
mnu_allow
mnu_logoff
mnu_manual
mnu_exit
Label5
mnu_nullzzzz
Command1
Label4
Label1
Label2
Label3
mnu_forcelogoff
mnu_forcereboot
mnu_about
mnu_null1
mnu_home
mnu_sep1
shell32.dll
Shell_NotifyIconA
ExitWindowsEx
user32
CallWindowProcA
SetWindowLongA
GetMessageA
VBA6.DLL
__vbaFreeVar
__vbaVarOr
__vbaI4Var
__vbaSetSystemError
__vbaErrorOverflow
__vbaStrCopy
__vbaRecUniToAnsi
__vbaFpI4
__vbaOnError
__vbaStrI2
__vbaStrI4
__vbaI4Str
__vbaFreeObjList
__vbaFreeStrList
__vbaStrCat
__vbaStrMove
__vbaFreeStr
__vbaCastObj
__vbaObjSet
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSetAddref
__vbaNew2
__vbaRecAnsiToUni
__vbaLateIdCallLd
__vbaLsetFixstr
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaFpI4
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
chrome.exe
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
\=!swP*I
eD$d{R,C
\1-rL)PaA#kV:
}\=!seC$eqL(R
iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_iF%_lI'YtN)M
!This program cannot be run in DOS mode.
`.data
comdlg32.dll
SHELL32.dll
WINSPOOL.DRV
COMCTL32.dll
msvcrt.dll
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
GDI32.dll
USER32.dll
;ve|<v
RegisterPenApp
notepad.chm
hhctrl.ocx
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
notepad.pdb
u/VVWQ
AABFF3
AA@@Nu
t9VSSj
CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW
ChooseFontW
FindTextW
ReplaceTextW
PageSetupDlgW
GetOpenFileNameW
PrintDlgExW
comdlg32.dll
ShellAboutW
DragFinish
DragQueryFileW
DragAcceptFiles
SHELL32.dll
ClosePrinter
GetPrinterDriverW
OpenPrinterW
WINSPOOL.DRV
CreateStatusWindowW
COMCTL32.dll
_snwprintf
wcsncmp
_except_handler3
iswctype
wcsncpy
localtime
_c_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
_controlfp
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
GlobalFree
GetLocaleInfoW
LocalFree
LocalAlloc
lstrlenW
LocalUnlock
CompareStringW
LocalLock
FoldStringW
CloseHandle
lstrcpyW
ReadFile
CreateFileW
lstrcmpiW
GetCurrentProcessId
GetProcAddress
GetCommandLineW
lstrcatW
FindClose
FindFirstFileW
GetFileAttributesW
lstrcmpW
MulDiv
lstrcpynW
LocalSize
GetLastError
WriteFile
SetLastError
WideCharToMultiByte
LocalReAlloc
FormatMessageW
GetUserDefaultUILanguage
SetEndOfFile
DeleteFileW
GetACP
UnmapViewOfFile
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
GlobalUnlock
GlobalLock
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
GetLocalTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
EnumFontsW
GetTextFaceW
SelectObject
CreateDCW
GetTextExtentPoint32W
TextOutW
DeleteDC
EndDoc
AbortDoc
EndPage
StartPage
StartDocW
SetAbortProc
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GDI32.dll
MoveWindow
InvalidateRect
WinHelpW
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
SendDlgItemMessageW
SendMessageW
CharNextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
EnableMenuItem
GetSubMenu
GetMenu
MessageBoxW
SetWindowLongW
GetWindowLongW
GetDlgItem
SetFocus
SetDlgItemTextW
wsprintfW
GetDlgItemTextW
EndDialog
GetParent
UnhookWinEvent
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
PostMessageW
GetMessageW
SetWinEventHook
GetSystemMetrics
SetWindowTextW
LoadIconW
GetFocus
GetDesktopWindow
ShowWindow
GetClientRect
SetCursor
ReleaseDC
DialogBoxParamW
SetActiveWindow
GetKeyboardLayout
DefWindowProcW
DestroyWindow
MessageBeep
PostQuitMessage
GetForegroundWindow
IsIconic
GetWindowPlacement
CharUpperW
LoadStringW
LoadAcceleratorsW
GetSystemMenu
RegisterClassExW
LoadImageW
LoadCursorW
SetWindowPlacement
CreateWindowExW
RegisterWindowMessageW
UpdateWindow
SetScrollPos
CharLowerW
PeekMessageW
EnableWindow
DrawTextExW
CreateDialogParamW
GetWindowTextW
USER32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    name="Microsoft.Windows.Shell.notepad"
    processorArchitecture="x86"
    version="5.1.0.0"
    type="win32"/>
<description>Windows Shell</description>
<dependency>
    <dependentAssembly>
        <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="x86"
            publicKeyToken="6595b64144ccf1df"
            language="*"
        />
    </dependentAssembly>
</dependency>
</assembly>
wwwwwwwww
wwwwwwwww
wwwwwwwwww
ffffffffffff`
gwwwwwwwwwwww`wwww
n~~~~~~~~~~~~v
n~~~~~~~~~~~~w`
~~~~~~~~~~~~v
n~~~~~~~~~~~~w`
~~~~~~~~~~~~v
n~~~~~~~~~~~~w`
~~~~~~~~~~~~v
n~~~~~~~~~~~~w`
~~~~~~~~~~~~v
n~~~~~~~~~~~~w`
~vfffffff~~~v
n~~~~~~~~~~~~w`
ffffffff
n~~~~~~~~~~~~w`w
~~~~~~~~~~~~v
n~~~~~~~~~~~~w`x
ffffffff
nwwwwwwww`ww
n~~~~~~~~v
~~~~~~~w`
n~~~~~~~~v
~~~~~~~w`w
n~~~~~~~~v
~~~~~~~w`w
n~~~~~~~~v
~~~~~~~w`w
n~~~~~~~~v
pn~~~~
~~~p~p
&*$#$$#$*
L5'%""#"$
L5'?)"""#
Y3+)"""#
rX+%"/
oaaaa_ep
LRI?9\
z_____/VK<-
XRG???
4TTTTTAWK-
999877766mv.,0A@UTTTU
8877666.,,,&&&1TU
YRIPPPF
m\.1,,,,,2TW
FFEEEDD
.111,,,@Tf
OFFEEEDDDD.111111RU
gRa``]]z
DDD.;;;11ATW
Ro```]]
.:;;;;ITf
][[[ZZZNNOO/HH::;UU
ZZZNN/HHHHJTW
sYR|nyywwx
/GGGHITf
xlllkkkjj
/QGGGRT
lllkkkjj/bbQQTV
4bbbUTK
{yywwu
toobRTi
||{yywuuuuu4oooTV
uuu4nncTK
tnnTTi
~~||{yy4naTV
~||{4ncTK
! ,$&&'
ezst^(a6@@j
rZ8oWFFWwwvvC:QQQRa'
WFFFFW,)---<^
w,)-**>R
nLLLLZk7/5--Pb
AH[qzz
k7/4/;PT
78;4O`
eC8>=Pb
CMGGPc
mmdBEO]_
^}}|tt
AIH$+#
z>]N?@5
XL\[FGE
UTlZMSK
V`mdRQJ"& 
2~hbrq_^P3-.
nuk{safe4.
|tyg,1
MMM	MMM
MMMAMMMNMMMKMMMFMMM@MMM7MMM,MMM!MMM
MMM9MMMxMMM
MMMrMMM`MMMRMMMFMMM:MMM.MMM"MMM
gQccUN
MMMyMMMfMMMVMMMKMMM@MMM2MMM%MMM
MMMjMMMXMMMLMMMAMMM4MMM%MMM
MMMkMMMXMMMLMMMBMMM2MMM
MMMzMMMKMMM
MMM|MMM4MMM
MMM?MMM
MMMJMMM
MMM	MMM
MMMjMMM>MMM*MMM
MMMrMMMaMMMQMMMDMMM9MMM,MMM
MMMrMMMKMMM
MMM7MMM
MMM?MMM
MMM7MMM
MMMlMMM'MMM
MMMQMMM
MMM:MMM
MMMlMMM'MMM
MMMQMMM
MMM:MMM
MMMmMMM'MMM
MMMSMMM
MMM=MMM
MMMsMMM+MMM	MMM
MMMWMMM
MMM?MMM
MMMsMMM+MMM	MMM
MMMWMMM
MMM?MMM
MMMsMMM+MMM	MMM
MMMWMMM
MMM?MMM
MMMtMMM+MMM	MMM
MMMYMMM
MMMBMMM
MMMyMMM/MMM
MMM^MMM
MMMFMMM
MMM3MMM
MMMnMMM(MMM
MMMdMMM"MMM
MMMWMMM
MMMBMMM
MMMdMMM(MMM
D]h@MMM)MMM
notepad.exe